agenda compliance and certification committee highlights and... · 2019. 6. 13. · agenda...
TRANSCRIPT
Agenda Compliance and Certification Committee June 18 2019 | 100 pm ndash 500 pm Central June 19 2019 | 800 am ndash 1100 am Central
Exelon Corporation Offices 10 S Dearborn St 48th Floor Chicago IL 60603
Introduction and Chairrsquos Remarks
Welcome ndash Jennifer Sterling ndash Vice President ndash NERC Compliance and Security Exelon
Opening Remarks ndash Mechelle Thomas ndash Vice President and Chief Compliance Officer NERC
NERC Antitrust Compliance Guidelines and Public Announcement
Agenda Items
1 Administrative ndash Secretary and Jennifer Flandermeyer
2 Committee Business
a Consent Agenda ndash (Review) ndash Jennifer Flandermeyer
i Meeting Agenda ndash (Approve)
ii CCC March 2019 Meeting Minutes ndash (Approve)
3 Action Plan Updates
a Work Plan Spotlight ndash Scott Tomashefsky
b Effectiveness and Efficiency Summary with Action Items ndash Jennifer Flandermeyer
c Communication Package ndash Ryan Stewart and Jennifer Flandermeyer
d Extranet Site ndash Chris Boyd-Witherspoon
4 CCC Action Items and Work Plan Status ndash (Discuss) ndash Scott Tomashefsky
5 Subcommittee Updates
a Nominating Subcommittee ndash (Inform) ndash Daniela Cismaru
b ORCS ndash (Inform) ndash Greg Campoli
c EROMS ndash (Inform) ndash Ted Hobson
i New EROMS Scope Document - (Approve)
Agenda ndashCompliance and Certification Committee - June 18-19 2019 2
ii CCCPP-001 (Monitoring Program for NERCrsquos Adherence to NERCrsquos Rules of Procedure forCompliance Enforcement) ndash (Approve)
iii CCCPP-011 (Procedure to Become a Prequalified Organization Eligible to SubmitImplementation Guidance to the ERO) ndash (Approve)
iv NERC 2019 CCC Self Certification SPM
v CCCPP-010 (Criteria for Annual Regional Entity Program Evaluation)
vi Compliance Monitoring and Enforcement Program Organization Registration andCertification Program Audit
d Alignment Working Group ndash (Inform) ndash Martha Henson
e Standing Committee Coordination Group (SCCG) ndash (Update) ndash Scott Tomashefsky
6 Focused Discussion ndash (Discuss) ndash Jennifer Flandermeyer
a Application of Risk Principles
i Inherent Risk
ii Residual Risk
iii Risk-based CMEP
b Risk Identification and Valuation
c Risk Tolerance
d Committee Risk Activities
7 NERC Internal Audit (IA) Risk Process ndash (Update) ndash Matt Gibbons
8 ERO CMEP ndash (Update) ndash Steve Noess Ed Kichline
9 CORES Rollout ndash (Update) - Ryan Stewart
10 ALIGN Project ndash (Discuss) ndash Andy Rodriquez
11 NERC Board of Trustees Enterprise-wide Risk Committee ndash (Update) ndash Jennifer Flandermeyer
12 NERC Board of Trustees and Members Representative Committee (MRC) May 2019 Meetings -(Update) ndash Scott Tomashefsky
13 Standard Efficiency Review Phase II (Evidence Retention) ndash (Update) ndash John Allen
14 RISC Reliability Risk Report ndash (Discuss) ndash Patti Metro
15 Review of Action Items ndash (Review) ndash Scott Tomashefsky
16 Future Meeting Dates ndash (Inform)
a Confirmed 2019 Dates
i September 17-18 2019 Kansas City MO (KCPampL Offices)
Agenda ndashCompliance and Certification Committee - June 18-19 2019 3
ii November 19-20 2019 Rosemead CA (SCE Offices)
b Tentative 2020 Dates
i March 10-11 2020 TBD
ii June 9-10 2020 Cleveland OH (ReliabilityFirst)
iii September 23-24 2020 Salt Lake City UT (WECC Offices)
iv November 17-18 2020 Tentative Atlanta GA (NERC Offices)
Background materials included
Antitrust Compliance Guidelines I General It is NERCrsquos policy and practice to obey the antitrust laws and to avoid all conduct that unreasonably restrains competition This policy requires the avoidance of any conduct that violates or that might appear to violate the antitrust laws Among other things the antitrust laws forbid any agreement between or among competitors regarding prices availability of service product design terms of sale division of markets allocation of customers or any other activity that unreasonably restrains competition It is the responsibility of every NERC participant and employee who may in any way affect NERCrsquos compliance with the antitrust laws to carry out this commitment Antitrust laws are complex and subject to court interpretation that can vary over time and from one court to another The purpose of these guidelines is to alert NERC participants and employees to potential antitrust problems and to set forth policies to be followed with respect to activities that may involve antitrust considerations In some instances the NERC policy contained in these guidelines is stricter than the applicable antitrust laws Any NERC participant or employee who is uncertain about the legal ramifications of a particular course of conduct or who has doubts or concerns about whether NERCrsquos antitrust compliance policy is implicated in any situation should consult NERCrsquos General Counsel immediately II Prohibited Activities Participants in NERC activities (including those of its committees and subgroups) should refrain from the following when acting in their capacity as participants in NERC activities (eg at NERC meetings conference calls and in informal discussions)
bull Discussions involving pricing information especially margin (profit) and internal cost information and participantsrsquo expectations as to their future prices or internal costs
bull Discussions of a participantrsquos marketing strategies
bull Discussions regarding how customers and geographical areas are to be divided among competitors
bull Discussions concerning the exclusion of competitors from markets
bull Discussions concerning boycotting or group refusals to deal with competitors vendors or suppliers
NERC Antitrust Compliance Guidelines 2
bull Any other matters that do not clearly fall within these guidelines should be reviewed with NERCrsquos General Counsel before being discussed
III Activities That Are Permitted From time to time decisions or actions of NERC (including those of its committees and subgroups) may have a negative impact on particular entities and thus in that sense adversely impact competition Decisions and actions by NERC (including its committees and subgroups) should only be undertaken for the purpose of promoting and maintaining the reliability and adequacy of the bulk power system If you do not have a legitimate purpose consistent with this objective for discussing a matter please refrain from discussing the matter during NERC meetings and in other NERC-related communications You should also ensure that NERC procedures including those set forth in NERCrsquos Certificate of Incorporation Bylaws and Rules of Procedure are followed in conducting NERC business In addition all discussions in NERC meetings and other NERC-related communications should be within the scope of the mandate for or assignment to the particular NERC committee or subgroup as well as within the scope of the published agenda for the meeting No decisions should be made nor any actions taken in NERC activities for the purpose of giving an industry participant or group of participants a competitive advantage over other participants In particular decisions with respect to setting revising or assessing compliance with NERC reliability standards should not be influenced by anti-competitive motivations Subject to the foregoing restrictions participants in NERC activities may discuss
bull Reliability matters relating to the bulk power system including operation and planning matters such as establishing or revising reliability standards special operating procedures operating transfer capabilities and plans for new facilities
bull Matters relating to the impact of reliability standards for the bulk power system on electricity markets and the impact of electricity market operations on the reliability of the bulk power system
bull Proposed filings or other communications with state or federal regulatory authorities or other governmental entities
Matters relating to the internal governance management and operation of NERC such as nominations for vacant committee positions budgeting and assessments and employment matters and procedural matters such as planning and scheduling meetings
Public Announcements Face-to-face meeting version Participants are reminded that this meeting is public Notice of the meeting was posted on the NERC website and widely distributed Participants should keep in mind that the audience may include members of the press and representatives of various governmental authorities in addition to the expected participation by industry stakeholders
August 10 2010
Agenda Item 3bCCC Meeting
June 18-19 2019
Compliance and Certification Committee (CCC) Effectiveness and Efficiency Projects
Action Inform
Summary The Compliance and Certification Committee (CCC) after conducting a process to evaluate its effectiveness and efficiency identified several recommendations to implement to strengthen and mature the Committeersquos operations further building on the past successes The projects have been reviewed by the CCC Executive Committee and are presented to the full Committee for action
Engagement and Effectiveness
1 Welcome and Onboarding Package
2 Extranet site and File organization
3 Ease of Website use and content accessibility
4 CCC Reporting Dashboard ndash transparency and information sharing tool
Succession Planning
5 Nominating Subcommittee and CCC Member Criteria
6 Consolidation of EROMS and CPPS
Outreach
7 Outreach Plan and Membership Correlation to Industry Forums (Partnerships securing the long-term value of the CCC with industry the regions NERC and the Board of Trustees)
8 CCC Complaint Procedures and NERC IT Redesign for Complaint submission
Communications Plan
Jennifer Flandermeyer ndash CCC Chair EvergyRyan Stewart ndash Senior Manager Registration and Certification NERCCompliance and Certification Committee (CCC) MeetingJune 18-19 2019
RELIABILITY | ACCOUNTABILITY2Public
bull Key Objectives Outreach in Collaboration with NERC Partnership with Industry to garner feedback Industry participation on CCC goals and work products Succession Planning for CCC membership Others
CCC Communications with Industry
RELIABILITY | ACCOUNTABILITY3Public
Membership
bull Investor-Owned Utilitybull StateMunicipal Utilitybull Cooperative Utilitybull Federal or Provincial Utility
Federal Power Marketing Administrationbull Transmission Dependentbull Merchant Electricity Generatorbull Electricity Marketerbull Large End-use Electricity Customerbull Small End-use Electricity Customerbull Independent System Operator
Regional Transmission Organizationbull Regional Entitybull Government
RELIABILITY | ACCOUNTABILITY4Public
bull Current State What tools are currently used
bull Effective use of CCC members participation bull CCC Page redesign (NERC Website)bull New Tools to consider WebEx Brochures or flyers Newsletters Ad-hoc groups
bull Others
Communications Tools
RELIABILITY | ACCOUNTABILITY5Public
NERC | Scope Document | March 2014 1
Scope Document Compliance and Certification Committee ERO Monitoring Subcommittee
Draft May June 2019
3353 Peachtree Road NE Suite 600 North Tower
Atlanta GA 30326 404-446-2560 | wwwnerccom
Agenda Item 5ciCCC MeetingJune 18-19 2019
NERC | DRAFT EROMS Scope Document | February June 2019
Table of Contents
Preface 1
Section 1 Mission 2
Section 2 ERO Monitoring Subcommittee Tasks and Functions 3
Section 3 Membership 4
31 Goals 4
32 General 4
33 Subgroup Membership and Representation 4
34 Membership Not Restricted to CCC Members 4
35 Resignations 4
36 Proxies 4
37 Exclusions 6
38 Changes in Member Affiliation 6
39 Acknowledgement of a Membership Conflict 6
Section 4 Meetings 7
41 Antitrust Guidelines 7
42 Open Meetings 7
43 Confidential Sessions 7
44 Types of Meetings 7
45 Majority and Minority Views 7
46 Actions without a Meeting 7
47 Quorum 7
Section 5 Officers and Staff 8
51 General 8
52 Chair 8
53 Vice Chair 8
54 Staff Coordinator 8
6 Subordinate Groups 10
61 Committee Organization Hierarchy 10
62 Establishing Subgroups 10
Appendix A ndash CCCPP Responsibilities 11
NERC | DRAFT Scope Document | May June 2019
1
Preface
Summary The North American Electric Reliability Corporation (NERC) is a not-for-profit international regulatory authority whose mission is to ensure the reliability of the Bulk Power System (BPS) in North America NERC develops and enforces Reliability Standards annually assesses seasonal and long-term reliability monitors the BPS through system awareness and educates trains and certifies industry personnel NERCrsquos area of responsibility spans the continental United States Canada and the northern portion of Baja California Mexico NERC is the electric reliability organization (ERO) for North America subject to oversight by the Federal Energy Regulatory Commission (FERC) and governmental authorities in Canada NERCrsquos jurisdiction includes users owners and operators of the BPS which serves more than 334 million people
The Compliance and Certification Committee (CCC) is a NERC board-appointed stakeholder committee serving and reporting directly to the NERC Board of Trustees (Board) and is responsible for engaging with supporting and advising the NERC Board and NERC regarding all facets of the NERC Compliance Monitoring and Enforcement Program (CMEP) Organization Registration Program (Registration program) and Organization Certification Program (Certification program) The CCC is responsible for establishing and implementing a program as specified in Section 405 of the NERC Rules of Procedure (ROP) to monitor NERCrsquos adherence to ROP for Compliance Enforcement including but not limited to the uniform Compliance Monitoring and Enforcement Program (Appendix 4C) and the Sanction Guidelines (Appendix 4B) The Compliance and Certification Committee (CCC) has established the ERO Monitoring Subcommittee to perform the tasks set out in Sections 1 and 2 on behalf and under the supervision of the CCC
Revision History
Date Version Number Comments
February 19 2019 Draft Drafted and circulated for comment
MayJune XX 2019 10 Approved by the Compliance and Certification Committee in order to consolidate EROMS and CPPS
Approved by the Board of Trustees
NERC | DRAFT Scope Document | May June 2019
2
Section 1 Mission
The NERC Compliance and Certification Committee (CCC) is a NERC Board-appointed stakeholder committee serving and reporting directly to the NERC Board Operation and governance of the CCC is as articulated in the CCC Charter
The ERO Monitoring Subcommittee (EROMS) was formed by the CCC to assist the committee in fulfilling its mission and functions1 in a thorough and efficient manner Further details of what the subcommittee will undertake on behalf and under the supervision of the CCC are provided in Section 2
1 See Sections 1 and 2 of the CCC Charter respectively
NERC | DRAFT Scope Document | May June 2019
3
Section 2 ERO Monitoring Subcommittee Tasks and Functions
To fulfill its mission the CCC has established the EROMS to perform the following tasks on behalf and under the supervision of the CCC
i Establish and implement programs to monitor NERCrsquos adherence to the Rules of Procedure regarding the
a Compliance Monitoring and Enforcement Program as specified in Section 405 of NERCrsquos Rules of Procedure and the
b Reliability Standards development process as specified in Section 300 of NERCrsquos Rules of Procedures with the exception of appeals of substantive or procedural action or inaction associated with a Reliability Standard or the Reliability Standards process as defined in the appeals section of the Reliability Standards Development Procedure
appeals of substantive or procedural action or inaction as specified in Section 405 of the NERC Rules of Procedureas defined in the appeals section of the [Reliability Standards Development Procedure or Standards Process Manual] as specified in Section 405 of NERCrsquos Rules of Procedure
ii Establish and implement programs to monitor NERCrsquos compliance with the reliability standards that apply to NERC
iii Develop and maintain CCC operational procedures with respect to the CCC responsibilities under the CCC Charter as specified in Attachment A
iv As assigned by the CCC advise and prepare recommendations to the CCC to address any standards related issues relevant to and within the scope of the NERC Compliance and Certification Committee (eg request from the Standards Committee Standard Drafting Team CCC NERC Compliance Staff etc)
v Perform document review to promote consistency between multiple documents (procedures policies standards rules orders etc) that comprise the overall NERC Compliance Monitoring and Enforcement Program (CMEP) and to assure ensure documents are clear unambiguous consistent and complementary In the event any documents are found to be unclear ambiguous or inconsistent advise the CCC of any such situations and propose changes that it believes will clarify such situations Activities may include but are not limited to
a Reviews of changes to the Rules of Procedure related to the Compliance Monitoring and Enforcement program Registration program and Certification program
b Proposals to change the ROP related to the Compliance Monitoring and Enforcement program Registration program and Certification program
vi Support the development and implementation of enhancements to the CMEP and as specified in ROP 402 develop criteria for NERC to use to assess the effectiveness of each Regional CMEP and make and provide recommendations to the CCC
vii Act as liaison of the CCC to the NERC Standards Committee
viii Implement CCC support in the development of the RSAWs for new Reliability Standards under development or for revisions to existing Reliability Standards
The subcommittee will work within its assigned scope and be accountable for the responsibilities and other related tasks assigned to it by the CCC
Commented [GM1] Need confirmation of how to reference standard program
Commented [GM2] This work is reflected in CCCPP-001 to -003
Commented [ST3] Unless I am completely missing something here I would suggest parroting the language that is included in the CCC Committee functions of the CCC Charter See Bullet 5c ldquo hellipappeals of substantive or procedural action or inaction associated with a Reliability Standard or the Reliability Standards process as defined in the appeals section of the Reliability Standards Development Procedurerdquo The reference point here is to Section 300 of the ROP rather than Section 405 Whatever you decide whatever changes you incorporate will need to be incorporated into the second paragraph of CCCPP-003
Commented [GM4] Changes as recommended during May call to make clear that EROMS work in this area is undertaken at direction of CCC This ensures work efforts are consistent and coordinated across stakeholder committees amp the ERO
Commented [GM5] EROMS Please review this language Ed has observed that the clauses do not fit well into the structure of the rest of the sentence and that the reference to ldquosuch situationsrdquo is undefined and ambiguous
Commented [FPL906R5] Agree we may want to delete or rephrase Proposing some language for consideration
Commented [GM7] This work is reflected in CCCPP-010
Commented [GM8] Deleted as recommended during May call
Commented [GM9] EROMS has opportunity to provide feedback to NERC on RSAWs before they are finalized
NERC | DRAFT Scope Document | May June 2019
4
Section 3 Membership
31 Goals The membership of this subcommittee will be established to address the need for expertise and balance of interests to carry out the subcommitteersquos assigned Tasks and Functions as outlined in Section 2
32 General General membership requirements for members of a subgroup of the CCC are as articulated in Section 7Chapter 5 of the CCC Charter Additional membership requirements for this subcommittee are as defined within this scope document
33 Subgroup Membership and Representation As outlined in the CCC Charter each member of this subcommittee and its officers will be appointed by the chair of the CCC
34 Membership Not Restricted to CCC Members Members of this subcommittee are not required to be members of the CCC but must be eligible to be members of the committee Any member of the subcommittee who is also a member of the Standards Committee or its subcommittees are required to recuse themselves when voting on any matters resulting from monitoring of NERCrsquos adherence to Section 306 of the Rules of Procedure
35 Resignations
a By the Member In the event a member can no longer serve on the subcommittee that member will submit a written resignation to the subcommittee chair or the CCC secretary
b Requested by the Chair The chair may request any subcommittee member who ceases to participate in the subcommittee as indicated by not attending or sending a proxy for two consecutive meetings to submit a resignation or to request continuation of membership with an explanation of extenuating circumstances If a written response is not received within 30 days of the chairrsquos request the lack of response will be considered a resignation
c Referral to the CCC Chair The subcommittee chair will refer the vacancy resulting from a resignation to the chair of the CCC who may recommend a replacement pursuant to the CCC Charter
d By the Board CCC Committee members and by extension members of CCC subcommittees serve at the pleasure of the NERC Board which may request resignation of remove or replace a member as it deems appropriate
36 Proxies A substitute representative or proxy may attend on behalf of a member during all or a portion of a subcommittee meeting provided the absent member notifies the subcommittee chair vice chair or CCC secretary of the proxy
a Notification Such notification will be in writing (electronic medium is acceptable) The proxy representatives and their affiliation will be named in the correspondence
b May Not Serve as a Proxy for Another Member
A voting member of a subcommittee may not serve as a proxy for another voting member on the
Commented [GM10] Need to double check that CCC Chair appointment is required for EROMS membership I think CCC Chair appointment may only be required for Subcomm Chair amp Vice-Chair
NERC | DRAFT Scope Document | May June 2019
5
same subcommittee (ie a member may not cast more than his or her own vote)
NERC | DRAFT Scope Document | May June 2019
6
37 Exclusions Exclusions shall be as articulated in Section 3Chapter 1 of the CCC Charter
38 Changes in Member Affiliation A subcommittee member whose affiliation has changed may remain a member of the subcommittee by remaining subject to membership requirements and by notifying the chair of the CCC and the subcommittee chair of the change and receiving the approval of the chair of the CCC to remain on the subcommittee
39 Acknowledgement of a Membership Conflict No subcommittee member may have a conflict of interest that would impair his or her ability to fulfill obligations under this scope document Any subcommittee member who knows of any form of membership conflict such as working for an entity affiliated with that of another subcommittee member will notify the subcommittee chair and the chair of the CCC within ten business days of obtaining that knowledge
NERC | DRAFT Scope Document | May June 2019
7
Section 4 Meetings
In the absence of specific provisions in this document or the CCC Charter all subcommittee meetings will follow Robertrsquos Rules of Order Newly Revised
Actions requiring a vote by the members of the subcommittee will be approved upon receipt of the affirmative vote of the majority of the voting members of the subcommittee present and voting in person or by proxy at any meeting at which five (5) or more members are present
41 Antitrust Guidelines All persons attending or otherwise participating in a NERC committee or subgroup meeting will act in accordance with NERCrsquos Antitrust Compliance Guidelines at all times during the meeting
42 Open Meetings NERC committee meetings will be open to the public except as noted below under Confidential Sessions
43 Confidential Sessions Meetings where information related to the subcommitteersquos review of non-public information or results in monitoring of NERCrsquos adherence to Section 306 of NERCrsquos Rules of Procedure and the compliance programrsquos adherence to NERCrsquos Rules of Procedure as specified in Section 405 of NERCrsquos Rules of Procedure will be confidential sessions Additionally with approval of the NERC Director of Regulatory Programs or the head of NERCrsquos internal audit function a meeting or portion of a meeting of the subcommittee may have attendance limited based on confidentiality of the information to be disclosed at the meeting Such limitations should be applied sparingly and on a non-discriminatory basis as needed to protect information that is sensitive information or confidential information to one or more parties Confidential information will only be disclosed as provided by Section 1500 of the NERC Rules of Procedure Confidentiality agreements may also be applied as necessary to protect sensitive information or confidential information
44 Types of Meetings Meetings may be conducted in person by conference call or other means The procedures contained in this scope document will apply to all meetings regardless of how they are conducted
45 Majority and Minority Views All members of the subcommittee will be afforded the opportunity to provide alternative views on an issue The results of the subcommittee actions including recorded minutes will reflect the majority as well as any minority views of the subcommittee members The chair will communicate both the majority and any minority views in presenting results to the CCC
46 Actions without a Meeting Actions without a meeting are permitted in accordance with the provisions of the CCC Charter
47 Quorum A quorum for conducting business is 50 percent of the members listed on the current subcommittee roster If a quorum is not present then the subcommittee may not take any actions requiring a vote of the subcommittee However the chair may with the consent of the members present allow discussion of agenda items
NERC | DRAFT Scope Document | May June 2019
8
Section 5 Officers and Staff
51 General a Number of Positions
The subcommittee will have two officers and a secretary
b Officers The subcommittee officers will be one chair and one vice chair
c Secretary The NERC staff coordinator will serve as the subcommitteersquos secretary
d Officers May Vote The subcommittee chair and vice chair are voting members of the subcommittee
e Officers are Named by the CCC Chair for a Two-year Term Officers may be reappointed for a second two-year term
52 Chair The chair will direct and provide general supervision of subcommittee activities including
i Coordinate the schedule of all subcommittee meetings
ii Develop subcommittee agendas and rule on any deviation addition or deletion from a published agenda
iii Preside at and manage subcommittee meetings including the nature and length of discussion recognition of speakers and proxies motions and voting
iv Will act as the spokesperson for the subcommittee to the CCC
The subcommittee chair will serve as a member of the Executive of the CCC as described in the CCC Charter The subcommittee chair must be a member of the CCC
53 Vice Chair The vice chair will assume the responsibilities of the chair under the following conditions
i At the discretion of the chair (for brief periods of time)
ii When the chair is absent or temporarily unable to perform the chairrsquos duties or
iii When the chair is permanently unavailable or unable to perform the chairrsquos duties In the case of a permanent change the vice chair will continue to serve until a new chair is appointed by the chair of the CCC
The vice chair of the subcommittee must be a member of the CCC and may assume the responsibilities of the chair on the CCC Executive Committee in the absence of the chair
54 Staff Coordinator A member of the NERC staff will be selected by NERCrsquos Director of Regulatory Programs to serve as the staff coordinator and secretary of the subcommittee The staff coordinator is not a subcommittee member and does not have a vote Under the direction of the subcommittee officers the chair of the CCC and applicable NERC Bylaws guidelines and Rules of Procedure the staff coordinator will
NERC | DRAFT Scope Document | May June 2019
9
i Manage the day-to-day operation and business of the subcommittee
ii Prepare and distribute the notices of the subcommittee meetings prepare the meeting agenda and prepare and distribute minutes of the subcommittee meetings
iii Act as the subcommitteersquos parliamentarian
NERC | DRAFT Scope Document | May June 2019
10
Section 6 Subordinate Groups
61 Committee Organization Hierarchy As allowed in the NERC Bylaws the CCC organizational structure supports a superior-subordinate hierarchy that is ordered as follows
bull Committee
bull Subcommittee
bull Working Group
bull Task Force 62 Establishing Subgroups The CCC has established this subcommittee and is responsible for it to the NERC Board This subcommittee may establish subordinate groups as discussed in the CCC Charter
NERC | Draft Scope Document | May June 2019
Attachment A ndash CCCPP Responsibilities
It is envisioned that the two CCC Subcommittees will be primarily responsible for maintaining the CCCPPs that they administer as well as the CCC Charter itself The following table shows the delegation of responsibilities by CCC subcommittee
CCCPP for CCC Monitoring Program Responsible Subcommittee
bull CCCPPndash001-2 | Monitoring Program for NERCrsquos Adherence to NERCrsquos Rules of Procedure for Compliance Enforcement
EROMS
bull CCCPPndash002ndash2| Compliance Monitoring Program for Reliability Standards Applicable to NERC
EROMS
bull CCCPPndash003ndash2 | Monitoring Program for NERCrsquos Reliability Standards Development Procedure
EROMS
bull CCCPPndash004ndash2 | NERC Compliance and Certification Committee Hearing Procedures
EROMS
bull CCCPPndash005ndash1 | NERC Compliance and Certification Committee Hearing Procedures for use in Appeals of Certification Matters
ORCS
bull CCCPPndash006ndash2 | NERC Compliance and Certification Committee Mediation Procedures
EROMS
bull CCCPPndash007-3 | Monitoring Program for NERCrsquos Adherence to NERCrsquos Rules of Procedure for Registration and Certification
ORCS
bull CCCPPndash008ndash1 | Program for Monitoring Stakeholders Perceptions
EROMS
bull CCCPPndash009ndash2 | Confidentiality Protocol - Compliance and Certification Committee
EROMS
bull CCCPP-010-5| NERC Compliance and Certification Committee Criteria for Annual Regional Entity Program Evaluation
EROMS
bull CCCPP-011-1 | Procedure to Become a Prequalified Organization Eligible to Submit Implementation Guidance to the ERO
EROMS
bull CCCPP-012 | CCC Participation in NERCrsquos Audits of Regional Entity CMEP Programs in Accordance with Appendix 4A of the NERC Rules of Procedure
EROMS
bull Compliance and Certification Committee Charter EROMS
NERC | Draft Scope Document | May June 2019
2 httpwwwnerccomcommCCCPagesRelated20Filesaspx
NERC | Scope Document | March 2014 1
Scope Document Compliance and Certification Committee ERO Monitoring Subcommittee
Draft June 2019
3353 Peachtree Road NE Suite 600 North Tower
Atlanta GA 30326 404-446-2560 | wwwnerccom
Agenda Item 5ciCCC Meeting June 18-19 2019
NERC | DRAFT EROMS Scope Document | June 2019
Table of Contents
Preface 1
Section 1 Mission 2
Section 2 ERO Monitoring Subcommittee Tasks and Functions 3
Section 3 Membership 4
31 Goals 4
32 General 4
33 Subgroup Membership and Representation 4
34 Membership Not Restricted to CCC Members 4
35 Resignations 4
36 Proxies 4
37 Exclusions 5
38 Changes in Member Affiliation 5
39 Acknowledgement of a Membership Conflict 5
Section 4 Meetings 6
41 Antitrust Guidelines 6
42 Open Meetings 6
43 Confidential Sessions 6
44 Types of Meetings 6
45 Majority and Minority Views 6
46 Actions without a Meeting 6
47 Quorum 6
Section 5 Officers and Staff 7
51 General 7
52 Chair 7
53 Vice Chair 7
54 Staff Coordinator 7
6 Subordinate Groups 9
61 Committee Organization Hierarchy 9
62 Establishing Subgroups 9
Appendix A ndash CCCPP Responsibilities 10
NERC | DRAFT Scope Document | June 2019
1
Preface
Summary The North American Electric Reliability Corporation (NERC) is a not-for-profit international regulatory authority whose mission is to ensure the reliability of the Bulk Power System (BPS) in North America NERC develops and enforces Reliability Standards annually assesses seasonal and long-term reliability monitors the BPS through system awareness and educates trains and certifies industry personnel NERCrsquos area of responsibility spans the continental United States Canada and the northern portion of Baja California Mexico NERC is the electric reliability organization (ERO) for North America subject to oversight by the Federal Energy Regulatory Commission (FERC) and governmental authorities in Canada NERCrsquos jurisdiction includes users owners and operators of the BPS which serves more than 334 million people
The Compliance and Certification Committee (CCC) is a NERC board-appointed stakeholder committee serving and reporting directly to the NERC Board of Trustees (Board) and is responsible for engaging with supporting and advising the NERC Board and NERC regarding all facets of the NERC Compliance Monitoring and Enforcement Program (CMEP) Organization Registration Program (Registration program) and Organization Certification Program (Certification program) The CCC is responsible for establishing and implementing a program as specified in Section 405 of the NERC Rules of Procedure (ROP) to monitor NERCrsquos adherence to ROP for Compliance Enforcement including but not limited to the uniform Compliance Monitoring and Enforcement Program (Appendix 4C) and the Sanction Guidelines (Appendix 4B) The Compliance and Certification Committee (CCC) has established the ERO Monitoring Subcommittee to perform the tasks set out in Sections 1 and 2 on behalf and under the supervision of the CCC
Revision History
Date Version Number Comments
February 19 2019 Draft Drafted and circulated for comment
June XX 2019 10 Approved by the Compliance and Certification Committee in order to consolidate EROMS and CPPS
Approved by the Board of Trustees
NERC | DRAFT Scope Document | June 2019
2
Section 1 Mission
The NERC Compliance and Certification Committee (CCC) is a NERC Board-appointed stakeholder committee serving and reporting directly to the NERC Board Operation and governance of the CCC is as articulated in the CCC Charter
The ERO Monitoring Subcommittee (EROMS) was formed by the CCC to assist the committee in fulfilling its mission and functions1 in a thorough and efficient manner Further details of what the subcommittee will undertake on behalf and under the supervision of the CCC are provided in Section 2
1 See Sections 1 and 2 of the CCC Charter respectively
NERC | DRAFT Scope Document | June 2019
3
Section 2 ERO Monitoring Subcommittee Tasks and Functions
To fulfill its mission the CCC has established the EROMS to perform the following tasks on behalf and under the supervision of the CCC
i Establish and implement programs to monitor NERCrsquos adherence to the Rules of Procedure regarding the
a Compliance Monitoring and Enforcement Program as specified in Section 405 of NERCrsquos Rules of Procedure and the
b Reliability Standards development process as specified in Section 300 of NERCrsquos Rules of Procedures with the exception of appeals of substantive or procedural action or inaction associated with a Reliability Standard or the Reliability Standards process as defined in the appeals section of the Reliability Standards Development Procedure
ii Establish and implement programs to monitor NERCrsquos compliance with the reliability standards that apply to
NERC
iii Develop and maintain CCC operational procedures with respect to the CCC responsibilities under the CCC Charter as specified in Attachment A
iv As assigned by the CCC advise and prepare recommendations to the CCC to address any standards related issues relevant to and within the scope of the NERC Compliance and Certification Committee (eg request from the Standards Committee Standard Drafting Team CCC NERC Compliance Staff etc)
v Perform document review to promote consistency between multiple documents (procedures policies standards rules orders etc) that comprise the overall NERC Compliance Monitoring and Enforcement Program (CMEP) and to ensure documents are clear unambiguous consistent and complementary In the event any documents are found to be unclear ambiguous or inconsistent advise the CCC and propose changes Activities may include but are not limited to
a Reviews of changes to the Rules of Procedure related to the Compliance Monitoring and Enforcement program Registration program and Certification program
b Proposals to change the ROP related to the Compliance Monitoring and Enforcement program Registration program and Certification program
vi Support the development and implementation of enhancements to the CMEP and as specified in ROP 402 develop criteria for NERC to use to assess the effectiveness of each Regional CMEP and make and provide recommendations to the CCC
vii Act as liaison of the CCC to the NERC Standards Committee
viii Implement CCC support in the development of the RSAWs for new Reliability Standards under development or for revisions to existing Reliability Standards
The subcommittee will work within its assigned scope and be accountable for the responsibilities and other related tasks assigned to it by the CCC
NERC | DRAFT Scope Document | June 2019
4
Section 3 Membership
31 Goals The membership of this subcommittee will be established to address the need for expertise and balance of interests to carry out the subcommitteersquos assigned Tasks and Functions as outlined in Section 2
32 General General membership requirements for members of a subgroup of the CCC are as articulated in Chapter 5 of the CCC Charter Additional membership requirements for this subcommittee are as defined within this scope document
33 Subgroup Membership and Representation As outlined in the CCC Charter subcommittee officers will be appointed by the chair of the CCC
34 Membership Not Restricted to CCC Members Members of this subcommittee are not required to be members of the CCC but must be eligible to be members of the committee Any member of the subcommittee who is also a member of the Standards Committee or its subcommittees are required to recuse themselves when voting on any matters resulting from monitoring of NERCrsquos adherence to Section 306 of the Rules of Procedure
35 Resignations
a By the Member In the event a member can no longer serve on the subcommittee that member will submit a written resignation to the subcommittee chair or the CCC secretary
b Requested by the Chair The chair may request any subcommittee member who ceases to participate in the subcommittee as indicated by not attending or sending a proxy for two consecutive meetings to submit a resignation or to request continuation of membership with an explanation of extenuating circumstances If a written response is not received within 30 days of the chairrsquos request the lack of response will be considered a resignation
c Referral to the CCC Chair The subcommittee chair will refer the vacancy resulting from a resignation to the chair of the CCC who may recommend a replacement pursuant to the CCC Charter
d By the Board CCC Committee members and by extension members of CCC subcommittees serve at the pleasure of the NERC Board which may request resignation of remove or replace a member as it deems appropriate
36 Proxies A substitute representative or proxy may attend on behalf of a member during all or a portion of a subcommittee meeting provided the absent member notifies the subcommittee chair vice chair or CCC secretary of the proxy
a Notification Such notification will be in writing (electronic medium is acceptable) The proxy representatives and their affiliation will be named in the correspondence
b May Not Serve as a Proxy for Another Member
A voting member of a subcommittee may not serve as a proxy for another voting member on the same subcommittee (ie a member may not cast more than his or her own vote)
NERC | DRAFT Scope Document | June 2019
5
37 Exclusions Exclusions shall be as articulated in Chapter 1 of the CCC Charter
38 Changes in Member Affiliation A subcommittee member whose affiliation has changed may remain a member of the subcommittee by remaining subject to membership requirements and by notifying the chair of the CCC and the subcommittee chair of the change and receiving the approval of the chair of the CCC to remain on the subcommittee
39 Acknowledgement of a Membership Conflict No subcommittee member may have a conflict of interest that would impair his or her ability to fulfill obligations under this scope document Any subcommittee member who knows of any form of membership conflict such as working for an entity affiliated with that of another subcommittee member will notify the subcommittee chair and the chair of the CCC within ten business days of obtaining that knowledge
NERC | DRAFT Scope Document | June 2019
6
Section 4 Meetings
In the absence of specific provisions in this document or the CCC Charter all subcommittee meetings will follow Robertrsquos Rules of Order Newly Revised
Actions requiring a vote by the members of the subcommittee will be approved upon receipt of the affirmative vote of the majority of the voting members of the subcommittee present and voting in person or by proxy at any meeting at which five (5) or more members are present
41 Antitrust Guidelines All persons attending or otherwise participating in a NERC committee or subgroup meeting will act in accordance with NERCrsquos Antitrust Compliance Guidelines at all times during the meeting
42 Open Meetings NERC committee meetings will be open to the public except as noted below under Confidential Sessions
43 Confidential Sessions Meetings where information related to the subcommitteersquos review of non-public information or results in monitoring of NERCrsquos adherence to Section 306 of NERCrsquos Rules of Procedure and the compliance programrsquos adherence to NERCrsquos Rules of Procedure as specified in Section 405 of NERCrsquos Rules of Procedure will be confidential sessions Additionally with approval of the NERC Director of Regulatory Programs or the head of NERCrsquos internal audit function a meeting or portion of a meeting of the subcommittee may have attendance limited based on confidentiality of the information to be disclosed at the meeting Such limitations should be applied sparingly and on a non-discriminatory basis as needed to protect information that is sensitive information or confidential information to one or more parties Confidential information will only be disclosed as provided by Section 1500 of the NERC Rules of Procedure Confidentiality agreements may also be applied as necessary to protect sensitive information or confidential information
44 Types of Meetings Meetings may be conducted in person by conference call or other means The procedures contained in this scope document will apply to all meetings regardless of how they are conducted
45 Majority and Minority Views All members of the subcommittee will be afforded the opportunity to provide alternative views on an issue The results of the subcommittee actions including recorded minutes will reflect the majority as well as any minority views of the subcommittee members The chair will communicate both the majority and any minority views in presenting results to the CCC
46 Actions without a Meeting Actions without a meeting are permitted in accordance with the provisions of the CCC Charter
47 Quorum A quorum for conducting business is 50 percent of the members listed on the current subcommittee roster If a quorum is not present then the subcommittee may not take any actions requiring a vote of the subcommittee However the chair may with the consent of the members present allow discussion of agenda items
NERC | DRAFT Scope Document | June 2019
7
Section 5 Officers and Staff
51 General a Number of Positions
The subcommittee will have two officers and a secretary
b Officers The subcommittee officers will be one chair and one vice chair
c Secretary The NERC staff coordinator will serve as the subcommitteersquos secretary
d Officers May Vote The subcommittee chair and vice chair are voting members of the subcommittee
e Officers are Named by the CCC Chair for a Two-year Term Officers may be reappointed for a second two-year term
52 Chair The chair will direct and provide general supervision of subcommittee activities including
i Coordinate the schedule of all subcommittee meetings
ii Develop subcommittee agendas and rule on any deviation addition or deletion from a published agenda
iii Preside at and manage subcommittee meetings including the nature and length of discussion recognition of speakers and proxies motions and voting
iv Will act as the spokesperson for the subcommittee to the CCC
The subcommittee chair will serve as a member of the Executive of the CCC as described in the CCC Charter The subcommittee chair must be a member of the CCC
53 Vice Chair The vice chair will assume the responsibilities of the chair under the following conditions
i At the discretion of the chair (for brief periods of time)
ii When the chair is absent or temporarily unable to perform the chairrsquos duties or
iii When the chair is permanently unavailable or unable to perform the chairrsquos duties In the case of a permanent change the vice chair will continue to serve until a new chair is appointed by the chair of the CCC
The vice chair of the subcommittee must be a member of the CCC and may assume the responsibilities of the chair on the CCC Executive Committee in the absence of the chair
54 Staff Coordinator A member of the NERC staff will be selected by NERCrsquos Director of Regulatory Programs to serve as the staff coordinator and secretary of the subcommittee The staff coordinator is not a subcommittee member and does not have a vote Under the direction of the subcommittee officers the chair of the CCC and applicable NERC Bylaws guidelines and Rules of Procedure the staff coordinator will
NERC | DRAFT Scope Document | June 2019
8
i Manage the day-to-day operation and business of the subcommittee
ii Prepare and distribute the notices of the subcommittee meetings prepare the meeting agenda and prepare and distribute minutes of the subcommittee meetings
iii Act as the subcommitteersquos parliamentarian
NERC | DRAFT Scope Document | June 2019
9
Section 6 Subordinate Groups
61 Committee Organization Hierarchy As allowed in the NERC Bylaws the CCC organizational structure supports a superior-subordinate hierarchy that is ordered as follows
bull Committee
bull Subcommittee
bull Working Group
bull Task Force 62 Establishing Subgroups The CCC has established this subcommittee and is responsible for it to the NERC Board This subcommittee may establish subordinate groups as discussed in the CCC Charter
NERC | Draft Scope Document | June 2019
Attachment A ndash CCCPP Responsibilities
It is envisioned that the two CCC Subcommittees will be primarily responsible for maintaining the CCCPPs that they administer as well as the CCC Charter itself The following table shows the delegation of responsibilities by CCC subcommittee
CCCPP for CCC Monitoring Program Responsible Subcommittee
bull CCCPPndash001-2 | Monitoring Program for NERCrsquos Adherence to NERCrsquos Rules of Procedure for Compliance Enforcement
EROMS
bull CCCPPndash002ndash2| Compliance Monitoring Program for Reliability Standards Applicable to NERC
EROMS
bull CCCPPndash003ndash2 | Monitoring Program for NERCrsquos Reliability Standards Development Procedure
EROMS
bull CCCPPndash004ndash2 | NERC Compliance and Certification Committee Hearing Procedures
EROMS
bull CCCPPndash005ndash1 | NERC Compliance and Certification Committee Hearing Procedures for use in Appeals of Certification Matters
ORCS
bull CCCPPndash006ndash2 | NERC Compliance and Certification Committee Mediation Procedures
EROMS
bull CCCPPndash007-3 | Monitoring Program for NERCrsquos Adherence to NERCrsquos Rules of Procedure for Registration and Certification
ORCS
bull CCCPPndash008ndash1 | Program for Monitoring Stakeholders Perceptions
EROMS
bull CCCPPndash009ndash2 | Confidentiality Protocol - Compliance and Certification Committee
EROMS
bull CCCPP-010-5| NERC Compliance and Certification Committee Criteria for Annual Regional Entity Program Evaluation
EROMS
bull CCCPP-011-1 | Procedure to Become a Prequalified Organization Eligible to Submit Implementation Guidance to the ERO
EROMS
bull CCCPP-012 | CCC Participation in NERCrsquos Audits of Regional Entity CMEP Programs in Accordance with Appendix 4A of the NERC Rules of Procedure
EROMS
bull Compliance and Certification Committee Charter EROMS
NERC | Draft Scope Document | June 2019
2 httpwwwnerccomcommCCCPagesRelated20Filesaspx
Monitoring Program for NERCrsquos Adherence to NERCrsquos Rules of Procedure for Compliance Monitoring and Enforcement CCC Monitoring Program ndash CCCPP-001
May April 7 20152019
NERC | Report Title | Report Date I
Agenda Item 5ciiCCC MeetingJune 18-19 2019
NERC | Monitoring Program for NERCrsquos Adherence to NERCrsquos Rules of Procedure for Compliance Monitoring and Enforcement | May 7 2015
ii
Table of Contents
Preface iii
Revision History iv
1 Introduction 1
2 Monitoring Processes 3
3 Annual Work Plan 5
4 Mitigation Plan 6
41 Contents of a Mitigation Plan 6
42 Timetable for Completion of a Mitigation Plan 6
5 Data Retention and Confidentiality 7
51 Records Management 7
52 Retention Management 7
53 Confidentiality Management 7
6 Reporting and Disclosure 8
61 1 Audit 8
62 Complaint 8
63 Mitigation Plan 8
64 Other Monitoring Activity 8
Preface
NERC | Monitoring Program for NERCrsquos Adherence to NERCrsquos Rules of Procedure for Compliance Monitoring and Enforcement | May 7 2015
3
The North American Electric Reliability Corporation (NERC) is a not-for-profit international regulatory authority whose mission is to assure the reliability of the bulk power system (BPS) in North America NERC develops and enforces Reliability Standards annually assesses seasonal and long-term reliability monitors the BPS through system awareness and educates trains and certifies industry personnel NERCrsquos area of responsibility spans the continental United States Canada and the northern portion of Baja California Mexico NERC is the electric reliability organization (ERO) for North America subject to oversight by the Federal Energy Regulatory Commission (FERC) and governmental authorities in Canada NERCrsquos jurisdiction includes users owners and operators of the BPS which serves more than 334 million people
The North American BPS is divided into several assessment areas within the eight Regional Entity (RE) boundaries as shown in the map and corresponding table below
The Regional boundaries in this map are approximate The highlighted area between SPP and SERC denotes overlap as some load-serving entities participate in one Region while associated transmission ownersoperators participate in another
FRCC Florida Reliability Coordinating Council
MRO Midwest Reliability Organization
NPCC Northeast Power Coordinating Council RF ReliabilityFirst
SERC SERC Reliability Corporation
SPP-RE Southwest Power Pool Regional Entity TRE Texas Reliability Entity
WECC Western Electricity Coordinating Council
NERC | Monitoring Program for NERCrsquos Adherence to NERCrsquos Rules of Procedure for Compliance Monitoring and Enforcement | May 7 2015
4
Revision History
CCCPP-001
Date Version Number Comments
June 11 2008 10 Approved by the Compliance and Certification Committee
August 26 2008 10 Approved by the Board of Trustees
April 13 2015
20
Revised by the ERO Monitoring Subcommittee (EROMS) and approved by the Compliance and Certification Committee
May 7 2015 20 Approved by the Board of Trustees June xx 2019 August xx 2019
30 30
Approved by the Compliance and Certification Committee Approved by the Board of Trustees
NERC Compliance and Certification Committee Title Monitoring Program for NERCrsquos Adherence to NERCrsquos Rules of Procedure for Compliance Monitoring and Enforcement Version 20 Revision Date 04132015 Effective Dat e 05072015
Formatted Table
1 Introduction
NERC | Monitoring Program for NERCrsquos Adherence to NERCrsquos Rules of Procedure for Compliance Monitoring and Enforcement | May 7 2015
1
In the capacity of a NERC board-appointed stakeholder committee serving and reporting directly to the Board under a NERC board-approved charter1 as approved by FERC2 and as set forth in the Rules of Procedures (ROP) the CCC will engage with support and advise the Board and NERC Board of Trustees Compliance Committee (BOTCC) regarding all facets of the NERC Compliance Monitoring and Enforcement Program (CMEP) Registration program and Certification program
The CCC is responsible for establishing and implementing a program as specified in Section 405 of the ROP to monitor NERCrsquos adherence to the ROP for Compliance Monitoring and Enforcement including but not limited to the uniform CMEP (Appendix 4C) and the Sanction Guidelines (Appendix 4B) This document describes the program and associated processes to be utilized by the CCC in carrying out this responsibility
As noted in the NERC board-approved CCC Charter monitoring by the CCC is ongoing and does not preclude interfere with or replace in whole or in part the Boardrsquos responsibility to conduct and provide such reviews of these programs as required by FERC regulations 18 CFR sect 393(c) ldquoThe Electric Reliability Organization shall submit an assessment of its performance three years from the date of certification by the Commission and every five years thereafterrdquo
11 Terms The terms defined below are applicable to this program only and are not intended to be applicable to or conflict with the same or similar terms used by NERC for other purposes
111 Adverse Finding A finding of a non-adherence to the ROP as a result of an Audit a Self-Certification a Self-Report or a Spot Check
112 Audit A systematic objective review and examination of records and activities to determine whether NERC has adhered to the ROP for Compliance Monitoring and Enforcement
113 Complaint An allegation that NERC has not adhered to the ROP for Compliance Monitoring and Enforcement
114 Mitigation Plan An action plan developed by NERC to (1) correct an Adverse Finding andor (2) prevent any recurrence of an Adverse Finding
115 Self-Certification Periodic reporting by NERC of adherence or non-adherence to the ROP for Compliance Monitoring and Enforcement
116 Self-Report A report by NERC of a non-adherence to the ROP for Compliance Monitoring and Enforcement based on NERCrsquos own assessment and of any actions taken or that are being taken to resolve the non-adherence
1httpwwwnerccomcommCCCDocumentsCCC20Charter20Approved20RR15-11-000pdf 2 httpwwwnerccomfilesOrder_on_Comp_Filing_06072007_CCC_VSL_Orderpdf
NERC | Monitoring Program for NERCrsquos Adherence to NERCrsquos Rules of Procedure for Compliance Monitoring and Enforcement | May 7 2015
2
1 Introduction
117 Spot Check A process in which NERC is requested to provide information to assess whether NERC adheres to the ROP for Compliance Monitoring and Enforcement
NERC | Monitoring Program for NERCrsquos Adherence to NERCrsquos Rules of Procedure for Compliance Monitoring and Enforcement | May 7November XXX 2018
2015
2 Monitoring Processes
The CCC will monitor and assess NERCrsquos adherence to its ROP for Compliance Monitoring and Enforcement using the processes described below to collect information and make assessments
21 Audits The CCC will work with the Enterprise-wide Risk Committee (EWRC) and the Head of NERCrsquos Senior Director of Internal Audit DepartmentAudits to schedule periodic external Audits of NERCrsquos implementation of the CMEP The CCC will participate as observers in these Audits as described in Section 211 Audits will be conducted at NERCrsquos facility(ies) in a manner consistent with Section 40311 of the ROP All Audits will be conducted in accordance with Audit guides consistent with accepted auditing guidelines as approved by NERC
211 Audit Steps
bull The CCC will collaborate with the Head of NERCrsquos Internal Audit Department NERC S e n i o r Director of Internal Audits and the EWRC to schedule externally led Audits of the NERC CMEP
bull The CCC will participate along with the Head of NERCrsquos Internal Audit DepartmentNERC S e n i o r Director of Internal Audits in the selection of the external auditing contractor to be approved by the Board pursuant to Section 406 of the ROP
bull Each Audit team will include NERC Internal Audit staff assigned CCC observers and the external auditing contractor
bull The assigned CCC observers must identify any applicable conflicts of interest (COI) and will be subject to NERC COI procedures in place at the time of the Audit which includes the ability of NERC to request replacement of an observer who has a COI
bull The assigned CCC observers must have completed NERC Auditor Training
bull The assigned CCC observers must execute Confidentiality Agreements
bull The assigned CCC observers must abide by the NERC-provided observer guidelines
bull The assigned CCC observers will be included in Audit team pre- and post-Audit activities and actual auditing activities including meeting with NERC personnel from the departments that are the subjects of the Audit
bull The assigned CCC observers may provide questions comments and advice to the external auditors during the course of the Audit
bull The assigned CCC observers will have access to non-confidential Audit documents (as determined by NERC) on the secure NERC site
bull The assigned CCC observers will review all daily weekly and final Audit reports
212 Frequency of Audits Audits of NERC will be conducted at least every three (3) years Additionally an unscheduled Audit of NERC may be initiated by the CCC in consultation with the EWRC and the Head of NERCrsquos Internal Audit DepartmentNERC Senior Director of Internal Audits if reasonably determined to be necessary to determine NERCrsquos adherence to the ROP for Compliance Monitoring and Enforcement
213 Scope of Audits An Audit will include elements of the CMEP selected by NERC and elements of the CMEP selected by the CCC
NERC | Monitoring Program for NERCrsquos Adherence to NERCrsquos Rules of Procedure for Compliance Monitoring and Enforcement | May 7 2015
4
2 Monitoring Processes
214 Audit Reports The Audit team will develop a draft Audit report that will include a description of the objective scope and methodology of the Audit identify any Adverse Findings identify any mitigation activities which have been completed or are pending and identify the nature of any confidential information redacted The draft Audit report may contain other recommendations of the Audit team related to the findings
The draft Audit report will be provided to NERC which will in turn provide the Audit team with comments and descriptions of Mitigation Plans for addressing any Adverse Findings for inclusion in the final Audit report If NERC disputes any Adverse Findings NERC will also provide language to the Audit team addressing such concerns for inclusion in the report
The Audit team will consider comments provided by NERC and develop a final Audit report that includes any Mitigation Plan descriptions provided by NERC as well as any language regarding disputed Adverse Findings The Audit team will then provide the final Audit report to the Board through the EWRC
22 Self-Certifications NERC will certify its adherence to the ROP for Compliance Monitoring and Enforcement with respect to a subset of performance items selected by the CCC on a periodic basis Such Self-Certifications will be achieved through reports to the CCC by a NERC officer or equivalent responsible for ensuring adherence to the ROP for Compliance Monitoring and Enforcement Results of Self-Certifications will be communicated to the Board through the EWRC
23 Spot Checks The CCC in consultation with the EWRC and the Head of NERCrsquos Internal Audit DepartmentNERC Senior Director of Internal Audits may from time to time request NERC to provide information to assess whether NERC adheres to the ROP for Compliance Monitoring and Enforcement A review of this information will be conducted in a manner similar tolike an Audit A Spot Check may also be initiated in response to events or a Complaint Results of a Spot Check will be documented in a Spot Check report and provided to the Board in a manner consistent with reporting for an Audit
24 Self-Reports NERC is encouraged to self-report to the CCC at the time NERC becomes aware of (1) any NERC non-adherence to the ROP for Compliance Monitoring and Enforcement or (2) a change in a previously identified Adverse Finding Results of a Self-Report will be communicated to the Board through the EWRC
25 Complaints The CCC may receive Complaints alleging NERC non-adherence to the ROP for Compliance Monitoring and Enforcement The CCC Chair and the Head of NERCrsquos Senior Director of Internal Audit Department both receive all submitted complaints via email The CCC Chair ins responsible for contacting consultation with the head of NERCrsquos Internal Audit DepartmentNERCrsquos Senior Director of Internal Audit to collaboratively will review complaints and receive advisory input and to assistance the CCC Chair in receive these complaints and review to determininge a course of action The CCC Chair shall contact the CCC Executive Committee (CCCEC) will be to consulted as needed and informed on course of action or dispensationosition conduct a review of each Complaint it receives to determine if the Complaint may be closed as a result of an initial review and assessment or iIf the Complaint provides sufficient basis to warrant further action for the CCC Chair and Head of NERCrsquos Internal Audit Department will contactinform NERCrsquos General Counsel of the complaint and agreed upon course of action in order to receive guidance and advisory feedback The CCC Chair is responsible for documenting the course of action All anonymous Complaints will be reviewed and resolved in a manner that will prevent disclosure of the
NERC | Monitoring Program for NERCrsquos Adherence to NERCrsquos Rules of Procedure for Compliance Monitoring and Enforcement | May 7 2015
5
complainantrsquos identity If the complaint is about NERC Internal Audit NERCrsquos Board of Trustees or its Members the CCC Chair is responsible for informing NERCs CEO andor General Counsel The CCC Chair may notify tThe CCCEC will to consult with the CCC Executive Committee (CCCEC) and EWRC may also be consulted and the NERC Director of Internal Audits to determine if further action is neededto conductregarding a complaint and related the course of action on complaintsnecessary actions and to report on conclusionsmitigation A summary of aAll Complaints and their dispositions will be reported to the CCCEC and EWRC no less than annually to inform inand facilitate their oversight responsibilities All anonymous Complaints will be reviewed and resolved in a manner that will prevent disclosure of the complainantrsquos identity If the complaint is about NERC Internal Audit or the NERCrsquos Board of Trustees or its or Members the CCC will inform NERCs CEO andor General Counsel
NERC | Monitoring Program for NERCrsquos Adherence to NERCrsquos Rules of Procedure for Compliance Monitoring and Enforcement | May 7 2015
6
3 Annual Work Plan
The CCC will maintain and update an Annual Work Plan to be carried out by the CCC in the performance of its responsibilities and duties in implementing this program The plan will be provided to NERC each year and will specify reporting by NERC to the CCC that will be required to provide verification of adherence through any of the monitoring methods described in Section 2 of this document The Work Plan will be posted on the NERC website
NERC | Monitoring Program for NERCrsquos Adherence to NERCrsquos Rules of Procedure for Compliance Monitoring and Enforcement | May 7 2015
7
4 Mitigation Plan
If an Adverse Finding is identified as a result of an Audit a Self-Certification a Self-Report or a Spot Check NERC will develop a corresponding Mitigation Plan
41 Contents of a Mitigation Plan A Mitigation Plan should include the following information
bull The non-adherence to the ROP for Compliance Monitoring and Enforcement that the Mitigation Plan will correct
bull The cause of the non-adherence
bull NERCrsquos action plan to correct the non-adherence
bull NERCrsquos action plan to prevent recurrence of the non-adherence
bull A timetable for completion of the Mitigation Plan
bull Any other information deemed necessary or appropriate
42 Timetable for Completion of a Mitigation Plan A Mitigation Plan should be completed in time to have a reasonable potential to correct the non-adherence prior to the next applicable reportingassessment period after occurrence of the non-adherence for which the Mitigation Plan is provided In all cases the Mitigation Plan should be completed without delay NERC will keep the CCC informed of the status of Mitigation Plan activities and will notify the CCC when a Mitigation Plan has been completed
NERC | Monitoring Program for NERCrsquos Adherence to NERCrsquos Rules of Procedure for Compliance Monitoring and Enforcement | May 7 2015
8
5 Data Retention and Confidentiality
51 Records Management All records associated with this program will be maintained by NERC The associated records management policy will provide for a routine and orderly process for the retention and disposal of electronic and paper records related to this program and ensure verification of compliance with appropriate business regulatory and legal requirements The policy will allow for the maintenance of records as required to implement the CCCrsquos monitoring of NERCrsquos adherence to the ROP for Compliance Monitoring and Enforcement
52 Retention Management NERCrsquos records management policy will require that information and data generated or received pursuant to activities associated with this program be retained for a minimum of five (5) years If the information or data is material to the resolution of a controversy the retention period for such data will not commence until after the controversy is resolved
53 Confidentiality Management NERC and the CCC will maintain confidentiality of all Confidential Information in accordance with Section 1500 of the ROP Information deemed to be critical energy infrastructure information will be redacted and will not be released publicly
NERC | Monitoring Program for NERCrsquos Adherence to NERCrsquos Rules of Procedure for Compliance Monitoring and Enforcement | May 7 2015
9
6 Reporting and Disclosure
61 Audit The CCC will coordinate with NERC to post final Audit reports on its public website after the reports have been reviewed by the NERC Board Such posting will be subject to the confidentiality provisions of the ROP
62 Complaint When the CCC determines that further action is needed regarding Complaints it will report such Complaints to the NERC Board through the EWRC
63 Mitigation Plan NERC will keep the CCC informed of the status of Mitigation Plan activities and will notify the CCC when a Mitigation Plan has been completed
64 Other Monitoring Activity The CCC will report to the NERC Board through the EWRC upon completion of a CCC monitoring activity described in this procedure
Monitoring Program for NERCrsquos Adherence to NERCrsquos Rules of Procedure for Compliance Monitoring and Enforcement CCC Monitoring Program ndash CCCPP-001
NERC | Report Title | Report Date I
Agenda Item 5ciiCCC MeetingJune 18-19 2019
NERC | Monitoring Program for NERCrsquos Adherence to NERCrsquos Rules of Procedure for Compliance Monitoring and Enforcement | May 7 2015
ii
Table of Contents
Preface iii
Revision History iv
1 Introduction 1
2 Monitoring Processes 3
3 Annual Work Plan 5
4 Mitigation Plan 6
41 Contents of a Mitigation Plan 6
42 Timetable for Completion of a Mitigation Plan 6
5 Data Retention and Confidentiality 7
51 Records Management 7
52 Retention Management 7
53 Confidentiality Management 7
6 Reporting and Disclosure 8
61 1 Audit 8
62 Complaint 8
63 Mitigation Plan 8
64 Other Monitoring Activity 8
Preface
NERC | Monitoring Program for NERCrsquos Adherence to NERCrsquos Rules of Procedure for Compliance Monitoring and Enforcement | May 7 2015
3
The North American Electric Reliability Corporation (NERC) is a not-for-profit international regulatory authority whose mission is to assure the reliability of the bulk power system (BPS) in North America NERC develops and enforces Reliability Standards annually assesses seasonal and long-term reliability monitors the BPS through system awareness and educates trains and certifies industry personnel NERCrsquos area of responsibility spans the continental United States Canada and the northern portion of Baja California Mexico NERC is the electric reliability organization (ERO) for North America subject to oversight by the Federal Energy Regulatory Commission (FERC) and governmental authorities in Canada NERCrsquos jurisdiction includes users owners and operators of the BPS which serves more than 334 million people
The North American BPS is divided into several assessment areas within the eight Regional Entity (RE) boundaries as shown in the map and corresponding table below
The Regional boundaries in this map are approximate The highlighted area between SPP and SERC denotes overlap as some load-serving entities participate in one Region while associated transmission ownersoperators participate in another
FRCC Florida Reliability Coordinating Council
MRO Midwest Reliability Organization
NPCC Northeast Power Coordinating Council RF ReliabilityFirst
SERC SERC Reliability Corporation
SPP-RE Southwest Power Pool Regional Entity TRE Texas Reliability Entity
WECC Western Electricity Coordinating Council
NERC | Monitoring Program for NERCrsquos Adherence to NERCrsquos Rules of Procedure for Compliance Monitoring and Enforcement | May 7 2015
4
Revision History
CCCPP-001
Date Version Number Comments
June 11 2008 10 Approved by the Compliance and Certification Committee
August 26 2008 10 Approved by the Board of Trustees
April 13 2015
20
Revised by the ERO Monitoring Subcommittee (EROMS) and approved by the Compliance and Certification Committee
May 7 2015 20 Approved by the Board of Trustees June xx 2019 August xx 2019
30 30
Approved by the Compliance and Certification Committee Approved by the Board of Trustees
NERC Compliance and Certification Committee Title Monitoring Program for NERCrsquos Adherence to NERCrsquos Rules of Procedure for Compliance Monitoring and Enforcement Version 20 Revision Date 04132015 Effective Dat e 05072015
1 Introduction
NERC | Monitoring Program for NERCrsquos Adherence to NERCrsquos Rules of Procedure for Compliance Monitoring and Enforcement | May 7 2015
1
In the capacity of a NERC board-appointed stakeholder committee serving and reporting directly to the Board under a NERC board-approved charter1 as approved by FERC2 and as set forth in the Rules of Procedures (ROP) the CCC will engage with support and advise the Board and NERC Board of Trustees Compliance Committee (BOTCC) regarding all facets of the NERC Compliance Monitoring and Enforcement Program (CMEP) Registration program and Certification program
The CCC is responsible for establishing and implementing a program as specified in Section 405 of the ROP to monitor NERCrsquos adherence to the ROP for Compliance Monitoring and Enforcement including but not limited to the uniform CMEP (Appendix 4C) and the Sanction Guidelines (Appendix 4B) This document describes the program and associated processes to be utilized by the CCC in carrying out this responsibility
As noted in the NERC board-approved CCC Charter monitoring by the CCC is ongoing and does not preclude interfere with or replace in whole or in part the Boardrsquos responsibility to conduct and provide such reviews of these programs as required by FERC regulations 18 CFR sect 393(c) ldquoThe Electric Reliability Organization shall submit an assessment of its performance three years from the date of certification by the Commission and every five years thereafterrdquo
11 Terms The terms defined below are applicable to this program only and are not intended to be applicable to or conflict with the same or similar terms used by NERC for other purposes
111 Adverse Finding A finding of a non-adherence to the ROP as a result of an Audit a Self-Certification a Self-Report or a Spot Check
112 Audit A systematic objective review and examination of records and activities to determine whether NERC has adhered to the ROP for Compliance Monitoring and Enforcement
113 Complaint An allegation that NERC has not adhered to the ROP for Compliance Monitoring and Enforcement
114 Mitigation Plan An action plan developed by NERC to (1) correct an Adverse Finding andor (2) prevent any recurrence of an Adverse Finding
115 Self-Certification Periodic reporting by NERC of adherence or non-adherence to the ROP for Compliance Monitoring and Enforcement
116 Self-Report A report by NERC of a non-adherence to the ROP for Compliance Monitoring and Enforcement based on NERCrsquos own assessment and of any actions taken or that are being taken to resolve the non-adherence
1httpwwwnerccomcommCCCDocumentsCCC20Charter20Approved20RR15-11-000pdf 2 httpwwwnerccomfilesOrder_on_Comp_Filing_06072007_CCC_VSL_Orderpdf
NERC | Monitoring Program for NERCrsquos Adherence to NERCrsquos Rules of Procedure for Compliance Monitoring and Enforcement | May 7 2015
2
1 Introduction
117 Spot Check A process in which NERC is requested to provide information to assess whether NERC adheres to the ROP for Compliance Monitoring and Enforcement
NERC | Monitoring Program for NERCrsquos Adherence to NERCrsquos Rules of Procedure for Compliance Monitoring and Enforcement | November XXX 2018
2 Monitoring Processes
The CCC will monitor and assess NERCrsquos adherence to its ROP for Compliance Monitoring and Enforcement using the processes described below to collect information and make assessments
21 Audits The CCC will work with the Enterprise-wide Risk Committee (EWRC) and the Head of NERCrsquos Internal Audit Department to schedule periodic external Audits of NERCrsquos implementation of the CMEP The CCC will participate as observers in these Audits as described in Section 211 Audits will be conducted at NERCrsquos facility(ies) in a manner consistent with Section 40311 of the ROP All Audits will be conducted in accordance with Audit guides consistent with accepted auditing guidelines as approved by NERC
211 Audit Steps
bull The CCC will collaborate with the Head of NERCrsquos Internal Audit Department and the EWRC to schedule externally led Audits of the NERC CMEP
bull The CCC will participate along with the Head of NERCrsquos Internal Audit Department in the selection of the external auditing contractor to be approved by the Board pursuant to Section 406 of the ROP
bull Each Audit team will include NERC Internal Audit staff assigned CCC observers and the external auditing contractor
bull The assigned CCC observers must identify any applicable conflicts of interest (COI) and will be subject to NERC COI procedures in place at the time of the Audit which includes the ability of NERC to request replacement of an observer who has a COI
bull The assigned CCC observers must have completed NERC Auditor Training
bull The assigned CCC observers must execute Confidentiality Agreements
bull The assigned CCC observers must abide by the NERC-provided observer guidelines
bull The assigned CCC observers will be included in Audit team pre- and post-Audit activities and actual auditing activities including meeting with NERC personnel from the departments that are the subjects of the Audit
bull The assigned CCC observers may provide questions comments and advice to the external auditors during the Audit
bull The assigned CCC observers will have access to non-confidential Audit documents (as determined by NERC) on the secure NERC site
bull The assigned CCC observers will review all Audit reports
212 Frequency of Audits Audits of NERC will be conducted at least every three (3) years Additionally an unscheduled Audit of NERC may be initiated by the CCC in consultation with the EWRC and the Head of NERCrsquos Internal Audit Department if reasonably determined to be necessary to determine NERCrsquos adherence to the ROP for Compliance Monitoring and Enforcement
213 Scope of Audits An Audit will include elements of the CMEP selected by NERC and elements of the CMEP selected by the CCC
NERC | Monitoring Program for NERCrsquos Adherence to NERCrsquos Rules of Procedure for Compliance Monitoring and Enforcement | May 7 2015
4
2 Monitoring Processes
214 Audit Reports The Audit team will develop a draft Audit report that will include a description of the objective scope and methodology of the Audit identify any Adverse Findings identify any mitigation activities which have been completed or are pending and identify the nature of any confidential information redacted The draft Audit report may contain other recommendations of the Audit team related to the findings
The draft Audit report will be provided to NERC which will in turn provide the Audit team with comments and descriptions of Mitigation Plans for addressing any Adverse Findings for inclusion in the final Audit report If NERC disputes any Adverse Findings NERC will also provide language to the Audit team addressing such concerns for inclusion in the report
The Audit team will consider comments provided by NERC and develop a final Audit report that includes any Mitigation Plan descriptions provided by NERC as well as any language regarding disputed Adverse Findings The Audit team will then provide the final Audit report to the Board through the EWRC
22 Self-Certifications NERC will certify its adherence to the ROP for Compliance Monitoring and Enforcement with respect to a subset of performance items selected by the CCC on a periodic basis Such Self-Certifications will be achieved through reports to the CCC by a NERC officer or equivalent responsible for ensuring adherence to the ROP for Compliance Monitoring and Enforcement Results of Self-Certifications will be communicated to the Board through the EWRC
23 Spot Checks The CCC in consultation with the EWRC and the Head of NERCrsquos Internal Audit Department may from time to time request NERC to provide information to assess whether NERC adheres to the ROP for Compliance Monitoring and Enforcement A review of this information will be conducted in a manner like an Audit A Spot Check may also be initiated in response to events or a Complaint Results of a Spot Check will be documented in a Spot Check report and provided to the Board in a manner consistent with reporting for an Audit
24 Self-Reports NERC is encouraged to self-report to the CCC at the time NERC becomes aware of (1) any NERC non-adherence to the ROP for Compliance Monitoring and Enforcement or (2) a change in a previously identified Adverse Finding Results of a Self-Report will be communicated to the Board through the EWRC
25 Complaints The CCC may receive Complaints alleging NERC non-adherence to the ROP for Compliance Monitoring and Enforcement The CCC Chair and the Head of NERCrsquos Internal Audit Department both receive all submitted complaints The CCC Chair is responsible for contacting the head of NERCrsquos Internal Audit Department to collaboratively review complaints and receive advisory input and assistance in determining a course of action If the Complaint provides sufficient basis to warrant further action the CCC Chair and Head of NERCrsquos Internal Audit Department will inform NERCrsquos General Counsel of the complaint and agreed upon course of action The CCC Chair is responsible for documenting the course of action All anonymous Complaints will be reviewed and resolved in a manner that will prevent disclosure of the complainantrsquos identity If the complaint is about NERC Internal Audit NERCrsquos Board of Trustees or its Members the CCC Chair is responsible for informing NERCs CEO andor General Counsel The CCC Chair may notify the CCC Executive Committee (CCCEC) and EWRC regarding a complaint and related course of action A summary of all Complaints and their dispositions will be reported to the CCCEC and EWRC no less than annually to inform and facilitate their oversight responsibilities
NERC | Monitoring Program for NERCrsquos Adherence to NERCrsquos Rules of Procedure for Compliance Monitoring and Enforcement | May 7 2015
5
3 Annual Work Plan
The CCC will maintain and update an Annual Work Plan to be carried out by the CCC in the performance of its responsibilities and duties in implementing this program The plan will be provided to NERC each year and will specify reporting by NERC to the CCC that will be required to provide verification of adherence through any of the monitoring methods described in Section 2 of this document The Work Plan will be posted on the NERC website
NERC | Monitoring Program for NERCrsquos Adherence to NERCrsquos Rules of Procedure for Compliance Monitoring and Enforcement | May 7 2015
6
4 Mitigation Plan
If an Adverse Finding is identified as a result of an Audit a Self-Certification a Self-Report or a Spot Check NERC will develop a corresponding Mitigation Plan
41 Contents of a Mitigation Plan A Mitigation Plan should include the following information
bull The non-adherence to the ROP for Compliance Monitoring and Enforcement that the Mitigation Plan will correct
bull The cause of the non-adherence
bull NERCrsquos action plan to correct the non-adherence
bull NERCrsquos action plan to prevent recurrence of the non-adherence
bull A timetable for completion of the Mitigation Plan
bull Any other information deemed necessary or appropriate
42 Timetable for Completion of a Mitigation Plan A Mitigation Plan should be completed in time to have a reasonable potential to correct the non-adherence prior to the next applicable reportingassessment period after occurrence of the non-adherence for which the Mitigation Plan is provided In all cases the Mitigation Plan should be completed without delay NERC will keep the CCC informed of the status of Mitigation Plan activities and will notify the CCC when a Mitigation Plan has been completed
NERC | Monitoring Program for NERCrsquos Adherence to NERCrsquos Rules of Procedure for Compliance Monitoring and Enforcement | May 7 2015
7
5 Data Retention and Confidentiality
51 Records Management All records associated with this program will be maintained by NERC The associated records management policy will provide for a routine and orderly process for the retention and disposal of electronic and paper records related to this program and ensure verification of compliance with appropriate business regulatory and legal requirements The policy will allow for the maintenance of records as required to implement the CCCrsquos monitoring of NERCrsquos adherence to the ROP for Compliance Monitoring and Enforcement
52 Retention Management NERCrsquos records management policy will require that information and data generated or received pursuant to activities associated with this program be retained for a minimum of five (5) years If the information or data is material to the resolution of a controversy the retention period for such data will not commence until after the controversy is resolved
53 Confidentiality Management NERC and the CCC will maintain confidentiality of all Confidential Information in accordance with Section 1500 of the ROP Information deemed to be critical energy infrastructure information will be redacted and will not be released publicly
NERC | Monitoring Program for NERCrsquos Adherence to NERCrsquos Rules of Procedure for Compliance Monitoring and Enforcement | May 7 2015
8
6 Reporting and Disclosure
61 Audit The CCC will coordinate with NERC to post final Audit reports on its public website after the reports have been reviewed by the NERC Board Such posting will be subject to the confidentiality provisions of the ROP
62 Complaint When the CCC determines that further action is needed regarding Complaints it will report such Complaints to the NERC Board through the EWRC
63 Mitigation Plan NERC will keep the CCC informed of the status of Mitigation Plan activities and will notify the CCC when a Mitigation Plan has been completed
64 Other Monitoring Activity The CCC will report to the NERC Board through the EWRC upon completion of a CCC monitoring activity described in this procedure
Procedure to Become a Prequalified Organization Eligible to Submit Implementation Guidance to the ERO CCC Monitoring Program ndash CCCPP-011-
21 March 2016June 2019
Agenda Item 5ciiiCCC MeetingJune 18-19 2019
Table of Contents
Preface 3
Summary 3
Revision History 3
1 Introduction 1
2 Scope 3
3 Meetings 4
Antitrust Guidelines 4
Open Meetings 4
Types of Meetings 4
Majority and Minority Views 4
Actions without a Meeting 4
Quorum 4
4 Criteria for Approval 5
5 Application and Review Process 6
Submit Application 6
Review Application 6
Notifying Applicant and ERO Enterprise 6
6 Administrative 7
Review Period 7
Retention Management 7
Confidentiality Management 7
Appendix A Application to Become a Prequalified Organization Eligible to Submit Implementation Guidance for Potential Endorsement by NERC 8
Contact Person Details 8
Description of Organization 8
Member Details 8
Application 9
NERC | Procedure to Become a Prequalified Organization | March 2016 ii
Preface
CCCPP-011-1
Summary The North American Electric Reliability Corporation (NERC) is a not-for-profit international regulatory authority whose mission is to ensure the reliability of the bulk power system (BPS) in North America NERC develops and enforces Reliability Standards annually assesses seasonal and long-term reliability monitors the BPS through system awareness and educates trains and certifies industry personnel NERCrsquos area of responsibility spans the continental United States Canada and the northern portion of Baja California Mexico NERC is the electric reliability organization (ERO) for North America subject to oversight by the Federal Energy Regulatory Commission (FERC) and governmental authorities in Canada NERCrsquos jurisdiction includes users owners and operators of the BPS which serves more than 334 million people
The Compliance and Certification Committee (CCC) is a NERC Board-appointed stakeholder committee serving and reporting directly to the NERC Board of Trustees (Board) and is responsible for engaging with supporting and advising the NERC Board and NERC regarding all facets of the NERC Compliance Monitoring and Enforcement Program (CMEP) Organization Registration Program (Registration program) and Organization Certification Program (Certification program)
In accordance with action taken by the NERC Board on November 5 2015 the CCC was asked to play a lead role in developing tools andor procedures that will promote a common understanding among the industry and ERO Enterprise Staff regarding how compliance can be achieved and demonstrated Key to this effort is the development of Implementation Guidance a stakeholder-driven means to develop examples of approaches to illustrate how registered entities could comply with a Standard that are vetted by prequalified organizations and endorsed by the ERO Enterprise
NERC will only consider requests for Implementation Guidance that have been vetted through one of several organizations that are ldquoprequalifiedrdquo to submit guidance for ERO Enterprise endorsement Therefore an organization that has not been prequalified can send a request to the CCC to be added to the prequalified list This document outlines the process by which the CCC will receive and evaluate such requests
Revision History
Date Version Number Comments
January 11 2016 10 Working draft circulated to CCC Compliance Guidance Task Force for initial review and discussion
January 25 2016 11 Working draft circulated to CCC Compliance Guidance Task Force for second review and discussion
February 12 2016 12 Working draft circulated to CCC Compliance Guidance Task Force for third review and discussion
February 25 2016 13 Working draft circulated to CCC Compliance Guidance Task Force for fourth review and discussion
March 2 2016 14 Document approved by CCC
NERC | Procedure to Become a Prequalified Organization | March 2016 iii
NERC Compliance and Certification Committee Title Criteria for Annual Regional Entity Program Evaluation
Version 15 Revision Date 4072016 Effective Date 03022016
Commented [GM1] NERC will need to revise this header
Preface
Date Version Number Comments
April 7 2016 15 Modification to process to remove pre-qualified organizations
XXXX YY 2019 2 Complete periodic review of procedure Ministerial changes only
Formatted Table
NERC | Procedure to Become a Prequalified Organization | March 2016
NERC | Procedure to Become a Prequalified Organization | March 2016 1
1 Introduction
In the capacity of a NERC Board-appointed stakeholder committee serving and reporting directly to the Board under a NERC Board-approved charter1 as approved by FERC2 and as set forth in the Rules of Procedure (ROP) the CCC will engage with support and advise the Board and NERC Board of Trustees Compliance Committee (BOTCC) regarding all facets of the NERC CMEP Registration program and Certification program
In accordance with action taken by the NERC Board on November 5 2015 the CCC was asked to play a lead role in developing tools and procedures that will promote a common understanding among the industry and ERO Enterprise Staff regarding how compliance can be achieved and demonstrated Key to this effort is the development of Implementation Guidance a stakeholder-driven means for registered entities to develop examples of approaches to illustrate how registered entities could comply with a Standard that are vetted by prequalified organizations and endorsed by the ERO Enterprise
As of May 2018 NERC requires that Implementation Guidance be vetted through one of the following prequalified organizations prior to being submitted to the ERO Enterprise for endorsement
bull1 American Public Power Association (APPA)
bull2 Canadian Electricity Association (CEA)
bull3 Edison Electric Institute (EEl)
bull4 Electricity Consumers Resource Council (ELCON)
5 Electric Power Supply Association (EPSA)
bull6 EnergySec
bull7 ISORTO Council
bull8 Large Public Power Council (LPPC)
bull9 National Association of Regulatory Utility Commissioners (NARUC)
bull10 National Rural Electric Cooperative Association (NRECA)
bull11 North American Generator Forum (NAGF)
bull12 North American Transmission Forum (NATF)
13 Northwest Public Power Association (NWPPA)
bull14 Nuclear Energy Institute (NEI)
bull15 Transmission Access Policy Study Group (TAPS)
bull16 Western Interconnection Compliance Forum (WICF)
bull17 NERC Planning Committee (PC)
bull18 NERC Operating Committee (OC)
bull19 NERC Critical Infrastructure Protection Committee (CIPC) and
bull20 Regional Entity Stakeholder Committees
NERC will post and maintain the list on the NERC website In order to be added to the list of ldquoprequalifiedrdquo organizations that are eligible to serve as a potential submitter of Implementation Guidance NERC requires an organization to submit a request to the CCC Each of the prequalified organizations are comprised of stakeholders
Formatted Numbered + Level 2 + Numbering Style 12 3 hellip + Start at 1 + Alignment Left + Aligned at 036 + Indent at 061
Formatted Not Expanded by Condensed by
Formatted Not Expanded by Condensed by
NERC | Procedure to Become a Prequalified Organization | March 2016 2
1 httpwwwnerccomcommCCCDocumentsCCC20Charter20Approved20RR15-11-000pdf 2 httpwwwnerccomfilesOrder_on_Comp_Filing_06072007_CCC_VSL_Orderpdf
NERC | Procedure to Become a Prequalified Organization | March 2016 3
1 Introduction
that 1) are actively involved in the various technical and policy operations of NERC 2) have methods to assure technical rigor in the development process and 3) possess the ability to vet content through its members
NERC | Procedure to Become a Prequalified Organization | March 2016 4
2 Scope
The CCC is responsible for reviewing and considering applications for organizations who desire to become a prequalified organization eligible to submit Implementation Guidance to the ERO Enterprise The CCC Compliance Processes and Procedures The CCC EROMS Subcommittee (CPPS) will review and consider such applications
NERC | Procedure to Become a Prequalified Organization | March 2016 5
3 Meetings
In the absence of specific provisions in this document or the CCC Charter all EROMS CPPS sub-committee meetings will follow Robertrsquos Rules of Order Newly Revised Actions requiring a vote by the members of the CPPS EROMS will be approved upon receipt of the affirmative vote of the majority of the voting members of EROMS the CPPS present and voting in person or by proxy at any meeting at which three (3) or more members are present
Antitrust Guidelines All persons attending or otherwise participating in EROMS the CPPS will act in accordance with NERCrsquos Antitrust Compliance Guidelines at all times during the meeting
Open Meetings NERC committee meetings will be open to the public except as noted below under Confidential Sessions
Types of Meetings Meetings may be conducted in person by conference call or other means The procedures contained in this scope document will apply to all meetings regardless of how they are conducted
Majority and Minority Views All members of the working group will be afforded the opportunity to provide alternative views on an issue The results of EROMS the CPPS actions including recorded minutes will reflect the majority as well as any minority views of the working group members The Chair will communicate both the majority and any minority views in presenting results to the CCC
Actions without a Meeting Actions without a meeting are permitted in accordance with the provisions of the CCC Charter
Quorum A quorum for conducting business is 50 of the members listed on the current EROMS CPPS roster If a quorum is not present then the subcommittee may not take any actions requiring a vote of EROMSthe CPPS however the Chair may with the consent of the members present allow discussion of agenda items
NERC | Procedure to Become a Prequalified Organization | March 2016 6
4 Criteria for Approval
As noted above any organization that is seeking to be prequalified to submit Implementation Guidance to the ERO Enterprise will be evaluated based on the following criteria
bull Is a known entity on the list of NERC registered entities or in the alternative represents a group of registered entities
bull Is actively involved in the various technical and policy operations of NERC
bull Has methods to assure technical rigor in the development process and
bull Possesses the ability to vet content through its organization providing a high level of confidence to the CCC that the Guidance has been fully vetted
The CCC will also take into consideration any characteristics and additional information of the applicant
The CCC is ultimately responsible for reviewing and considering any applications for organizations to become a prequalified organization The CCC reserves the right to periodically review the list of prequalified entities and recommend to the ERO Enterprise whether to have specific prequalified organizations removed In doing so the CCC will submit to the ERO Enterprise a request to remove an organization explaining the circumstances behind the request Upon concurrence of the recommendation by the ERO Enterprise any such removals must be approved by the NERC Board of Trustees Section 5 outlines the application and review process which will be subject to periodic review and modification as determined by the CCC
NERC | Procedure to Become a Prequalified Organization | March 2016 7
5 Application and Review Process
Submit Application An applicant must submit a completed application form (shown in Appendix A) to EROMS the CPPS to begin the review process EROMS The CPPS will acknowledge receipt of the application within five business days of receipt and notify the applicant by electronic mail
Review Application EROMS The CPPS will review applications at its regularly scheduled quarterly meetings EROMS The CPPS will review an application at its next regularly scheduled meeting if the application is submitted to EROMS CPPS more than 20 business days prior to the next regularly scheduled EROMS CPPS meeting EROMS The CPPS will make a formal recommendation to the CCC at that time which will be followed by formal action taken by the CCC EROMS The CPPS will evaluate the applications in accord with the criteria outlined in Section 4
Notifying Applicant and ERO Enterprise The CCC Chair or their designated representative will notify the applicant of the CCC decision whether to add the applicant to the prequalified list If the CCC approves the application then the CCC will inform the ERO Enterprise and request the ERO Enterprise to modify the list of prequalified organizations and post on the ERO Enterprise website
NERC | Procedure to Become a Prequalified Organization | March 2016 8
6 Administrative
Review Period The Criteria for Approval in Section 4 will be reviewed by the CCC on an annual basis and modified as needed
Retention Management NERCrsquos records retention management policy will require that information and data generated or received under activities associated with this program be retained for a minimum of five years If the information or data is material to the resolution of a controversy the retention period for such data will not begin until after the controversy is resolved
Confidentiality Management NERC and the CCC will maintain confidentiality of all Confidential Information in accordance with Section 1500 of the ROP Information deemed to be critical energy infrastructure information will be redacted and will not be released publicly
NERC | Procedure to Become a Prequalified Organization | March 2016 9
Appendix A Application to Become a Prequalified Organization Eligible to Submit Implementation Guidance for Potential Endorsement by NERC
The NERC Compliance and Certification Committee determines whether an organization will be prequalified to submit Implementation Guidance to NERC for endorsement
Contact Person Details
TitleEmployer
First name Last Name
Address
City State or Province
Zip Code or Postal Code
Phone (daytime) Mobile Email Name of Organization to be Applicant
Description of Organization
Member Details
Use this space to provide profile information to describe general structure of the organization
Use this space to provide information about the organizationrsquos members and why the members are impactful to NERC
NERC | Procedure to Become a Prequalified Organization | March 2016 10
Appendix A Application to Become a Prequalified Organization Eligible to Submit Implementation Guidance for Potential Endorsement by NERC
Application
Please send this form to the following location Email ComplianceGuidancenercnet
Use this space to explain the reasons why NERC should consider this organization as a prequalified organization to submit Implementation Guidance to the ERO Enterprise
Explain how this organization includes stakeholders that possess the following characteristics
bull Must be a known entity on the list of NERC registered entities or in the alternative represent a group of registered entities
bull Is actively involved in the various technical and policy operations of NERC
bull Has methods to assure technical rigor in the development process and
bull Possesses the ability to vet content through its members providing a high level of confidence to the CCC that an issue has been fully vetted
Explain the reasons the entity is unable to have one of the prequalified organizations vet its proposed Implementation Guidance
Procedure to Become a Prequalified Organization Eligible to Submit Implementation Guidance to the ERO CCC Monitoring Program ndash CCCPP-011-1
March 2016
Agenda Item 5ciiiCCC MeetingJune 18-19 2019
NERC | Procedure to Become a Prequalified Organization | March 2016
ii
Table of Contents
Preface 3
Summary 3
Revision History 3
1 Introduction 1
2 Scope 3
3 Meetings 4
Antitrust Guidelines 4
Open Meetings 4
Types of Meetings 4
Majority and Minority Views 4
Actions without a Meeting 4
Quorum 4
4 Criteria for Approval 5
5 Application and Review Process 6
Submit Application 6
Review Application 6
Notifying Applicant and ERO Enterprise 6
6 Administrative 7
Review Period 7
Retention Management 7
Confidentiality Management 7
Appendix A Application to Become a Prequalified Organization Eligible to Submit Implementation Guidance for Potential Endorsement by NERC 8
Contact Person Details 8
Description of Organization 8
Member Details 8
Application 9
NERC | Procedure to Become a Prequalified Organization | March 2016 iii
Preface
NERC Compliance and Certification Committee CCCPP-011-1 Title Criteria for Annual Regional Entity Program Evaluation
Version 15 Revision Date 4072016 Effective Date 03022016 Summary The North American Electric Reliability Corporation (NERC) is a not-for-profit international regulatory authority whose mission is to ensure the reliability of the bulk power system (BPS) in North America NERC develops and enforces Reliability Standards annually assesses seasonal and long-term reliability monitors the BPS through system awareness and educates trains and certifies industry personnel NERCrsquos area of responsibility spans the continental United States Canada and the northern portion of Baja California Mexico NERC is the electric reliability organization (ERO) for North America subject to oversight by the Federal Energy Regulatory Commission (FERC) and governmental authorities in Canada NERCrsquos jurisdiction includes users owners and operators of the BPS which serves more than 334 million people The Compliance and Certification Committee (CCC) is a NERC Board-appointed stakeholder committee serving and reporting directly to the NERC Board of Trustees (Board) and is responsible for engaging with supporting and advising the NERC Board and NERC regarding all facets of the NERC Compliance Monitoring and Enforcement Program (CMEP) Organization Registration Program (Registration program) and Organization Certification Program (Certification program) In accordance with action taken by the NERC Board on November 5 2015 the CCC was asked to play a lead role in developing tools andor procedures that will promote a common understanding among the industry and ERO Enterprise Staff regarding how compliance can be achieved and demonstrated Key to this effort is the development of Implementation Guidance a stakeholder-driven means to develop examples of approaches to illustrate how registered entities could comply with a Standard that are vetted by prequalified organizations and endorsed by the ERO Enterprise NERC will only consider requests for Implementation Guidance that have been vetted through one of several organizations that are ldquoprequalifiedrdquo to submit guidance for ERO Enterprise endorsement Therefore an organization that has not been prequalified can send a request to the CCC to be added to the prequalified list This document outlines the process by which the CCC will receive and evaluate such requests Revision History
Date Version Number Comments
January 11 2016 10 Working draft circulated to CCC Compliance Guidance Task Force for initial review and discussion
January 25 2016 11 Working draft circulated to CCC Compliance Guidance Task Force for second review and discussion
February 12 2016 12 Working draft circulated to CCC Compliance Guidance Task Force for third review and discussion
February 25 2016 13 Working draft circulated to CCC Compliance Guidance Task Force for fourth review and discussion
March 2 2016 14 Document approved by CCC
Preface
NERC | Procedure to Become a Prequalified Organization | March 2016
Date Version Number Comments
April 7 2016 15 Modification to process to remove pre-qualified organizations
NERC | Procedure to Become a Prequalified Organization | March 2016 1
1 Introduction In the capacity of a NERC Board-appointed stakeholder committee serving and reporting directly to the Board under a NERC Board-approved charter1 as approved by FERC2 and as set forth in the Rules of Procedure (ROP) the CCC will engage with support and advise the Board and NERC Board of Trustees Compliance Committee (BOTCC) regarding all facets of the NERC CMEP Registration program and Certification program In accordance with action taken by the NERC Board on November 5 2015 the CCC was asked to play a lead role in developing tools and procedures that will promote a common understanding among the industry and ERO Enterprise Staff regarding how compliance can be achieved and demonstrated Key to this effort is the development of Implementation Guidance a stakeholder-driven means for registered entities to develop examples of approaches to illustrate how registered entities could comply with a Standard that are vetted by prequalified organizations and endorsed by the ERO Enterprise NERC requires that Implementation Guidance be vetted through one of the following prequalified organizations prior to being submitted to the ERO Enterprise for endorsement
bull American Public Power Association (APPA)
bull Canadian Electricity Association (CEA)
bull Edison Electric Institute (EEl)
bull Electricity Consumers Resource Council (ELCON)
bull Electric Power Supply Association (EPSA)
bull ISORTO Council
bull Large Public Power Council (LPPC)
bull National Association of Regulatory Utility Commissioners (NARUC)
bull National Rural Electric Cooperative Association (NRECA)
bull North American Generator Forum (NAGF)
bull North American Transmission Forum (NATF)
bull Northwest Public Power Association (NWPPA)
bull Transmission Access Policy Study Group (TAPS)
bull Western Interconnection Compliance Forum (WICF)
bull NERC Planning Committee (PC)
bull NERC Operating Committee (OC)
bull NERC Critical Infrastructure Protection Committee (CIPC) and
bull Regional Entity Stakeholder Committees NERC will post and maintain the list on the NERC website In order to be added to the list of ldquoprequalifiedrdquo organizations that are eligible to serve as a potential submitter of Implementation Guidance NERC requires an organization to submit a request to the CCC Each of the prequalified organizations are comprised of stakeholders
1 httpwwwnerccomcommCCCDocumentsCCC20Charter20Approved20RR15-11-000pdf 2 httpwwwnerccomfilesOrder_on_Comp_Filing_06072007_CCC_VSL_Orderpdf
1 Introduction
NERC | Procedure to Become a Prequalified Organization | March 2016 2
that 1) are actively involved in the various technical and policy operations of NERC 2) have methods to assure technical rigor in the development process and 3) possess the ability to vet content through its members
NERC | Procedure to Become a Prequalified Organization | March 2016 3
2 Scope The CCC is responsible for reviewing and considering applications for organizations who desire to become a prequalified organization eligible to submit Implementation Guidance to the ERO Enterprise The CCC Compliance Processes and Procedures Subcommittee (CPPS) will review and consider such applications
NERC | Procedure to Become a Prequalified Organization | March 2016 4
3 Meetings In the absence of specific provisions in this document or the CCC Charter all CPPS sub-committee meetings will follow Robertrsquos Rules of Order Newly Revised Actions requiring a vote by the members of the CPPS will be approved upon receipt of the affirmative vote of the majority of the voting members of the CPPS present and voting in person or by proxy at any meeting at which three (3) or more members are present Antitrust Guidelines All persons attending or otherwise participating in the CPPS will act in accordance with NERCrsquos Antitrust Compliance Guidelines at all times during the meeting Open Meetings NERC committee meetings will be open to the public except as noted below under Confidential Sessions Types of Meetings Meetings may be conducted in person by conference call or other means The procedures contained in this scope document will apply to all meetings regardless of how they are conducted Majority and Minority Views All members of the working group will be afforded the opportunity to provide alternative views on an issue The results of the CPPS actions including recorded minutes will reflect the majority as well as any minority views of the working group members The Chair will communicate both the majority and any minority views in presenting results to the CCC Actions without a Meeting Actions without a meeting are permitted in accordance with the provisions of the CCC Charter Quorum A quorum for conducting business is 50 of the members listed on the current CPPS roster If a quorum is not present then the subcommittee may not take any actions requiring a vote of the CPPS however the Chair may with the consent of the members present allow discussion of agenda items
NERC | Procedure to Become a Prequalified Organization | March 2016 5
4 Criteria for Approval As noted above any organization that is seeking to be prequalified to submit Implementation Guidance to the ERO Enterprise will be evaluated based on the following criteria
bull Is a known entity on the list of NERC registered entities or in the alternative represents a group of registered entities
bull Is actively involved in the various technical and policy operations of NERC
bull Has methods to assure technical rigor in the development process and
bull Possesses the ability to vet content through its organization providing a high level of confidence to the CCC that the Guidance has been fully vetted
The CCC will also take into consideration any characteristics and additional information of the applicant The CCC is ultimately responsible for reviewing and considering any applications for organizations to become a prequalified organization The CCC reserves the right to periodically review the list of prequalified entities and recommend to the ERO Enterprise whether to have specific prequalified organizations removed In doing so the CCC will submit to the ERO Enterprise a request to remove an organization explaining the circumstances behind the request Upon concurrence of the recommendation by the ERO Enterprise any such removals must be approved by the NERC Board of Trustees Section 5 outlines the application and review process which will be subject to periodic review and modification as determined by the CCC
NERC | Procedure to Become a Prequalified Organization | March 2016 6
5 Application and Review Process Submit Application An applicant must submit a completed application form (shown in Appendix A) to the CPPS to begin the review process The CPPS will acknowledge receipt of the application within five business days of receipt and notify the applicant by electronic mail Review Application The CPPS will review applications at its regularly scheduled quarterly meetings The CPPS will review an application at its next regularly scheduled meeting if the application is submitted to CPPS more than 20 business days prior to the next regularly scheduled CPPS meeting The CPPS will make a formal recommendation to the CCC at that time which will be followed by formal action taken by the CCC The CPPS will evaluate the applications in accord with the criteria outlined in Section 4 Notifying Applicant and ERO Enterprise The CCC Chair or their designated representative will notify the applicant of the CCC decision whether to add the applicant to the prequalified list If the CCC approves the application then the CCC will inform the ERO Enterprise and request the ERO Enterprise to modify the list of prequalified organizations and post on the ERO Enterprise website
NERC | Procedure to Become a Prequalified Organization | March 2016 7
6 Administrative Review Period The Criteria for Approval in Section 4 will be reviewed by the CCC on an annual basis and modified as needed Retention Management NERCrsquos records retention management policy will require that information and data generated or received under activities associated with this program be retained for a minimum of five years If the information or data is material to the resolution of a controversy the retention period for such data will not begin until after the controversy is resolved Confidentiality Management NERC and the CCC will maintain confidentiality of all Confidential Information in accordance with Section 1500 of the ROP Information deemed to be critical energy infrastructure information will be redacted and will not be released publicly
NERC | Procedure to Become a Prequalified Organization | March 2016 8
Appendix A Application to Become a Prequalified Organization Eligible to Submit Implementation Guidance for Potential Endorsement by NERC The NERC Compliance and Certification Committee determines whether an organization will be prequalified to submit Implementation Guidance to NERC for endorsement Contact Person Details
TitleEmployer
First name Last Name
Address
City State or Province Zip Code or Postal Code
Phone (daytime) Mobile Email Name of Organization to be Applicant
Description of Organization
Member Details
Use this space to provide profile information to describe general structure of the organization
Use this space to provide information about the organizationrsquos members and why the members are impactful to NERC
Appendix A Application to Become a Prequalified Organization Eligible to Submit Implementation Guidance for Potential Endorsement by NERC
NERC | Procedure to Become a Prequalified Organization | March 2016 9
Application
Please send this form to the following location Email ComplianceGuidancenercnet
Use this space to explain the reasons why NERC should consider this organization as a prequalified organization to submit Implementation Guidance to the ERO Enterprise Explain how this organization includes stakeholders that possess the following characteristics
bull Must be a known entity on the list of NERC registered entities or in the alternative represent a group of registered entities
bull Is actively involved in the various technical and policy operations of NERC
bull Has methods to assure technical rigor in the development process and
bull Possesses the ability to vet content through its members providing a high level of confidence to the CCC that an issue has been fully vetted
Explain the reasons the entity is unable to have one of the prequalified organizations vet its proposed Implementation Guidance
Agenda Item 7 CCC Meeting June 18- 19 2019
Internal Audit Report
Action Update
Background At every Compliance and Certification Committee (CCC) meeting NERCrsquos Internal Audit and Corporate Risk Management Department (IA) provides an update regarding the status of CCC audits and other monitoring activities of NERC and the Regional Entities
Summary IA will update the CCC on the status of the audit of Regional Entity evaluations of registered entity internal controls and the CCC audit plan for 2019
Matt Gibbons Director of Internal Audit and Corporate Risk ManagementCompliance and Certification Committee (CCC) Meeting June 18 - 19 2019
NERC Internal Audit (IA) Risk Process
Agenda Item 7CCC Meeting June 18-19 2019
RELIABILITY | ACCOUNTABILITY2
Appendix 4A Audits
bull Audit of Regional Entity internal control evaluations is in reporting phase
bull Items previously reported complete Auditor Training Kickoff Meeting All Onsite Visits Audit Fieldwork
bull Items completed since last report Audit report drafted Audit report reviewed with CCC Observers NERC and REs
bull Items remaining Finalize audit report and present to EWRC in August
RELIABILITY | ACCOUNTABILITY3
2019 CCC CMEPORCP Audits
bull Audit of NERC CMEPORCP is underwaybull Items previously reported complete RFP sent to independent audit firms
bull Items completed since last report Independent auditor selected CCC observer team assembled and trained Audit risk assessment and scoping with CCC observer team Audit kickoff planning and fieldwork interviews with NERC staff
bull Items remaining Finish audit fieldwork Review observations with CCC Observers Audit reporting review and presentation to EWRC
RELIABILITY | ACCOUNTABILITY4
NERC CMEP Update
Ed Kichline Senior Counsel and Director of Enforcement OversightSteve Noess Director of Regulatory ProgramsCompliance and Certification Committee (CCC) Meeting June 18-19 2019
Agenda Item 8CCC Meeting June 18-19 2019
RELIABILITY | ACCOUNTABILITY2
Coordinated Oversight Program for MRREs
Distribution of MRREs under Coordinated Oversight by Lead RE
RELIABILITY | ACCOUNTABILITY3
bull ERO Enterprise Trainingbull Ongoing CMEP Activities Compliance Oversight Plans (COPs) Implementation Plan | Risk Elements and Areas of Focus Align Transition of FRCC to SERC Review Compliance Guidance program Violation Themes Webinars Further streamlining of minimal risk noncompliance Alignment and documentation of common methodology for risk
assessment of noncompliance
Ongoing and Upcoming Oversight and CMEP Activities
RELIABILITY | ACCOUNTABILITY4
Centralized Organization Registration ERO System (CORES) UpdateRyan Stewart ndash Senior Manager of Registration and Certification NERC Compliance and Certification Committee (CCC) Meeting June 17-18 2019
Agenda Item 9CCC MeetingJune 18-19 2019
RELIABILITY | ACCOUNTABILITY2
bull Overviewbull Registered entity Pilot Sessionsbull Upcoming Activities and Events
Agenda
RELIABILITY | ACCOUNTABILITY3
bull The objective of the Centralized Organization Registration ERO System (CORES) project is to create a centralized registration system for the ERO This project will address Processing of registration requests Granting of a NERC Compliance Registry (NCR) identification number The information collected in CORES will be based upon the existing
Common Registration Form that each Regional Entity currently uses for processing registration requests
Link to CORES project page ndash FAQs timeline opportunities for engagement (httpswwwnerccompacompPagesCORESTechnologyProjectaspx)
Overview
RELIABILITY | ACCOUNTABILITY4
bull The CORES application is hosted on the ERO Portal Each entity user that will register or modify registration with NERC will
need an ERO Portal account httpseroportalnercnet
bull Registered entities will not need to register againbull The process for collecting data is different ndash the data is virtually
the same
Key Points About CORES Transition
RELIABILITY | ACCOUNTABILITY5
bull Benefits CORES will expand current functionality align regional registration
processes and provide an improved system-based approach to processing registration requests
Central repository for collecting registered entity data and related documentation
New functionality for entities in multiple regionso Coordinated Oversight information updated to My Entity page
ndash Process is the same
Easily update information in a central location ndash Functional registration ndash Parent company amp affiliatesndash Functional mapping
Benefits
RELIABILITY | ACCOUNTABILITY6
bull CORES is not currently planned to be used for Compliance Monitoring and Enforcement Functions ndash see the Align projecto httpswwwnerccomResourceCenterPagesCMEPTechnologyProjectaspx
Certification or Certification Reviewso No system in place for Certification or Certification reviews at this time
BES Exceptionso BES Exceptions will continue to utilize the BESnet application for processing
Key Points About CORES Transition
RELIABILITY | ACCOUNTABILITY7
bull The information collected in CORES will be based upon the Common Registration Form Entity names Contact information Functional registration
request information Parent company and
affiliate information
Common Registration Form Data Collection Points
RELIABILITY | ACCOUNTABILITY8
bull The information collected in CORES will include Joint Registration
Organization (JRO) information
Multi-Regional Registered Entity (MRRE) information
Functional model relationships
Role information for specific contacts
Common Registration Form Data Collection Points
RELIABILITY | ACCOUNTABILITY9
bull Focus Groupbull AWGbull ORCSbull CCCbull Bulletinsbull Regional Workshopsbull Registered Entity Pilots ndash Testingbull Training
Outreach and Engagements
RELIABILITY | ACCOUNTABILITY10
Website
RELIABILITY | ACCOUNTABILITY11
bull Registered Entity Pilot Sessions May 14 | RF Hosted Reg Entity Pilot Roadshow May 16 | Texas RE Hosted Reg Entity Pilot Roadshow May 21 | NPCC Hosted Reg Entity Pilot Roadshow May 23 | NERCSlalom Hosted Reg Entity Pilot Roadshow
Registered Entity Pilot Sessions
RELIABILITY | ACCOUNTABILITY12
bull Planned Training Dates (subject to change) June 6-7 2019 | Post Training Materials June 11 2019 | NERC hosted ERO WebEx (pre-release) June 17-22 2019 | System release this week June 27 2019 | NERC hosted ATL ERO In-person amp WebEx open QampA
(post-release) July 17 2019 | NERC hosted ERO WebEx (in-person) open QampA (post-
release) optional
Training
RELIABILITY | ACCOUNTABILITY13
bull Planned Training Dates (subject to change) June 6-7 2019 | Post Training Materials June 11 2019 | NERC hosted ERO WebEx (pre-release) June 17-22 2019 | System release this week June 27 2019 | NERC hosted ATL ERO In-person amp WebEx open QampA
(post-release) July 17 2019 | NERC hosted ERO WebEx (in-person) open QampA (post-
release) optional
Whatrsquos Next
RELIABILITY | ACCOUNTABILITY14
1
Agenda Item 12 CCC Meeting June 18-19 2019
Report of May 2019 Member Representative Committee (MRC) and Board of Trustees (Board)
Action Informational
Background These notes are provided by Compliance and Certification Committee (CCC) attendees at the meetings and not intended to represent all agenda topics in full The North American Electric Reliability Corporation (NERC) MRC and Board of Trustees convened their quarterly meetings in St Louis Missouri on May 8-9 2019
MRC Meeting Summary
The following describes some of the significant highlights from the meetings The Agenda package and the associated presentations are available from the following links
httpswwwnerccomgovbotMRCAgenda20Highlights20nad20Minutes202013MRC_Meeting_Agenda_Package-May-8-2019pdf
httpswwwnerccomgovbotMRCAgenda20Highlights20nad20Minutes202013MRC20Presentation20Package20-20May208202019pdf
Supply Chain Report
A significant amount of the MRC meeting was spent discussing a draft Supply Chain Report prepared by NERC staff Howard Gugel opened the discussion with an overview of the supply chain issue and potential vulnerabilities related to electronic access control physical access control and low impact BES systems
Mr Gugel summarized the range of policy input provided pursuant to NERC Board Chair Roy Thillyrsquos Policy Input Letter to the MRC which included the following observations
bull There was broad support for the adoption of the report
bull Most agreed that low impact BES cyber assets should remain out
bull Stakeholders are supportive of a third-party verification program
bull Cost should be considered along with risk
bull There were concerns about the use of ldquopre-audit surveys something that Mr Gugelcould be addressed by modifying the text in the final version of the report
2
Board Chair Thilly suggested that the Board could accept the report with the understanding that the things Mr Gugel suggested in his comments would be addressed In that case the Board could approve the report without another formal meeting
Electromagnetic Pulse (EMP) Concerns NERC announced the established of an EMP task force which will review a recently published EPRI report on EMP vulnerabilities identify reliability concerns assess vulnerabilities and recommend mitigation actions for NERC to consider The group will meet monthly Task force participation will be solicited in April with an initial meeting in May It is expected that draft recommendations will be published by the Task Force be available in the third quarter of 2019
Effectiveness and Efficiency Update NERCrsquos Mark Lauby provided the MRC with the latest developments surrounding NERCrsquos efforts to improve the long-term effectiveness and efficiency of the ERO Enterprise As noted in the last quarterly update NERC is considering restructuring the technical stakeholder committees (Operating Committee Planning Committee and the Critical Infrastructure Protection Committee) and is looking to bring a proposal to the NERC Board later this year A Stakeholder Engagement Team including three CCC members (Jennifer Flandermeyer Patti Metro and Scott Tomashefsky) are working with NERC staff and NERC Board members Gorbet and DeFontes to develop the proposal
Mr Lauby reported that the team is considering two potential options 1) retain the existing technical committee structure and create an oversight committee which coordinates and directs the work of the technical committees or 2) consolidate the three committees into one Reliability Council which reports to the NERC Board and oversees the work of the various technical Subcommittees Working Groups and Task Forces The proposal will be refined based on feedback the MRC provides to the group After two additional group meetings NERC will host a Policy Input webinar in mid-July and bring back the proposal for additional discussion in August Final approval of a package is scheduled to come in front of the NERC Board in November 2019
CCC Overview Presentation to the MRC A presentation providing an overview of CCC activities to the MRC was postponed until the August 2019 meeting
Board Meeting Summary
The following notes represent some of the significant highlights from the meetings The Agenda package and the associated presentation are available from the following links
httpswwwnerccomgovbotAgenda20highlights20and20Mintues202013Board_Open_Meeting_May_9_2019_Agenda_Packagepdf
httpswwwnerccomgovbotAgenda20highlights20and20Mintues202013Board_Open_Meeting_May_9_2019_Presentationspdf
3
Key Areas of Specific Interest to the CCC
bull Nicole Mosher ndash Nova Scotia Power was newly appointed for a three-year term to theCCC representing the Regional Entity Northeast Power Coordinating Council position
bull Greg Campoli ndash New York ISO was reappointed for a three-year term to the CCCrepresenting the ISORTO sector
bull Jim Stanton ndash SOS International was reappointed for a three-year term to the CCCrepresenting the Small End-Use Electricity Generator sector
bull Ted Hobson ndash JEA was also approved to serve on the CCC representing the RegionalEntity Florida Reliability Coordinating Council (FRCC) until the FRCC dissolution becomeseffective
bull CCC Chair Jennifer Flandermeyer provided a quarterly update to the Board summarizingthe results of CCC meetings held in Washington DC on March 12-13 2019
bull The Board adopted a proposal to retire 84 requirements included in various reliabilitystandards stemming from Phase 1 work associated with the Standards EfficiencyReview initiative NERC will subsequently develop a formal request to FERC to formallyeliminate the requirements The CCCrsquos John Allen led this effort and will continue to leadadditional work being done under Phase 2 Based on the review of the Phase 2 SERsurveys that were sent out to industry it is possible that the CCC will be assigned someof this work
bull During the discussion of the 2018 ERO Effectiveness Survey NERC Chair Roy Thillymentioned the need to rethink the range of questions asked in future surveys includingthose included in the CCC portion of the ERO Effectiveness Survey
Senior Management Changes bull NERC CEOPresident Jim Robb announced that Mechelle Thomas and Howard Gugel
were promoted to vice president positions at NERC Ms Thomas takes over as VP andChief Compliance Officer and will be the CCCrsquos senior executive sponsor Mr Gugelassumes the role of VP and Director of Engineering and Standards
Other Items of Interest
bull NERC CEOPresident Jim Robb reflected on his first year as head of NERC and progressbeing made regarding the four major initiatives he has been focusing on since his arrivallast spring
bull FERC Commissioner Bernard McNamee provided remarks for the first time since beingappointed to the agency He indicated to the NERC Board that his main area of interestas it relates to the ERO will be cyber and physical security
bull The NERC Board accepted the Supply Chain Report subject to changes outlined byHoward Gugel during the MRC meeting (see above) The redline will go back to theBoard but no further action will be taken Mr Gugel will check back with the varioustrade associations to make sure that the text is incorporated as discussed
bull The NERC Board approved the ERO Five-Year Assessment after NERC General CounselBerardesco presented a summary The presentation highlighted NERCrsquos responses to
4
directives outlined in a 2014 FERC Order including increased focus on information sharing the development of standards to address cyberphysical security and numerous activities related to the Compliance Monitoring and Enforcement Program
bull Reports were presented to the Board as a normal course of business by the variousBoard Committees NERC Committees and Forum Groups
Board Committee Summaries
The remainder of this document ordinarily highlights items discussed at various Board Committee meetings that are most relevant to CCC members The Board of Trustees Compliance Committee did not meet during the course of the May 2019 Board meetings so much of the comments related to the CCC were made at the MRC and Board meetings
CCC Standards Efficiency
Review Update
John AllenJune 19 2019
SER Project ScopeEvaluate NERC Reliability Standards using a risk-based approach to identify potential efficiencies through retirement or modification of Reliability Standard Requirements Considering that many Reliability
Standards have been mandatory and enforceable for 10+ years in North America this project seeks to identify potential candidate
requirements that are not essential for reliability could be simplified or consolidated and could thereby reduce regulatory obligations
andor compliance burden
Phase 1 Team Scopebull Three teams based on horizonsbull Evaluate O amp P Standardsbull Three options available
ndash No actionndash Full retirement ndash Alternatives to retirement
bull Parking lot alternatives for Phase 2
Phase 1 Resultsbull SAR proposing to retire 107 requirements bull Redundant requirementsbull Non-essential market-based requirementsbull Project 2018-03 approved retirement of 84bull Petition to the FERC on June 7
Modifications Sub-teambull Team members (Phase 1 and Phase 2)bull Evaluate transfers from Phase 1 bull Evaluate feedback from initial surveybull Language modificationsbull Consolidation of requirementsbull Upcoming SAR
Phase 2 ScopeEvaluate NERC Reliability Standards (OampP and CIP) as informed by implementation experiences and compliance practices to develop and recommend standards-based solutions intended to reduce inefficiencies and unnecessary regulatory burdens for the purpose of supporting continued safe secure and reliable operations
Perceived Issuesbull Costs exceed benefitsbull Zero defect environmentbull Difficult to demonstratebull Unclear performance expectationsbull Unscaled applicabilitybull Unnecessary CMEP activity
Efficiency Conceptsbull Six efficiency conceptsbull Presented to industry February 22bull Survey to industry ending March 22bull Analysis of Feedback
Efficiency Conceptsbull Concept 1 Evidence Retention (812)bull Concept 5 Consolidate InfoData Exchange (811)bull Concept 3 Move to Guidance (785)bull Concept 2 Prototype Standard (778)bull Concept 6 Move to CertControls Review (685)bull Concept 4 ConsolidateSimplify Training (619)
Efficiency Conceptsbull Prioritization and Next Steps - June 11
bull Evidence Retention bull Consolidate InfoData Exchange bull Move to Guidance bull Prototype Standard
SER CIP Projectbull Determining scopebull Retirements and modificationsbull Industry surveybull Solicit team members
Questions
Evidence Retentionbull Michael Puscas ndash ISO New Englandbull Tino Zaragoza ndash Imperial Irrigation Distbull Terry Bilke ndash MISObull White Paper ndash September 2014
ndash Risk-based record retentionndash Sampling
Analysis of Standardsbull Collected data from OampP and CIPbull 50 different retention schemes bull Inconsistentbull Arbitrarybull Draft report with recommendations
Recommendationsbull Consistent retention schemesbull Minimize time frame based on riskbull Update NERC auditor resourcesbull Update ROPSPMbull Engage appropriate stakeholdersbull Establish implementation plantimeline
Questions
Page | 0 Created 6132019 Last Saved 6132019
NERC Standard Efficiency Review (SER) Phase 2 Evidence Retention Teamrsquos Recommended Evidence Retention
Schemes for NERC Standards
Evidence and Data Retention
Report Analysis and
Recommendations
Puscas Michael ISO-NE Tino Zaragoza IID Terry Bilke MISO
June 13 2019
Page | 0 Created 6132019 Last Saved 6132019
Table of Contents Contents Executive Summary 1
Overall SER Project Scope 3
SER Phase 2 Evidence Retention Project Scope 3
SER Phase 2 Efficiency Concepts 3
Analysis of 2014 Evidence Retention White Paper 4
Tasks Performed by the 2014 Evidence Retention Team 4
Purpose of the 2014 White Paper 4
Identified Evidence Retention Problems Issues and Concerns 4
Recommendations from the 2014 Evidence Retention Study Team 5
Introduction to SER Phase 2 Evidence Retention Project 6
SER Phase 2 Evidence Retention Project Team 6
Evidence Retention Project Objectives 6
Evidence Retention Project Scope 7
Evidence Retention Out of Scope 7
Evidence Retention Project Assumptions 7
Evidence Retention Questions 7
Benefits of Revised Data Retention Rules 8
Challenges 8
Project Timeline 8
Introduction 9
Observations of Existing Evidence Retention Schemes 9
Evidence Retention Language 10
Evidence Categories 11
Results Error Bookmark not defined Different Headings in NERC Standards 11
General Observations 11
Recommendations 12
List of Existing Evidence Retention Schemes in NERC Standards 14
Page | 1 Created 6132019 Last Saved 6132019
Executive Summary This document analyzes the evidence or data retention sections of NERC CIP and OampP Standards as part of the NERC Standards Efficiency Review (SER) Phase 2 Project 1
Executive Summary The Rules of Procedure (ROP) of the North American Electric Reliability Corporation (NERC) dated July 19 2018 indicates
ldquoAll Bulk Power System owners operators and users shall provide to NERC and the applicable Regional Entity such information as is necessary to monitor compliance with the Reliability Standards NERC and the applicable Regional Entity will define the data retention and reporting requirements in the Reliability Standards and compliance reporting proceduresrdquo2
The ROP indicates how long evidence should be retained by Compliance Enforcement Authorities (CEA) but the amount of time evidence must be retained by registered entities gets more complicated There are over 50 evidence retention schemes in the existing set of NERC Operation and Planning (OampP) and CIP Standards (see Appendix A) Many evidence retention schemes apply to only one requirement in one Standard Other evidence retention schemes are overly burdensome especially when the risk to reliability is very low This is not a new or unknown problem NERC and an associated study team produced a ldquoData Retention White Paperrdquo dated September 12 20143 This document described a research and analysis project that started in 2013 when the Electric Reliability Organization (ERO) Enterprise assembled an advisory group to provide input and advice for modification of existing NERC Reliability Standard data retention requirements The data retention team was comprised of representatives from NERC and the NERC Compliance and Certification Committee (CCC) The 2014 data retention study team began reviewing and analyzing current data retention requirements and soliciting industry feedback on current data retention requirements Their subsequent white paper presented their findings and made recommendations for changes to current guidance documents future NERC Reliability Standard development and auditing processes The white paperrsquos analysis explored possible options for establishing uniform tools and applications and standardizing evidence retention requirements across the ERO Enterprise to promote consistency in demonstrating compliance These options were intended to provide improvements that support reliability and ensure that resources allocated by the ERO Enterprise and registered entities are commensurate with the potential risks of noncompliance to reliability The 2014 white paper recommended that NERC modify data retention requirements so that the burden of producing records necessary to demonstrate compliance is commensurate with the risk to the reliability of the BPS It further recommended including a consistent data retention period of either a rolling 6-months for high-volume data4 or a 4-year retention period for all other data with two specific exceptions
1 Standards requiring a current program or procedure which would be limited to the currently effective version with a revision history specifying changes and dates of review and
1 Author Dr Michael Puscas EdD Compliance Manager ISO-NE Reviewer Tino Zaragoza Reliability Compliance Officer Imperial Irrigation District 2 NERC Rules of Procedure Link see pg 22 3 pg 27 3 and Section 90 pg 29 3 Data Retention White Paper - 2014 4 ldquoHigh-volume datardquo as used herein refers to electronic data sets and files paper documents or audio recordings with sizes making it cost- or space-prohibitive to gather maintain track and provide the data to auditors within a reasonable period Examples of high-volume data could be access logs video surveillance tapes or voice and telephone recordings
Evidence and Data Retention ndash NERC Standards NERC SER Phase 2 Project
Page | 2 Data and Evidence Retention Analysis NERC SER Phase 2 Project
2 Standards requiring testing at intervals which would require the retention of the last full testing record and evidence of recurrence
The white paper recommended simplifying data requests by including as a part of the ERO Compliance Auditor Manual and Handbook a recommendation that regardless of the data retention requirements of the Standard and time between Compliance Audits auditors focus sampling to the most recent two years This recommended method of sampling would be more efficient and less burdensome for registered entities and the ERO Enterprise By instituting the recommended method of sampling the ERO Enterprise and registered entities could reallocate resources to areas of greater risk to the reliability of the BPS The recommendations contained in the 2014 white paper were presented to NERC but never carried out Data and evidence retention schemes remain overly complicated and burdensome The Standards Efficiency Review (SER) Phase 2 team recognized that data and evidence retention issues remain and require attention The SER Phase 2 team continued the work of the 2014 team The evidence retention team once again analyzed the current evidence retention schemes in the current set of OampP and CIP mandatory standards They discovered over 50 different evidence retention schemes They prepared a draft set of eight new and simplified evidence retention schemes and proposed a new evidence retention scheme for each NERC Standard requirement The remainder of this report is divided into the following sections
Section Page
A general description of the SER Phase 2 effort
A summary of the 2014 Data Retention Study effort
A description of the SER Phase 2 Evidence Retention teamrsquos work
Attachment A The current evidence retention schemes in OampP and CIP Standards
Attachment B Recommended new evidence retention schemes for each Standard and requirement based on risk level
Page | 3 Created 6132019 Last Saved 6132019
Overview - SER Phase 2 Overview This portion of the evidence retention report summarizes the SER Phase 2 Project
Overall SER Project Scope Evaluate NERC Reliability Standards using a risk-based approach to identify potential efficiencies through retirement or modification of Reliability Standard Requirements Considering that many Reliability Standards have been mandatory and enforceable for 10+ years in North America this project seeks to identify potential candidate requirements that are not essential for reliability could be simplified or consolidated and could thereby reduce regulatory obligations andor compliance burden5
SER Phase 2 Evidence Retention Project Scope Evaluate NERC Reliability Standards (OampP and CIP) as informed by implementation experiences and compliance practices to develop and recommend standards-based solutions intended to reduce inefficiencies and unnecessary regulatory burdens for the purpose of supporting continued safe secure and reliable operations The Phase Two Team will focus on the following activities
bull Identify areas of inefficiency in the current framework of Reliability Standards bull Collaborate and communicate with industry to ensure all areas of inefficiency and potential
solutions are considered bull Potential solutions may include but are not limited to the following
o SARs to remove inefficiencies in the Reliability Standards o Policy recommendations to appropriate ERO staff or committee6
SER Phase 2 Efficiency Concepts The SER Phase 2 team identified six efficiency concepts including
1 Evidence Retention Overhaul 2 Prototype Standard 3 Move Requirements to Guidance 4 Consolidate and Simplify Training Requirements 5 Consolidate InformationData Exchange Requirements 6 Relocate Competency-based Requirements to Certification ProgramCMEP Controls Review
The SER Phase 2 team surveyed the industry through a questionnaire that concluded on March 22 2019 The highest rated efficiency concept was Evidence Retention Therefore this became the first priority for the SER Phase 2 team
5 httpswwwnerccompaStandPagesStandards-Efficiency-Reviewaspx 6 Ibid
Page | 4 Created 6132019 Last Saved 6132019
Summary of the 2014 Evidence Retention Project Analysis of 2014 Evidence Retention White Paper The SER Phase 2 Evidence Retention team began by reviewing and analyzing the work of the 2014 project team (see Objectives pg 5) to avoid unnecessary duplication of effort and to validate the recommendations by that project team
Tasks Performed by the 2014 Evidence Retention Team The data retention team began reviewing and analyzing the data retention requirements in the then currently-enforceable and NERC Board of Trustee approved NERC Reliability Standards the NERC Rules of Procedure and guidelines for auditing included in the Generally Accepted Government Auditing Standards (GAGAS) Finally the data retention team reviewed the ERO Enterprise Compliance Auditor Manual and Handbook (Auditor Manual) They completed the following tasks
bull Identified and evaluated data retention requirements in the then current NERC Standards bull Recommended improvements to reduce the data-maintenance burdens on registered entities bull Provided guidance regarding the levels of data necessary to support proof of compliance bull Recommended revised data retention requirements to be commensurate with risk to the BPS and bull Recommended methods of sampling that are more efficient and less burdensome for registered
entities
Purpose of the 2014 White Paper The 2014 Evidence Retention study team created a ldquoWhite Paperrdquo to present their findings The twofold purpose of the evidence retention white paper was to provide rationale for proposed revisions to
1 The data retention requirements in NERC Reliability Standards and 2 The methodology of Compliance Audit and Spot Check data sampling requests
The goal was to minimize the Compliance Enforcement Authority (CEA) and registered entity resources used for gathering storing and producing data while maintaining reasonable assurance of compliance with the effective NERC Reliability Standards and reliability of the BPS
Identified Evidence Retention Problems Issues and Concerns The 2014 Evidence Retention team examined the data retention requirements of each active NERC Standard7 The 2014 team identified a series of data retention problems for example
bull There is no current consistent data retention period prescribed by FERC (the Commission) or NERC applicable to all Reliability Standards For example
o BAL-001-01a requires a one-year retention period for real-time operating data o VAR-002-2b requires two years of real-time operating data o COM-001-11 requires a 90-day retention of operator logs o IRO-006-5 if the records are audio recordings they have a 90-day retention but if
documented transcripts then it should be 12 months o MOD-028-2 requires retaining data for 12 months for seven of its requirements but
either 14 30 or 60 days for two other requirements 7 NOTE Many NERC Standards that were active in 2014 are now either inactive or replaced by newer versions
Evidence and Data Retention ndash NERC Standards NERC SER Phase 2 Project
Page | 5 Data and Evidence Retention Analysis NERC SER Phase 2 Project
bull There are different requirements for the length of time registered entities must keep identical types of data for certain Reliability Standards
bull The ERO Enterprise has considerable flexibility to determine and identify how long a registered entity must retain evidence to show compliance
bull Current evidence retention policies arenrsquot related to high reliability risk areas and therefore places undue administrative burden on registered entities
bull The NERC Rules of Procedure (ROP)8 do not include specific evidence retention guidance for registered entities The Rules of Procedure leave the assignment of data retention and reporting requirements to NERC or the Regional Entity
bull Industry responses voiced a frustration and opinion that the focus of auditor data requests and NERC Reliability Standards data retention requirements are on proving compliance and not enhancing reliability They voiced a desire to focus on current practices and policies instead of historical documents which may not have been relevant for several years
Recommendations from the 2014 Evidence Retention Study Team The 2014 Evidence Retention team documented a series of recommendations
bull NERC should modify data retention requirements in Standards so that the burden of producing records necessary to demonstrate compliance is commensurate with the impact to the reliability of the BPS
bull All new Standards receive a default four-year data retention period This four-year period will exclude the following
o Voice and audio recordings which will continue to be a 90-day rolling retention period o High-volume data which would be restricted to a six-month rolling retention period o Standards requiring a current program or procedure which would restrict to the currently
effective version with a revision history specifying changes and dates of review o Standards requiring testing intervals (eg PRC-005) which would restrict to the most
recent full testing records with evidence of previous testing intervals bull If current Reliability Standards are silent as to a data retention period then the four-year or six-
month data retention period should be used bull Data sampling by CEAs should be focused on the most recent two years unless the data sample
would be statistically too small or irregularities are identified in the initial samples
8 httpswwwnerccomFilingsOrdersusRuleOfProcedureDLNERC_ROP_Effective_20180719pdf
Page | 6 Created 6132019 Last Saved 6132019
2019 SER Phase 2 Evidence Retention Project Overview Introduction to SER Phase 2 Evidence Retention Project This project evaluates and continues the work completed by the 2014 Evidence Retention team NERC conducted a survey to gather industry comments related to six efficiency concepts Analysis of industry comments indicated that the Evidence Retention concept was the highest rated SER Phase 2 concept NERC and the SER Advisory Group selected the Evidence Retention concept as the first SER Phase 2 initiative This will be verified through meetings with the CCC on June 18th 2019 and with the NERC Standards Committee (SC) on June 26th 2019
SER Phase 2 Evidence Retention Project Team 1 Michael Puscas Evidence Retention Team Lead 2 Tino Zaragoza Evidence Retention Team Co-Lead 3 Chris Larson NERC SER Phase 2 Project Lead 4 Amy Casuscelli SC Vice-Chair 5 Ed Kichline 6 John Allen SER Phase 2 Project Chair 7 Ryan Mauldin 8 Kiel Lyons 9 Steve Noess 10 Jennifer Flandermeyer (NERC CCC Chair) 11 Richard Burt (CMG Rep) 12 Terry Bilke (MISO)
Evidence Retention Project Objectives The SER Phase 2 Evidence Retention team will
Objective Status
1 Review and analyze the 2014 Evidence Retention efforts retaining recommendations that are still appropriate and valid
1st Draft Complete
2 Inventory and analyze the Evidence Retention schemes in currently enforceable Standards to determine impact on reliability and high risks
1st Draft Complete
3 Build on the work of the 2014 Evidence Retention team and document a new and much simplified set of data retention guidelines
1st Draft Complete
4 Recommend and justify proposed dataevidence retention solutions for each NERC Standard
1st Draft Complete
5 Determine in concert with the SER Advisory Committee NERC CCC and NERC Management how to implement the recommendations of the Evidence Retention Team and the appropriate committee to oversee the successful implementation of the recommendations
In progress
Evidence and Data Retention ndash NERC Standards NERC SER Phase 2 Project
Page | 7 Data and Evidence Retention Analysis NERC SER Phase 2 Project
Evidence Retention Project Scope The Evidence Retention efficiency project includes
bull Analysis of current mandatory OampP and CIP Standards bull Analysis of the risk levels of each Standard requirement bull Analysis of Data and Evidence Retention sections of the NERC Standards
Evidence Retention Out of Scope The Evidence Retention efficiency project does not include
bull OampP and CIP Standards subject to future enforcement bull Auditor compliance evidence sampling methodologies bull Specific evidence retention implementation plans and strategies bull Changes to any portion of a given NERC Standard
Evidence Retention Project Assumptions The Evidence Retention efficiency project assumes
bull The recommendations of the SER Phase 2 teamrsquos recommendations will be assigned to an owner who will assure that the evidence retention recommendations are fully implemented
bull The committee or owner will establish an implementation strategy and timeline for the new evidence retention schemes
Evidence Retention Questions The Evidence Retention team considered the following questions
Questions Answers What is the purpose and value of evidence retention
Data and evidence is important because it provides information to support decision-making by auditors and is mandatory to meet regulatory requirements
How are measures related to evidence retention Should they be considered as part of this effort Is it beneficial to have measures in the Standard
Standard requirement measures often indicate what the specific evidence should look like The data or evidence retention portion of the Standard explains how long to keep that evidence The two are somewhat related Measures describe the tangible artifacts while the dataevidence retention rules are time-based
Are there potential benefits if the measures especially for high Violation Risk Factor requirements were written differently
Measures in NERC Standards are already sufficiently detailed to indicate what information needs to be collected Rewriting them by adding retention information would only create more confusion
Can we find opportunities to revise the measure language to reduce the burden of collecting storing and producing records
Going forward as new Standards are developed or existing Standards are revised it is important to assure that the measures are clearly and specifically written without reference to how long to keep records
Is it even practical to collect the type of evidence mentioned in the requirements andor measures if the reliability risk is low
Evidence and Data Retention ndash NERC Standards NERC SER Phase 2 Project
Page | 8 Data and Evidence Retention Analysis NERC SER Phase 2 Project
Benefits of Revised Data Retention Rules The advantages of a simplified set of data retention rules include
bull Simplified evidence retention schemes reduce the compliance costs associated with low risk activity registered entities donrsquot need to spend resources on low risk activities especially if evidence retention is not required
bull Evidence retention takes up space on servers which could be used for other purposes Excessive data retention increases costs to manage backup compile and review data for compliance monitoring and enforcement activities
bull Simplified evidence retention schemes offer innovative approaches that mitigate high risks Ultimately evidence retention is tied logically to risk mitigation which replaces arbitrary evidence retention schedules
bull Simplified evidence retention schemes will enable entities to align their internal retention policies with the NERC requirements
bull Examination of current dataevidence retention schemes incentivizes creative thinking and best practices The envisioned future state is a simplified and flexible set of data retention rules that are in line with risk and reliability The rules will address changing technology and emerging threats
bull Simplified rules provide long-term stability to the Reliability Standards and it provides clear guidance to SDTrsquos which reduces the overall Standard development time
Challenges Potential challenges include
bull Proposed evidence retention rules may require changes to the NERC Rules of Procedure depending on how the Evidence Retention teamrsquos recommendations are addressed
bull The ERO Compliance Auditor Manual and Handbook may also need to be updated After update all CEA auditors must be trained in the new evidence retention and data sampling rules This assures that all regions are auditing and sampling in a consistent fashion
bull The proposed evidence retention schemes the implementation process and timeline will require further study and verification by NERC and the committee or task force assigned to implement the recommendations of the SER Phase 2 evidence retention team
Project Timeline Date Event Status 5819 Draft Evidence Retention Report Due Complete 51319 Working Meeting Complete 52019 Meet with Chris Larson and John Allen Complete 61119 SER Advisory Committee Meeting in Atlanta GA Complete 61519 Second draft of the Evidence Retention Report Due Complete 61819 John Allen meets with NERC CCC for status update Scheduled 62619 Meet with SC Scheduled 63019 Third draft of the Evidence Retention Report Due Scheduled TBD Industry Feedback Next Steps (Webinar White Paper SC Committee) TBD TBD Final Draft of the Evidence Retention Report Due TBD
Page | 9 Created 6132019 Last Saved 6132019
Analysis of Existing Evidence Retention Schemes Introduction Many Standards studied in 2014 are either inactive or were replaced with newer versions of the Standard Therefore the SER Phase 2 evidence retention team analyzed all mandatory and enforceable Operations and Planning (OampP) and Critical Infrastructure Protection (CIP) Standards focusing attention on the data retention requirements of each Standard and each requirement They discovered over 50 different evidence retention schemes strewn throughout various Standards and requirements Specific information on each scheme and applicable Standards and requirements is included in Appendix A
Observations of Existing Evidence Retention Schemes
Applicability of Evidence Retention Schemes Many current evidence retention schemes apply to only one requirement in one Standard (See Appendix A) for example PRC-026-1 R3 The largest evidence retention schemes include
o ldquoLast 3 Calendar Yearsrdquo with over 40 applicable requirements o ldquoSince Last Compliance Auditrdquo with 34 applicable requirements o ldquoCurrent Plus 3 Previous Calendar Yearsrdquo with 28 applicable requirements
Similarity of Schemes There was very little difference between certain evidence retention schemes for example the following retention schemes are basically the same
o 12 Calendar Months vs 12 Calendar Months Following Completion of each CAP o 12 Calendar Months vs One Calendar Year o 12 Calendar Months vs Current Year o 12 Calendar Months vs Last 12 Calendar Months o Two Calendar Years vs Current Calendar Year Plus One Previous Calendar Year
Plans Assessments Models Tests and Document Schemes There were many similarities when specifying the current and previous version of plans assessments models tests and documents for example
o Current and Previous Model Used to Determine Flowgates and TFC o Current and Prior Transfer Capability Methodology Since Last Compliance Audit o Current and Prior Versions o Current Blackstart Testing Results and Previous Testing Results o Current GMD Vulnerability Assessment and Preceding Assessment o Current In-Force ATCID Provided by TSP and Prior Versions of ATCID o Current In-Force Documents and Previous Documents
Poor Descriptions or Non-Existent Schemes Some evidence retention schemes were poorly described for example ldquoCurrent and Previous Calendar Yearsrdquo but the exact number of previous calendar years was not specified Six requirements had no evidence retention schemes specified at all One evidence retention scheme was extremely general and
Evidence and Data Retention ndash NERC Standards NERC SER Phase 2 Project
Page | 10 Data and Evidence Retention Analysis NERC SER Phase 2 Project
potentially no longer applicable for example ldquoRetain Evidence of Any Path and Rating Prior to 1194rdquo as shown in MOD-029-2a R2
Variations on a Theme There were a lot of variations on the theme of ldquoCurrentrdquo for example
bull Current In-Force Data Specification for Analysis and Real-Time Monitoring bull Current In-Force Documents bull Current In-Force Documents and Previous Documents bull Current In-Force Facility Ratings Methodology bull Current In-Force Outage Coordination Process bull Current Model Used to Calculate TTC bull Current Planning Analysis Results bull Current Plus 1 Previous Calendar Year bull Current Plus 2 Previous Calendar Years bull Current Plus 3 Previous Calendar Years bull Current Version and Prior Version of The TTC Study Reports bull Current Year
Evidence Retention Language NERC Reliability Standards contain language in the data retention or evidence retention sections that are exactly the same from Standard to Standard as noted below Sometimes however language differs slightly
bull Evidence retention periods identify the period of time an entity is required to retain specific evidence to demonstrate compliance For instances where the evidence retention period specified below is shorter than the time since the last audit the Compliance Enforcement Authority may ask an entity to provide other evidence to show that it was compliant for the full-time period since the last audit
bull In addition entities found non-compliant shall keep information related to the non-compliance until found compliant
bull If a Transmission Service Provider or Transmission Operator is found noncompliant it shall keep information related to the non-compliance until found compliant
bull If a Planning Coordinator is found non-compliant it shall keep information related to the non-compliance until found compliant or for the time periods specified above whichever is longer
bull If a Reliability Coordinator Transmission Operator Balancing Authority Generator Operator or Distribution Provider is found non‐compliant it shall keep information related to the non‐compliance until mitigation is complete and approved or for the time specified above whichever is longer
bull If an entity is found non-compliant the entity shall keep information related to the noncompliance until found compliant or for two years plus the current year whichever is longer
bull Evidence used as part of a triggered investigation shall be retained by the entity being investigated for one year from the date that the investigation is closed as determined by the Compliance Monitor
bull The Compliance Monitor shall keep the last periodic audit report and all requested and submitted subsequent compliance records
bull Not all NERC Standards have a ldquoData Retentionrdquo section bull Some Standards have a single data retention directive bull Some Standards have data retention specifications for each requirement in the Standard bull Some Standards have data retention specifications related to the Standardrsquos measurements
Evidence and Data Retention ndash NERC Standards NERC SER Phase 2 Project
Page | 11 Data and Evidence Retention Analysis NERC SER Phase 2 Project
bull Many Standards use the term ldquoData Retentionrdquo Newer Standards use the term ldquoEvidence Retentionrdquo
Evidence Categories The existing NERC Standards describe Data and Evidence retention periods that attempt to address evidence that falls into one or more of the following evidence categories
1 Voice Data 2 Logs 3 Documents Processes and Plans 4 Models and Methodologies 5 Assessments Lists Records and Studies 6 Agreements
Different Headings in NERC Standards The team discovered that two headings were used interchangeably in the NERC Standards
1 Data Retention 2 Evidence Retention
General Observations The Evidence Retention team observed
bull The dataevidence retention schemes were somewhat arbitrary Some were excessively long some very short but there was no consistent rationale for retention length
bull Similar evidence categories described in different Standards have different evidence retention schemes Evidence retention schemes vary within specific Standards by requirement
bull Some evidence retention schemes are one-of-a-kind that is they appear only once This is usually because they are so specific they apply only to one Standard and one requirement These overly specific data retention schemes are not necessary for example PRC-026-1 R3
Page | 12 Created 6132019 Last Saved 6132019
Evidence Retention Recommendations This section of the report presents SER Phase 2 recommendations for evidence retention
Recommended Evidence Retention Schemes Simplify the existing evidence retention schemes to a manageable set of eight evidence retention schemes or rules to cover all NERC OampP and CIP Standards and requirements as shown in the following table
Recommended DataEvidence Retention Schemes
Rationale for the DataEvidence Retention Scheme
1 Rolling three-year data retention period
Many existing evidence retention schemes call for a three year retention schedule which is less than the default 4-year schedule but it should be a rolling three-year period
2 Rolling 90-day data retention period for voice and audio recordings
Voice and audio recordings take up a lot of space on computer systems Therefore only 90-days of history are necessary
3 Default four-year data retention period
Unless specifically called out this is the default dataevidence retention scheme
4 Rolling 6 Months data retention period for high volume data
This may not be needed if 30 days of rolling data is enough to satisfy compliance-related issues
5 Current plan model agreement methodology study program or procedure with a revision history specifying changes and dates of review
This satisfies the need for auditors to see the most recent documentation in a variety of areas
6 Most recent full testing records with evidence of previous testing intervals
This satisfies the requirements to complete and document various tests
7 Rolling 12 Calendar months data retention period
This satisfies the requirement to have at least 12 months of data Given the type of data itrsquos not necessary to have 3 or more years of data
8 Rolling 30-day data retention period
This is high volume data and thus requires only 30 days of data to demonstrate compliance
Additional Recommendations The SER Phase 2 team DataEvidence Retention Project team recommends the following
1 All NERC Standards should bear the same heading ldquoData and Evidence Retentionrdquo 2 Compliance Data and Evidence should be retained for the shortest possible time-frame to clearly
demonstrate compliance 3 There are three evidence retention categories
Evidence and Data Retention ndash NERC Standards NERC SER Phase 2 Project
Page | 13 Data and Evidence Retention Analysis NERC SER Phase 2 Project
31 Paper 32 Electronic Data 33 Storage Intense Data (Voice etc)
4 Update the NERC Auditorrsquos Manual and associated training with the new dataevidence retention schemes Retrain all auditors and SDTs on the new evidence retention schemes
5 Update the NERC Rules of Procedure with guidance for the Standard SDTs 6 Itrsquos important to have TOsGOs engaged on the socialization The primary proponents of this
issue were originally TOsGOs and they pointed to standard families like PRC as forming the need for this type of relief Their audit cycle experience ndash which also is pertinent to this issue ndash tends to be different than RCBATOPs as well It will be easier to socialize the issue if those entities most impacted by the proposed recommendation help communicate the importance of it
7 It is important to have the SCCCC Chairs and key NERC Personnel talk about what questionsissues each needs to resolve to determine what their role is in accepting the evidence retention recommendations The process will move this concept more effectively if the Committees first understand what they are being asked to consider and what steps NERC is willing to take on this as the ERO
8 Define upfront an expected close out date for acceptingrejecting recommendations with the Committee Chairs and NERC personnel The SER team suggests we map out who needs to review what what decisions they need to make and when those decisions can reasonably happen That way if we start to approach a date and completion doesnrsquot look imminent we can discuss how to respond Without a proposed completion date discussion could get drawn out
9 Create an implementation timeline for next steps to avoid what happened with the work completed in 2014 NERC needs to assure that specific actions are taken and there is agreement on who ldquoownsrdquo the implementation of the evidence retention project and recommendations
10 Determine how the new evidence retention schemes will be implemented possibly through the Enhanced Periodic Review (EPR) to avoid confusion and a massive overhaul of existing Standards
11 Assure that evidence retention is concentrated on the highest risk requirements and not necessarily on all requirements
Page | 14 Created 6132019 Last Saved 6132019
Appendix ndash Results of Analyzing Current Evidence Retention Schemes List of Existing Evidence Retention Schemes in NERC Standards The following table summarizes the results of analyzing the dataevidence retention schemes listed in all active NERC OampP and CIP Standards NOTE The list did not exclude Standards and requirements slated for retirement as part of SER Phase 1 efforts since at the time of this report retirements were not yet effective
Current Evidence Retention Scheme Total Standards and Requirements List
1 12 Calendar Months Following Completion of each CAP
1 PRC-026-1 R3
2 90 Calendar Days 3 CIP-007-6 R4 IRO-018-1(i) R3 PRC-001-11(ii) R2
3 90 Calendar Days Voice 12 Months for Logs 2 FAC-003-4 R1 TOP-002-4 R1
4 Approved Plan and Previous Plan Since Last Compliance Audit
2 EOP-005-3 R1 EOP-006-3 R1
5 Current and Previous Calendar Years (time not specified)
1 EOP-008-2 R7
6 Current and Previous Model Used to Determine Flowgates and TFC
1 MOD-030-3 R2
7 Current and Previous Planning Assessment 1 TPL-001-4 R1
8 Current and Prior Transfer Capability Methodology Since Last Compliance Audit
1 FAC-013-2 R1
9 Current and Prior Versions 1 EOP-005-3 R6
10 Current Blackstart Testing Results and Previous Testing Results
1 EOP-005-3 R7
11 Current Calendar Year Plus One Previous Calendar Year except operator logs and voice recordings - retain for 90 calendar days
7 COM-002-4 R1 R2 IRO-018-1(i) R1 TOP-001-4 R1 R15 R22 TOP-010-1(i) R1
12 Current GMD Vulnerability Assessment and Preceding Assessment
1 TPL-007-1 R4
13 Current In-Force Agreement 1 NUC-001-3 R2
14 Current In-Force ATCID Provided by TSP and Prior Versions of ATCID Since Last Compliance Audit
3 MOD-001-1a R3 MOD-029-2a R1 MOD-030-3 R1
Evidence and Data Retention ndash NERC Standards NERC SER Phase 2 Project
Page | 15 Data and Evidence Retention Analysis NERC SER Phase 2 Project
Current Evidence Retention Scheme Total Standards and Requirements List
15 Current In-Force Data Specification for Analysis and Real-Time Monitoring
1 TOP-003-3 R2
16 Current In-Force Documents 1 PRC-001-11(II) R1
17 Current In-Force Documents and Previous Documents Since Last Compliance Audit
3 EOP-008-2 R8 IRO-002-5 R1 IRO-014-3 R1
18 Current In-Force Facility Ratings Methodology Since Last Compliance Audit
2 FAC-008-3 R2 R3
19 Current In-Force Outage Coordination Process Since Last Compliance Audit
1 IRO-017-1 R1
20 Current Model Used to Calculate TTC 2 MOD-028-2 R2 MOD-029-2a R1
21 Current OPA Real-time Monitoring and Real-time Assessments Since Last Audit
2 IRO-010-2 R1 TOP-003-3 R1
22 Current Operating Plan and Previous Plans Since Last Compliance Audit
5 EOP-004-4 R1 EOP-008-2 R1 R6 EOP-011-1 R1 R2
23 Current Planning Analysis Results 1 NUC-001-3 R3
24 Current Plus 1 Previous Calendar Year 7 IRO-002-5 R5 MOD-001-1a R2 R6 MOD-030-3 R5 TOP-001-4 R20 R23 VAR-002-41 R1
25 Current Plus 2 Previous Calendar Years 4 NUC-001-3 R4 R5 PER-004-2 R1 PRC-001-11(ii) R3
26 Current Plus 3 Previous Calendar Years 28 BAL-001-2 R1 BAL-002-3 R2 BAL-003-11 R1 BAL-005-1 R1 EOP-005-3 R2 R3 R4 R5 EOP-006-3 R2 R3 R4 R5 R6 FAC-008-3 R1 IRO-014-3 R6 MOD-001-1a R5 MOD-004-1 R1 R2 R3 R4 R6 R10 R11 MOD-008-1 R2 R4 MOD-029-2a R3 R7 MOD-030-3 R22
27 Current Version and Prior Version of The TTC Study Reports
1 MOD-029-2a R2
28 Current Year 1 EOP-008-2 R2
29 Five Calendar Years 4 PRC-002-2 R1 R5
Evidence and Data Retention ndash NERC Standards NERC SER Phase 2 Project
Page | 16 Data and Evidence Retention Analysis NERC SER Phase 2 Project
Current Evidence Retention Scheme Total Standards and Requirements List TPL-007-1 R1 R7
30 Last 12 Calendar Months 13 FAC-014-2 R1 IRO-014-3 R5 MOD-028-2 R3 R4 R10 MOD-030-3 R21 R4 PRC-004-5(i) R1 R5 R6 PRC-006-3 R6 PRC-026-1 R2 VAR-001-5 R1
31 Last 12 Calendar Months Plus Current Month 3 IRO-006-5 R1 IRO-006-East-2 R1 R2
32 Last 14 Days Past 30 Days Daily Values And Past 60 Days for Monthly Values
3 MOD-028-2 R8 MOD-029-2a R5 MOD-030-3 R6
33 Last 3 Calendar Years Over 40
CIP-002-51a All CIP-003-6 All CIP-004-6 All CIP-005-5 All CIP-006-6 All CIP-007-6 All CIP-008-5 All CIP-009-6 All CIP-010-2 All CIP-011-2 All CIP-014-2 All EOP-010-1 R1 FAC-001-3 R1 FAC-002-2 R1 FAC-003-4 R1 R2 R3 R5 R6 R7 FAC-008-3 R4 R7 R8 IRO-010-2 R2 IRO-017-1 R2 R3 R4 MOD-026-1 R1 R3 MOD-027-1 R1 R3 PRC-006-NPCC-1 R1 PRC-018-1 R1 PRC-023-4 R1 PRC-024-2 R1 PRC-025-2 R1 TOP-003-3 R3 R4
34 Last Load Control or Active PowerFrequency Control System Model Verification
1 MOD-027-1 R2
35 Latest Excitation Control System or Plant voltvar Control Function Model
1 MOD-026-1 R2
36 Latest Transmittals and Receipts 1 NUC-001-3 R1
Evidence and Data Retention ndash NERC Standards NERC SER Phase 2 Project
Page | 17 Data and Evidence Retention Analysis NERC SER Phase 2 Project
Current Evidence Retention Scheme Total Standards and Requirements List
37 Most Recent 12 Calendar Months Except Operator Logs and Voice Recordings - Retain for 90 Calendar Days
3 IRO-002-5 R3 TOP-001-4 R21 R24
38 Most Recent 12 Calendar Months Except Voice Recordings Most Recent 90 Calendar Days
7 COM-001-3 R1 R12 R13 R3 R5 R7 R8
39 Most Recent 3 Calendar Months Plus Current Month 6 INT-004-31 R1 R3 INT-006-4 R1 R2 INT-009-21 R1 INT-010-21 R1
40 Most Recent 90 Calendar Days 2 IRO-010-2 R3 TOP-003-3 R5
41 Most Recent 90-Calendar Days Voice Most Recent 12 Calendar Months Documentation
2 IRO-001-4 R1 R2
42 Most Recent List of Circuits 1 PRC-023-4 R6
43 None Specified 6 MOD-020-0 R1 PRC-008-0 R1 PRC-011-0 R1 PRC-015-1 R1 PRC-016-1 R1 PRC-017-1 R1
44 One Calendar Year 1 PRC-026-1 R1
45 One Year from SOL Methodology Change 2 FAC-010-3 R1 FAC-011-3 R1
46 Retain Evidence of Any Path and Rating Prior to 1194 1 MOD-029-2a R2
47 Rolling 12-Month Period 1 IRO-009-2 R1
48 Rolling 30-Days 4 IRO-008-2 R4 IRO-018-1(ii) R2 TOP-001-4 R13 TOP-010-1(i) R3
49 Rolling 90-Calendar Days for Voice 12 Months for Operating Logs
3 IRO-008-2 R1 IRO-014-3 R3 TOP-002-4 R1
50 Since Last Compliance Audit 34 BAL-002-3 R1 EOP-004-4 R2 EOP-008-2 R3 R4 R5 EOP-011 R3 R5 R6 FAC-008-3 R1 FAC-013-2 R2 MOD-001-1a R1 MOD-008-1 R1 MOD-025-2 R1 R3 MOD-028-2 R1 MOD-031-2 R1
Evidence and Data Retention ndash NERC Standards NERC SER Phase 2 Project
Page | 18 Data and Evidence Retention Analysis NERC SER Phase 2 Project
Current Evidence Retention Scheme Total Standards and Requirements List MOD-032-1 R1 MOD-033-1 R1 PER-005-3 R1 R2 PRC-005-6 R1 R2 R5 PRC-006-3 R1 R10 R7 R8 R9 TPL-001-4 R2 R3 R4 R5 R6 R7
51 Since Last Compliance Audit Plus one Previous Compliance Audit
2 EOP-005-3 R10 EOP-006-3 R8
52 Six Calendar Years 3 PRC-006-3 R11 PRC-010-2 R1 PRC-019-2 R1
53 Three Calendar Years 6 PRC-002-2 R2 R6 R7 PRC-005-11b R1 TOP-001-4 R12 R14
54 Three Years or Since Last Compliance Audit Whichever is Longer
1 PER-003-1 R1
Agenda Item 14 CCC Meeting June 18-19 2019
NERC Reliability Issues Steering Committee
Action Discussion
Background The NERC Reliability Issues Steering Committee (RISC) is developing the 2019 ERO Reliability Risk Priorities Report The report incorporates the data that was derived from the Emerging Risks Survey that was completed by the members of the various NERC Standing Committees
Summary The RISC Committee with NERC hosted the 2019 Reliability Leadership Conference on March 14 2019 in Washington DC The meeting attendees included electric industry leaders and regulators The conference provided an opportunity to discuss identified and emerging risks to the bulk power system (BPS) as well as to provide commentary and strategic direction from system planners and operators regulators policy makers and industry on current emerging risks to the BPS On March 15 2019 the RISC conducted an in-person meeting to review and summarize the information shared at the conference The results were used to develop the Emerging Risks Survey
The RISC analyzed the results of the Emerging Risks Survey and decided to consolidate the risks into five risk profiles
bull Changing Resource Mix BPS Planning and Resource Adequacy and Performance
bull Increased Complexity in Protection and Control Systems and Human Performance and SkilledWorkforce
bull Loss of Situational Awareness
bull Extreme Natural Events
bull Physical Security Vulnerabilities Cybersecurity Risk and Critical InfrastructureInterdependency
The focus of the RISC for the third quarter is to create the 2019 ERO Reliability Risk Priorities Report which will be available for comment in the Board Policy Input request for the August 2019 NERC Board meeting
The report will include
bull More focus on providing clarity for the target audience
bull Improved layout and graphics
bull Succinct messaging
bull Prioritization of risks and mitigating activities
bull Expanded Heat Maps
- CCC Agenda June 2019
- NERC AntiTrust Compliance Guidelines
- NERC Public Announcements
- Agenda Item 3b Effectiveness and Efficiency Summary with Action Items
- Agenda Item 3c - Communications Plan
- Agenda Item 5ci -New EROMS Scope redline
-
- 3353 Peachtree Road NE Suite 600 North Tower Atlanta GA 30326
- 404-446-2560 | wwwnerccom
- Section 1 Mission
- Section 2 ERO Monitoring Subcommittee Tasks and Functions
- Section 3 Membership
-
- 31 Goals
- 32 General
- 33 Subgroup Membership and Representation
- 34 Membership Not Restricted to CCC Members
- 35 Resignations
-
- a By the Member
- b Requested by the Chair
- c Referral to the CCC Chair
- d By the Board
-
- 36 Proxies
-
- a Notification
- b May Not Serve as a Proxy for Another Member
-
- 37 Exclusions
- 38 Changes in Member Affiliation
- 39 Acknowledgement of a Membership Conflict
-
- Section 4 Meetings
-
- 41 Antitrust Guidelines
- 42 Open Meetings
- 43 Confidential Sessions
- 44 Types of Meetings
- 45 Majority and Minority Views
- 46 Actions without a Meeting
- 47 Quorum
-
- Section 5 Officers and Staff
-
- 51 General
-
- a Number of Positions
- b Officers
- c Secretary
- d Officers May Vote
- e Officers are Named by the CCC Chair for a Two-year Term
-
- 52 Chair
- 53 Vice Chair
- 54 Staff Coordinator
-
- Section 6 Subordinate Groups
-
- 61 Committee Organization Hierarchy
- 62 Establishing Subgroups
-
- Attachment A ndash CCCPP Responsibilities
-
- Agenda Item 5ci - New EROMS Scope clean
-
- 3353 Peachtree Road NE Suite 600 North Tower Atlanta GA 30326
- 404-446-2560 | wwwnerccom
- Section 1 Mission
- Section 2 ERO Monitoring Subcommittee Tasks and Functions
- Section 3 Membership
-
- 31 Goals
- 32 General
- 33 Subgroup Membership and Representation
- 34 Membership Not Restricted to CCC Members
- 35 Resignations
-
- a By the Member
- b Requested by the Chair
- c Referral to the CCC Chair
- d By the Board
-
- 36 Proxies
-
- a Notification
- b May Not Serve as a Proxy for Another Member
-
- 37 Exclusions
- 38 Changes in Member Affiliation
- 39 Acknowledgement of a Membership Conflict
-
- Section 4 Meetings
-
- 41 Antitrust Guidelines
- 42 Open Meetings
- 43 Confidential Sessions
- 44 Types of Meetings
- 45 Majority and Minority Views
- 46 Actions without a Meeting
- 47 Quorum
-
- Section 5 Officers and Staff
-
- 51 General
-
- a Number of Positions
- b Officers
- c Secretary
- d Officers May Vote
- e Officers are Named by the CCC Chair for a Two-year Term
-
- 52 Chair
- 53 Vice Chair
- 54 Staff Coordinator
-
- Section 6 Subordinate Groups
-
- 61 Committee Organization Hierarchy
- 62 Establishing Subgroups
-
- Attachment A ndash CCCPP Responsibilities
-
- Agenda Item 5cii - CCCPP-001 Monitoring Program for NERCs Adherence to NERCs Rules of Procedure for Compliance Enforcement redline
-
- Agenda Item 5cii - CCCPP-001 Monitoring Program for NERCs Adherence to NERCs Rules of Procedure for Compliance Enforcement clean
-
- Agenda Item 5cii - CCCPP-001 Monitoring Program for NERCs Adherence to NERCs Rules of Procedure for Compliance Enforcement clean
- Agenda Item 5ciii CCCPP-011 Procedure to Become a Prequalified Organization Eligible to Submit Implementation Guidance to the ERO redline
-
- Preface
-
- CCCPP-011-1
- Summary
- Revision History
- Antitrust Guidelines
- Open Meetings
- Types of Meetings
- Majority and Minority Views
- Actions without a Meeting
- Quorum
- Submit Application
- Review Application
- Notifying Applicant and ERO Enterprise
- Review Period
- Retention Management
- Confidentiality Management
- Contact Person Details
- Description of Organization
- Member Details
- Application
-
- Please send this form to the following location
-
- Agenda Item 5ciii CCCPP-011 Procedure to Become a Prequalified Organization Eligible to Submit Implementation Guidance to the ERO Clean
-
- Preface
-
- Summary
- Revision History
-
- 1 Introduction
- 2 Scope
- 3 Meetings
-
- Antitrust Guidelines
- Open Meetings
- Types of Meetings
- Majority and Minority Views
- Actions without a Meeting
- Quorum
-
- 4 Criteria for Approval
- 5 Application and Review Process
-
- Submit Application
- Review Application
- Notifying Applicant and ERO Enterprise
-