industry webinar: risk-based compliance monitoring and com-003 · new!! -- draft 3 of com-003-1...
TRANSCRIPT
Industry Webinar: Risk-Based Compliance Monitoring and COM-003 Project 2007-02 Operating Personnel Communications Protocols Standard Drafting Team
September 6, 2012
2 RELIABILITY | ACCOUNTABILITY
NERC Antitrust Guidelines
It is NERC’s policy and practice to obey antitrust laws. Prohibited Activities:
•Discussions involving pricing information, margin, internal cost, future prices or internal costs.
•Discussions of a participant’s marketing strategies.
•Discussions on how customers and areas are to be divided among competitors and the exclusion of any competitors, vendors and suppliers from markets.
3 RELIABILITY | ACCOUNTABILITY
Public Reminder
• Participants are reminded that this Webinar is public. The access number was posted on the NERC website and widely distributed.
• Speakers on the call should keep in mind that the listening audience may include members of the press and representatives of various governmental authorities, in addition to the expected participation by industry stakeholders.
4 RELIABILITY | ACCOUNTABILITY
Agenda
•Remarks by NERC President and CEO, Gerry Cauley
•Remarks by the Operating Personnel Communications Protocols Standard Drafting Team (OPCPSDT) Chair, Lloyd Snyder
•Risk-Based Compliance Monitoring by Mike Moon, Senior Director of Reliability Risk Management
•Draft Reliability Standard COM-003
•Draft Reliability Standard Audit Worksheet (RSAW)
•Next steps
• Summary
5 RELIABILITY | ACCOUNTABILITY
Remarks by NERC President and CEO, Gerry Cauley
6 RELIABILITY | ACCOUNTABILITY
Risk-Based Compliance Monitoring
7 RELIABILITY | ACCOUNTABILITY
Risk-Based Compliance Monitoring
Program Level Annual Implementation Plan and
Actively Monitored List (AML)
Entity Evaluations Appropriately scope
Compliance Monitoring
Field Work Verify Scope
Adjust as Necessary
Notice of Penalty
No non-compliance
Find, Fix, Track and
Report
Non-compliance?
Reliability Standard
RSAW
8 RELIABILITY | ACCOUNTABILITY
Entity level
• AML Tier 1 provides base
• Entity assessment
• Field work Consider the control environment
Test and assess the entities procedures o Identify, assess and correct deficiencies
• Self and continuous improvement
• Look at program and system
Risk-Based Compliance Monitoring (Continued)
9 RELIABILITY | ACCOUNTABILITY
COM-003-1 Overview
10 RELIABILITY | ACCOUNTABILITY
COM-003-1
• Today’s important takeaways: New!! -- Draft 3 of COM-003-1 represents a new paradigm
for reliability standards
New!! -- COM-003-1 RSAW was developed in concert with the standard
Standard COM-003-1 addresses an important reliability gap
11 RELIABILITY | ACCOUNTABILITY
COM-003-1 Draft 3
COM-003-1 Draft 3 Addresses:
• The 2003 Blackout Report “Ineffective communications contributed to a lack of
situational awareness and precluded effective actions to prevent the cascade. Consistent application of effective communications protocols, particularly during alerts and emergencies, is essential to reliability.”
Report also recommended that industry “…tighten communications protocols, especially for communications during alerts and emergencies.”
12 RELIABILITY | ACCOUNTABILITY
COM-003-1 Draft 3 (Continued)
• FERC Order 693, P.532 Directs the Electric Reliability Organization and the industry
to develop communication protocols based on a set of guidelines
• The 2007 COM-003-1 Standard Authorization Request Requires the development of communications protocols for
use by real-time system operators “during normal and emergency operations to improve situational awareness and shorten response time.”
• One of the eight high priority issues identified in the NERC President’s Top Priority Issues for Bulk Power System Reliability Issued January 7, 2011
13 RELIABILITY | ACCOUNTABILITY
• Confusion in transitioning from normal conversation to formal communications can result in: Unclear instructions
Whether an instruction is a suggestion or a directive
Whether specific action is required or a set of alternative actions are permissible
What elements of the system are being addressed
COM-003-1 Draft 3 (Continued)
14 RELIABILITY | ACCOUNTABILITY
Highlights of COM-003-1 Draft 3 Changes
15 RELIABILITY | ACCOUNTABILITY
Changes from COM-003-1 Draft 2
Definition changes Operating Instruction — Command from a System Operator to change or preserve the state, status,
output, or input of an Element of the Bulk Electric System or Facility of the Bulk Electric System.
Completely changed: Requirement Section
Measure Section Violation Risk Factor (VRF) and Violation Severity
Level (VSL) Section
Made Changes to: Compliance Section to address comments
16 RELIABILITY | ACCOUNTABILITY
Features of COM-003-1 Draft 3
Requirement R1
Entities that both issue and receive Operating Instructions shall have documented communication protocols.
Requirement R2
Entities that (only) receive Operating Instructions shall have documented communication protocols.
Requirement R3 and R4 Entities shall implement a process for identifying deficiencies with adherence to the documented communication protocols specified in Requirement R1 and R2 that: -Identifies potential deficiencies, -Assesses the deficiencies found, -Corrects the deficiencies, and -Evaluates the process based on deficiencies found external to Part.1
17 RELIABILITY | ACCOUNTABILITY
COM-003-1 Key Elements
• R1 and R2
• Each entity must have documented communication protocols for Operating Instructions that incorporate the certain elements
18 RELIABILITY | ACCOUNTABILITY
COM-003-1 Feedback
Feedback diagram (R3 Part 3.4 and R4 Part 4.4)
Deficiencies found outside the entity’s process
Entity’s Process Results •Deficiencies
Entity’s Process •Identify •Assess •Correct
Disparity •Review Process
No Disparity •Reasonable Assurance
19 RELIABILITY | ACCOUNTABILITY
COM-003-1 R3 and R4
R3 and R4:
• Identifies, assesses and corrects deficiencies Generally not a finding of non-compliance
Evaluate deficiencies found outside the Entity’s implemented process o Modify the process when necessary; or
o Demonstrate that no modification is necessary
• More Compliance Enforcement Authority (CEA) guidance in RSAW section
20 RELIABILITY | ACCOUNTABILITY
COM-003-1 Draft RSAW
21 RELIABILITY | ACCOUNTABILITY
COM-003-1 RSAW
• The OPCPSDT and NERC compliance staff worked together
• Goal: Compliance expectations aligned between the standard and RSAW
22 RELIABILITY | ACCOUNTABILITY
COM-003-1 RSAW (Continued)
Excerpt from R3 from COM-003-1 RSAW Note 1: The entity has implemented its internal process to identify, assess and correct deficiencies in the entity’s execution of its communication protocols.
•Verify that the entity is identifying, assessing, and correcting deficiencies in its execution of its process: Obtain a copy of the entity’s process
Understand the entity’s process
Deviation from process is not necessarily a possible non-compliance
23 RELIABILITY | ACCOUNTABILITY
COM-003-1 RSAW (Continued)
• CEA to review a sample of the entity’s communication activities based on the auditor’s confidence in the entity’s ability to identify, assess, and correct its deficiencies
• Where the auditor can verify that the entity is identifying, assessing, and correcting its own deficiencies, the auditor will not have a finding of non-compliance
24 RELIABILITY | ACCOUNTABILITY
COM-003-1 RSAW (Continued)
• If an entity is not adequately identifying, assessing, and correcting its own deficiencies due to limitations in its process, the auditor will not necessarily have a finding of non-compliance. The auditor will provide the entity with recommendations as necessary .
• Deficiencies self-identified and addressed through identification, assessing and correction activities should not be noted as possible non-compliance.
• Based on the results of the compliance monitoring, the CEA is to determine whether any follow up compliance monitoring is necessary.
25 RELIABILITY | ACCOUNTABILITY
COM-003-1 RSAW (Continued)
Excerpt form R3 from COM-003-1 RSAW Note 2: The entity has implemented its method for evaluating the process based on deficiencies found external to Part 3.1 and determining whether modification of the process is necessary.
• Where same or similar deficiencies continue to occur after the entity was provided the feedback by the CEA, the CEA will seek to understand what changes the entity made to their process based on prior recommendations.
• If changes to the entity’s process are not implemented to identify, assess and correct deficiencies, the auditors may make a determination of possible non-compliance with Requirement 3, Part 3.4.
26 RELIABILITY | ACCOUNTABILITY
COM-002-3 and COM-003-1
27 RELIABILITY | ACCOUNTABILITY
Comparative Table
Normal Communication Reliability Directives
COM-003-1 COM-002-3
Command by a System Operator to change or preserve the state, status, output, or input of an Element of the Bulk Electric System
or Facility of the Bulk Electric System.
3-Part 3-Part
English, 24-hour clock, time-zone, owner’s identifier, and alpha-numeric identifiers
28 RELIABILITY | ACCOUNTABILITY
COM-003-1 R1 VRFs/VSLs
R # Time Horizon
VRF Violation Severity Levels
Lower VSL Moderate VSL High VSL Severe VSL
R1 Long Term Planning
Low The responsible entity did not include one (1) of the nine (9) parts of Requirement R1, Parts 1.1 to 1.9 in their documented communication protocols
The responsible entity did not include two (2) of the nine (9) parts of Requirement R1, Parts 1.1 to 1.9 in their documented communication protocols
The responsible entity did not include three (3) of the nine (9) parts of Requirement R1, Parts 1.1 to 1.9 in their documented communication protocols
The responsible entity did not include four (4) or more of the nine (9) parts of Requirement R1, Parts 1.1 to 1.9 in their documented communication protocols OR The responsible entity did not have documented communication protocols as required in Requirement R1.
29 RELIABILITY | ACCOUNTABILITY
COM-003-1 R2 VRFs/VSLs
R # Time Horizon
VRF Violation Severity Levels
Lower VSL Moderate VSL High VSL Severe VSL
R2 Long Term Planning
Low N/A N/A The responsible entity did not include one (1) of the two (2) parts of Requirement R2, Parts 2.1 to 2.2 in their documented communication protocols
The responsible entity did not include Parts 2.1 to 2.3 (3) of Requirement R2, in their documented communication protocols OR The responsible entity did not have documented communication protocols as required in Requirement R2.
30 RELIABILITY | ACCOUNTABILITY
COM-003-1 VRFs/VSLs
• R3 and R4 Time Horizons - Operations Planning
Medium VRFs
Binary VSL
31 RELIABILITY | ACCOUNTABILITY
COM-003-1
• Today’s important takeaways: New!! -- Draft 3 of COM-003-1 represents a new paradigm
for reliability standards
New!! -- COM-003-1 RSAW was developed in concert with the standard
Standard COM-003-1 addresses an important reliability gap
32 RELIABILITY | ACCOUNTABILITY
Comment and Ballot Process for COM-003-1
33 RELIABILITY | ACCOUNTABILITY
Stakeholder Consensus Process
New/Successive Ballot: At this step, the standard is either “new” or significantly changed from the last version posted for comment/ ballot. The ballot record starts with no votes and no comments.
Recirculation Ballot: At this step, there have been no significant changes to the standard from the last ballot. The ballot record starts with all votes and comments from the previous ballot.
Informal Feedback
Post Standard for Comment
Consider/Respond to Comments
Post Standard for Comment/Ballot
Consider/Respond to Comments
Recirculation Ballot
Posted for 30-day Formal Comment and 10-day Successive Ballot
34 RELIABILITY | ACCOUNTABILITY
Comment and Ballot Period
• August 22, 2012 through September 20, 2012 Formal 30-day comment period
• September 11, 2012 through September 20, 2012 Initial Ballot and Non-binding Poll open
o Definition
o Implementation Plan
o VSLs and VRFs
35 RELIABILITY | ACCOUNTABILITY
Navigating Stakeholder Input Toward Consensus
• Stakeholder feedback is essential
• Almost 270 pages of comments and responses
• Very comprehensive comments from last posting
• Drafting team considered all viewpoints
36 RELIABILITY | ACCOUNTABILITY
Submitting Comments
• Ballot comments Submit through “checkbox form” – not within ballot
No need to submit same comment more than once
• Comments on proposed standards Submit through electronic form
Be brief
Focus on question asked
Indicating agreement with others is preferred over copying the comments (e.g., “ABC agrees with XYZ’s comments...” or “ABC agrees with XYZ’s comments except for …”)
37 RELIABILITY | ACCOUNTABILITY
Comment Form
• Unofficial comment form Provided to assist comment development
Formatting will not transfer from unofficial form to official form (web-based)
• Warning included on comment form:
38 RELIABILITY | ACCOUNTABILITY
Sample Comment Form
1. The SDT modified the requirement for use of the R1 Part 1.2 NATO phonetic alphabet to allow use of another correct alpha numeric clarifier. Do you agree with this modification?
Yes No
2. The SDT modified the requirement R1 Part 1.1.4 for use of identifiers for interface Elements/Facilities only. The identifiers will be assigned by the transmission owner of the Elements/Facilities. Do you agree with this modification?
Yes No
3. Do you agree with the VRFs and VSLs for Requirements R1, R2and R3?
Yes No
4. Do you have any other comments or suggestions to improve the draft standard?
Comments:
39 RELIABILITY | ACCOUNTABILITY
Standard Drafting Team Response Process
• Issues and responses for each individual requirement
• Effective feedback: Specific to question
Provide proposed change/rationale
• Less effective feedback: Repeating comment multiple times/responses to entire
standard in every question
No reference to where suggested change should occur
Non-specific concerns, e.g. “I do not like this standard.”
40 RELIABILITY | ACCOUNTABILITY
COM-003-1 Schedule
41 RELIABILITY | ACCOUNTABILITY
Next Steps
• September 2012: Successive Ballot
• October 2012: Recirculation Ballot
• November 2012: Present Standard to the NERC BOT
42 RELIABILITY | ACCOUNTABILITY
Questions?
• Please submit your questions via the ReadyTalk chat window (referencing the slide number if possible)
• Moderator and point of contact – Joseph Krisiak, NERC [email protected]
• Key dates:
August 22, 2012 through September 20, 2012 – Formal Comment Period
September 11, 2012 through September 20, 2012 – Ballots Open
• Slides and recording of this webinar will be posted to the NERC website (usually within three business days)