assessing compliance. 2 nerc compliance workshop 11/02/07 documentation of compliance with nerc...
TRANSCRIPT
TEXAS REGIONAL ENTITY
AN INDEPENDENT DIVISION OF ERCOT
Assessing Compliance
NERC Compliance Workshop11/02/07
2
TEXAS REGIONAL ENTITY
AN INDEPENDENT DIVISION OF ERCOT
Documentation of Compliance with NERC Reliability Standards
Jeff Whitmer
TEXAS REGIONAL ENTITY
AN INDEPENDENT DIVISION OF ERCOT
NERC Compliance Workshop11/02/07
3
TEXAS REGIONAL ENTITY
AN INDEPENDENT DIVISION OF ERCOT
Documenting Compliance
● Texas RE will not tell you how to become compliant with a standard.
● Texas RE will not provide an interpretation of a standard.● All requests for interpretations should be submitted to
NERC.● It is important that the entity provide evidence of
compliance.
NERC Compliance Workshop11/02/07
4
TEXAS REGIONAL ENTITY
AN INDEPENDENT DIVISION OF ERCOT
How Do You Determine Expectations?
● Review the Measures and Compliance sections of the NERC Reliability Standards.
Locate the NERC Reliability Standards:
https://standards.nerc.net/
● Review the Reliability Standard Auditors Work Sheet (RSAWS).
Locate RSAWS: http://www.nerc.com/~comply/auditor_resources.html
NERC Compliance Workshop11/02/07
5
TEXAS REGIONAL ENTITY
AN INDEPENDENT DIVISION OF ERCOT
Example: RSAW PRC-008-0 1
Measure: Each transmission owner’s and distribution provider’sUFLS equipment maintenance and testing program containsthe elements specified in Reliability Standard PRC-008-0_R1.
Audit approach and notes specific to R1:__ Review the evidence provided by the entity to determine if the
entity has a UFLS program. If yes:__(R1.):Review the evidence provided by the entity to determine
if the entity has a UFLS equipment maintenance and testing program.
__(R1.):Review the evidence provided by the entity to determine if the UFLS maintenance program has the following:__(R1.):UFLS equipment identification__(R1.):Schedule for UFLS equipment testing__(R1.):Schedule for UFLS equipment maintenance
NERC Compliance Workshop11/02/07
6
TEXAS REGIONAL ENTITY
AN INDEPENDENT DIVISION OF ERCOT
Verifying Compliance
Determine expectations:● Agreements, training, records, procedures, processes,
plans, methodologies● Verifications● Perform● Request, communicate, act● Provide data or information● Assessments, analyses, and follow-up plans● Maintain data and models and develop ratings
NERC Compliance Workshop11/02/07
7
TEXAS REGIONAL ENTITY
AN INDEPENDENT DIVISION OF ERCOT
Agreements, Training, Records, Procedures, Processes, Plans, and Methodologies
Requirement Type Expectation
Have an agreement: Dated document Electronic communication with confirmation
of agreement
Document authority: Job description that includes statement of authority with respect to other operating entities
Letter declaring authority signed by corporate officer
Department notice signed on corporate letterhead
Agreement with authority documented
Have a specific record with no mention of update:
Specified record in electronic or hard copy format
NERC Compliance Workshop11/02/07
8
TEXAS REGIONAL ENTITY
AN INDEPENDENT DIVISION OF ERCOT
Agreements, Training, Records, Procedures, Processes, Plans, and Methodologies
Requirement Type Expectation
Have specific operational plan (real-time, next day, seasonal) with specified elements:
Actual plan with specified elements
Have a set of requirements, process, plan, procedure, methodology, or other document – no requirement to update:
Current, in-force document with specified elements
Have a set of requirements, process, plan, procedure, methodology, or other document – requirement to update:
Current, in-force document with specified elements and evidence of last issue
NERC Compliance Workshop11/02/07
9
TEXAS REGIONAL ENTITY
AN INDEPENDENT DIVISION OF ERCOT
Verifications
Requirement Type Expectation
Verify personnel qualifications: Certification records Training records showing successful
completion with description of training activity and employee name, date
Supervisor check sheets showing employee name, date performance noted
Records showing mastery or completion with employee name, date
Verify accuracy of data: Verification process and results with date verified
Verify accuracy of data – requirement to update on a specified periodicity:
Verification process and results with date verified
NERC Compliance Workshop11/02/07
10
TEXAS REGIONAL ENTITY
AN INDEPENDENT DIVISION OF ERCOT
Verifications (cont.)
Requirement Type Expectation
Verify facility meets specified criteria:
Demonstration that facility meets criteria Equipment specification showing facility
meets criteria Installation documentation showing that
facility meets criteria Dated test results to show that facility
meets criteria Computer output to show that facility
meets criteria
Verify specific training occurred – no minimum hour requirement:
Actual training program materials or description with dated completion records for employees
Verify specific training occurred – minimum hour requirement:
Actual training program materials or description with dated completion records for employees and # of course hours
NERC Compliance Workshop11/02/07
11
TEXAS REGIONAL ENTITY
AN INDEPENDENT DIVISION OF ERCOT
Perform
Requirement Type Expectation
Perform a mathematical calculation via computer and report results on a periodic basis:
Data to support the calculation retained in an electronic format
Hard copy of output of mathematical calculation plus documented formula and input
Copies of periodic reports
Perform maintenance in accordance with schedule:
Schedule plus maintenance records showing date and what was done
Perform testing or simulation in accordance with schedule:
Schedule plus test records (or simulation records) showing date of test, type of test, what was tested, test procedure, test results
NERC Compliance Workshop11/02/07
12
TEXAS REGIONAL ENTITY
AN INDEPENDENT DIVISION OF ERCOT
Request, Communicate, Act
Requirement Type Expectation
Request data or information: Paper or electronic notice used to request data showing data, recipient, and data or information requested
Communicate operating information (requirements to notify, direct, inform, or communicate operating information to others who need the information to take action):
Operator logs Voice recordings or transcripts of
voice recordings
Take a control action on the BES: Computer printouts, operator logs
NERC Compliance Workshop11/02/07
13
TEXAS REGIONAL ENTITY
AN INDEPENDENT DIVISION OF ERCOT
Request, Communicate, Act (cont.)
Requirement Type Expectation
Operate within defined parameters:
Parameters and report of any event with operation outside defined parameters including date, time, duration, details of how far outside parameters
Respond to reliability-related concerns:
Paper or electronic notice of response showing date, name and title of responder and any action to be taken in response to reliability-related concern with
NERC Compliance Workshop11/02/07
14
TEXAS REGIONAL ENTITY
AN INDEPENDENT DIVISION OF ERCOT
Provide Data or Information
Requirement Type Expectation
Distribute or make a set of limits, procedure, process, plan, report or other prepared document available to others:
E-mail notice with updated web page Postal receipt showing recipient,
date, contents
Post information on Web and ensure entities know of updated information:
Link to Web page and either a copy of the electronic notice sent to advise recipients of the posting or a postal receipt showing recipient, date and contents
Post updated information on Web: Link to Web page
NERC Compliance Workshop11/02/07
15
TEXAS REGIONAL ENTITY
AN INDEPENDENT DIVISION OF ERCOT
Provide Data or Information (cont.)
Requirement Type Expectation
Submit operating data or information as requested and according to schedule:
Request for data with schedule accompanied by copy of transmittal notice including identification of data submitted, date submitted
Submit planning data or information as requested and according to schedule:
Request for data with schedule accompanied by copy of transmittal notice including identification of data submitted, date submitted
Submit data related to a disturbance or event:
Request for data with transmittal notice including identification of data submitted, date submitted
NERC Compliance Workshop11/02/07
16
TEXAS REGIONAL ENTITY
AN INDEPENDENT DIVISION OF ERCOT
Assessments, Analyses, and Follow-up Plans
Requirement Type Expectation
Assessment (impact of connecting new facilities; effectiveness of SPS; SPS operations; long-range plan):
Results of assessment with assumptions, contingencies, models used
Analysis of an event with a follow up plan (mitigation plan, corrective action plan):
Analysis report and follow-up plan that includes time table for implementation
Implement follow-up plan: Follow-up plan that includes timetable for implementation with checklist to show date each milestone achieved
NERC Compliance Workshop11/02/07
17
TEXAS REGIONAL ENTITY
AN INDEPENDENT DIVISION OF ERCOT
Maintain Data and Models and Develop Ratings
Requirement Type Expectation
Maintain specified data: Database with specified data List in hard copy or electronic format
with specified data
Have a model: Model.
Develop ratings or limits according to methodology:
Methodology accompanied by ratings or limits
Demonstrate limits developed according to methodology
NERC Compliance Workshop11/02/07
18
TEXAS REGIONAL ENTITY
AN INDEPENDENT DIVISION OF ERCOT
Miscellaneous
Requirement Type Expectation
Have and follow a maintenance, testing, or other program (vegetation management):
Paper or electronic copy of program with schedule and records showing what was done to implement the program with dates and activities accomplished
Staff with certified operators: Staffing plan Certification numbers for personnel
in staffing plan
NERC Compliance Workshop11/02/07
19
TEXAS REGIONAL ENTITY
AN INDEPENDENT DIVISION OF ERCOT
Self-Reports
Rashida Williams
TEXAS REGIONAL ENTITY
AN INDEPENDENT DIVISION OF ERCOT
NERC Compliance Workshop11/02/07
20
TEXAS REGIONAL ENTITY
AN INDEPENDENT DIVISION OF ERCOT
Self-Reporting
● What is self-reporting? A method for reporting a violation that a registered entity
discovers Optional – but shows cooperation by a registered entity
● What should be self-reported? Violations of any of the NERC-approved reliability standards Should be reported regardless of whether the standard is
included in active compliance monitoring for the year● When should self-reporting be done?
When the registered entity becomes aware of a violation of a NERC reliability standard
When the registered entity becomes aware of a change in the violation severity level of a previous reported violation
NERC Compliance Workshop11/02/07
21
TEXAS REGIONAL ENTITY
AN INDEPENDENT DIVISION OF ERCOT
Where to Find the Self-Reporting Form
http://www.ercot.com/mktrules/compliance/tre/enforcement/index.html
NERC Compliance WorkshopNovember 2, 2007
22
TEXAS REGIONAL ENTITY
AN INDEPENDENT DIVISION OF ERCOT
Example Self-Reporting Form
ERCOT Region- NERC 2007 Approved Reliability Standards Self-Reporting
PART 1 - GENERAL INFORMATION
Date: 7/15/2007
Company Name: Fictional Energy
Contact Person:Sample Name
Contact Number: 512-555-1234 Contact Email: [email protected]
PART 2 - APPROVED NERC RELIABILITY STANDARDS SELF-REPORTING
NERC Standard Number Requirement Number Explanation of Non-Compliance
CIP-001-1 R4 Fictional Energy has not established communication contacts with local FBI. A reporting procedure is being developed for communication with the local FBI office as required for a Generator Operator
Instructions: This form is intended for NERC Registered Entities to self-report the 83 reliability standards approved for 2007. Please fill in General Information in Part 1. In Part 2, list the NERC Standards Numbers and Requirement Numbers for the NERC Standards that are not in compliance at this time. Please complete the "Explanation on Non-Compliance" Column for those NERC standards. E-mail completed forms to: [email protected]
NERC Compliance Workshop11/02/07
23
TEXAS REGIONAL ENTITY
AN INDEPENDENT DIVISION OF ERCOT
Completed Self-Reporting Forms
● Completed self-reporting forms should be sent to:
[email protected]● Mitigation plans may also be submitted at the same time
for any self-reported violations.
NERC Compliance Workshop11/02/07
24
TEXAS REGIONAL ENTITY
AN INDEPENDENT DIVISION OF ERCOT
Self-Certifications
Rashida Williams
TEXAS REGIONAL ENTITY
AN INDEPENDENT DIVISION OF ERCOT
NERC Compliance Workshop11/02/07
25
TEXAS REGIONAL ENTITY
AN INDEPENDENT DIVISION OF ERCOT
Self-Certification
● Registered entities self-certify to the applicable actively monitored standards.
● Registered entities are required to self-certify each year.● There are separate forms for different functions.● Registered entities that have been audited that year do
not participate in the self-certification process for that year.
● Texas RE will send out a self-certification notice to the registered entities with at least thirty (30) days advance notice.
NERC Compliance Workshop11/02/07
26
TEXAS REGIONAL ENTITY
AN INDEPENDENT DIVISION OF ERCOT
Completing the Self-Certification
When filling out the self-certification form, registered entities should review the Standards and Reliability Standard Audit Worksheet (RSAWS) to assist in determining compliance.
Find the NERC Reliability Standards on the NERC website:
https://standards.nerc.net/
Find RSAWS on the NERC website:
http://www.nerc.com/~comply/auditor_resources.html
NERC Compliance Workshop11/02/07
27
TEXAS REGIONAL ENTITY
AN INDEPENDENT DIVISION OF ERCOT
Example Self-Certification Form
INSTRUCTIONS: This form is intended for entities that are NERC registered as a Generator Operator. Please fill in General Information in Part 1. In Part 2, respond YES, NO, or N/A for each item under column D, "Full Compliance for 2007?". If "NO", please attach a short explanation separately; if "YES" or "N/A", no further explanation is required. Additional documentation to validate responses is not required with the form submittal but may be requested in the future. E-mail completed forms to: [email protected], by 10/1/07, after approval by a company executive officer (named on the form in Part 1).
TRE 2007 Self-Certification for Generator Operator
Part 1- GENERAL INFORMATION
Date: 11/2/2007
Entity Name: Fictional Energy
Contact Name: Sample Name
Contact Phone: 512-555-1234
Contact E-mail: [email protected]
Officer name: Officer Sample Name
Officer title: Vice President of Operations
NERC Compliance Workshop11/02/07
28
TEXAS REGIONAL ENTITY
AN INDEPENDENT DIVISION OF ERCOT
Example Self-Certification Form (cont.)
Standard Number Requirement Number Text of Requirement Full Compliance for 2007?
CIP-001-1 R2. Each Reliability Coordinator, Balancing Authority, Transmission Operator, Generator Operator, and Load-Serving Entity shall have procedures for the communication of information concerning sabotage events to appropriate parties in the Interconnection.
YES
CIP-001-1 R3. Each Reliability Coordinator, Balancing Authority, Transmission Operator, Generator Operator, and Load-Serving Entity shall provide its operating personnel with sabotage response guidelines, including personnel to contact, for reporting disturbances due to sabotage events.
YES
CIP-001-1 R4. Each Reliability Coordinator, Balancing Authority, Transmission Operator, Generator Operator, and Load-Serving Entity shall establish communications contacts, as applicable, with local Federal Bureau of Investigation (FBI) or Royal Canadian Mounted Police (RCMP) officials and develop reporting procedures as appropriate to their circumstances.
NO, Self-Reported on 7/15/07. Mitigation Plan in place.
Part 2- NERC Reliability Standards Self-Certification
NERC Compliance Workshop11/02/07
29
TEXAS REGIONAL ENTITY
AN INDEPENDENT DIVISION OF ERCOT
Completed Self-Certification Forms
● Registered entity should provide attached explanations with the form when compliance is not met or “Not Applicable” is answered.
● Self-certifications must be approved by a company officer.
● Completed self-certifications are expected to be returned by the required due date.
● Completed self-certification forms should be sent to:
NERC Compliance Workshop11/02/07
30
TEXAS REGIONAL ENTITY
AN INDEPENDENT DIVISION OF ERCOT
Process for Non-Submittal of Requested Data
If data, information or other reports requested from a registered entity are not received by the required submittal date, Texas RE may sequentially execute the following steps:
Step 1 5 business days after due date Follow-up notification sent to entity’s compliance contact
Step 2 10 business days after due date Follow-up notification sent to entity’s officer and compliance contact; NERC copied
Step 3 15 business days after due date Follow-up notification sent to entity’s CEO, officer and compliance contact; NERC copied. A full audit may be scheduled
Step 4 30 days after due date A Reliability Standard Violation may be applied
NERC Compliance Workshop11/02/07
31
TEXAS REGIONAL ENTITY
AN INDEPENDENT DIVISION OF ERCOT
Assessing Compliance
Questions?