Breakfast 7:00 a.m. – 8:00 a.m.
Opening Announcements NERC 2015 Standards and Compliance Spring Workshop April 3, 2015
NERC Antitrust Compliance Guidelines It is NERC’s policy and practice to obey the antitrust laws and to avoid all conduct that unreasonably restrains competition. This policy requires the avoidance of any conduct that violates, or that might appear to violate, the antitrust laws. Among other things, the antitrust laws forbid any agreement between or among competitors regarding prices, availability of service, product design, terms of sale, division of markets, allocation of customers or any other activity that unreasonably restrains competition. 2 RELI ABI LI TY | ACCOUNTABI LI TY
Public Announcement Participants are reminded that this meeting is public. Notice of the meeting was posted on the NERC website and widely distributed. The notice included the number for dial-in participation. Participants should keep in mind that the audience may include members of the press and representatives of various governmental authorities. 3 RELI ABI LI TY | ACCOUNTABI LI TY
General Announcements • Westin-Meeting • Wi-Fi Code: NERCWB 4 RELI ABI LI TY | ACCOUNTABI LI TY
Today’s Agenda • 8:15–9:15 a.m.: Overview of Stakeholder Guidance on Standards Associated with Risk Elements • 9:15–9:30 a.m.: Legal and Regulatory Update • 9:30–10:45 a.m.: CIP Cyber Security Standards • 10:45–11:00 a.m.: Break • 11:00–11:30 a.m.: 2015 and Beyond • 11:30–Noon: Miscellaneous Q&A and Closing Remarks 5 RELI ABI LI TY | ACCOUNTABI LI TY
6 RELI ABI LI TY | ACCOUNTABI LI TY
Guidance on Standards Associated with Risk Elements Marisa Hecht, Senior Advisor, Compliance Assurance Ed Kichline, Senior Counsel, Associate Director of Enforcement 2015 Standards & Compliance Spring Workshop April 3, 2015
Overview • Purpose • Background • What are Risk Elements? • Risk Elements Development Process • Compliance Monitoring and Enforcement Program (CMEP) Implementation Plan • 2015 Risk Elements • Webinar Series • Focus on COM-002-2, Requirement R2 2 RELI ABI LI TY | ACCOUNTABI LI TY
Purpose • Educate stakeholders on role of Risk Elements in compliance monitoring • Introduce webinar series that will provide helpful best practices regarding standards and requirements associated with Risk Elements 3 RELI ABI LI TY | ACCOUNTABI LI TY
Background • Annual Implementation Plan tailored to risk-based approach to CMEP • Replacement of a static, one-size-fits-all list of Reliability Standards, Actively Monitored List (AML) Risk focus areas ≠ AML ≠ Audit Scope Monitoring plan reflects risk focus areas and Inherent Risk Assessment (IRA) and Internal Controls Evaluation (ICE) processes • Removal of six-year audit cycles Three-year cycles remain for BA, RC, and TOP Regional Entities (REs) will determine compliance oversight plan for other registered entities o Use existing CMEP tools 4 RELI ABI LI TY | ACCOUNTABI LI TY
What are Risk Elements? • First step in Risk-based Compliance Oversight Framework • Identification and prioritization of enterprise-wide risks Potential impact to the reliability of the Bulk Power System (BPS) • Risk Elements map to Reliability Standards Replace prior actively monitored lists REs also consider Region-specific risks 5 RELI ABI LI TY | ACCOUNTABI LI TY
What are Risk Elements? Risk-based Compliance Oversight Framework (Framework) 6 RELI ABI LI TY | ACCOUNTABI LI TY
What are Risk Elements? • Assessment of Risk Elements occurs at least annually Revised as needed • Supports Regional assessment of risks • Input into the annual ERO CMEP Implementation Plan 7 RELI ABI LI TY | ACCOUNTABI LI TY
Risk Elements Development Process • Steps to identify risks outlined in the Risk Elements Guide • Includes areas of focus and associated Reliability Standards 8 RELI ABI LI TY | ACCOUNTABI LI TY
Risk Elements Development Process Collect the ERO Enterprise data. Develop a matrix and prioritize reliability risks. Identify an effective body of Reliability Standards related to the risks. Select a sub-set of risks for additional focus based on significance and existence of Reliability Standards for that risk Identify the specific Requirements related to their management of risk. Consider additional factors and remove Requirements not appropriate for additional focus Review functional entities to determine their importance to the remaining Requirements Consider Requirements and functional entities remaining and determine if any additional guidance should be provided to CEAs Post Implementation Plan in September each year. 9 RELI ABI LI TY | ACCOUNTABI LI TY
CMEP I mplementation Plan • Purpose Annual operating plan for NERC and the REs Implementation of risk-based approach for CMEP activities • NERC release on or about September 1 of preceding year REs submit Regional IPs on or about October 1 NERC reviews and posts revised IP in November to include RE IPs RE IPs subject to review and approval by NERC • Updates occur throughout implementation year, as needed 10 RELI ABI LI TY | ACCOUNTABI LI TY
CMEP I mplementation Plan • CMEP IP provides details on: ERO Enterprise’s Risk-based Compliance Oversight Framework Prioritized list of Enterprise-wide risk focus areas o Map to associated Reliability Standards o Do not include all potential risks to BPS o REs consider local risks and circumstances within regional footprint Guidance on Regional Risk Assessments Enforcement activities o Compliance exceptions o Self-logging program 11 RELI ABI LI TY | ACCOUNTABI LI TY
Regional CMEP I mplementation Plans • Consider ERO Enterprise risk focus areas Risks identified in the ERO CMEP IP Regional risks • Explain how regional risks were identified Including why risk elements in the ERO CMEP IP are not included 12 RELI ABI LI TY | ACCOUNTABI LI TY
Key Takeaways • Regional IPs provide further detail on risk focus areas and compliance oversight plans • REs tailor compliance oversight plans for registered entities • REs are at varying stages of implementing IRA and ICE processes • NERC oversight and continued training will help ensure consistency 13 RELI ABI LI TY | ACCOUNTABI LI TY
2015 Risk Elements • Nine areas of focus for 2015 consideration 1.Infrastructure maintenance 2.Uncoordinated protection systems 3.Protection systems misoperations 4.Workforce capability 5.Monitoring and situational awareness 6.Long term planning and system analysis 7.Threats to cyber systems 8.Human error 9.Extreme physical events 14 RELI ABI LI TY | ACCOUNTABI LI TY
Webinar Series • Highlights one Risk Element • Provides training on associated standards • Third Thursday of every month starting in April • Starts at 1 pm Eastern 15 RELI ABI LI TY | ACCOUNTABI LI TY
Webinar Series Subject Date Uncoordinated Protection Systems April 16, 2015 Monitoring and Situational Awareness May 21, 2015 Infrastructure Maintenance June 18, 2015 Protection System Misoperation July 16, 2015 Workforce Capability August 20, 2015 Long Term Planning and System Analysis September 17, 2015 Extreme Physical Events October 15, 2015 Threats to Cyber Systems November 19, 2015 16 RELI ABI LI TY | ACCOUNTABI LI TY
Webinar Series 17 RELI ABI LI TY | ACCOUNTABI LI TY
Resources • 2015 ERO CMEP IP located on NERC website at: http://www.nerc.com/pa/comp/Reliability%20Assurance%20Initia tive/Final_2015%20CMEP%20IP_V7_090814.pdf • Risk Elements Guide for Development of the 2015 CMEP IP located at: http://www.nerc.com/pa/comp/Reliability%20Assurance%20Initia tive/Final_RiskElementsGuide_090814.pdf • RAI website for activities and updates: http://www.nerc.com/pa/comp/Pages/Reliability-Assurance- Initiative.asp 18 RELI ABI LI TY | ACCOUNTABI LI TY
2015 Risk Element: Human Error Marisa Hecht, Senior Advisor, Compliance Assurance Ed Kichline, Senior Counsel, Associate Director of Enforcement Spring 2015 Standards & Compliance Workshop April 3, 2015
2015 Risk Element: Human Error 20 RELI ABI LI TY | ACCOUNTABI LI TY
2015 Risk Element: Human Error I nputs • ERO Priorities: RISC Updates and Recommendations Organizational or management challenges contribute to operational error Communication errors • ERO Top Priority Reliability Risks 2014-2017 report Human error appropriately addressed Need for continued attention 21 RELI ABI LI TY | ACCOUNTABI LI TY
2015 Risk Element: Human Error Communications • Effective communication reduces errors • Clear communications enable effective operations COM standards developed to address communications Operating Committee developed best practices for communications 22 RELI ABI LI TY | ACCOUNTABI LI TY
2015 Risk Element: Human Error COM-002-2 • Top Violated Serious Risk Standards (by date of filing) 23 RELI ABI LI TY | ACCOUNTABI LI TY
2015 Risk Element: Human Error COM-002-2, Requirement R2 24 RELI ABI LI TY | ACCOUNTABI LI TY
Recommend
More recommend