NERC Compliance Tools

Global Audit-Ready Standards Updates

This newsletter contains information of interest to compliance professionals in the electric utility industry. Cooper Compliance clients and non-clients alike will find useful, timely information, including the following:

Cooper Compliance News, Global Audit-Ready Enhancements, Industry News: Events, Cyber Security in the News, and Grid Reliability, New or Revised NERC Standards, Retiring Standards, Recently Enforceable Standards, Recent Changes to NERC Glossary, NERC Standards Under Development, and New RSAWs.

Cooper Compliance News

Cooper Compliance Global Audit-Ready products are cost-efficient and enable you to quickly focus on and enhance your compliance program instead of wasting time and money developing your own compliance systems and workflows in-house. Because Global Audit-Ready is an add-on, it allows you to put your resources to work in the most efficient way. Contact us to see how you can start enhancing your program with an installation that takes less than 15 minutes of your IT resources time!.

NERC Requirements List Updated

Added RSAWS for CIP-003-7, PRC-027-1, and EOP-006-3. The EOP-006-3 RSAW is version 2 and had previously been released by NERC as version 1.

Global Audit-Ready Application Enhancements

After the release of our two new products, the Global Audit-Ready Survey and the Global Audit-Ready Approval Tracking System, which let you survey SMEs for pertinent information and usher documents through approval processes while capturing all changes and comments as evidence, we have spent the month making changes recommended by our customers to enhance their experience with the Global Audit-Ready product. These types of enhancements are a key benefit to using Global Audit-Ready.

As part of the package offered to clients, subject matter experts present enhancement ideas to Cooper Compliance team and, if the changes makes sense for all clients, we implement them at no additional cost. This month, we have made enhancements to the following products:

Operator Instruction Log has been modified to include special forms for identifying personnel and equipment being worked on during switching or placing hold tags.

Survey Tool. Exciting changes to the Survey tool released this year let users streamline questions and open multiple tasks. For example, you can survey your subject matter experts to identify if they are making any changes to relays. Drill down questions can identify which types of relays. This may trigger multiple tasks that impact many standards. Tasks might include updating your entity's:

Assessment of BES Cyber Systems

FAC-008 rating

MOD-025, MOD-026, MOD-027 validation testing

PRC analysis and coordination

Cooper Compliance subject matter experts have developed a database of questions and associated tasks that work for all Standards using this tool, giving you a jump start on creating your own Survey questions. Customize each question and task to fit your specific needs.

Workflows and Reminders. The workflows associated with Global Audit-Ready have been enhanced to allow your entity to white list emails from SharePoint 365. This provides additional security to ensure your subject matter experts don’t get spammed or phished.

Global Audit-Ready Reports. The Global Audit-Ready reports have been enhanced to allow users to maintain specific information and documents that are important for internal tracking, but not necessary for audits. All reporting applications and audit documents can be triggered to show and print, or hide, this information.

Cooper Compliance listens to our users! Other minor enhancements have been implemented to our Compliance Activity Tracker, Dashboard, Audit Package Creator, and Operator Instruction Log. Customers may find these changes in our release notes.

Industry News

Industry Events

See Cooper Compliance and get a personalized demo of our NERC Compliance Software at the following events:

9th Annual North American Generator Forum Annual Meeting & Compliance Conference, October 15-17, NERC's office in Atlanta.

WECC Reliability & Security Workshop, providing in-depth outreach to address and mitigate key risks, October 22-24, Paris Hotel in Las Vegas.

GridSecCon 2019, bringing together cyber and physical security experts from industry and government to share emerging security trends, policy advancements, and lessons learned, October 22-25, Westin Peachtree Plaza in Atlanta.

Cyber Security

According to the Wall Street Journal, US launched a cyberattack that took down Iranian missile control computers on the night of June 20th. Iran may attempt to retaliate with spear-phishing strike back attacks against the U.S. Iran appears to be targeting U.S. government and energy sector entities, including oil and gas. For more information, see:

https://www.wsj.com/articles/u-s-launched-cyberattacks-on-iran-11561263454 (subscription)

According to multiple security websites, there is a new sophisticated scam targeting Microsoft 365 users that tricks victims into providing Office 365 credentials. An initial “file deletion” emails appears to be from the Microsoft Team, and prompts users to login into a very realistic-looking 365 login page, which is hosted by Azure, and therefore has a Microsoft-signed certificate. Read more about it by googling “”scam deletion alert Office 365” or viewing these security sites:

https://blog.knowbe4.com/file-deletion-alert-becomes-the-latest-scam-to-compromise-office-365-credentials

https://www.bleepingcomputer.com/news/security/phishing-emails-pretend-to-be-office-365-file-deletion-alerts/

Grid Reliability

Argentina, Uruguay, and Paraguay were subject to a widespread blackout on June 20, putting the equivalent combined population of California, Oregon, and Washington in the dark. Preliminary reports suggested that the blackout likely originated from service disruptions on three 500kV circuits coming out of the municipality of Colonia Elía. One line experienced a fault, a second line tripped automatically, and the third was out of service at the time due to planned construction. Such an event serves as a reminder of why we strive for a reliable power grid through consistent and equally-applied regulations

FERC Order Regarding CIP-006-8

On June 20, the FERC Commission approved CIP-008-6 (Cyber Security – Incident Reporting and Response Planning) to become enforceable approximately 18 months from now, at which time CIP-008-5 will retire. CIP-008-6 is intended to mitigate the risk to the reliable operation of the BES from Cyber Security Incidents and applies to GOP, GO, TO, and some DPs. Under CIP-008-6, both Cyber Security Incidents, which are attempts to compromise, and Reportable Cyber Security Incidents, which are actual compromises, are required to be reported. The Commission also approved the revised definitions of “Cyber Security Incident” and “Reportable Cyber Security Incident” to include attempts to compromise.

Multiple Large CIP-Related Penalties Imposed

Keep on top of those CIP Standards, because the consequences can be dire if you do not! NERC's Enforcement Actions page (https://www.nerc.com/pa/comp/CE/Pages/Actions_2019/Enforcement-Actions-2019.aspx) contains notices of multiple large dollar amount penalties imposed in relation to non-compliant CIP Standards. On June 27, a $775,000 penalty was imposed and on May 30, two million dollar penalties were imposed. In keeping with security guidelines, these entities remain anonymous to help maintain cyber security.

New or Revised NERC Standards In the CCC Standards Database

None

Retiring Standards

PER-004-2 -- Reliability Coordination — Staffing. Applies to RC.

On November 21, 2018 in FERC order RD18-9-000 FERC approved retirement of PER-004-2. It becomes retired the day before PER-003-2 becomes effective, 6/30/2019.

Recently Enforceable Standards

PER-003-2 Operating Personnel Credentials 7/1/2019

TPL-007-3 Transmission System Planned Performance for Geomagnetic Disturbance Events 7/1/2019

Recent Changes to NERC Glossary

Recently Made Enforceable:

1/1/2019: Automatic Generation Control. A process designed and used to adjust a Balancing Authority Areas’ Demand and resources to help maintain the Reporting ACE in that of a Balancing Authority Area within the bounds required by applicable NERC Reliability Standards.

1/1/2019: Balancing Authority. The responsible entity that integrates resource plans ahead of time, maintains Demand and resource balance within a Balancing Authority Area, and supports Interconnection frequency in real time.

1/1/19: Pseudo-Tie. A time-varying energy transfer that is updated in Real-time and included in the Actual Net Interchange term (NIA) in the same manner as a Tie Line in the affected Balancing Authorities’ Reporting ACE equation (or alternate control processes).

10/1/2019: Qualified Path. A transmission element, or group of transmission elements that has qualified for inclusion into the Western Interconnection Unscheduled Flow Mitigation Plan (WIUFMP).

Recently Made Inactive

Inactive Date: 9/30/2019. Qualified Transfer Path.

NERC Standards Under Development

PRC-006-NPCC-2 - Automatic Underfrequency Load Shedding

Applies to GO, PC, CP, TO. This update will:

1) Remove redundancies with the most recent of the Continent-wide NERC Standard, PRC-006-3.

2) Ensure that UFLS island boundaries, once identified, are provided upon request to affected entities.

3)Minimum time UFLS relay time delay added to Attachment C tables and removed as a separate requirement

4)Added the ability for a TO or DP to calculate net load shed for UFLS if direct metering is not available

5)A number of minor clarifications.

6)Clarification that any compensatory load shedding for non-conformance with the Underfrequency trip specification for generation (in service prior to July 1, 2015) must be within the same island as the generator resides.

Comment Period 5/8/2019 6/21/2019

2018-04 Modifications to PRC-024-2 | Supplemental SAR

The purpose of this modification is to identify potential modifications to PRC-024-2 to ensure that inverter-based generator owners, operators, developers, and equipment manufacturers understand the intent of the standard in order for their plants to respond to grid disturbances in a manner that contributes to the reliable operation of the BPS.

Comment Period 6/27/2019 7/26/2019

2019-03 Cyber Security Supply Chain Risks

This project will modify the Supply Chain Standards; specifically it will address EACMSs, those systems that provide electronic access control to high and medium impact BES Cyber Systems.

Comment Period 6/27/2019 7/26/2019

New RSAWs

• CIP-003-7 – Cyber Security — Security Management Controls

• PRC-027-1 – Coordination of Protection System Performance During Faults.

• EOP-006-3 – System Restoration Coordination. This was an update to a previously released RSAW and contains errata only.

About

Cooper Compliance strives to simplify compliance by integrating compliance into our clients’ daily work. The Global Audit-Ready system records and stores evidence as you perform your normal activities, freeing-up time so you can focus on adding value to your organization. Let us know if we can help, or if you would like a demo of our transformative Global Audit-Ready compliance applications.

Cooper Compliance has been providing NERC Compliance services since 2007. The Global Audit-Ready Software suite by Cooper Compliance are SharePoint applications designed to provide automatic RSAW Development as well as controls to ensure accuracy when demonstrating compliance.

NERC Update Summary February 2019

Global Audit-Ready Standards Updates

February 2019
This newsletter contains information of interest to compliance professionals in the electric utility industry. Cooper Compliance clients and non-clients alike will find useful, timely information, including the following:

  • Cooper Compliance News

  • Upcoming Industry Events

  • New or Revised NERC Standards

  • NERC Standards Under Development

  • Standards Becoming Effective

  • New RSAWs


Cooper Compliance News

NERCRequirements List Updated

In January, BAL-002-3 and VAR-001-5 RSAWs were added to the Cooper Compliance database. See the New RSAWs section.
The future enforceable standard PER-003-2 has been added,and retirement dates have been entered for PER-003-1 and PER-004-2 (which is being retired with no new version to replace it).

Global Audit-Ready Application Enhancements

Development at Cooper Compliance continues at a steady pace to give you more control and automation for managing your compliance program.
Approval Tracking System:Last month, as you may remember, we announced our new Global Audit-Ready app, the Approval Tracking System. This lets you track not only one-time data requests, but also cyclical required updates to documents such as policies and procedures. You can also use it to process reviews of RSAWs.  A reminder based tracking system cycles documents through the updating, reviewing, finalizing, and approving stages of document update, while obtaining electronic signatures throughout the process. You have the ability to add notes at each stage and assign different stakeholders to various tasks relating to the update.

Global Audit-Ready Survey tool:Feeling overwhelmed? Short of resources? Not enough time to keep up with all the activity going on around you and maintain compliance with the ever-growing regulations?

Cooper Compliance has you covered through automation!

This month, we are very excited to announce the new Global Audit-Ready Survey tool, which is an automated internal control system. This interactive survey tool allows you to query your SMEs to determine if certain activities occurred.  A positive response generates a task prompting them to take action and provide evidence related to a Requirement. It can also be used to simply collect information needed for regulatory reporting. All survey questions are listed by the subject matter expert in one form with one email reminder whenever the survey period opens up. A second email reminder is sent if the survey and associated tasks have not been completed within the designated time period.  Features include:

  • Drill down survey capability

  • Task creation to upload documents

  • Task creation to report a value or text

This powerful automated tool can assist with many compliance-related activities including the reporting of number of accidents, endangered species or other activities.

PSMP App:The PSMP app has been updated with some interface changes to make it easier to select multipl pieces of equipment. A new Notes window, for notes that will appear in Compliance Status Report and the finished RSAW, has been added. You can now add additional work order instructions for unresolved issues. Due dates for unresolved work orders are now displayed. The new PSMP app also includes other changes that allow for a smoother and more efficient user experience.

Industry News

It turns out that NERC penalties are real and can cost you a bundle:https://www.eenews.net/stories/1060119265

The California PUC recently implemented Cyber Security regulations, applicable to DPs in the state: http://docs.cpuc.ca.gov/PublishedDocs/Published/G000/M260/K335/260335905.PDF

Upcoming Industry Events

Here are a few industry events where you might see Cooper Compliance. Drop by our booth to see a demo of our great new product enhancements.

  • Solar Asset Management, March 26 - 27, San Francisco CA. More details.

  • WECC Spring Workshop, April 9 - 11, Garden Grove CA (near Anaheim). More details.

  • NPCC Spring Compliance & Standards Workshop, May 22 - May 23, Groton CT. Get tickets.

Retired Standards

No standards are being retired at this time.
PER-004-2 is scheduled to retire 6/30/2019 due to its requirements being redundant with other enforceable standards.

New or Revised Standards In the CCC Standards Database

PER-003-2, titled Operating Personnel Credentials, will replace PER-003-1 as of 7/1/2019.  The only substantive change is that a clarifying footnote is added to ensure that stakeholders (now and in the future) understand (i) the connection between the Standard and the Program Manual; and (ii) that the certifications referenced under PER-003-2 are those under the NERC System Operator Certification Program.. Also, boilerplate text common to all standards has been updated to reflect NERC's current template.
Effective Date: 7/1/2019
Applies to: RC, TOP, BA.

Standards Under Development

At this time, there are no upcoming Ballots, no ballot pools open for joining, and no standard changes posted for comment.

Standards Becoming Effective Soon

On 4/1/2019, the following standards become effective:
BAL-002-3
EOP-004-4
EOP-005-3
EOP-006-3
EOP-008-2
See future newsletters for what these changes mean for you.

New RSAWs

These RSAWs have been added to the NERC website and have also been added to the Global Audit-Ready software for Cooper Compliance clients.

BAL-002-3

VAR-001-5


Global Audit-Ready users will be provided these RSAWs to upload to your RSAW Documents library in a separate email.

NERC Update Summary September 2018

Global Audit-Ready Standards Updates

September 2018

This newsletter contains information of interest to compliance professionals in the electric utility industry. Cooper Compliance clients and non-clients alike will find useful, timely information, including the following:

  • Cooper Compliance News

  • Industry Events

  • Retired Standards

  • New or Revised NERC Standards

  • NERC Standards Under Development

  • New NERC Guidance Documents

  • Recently Added RSAWs

Cooper Compliance News

NERC Requirements List Updated

Over the next few days, the Global Audit-Ready database of NERC and regional standards will be updated for Cooper Compliance clients to keep pace with changes released on the NERC website. Look for these changes if you have Global Audit-Ready applications:

  • Add standard of PER-006-1.

  • Added standard of PRC-027-1.

  • Added standard of BAL-002-3 and set retirement date of BAL -002-2, which it replaces.

  • Retired VAR-002-WECC-2.

  • Added RSAW for EOP-004-4.

  • Added RSAW for EOP-006-3.

Global Audit-Ready Application Enhancements

This month we have released enhancements to our workflow capabilities, our Editor tool which is used to set up new facilities or new Standards, and our Operator Instruction Log.

The Global Audit-Ready workflow capability just got better.
These changes affect workflows and  Global Audit-Ready Dashboard, Reporter, Editor, SME Responsibility Report, Document Loader.

  • When the due date is approaching for a compliance task that repeats over a predefined period, the workflow sends an email, creates an item in the SharePoint task list, and changes the status for the associated process. Once documentation is loaded that demonstrates completion of the task, the workflow will advance based on a predesignated cycle.  A new enhancement allows the user to specify if the start of the next workflow should advance based on a fixed (i.e. each quarter) or performance (i.e. 15 calendar months) cycle.  The enhancement also allows for the user to schedule a one-time occurrence task.

  • A task description field has been added to allow the user to provide specific instructions to the recipient of the task.

  • Multiple tasks can be assigned to one process.  Previously we only allowed for one task per process.  An example of where this feature might be used is MOD-032, where you may have multiple base case data submittals in one year, with some occurring at the same time.

  • The recipient of an outgoing email for a generated task can click on a link embedded within the email to upload a document to the system directly.

The Global Audit-Ready editor feature just got more efficient.
The Global Audit Ready Editor feature now allows the user to inherit attributes from an existing process.  This makes improves efficiencies when adding a new generator or facility.  With a click, the user can inherit a process from a similar generator and modify the properties such as assigning it to a different subject matter expert.  

The Operator Instruction Log just made logging more efficient and incorporates key indicators for SAIDI and SAIFI.  

  • An Open Logs report allows the operator to click on a link from the report to improve logging efficiency.

  • SAIDI (System Average Interruption Duration Index) and SAIFI (System Average Interruption Frequency Index) values are calculated when logging a distribution or transmission outage.

Industry Events

North American Generator Forum Annual Meeting
Cooper Compliance attended the North American Generator Forum (NAGF) annual meeting held at the NERC headquarters in Atlanta. NAGF was founded in 2009 and has grown to the point that there was standing room only. Presenters from highly knowledgeable industry experts, regions and NERC were extremely informative and valuable. NAGF offers an opportunity for generators to come together to influence and shape the development of regulations, and to share valuable technical information and techniques for meeting your compliance program.  If you are not yet a member of this forum and you are a generator we highly recommend you join NAGF. Request to join NAGF by filling out this information form.

WECC Reliability and Security Workshop
The WECC Reliability and Security Workshop (formerly "Compliance Workshop") is in San Diego from October 22 to 25.  Please come to the Cooper Compliance booth to view our latest products.  We will post our notes at
https://www.coopercompliance.com/download/
Sign up for the conference here.

 
NPCC Fall Compliance & Standards Workshop
The 2018 NPCC Fall Compliance & Standards Workshop is in Providence Rhode Island November 7 - 8. Cooper Compliance will be there!  Sign up here.
 

Retired Standards

For the WECC region, VAR-002-WECC-2 has been retired, as of September 5, 2018. NERC and WECC stated that VAR-002-WECC-2 is no longer necessary because reliability issues addressed in the regional Reliability Standard are adequately addressed by the continent-wide Voltage and Reactive (VAR) Reliability Standards and the retention of the regional Reliability Standard would not provide additional benefits for reliability.
 

New or Revised Standards

BAL-004-WECC-02 was replaced by BAL-004-WECC-3. Titled, “Automatic Time Error
Correction,” BAL-004-WECC-02 became inactive on September 30, and BAL-004-WECC-3 became effective on Oct 1.

PER-006-1, titled “Specific Training for Personnel,” has been approved for future enforcement. The purpose is to ensure that personnel are trained on specific topics essential to reliability to perform or support Real-time operations of the Bulk Electric System. This change replaces the current Standard PRC-001 R1 that requires that the generator operator is familiar with protection systems and their limitations. 
Effective Date: 10/1/2020
Applies to: GOP
 
PRC-027-1, titled “Coordination of Protection Systems for Performance During Faults,” has been approved for future enforcement. The purpose is to maintain the coordination of Protection Systems installed to detect and isolate Faults on Bulk Electric System (BES) Elements, such that those Protection Systems operate in the intended sequence during Faults.
Effective Date: 10/1/2020
Applies to: TO GO DP
 
BAL-002-3 will replace BAL -002-2. Titled “Disturbance Control Standard – Contingency Reserve for Recovery from a Balancing Contingency Event,” this standard’s purpose is to ensure the Balancing Authority or Reserve Sharing Group balances resources and demand and returns the Balancing Authority's or Reserve Sharing Group's Area Control Error to defined values (subject to applicable limits) following a Reportable Balancing Contingency Event.
Effective Date: 10/1/2020
Applies to: BA and RSG
 

Standards Under Development

2016-02 Modifications to CIP Standards | CIP-002-6 and CIP-003-8

Balloting dates: 9/28/18 to 10/9/18
Comment Period:: 8/23/2018 to 10/9/2018
The SDT will modify the CIP family of standards (or develop an equally efficient and effective alternative) to address issues identified by the CIP V5 TAG, address FERC directives contained in Order 822; and address requests for interpretations as directed by the NERC Standards
 

2015-09 Establish and Communicate System Operating Limits

Balloting dates: 10/8/2018  to  10/17/2018
Comment Period: 8/24/2018  to 10/17/2018
Facilities Design, Connections, and Maintenance (FAC) standards fulfill an important reliability objective for determining and communicating System Operating Limits (SOLs) used in the reliable planning and operation of the Bulk Electric System (BES). This project will revise requirements for determining and communicating these SOLs. Revisions are necessary to improve the requirements by eliminating overlap with approved Transmission Planning (TPL) requirements, enhancing consistency with Transmission Operations (TOP) and Interconnection Reliability Operations (IRO) standards, and addressing issues with determining and communicating SOLs and Interconnection Reliability Operating Limits (IROLs).
 

2018-02 Modifications to CIP-008 Cyber Security Incident Reporting (SAR)

Comment Period: passed
Initial Ballot and Non-Binding Poll: 10/18/2018 to 10/22/2018
In Order No. 848 FERC has directed NERC to revise the Standard to require the reporting of Cyber Security Incidents that compromise, or attempt to compromise, a responsible entity’s Electric Security Perimeter (ESP) or associated Electronic Access Control or Monitoring Systems (EACMs).
Cooper Compliance agrees that reporting should be made as directed by NERC.  However, it seems that this Standard should be merged with EOP-004, which requires redundant reporting.

 2018-01 Canadian-specific Revisions to TPL-007-2
Join Ballot Pool: 10/2/2018 to 10/31/2018
Comment Period: 10/2/2018 to 11/15/2018
Initial Ballot:   11/6/2018 to 11/15/2018
The purpose of this project is to enable the option for Canadian Registered Entities to leverage operating experience, observed GMD effects, and on-going research efforts for defining alternative Benchmark GMD Events and/or Supplemental GMD Events that appropriately reflect their specific geographical and geological characteristics. This project also addresses regulatory frameworks specific to Canadian jurisdictions.
 

NERC Guidance Documents

The NERC Planning Committee has released three new helpful guidance documents for those who need to verify and model inverter-based resources.
 
BPS-Connected Inverter-Based Resource Performance guideline provides recommendations for steady-state and dynamic performance characteristics for modeling inverter-based resources.

Methods for Establishing IROLs guideline provides recommendations for conducting analysis of instability, system instability, uncontrolled separation, and cascading for determining Interconnection Reliability Operating Limits (IROLs).

Power Plant Model Verification for Inverter-based Resources guideline provides clarity on validating MOD-025 for Inverter Based generators and the use of performance data as well as additional information needed for proper modeling.  It provides clarification on the difference of data provided under MOD-025, MOD-025, MOD-027 versus MOD-032 and MOD-033.  It provides recommendations on different methods for obtaining modeling data through testing and data validation.

New RSAWs

These RSAWs have been added to the NERC website and have also been added to the Global Audit-Ready software for Cooper Compliance clients.

EOP-004-4

EOP-006-3