welcome to the…. frcc quarterly compliance webex forum august 19-20, 2009 1

Welcome to the….

FRCC Quarterly ComplianceWebEx Forum

August 19-20, 2009

1

Compliance Tracking System(CTS)

FRCC Compliance WebEx Forum

August 2009

2

Presentation Purpose

The following presentation is provided by FRCC Compliance Staff for the Registered Entities to provide a current status of the CTS and the Periodic Reporting through CTS.

3

CTS Status

• The CTS is still undergoing enhancements prior to its implementation

• Current expected implementation is this Fall

4

Periodic Reporting

• Monthly periodic data submittals are expected to begin Fall 2009

• Quarterly periodic data submittals are expected to begin Fall 2009

• Multi-regional group developing common forms for use on the CTS system

5

Up Next……

6

NERC Compliance Process Bulletins

NERC Compliance Process Bulletins


August 2009

7


The following presentation is provided by FRCC Compliance Staff for the Registered Entities to enhance the understanding of NERC 2009 Process Bulletins.

8

Overview

1. 2009-01 FERC Revised Policy Statement

2. 2009-002 Extension of Self-Certification Deadlines

3. 2009-003 Pro Forma Settlement Process

4. 2009-004 Providing Access to and Copies of Evidence

5. 2009-005 Current In-Force Document Data Retention Requirements

6. 2009-006 Interim Approach to Technical Feasibility Exceptions

7. Location of NERC Process Bulletins

9

2009-01 Version 1.0 Feb. 6, 2009

10

• Clarifies Usage and Impact of FERC Revised Policy Statement on Enforcement and FERC Policy Statement on Compliance within ERO Compliance Monitoring and Enforcement Program (CMEP)

2009-01 Version 1.0 Feb. 6, 2009

11

– Policy Statement on Enforcement 10/20/2005• Established authority & credits for internal

compliance, self-reporting and cooperation

– Revised Policy Statement on Enforcement 05/15/2008• Further defined enforcement authority and types of

actions. Clarified Commitment to Compliance

– Policy Statement on Compliance 10/16/2008• Defined Factors for Vigorous Compliance Program

and relationship to Penalty Credit

2009-002 Version 1.0 May 19, 2009

• Extension of Self-Certification Deadlines– Self-Certification due dates are fixed

• Missed due dates subject to violation(s)

– Limited Extensions by Regions• Beyond the Region’s control / not discriminate• Notified in writing of the new deadline

12

2009-002 Version 1.0 May 19, 2009

• Extension of Self-Certification Deadlines (continued)– Entity Request Extension

• Request in writing, 10 days before original deadline

• Only for circumstances beyond Entity’s control• Will not risk the reliability of bulk power system• Will not interfere with Regions' implementation of

CMEP• CMEP Attachment #1 (4-steps)

13

2009-003 Version 2.0 June 29, 2009

• Pro Forma Settlement Process for Documentary Requirements– Purpose to reduce administrative burdens and

expedite the settlement process– Limited to specific Reliability Standards

(Appendix A) with Lower or Medium VRF– Limited to documentation issues not

performance issues– Limited to Self-Reports and Self-Certifications

14

2009-003 Version 2.0 June 29, 2009

• Pro Forma Settlement Process for Documentary Requirements (continued)– No repeat violations– Smaller Settlement Agreement– Penalty based on minimum dollar values in

the Base Penalty Amount Table (Appendix A) of NERC Sanction Guidelines

– Final penalty adjusted to reflect duration

15

2009-004 Version 1.0 June 29, 2009

• Providing Access and Copies of Evidence to Regional Entity, NERC, and FERC Staff– Compliance Audits and Compliance Violation

Investigation (CVI)• Authority established in Code of Federal

Regulations, FERC Order 672 and CMEP• CMEP Attachment 1 – ‘Process for Non-submittal

of Requested Data’

16

2009-004 Version 1.0 June 29, 2009

• Providing Access and Copies of Evidence to Regional Entity, NERC, and FERC Staff– Entity’s right and responsibility to mark CEII

information per Section 1500 of Rules of Procedure (RoP)

– Each page as appropriate should be visibly marked as ‘Confidential, CEII’

17

2009-005 Version 1.0 June 29,2009

• Current In-Force Document Data Retention Requirements for Registered Entities– Good management practice to retain all

versions of a policy, plan procedure or other singular document

– If violation is found, historical documents could affect the duration

– Include revision history, identify nature and location of the change on each document

18

2009-005 Version 1.0 June 29,2009

• Current In-Force Document Data Retention Requirements for Registered Entities (continued)– Retain revision history, log of prior current

in-force revisions of the document– Copy of the Entity's data retention policy– Prior versions may be requested to establish

duration of non-compliance with the standard– Future Self-Certifications will require retention

of evidence19

2009-006 Version 1.0 July 1,2009

• Interim Approach to Technical Feasibility Exceptions (TFEs)– Provides guidance concerning the

applicability and implementation of certain NERC CIP Reliability Standards and requirements that refer to technical feasibility and/or technical limitations pending the adoption of a permanent program to address TFEs

20

2009-006 Version 1.0 July 1,2009

• Interim Approach to TFEs (continued)– Formal process coming, mid-September– Form in CTS

• Part A: TFE request and indicate what you are going to do to mitigate it and identify the number of assets covered under the TFE

– Submit TFE at least 30 days prior to the site visit of audit or spot check

21

2009-006 Version 1.0 July 1,2009

• Interim Approach to TFEs (continued)• Allowed TFEs for:

– CIP-005-1, R2.4, R2.6, R3.1, and R3.2– CIP-007-1, R2.3, R4, R5.3, R6, and R6.3

22

How to submit a TFE

• TFE must include the following:1. Identification of the NERC Reliability Standard requirements for which the TFE is being asserted;

2. A description of the assets, critical assets, and critical cyber assets affected by the TFE, including vendor documentation detailing specific limitations of relevant equipment;

3. An explanation regarding why the requested exception is necessary;

4. Documentation reflecting the date that the requested exception was approved by the senior manager or delegate(s);

23

How to Submit a TFE (con’t)

• 5. A brief description of the mitigating and compensating measures taken by the Registered Entity to address all risks to the reliability of the Bulk Electric System;

• 6. A list of any other Region in which the Registered Entity is seeking the requested TFE; and

• 7. The time period for which the TFE is requested to remain in place.

24

Key Factors for Considerations

• These factors include when “strict compliance” with an applicable requirement:

(i) is not technically possible, is operationally infeasible, is precluded by technical limitations, or could adversely affect reliability of the Bulk Electric System to an extent that outweighs the reliability benefits of Strict Compliance with the Applicable Requirement; or

• (ii) while technically possible and operationally feasible, cannot be achieved by the date by which the Responsible Entity is required to be in compliance with the Applicable Requirement, due to factors such as scarce technical resources, limitations on the availability of required equipment or components, or the need to construct, install or modify equipment during planned outages; or

25

Key Factors for Considerations

(iii) would pose safety risks or issues that outweigh the reliability benefits of Strict Compliance with the Applicable Requirement; or

(iv) would conflict with, or cause the Responsible Entity to be non-compliant with, a separate statutory or regulatory requirement applicable to the Responsible Entity, the Covered Asset or the related Facility that must be complied with and cannot be waived or exempted; or

Registered Entity’s plans to mitigate or compensate for any risk to reliability of the BES associated with the assertion of a TFE

26

Location of NERC Process Bulletins

• The NERC Process Bulletins are located on NERC’s website at the following URL address, under the Public Notices area:

http://www.nerc.com/page.php?cid=3|22

27

http://www.nerc.com/page.php?cid=3%7C22

Up Next……

28

FAC-003-1 FAQTransmission Related Outages

Entity Responsibility

FAC-003-1 FAQTransmission Related Outages


August 2009

29


The following presentation is provided by FRCC Compliance Staff for the Registered Entities to discuss #2008-001 NERC Public Process Announcement and a draft FAQ to provide the FRCC expectations concerning evidence requirements concerning a reportable transmission outage caused by vegetation associated with FAC-003-1.

30

FRCC FAQ Web Page

31

FRCC FAC-003 Guidelines for Registered Entity Preparing Evidence for a Self-report Concerning Vegetation Management

32

PRELIMINARY


Immediate Actions: After line restoration leave all debris associated with the tree incident at

or in close proximity to the incident site. Also, leave all debris in place associated with the trees pruned or removed within the span where the incident occurred.

Follow-up Field Investigation:

1) Photos of the a) incident site and surrounding area b) adjacent towers or poles c) tree(s) involved in incident d) fault current damage such as charring, discoloration or de-barking on the subject tree(s) e) If removed a clear picture of the top of the stump to show growth rings.

NOTE: all photos should be date and time stamped and indicates which direction the camera is facing. Also a description of what the photo is demonstrating or showing and how far from the main focal object the camera is.

2) Document the following at the incident site: a) GPS location and elevation at incident site and adjacent tower or poles b) Grade changes and general terrain characteristics at incident site and adjacent tower or

poles c) Height of tree before the incident and its diameter at approximately 4 ½ feet above

ground level. d) Height of any charring or discoloration. e) If pruned/removed, height and diameter of remaining portion of the tree or stump. f) Height of pruned or removed tree along with height of any charring or discoloration. g) The distance from the closest tower/pole to the incident. h) The distance from the incident site to outer both edges of the easement (right of way). i) The line phase(s) which contacted the tree. j) The height of conductors (all phases) at the incident location. (Note: the time and date of

measurement, ambient temperature, wind speed and direction and line loading). k) Any other evidence at the incident site that may have value for later analysis.

NOTE: a drawing or sketch showing the above measurements would be beneficial to clearly depict the relationship of key components to each other.

3) Compilation of documents relating to the incident site:

a) Documents that describe vegetation management work completed at the incident site in the two years prior to the incident.

DRAFT

b) Documentation of recent patrols or inspections for the line which the incident occurred. Also patrols or inspections for the line immediately after the incident.

c) The Plan and Profile drawing of the spans where the incident occurred.

d) Conductor sag calculations for the following conditions: normal, emergency, and load at time of incident.

e) Weather conditions at time of incident- ambient temperature, wind speed and direction

f) Easement document –easement width & property owner restrictions

g) Control Center data

i) Relay operation reports

ii) Time the transmission line was returned to service

iii) Load information just prior to the time of incident-what is the SCADA normal & emergency rating and alarms for the transmission line

iv) Did a re-dispatched occur due to the loss of the transmission line and the consequence of the re-dispatch?

v) Switching logs and operator actions taken as a result of the incident for the full duration of the line outage (written and/or electronic).

vi) Fault location (in miles) from connecting line substations

vii) Two year outage history of the transmission line which the incident occurred.

33


DRAFT

viii) All Reliability Coordinator conversations, discussions or directives relating to the outage of this transmission line.

ix) Any other actions caused by the outage of this transmission line such as voltage problems, abnormal loadings on other transmission lines, impact to customers fed by the transmission line or other customer related problems in the event area.

4) Interviews

a) Key Vegetation Management personnel involved with the incident

b) Responding line department supervision to the incident

c) Vegetation Management Inspection supervisor(s) – contractor and/or company

Provide comments to [email protected] by September 15, 2009.

34


DRAFT

Overview

Draft FAQ – Guidance for Preparing Evidence• Immediate Action• Follow-up Field Investigation• Compilation of Documents• Interviews

NERC Compliance Process #2008-001• FRCC 48 - Hour Reporting form

35

FAQ – Guidance for Preparing Evidence

36

Immediate Action –

1.Leave debris associated with the incident at the incident site including the pruning or removal of the tree(s)

2.Report within 48 hours to the FRCC if the outage is a Category 1 or Category 2

FAQ – Guidance for Preparing Evidence

Follow-up Field Investigations

• Photos of the incident site– Area, towers/poles, tree(s), damage, etc

• Document the incident site– Key measurements of components involved in incident

• Compilation of documents relating to the incident site– Work documents, relay reports, drawings, inspections

• Interviews of key personnel

37

NERC Compliance Process #2008-001

• NERC encourages Transmission Owners to self-report all Category 1 and 2 transmissions outages related to vegetation to FRCC within 48 hours using the FRCC reporting form.

• FRCC will use CTS and a FAC-003-1 Vegetation Transmission Outage form for this purpose.

• FRCC will use CTS for the quarterly reporting, too.

38

Up Next……

39

Whitepapers on:

PRC-005-1&

CIP-004-1

Whitepapers on NERC Standards

Summary Reports for Violations of Reliability Standards:

Standard PRC-005 System Protection Maintenance and

Testing

Standard CIP-004 Cyber Security – Personnel and Training

Source: Summary Report for Violations of Reliability Standard PRC-005 – System Protection Maintenance and Testing - draftBoard of Trustees Compliance CommitteeAugust 4, 2009

As of July 22, 2009,

PRC-005-1 Analysis PRC-005-1 by Requirement Number

of Violations

R1 – Maintenance & Testing Program 156

R1.1 – Maintenance and Testing Intervals 3

R1.2 – Maintenance and Testing Procedures 2

R2 – Documentation Provided on Request 129

R2.1 – Evidence of Testing within intervals 68

R2.2 – Date of last test / maintenance op 2

Grand Total 360

Documentation Lacking Basis Maintenance No Program0

20

40

60

80

100

120

140

160

180

153

21

158

28

Violations by Classification

PRC-005-1 Analysis

CIP-004-1 by Requirement Number of Violations

Requirement 1 – Awareness (All Sub levels) 0

Requirement 2 – Training (All Sub levels) 23

Requirement 3 – Risk Assessment (All Sub levels) 29

Requirement 4 – Access (All Sub levels) 28

Grand Total 80

CIP-004-1 Analysis

Access Documentation Risk Assessment Training0

5

10

15

20

25

30

21

17

25

17

Violations by Classification

CIP-004-1 Analysis

References

• PRC-005 Analysis (draft)http://www.nerc.com/docs/bot/botcc/ITEM_3_Supplement_PRC-005_Analysis_(revised).pdf

• CIP-004 Analysis (draft) http

://www.nerc.com/docs/bot/botcc/ITEM_3_Supplement_CIP-004_Analysis.pdf

http://www.nerc.com/docs/bot/botcc/ITEM_3_Supplement_PRC-005_Analysis_(revised).pdf

http://www.nerc.com/docs/bot/botcc/ITEM_3_Supplement_CIP-004_Analysis.pdf



Up Next……

48

Break

10 minutes till the forum resumes

1 minute till the forum resumes

The forum is about to resume!

2010 Compliance Audits


August 2009

60


The following presentation is provided by FRCC Compliance Staff for the Registered Entities to provide a current status of the 2010 compliance audit program, evidence requirements, mitigation plans and audit preparation

61

2010 Compliance Audit Schedule

• The first half of 2010 will complete the cycle for all FRCC registered Balancing Authorities (BAs) and Transmission Operators (TOPs) that are in the once every three year compliance audit cycle

• The second half of 2010 will begin the second cycle of auditing for those FRCC BAs and TOPs audited after June 18, 2007

62


• Those Registered Entities that are in the once every six year compliance audit cycle will still continue

• Some Multi-regional audits are scheduled for PSEs

• Draft 2010 audit schedule posted on FRCC website for comment– Please provide any comments to FRCC by

Friday September 4, 200963


• The Reliability Standards to be included in the year 2010 implementation program are undergoing a review and consideration, some minor adjustments and additions were made– Final list will be posted by NERC, prior to

October 1, 2009 for Registered Entities to review

64

Evidence Requirement

• Please refer to the Quality of Evidence presentation from the 2008 FRCC Fall Compliance Workshop– https://www.frcc.com/Compliance/default.aspx

?RootFolder=%2fCompliance%2fShared%20Documents%2f2008%20Compliance%20Workshop%20Presentations&FolderCTID=&View=%7b7FA24B58%2dC9D9%2d4205%2d84AF%2d8D212758CE14%7d

65

https://www.frcc.com/Compliance/default.aspx?RootFolder=/Compliance/Shared%20Documents/2008%20Compliance%20Workshop%20Presentations&FolderCTID=&View=%7B7FA24B58-C9D9-4205-84AF-8D212758CE14%7D






Evidence Requirement

• Electronic submittals via secure ftp site• NERC Guidance contained in some

Reliability Standard Audit Worksheets (RSAWs)

66

Mitigation Plans

• FRCC encourages self-reports and mitigation plan submittals whenever it is determined there is a possible violation or an alleged violation– Mitigate the possible violation ASAP and get

yourself back in compliance– Get the mitigation plan accepted and

approved, for umbrella of protection

67

Audit Preparations

• Assign owners of standards/requirements• Assign procedures/documents to your

SMEs• Perform an internal audit (Mock Audit)• Prepare your data submittal• Reference RSAWs• Quality of Evidence, refer to previous slide

68

RSAWs

• Current status– An additional review for format was completed

last month and the RSAWs were submitted to NERC for review, approval, and posting• Comments from the RSAW review group of FRCC

CC were sent to the chair of that group. Next review of RSAWs should include the review of the re-wording of questions and assessment approach notes

69

Up Next……

70

2010 CIP-002 through CIP-009 Compliance Monitoring Activities

2010 CIP-002 through CIP-009 Compliance Monitoring

Activities


August 2009

71


The following presentation is provided by FRCC Compliance Staff for the Registered Entities to provide a current status of the 2010 CIP-002 through CIP-009 Compliance Monitoring Activities

72

2010 CIP Spot Checks

• During the first half of 2010, FRCC will complete its CIP spot check of the “13” requirements for all FRCC BAs and TOPs that were, under the Urgent Action 1200 program, and applicable to NERC’s CIP implementation plan

73

2010 CIP Spot Checks

• The second half of 2010, FRCC will begin auditing to the “41” CIP requirements for those registered entities stated in previous slide– This will occur at or near the time of your

on-site compliance audit

74

Use of SMEs

• FRCC plans to continue using Subject Matter Experts (SMEs) on its CIP Spot Checks

75

CIP Self-Certification

• NERC will continue requiring CIP Self-Certifications through at least 2010

• Registered Entities asserting compliance based on utilization of a TFE: Submit request via CTS FRCC will assess with in 60 days for acceptance FRCC will perform detailed review within 360 days of

submittal

76

Up Next……

77

Discussion on general compliance questions

General Compliance Questions

a) NERC guidance to auditors

b) CIP-001, R2 proposed interpretation

c) Internal Compliance Program

d) Process used by the FRCC to improve Reliability

e) Quality Evidence

f) Questions on Standards

78

Up Next……

79

Plans for upcoming workshops

Plans for upcoming workshops

FRCC Compliance WebEx ForumAugust 2009

80

• November 2009 WebEx / Workshop

• Spring 2010 Workshop

Open Discussion

FRCC Compliance WebEx ForumAugust 2009

81

FRCC- Disclaimer

This material presented by FRCC is accurate to the best of our understanding and all the information is provided in good faith. If in conflict with NERC, FERC or other statutory requirements, standards and rules of procedure take precedence over any material or information provided in this presentation.

This presentation and attached material contains information that is intended to support the compliance process and address queries related to the implementation of the CMEP.

Therefore, before relying on the material, users should independently verify its accuracy, completeness, relevance for their purposes and that it is up-to-date.

82

welcome to the…. frcc quarterly compliance webex forum august 19-20, 2009 1

Documents

compliance policy statement

internal compliance

frcc compliance staff

enforcement program

penalty credit slide

vigorous compliance

ero compliance monitoring

ferc policy statement