Global Audit-Ready Standards Updates

This newsletter contains information of interest to compliance professionals in the electric utility industry. Cooper Compliance clients and non-clients alike will find useful, timely information, including the following:

Cooper Compliance News, Global Audit-Ready Enhancements, Industry News: Events, Cyber Security in the News, and Grid Reliability, New or Revised NERC Standards, Retiring Standards, Recently Enforceable Standards, Recent Changes to NERC Glossary, NERC Standards Under Development, and New RSAWs.

Cooper Compliance News

Cooper Compliance Global Audit-Ready products are cost-efficient and enable you to quickly focus on and enhance your compliance program instead of wasting time and money developing your own compliance systems and workflows in-house. Because Global Audit-Ready is an add-on, it allows you to put your resources to work in the most efficient way. Contact us to see how you can start enhancing your program with an installation that takes less than 15 minutes of your IT resources time!.

NERC Requirements List Updated

Added RSAWS for CIP-003-7, PRC-027-1, and EOP-006-3. The EOP-006-3 RSAW is version 2 and had previously been released by NERC as version 1.

Global Audit-Ready Application Enhancements

After the release of our two new products, the Global Audit-Ready Survey and the Global Audit-Ready Approval Tracking System, which let you survey SMEs for pertinent information and usher documents through approval processes while capturing all changes and comments as evidence, we have spent the month making changes recommended by our customers to enhance their experience with the Global Audit-Ready product. These types of enhancements are a key benefit to using Global Audit-Ready.

As part of the package offered to clients, subject matter experts present enhancement ideas to Cooper Compliance team and, if the changes makes sense for all clients, we implement them at no additional cost. This month, we have made enhancements to the following products:

Operator Instruction Log has been modified to include special forms for identifying personnel and equipment being worked on during switching or placing hold tags.

Survey Tool. Exciting changes to the Survey tool released this year let users streamline questions and open multiple tasks. For example, you can survey your subject matter experts to identify if they are making any changes to relays. Drill down questions can identify which types of relays. This may trigger multiple tasks that impact many standards. Tasks might include updating your entity's:

Assessment of BES Cyber Systems

FAC-008 rating

MOD-025, MOD-026, MOD-027 validation testing

PRC analysis and coordination

Cooper Compliance subject matter experts have developed a database of questions and associated tasks that work for all Standards using this tool, giving you a jump start on creating your own Survey questions. Customize each question and task to fit your specific needs.

Workflows and Reminders. The workflows associated with Global Audit-Ready have been enhanced to allow your entity to white list emails from SharePoint 365. This provides additional security to ensure your subject matter experts don’t get spammed or phished.

Global Audit-Ready Reports. The Global Audit-Ready reports have been enhanced to allow users to maintain specific information and documents that are important for internal tracking, but not necessary for audits. All reporting applications and audit documents can be triggered to show and print, or hide, this information.

Cooper Compliance listens to our users! Other minor enhancements have been implemented to our Compliance Activity Tracker, Dashboard, Audit Package Creator, and Operator Instruction Log. Customers may find these changes in our release notes.

Industry News

Industry Events

See Cooper Compliance and get a personalized demo of our NERC Compliance Software at the following events:

9th Annual North American Generator Forum Annual Meeting & Compliance Conference, October 15-17, NERC's office in Atlanta.

WECC Reliability & Security Workshop, providing in-depth outreach to address and mitigate key risks, October 22-24, Paris Hotel in Las Vegas.

GridSecCon 2019, bringing together cyber and physical security experts from industry and government to share emerging security trends, policy advancements, and lessons learned, October 22-25, Westin Peachtree Plaza in Atlanta.

Cyber Security

According to the Wall Street Journal, US launched a cyberattack that took down Iranian missile control computers on the night of June 20th. Iran may attempt to retaliate with spear-phishing strike back attacks against the U.S. Iran appears to be targeting U.S. government and energy sector entities, including oil and gas. For more information, see: (subscription)

According to multiple security websites, there is a new sophisticated scam targeting Microsoft 365 users that tricks victims into providing Office 365 credentials. An initial “file deletion” emails appears to be from the Microsoft Team, and prompts users to login into a very realistic-looking 365 login page, which is hosted by Azure, and therefore has a Microsoft-signed certificate. Read more about it by googling “”scam deletion alert Office 365” or viewing these security sites:

Grid Reliability

Argentina, Uruguay, and Paraguay were subject to a widespread blackout on June 20, putting the equivalent combined population of California, Oregon, and Washington in the dark. Preliminary reports suggested that the blackout likely originated from service disruptions on three 500kV circuits coming out of the municipality of Colonia Elía. One line experienced a fault, a second line tripped automatically, and the third was out of service at the time due to planned construction. Such an event serves as a reminder of why we strive for a reliable power grid through consistent and equally-applied regulations

FERC Order Regarding CIP-006-8

On June 20, the FERC Commission approved CIP-008-6 (Cyber Security – Incident Reporting and Response Planning) to become enforceable approximately 18 months from now, at which time CIP-008-5 will retire. CIP-008-6 is intended to mitigate the risk to the reliable operation of the BES from Cyber Security Incidents and applies to GOP, GO, TO, and some DPs. Under CIP-008-6, both Cyber Security Incidents, which are attempts to compromise, and Reportable Cyber Security Incidents, which are actual compromises, are required to be reported. The Commission also approved the revised definitions of “Cyber Security Incident” and “Reportable Cyber Security Incident” to include attempts to compromise.

Multiple Large CIP-Related Penalties Imposed

Keep on top of those CIP Standards, because the consequences can be dire if you do not! NERC's Enforcement Actions page ( contains notices of multiple large dollar amount penalties imposed in relation to non-compliant CIP Standards. On June 27, a $775,000 penalty was imposed and on May 30, two million dollar penalties were imposed. In keeping with security guidelines, these entities remain anonymous to help maintain cyber security.

New or Revised NERC Standards In the CCC Standards Database


Retiring Standards

PER-004-2 -- Reliability Coordination — Staffing. Applies to RC.

On November 21, 2018 in FERC order RD18-9-000 FERC approved retirement of PER-004-2. It becomes retired the day before PER-003-2 becomes effective, 6/30/2019.

Recently Enforceable Standards

PER-003-2 Operating Personnel Credentials 7/1/2019

TPL-007-3 Transmission System Planned Performance for Geomagnetic Disturbance Events 7/1/2019

Recent Changes to NERC Glossary

Recently Made Enforceable:

1/1/2019: Automatic Generation Control. A process designed and used to adjust a Balancing Authority Areas’ Demand and resources to help maintain the Reporting ACE in that of a Balancing Authority Area within the bounds required by applicable NERC Reliability Standards.

1/1/2019: Balancing Authority. The responsible entity that integrates resource plans ahead of time, maintains Demand and resource balance within a Balancing Authority Area, and supports Interconnection frequency in real time.

1/1/19: Pseudo-Tie. A time-varying energy transfer that is updated in Real-time and included in the Actual Net Interchange term (NIA) in the same manner as a Tie Line in the affected Balancing Authorities’ Reporting ACE equation (or alternate control processes).

10/1/2019: Qualified Path. A transmission element, or group of transmission elements that has qualified for inclusion into the Western Interconnection Unscheduled Flow Mitigation Plan (WIUFMP).

Recently Made Inactive

Inactive Date: 9/30/2019. Qualified Transfer Path.

NERC Standards Under Development

PRC-006-NPCC-2 - Automatic Underfrequency Load Shedding

Applies to GO, PC, CP, TO. This update will:

1) Remove redundancies with the most recent of the Continent-wide NERC Standard, PRC-006-3.

2) Ensure that UFLS island boundaries, once identified, are provided upon request to affected entities.

3)Minimum time UFLS relay time delay added to Attachment C tables and removed as a separate requirement

4)Added the ability for a TO or DP to calculate net load shed for UFLS if direct metering is not available

5)A number of minor clarifications.

6)Clarification that any compensatory load shedding for non-conformance with the Underfrequency trip specification for generation (in service prior to July 1, 2015) must be within the same island as the generator resides.

Comment Period 5/8/2019 6/21/2019

2018-04 Modifications to PRC-024-2 | Supplemental SAR

The purpose of this modification is to identify potential modifications to PRC-024-2 to ensure that inverter-based generator owners, operators, developers, and equipment manufacturers understand the intent of the standard in order for their plants to respond to grid disturbances in a manner that contributes to the reliable operation of the BPS.

Comment Period 6/27/2019 7/26/2019

2019-03 Cyber Security Supply Chain Risks

This project will modify the Supply Chain Standards; specifically it will address EACMSs, those systems that provide electronic access control to high and medium impact BES Cyber Systems.

Comment Period 6/27/2019 7/26/2019


• CIP-003-7 – Cyber Security — Security Management Controls

• PRC-027-1 – Coordination of Protection System Performance During Faults.

• EOP-006-3 – System Restoration Coordination. This was an update to a previously released RSAW and contains errata only.


Cooper Compliance strives to simplify compliance by integrating compliance into our clients’ daily work. The Global Audit-Ready system records and stores evidence as you perform your normal activities, freeing-up time so you can focus on adding value to your organization. Let us know if we can help, or if you would like a demo of our transformative Global Audit-Ready compliance applications.

Cooper Compliance has been providing NERC Compliance services since 2007. The Global Audit-Ready Software suite by Cooper Compliance are SharePoint applications designed to provide automatic RSAW Development as well as controls to ensure accuracy when demonstrating compliance.

BREAKING: NERC Accepts Merced Irrigation District De-activation as TO

(Merced, CA, June 5, 2019) Merced Irrigation District Water & Power (MEID) learned that it has been successfully deregistered as Transmission Owner (TO) by the North American Electric Reliability Corporation (NERC) on April 23, 2019 through a decision of the NERC Led Review Panel. The determination was made based on an exhaustive analysis presented by MEID in conjunction with Cooper Compliance Corporation, who represented MEID to NERC in this matter. This result will enable both Turlock Irrigation District (TID) and MEID to narrow their focus to more efficiently continue to deliver safe, reliable and affordable electric service in Central California.

The NERC Led Review Panel has been established to evaluate the applicability to unique situations of registered entities that should not qualify as Bulk Electric System (BES), but otherwise qualifies by applying the approved NERC definition of BES.

Cooper Compliance and MEID started this process with an initial request for deregistration in August of 2018. After initial review, including more requests for information that were fulfilled by MEID and Cooper Compliance, the NERC-led Review Panel evaluated MEID’s materiality to the BES as a TO by considering evidence in light of the materiality test and the Risk-Based Registration (RBR) Implementation Guidance. After this review, the Panel concluded that MEID’s registration as a TO is not material to the reliability of the BES.

MEID owns a small section of transmission and bus bar rated at 230 kV and located at the tail end of the transmission system. A small amount of power flows through the transmission and bus bar at times, preventing MEID from qualifying for a BES definition exemption. The analysis of the MEID system prepared by Cooper Compliance and MEID included a determination that the amount of power that flowed through was no more than that of distributed generation under the Exclusion E2. That, along with consideration of other factors, helped the NERC Led Review Panel come to this final decision. Other decision factors included: the location of MEID on the Bulk Electric System; the agreement of the materiality to the BES by WECC (regional entity) and Turlock Irrigation District, to which MEID interconnects; MEID’s registration as a DP accompanied with a detailed analysis demonstrating no additional gaps exist.

NERC notes that the decision to accept MEID’s request to deactivate it’s TO registration does not set precedent regarding the registration of similar entities. Each request is reviewed on a case-by-case basis and determinations are made based on the specific facts and circumstances of each situation.

Rich Dragonajtys, Principle Engineering Manager of MEID, said of the decision: “I wanted to thank all the members of the Panel, Mary Jo and her staff at Cooper Compliance, Michael Dalebout, Brett Bodine, Scott Downey, you and your staff and my own management and coworkers who allowed Mary Jo and I to take a chance on this effort and helped me gather information and data for initial application write-up and subsequent RFI’s.”

Cooper Compliance is known for its commitment to its clients and provides invaluable assistance for NERC compliance. They provide excellent professional services and we love their Global Audit-Ready Products designed for SharePoint. The Global Audit-Ready suite fully documents our programs with built in controls that run our compliance program like a tax software while ensuring we get our best rate of return by providing reliable services to our customers.”

Download Full Press Release(PDF)

Global Audit-Ready Standards Updates

Global Audit-Ready Standards Updates

March 2019

This newsletter contains information of interest to compliance professionals in the electric utility industry. Cooper Compliance clients and non-clients alike will find useful, timely information, including the following:

  • Cooper Compliance News

  • Global Audit-Ready Enhancements

  • Upcoming Industry Events

  • Retiring Standards

  • New or Revised NERC Standards

  • NERC Standards Under Development

  • Standards That Recently Became Effective

  • New RSAWs

(Why are you receiving this email? Your company uses Cooper Compliance's Global Audit-Ready software for compliance. Your email is one of the listed contacts for your company for Global Audit-Ready. Help us keep this list relevant; click the UNSUBSCRIBE link at bottom if Global Audit-Ready emails do not interest you.)

Cooper Compliance News

NERCRequirements List Updated

Summary of changes (more details below0
Added: PER-003-2, TPL-007-3
Retiring: IRO-006-TRE-1, PER-004-2, PRC-004-WECC-2
Changed Effective Dates: PRC-002-2

Several revised standards have recently become effective. See Standards That Recently Became Effective below for more details.


Global Audit-Ready Application Enhancements

Global Audit-Ready Approval Tracking System: The Global Audit-Ready Approval Tracking System lets you track not only one-time data requests, but also cyclical required updates to documents such as policies and procedures. You can also use it to process Authorization Requests for access to BES Cyber Assets or Information, BES Cyber Asset software upgrades, or reviews of RSAWs.  A reminder based tracking system cycles documents through the updating, reviewing, finalizing, and approving stages of document update, while obtaining electronic signatures throughout the process. You have the ability to add notes at each stage and assign different stakeholders to various tasks relating to the update.

Global Audit-Ready Survey tool: The new Global Audit-Ready Survey tool is an automated internal control system. This interactive survey tool allows you to query your SMEs to determine if certain activities occurred.  A positive response generates a task prompting them to take action and provide evidence related to a Requirement. It can also be used to simply collect information needed for regulatory reporting. All survey questions are listed by the subject matter expert in one form with one email reminder whenever the survey period opens up. An escalation email reminder is sent if the survey and associated tasks have not been completed within the designated time period. This powerful automated tool can assist with many compliance-related activities including the reporting of number of accidents, endangered species or other activities. This month, we added additional information to the Survey Answer list. We also added the ability to assign Survey-initiated tasks to other people

Global Audit-Ready Compliance Status Report: The next due dates appear under the processes.

Global Audit-Ready Dashboard: There is now a button to open a one page summary.

Global Audit-Ready Operating Instruction Log:

  • Add logos to OIL emails

  • Add ability to search descriptions in Open Logs

  • Add ability to specify scheduled date in logs

Global Audit-Ready PSMP Application Release Notes:

  • Update of maintenance log interface

    • Change equipment selection to checkbox to make it easier to select multiple pieces of equipment

    • Selecting new equipment will not clear out data entered for previously selected equipment.

    • New document Note window; enter notes that will appear in the Compliance Status Report and the completed RSAW

    • Equipment Selection box is now resizable

    • Lets users add additional work order instructions if unresolved issue box is checked

  • Improved robustness and error checking

    • Fixed a problem where clients change the library name after it’s created)

    • Disallows attachments that have # in the title to maintain SharePoint compatibility.

    • Prevents a security error if the user takes more than 30 minutes to submit a log

    • If there are no checked instructions, gives a warning and does not update the equipment list dates

  • Updated how unresolved work orders are handled

    • Lets users close all open unresolved work orders for a piece of equipment if all the instructions for that instruction is checked

    • Adds support to create a unique unresolved work order for each equipment

    • No longer automatically creates a new unresolved work order if there is already an active unresolved work order.   There is now a confirmation window to let a user create a new work order if there is already an open one.

    • Lets the user update multiple unresolved work orders on the same equipment. 

    • Due dates for the unresolved work orders are displayed in unresolved work order selection window

  • Updated data fields

    • Added EquipmentType to EquipmentLog list

    • In EquipmentLog list, MaintenanceComplete is "Yes" only if there was no unresolved issue

Upcoming Industry Events

Here are a few upcoming industry events. See Erica and Mary Jo from Cooper Compliance TOMORROW at WECC. Drop by our booth to see a demo of our great new product enhancements.

  • Tomorrow! WECC Spring Workshop, April 9 - 11, Garden Grove CA (near Anaheim). More details.

  • NPCC Spring Compliance & Standards Workshop, May 22 - May 23, Groton CT. Get tickets.

Retired Standards

IRO-006-TRE-1: RC  (IROL and SOL Mitigation in the ERCOT Region)
For the Texas Reliability Entity region, per FERC order RD19-2-000, IRO-006-TRE-1 is retired on 1/29/2019. NERC contends "continent-wide Reliability Standards have been approved that cover the same reliability goals as the requirements in regional Reliability Standard IRO-006-TRE-1, rendering the regional Reliability Standard redundant."

PER-004-2:  RC  (Reliability Coordination — Staffing)
On November 21, 2018 in FERC order RD18-9-000 FERC approved retirement of PER-004-2. The order states,  "With respect to the proposed retirement of Reliability Standard PER-004-2, NERC states that Reliability Standard PER-004-2 contains two requirements that are redundant with other Commission‐approved Reliability Standards." It becomes retired the day before PER-003-2 becomes effective 6/30/2019.

PRC-004-WECC-2  TO, GO, TOP  (Protection System and Remedial Action Scheme Misoperation)  
This regional Reliability Standard is becoming redundant with other approved standards and no longer necessary for reliability. In particular, Reliability Standard PRC-012-2 (Remedial Action Schemes), approved by the Commission in Order No. 837, contains requirements for remedial action scheme analysis. Reliability Standard PRC-012-2 will become effective in the United States on January 1, 2021. According to NERC and WECC, PRC-004-WECC-2  may therefore be retired at that time with no adverse effect on reliability. According to FERC order RD18-3-000 on March 28,2019,  regional Reliability Standard PRC-004-WECC-2  has a retirement effective date of January 1, 2021

New or Revised Standards In the CCC Standards Database

PER-003-2 (Operating Personnel Credentials)
Will replace PER-003-1 as of 7/1/2019.  The only substantive change is that a clarifying footnote is added to ensure that stakeholders (now and in the future) understand (i) the connection between the Standard and the Program Manual; and (ii) that the certifications referenced under PER-003-2 are those under the NERC System Operator Certification Program.. Also, boilerplate text common to all standards has been updated to reflect NERC's current template.
Effective Date: 7/1/2019
Applies to: RC, TOP, BA.

TPL-007-3  (Transmission System Planned Performance for Geomagnetic Disturbance )
Was added to Cooper Compliance NERC database. It is the same as TPL-007-2 except -3 adds a Canadian Variance. Thus TPL-007-2 never becomes effective but is superceded by the revised TPL-007-3, with all phased-in compliance dates carried forward unchanged.
Effective Date: Earliest is 7/1/19, with varying effective dates for specific requirements thereafter.
Applies to: PC, TP, TO, GO

PRC-002-2: (Disturbance Monitoring and Reporting Requirements)
For R2, R3, R4, R6, R7, R8, R9, R10, R11 , changed Effective Date from 7/1/2022 to 7/1/2020. This is because according to the NERC Implementation Plan, 50% compliance is required at 7/1/2020 and 100% compliance is required at the stated NERC effective date of 7/1/2022.
Applies to: PC, RC, TO, GO

Standards Under Development

2018-03 Standards Efficiency Review Retirements Project Scope
The Standard Authorization Request (SAR) drafting team evaluated NERC Reliability Standards using a risk-based approach to identify potential efficiencies through retirement or modification of Reliability Standard Requirements. Many Reliability Standards have been mandatory and enforceable for 10+ years in North America. The SAR drafting team identified potential candidate requirements that are not essential for reliability, could be simplified or consolidated, and could thereby reduce regulatory obligations and/or compliance burden.Initial Ballots and Non-binding Pollsstart: 4/3/2019end: 4/12/2019 Comment Period                            start 2/27/2019end: 4/12/2019

2019-02 BES Cyber System Information Access Management

This project enhances BES reliability by creating increased choice, greater flexibility, higher availability, and reduced-cost options for entities to manage their BES Cyber System Information, by providing a secure path towards utilization of modern third-party data storage and analysis systems. In addition, the proposed project would clarify the protections expected when utilizing third-party solutions (aka cloud), such as Microsoft 365.

Standard(s) Affected – CIP-004-6 - Cyber Security - Personnel & Training | CIP-011-2 - Cyber Security - Information Protection

Comment Period start: 3/28/20194/26/2019

Standards That Recently Became Effective

On 4/1/2019 (No Joke!), the following standards become effective, replacing their previous versions:
BAL-002-3 BA RSG Disturbance Control Standard – Contingency Reserve for Recovery from a Balancing Contingency Event
EOP-004-4 BA DP GO GOP RC TO TOP Event Reporting
EOP-005-3  DP TO TOP GOP System Restoration from Blackstart Resources
EOP-006-3  RC  System Restoration Coordination
EOP-008-2  BA RC TOP Loss of Control Center Functionality

BAL-002-3  Disturbance Control Standard – Contingency Reserve for Recovery from a Balancing Contingency Event
R1.3.1  expanded and clarified under what situations the Responsible Entity experiencing a Reportable Balancing Contingency Event shall deploy Contingency Reserve. It now includes Responsible Entities that have, during communications with its Reliability Coordinator in accordance with the Energy Emergency Alert procedures, (i) notified the Reliability Coordinator of the conditions described in the preceding two bullet points preventing the Responsible Entity from complying with Requirement R1 part 1.1, and (ii) provided the Reliability Coordinator with an ACE recovery plan, including target recovery time.
Applies to: BA RSG

EOP-004-4  Event Reporting
For R2, entities shall report events by the later of 24 hours of recognition of meeting an event type threshold for reporting or by the end of the Responsible Entity’s next business day (4 p.m. local time will be considered the end of the business day). Previously, events had to be reported within 24 hours of recognition or by end of next business day if event occurred on a weekend.
Also, R3, which existed in EOP-004-3, no longer exists in EOP-004-4. R3 was this: "Each Responsible Entity shall validate all contact information contained in the Operating Plan pursuant to Requirement R1 each calendar year." Cooper Compliance feels this exercise is a good one to continue.  For our clients we simply move the validation process to R1, as an internal control.
Applies to: BA DP GO GOP RC TO TOP

EOP-005-3   System Restoration from Blackstart Resources
EOP-005-3 has extensive revisions, including updated restoration plan guidelines, testing requirements, documentation requirements, and training requirement for restoration.
Applies to: TOP, GOP, TO, DP

EOP-006-3    System Restoration Coordination
Clarifies re-establishing interconnections during restoration.
In the new standard, if conflicts between restoration plans are found, the RC must notify neighboring RCs of such conflicts in 60 days. The new standard mandates System restoration drills/simulations per year. The requirement for the RC to coordinate resynchronizing islanded areas has been dropped.
Applies to: RC

EOP-008-2   Loss of Control Center Functionality
Data Communications has been changed to Data exchange capabilities for R1.2.2.
Voice communciation has been changed to Interpersonal Communications for R1.2.3
Applies to: BA RC TOP


No new RSAWs have been released recently.

For more information, and for early access to this newsletter, consider subscribing: