Global Audit Ready Standards Update

Happy New Year from Cooper Compliance!

Cooper Compliance is pleased to provide news that compliance professionals need to know. In this newsletter, learn what standards are imminently changing, retiring, or becoming effective. Keep up to date with your entity’s responsibilities for NERC standards. We sift through the NERC website and bring it all together for you in a neat and succinct summary, freeing your time to build your business.   

This report provides:

  • A summary of the updates that were made during the fourth quarter of 2017.
  • A description of projects under development and our comments on each
  • A list of new RSAWs that have been added to the databases underlying Global Audit-Ready, our cutting edge compliance software package for energy industry compliance to government standards.

Those entities utilizing SharePoint 2013 or higher will soon be upgraded to our latest version of Global Audit-Ready that contains many new and exciting features.  For example, word RSAWs and RSAW packages are now auto-generated to prepare you for an audit with a click of a button.  The Global Audit-Ready Operator Instruction Log (OIL) for SP 2013 and higher has many great reporting features.  Contact Cooper Compliance if you are not already a user of OIL to see how it can help your organization raise its bar with a robust compliance program and internal controls.
 

Revised NERC Standards:

BAL-002-2 (R1, R2)
Title: Disturbance Control Standard – Contingency Reserve for Recovery from a Balancing Contingency Event
Applicability: Balancing Authority or Reserve Sharing Group
Effective Date: 1/1/2018
BAL-002-2 contains revisions to, and replaces, BAL-002-1. Major changes are as follows:
In R1 and R2 the VRF (Violation Risk Factor) has been moved from medium to high, replacing BAL-002-01.  To comply with R1 and R2, the responsible entity must supply evidence and documents proving compliance if there is a reportable balancing contingency event.

BAL-502-RF-03
Title: Planning Resource Adequacy Analysis, Assessment and Documentation
Applicability: Planning Coordinator in the Reliability First (RF) region
Effective Date: 1/1/2018
BAL-502-RF-03 contains revisions to, and replaces, BAL-502-RF-02. Major changes are as follows:
From M1, "Each Planning coordinator shall possess the documentation that a valid Resource Adequacy analysis was performed or verified in accordance with R1".  From M3, " Each Planning Coordinator shall possess the documentation identifying any gaps between the needed amounts of planning reserves and projected planning reserves in accordance with R3."  A third requirement was added, which states, “The Planning Coordinator shall identify any gaps between the needed amount of planning reserves defined in Requirement R1, Part 1.1 and the projected planning reserves documented in Requirement R2.”


PRC-006-SERC-02
Title: Automatic Underfrequency Load Shedding Requirements
Applicability: Planning Coordinators, Generator Owners, and UFLS entities, which might include Transmission Owners or Distribution Providers in the SERC region
Effective Date: 1/1/2018
PRC-006-SERC-02 contains revisions to, and replaces, PRC-006-SERC-01. Major changes are as follows:
In this update, the planning coordinator decides when the peak time is for each requirement as seen in R2, either summer or winter.


IRO-002-5
Title: Reliability Coordination – Monitoring and Analysis
Applicability: Reliability Coordinator
Effective Date: 10/1/2017
IRO-002-5 contains revisions to, and replaces, IRO-002-4. Major changes are as follows:

  • R1 Risk factor moved from High to Medium, and Time Horizon reduced to Operations Planning only.
  • Two new requirements were added. The first requires RCs to have data exchange capabilities and spells out the details of those capabilities. The second new requirement describes needed testing of the Control Center data exchange capabilities. R5 now directs that the status of Remedial Action Schemes, rather than the status of Special Protection Systems, be monitored.
  • The Compliance Enforcement Authority is expanded to include any entity designated by the applicable Governmental Authority.

.
COM-001-3
Title: Communications
Applicability: Transmission Operator, Balancing Authority, Reliability Coordinator, Distribution Provider, Generator Operator
Effective Date: 10/1/2017
COM-001-3 contains revisions to, and replaces, COM-001-2.1. Major changes are as follows:

  • The format of the requirement has been updated to include measures directly after the corresponding requirement.
  • Two new requirements, R12 and R13, specify additional interpersonal communication capabilities. R12 specifies that each RC, TO, GO, and BA shall have interpersonal communication that enables operation of the BES while specifying these communications must exist between control centers to control centers as wells as field personnel. R13 specifies that each DP shall have the same.  

The Compliance Enforcement Authority is expanded to include any entity designated by the applicable Governmental Authority.  In this update, the planning coordinator decides whether the peak demand is summer or winter for the purposes of each sub-requirement of R2.

VAR-501-WECC-3.1
Title: Power System Stabilizer(PSS)
Applicability: Generator Owner, Generator Operator in the WECC region
Effective Date: 9/26/2017
VAR-501-WECC-3.1 contains revisions to, and replaces, VAR-501-WECC-3. Major changes are as follows: 

This standard was written to ensure that the Western Interconnection is operated in a coordinated manner under any condition establishing performance criteria for WECC power system stabilizers. This update is due to an errata that corrects the effective date.  .  Requirement R3 has an effective date of July 1, 2017 for first time service after regulatory approval and R3 has an effective date of July 1, 2022 for units placed in service prior to final regulatory approval.  

VAR-002-4.1
Title: Power System Stabilizer(PSS)
Applicability: Generator Owner, Generator Operator
Effective Date: 9/26/2017
VAR-002-4.1 contains revisions to, and replaces, VAR-002-4. Major changes are as follows: 
The standard contained measures to ensure the generator provide voltage and reactive power control within generation facilities.   This update is due to an errata that adjusts foot note 4 to capitalize “Reactive Power” in order to reference the NERC definition for Reactive Power.
 

VAR-001-4.2
Title: Voltage and Reactive Control
Applicability: Transmission Operators, Generator Operators within the Western Interconnection(WECC)
Effective Date: 9/26/2017
VAR-001-4.2 contains revisions to, and replaces, VAR-001-4.1. Major changes are as follows:
The standard was replaced due to an errata that corrected NERC terms, corrected grammar, and other minor grammatical clarifications.  For example, The time horizon was modified from Operational Planning to Operations Planning and M1 clarifies that 30 days means 30 calendar days.
 

NERC Standards Under Development January 2017:

  • 2017-07  Standards Alignment with Registration. Open for comment until January 9. FERC approved the removal of two functional categories, Purchasing-Selling Entity (PSE) and Interchange Authority (IA), from the NERC Compliance Registry due to the commercial nature of these categories posing little or no risk to the reliability of the bulk power system.  FERC also approved the creation of a new registration category, Underfrequency Load Shedding (UFLS)-only Distribution Provider (DP), for PRC-005 and its progeny standards.(Reference) . 

Regarding 2017-07  Standards Alignment with Registration above, the Cooper Compliance feedback to NERC is that we agree with the proposed scope and objectives and with the merging of two SARs into a single SAR. Our comments to FERC are as follows:
Yes we agree the scope is appropriate, we also feel it could be expanded to cover the function of Generator Lead Lines Interconnection Facilities and TOP lite. While there is no registration type as Generator Lead Line Interconnection Facility, the concept has been introduced but is not well defined in the Standards.  In addition, while NERC has temporarily dismissed the concept of a TOP lite, it would be good to reintroduce this concept.  For example, a TOP that only owns a bus bar should not have to have a full blown backup control room and so forth. The Standards should match the risk to the Bulk Electric System. 


•    2017-05 NUC-001-3 Periodic Review. Open for comment through 1/29/2018.  The drafting team did not identify any changes that warrant a new project.  Cooper Compliance Agrees with this assessment.

Regarding 2017-07  Standards Alignment with Registration above, the Cooper Compliance feedback to NERC is that we agree with the proposed scope and objectives and with the merging of two SARs into a single SAR. Our comments to FERC are as follows:
Yes we agree the scope is appropriate, we also feel it could be expanded to cover the function of Generator Interconnection Facilities and TOP lite. While there is no registration type as Generator Interconnection Facility, the concept has been introduced but is not well defined in the Standards.  In addition, while NERC has temporarily dismissed the concept of a TOP lite, it would be good to reintroduce this concept.  For example, a TOP that only owns a bus bar should not have to have a full blown backup control room and so forth. The Standards should match the risk to the Bulk Electric System.

New and Updated RSAW Documents:

Standard Description Date Updated
PRC-006-3 Automatic Underfrequency Load,Shedding 11/29/2017
VAR-001-4.2 Voltage and Reactive Control 11/29/2017
VAR-002-4.1 Generator Operation for Maintaining Network Voltage 11/29/2017
BAL-002-2 Disturbance Control Performance - Contingency Reserve for Recovery from a Balancing Contingency Event 10/11/2017
IRO-018-1(i) Reliability Coordinator,Real-time Reliability Monitoring and Analysis Capabilities 10/11/2017
TOP-010-1 Real-time Reliability Monitoring,and Analysis Capabilities 10/11/2017
PRC-026-1 Relay Performance During Stable,Power Swings 9/25/2017

Managing Regulatory Risk with SharePoint

Cooper-Compliance_Global Audit-Ready-03.jpg

 

The North American Electric Reliability Corporation (NERC) has listened to the electric utility industry! It recently modified its Compliance Monitoring and Enforcement Program (CMEP) as a result of the Reliability Assurance Initiative (RAI) evaluation.

The changes made by NERC, which focus on risk based on size and potential reliability impact, have the potential to benefit your organization in many ways. In this article, we answer some common questions that have arisen amongst power generation entities about the NERC changes below:

The power of Microsoft SharePoint lies in its simplicity; it is user-friendly and you do not necessarily need a computer programmer to implement controls into your compliance program.

Get a more advanced system by using SharePoint applications. Cooper Compliance's Audit-Ready SharePoint applications are a suite of governance, risk and compliance (GRC) SharePoint add-ons that provide a proven platform for designing and embedding controls into your compliance program to manage risk. The applications integrate into your on-premise SharePoint or with Microsoft 365.

The Audit-Ready SharePoint applications can be purchased at a very reasonable price to provide you with the real-time compliance status on a dashboard, drill down reports to ensure that you are audit-ready at all times, and a tool to systematically load data into your SharePoint site once while automatically mapping to all relevant regulations. The Audit-Ready logging system alerts your operators when certain compliance steps need to be taken. The Audit-Ready Maintenance Center ensures timely and complete maintenance records. By using the functionality available in SharePoint along with various off-the shelf products, you can easily identify to NERC where you have directive, preventative, detective, and mitigating controls and your entity can benefit from reduced audit-scope and extending your audit period.

  • Introduces the UFLS-only Distribution Provider for those entities that are registered only because they have an Under-frequency Load Shedding (UFLS) program.
  • Increases registration requirements from 25 MW to 75 MW.
  • Provides real benefit to companies who have introduced a controlled environment to reduce risk.

    Can I still de-register if my load is greater than 75 MW?

    We at Cooper Compliance recommend that you look at where your loads are separated by normally open switches or through noncontiguous geographical locations. Perhaps you have two or more systems, where the load of each is less than 75 MW. If so, you may be able to deactivate your registration as a DP or qualify as a UFLS-only Distribution Provider entity.

    What are the benefits of being an UFLS-only Distribution Provider?

    Entities qualify as an UFLS-only Distribution Provider when they have an UFLS program but are not directly interconnected to the Bulk Electric System with load less than 75 MW. UFLS-Only Distribution Providers have only 2 Standards that they have to comply with. These two Standards require an entity to submit their UFLS program annually and to maintain their UFLS relays and associated protection equipment every 6 to 12 years.

    How do I benefit by managing risk through a controlled NERC program?

    Those entities who have implemented controls into their organization have essentially eliminated the risk of non-compliance. More importantly, in the long term you will improve reliability and reduce workload.

    NERC has observed that those entities with established internal controls do not need to be audited in areas that have internal controls in place. The NERC regional entities, who audit registered entities, will reduce the scope of the audit and extend the period between audits. This reduces your staff's time and effort to prepare for an audit, allowing you to focus on your purpose of bringing reliable electricity to your customers!

    We are limited by our budget and can't afford to have a robust controlled program. How can these changes benefit us?

    We recommend that you consider some of the following options for introducing controls that manage risk into your entity's NERC Compliance program.

    Outsource your NERC Compliance Administration

     Consider outsourcing your NERC Compliance Administration services or expanding your in-house team through an outside vendor. There are many companies that specialize in compliance, that you can outsource your NERC Compliance Administration program to at a reduced cost. These companies focus on NERC Compliance and have more exposure to lessons learned. Using an outsource NERC compliance management company gives you peace of mind, with an entire team of experts working for you rather than relying on limited internal compliance experts. For example, these companies are likely able to provide an expert in risk and controls, operations, maintenance, critical infrastructure, and legal at the same or lower price that you would pay for one full-time compliance staff member.

    Use Microsoft SharePoint to manage your risk.  

    Microsoft SharePoint can be used as a tool to manage your compliance programs in many ways when set up appropriately. You can use your existing on-premise SharePoint or consider using Microsoft 365 SharePoint at a cost as low as $7 per user per month.

    SharePoint can be used to build controls into your compliance program:

    Directive Controls: Use a central library to store all procedures that provide directive controls. Turn on versioning to maintain historical documents, track revision history, and prevent different versions of the same procedures being used throughout your organization. A tip for accomplishing best practice is to use a consistent name for your document when loading into SharePoint. For example, use "Protection System Maintenance Program" instead of Protection System Maintenance Program, v4". Use SharePoint's version and date column to distinguish versions of the same document, with version being required upon check in, and date being automatically populated by SharePoint.

    Preventative Controls: Use workflows that send out escalation emails when work is not performed in a timely fashion.

    Detective and Mitigating Controls: Use forms that alert users when data is entered outside a predetermined range. For example, well-designed Web forms can cause an alert to occur when battery readings are outside of a specified range and corrective actions are required. You can also use SharePoint lists accompanied by workflows to manage lists such as Critical Cyber Assets, approvals for CIP Change Management, or Training requirements.