Welcome to the…. FRCC Quarterly Compliance WebEx Forum August 19-20, 2009 1
Dec 25, 2015
Presentation Purpose
The following presentation is provided by FRCC Compliance Staff for the Registered Entities to provide a current status of the CTS and the Periodic Reporting through CTS.
3
CTS Status
• The CTS is still undergoing enhancements prior to its implementation
• Current expected implementation is this Fall
4
Periodic Reporting
• Monthly periodic data submittals are expected to begin Fall 2009
• Quarterly periodic data submittals are expected to begin Fall 2009
• Multi-regional group developing common forms for use on the CTS system
5
Presentation Purpose
The following presentation is provided by FRCC Compliance Staff for the Registered Entities to enhance the understanding of NERC 2009 Process Bulletins.
8
Overview
1. 2009-01 FERC Revised Policy Statement
2. 2009-002 Extension of Self-Certification Deadlines
3. 2009-003 Pro Forma Settlement Process
4. 2009-004 Providing Access to and Copies of Evidence
5. 2009-005 Current In-Force Document Data Retention Requirements
6. 2009-006 Interim Approach to Technical Feasibility Exceptions
7. Location of NERC Process Bulletins
9
2009-01 Version 1.0 Feb. 6, 2009
10
• Clarifies Usage and Impact of FERC Revised Policy Statement on Enforcement and FERC Policy Statement on Compliance within ERO Compliance Monitoring and Enforcement Program (CMEP)
2009-01 Version 1.0 Feb. 6, 2009
11
– Policy Statement on Enforcement 10/20/2005• Established authority & credits for internal
compliance, self-reporting and cooperation
– Revised Policy Statement on Enforcement 05/15/2008• Further defined enforcement authority and types of
actions. Clarified Commitment to Compliance
– Policy Statement on Compliance 10/16/2008• Defined Factors for Vigorous Compliance Program
and relationship to Penalty Credit
2009-002 Version 1.0 May 19, 2009
• Extension of Self-Certification Deadlines– Self-Certification due dates are fixed
• Missed due dates subject to violation(s)
– Limited Extensions by Regions• Beyond the Region’s control / not discriminate• Notified in writing of the new deadline
12
2009-002 Version 1.0 May 19, 2009
• Extension of Self-Certification Deadlines (continued)– Entity Request Extension
• Request in writing, 10 days before original deadline
• Only for circumstances beyond Entity’s control• Will not risk the reliability of bulk power system• Will not interfere with Regions' implementation of
CMEP• CMEP Attachment #1 (4-steps)
13
2009-003 Version 2.0 June 29, 2009
• Pro Forma Settlement Process for Documentary Requirements– Purpose to reduce administrative burdens and
expedite the settlement process– Limited to specific Reliability Standards
(Appendix A) with Lower or Medium VRF– Limited to documentation issues not
performance issues– Limited to Self-Reports and Self-Certifications
14
2009-003 Version 2.0 June 29, 2009
• Pro Forma Settlement Process for Documentary Requirements (continued)– No repeat violations– Smaller Settlement Agreement– Penalty based on minimum dollar values in
the Base Penalty Amount Table (Appendix A) of NERC Sanction Guidelines
– Final penalty adjusted to reflect duration
15
2009-004 Version 1.0 June 29, 2009
• Providing Access and Copies of Evidence to Regional Entity, NERC, and FERC Staff– Compliance Audits and Compliance Violation
Investigation (CVI)• Authority established in Code of Federal
Regulations, FERC Order 672 and CMEP• CMEP Attachment 1 – ‘Process for Non-submittal
of Requested Data’
16
2009-004 Version 1.0 June 29, 2009
• Providing Access and Copies of Evidence to Regional Entity, NERC, and FERC Staff– Entity’s right and responsibility to mark CEII
information per Section 1500 of Rules of Procedure (RoP)
– Each page as appropriate should be visibly marked as ‘Confidential, CEII’
17
2009-005 Version 1.0 June 29,2009
• Current In-Force Document Data Retention Requirements for Registered Entities– Good management practice to retain all
versions of a policy, plan procedure or other singular document
– If violation is found, historical documents could affect the duration
– Include revision history, identify nature and location of the change on each document
18
2009-005 Version 1.0 June 29,2009
• Current In-Force Document Data Retention Requirements for Registered Entities (continued)– Retain revision history, log of prior current
in-force revisions of the document– Copy of the Entity's data retention policy– Prior versions may be requested to establish
duration of non-compliance with the standard– Future Self-Certifications will require retention
of evidence19
2009-006 Version 1.0 July 1,2009
• Interim Approach to Technical Feasibility Exceptions (TFEs)– Provides guidance concerning the
applicability and implementation of certain NERC CIP Reliability Standards and requirements that refer to technical feasibility and/or technical limitations pending the adoption of a permanent program to address TFEs
20
2009-006 Version 1.0 July 1,2009
• Interim Approach to TFEs (continued)– Formal process coming, mid-September– Form in CTS
• Part A: TFE request and indicate what you are going to do to mitigate it and identify the number of assets covered under the TFE
– Submit TFE at least 30 days prior to the site visit of audit or spot check
21
2009-006 Version 1.0 July 1,2009
• Interim Approach to TFEs (continued)• Allowed TFEs for:
– CIP-005-1, R2.4, R2.6, R3.1, and R3.2– CIP-007-1, R2.3, R4, R5.3, R6, and R6.3
22
How to submit a TFE
• TFE must include the following:1. Identification of the NERC Reliability Standard requirements for which the TFE is being asserted;
2. A description of the assets, critical assets, and critical cyber assets affected by the TFE, including vendor documentation detailing specific limitations of relevant equipment;
3. An explanation regarding why the requested exception is necessary;
4. Documentation reflecting the date that the requested exception was approved by the senior manager or delegate(s);
23
How to Submit a TFE (con’t)
• 5. A brief description of the mitigating and compensating measures taken by the Registered Entity to address all risks to the reliability of the Bulk Electric System;
• 6. A list of any other Region in which the Registered Entity is seeking the requested TFE; and
• 7. The time period for which the TFE is requested to remain in place.
24
Key Factors for Considerations
• These factors include when “strict compliance” with an applicable requirement:
(i) is not technically possible, is operationally infeasible, is precluded by technical limitations, or could adversely affect reliability of the Bulk Electric System to an extent that outweighs the reliability benefits of Strict Compliance with the Applicable Requirement; or
• (ii) while technically possible and operationally feasible, cannot be achieved by the date by which the Responsible Entity is required to be in compliance with the Applicable Requirement, due to factors such as scarce technical resources, limitations on the availability of required equipment or components, or the need to construct, install or modify equipment during planned outages; or
25
Key Factors for Considerations
(iii) would pose safety risks or issues that outweigh the reliability benefits of Strict Compliance with the Applicable Requirement; or
(iv) would conflict with, or cause the Responsible Entity to be non-compliant with, a separate statutory or regulatory requirement applicable to the Responsible Entity, the Covered Asset or the related Facility that must be complied with and cannot be waived or exempted; or
Registered Entity’s plans to mitigate or compensate for any risk to reliability of the BES associated with the assertion of a TFE
26
Location of NERC Process Bulletins
• The NERC Process Bulletins are located on NERC’s website at the following URL address, under the Public Notices area:
http://www.nerc.com/page.php?cid=3|22
27
Presentation Purpose
The following presentation is provided by FRCC Compliance Staff for the Registered Entities to discuss #2008-001 NERC Public Process Announcement and a draft FAQ to provide the FRCC expectations concerning evidence requirements concerning a reportable transmission outage caused by vegetation associated with FAC-003-1.
30
FRCC FAC-003 Guidelines for Registered Entity Preparing Evidence for a Self-report Concerning Vegetation Management
32
PRELIMINARY
FRCC FAC-003 Guidelines for Registered Entity Preparing Evidence for a Self-report Concerning Vegetation Management
Immediate Actions: After line restoration leave all debris associated with the tree incident at
or in close proximity to the incident site. Also, leave all debris in place associated with the trees pruned or removed within the span where the incident occurred.
Follow-up Field Investigation:
1) Photos of the a) incident site and surrounding area b) adjacent towers or poles c) tree(s) involved in incident d) fault current damage such as charring, discoloration or de-barking on the subject tree(s) e) If removed a clear picture of the top of the stump to show growth rings.
NOTE: all photos should be date and time stamped and indicates which direction the camera is facing. Also a description of what the photo is demonstrating or showing and how far from the main focal object the camera is.
2) Document the following at the incident site: a) GPS location and elevation at incident site and adjacent tower or poles b) Grade changes and general terrain characteristics at incident site and adjacent tower or
poles c) Height of tree before the incident and its diameter at approximately 4 ½ feet above
ground level. d) Height of any charring or discoloration. e) If pruned/removed, height and diameter of remaining portion of the tree or stump. f) Height of pruned or removed tree along with height of any charring or discoloration. g) The distance from the closest tower/pole to the incident. h) The distance from the incident site to outer both edges of the easement (right of way). i) The line phase(s) which contacted the tree. j) The height of conductors (all phases) at the incident location. (Note: the time and date of
measurement, ambient temperature, wind speed and direction and line loading). k) Any other evidence at the incident site that may have value for later analysis.
NOTE: a drawing or sketch showing the above measurements would be beneficial to clearly depict the relationship of key components to each other.
3) Compilation of documents relating to the incident site:
a) Documents that describe vegetation management work completed at the incident site in the two years prior to the incident.
DRAFT
b) Documentation of recent patrols or inspections for the line which the incident occurred. Also patrols or inspections for the line immediately after the incident.
c) The Plan and Profile drawing of the spans where the incident occurred.
d) Conductor sag calculations for the following conditions: normal, emergency, and load at time of incident.
e) Weather conditions at time of incident- ambient temperature, wind speed and direction
f) Easement document –easement width & property owner restrictions
g) Control Center data
i) Relay operation reports
ii) Time the transmission line was returned to service
iii) Load information just prior to the time of incident-what is the SCADA normal & emergency rating and alarms for the transmission line
iv) Did a re-dispatched occur due to the loss of the transmission line and the consequence of the re-dispatch?
v) Switching logs and operator actions taken as a result of the incident for the full duration of the line outage (written and/or electronic).
vi) Fault location (in miles) from connecting line substations
vii) Two year outage history of the transmission line which the incident occurred.
33
FRCC FAC-003 Guidelines for Registered Entity Preparing Evidence for a Self-report Concerning Vegetation Management
DRAFT
viii) All Reliability Coordinator conversations, discussions or directives relating to the outage of this transmission line.
ix) Any other actions caused by the outage of this transmission line such as voltage problems, abnormal loadings on other transmission lines, impact to customers fed by the transmission line or other customer related problems in the event area.
4) Interviews
a) Key Vegetation Management personnel involved with the incident
b) Responding line department supervision to the incident
c) Vegetation Management Inspection supervisor(s) – contractor and/or company
Provide comments to [email protected] by September 15, 2009.
34
FRCC FAC-003 Guidelines for Registered Entity Preparing Evidence for a Self-report Concerning Vegetation Management
DRAFT
Overview
Draft FAQ – Guidance for Preparing Evidence• Immediate Action• Follow-up Field Investigation• Compilation of Documents• Interviews
NERC Compliance Process #2008-001• FRCC 48 - Hour Reporting form
35
FAQ – Guidance for Preparing Evidence
36
Immediate Action –
1.Leave debris associated with the incident at the incident site including the pruning or removal of the tree(s)
2.Report within 48 hours to the FRCC if the outage is a Category 1 or Category 2
FAQ – Guidance for Preparing Evidence
Follow-up Field Investigations
• Photos of the incident site– Area, towers/poles, tree(s), damage, etc
• Document the incident site– Key measurements of components involved in incident
• Compilation of documents relating to the incident site– Work documents, relay reports, drawings, inspections
• Interviews of key personnel
37
NERC Compliance Process #2008-001
• NERC encourages Transmission Owners to self-report all Category 1 and 2 transmissions outages related to vegetation to FRCC within 48 hours using the FRCC reporting form.
• FRCC will use CTS and a FAC-003-1 Vegetation Transmission Outage form for this purpose.
• FRCC will use CTS for the quarterly reporting, too.
38
Whitepapers on NERC Standards
Summary Reports for Violations of Reliability Standards:
Standard PRC-005 System Protection Maintenance and
Testing
Standard CIP-004 Cyber Security – Personnel and Training
Source: Summary Report for Violations of Reliability Standard PRC-005 – System Protection Maintenance and Testing - draftBoard of Trustees Compliance CommitteeAugust 4, 2009
As of July 22, 2009,
PRC-005-1 Analysis PRC-005-1 by Requirement Number
of Violations
R1 – Maintenance & Testing Program 156
R1.1 – Maintenance and Testing Intervals 3
R1.2 – Maintenance and Testing Procedures 2
R2 – Documentation Provided on Request 129
R2.1 – Evidence of Testing within intervals 68
R2.2 – Date of last test / maintenance op 2
Grand Total 360
Documentation Lacking Basis Maintenance No Program0
20
40
60
80
100
120
140
160
180
153
21
158
28
Violations by Classification
PRC-005-1 Analysis
CIP-004-1 by Requirement Number of Violations
Requirement 1 – Awareness (All Sub levels) 0
Requirement 2 – Training (All Sub levels) 23
Requirement 3 – Risk Assessment (All Sub levels) 29
Requirement 4 – Access (All Sub levels) 28
Grand Total 80
CIP-004-1 Analysis
Access Documentation Risk Assessment Training0
5
10
15
20
25
30
21
17
25
17
Violations by Classification
CIP-004-1 Analysis
References
• PRC-005 Analysis (draft)http://www.nerc.com/docs/bot/botcc/ITEM_3_Supplement_PRC-005_Analysis_(revised).pdf
• CIP-004 Analysis (draft) http
://www.nerc.com/docs/bot/botcc/ITEM_3_Supplement_CIP-004_Analysis.pdf
Presentation Purpose
The following presentation is provided by FRCC Compliance Staff for the Registered Entities to provide a current status of the 2010 compliance audit program, evidence requirements, mitigation plans and audit preparation
61
2010 Compliance Audit Schedule
• The first half of 2010 will complete the cycle for all FRCC registered Balancing Authorities (BAs) and Transmission Operators (TOPs) that are in the once every three year compliance audit cycle
• The second half of 2010 will begin the second cycle of auditing for those FRCC BAs and TOPs audited after June 18, 2007
62
2010 Compliance Audit Schedule
• Those Registered Entities that are in the once every six year compliance audit cycle will still continue
• Some Multi-regional audits are scheduled for PSEs
• Draft 2010 audit schedule posted on FRCC website for comment– Please provide any comments to FRCC by
Friday September 4, 200963
2010 Compliance Audit Schedule
• The Reliability Standards to be included in the year 2010 implementation program are undergoing a review and consideration, some minor adjustments and additions were made– Final list will be posted by NERC, prior to
October 1, 2009 for Registered Entities to review
64
Evidence Requirement
• Please refer to the Quality of Evidence presentation from the 2008 FRCC Fall Compliance Workshop– https://www.frcc.com/Compliance/default.aspx
?RootFolder=%2fCompliance%2fShared%20Documents%2f2008%20Compliance%20Workshop%20Presentations&FolderCTID=&View=%7b7FA24B58%2dC9D9%2d4205%2d84AF%2d8D212758CE14%7d
65
Evidence Requirement
• Electronic submittals via secure ftp site• NERC Guidance contained in some
Reliability Standard Audit Worksheets (RSAWs)
66
Mitigation Plans
• FRCC encourages self-reports and mitigation plan submittals whenever it is determined there is a possible violation or an alleged violation– Mitigate the possible violation ASAP and get
yourself back in compliance– Get the mitigation plan accepted and
approved, for umbrella of protection
67
Audit Preparations
• Assign owners of standards/requirements• Assign procedures/documents to your
SMEs• Perform an internal audit (Mock Audit)• Prepare your data submittal• Reference RSAWs• Quality of Evidence, refer to previous slide
68
RSAWs
• Current status– An additional review for format was completed
last month and the RSAWs were submitted to NERC for review, approval, and posting• Comments from the RSAW review group of FRCC
CC were sent to the chair of that group. Next review of RSAWs should include the review of the re-wording of questions and assessment approach notes
69
2010 CIP-002 through CIP-009 Compliance Monitoring
Activities
FRCC Compliance WebEx Forum
August 2009
71
Presentation Purpose
The following presentation is provided by FRCC Compliance Staff for the Registered Entities to provide a current status of the 2010 CIP-002 through CIP-009 Compliance Monitoring Activities
72
2010 CIP Spot Checks
• During the first half of 2010, FRCC will complete its CIP spot check of the “13” requirements for all FRCC BAs and TOPs that were, under the Urgent Action 1200 program, and applicable to NERC’s CIP implementation plan
73
2010 CIP Spot Checks
• The second half of 2010, FRCC will begin auditing to the “41” CIP requirements for those registered entities stated in previous slide– This will occur at or near the time of your
on-site compliance audit
74
CIP Self-Certification
• NERC will continue requiring CIP Self-Certifications through at least 2010
• Registered Entities asserting compliance based on utilization of a TFE: Submit request via CTS FRCC will assess with in 60 days for acceptance FRCC will perform detailed review within 360 days of
submittal
76
General Compliance Questions
a) NERC guidance to auditors
b) CIP-001, R2 proposed interpretation
c) Internal Compliance Program
d) Process used by the FRCC to improve Reliability
e) Quality Evidence
f) Questions on Standards
78
Plans for upcoming workshops
FRCC Compliance WebEx ForumAugust 2009
80
• November 2009 WebEx / Workshop
• Spring 2010 Workshop
FRCC- Disclaimer
This material presented by FRCC is accurate to the best of our understanding and all the information is provided in good faith. If in conflict with NERC, FERC or other statutory requirements, standards and rules of procedure take precedence over any material or information provided in this presentation.
This presentation and attached material contains information that is intended to support the compliance process and address queries related to the implementation of the CMEP.
Therefore, before relying on the material, users should independently verify its accuracy, completeness, relevance for their purposes and that it is up-to-date.
82