Welcome!NERC 2017 Standards and Compliance WorkshopJW Marriott New Orleans

July 11-12, 2017

RELIABILITY | ACCOUNTABILITY2

NERC Antitrust Compliance Guidelines

It is NERC’s policy and practice to obey the antitrust laws and to avoid all conduct that unreasonably restrains competition. This policy requires the avoidance of any conduct that violates, or that might appear to violate, the antitrust laws. Among other things, the antitrust laws forbid any agreement between or among competitors regarding prices, availability of service, product design, terms of sale, division of markets, allocation of customers, or any other activity that unreasonably restrains competition.

RELIABILITY | ACCOUNTABILITY3

Public Announcement

Participants are reminded that this meeting is public. Notice of the meeting was posted on the NERC website and widely distributed. The notice included the number for dial-in participation. Participants should keep in mind that the audience may include members of the press and representatives of various governmental authorities.

RELIABILITY | ACCOUNTABILITY4

• Safety Fire exits Calling 911 Alerting hotel staff CPR

• Other Logistics Q&A Restrooms

General Announcements

RELIABILITY | ACCOUNTABILITY5

• 9:00 – Noon: NERC Standards and Compliance 101 Mat Bunch Latrice Harkness Shamai Elstein Ryan Mauldin

• Noon – 1:00 p.m.: Lunch• 1:00 – 1:10 p.m.: Welcome and Introductions Laura Anderson Ryan Mauldin

• 1:10 – 1:20 p.m.: Keynote Remarks Howard Gugel Andrea Koch

Today’s Agenda

RELIABILITY | ACCOUNTABILITY6

• 1:20 – 1:30 p.m.: Interactive Demonstration Laura Anderson Ryan Stewart

• 1:30 – 2:00 p.m.: Cost Effectiveness Steven Noess Soo Jin Kim

• 2:00 – 2:15 p.m.: SBS Enhancements Chris Larson

• 2:15 – 3:15 p.m.: Break• 3:15 – 3:45 p.m.: NERC Registration Initiatives Ryan Stewart

Today’s Agenda

RELIABILITY | ACCOUNTABILITY7

• 3:45 – 4:00 p.m.: Project 2016-03 – Cyber Security Supply Chain Management Soo Jin Kim

• 4:00 – 4:45 p.m.: Compliance Monitoring Update (Coordinated Oversight of MRREs, IRAs, and Compliance Guidance) Kim Israelsson Kiel Lyons

• 4:45 – 5:00 p.m.: General Q&A/Closing Announcements Laura Anderson Latrice Harkness

• 5:30 – 6:30 p.m.: Reception

Today’s Agenda

RELIABILITY | ACCOUNTABILITY8

Keynote Remarks

Howard Gugel, NERC Senior Director of Standards and EducationAndrea Koch, NERC Senior Director of Reliability Assurance

Cost Effectiveness and Guidelines and Technical Basis

Steven Noess, Director of Standards DevelopmentSoo Jin Kim, Manager of Standards Development2017 Standards and Compliance WorkshopJuly 11, 2017

RELIABILITY | ACCOUNTABILITY2

• Northeast Power Coordinating Council, Inc. procedure• NERC Cost Effective Analysis Process• 2015 policy input• Cost effectiveness method piloted in 2016

History of Cost Effectiveness

RELIABILITY | ACCOUNTABILITY3

Cost Effectiveness

• 2017 Board of Trustees made this a priority effort All projects will generally consider cost effectiveness at a high level All formal comments will provide industry a chance to comment on cost

considerations

• Two questions to address What is level of cost versus reliability benefit? Can the most cost-effective solution be used?

RELIABILITY | ACCOUNTABILITY4

• Periodic Reviews• Standards grading metric• Additional pilots of proposed method

Current Activities

RELIABILITY | ACCOUNTABILITY5

Examples

• Examples of Project Questions Posed Supply Chain: The standard drafting team believes proposed CIP-013-1 and

the draft Implementation Guidance provide entities with flexibility to meet the reliability objectives in a cost-effective manner. Do you agree? If you do not agree, or if you agree, but have suggestions for improvement to enable additional cost-effective approaches, please provide your recommendation, and if appropriate, technical justification.

VAR EPR: The team did not identify a concern related to cost effectiveness as drafted. Do you agree? If not, please provide additional detail.

RELIABILITY | ACCOUNTABILITY6

• Comments solicited in periodic reviews• Comments solicited in Standard comment periods• Evaluate compliance and enforcement cost impacts• Cost comment themes provided in Board of Trustees

presentations

Future Activities

RELIABILITY | ACCOUNTABILITY7

• History Initially designed to support results-based standards First used in FAC-003-2 Contained an “information only” disclaimer Incorporated into standard development template Disclaimer paragraph was omitted

Guidelines and Technical Basis

RELIABILITY | ACCOUNTABILITY8

• Provides drafting teams a mechanism to: Explain the technical basis for Reliability Standard Provide technical guidance to help support effective application

• To further clarify Guidelines and Technical Basis (GTB): NERC staff and Standards Committee (SC) leadership to coordinate Captured in Task 3 in SC Strategic Plan

Purpose

RELIABILITY | ACCOUNTABILITY9

• NERC staff and SC leadership collaboration• A separate document to explain technical basis• Focus on understanding technology and the technical

requirements• No compliance approaches or compliance guidance• Encourage use of NERC Compliance Guidance Policy

Summary of work

RELIABILITY | ACCOUNTABILITY10

• Present to SC for endorsement• Report results at August Standards Oversight and Technology

Committee meeting• Begin implementing for all projects going forward• Consider in periodic reviews whether to remove GTB from

existing standards

Timeline

RELIABILITY | ACCOUNTABILITY11

• Implementation Guidance provides examples of implementing the standard

• Developed by industry• Can be developed by: Standard drafting teams; or Pre-qualified organization

• Supply Chain project was the first drafting team to seek endorsed Implementation Guidance

Implementation Guidance

RELIABILITY | ACCOUNTABILITY12

Standards Balloting andCommenting System (SBS)Enhancement Feature Overview and TrainingChris Larson, Manager of Standards Information 2017 Standards and Compliance WorkshopJuly 11, 2017

RELIABILITY | ACCOUNTABILITY2

• Ability for users to vote, delegate/revoke proxy rights, and join ballots/ballot pools from the “Ballot Events” page

• All references to the term “Survey” will be replaced with the term “Comment Form”

• Ability for users to proceed directly to the “Real-time Comments” page (formerly “Social Survey”) without first having to provide a response

• Ability for users to select members from the Registered Ballot Body (RBB) when creating groups

• Users will no longer be prompted to confirm negative opinions for Non-binding Polls

• The system will save users’ selected sort and/or filter view on all pages instead of reverting back to a default view

2017 Enhancement Features

RELIABILITY | ACCOUNTABILITY3

• The “My Voting Activity” page will be removed and the voting-related functions listed below will be carried out on the “Ballot Events” page Join/withdraw from ballot pools Delegate/revoke proxies Vote for ballots

• New icon/function buttons will be added to the page (screenshots below)

“Ballot Events” Page

A and D – Join and withdraw from ballot poolB – VoteC and E – Delegate and revoke proxy rights

RELIABILITY | ACCOUNTABILITY4

Change of the Term “Survey” to “Comment Form”

• Terms such as “Surveys” and “Take Survey” will be replaced with the terms “Comment Form” and “Submit Comments” for consistency between Standards’ communications/postings and the SBS

RELIABILITY | ACCOUNTABILITY5

“Real-time Comments” Page

• The current term/page “Social Survey” has been renamed “Real-time Comments.” Today, users who try to access this page without first submitting comments receive the following error message:

• Voters, proxies, and contributors will have the ability to provide a thumbs-up (like), thumbs-down (dislike), to other submitters’ comments without having to provide a response themselves.

RELIABILITY | ACCOUNTABILITY6

• When submitting a comment, users will have the ability to select current RBB members when creating groups

• The ability to manually enter/edit group members will remain

RBB Members and Creating Groups

RELIABILITY | ACCOUNTABILITY7

• For non-binding poll ballot types, voters and proxies will not be prompted to comment or declare support for a third-party comment if a negative opinion is cast

Negative Opinions and Confirmationsfor Non-binding Polls

RELIABILITY | ACCOUNTABILITY8

• Any filtered, and/or sorted results, will be retained when navigating between SBS pages

• Once a user logs out of the SBS, the filtered, and/or sorted selection, will revert to a default state

Sort and Filter

RELIABILITY | ACCOUNTABILITY9

• All vote-related functions located on the “Ballot Events” page• The term “Survey” replaced with the term “Comment Form”• Proceed directly to the “Real-time Comments” page without

submitting a comment• Select members from the Registered Ballot Body (RBB) when

creating groups• No confirmation necessary for negative opinions for Non-

binding Polls• Sort and/or filter view on all pages will be retained

2017 Enhancement Features Recap

RELIABILITY | ACCOUNTABILITY10

Standards Information Links

• NERC’s Balloting and Commenting page• SBS Quick Reference Guide• SBS Tutorial• 2017 SBS Enhancement Presentation slides• Administrative Support: ballotadmin@nerc.net• NERC IT Support: https://support.nerc.net/• Standard Processes Manual• Appendix 3D – RBB Criteria• SBS Enhancements Webinar

RELIABILITY | ACCOUNTABILITY11

BreakWebinar participants: We will return at 3:15 p.m. Central

Entity Registration Update

Ryan Stewart, NERC Manager of Registration Services2017 Standards and Compliance WorkshopJuly 11, 2017

2 RELIABILITY | ACCOUNTABILITY

Site Overview

3 RELIABILITY | ACCOUNTABILITY

Portal CFR Landing Page

4 RELIABILITY | ACCOUNTABILITY

CFR Landing Page

5 RELIABILITY | ACCOUNTABILITY

CFR Record Dropdown Options

6 RELIABILITY | ACCOUNTABILITY

Portal CFR Detailed View

7 RELIABILITY | ACCOUNTABILITY

Portal CFR Detailed View

8 RELIABILITY | ACCOUNTABILITY

Basic Information

9 RELIABILITY | ACCOUNTABILITY

Basic Information

10 RELIABILITY | ACCOUNTABILITY

View Matrix Snapshot

11 RELIABILITY | ACCOUNTABILITY

Entity Contacts

12 RELIABILITY | ACCOUNTABILITY

Choose Requirements

13 RELIABILITY | ACCOUNTABILITY

Set Responsibilities

14 RELIABILITY | ACCOUNTABILITY

Requirement Notes Modal

15 RELIABILITY | ACCOUNTABILITY

Upload Documents

16 RELIABILITY | ACCOUNTABILITY

Submit CFR

17 RELIABILITY | ACCOUNTABILITY

CRM CFR Landing Page

18 RELIABILITY | ACCOUNTABILITY

Regional CFR Summary View

19 RELIABILITY | ACCOUNTABILITY

CFR Matrix View

20 RELIABILITY | ACCOUNTABILITY

NERC CFR Detailed View

21 RELIABILITY | ACCOUNTABILITY

Reporting

22 RELIABILITY | ACCOUNTABILITY

Downloadable CFR Matrix

23 RELIABILITY | ACCOUNTABILITY

Cyber Security Supply Chain Risk ManagementSoo Jin Kim, NERC Manager of Standards Development2017 Standards and Compliance WorkshopJuly 11, 2017

RELIABILITY | ACCOUNTABILITY2

[the Commission directs] that NERC, pursuant to section 215(d)(5) of the FPA, develop a forward-looking, objective-driven new or modified Reliability Standard to require each affected entity to develop and implement a plan that includes security controls for supply chain management for industrial control system hardware, software, and services associated with bulk electric system operations.

- Order No. 829, July 2016

• Standard(s) must be filed by September 27, 2017

FERC Order No. 829

RELIABILITY | ACCOUNTABILITY3

• First formal comment period January 20 – March 6, 2017

• Second formal comment period May 2 – June 15, 2017

Standards Development Process

Oct 2016 – Mar 2017Tech Conference1st Formal Balloting

May 20172nd Formal Comment

and Balloting

July 2017Final BallotsAugust 2017

NERC Board Adoption

September 2017Deadline for filing

RELIABILITY | ACCOUNTABILITY4

June Ballot Results

Ballots Non-binding Polls

Name Approval Supportive Opinions

CIP-005-6 89.84% 88.53%

CIP-010-3 82.92% 88.02%

CIP-013-1 88.64% 89.57%

RELIABILITY | ACCOUNTABILITY5

• Standard drafting team (SDT) did not make substantive changes to requirements

Clarifications• CIP-013-1 Requirement R1 Part 1.2.4 Disclosure by vendors of known vulnerabilities related to the products or

services provided to the Responsible Entity

• CIP-010-3 Requirement R1 Part 1.6 Prior to a change that deviates from the existing baseline

configuration…verify software identity and integrity. Measure revised to include evidence of automated update process

• Updated CIP-010-3 Guidelines and Technical Basis section

Final Ballot

RELIABILITY | ACCOUNTABILITY6

Common questions addressed by the SDT• CIP-013-1 Requirements to address software verifications and

vendor remote access are not duplicative of CIP-010/CIP-005 Procurement versus Operational

• CIP-005-6 Requirements for vendor remote access do not require session recording

• CIP-010-3 Requirements for software verifications apply to baseline changes only (do not apply to new system installation)

• Software verifications do not need to be repeated for each BES Cyber System

Comment Responses

RELIABILITY | ACCOUNTABILITY7

• Implementation Guidance developed by the SDT has been endorsed by the ERO Enterprise

• Provides examples of approaches for complying with CIP-013-1 Risk-based approach to Cyber Security Supply Chain Risk Management

plans (R1) Processes for planning to procure BES Cyber Systems that identify and

assess cyber security risks from vendor products or services (R1 Part 1.1) Request-for-proposal or negotiation provisions to address topics in R1 Part

1.2.1 – 1.2.6 Processes for periodically reviewing and approving plans (R3)

Implementation Guidance

RELIABILITY | ACCOUNTABILITY8

• Standards will be submitted for the August 10, 2017 NERC Board of Trustees meeting

• FERC Order No. 830 filing deadline is September 27, 2017• After filing, priority shifts to development of a comprehensive

strategy for implementation (pending regulatory approval)

Next Steps

RELIABILITY | ACCOUNTABILITY9

Contact Information

• Refer to the Project 2016-03 page for more information• Email laura.anderson@nerc.net to join the email list• Corey Sellers, Southern Company, SDT Chair Email at mcseller@southernco.com

• JoAnn Murphy, PJM Interconnection, SDT Vice Chair Email at joann.murphy@pjm.com

RELIABILITY | ACCOUNTABILITY10

Coordinated Oversight Program for Multi-Region Registered EntitiesKim Israelsson, Manager, Compliance Program Coordination and Process Integration, WECC2017 Standards and Compliance WorkshopJuly 11, 2017

RELIABILITY | ACCOUNTABILITY2

• Program objective and benefits• Inclusion criteria• Participation requests• 2016 participant survey feedback • Program enhancements• Current participation• ERO Enterprise contacts

Agenda

RELIABILITY | ACCOUNTABILITY3

• Focus on risk to reliability, while improving: Efficiencyo Single point of contacto Streamlining processes

Consistencyo Compliance Monitoring and Enforcement Program (CMEP) activitieso Organization Registration and Certification Program (ORCP) activitieso Reporting requirements and tools

Objective

RELIABILITY | ACCOUNTABILITY4

• Lead Regional Entity (LRE) and Affected Regional Entities (ARE) coordinated to provide: Single point of contact for CMEP, ORCP, and other activities Centralized monitoring, enforcement, and reporting

Benefits of Coordinated Oversight for MRREs

RELIABILITY | ACCOUNTABILITY5

• Registered Entity Operates in or owns assets in two or more Regional Entity(ies) jurisdictions Verifies its Primary Compliance Contact (PCC), Authorizing Officer (AO), or

Primary Compliance Officer (PCO) contact information is accurate prior to submitting request for inclusion

Designates a PCC

Criteria for Inclusion in Coordinated Oversight Program

RELIABILITY | ACCOUNTABILITY6

• PCC, AO, or PCO submits initial request to designated NERC or Regional Entity MRRE coordinated oversight contacts

• Requests may include the following information: Registered Entity name(s) NERC Compliance Registry (NCR) Number(s) to be included Applicable Regional Entities Applicable registered functions PCC information for MRRE Description of registered entity(ies) compliance program Description of facilities

Participation Request Process

RELIABILITY | ACCOUNTABILITY7

• Survey sent to 40 MRREs in Coordinated Oversight Program in June 2016 Responses received from all 40 MRREs

• Survey requested feedback on: Implementation and streamlining of activities LRE and ARE coordination Overall satisfaction

• General Comments 97% of MRREs support continued participation 84% of the MRREs believe it fulfills the objectives

2016 Participant Survey

RELIABILITY | ACCOUNTABILITY8

• “The MRRE program has been a welcome enhancement for our compliance efforts.”

• “Overall, it has been a very positive experience for our organization.”

• “The MRRE program has been extremely successful in streamlining processes and more effectively utilizing resources.”

• “Entity’s assessment at this early stage is “so far, so good.” We have no suggestions for improvement at present. The program has been quite beneficial for us.”

Participant Survey – Value Statements

RELIABILITY | ACCOUNTABILITY9

• Inherent Risk Assessments (IRA)• Data systems and portals for data collection Technical Feasibility Exceptions (TFEs) submittals Periodic Data Submittals

• Communication Information about process and what to expect Guidance on changes to registered entity assets and potential impacts on

program participation

Participant Survey – Improvement Opportunities

RELIABILITY | ACCOUNTABILITY10

• 2017 enhancements Developed and publically posted an ERO Enterprise consolidated 2017

Periodic Data Submittal schedule Developed internal, ERO Enterprise procedures to address roles,

responsibilities, and processes Developed ERO Enterprise templates Conducted ERO Enterprise staff training

• Ongoing enhancements TFE submittals Communication and transparency of processes Maintain list of Frequently Asked Questions

• 2017 Participant Survey• 2017 outreach (e.g., Fall industry webinar)

Program Enhancements

RELIABILITY | ACCOUNTABILITY11

MRRE – Regional Breakdown*

MRO 12%

NPCC 1%

RF 16%

SERC 11%

SPP RE 10%

Texas RE44%

WECC 6%

*As of Q1 2017.

RELIABILITY | ACCOUNTABILITY12

MRRE – Distribution by Registered Function

2330

166155

11 6

32

6

39 35 32

140

20

40

60

80

100

120

140

160

180

BA DP GO GOP PA RC RP RSG TO TOP TP TSP

Num

ber o

f Ent

ities

Reg

iste

red

by

Regi

ster

ed F

unct

ion

*As of Q1 2017.

RELIABILITY | ACCOUNTABILITY13

Team Members Contact Information

• Scott Knewasser - FRCC• Sara Patrick - MRO• Stanley Kopman - NPCC• Megan Gambrel - RF• Todd Curl - SERC• Jim Williams – SPP RE• Bill Lewis – Texas RE• Kim Israelsson - WECC• Barb Nutter - NERC

• sknewasser@frcc.com• SE.Patrick@MidwestReliability.org• skopman@npcc.org• megan.gambrel@rfirst.org• TCurl@serc1.org• jwilliams.re@spp.org• William.Lewis@TEXASRE.org• kisraelsson@wecc.biz• barbara.nutter@nerc.net

Designated NERC/Regional Entity MRRE Coordinated Oversight Contacts

For questions, please contact a designated NERC/Regional Entity MRRE contact for assistance

RELIABILITY | ACCOUNTABILITY14

Inherent Risk Assessments

Kiel Lyons, Manager, Grid Planning and Operations Assurance2017 Standards and Compliance WorkshopJuly 11, 2017

RELIABILITY | ACCOUNTABILITY2

Risk-based CMEP

RELIABILITY | ACCOUNTABILITY3

• Inherent Risk Assessment (IRA) process end goal is entity-specific Compliance Oversight Plans (COPs) Functions performed Assets owned or operated Location

• 18 common Electric Reliability Organization (ERO) risk factors and criteria Common criteria established, with regional flexibility provided

• Other considerations Entity performance data (e.g., misoperations, event analysis) Compliance history Knowledge of the entity (e.g., internal controls) Risk Elements

What is an IRA?

RELIABILITY | ACCOUNTABILITY4

• How considerations impact monitoring of inherent risk• Development of Compliance Oversight Plans (COPs) Reliability Standards and requirements for compliance monitoring Compliance monitoring tools (i.e., CMEP Tools) Interval of compliance monitoring

Output of IRA

RELIABILITY | ACCOUNTABILITY5

• Guide for Compliance Monitoring http://www.nerc.com/pa/comp/Reliability%20Assurance%20Initiative/ERO%20Enterprise%2

0Guide%20for%20Compliance%20Monitoring.pdf

Resources

RELIABILITY | ACCOUNTABILITY6

Compliance Guidance

Kiel Lyons, Manager, Grid Planning and Operations Assurance2017 Standards and Compliance WorkshopJuly 11, 2017

RELIABILITY | ACCOUNTABILITY8

• Compliance Guidance Policy• Types of Guidance• Pre-Qualified Organizations• Endorsement Process• Current Guidance• Website• Resources• Key Take-Aways

Overview

RELIABILITY | ACCOUNTABILITY9

Principles• Cannot change scope of Reliability Standard• May be developed concurrently with Reliability Standard• Should not conflict• Should be developed collaboratively• Not only way to comply• Additional Considerations: Finite and limited set Related guidance in one location Consider revising standard Apply professional judgment Feedback loops

Compliance Guidance Policy

RELIABILITY | ACCOUNTABILITY10

Compliance Guidance

Implementation Guidance

CMEP Practice Guides

Types of Guidance

RELIABILITY | ACCOUNTABILITY11

Implementation Guidance• Developed by industry, for industry• Examples or approaches One of several possible approaches

• Developed by: Standard Drafting Team (SDT)o Vetted by industry

Pre-Qualified Organizationo Endorsed by ERO Enterprise, with deference

Types of Guidance

RELIABILITY | ACCOUNTABILITY12

• CMEP Practice Guides Developed by ERO Enterprise, but may be initiated through a policy

discussion with industry Address how CMEP staff executes CMEP activitieso Possible considerations include the discretion to be applied, auditing practices,

risk assessment techniques, policies, and areas of focuso Not approaches to comply with standards

Uniform approaches that foster consistency across the ERO Enterprise Publically posted for transparency Apply professional judgment when evaluating methods or approaches not

identified in guidance

Types of Guidance

RELIABILITY | ACCOUNTABILITY13

CMEP Practice Guides• Developed by ERO Enterprise, for ERO Enterprise May be initiated through industry discussions Publically posted

• ERO Enterprise CMEP staff approach Fosters consistency Possible considerations include the discretion to be applied, auditing

practices, risk assessment techniques, policies, and areas of focus

Types of Guidance

RELIABILITY | ACCOUNTABILITY14

Approved by Compliance and Certification Committee (CCC) • The organization must: Be actively involved in NERC operations Have methods to assure technical rigor Possess ability to vet content

Pre-Qualified Organizations

RELIABILITY | ACCOUNTABILITY15

Applicant applies with

the CCC

CCC Reviews Application

CCC notifies the applicant of approval

Applicant is added to Pre-

Qualified Organization

List

Pre-Qualified Organizations

Pre-Qualified Organization Application Process

RELIABILITY | ACCOUNTABILITY16

• Standard Drafting Team (SDT) Identifies examples Reviews existing guidance

• Examples vetted by industry• Decision to submit for ERO Enterprise endorsement made by: Project Management and Oversight Subcommittee (PMOS) liaison and NERC Standards Developer submit for ERO Enterprise endorsement

• May not submit guidance after standard is approved Must be submitted by Pre-Qualified Organization

Pre-Qualified Organizations

RELIABILITY | ACCOUNTABILITY17

Endorsement of Implementation Guidance• Pre-Qualified Organization or SDT submit proposed guidance Email to ComplianceGuidance@nerc.net Include Implementation Guidance Submittal Form

• NERC Acknowledges receipt Posts proposed guidance Distributes to ERO SME

• ERO endorses or declines to endorse• Publicly posted Non-Endorsed noted in spreadsheet

Endorsement Process

RELIABILITY | ACCOUNTABILITY18

• Implementation Guidance Under Development/Consideration CEIWG - Voice Communications in a CIP Environment (VOIP in Control

Centers) CEIWG - Shared Facilities (CIP) CEIWG - NRC Employee Access and CIP-004 Personnel Risk Assessment NATF - TPL-001-5 NATF - CIP-010-2 Transient Cyber Assets NATF - CIP-014-2, R4 and R5 NEI - PRC-024-2, R1, R2, and R3 WICF - CIP-010-5 R1 Part 1.1.4 - Netstat baseline for Ports and Services WICF - MOD-025/MOD-026 - Manufacture curve/data is not available

Current Guidance

RELIABILITY | ACCOUNTABILITY19

Website

RELIABILITY | ACCOUNTABILITY20

Website

RELIABILITY | ACCOUNTABILITY21

Website

RELIABILITY | ACCOUNTABILITY22

Website

RELIABILITY | ACCOUNTABILITY23

• Compliance Guidance web page http://www.nerc.com/pa/comp/guidance/Pages/default.aspx

• Compliance Guidance Policy http://www.nerc.com/pa/comp/Resources/ResourcesDL/Compliance_Guidance_Policy_FINA

L_Board_Accepted_Nov_5_2015.pdf

• How to Submit Proposed Guidance http://www.nerc.com/pa/comp/guidance/Documents/Pre-

qualified_org_submittal_with_form.pdf

Resources

RELIABILITY | ACCOUNTABILITY24

• Pre-Qualified Organization list http://www.nerc.com/pa/comp/guidance/Documents/Pre-qualified%20organizations.pdf

• Procedure to Become a Pre-qualified Organization http://www.nerc.com/comm/CCC/Related%20Files%202013/Final%20CCCPP-

011_May_BOTCC_updated.pdf

• Pre-Qualified Organization Application http://www.nerc.com/pa/comp/guidance/Documents/Application_Pre-

Qualified_Organization.pdf

Resources

RELIABILITY | ACCOUNTABILITY25

• Implementation Guidance is one approach an entity may take to meet its obligations Are developed and vetted by industry Are endorsed/not endorsed by the ERO Enterprise

• CMEP Practices Guides Developed by, and for the ERO Enterprise

• Industry Webinar held May 31, 2017 https://cc.readytalk.com/cc/playback/Playback.do?id=2iu36n

• Lessons Learned Reference Sheet under development Industry will be notified when available

Key Takeaways

RELIABILITY | ACCOUNTABILITY26

RELIABILITY | ACCOUNTABILITY1