Beruflich Dokumente
Kultur Dokumente
Compliance Monitoring
and Enforcement Program
Implementation Plan
Version 2.5
July 2016
Table of Contents
Revision History ......................................................................................................................................................... iv
Preface ........................................................................................................................................................................ v
Introduction ................................................................................................................................................................1
Purpose ...................................................................................................................................................................1
Implementation Plan ..............................................................................................................................................1
Significant Initiatives Impacting CMEP Activities .......................................................................................................2
Risk-Based Registration Initiative ...........................................................................................................................2
Critical Infrastructure Protection Reliability Standards, Version 5 .........................................................................2
Physical Security NERC Reliability Standard CIP-014-2 ...........................................................................................3
Risk-Based Approach to Compliance Monitoring and Enforcement ..........................................................................4
Risk-Based Compliance Monitoring ........................................................................................................................4
Risk-Based Enforcement .........................................................................................................................................7
Risk-Based Compliance Oversight Plan...................................................................................................................8
2016 Risk Elements .................................................................................................................................................9
Regional Risk Assessments .................................................................................................................................. 15
Regional Compliance Monitoring Plan ................................................................................................................ 15
Appendix A1 - Florida Reliability Coordinating Council (FRCC) 2016 CMEP Implementation Plan ......................... 18
Compliance Monitoring and Enforcement .......................................................................................................... 18
Regional Risk Assessment Process ....................................................................................................................... 19
Regional Risks and Associated Reliability Standards ........................................................................................... 21
Regional Compliance Monitoring Plan ................................................................................................................ 21
Compliance Outreach .......................................................................................................................................... 23
Appendix A2 - Midwest Reliability Organization (MRO) 2016 CMEP Implementation Plan ................................... 24
Compliance Monitoring and Enforcement .......................................................................................................... 24
Regional Risk Assessment Process ....................................................................................................................... 24
Regional Compliance Monitoring Plan ................................................................................................................ 25
Compliance Outreach .......................................................................................................................................... 27
Appendix A3 - Northeast Power Coordinating Council (NPCC) 2016 CMEP Implementation Plan......................... 28
Compliance Monitoring and Enforcement .......................................................................................................... 28
Regional Risk Assessment Process ....................................................................................................................... 29
Regional Risk Elements and Areas of Focus......................................................................................................... 30
Regional Compliance Monitoring Plan ................................................................................................................ 33
1.
1.
2.
3.
4.
5.
2.
3.
4.
5.
Appendix A6 - Southwest Power Pool Regional Entity (SPP RE) 2016 CMEP Implementation Plan ....................... 63
1.
2.
3.
4.
5.
Appendix A7 - Texas Reliability Entity (Texas RE) 2016 CMEP Implementation Plan ............................................. 68
1.
2.
3.
4.
5.
Appendix A8 - Western Electricity Coordinating Council (WECC) 2016 CMEP Implementation Plan ..................... 76
1.
2.
3.
4.
5.
NERC | 2016 ERO CMEP Implementation Plan Version 2.5 | July 2016
iii
Revision History
Version
Version 1.0
Version 2.0
Date
September 10, 2015
November 17, 2015
Revision Detail
Initial release of the 2016 ERO Enterprise CMEP Implementation Plan
ERO Enterprise CMEP Implementation Plan updated to include RE
Implementation Plans within the Appendix A. Significant changes
include:
Version 2.1
Corrected the link to the SERC 2016 Audit Schedule within the
same appendix.
Version 2.2
Version 2.3
Version 2.4
Version 2.5
December 1, 2015
December 8, 2015
NERC | 2016 ERO CMEP Implementation Plan Version 2.5 | July 2016
iv
Preface
The North American Electric Reliability Corporation (NERC) is a not-for-profit international regulatory authority
whose mission is to assure the reliability of the bulk power system (BPS) in North America. NERC develops and
enforces Reliability Standards; annually assesses seasonal and longterm reliability; monitors the BPS through
system awareness; and educates, trains, and certifies industry personnel. NERCs area of responsibility spans the
continental United States, Canada, and the northern portion of Baja California in Mexico. NERC is the electric
reliability organization (ERO) for North America, subject to oversight by the Federal Energy Regulatory Commission
(FERC) and governmental authorities in Canada. NERCs jurisdiction includes users, owners, and operators of the
BPS, which serves more than 334 million people.
The North American BPS is divided into eight Regional Entity (RE) boundaries, as shown in the map and
corresponding table below.
The Regional boundaries in this map are approximate. The highlighted area between SPP and SERC denotes overlap as some
load-serving entities participate in one Region while associated transmission owners/operators participate in another.
FRCC
MRO
NPCC
RF
ReliabilityFirst
SERC
SPP RE
Texas RE
WECC
NERC | 2016 ERO CMEP Implementation Plan Version 2.5 | July 2016
v
Introduction
Purpose
The ERO Enterprise Compliance Monitoring and Enforcement Program (CMEP) Implementation Plan (IP) is the
annual operating plan carried out by Compliance Enforcement Authorities (CEAs) while performing their
responsibilities and duties. CEAs, which consist of NERC and the eight Regional Entities (REs), carry out CMEP
activities in accordance with the NERC Rules of Procedure (ROP) (including Appendix 4C), their respective Regional
Delegation Agreements, and other agreements with the Canadian regulatory authorities.
The ROP requires NERC to provide an Implementation Plan to the REs on or about September 1 of the preceding
year.1 REs must submit their Implementation Plans to NERC for review and approval on or about October 1. RE
Implementation Plans provide:
Reliability Standards and Requirements associated with Regional Risk Assessment results;
The RE compliance oversight plan, which includes the annual audit plan; and
The ERO Enterprise maintains a consolidated Implementation Plan that provides guidance and implementation
information common between NERC and the eight REs.
Implementation Plan
In 2014, NERC began consolidating its Implementation Plan (IP) with that of the REs. The consolidated plan uses a
streamlined format that eliminates redundant information, improves transparency of CMEP activities, and
promotes consistency among the REs Implementation Plans. This format provides ERO Enterprise-wide guidance
and implementation information while preserving potential RE differences by appending RE-specific
Implementation Plans to supplement the overall ERO Enterprise Implementation Plan. The RE Implementation
Plans describe risk assessments that identify what risks the REs will consider as part of their compliance oversight
plans.
NERC is responsible for collecting and reviewing the RE Implementation Plans to help ensure REs provide
appropriate and consistent information regarding how they conduct CMEP activities. NERC monitors RE progress
of CMEP activities against the RE Implementation Plans throughout the year and reports on CMEP activities in a
yearend annual CMEP report.2
During the implementation year, NERC or an RE may update the Implementation Plan. Updates may include, but
are not limited to: changes to compliance monitoring processes; changes to RE processes; or updates resulting
from a major event, FERC order, or other matter. REs submit updates to the NERC Compliance Assurance group,
which reviews the updates and makes any needed changes. When changes occur, NERC posts a revised plan on
its website and issues a compliance communication.
RE Implementation Plans were due to NERC for review and approval on or about October 1. NERC has since
reviewed the Regional Implementation Plans and included them in this document in Appendix A (18).
1
2
NERC ROP, Section 403 (Required Attributes of RE Compliance Monitoring and Enforcement Programs).
ERO Enterprise Annual CMEP Reports available at http://www.nerc.com/pa/comp/Pages/AnnualReports.aspx
NERC | 2016 ERO CMEP Implementation Plan Version 2.5 | July 2016
1
Background
NERC launched the Risk-Based Registration (RBR) initiative in 2014 to streamline the approach to identify and
evaluate risks to reliability throughout the ERO Enterprise.3 The new registration process has established clearer
thresholds and ensures that registration is based on risk to reliability. All reliability stakeholders should benefit
from this initiative.
NERC will continue work with the REs throughout 2016 to monitor the RBR effects and to assess the potential
impact of RBR on other ongoing risk-based CMEP activities. NERC and the REs will determine if any other processes
can be streamlined.
Background
On February 25, 2016, FERC issued a letter order4 granting an extension of time to defer the implementation of
the CIP Version 5 Reliability Standards from April 1, 2016 to July 1, 2016 to align with the effective date for the
revised CIP Reliability Standards approved in Order No. 822. Therefore, for Responsible Entities in the United
States, the requirements in the CIP Version 5 standards applicable to high- and medium-impact Bulk Electric
System (BES) Cyber Systems (BCSs) will become enforceable on July 1, 2016. There is no change to enforceable
date for the requirements applicable to low-impact BCSs, which remains April 1, 2017. In other jurisdictions, the
CIP Version 5 standards become effective in accordance with the rules of those individual jurisdictions,
respectively.
Responsible Entities must identify and categorize their BCSs based on CIP Version 5 criteria that are commensurate
with the adverse impact that loss, compromise, or misuse of those systems could have on the reliable operation
of the BES. All registered entities, including those expected to have only Low Impact BES Cyber Systems, must be
compliant with CIP-002-5.1 R1 and R2 as of July 1, 2016.5
Activities
The requirements of CIP Version 5 standards that will affect compliance expectations during 2016 are those with
both initial and recurring performance obligations (e.g., at least once every 15 calendar months). A list of
requirements with performance expectations is included in the Implementation Plan for Version 5 CIP Cyber
Security Standards.6
Once the standards and definitions of terms used in CIP Version 5 become effective, the Responsible Entities
identified in the Applicability section of the standard must comply with the requirements. While Critical
Infrastructure Protection is identified as a separate risk element, discussed below in this report, it is important
that the CIP Standards themselves are also linked to other risk elements identified in this document. Staff that
assess compliance to the CIP standards are encouraged to coordinate with Operations and Planning staff to ensure
that the appropriate risks are identified and addressed.
3
Refer to the RBR Initiative website that contains supporting documents and resources for ongoing RBR activities located here:
http://www.nerc.com/pa/comp/CAC/Pages/Risk-Based%20Registration.aspx.
4
Docket No. RM15-14-000, Order Granting Extension of Time, Issued February 25, 2016
5
Refer to complete list of CIP enforceable dates here:
http://www.nerc.com/pa/CI/Documents/CIP%20Version%205%20Standards%20Implementation%20Dates%20-%20Final.xlsx
6 http://www.nerc.com/pa/Stand/CIP00251RD/Implementation_Plan_clean_4_(2012-1024-1352).pdf%20.
NERC | 2016 ERO CMEP Implementation Plan Version 2.5 | July 2016
2
Background
Physical Security NERC Reliability Standard CIP-014-2 takes effect in October 2015. Requirement R1 is enforceable
on October 1, 2015. Requirements R2 through R6 must be completed according to the timelines specified in the
standard. Focus areas for CIP-014 will involve monitoring evidence for the following attributes:
For additional information on key implementation dates or details on CIP-014-2, registered entities should
communicate with their points of contact at the RE.
NERC | 2016 ERO CMEP Implementation Plan Version 2.5| July 2016
3
NERC | 2016 ERO CMEP Implementation Plan Version 2.5 | July 2016
4
The Implementation Plan contains the ERO Enterprise risk elements, which provide guidance to REs in the
preparation of their RE Implementation Plans. REs are expected to further consider local risks and specific
circumstances associated with individual registered entities within their footprints when developing their
compliance oversight plans. The process for identifying ERO Enterprise and RE risk elements, and their associated
areas of focus, is explained later in the document.
After risk elements and their associated areas of focus are identified and prioritized, the Inherent Risk Assessment
(IRA) occurs. The IRA involves a review of potential risks posed by an individual registered entity to the reliability
of the BPS.7 An IRA considers factors such as assets, systems, geography, interconnectivity, prior compliance
history, and overall unique entity composition. In considering such factors, an IRA is not limited by the risk
elements and associated areas of focus identified in the 2016 ERO Enterprise CMEP IP. Rather, the IRA considers
multiple factors to focus oversight to entity-specific risk and results in the identification of the standards and
requirements that should be monitored.
When developing more specific monitoring plans for registered entities in their footprints, the REs also take into
account any information obtained through the processes outlined in the Internal Control Evaluation (ICE) Guide.8
The ICE guide describes the process for identifying key controls, testing their effectiveness, and documenting the
conclusions of the ICE, allowing a further refinement of the compliance oversight plan. As a result of the ICE, the
REs may further focus compliance monitoring activities for a given entity, and may, for example, change the depth
and how thoroughly a particular area is reviewed.9 Registered entities may elect not to participate in an ICE. In
that case, the RE will use the results of the IRA to determine the appropriate compliance oversight strategy,
including areas of focus and tools within the determined scope.
Ultimately, the RE will determine the type and frequency of the compliance monitoring tools (e.g., offsite or onsite
audits, spot checks or self-certifications) that are warranted for a particular registered entity based on reliability
risks; therefore, the RE may modify the set of core NERC Reliability Standards or pursue compliance assurance
through any monitoring considerations. The determination of the appropriate CMEP tools will be adjusted, as
needed, within a given implementation year.
Coordinated Oversight of Multi-Region Registered Entities
In 2014, the ERO Enterprise initiated the process of developing a comprehensive coordinated oversight program
of multi-region registered entities (MRREs).10 The Coordinated Oversight Program for MRREs is designed to
streamline risk assessment, compliance monitoring and enforcement, and event analysis activities for the
registered entities that use, own, or operate assets in areas covering more than one RE territory.
Under the Coordinated Oversight Program for MRREs, REs will coordinate their oversight responsibilities over
MRREs by designating one Lead RE (LRE) to each MRRE or a group of MRREs.11 The LRE is selected based on BPS
reliability considerations and the registered entitys operational characteristics. The selected LRE works
7
For example, if a registered entity demonstrates effective internal controls for a given Reliability Standard during the ICE, the Regional
Entity may determine that it does not need to audit the registered entitys compliance with that Reliability Standard as frequently, or the
RE may select a different monitoring tool.
10
Coordinated Oversight of MRRE Program Development and Implementation, available at
http://www.nerc.com/pa/comp/Reliability%20Assurance%20Initiative/MRRE%20FAQ%20with%20Notice%201-12-15.pdf
and Compliance Monitoring and Enforcement for Entities Registered in Multiple Regions Webinar June 23, 2015, available at
http://www.nerc.com/pa/comp/Pages/RAI-Workshops-and-Webinars.aspx.
11
The intent of the Coordinated Oversight Program of MRREs is to have a single LRE. However, although not anticipated, if needed there
may be multiple LREs.
NERC | 2016 ERO CMEP Implementation Plan Version 2.5| July 2016
5
collaboratively with the remaining REs, known as Affected REs, and informs NERC of activities as appropriate. The
Coordinated Oversight Program is flexible and voluntary for MRREs.
Compliance Assessments for Events and Disturbances
An important component of the ERO Enterprises risk-based approach to compliance monitoring is voluntary
participation in the Compliance Assessment (CA) Process by registered entities after an event or disturbance.
Through the Event Analysis Process, the ERO Enterprise promotes a culture of reliability excellence that
encourages an aggressive and critical self-review and analysis of operations, planning, and critical infrastructure
performance.
The CA Process is a complementary review of the event focused on the evaluation of compliance with Reliability
Standards. A registered entity completes a CA by reviewing the facts and circumstances of an event or disturbance,
identifying relevant Reliability Standards and Requirements, evaluating compliance with these standards and
requirements, and self-reporting any potential noncompliance. RE compliance staff also assess significant events
and disturbances to increase awareness of reliability risks that may guide further compliance monitoring activities.
RE Responsibilities in CA Process
REs will review system event reports and CA reports provided by registered entities and may use a risk-based
approach to prioritize these evaluations. However, the REs will conduct a Regional Compliance Evaluation (RCE)
for all Category 2 and above events. By exception, the RE may also examine lower category events that indicate
the need for closer examination. As part of its independent evaluation of the CA, the RE may request additional
information from the registered entity if it is needed to better understand the event. This process, while informal,
may be used to recommend a formal compliance monitoring method, such as a spot check, or be used to
recommend a modification to the scope of an upcoming audit.
The scope of RCEs and the manner in which the REs and NERC evaluate, process, and respond to these reviews
should reflect the significance of the event. The registered entity can greatly assist the RE by providing a thorough
and systematic self-evaluation in its CA. The RE will share the RCE and CA with NERC staff.
12
http://www.nerc.com/pa/rrm/ea/EA%20Program%20Document%20Library/ERO_EAP_V3_final.pdf
NERC | 2016 ERO CMEP Implementation Plan Version 2.5| July 2016
6
Risk-Based Enforcement
The ERO Enterprises risk-based enforcement defines, communicates, and promotes desired entity behavior in an
effort to improve the reliability of the BPS. Specifically, risk-based enforcement allows the ERO Enterprise to focus
on higher risks to the reliability of the BPS while maintaining the ERO Enterprises visibility into potential
noncompliance issues, regardless of the level of risk they pose. With this in mind, the ERO Enterprise developed
Compliance Exceptions and the self-logging program to resolve instances of minimal-risk noncompliancein
particular, those that are self-identifiedin a more streamlined manner.
Compliance Exceptions
Beginning in November 2013, the ERO Enterprise began identifying minimal-risk noncompliance that does not
warrant a penalty and that would be recorded and mitigated without triggering an enforcement action. This type
of noncompliance, which is not pursued through an enforcement action by the ERO Enterprise, is called a
Compliance Exception.
Compliance Exceptions build on the success of the Find, Fix, Track and Report (FFT) program, which was the first
step in implementing a risk-based strategy that recognizes that not all instances of noncompliance require the
same type of enforcement process. The use of this streamlined mechanism is informed by the facts and
circumstances of the noncompliance, the risk posed by the noncompliance to the reliability of the BPS, and the
deterrent effect of an enforcement action or penalty, among other things. These considerations are very similar
to the considerations that have been used since 2011 to determine whether a noncompliance should be processed
as an FFT. Only a noncompliance posing minimal risk to the reliability of the BPS is eligible for Compliance
Exception treatment.
Self-Logging Program
Through the self-logging program, the ERO Enterprise encourages registered entities to detect, accurately assess
the risk of, and adequately mitigate minimal-risk noncompliance with Reliability Standards. In evaluating whether
a registered entity is eligible for the program, an RE reviews the internal controls the registered entity uses to selfassess and address its noncompliance. In this sense, the evaluation of eligibility for self-logging is distinct from an
ICE conducted for the purposes of tailoring the specific monitoring activities of a CEA for a particular registered
entity.
Registered entities found eligible by the CEA to participate in the self-logging program, after a formal review of
internal controls, may be granted approval by the CEA to log noncompliance for subsequent review in lieu of
submitting a self-report. In determining eligibility for self-logging, the Regional Entities consider whether a
registered entity is capable of self-identifying and mitigating minimal risk noncompliance on its own, as
demonstrated by, among other things: 1) the registered entitys history of initiative and recognition of compliance
obligations; 2) the registered entitys reliable and accurate self-reporting of noncompliance to the Regional
Entities; 3) the registered entitys history of mitigating its noncompliance in a timely and thorough manner; 4) the
quality, comprehensiveness, and execution of the registered entitys ICP; 5) the registered entitys cooperation
with the RE during enforcement actions, compliance monitoring activities, and RE outreach; and 6) the registered
entitys performance during Regional Compliance Audits. The log is limited to noncompliance posing a minimal
risk to the reliability of the BPS unless otherwise authorized by an applicable governmental authority. Approved
registered entities maintain a log with a detailed description of the noncompliance, the risk assessment, and the
mitigating activities completed or to be completed. There is a rebuttable presumption that minimal-risk
noncompliance logged in this manner will be resolved as a CE. The CEA periodically reviews the logs and provides
the resulting CEs to NERC for posting on the NERC website.
The self-logging program also encourages the development and communication of management practices by
registered entities and rewards registered entities for implementing demonstrated, effective controls to detect
and correct issues as they arise.
NERC | 2016 ERO CMEP Implementation Plan Version 2.5| July 2016
7
Risk Elements Guide for Development of the 2015 CMEP IP, available at
http://www.nerc.com/pa/comp/Reliability%20Assurance%20Initiative/Final_RiskElementsGuide_090814.pdf.
NERC | 2016 ERO CMEP Implementation Plan Version 2.5| July 2016
8
System Downtime
NERC has analyzed data and identified that outages of tools and monitoring systems are fairly common
occurrences. Events involving a complete loss of SCADA control, or monitoring functionality for 30 minutes or
more, are the most common grid-related events since 2012 and limit the situational awareness of operators. Lessthan-adequate situational awareness has the potential for significant negative reliability consequences and is
often a precursor event or contributor to events. Additionally, insufficient communication and data regarding
neighboring entities operations could result in invalid assumptions of another systems behavior or system state.
14
Furthermore, with the transition to CIP Version 5 in 2016, entities are to use a rigorous criteria to determine the
BCSs that will be subject to the technical security requirements. With such a major shift in this key aspect of
entities CIP and security programs, it is important to perform the analyses early so that critical BCSs are identified
and potential gaps in the security controls used to protect BCSs is minimized.
Unauthorized Access
Unauthorized access can lead to BCSs being compromised and is a major risk to systems that are used to monitor
and control the BES. The RISC report describes the implementation of mandatory CIP standards and the
establishment of the E-ISAC as substantial risk mitigation measures, but cyber-attack is a constantly evolving
threat. Any communication gaps between cyber experts and industry operators could lead to vulnerabilities. Also,
the fast-paced rate of changes in technology with increased reliance on automation, remote control technology,
and grid sensors that enable the close monitoring and operations of systems means that advanced tools are
needed to counter those threats.
Areas of Focus17
Standard
CIP-002-5.1
CIP-005-5
CIP-006-6
CIP-007-6
17
Balancing Authority
Reliability Coordinator
Transmission Operator
Transmission Owner
Control Centers
Backup Control Centers
Data Centers
While Table 3 lists the CIP Version 5 Reliability Standards, the ERO, through release of its Cyber Security Reliability Standards CIP Version
5 Transition Guidance, actively encourages and supports registered entities transitioning from compliance with the Version 3 Reliability
Standards directly to the Version 5 Reliability Standards. As stated in that guidance, NERC and the Regional Entities will take a flexible
compliance monitoring and enforcement approach for the CIP Reliability Standards prior to the Enforceable Date of the Version 5
Reliability Standards, recognizing that the details of implementing a Version 3 to Version 5 transition may cause a significant impact on
certain compliance monitoring activities.
NERC | 2016 ERO CMEP Implementation Plan Version 2.5| July 2016
10
Acts of Nature
The RISC report identifies severe weather events (e.g., hurricanes, tornadoes, polar vortices, GMDs, etc.) as
physical events that, at the extreme, can cause equipment damage that is interconnection-wide, lead to fuel
limitations, and disrupt telecommunications. Because of the long lead time needed to manufacture and replace
some BPS assets, an extreme physical event that causes extensive damage to equipment could result in degraded
reliability for an extended period of time.
Man-Made
The second component of extreme physical events is those that are man-made. As stated in the RISC report,
coordinated sabotage such as localized physical attacks of significance or electromagnetic pulse (EMP) attacks are
physical events that, at the extreme, can cause extensive interconnection-wide equipment damage and disrupt
telecommunications. As previously mentioned, the lead time for manufacturing and replacing some BPS assets
could result in degraded reliability for an extended period of time.
Areas of Focus
Table 4: Extreme Physical Events
Standard
Requirements
Entities for Attention
EOP-010-1
R1, R3
Reliability Coordinator
Transmission Operator
CIP-014-2
R1, R2, R3
Transmission Owner
18
transmission outages, and associated potential for cascading events, due to vegetation growth in the transmission
Right-of-Way.
Areas of Focus
Table 5: Maintenance and Management of BPS Assets
Standard
Requirements
Entities for Attention
Generator Owners
FAC-008-3
R6
Transmission Owners
Distribution Providers
PRC-005-2(i) R3, R4, R5
Generator Owners
Transmission Owners
FAC-003-3
R1, R2, R6, R7
Generator Owners
Transmission Owners
Monitoring and Situational Awareness
Without the right tools and data, operators can make decisions that may or may not be appropriate to ensure
reliability for the given state of the system. NERCs ERO Top Priority Reliability Risks 2014-2017 notes that stale
data and lack of analysis capabilities contributed to the blackout events in 2003 (August 14, 2003 Blackout) and
2011 (Arizona-Southern California Outages). Certain essential functional capabilities must be in place with upto-date information available for staff to use on a regular basis to make informed decisions. The areas of focus for
monitoring and situational awareness are outlined in Table 6.
An essential component of Monitoring and Situational Awareness is the availability of information when needed.
Unexpected outages of tools, or planned outages without appropriate coordination or oversight, can leave
operators without visibility to some or all of the systems they operate. While failure of a decisionsupport tool is
rarely the cause of an event, such failures manifest as latent risks that further hinder the decisionmaking
capabilities of the operator. One clear example of this is the August 14, 2003 Blackout
NERC has analyzed data and identified that outages of tools and monitoring systems are fairly common
occurrences. The RISCs ERO Priorities: RISC Updates and Recommendations report and NERCs ERO Top Priority
Reliability Risks 2014-2017 report recognize this concern.
Areas of Focus
Table 6: Monitoring and Situational Awareness
Standard
Requirements
Entities for Attention
IRO-005-3.1a R1, R2
Reliability Coordinator
Balancing Authority
TOP-006-2
R1, R2, R7
Reliability Coordinator
Transmission Operator
Protection System Failures
Protection systems are designed to remove equipment from service so it wont be damaged when a fault occurs.
Protection systems that trip unnecessarily can contribute significantly to the extent of an event. When protection
systems are not coordinated properly, the order of execution can result in either incorrect elements being
removed from service or more elements being removed than necessary. This can also occur with Special
Protection Systems, Remedial Action Schemes, and Underfrequency Load Shedding and Undervoltage Load
Shedding schemes. Such coordination errors occurred in the Arizona-Southern California Outages (see
NERC | 2016 ERO CMEP Implementation Plan Version 2.5| July 2016
12
recommendation 19)19 and the August 14, 2003 Blackout (see recommendation 21).20 The areas of focus for
protection system failures are outlined in Table 7.
Additionally, a protection system that does not trip or is slow to trip may lead to the damage of equipment (which
may result in degraded reliability for an extended period of time), while a protection system that trips when it
shouldnt can remove important elements of the power system from service at times when they are needed most.
Unnecessary trips can even start cascading failures as each successive trip can cause another protection system
to trip. The NERC 2015 State of Reliability report concludes that protection system misoperations can severely
increase risk to reliability. According to the report, 68 percent of the transmission-related events meeting a
category description in the ERO Event Analysis Process have protection system misoperations associated with
them that either initiated the event or caused it to be more severe.21
Both the RISCs ERO Priorities: RISC Updates and Recommendations report and NERCs ERO Top Priority Reliability
Risks 2014-2017 report recognize protection systems as a significant risk based on analysis contained in the state
of reliability reports from 2012, 2013, and 2015.
Areas of Focus
Table 7: Protection System Failures
Standard
Requirements
Entities for Attention
Generator Operator
PRC-001-1.1(ii) R3, R4, R5
Transmission Operator
Distribution Provider
PRC-004-2.1(i)a R1, R2
Generator Owner
Transmission Owner
Event Response/Recovery
When events occur, the safe and efficient restoration of transmission service to critical load in a timely manner is
of utmost importance. As the RISC identifies in its ERO Priorities: RISC Updates and Recommendations report, the
effect of poor event response and recovery is far reaching and not only causes safety, operational, or equipment
related risks during restoration activities, but also contributes to prolonged transmission outage durations,
thereby increasing the duration of BPS unreliability. The areas of focus for event response/recovery are outlined
in Table 8.
An additional risk to event response and recovery is the unavailability of generators. Extreme weather conditions,
severe cold, heat, and drought create significant stress on maintaining overall BPS reliability and present unique
challenges for electric system planners and operators. These conditions can significantly increase residential and
commercial electricity demand and consumption, at the same time imposing adverse RE generation impacts and
fuel availability issues. Extreme weather conditions can also vary the amount of wind and clouds (fuel for variable
energy resources) that impact the expected amount of available renewable generation in some areas.
When combined, the heightened electricity demand, increased potential for failure of power plant components,
limitations on fuel supply availability, and competing use of certain fuels can lead to increased risks of adverse
reliability impacts, including simultaneous forced outages, de-ratings, and failures to start of multiple generating
units. When these severe conditions are present over large geographic areas, the combined impacts on the fuel
19
NERC | 2016 ERO CMEP Implementation Plan Version 2.5| July 2016
13
supply, power plant operations, generation unavailability, and heightened electricity demand can lead to severe
reliability impacts.
These extreme conditions occur beyond the extent of planned stress conditions, anticipated severe operation
conditions, or fuel supply availability expectations. Further, the conditions can lead to imprecise forecasts of
residential and commercial electricity demand, which is the baseline for planning the BPS and operators
determining the amount of electric generation needed during critical periods. When the combination of some, or
all, of these conditions occurs during these extreme incidents, the end result can be operations under severe
unanticipated scenarios or a shortage of generation, prompting operators to implement curtailments or shed load
in local areas to maintain reliability in the overall grid.
Both the RISC in its ERO Priorities: RISC Updates and Recommendations report and NERCs ERO Top Priority
Reliability Risks 2014-2017 report recognized this concern.
Areas of Focus
Table 8: Event Response/Recovery
Standard
Requirements
Entities for Attention
Balancing Authority
EOP-001-2.1b R1, R2, R3
Transmission Operator
Reliability Coordinator
TOP-007-0
R1, R2, R3, R4
Transmission Operator
Human Performance
Human performance remains a key focus for the ERO Enterprise. Poor human performance generally refers to
situations in which a human being makes a decision that contributes to operational errors. Stronger management
and organizational support greatly contribute to the reduction and prevention of operational errors. Included in
this subset are communication errors that can pose a significant potential risk to BPS reliability. Human
performance was identified as a key issue by the RISC in its ERO Priorities: RISC Updates and Recommendations
report. The areas of focus for human performance are outlined in Table 9.
Areas of Focus
Standard
COM-002-2
PER-005-1
to reliability if not properly considered in local planning cases. Planning and system analysis has been highlighted
as a concern in RISCs ERO Priorities: RISC Updates and Recommendations report and NERCs ERO Top Priority
Reliability Risks 2014-2017 report. NERCs annual Long-Term Reliability Assessment22 forms the basis of NERCs
assessment of emerging reliability issues. The areas of focus for planning and systems analysis are outlined in
Table 10.
Areas of Focus
Table 10: Planning and System Analysis
Standard
Requirements
Entities for Attention
EOP-002-3.1 R4
Balancing Authority
Planning Coordinator
TPL-001-4
R1, R2, R3, R4
Transmission Planner
Reliability Coordinator
FAC-014-2
R1, R5
Transmission Operator
Gather and review RE-specific risk reports and operational information (e.g., interconnection points and
critical paths, system geography, seasonal/ambient conditions, etc.);
Identify associated Reliability Standards and Requirements for IRAs, ICEs, and ultimately the compliance
oversight plan.
The RE Implementation Plans will describe the process and results for how the RE considered and identified
Region-specific risks. The RE Implementation Plans should explain how REs identified risks their footprints,
including reasons why any ERO risk elements identified above are not included or applicable to the RE footprint.
Although each RE will consider risk elements, and may use similar risk considerations, the output of the Regional
Risk Assessments may differ as a result of RE characteristics and the uniqueness of each REs footprint. REs are
encouraged to align their RE risk elements with the ERO risk elements as much as possible as RE risk elements
should be viewed as incremental to the ERO risk elements.
22
http://www.nerc.com/pa/RAPA/ra/Reliability%20Assessments%20DL/2014LTRA_ERRATA.pdf.
NERC | 2016 ERO CMEP Implementation Plan Version 2.5| July 2016
15
23
In addition to the ERO Enterprise monitoring identified in this section, REs will conduct audits based on their 2016 audit schedules and
consider the ERO Enterprise and Regional risk elements and areas of focus when conducting risk-based activities throughout the year.
IRA results may identify Reliability Standards and requirements, beyond those identified within the ERO Enterprise and Regional CMEP
Implementation Plans, for inclusion in the registered entitys compliance oversight plan based on the risk the entity poses to the BES.
24 The LRE will provide notice for the CIP-002-5.1 self-certification and instructions for registered entities participating in the Coordinated
Oversight Program for MRREs.
25 The LRE will provide notice for the CIP-014-2 R1 through R3 self-certification and instructions for registered entities participating in the
Coordinated Oversight Program for MRREs.
NERC | 2016 ERO CMEP Implementation Plan Version 2.5| July 2016
16
NERC | 2016 ERO CMEP Implementation Plan Version 2.5| July 2016
17
The FRCC will continue its practice, which began in 2015 to include a Management Review prior to the
completion of each Compliance Audit and Spot Check with a possible noncompliance finding. In order to
facilitate the Management Review, the final audit exit briefings will be conducted remotely, following onsite activities. However, the audit team will present a summary briefing to the entity prior to concluding
the on-site portion of the audit.
In addition to above, FRCC will also continue to conduct Management Reviews of a sample of completed
audits and spot checks that did not have a non-compliance finding. These Management Reviews will be
focused on process implementation and will consider quality assurance and risk reduction in the approach
to the reviews.
FRCC will implement the use of a new software tool to assist with the review and verification of firewall
rulesets.
FRCC will continue to participate in Coordinated Oversight of registered entities that are registered in
multiple Regions (MRREs). Currently there are three (3) FRCC registered entities that are participating in
coordinated oversight with Regional Entities other than the FRCC are performing the Lead Regional Entity
(LRE) role.
FRCC will continue its CIP Version 5 Outreach as identified in the Compliance Outreach section below.
FRCC enforcement staff will continue to use the risk based enforcement methods that began in late 2014
and early 2015. This includes the use of Compliance Exceptions as an option for disposition of minimal risk
non-compliances and the use of FFT as an option for minimal and moderate risk non-compliances.
FRCC will continue to evaluate registered entities for potential inclusion into the Entity Self-Logging
program which allows those registered entities that have demonstrated effective management practices
to keep track of minimal risk non-compliances (and associated mitigation) on a log that is periodically
reviewed by FRCC.
For those registered entities scheduled for an audit or spot check in 2016, FRCC will re-evaluate the
existing initial IRA and COP prepared in 2015. The re-evaluation will be based on the Risk Elements
identified the 2016 Implementation Plan.
Due to the lengthy implementation plan timelines for PRC-005, FRCC will include PRC-005-1.1b in any
monitoring engagements that include PRC-005-2(i), PRC-005-3(i) or PRC-005-4.
Internal Control Evaluations (ICE) may be performed for controls submitted by the entity for high risk
Requirements from IRA output
NERC | 2016 ERO CMEP Implementation Plan Version 2.5 | July 2016
18
Appendix A1 - Florida Reliability Coordinating Council (FRCC) 2016 CMEP Implementation Plan
Balancing Authority
Distribution Provider
Generator Operator
Generator Owner
Planning Authority
Resource Planner
Transmission Operator
Transmission Owner
Transmission Planner
The FRCC (Member Services division) is registered as a Reliability Coordinator and Planning Coordinator. The SERC
Regional Entity is the Compliance Enforcement Authority for these FRCC registered functions.
The FRCC has not identified any region-specific risks associated specifically with the number and type of registered
functions within the FRCC, and therefore has not included additional Reliability Standards due to registered
functions.
Geographic location, seasonal/ambient conditions, terrain and acts of nature
The area of the State of Florida that is within the FRCC Region is peninsular Florida east of the Apalachicola River.
Areas west of the Apalachicola River are within the SERC Region. The entire FRCC Region is within the Eastern
Interconnection and is under the direction of the FRCC Reliability Coordinator.
The FRCC considers factors such as its susceptibility to tropical storms and hurricanes when considering additional
Reliability Standards for inclusion in its monitoring activities. Such storms increase the probability of the Region
experiencing transmission line vegetation contact, significant imbalances in generation and load, the need to
NERC | 2016 ERO CMEP Implementation Plan Version 2.5| July 2016
19
Appendix A1 - Florida Reliability Coordinating Council (FRCC) 2016 CMEP Implementation Plan
evacuate control centers, and the need to implement restoration plans. As a result, requirements of the Reliability
Standards for System Restoration from Blackstart Resources, Loss of Control Center Functionality, Transmission
Vegetation Management, and Automatic Underfrequency Load Shedding have been added.
BPS transmission lines (circuit miles, voltage levels, IROL flowgates)
The FRCC has not identified any region specific risks associated with the BPS transmission lines located in the FRCC
region, and therefore has not included additional Reliability Standards due to BPS transmission line concerns.
BPS generation facilities
The FRCC has not identified any region specific risks associated with the BPS generation facilities located in the
FRCC region, and therefore has not included additional Reliability Standards due to BPS generation facility
concerns.
Blackstart Resources
Requirements of the Reliability Standard for System Restoration from Blackstart Resources are already included
in the geographic location section above.
Interconnection points and critical paths
The FRCC region only connects to the Eastern Interconnection on the north side of the region due to its peninsular
geography. Therefore, the FRCC considers factors such as susceptibility to system separation when selecting
additional Reliability Standards for inclusion in its monitoring activities. As a result of the FRCCs limited
interconnection points, and as also mentioned for geographic location previously, requirements of the Reliability
Standard for Automatic Underfrequency Load Shedding have been added.
Special Protection Schemes
The FRCC considers factors such as any major Special Protection Schemes (SPS) installed in the FRCC region when
considering additional Reliability Standards for inclusion in its monitoring activities. As a result of a major SPS in
the FRCC region, and as also mentioned for geographic location and interconnection points previously,
requirements of the Reliability Standards for Automatic Underfrequency Load Shedding, Special Protection
System Misoperations, and Special Protection System Maintenance and Testing have been added.
System events and trends
The FRCC considers system events within the FRCC region when considering additional Reliability Standards for
inclusion in its monitoring activities. External events are reviewed and considered in NERCs Risk Elements. As no
major internal events have occurred recently, FRCC has not included additional Reliability Standards due to system
events and trends.
Compliance history trends
The FRCC considers historical compliance trends within the region when considering additional Reliability
Standards for inclusion in its monitoring activities. No significant compliance trends have been identified in the
FRCC Region to justify the addition of any Reliability Standards.
NERC | 2016 ERO CMEP Implementation Plan Version 2.5| July 2016
20
Appendix A1 - Florida Reliability Coordinating Council (FRCC) 2016 CMEP Implementation Plan
Justification
Extreme Physical
Events
EOP-008-1 R6
FAC-003-3 R5
FAC-003-3 R6 and R7
PRC-006-2 R8 and R9
PRC-008-0 R1 and R2
PRC-016-0.1 R1 and R2
PRC-017-0 R1
Significant changes to the registered entitys asset (Transmission, Generation, Distribution, SCADA/EMS,
CIP, etc.) portfolio(s);
NERC | 2016 ERO CMEP Implementation Plan Version 2.5| July 2016
21
Appendix A1 - Florida Reliability Coordinating Council (FRCC) 2016 CMEP Implementation Plan
Any other changes to a registered entitys risk profile identified by FRCC Compliance staff.
Justification
CPS 1 and CPS 2 data submitted monthly by applicable registered entities
DCS 2 data submitted quarterly by applicable registered entities
Sustained Outage data submitted quarterly by applicable registered entities
Self-Certifications
For 2016 compliance monitoring, FRCC will use the Self-Certification process with a more focused risk based
approach. FRCC will use Self-Certification in a coordinated approach with the other compliance monitoring
methods to address the Standards and requirements that represent the greatest risk to the reliability to the Bulk
Power System (BPS) based on the results of the registered entities overall Inherent Risk Assessments (IRA) and
the addition of new Standards/Requirements that become enforceable during the 2016 year. FRCC will use SelfCertification for registered entities to Self-Certify compliance with those Standards and Requirements identified
through the IRA process. The registered entity should provide the method and other documentation used for selfassessment to determine the compliance status for those requirements. This approach will include more
information on the expectations of what the registered entity should consider and include in their response to the
FRCC. The results of these Self-Certifications will aid in the determination of whether any additional compliance
monitoring methods may be necessary for registered entities.
Spot Checks
The table below, identifies the registered entities scheduled for a Spot Check in 2016 for which the specific
requirements to be checked will be based on their IRA and their compliance oversight plan.
NCR #
NCR00464
NCR11363
NCR00035
NCR00069
NERC | 2016 ERO CMEP Implementation Plan Version 2.5| July 2016
22
Appendix A1 - Florida Reliability Coordinating Council (FRCC) 2016 CMEP Implementation Plan
Compliance Audits
The table below, identifies the registered entities scheduled for an On-Site Audit
individual registered entities IRA.
2016 Compliance Audit Plan
NCR #
Registered Entity
NCR00063
Duke Energy Florida, LLC (DEF) Coordinated Oversight
audit with SERC as the Lead Regional Entity (LRE)
NCR00024
Florida Power & Light Co. (FPL); will be coordinated with
SERC as the CEA for the FRCC RC
NCR00042
Kissimmee Utility Authority (KUA)
NCR00044
Lakeland Electric (LAK)
NCR00052
Utilities Commission of New Smyrna Beach (NSB)
Compliance Outreach
Compliance Outreach Activities
Outreach Activity
Spring Compliance Workshop
CIP Compliance Workshop
Fall Compliance Workshop
Reliability Standard Webinars
CIP Compliance Newsletter
CIP version 5 Outreach
Anticipated Date
April 1115, 2016
May 913, 2016
November 711, 2016
Periodic
Periodic
TBD
NERC | 2016 ERO CMEP Implementation Plan Version 2.5| July 2016
23
inherent risks and determine which requirements are to be monitored for that entity. The final result of the IRA
process is an entity-specific risk level for each requirement based on the entitys unique characteristics. This
output, along with results of an Internal Control Evaluation (ICE) and compliance history, is the input into the
development of an entity's compliance oversight plan and scope.
A list of the 2016 MRO Performance Areas, described above, is available on MROs website.26 The posted
document includes the name of each Performance Area along with a description of the associated risks and a list
of mapped requirements that address those risks.
Compliance Audits
The following list of registered entities have been identified as being on the 2016 Compliance Audit schedule. As
described in the Inherent Risk Assessment section, additional registered entities, at the discretion of MRO, will
also be subject to IRAs. Based on IRA results and any subsequent ICE, these additional registered entities may also
be subject to a Compliance Audit in 2016.
26
NERC | 2016 ERO CMEP Implementation Plan Version 2.5| July 2016
25
NCR #
NCR01023
NCR00860
NCR01036
NCR00967
NCR01013
NCR01015
NCR01027
NCR01143
NCR01018
NCR00685
NCR00961
NCR00962
Spot Checks
There are no planned Spot Checks for 2016. However, as IRAs continue to be performed, and if unique situations
and/or unforeseen risks arise, Spot Checks may be used by MRO in 2016.
Self-Certifications
For 2016, MRO will continue with the use of guided Self-Certifications, which focus more on risk and supporting
evidence than the previous annual Self-Certifications. As part of the guided Self-Certification process, registered
entities will provide MRO with supporting evidence to substantiate determinations.
These guided Self-Certifications are intended to provide MRO with reasonable assurance of compliance based
upon the results of the registered entitys assessment. When appropriate, the guided Self- Certification can be
used instead of Compliance Audits or Spot Checks as the monitoring tool for specific Reliability Standards and
Requirements. The guided Self-Certification process helps improve the effectiveness of oversight and increase
efficiency by relying on the work of registered entities in meeting compliance requirements.
Part of the process of relying upon the work of others includes MRO performing a review of the work and evidence
supporting the guided Self-Certification results. MRO may re-perform the work, in part, in order to verify the
accuracy of the Self-Certification determinations. In the event that further substantiation is needed, MRO staff
may conduct a random Spot Check of the work or include the applicable Standards and Requirements in a
subsequent Compliance Audit. The overall goal of the guided Self-Certification process is to provide reasonable
assurance that the entity meets compliance with the applicable Standards and Requirements.
Guided Self-Certifications will be performed over the implementation period (January 1 to December 31) on a
quarterly basis for an identified baseline set of Reliability Standards that have been identified through the Regional
Risk Assessment process. The intent of the quarterly frequency is to disperse the workload assuring sufficient time
for completion and review, and to promote continuous self-monitoring of compliance.
NERC | 2016 ERO CMEP Implementation Plan Version 2.5| July 2016
26
Requirement
R1
R2
R3
R1
R7
R1
R9
R10
R1
Functions Subject to
Self-Certification
TO, TOP
TO, TOP
TO, TOP
BA, RC, TOP
BA, RC, TOP
BA, GO, GOP, RC, TO, TOP
DP, TO
TO
GO, TO
Quarter
1
1
1
1
1
2
2
2
4
Unless unique concerns are identified that MRO determines warrant a deeper look as part of a Compliance Audit,
registered entities that receive a 2016 quarterly Self-Certification should not expect to get audited on the same
requirement(s) in 2016.
In addition to the quarterly guided Self-Certification schedule, guided Self-Certifications may also be used for
compliance monitoring as a result of IRAs, and for events that could or did negatively impact the reliable operation
of the region or systems within the region.
Compliance Outreach
Compliance Outreach Activities
Outreach Activity
MRO Newsletter
MRO Hot Topics
MRO Webinars
MRO Operations Conference
MRO Security Conference
MRO Compliance and Enforcement Conference
Registered entity-specific conferences and meetings
NERC | 2016 ERO CMEP Implementation Plan Version 2.5| July 2016
27
Anticipated Date
Six times a year
Periodically as needed
Periodically as needed
Summer 2016
Fall 2016
Fall 2016
Periodically as needed
Appendix A3 - Northeast Power Coordinating Council (NPCC) 2016 CMEP Implementation Plan
NPCC specific information regarding the IRA and ICE process is located here:
Instructions for registered entities interested in self-logging in NPCC are located here:
Implement its coordinated oversight responsibilities (MRRE) as described in the 2016 ERO CMEP
Implementation Plan.
Participate in the Events Analysis Process as described in the 2016 ERO CMEP Implementation Plan.
Implement a cyber-security outreach program that consists of NPCC Subject Matter Experts visiting critical
facilities owned by participating entities (participation is voluntary) and assessing the cyber security posture
of the control systems that support the operation of these facilities.
Implement the physical security outreach program in 2016 (participation is voluntary) and NPCC staff will hold
a Security Information Exchange session, which will include entity presentations, at the spring and fall
Compliance Workshops.
In the 3rd quarter of 2015, NPCC began conducting guided Self-Certifications in lieu of traditional Self-Certifications.
This process will continue in 2016. NPCC will select one or more Reliability Standards for a guided Self-Certification
each quarter. NPCC will use the Standards and Requirements identified in the 2016 ERO CMEP Implementation Plan,
including the Standards and Requirements identified in this Appendix A3 as the initial basis for selecting the Reliability
Standards and Requirements that will be subject to a guided Self-Certification. A further description of the guided
Self-Certification Process in NPCC is located here:
In 2016, NPCC will issue a Notice of Preliminary Screen for each potential noncompliance discovered through any
means. The Notice of Preliminary Screen notifies the registered entity that the potential noncompliance is being
processed by enforcement and serves as official notice to preserve all documentation pertaining to the potential
noncompliance.
NERC | 2016 ERO CMEP Implementation Plan Version 2.5| July 2016
28
Appendix A3 - Northeast Power Coordinating Council (NPCC) 2016 CMEP Implementation Plan
NPCC will continue to verify the completion of all mitigation activities for potential noncompliance and possible
violations processed by NPCC enforcement, including potential noncompliance processed as Compliance Exceptions.
A separate implementation plan will apply to entities registered in New Brunswick with the New Brunswick Energy
and Utilities Board.
A separate implementation plan will apply to entities registered in Qubec with the Rgie de lnergie.
1.2 Other Regional Key Initiatives and Activities
NPCC will continue to support all ERO Enterprise committees, subcommittees, working groups, task forces, and other
teams to improve compliance monitoring and enforcement within the ERO Enterprise.
NPCC has developed various regional specific tools to assist in audits, spot checks, guided self-certifications, IRAs, and
ICEs.
ICE worksheet
Appendix A3 - Northeast Power Coordinating Council (NPCC) 2016 CMEP Implementation Plan
In applying these factors, NPCC found that based on the application of the revised definition of the BES in the NPCC
Region, it is very likely that a significant number of Elements and Facilities within the NPCC Region will be subject to
the NERC Reliability Standards for the first time. To address these new responsibilities for entities across several
different standard families, NPCC created a new regional risk element, Revised BES Definition, to address this
regionally specific difference. The standards and requirements related to this regional risk element are identified in
the Regional Risk Elements table in Section 3 of this Appendix A3.
The remainder of the requirements added as an area of focus in NPCC fit within one of the existing ERO-wide risk
elements. The specific justification for each additional Standard and requirement is described in the Expanded ERO
Risk Elements table in Section 3 of this Appendix A3.
In a similar manner, NPCC also analyzed whether any requirements included in the ERO-wide Implementation Plan
should be removed from the NPCC specific implementation plan. There were also factors that were analyzed that
could justify such removal, but NPCC determined that none of the requirements could be removed.
NERC | 2016 ERO CMEP Implementation Plan Version 2.5| July 2016
30
Appendix A3 - Northeast Power Coordinating Council (NPCC) 2016 CMEP Implementation Plan
Justification
The FERC approved revised definition of BES becomes
effective on July 1, 2016. The revised definition includes
bright-line core criteria, including a general 100kV threshold,
with various enumerated inclusions and exclusions. As a
result of the application of these BES definition provisions, all
Elements and Facilities necessary for the reliable operation
and planning of the interconnected bulk power system will be
included as BES elements.
NERC | 2016 ERO CMEP Implementation Plan Version 2.5| July 2016
31
Appendix A3 - Northeast Power Coordinating Council (NPCC) 2016 CMEP Implementation Plan
Expanded ERO
Risk Element
Event Response/
Recovery
Extreme Physical
Events
Monitoring and
Situational
Awareness
Human
Performance
IRO-005-3.1a
R10, R12
NERC | 2016 ERO CMEP Implementation Plan Version 2.5| July 2016
32
Appendix A3 - Northeast Power Coordinating Council (NPCC) 2016 CMEP Implementation Plan
NCR #
NCR07112
NCR07203
NCR07176
NCR07178
NCR07181
NCR07176
NCR07186
NCR07160
NCR07178
NCR07046
NCR07028
NCR07186
NCR07181
NCR07112
NCR07203
Compliance Activity
Onsite O&P
Onsite O&P
Onsite O&P
Onsite O&P
Onsite O&P
Onsite O&P
Onsite O&P
Onsite CIP
Onsite CIP
Onsite CIP
Onsite CIP
Onsite CIP
Onsite CIP
Onsite CIP
Onsite CIP
NERC | 2016 ERO CMEP Implementation Plan Version 2.5| July 2016
33
Appendix A3 - Northeast Power Coordinating Council (NPCC) 2016 CMEP Implementation Plan
NCR #
NCR07176
NCR07028
NCR11387
NCR11559
NCR11500
NCR11488
NCR11436
NCR11535
NCR11160
NCR11536
NCR11405
NCR00983
NCR11504
NCR11514
NCR11340
NCR11341
NCR11408
NCR07227
NCR11487
NCR11534
NCR07134
NCR00130
NCR10351
NCR10353
NCR10354
NCR10355
NCR10382
NCR11341
NCR10357
NCR10358
NCR11111
NCR10359
NCR10360
NCR10361
NCR10362
NCR10363
NCR00364
NCR07143
NCR07150
NCR07128
Compliance Activity
Onsite CIP
Onsite CIP
Off-Site O&P
Off-Site O&P
Off-Site O&P
Off-Site O&P
Off-Site O&P
Spot Check
Off-Site O&P
Spot Check
Off-Site O&P
Off-Site O&P
Off-Site O&P
Off-Site O&P
Off-Site O&P
Off-Site O&P
Off-Site O&P
Off-Site O&P
Off-Site O&P
Off-Site O&P
Off-Site O&P
Off-Site O&P
Off-Site O&P
Off-Site O&P
Off-Site O&P
Off-Site O&P
Off-Site O&P
Off-Site O&P
Off-Site O&P
Off-Site O&P
Off-Site O&P
Off-Site O&P
Off-Site O&P
Off-Site O&P
Off-Site O&P
Off-Site O&P
Off-Site O&P
Off-Site O&P
Off-Site O&P
Off-Site O&P
NERC | 2016 ERO CMEP Implementation Plan Version 2.5| July 2016
34
NCR #
NCR10352
Compliance Activity
Off-Site O&P
1. Compliance Outreach
Compliance Outreach Activities
Outreach Activity
Spring and Fall Workshops NPCC holds semi-annual workshops as a primary
mechanism for outreach to registered entities.
Introduction to NPCC for beginners NPCC provides an introductory class for those
new to CMEP activities prior to its spring and fall workshops
Physical Security outreach program This will focus on Transmission Owners and
Transmission Operators transition to the new CIP-014 Physical Security standard.
Emphasis will be placed on the unique challenges and characteristics of facilities
affected by the new Standard.
Physical Security Information Exchange Sessions - The sessions, which will coincide
with the fall and spring workshops, will address NPCC Awareness Programs, Security
Strategies, and subjects such CIP-014 implementation and evolving physical threats
to the electric industry.
Cyber Security outreach program This will provide guidance to NPCC registered
entities during their transition to CIP Version 5. NPCC will also publish general
guidance in order to help registered entities successfully complete the transition.
One on one meetings with registered entities NPCC will meet with registered
entities for specific CMEP related issues if requested and warranted.
CDAA CDAA will issue announcements informing registered entities regarding
updates to NPCCs Compliance Portal.
Compliance Wiki - NPCCs compliance wiki provides outreach specific to CDAA and
other related issues and questions.
Webinars NPCC will hold various webinars on an as needed basis
FAQs NPCC will post FAQs on an as needed basis
Compliance Guidance Statements Although rarely used, NPCC may issue
Compliance Guidance Statements to offer clarification on the compliance approach
associated with the NERC Rules of Procedure, NERC Reliability Standards, or NPCC
Regional Reliability Standards.
Registered entity surveys NPCC will issue surveys to registered entities on an as
needed basis. Such surveys have included acquiring registration data, BES element
data, workshop content preferences, etc.
Website the NPCC website provides information in the areas of Standards,
Registration, Compliance Monitoring, and Compliance Enforcement.
NERC | 2016 ERO CMEP Implementation Plan Version 2.5 | July 2016
35
Anticipated Date
May 2016,
November 2016
May 2016,
November 2016
May 2016,
November 2016
Guided Self-Certifications
ReliabilityFirst will perform guided self-certifications in 2016. The guided self-certifications for a registered entity
will be based upon the specific compliance oversight plan resulting from the registered entitys IRA and
identification of any potential ERO-wide or regional risks. Guided self-certifications focus on specific risks and/or
issues, and will require the registered entity to submit substantiating evidence to support its determination.
Risk-based Enforcement
ReliabilityFirst will continue to use a risk-based enforcement approach consistent with the ERO Enterprise.
Specifically, ReliabilityFirst will exercise enforcement discretion by processing qualified minimal risk issues as
Compliance Exceptions. Compliance Exceptions will effectively supersede the Find, Fix, Track and Report (FFT)
disposition method for most minimal risk noncompliances. However, ReliabilityFirst will continue to use the FFT
disposition method for moderate risk issues or minimal risk issues that ReliabilityFirst determines are otherwise
inappropriate for compliance exception treatment.
The main difference between compliance exceptions and FFTs is that compliance exceptions do not aggravate a
penalty for a future noncompliance by creating a formal violation history. There are two ways in which a minimal
risk noncompliance may qualify for compliance exception treatment: (1) on a case-by-case basis and (2) via selflogging privileges that ReliabilityFirst grants to a registered entity based on the registered entitys demonstrated
ability to identify, assess, and correct noncompliances in addition to other factors. Case-by-case compliance
NERC | 2016 ERO CMEP Implementation Plan Version 2.5 | July 2016
36
exceptions are based on the facts and circumstances of a particular noncompliance. Self-logging privileges allow
the presumption of compliance exception treatment for self-identified minimal risk issues for which the registered
entity has earned the presumption.
Self-Logging
Self-logging allows qualified registered entities to keep a log of minimal risk noncompliances that ReliabilityFirst
periodically checks in lieu of submitting individual self-reports and corresponding mitigation plans for each
noncompliance. For each logged noncompliance, the registered entity records a detailed description of the facts
and circumstances, the basis of the minimal risk assessment, and the associated mitigating activities. The
registered entity submits the log to ReliabilityFirst for review and approval every three months. ReliabilityFirst
checks the log to ensure that the noncompliance is sufficiently described, the minimal risk determination is
justified and reasonable, and the mitigation is appropriate and adequate. After ReliabilityFirst approves the log
entries, they are processed as compliance exceptions.
Logging privileges are awarded based on ReliabilityFirsts historic interactions with the registered entity, combined
with ReliabilityFirsts evaluation of the registered entitys current ability to identify, assess, and correct
noncompliances (an evaluation that is scaled based on the risk posed by the particular registered entity). With
respect to historic interactions, ReliabilityFirst will consider: (1) the registered entitys compliance history and level
of cooperation in prior compliance matters, (2) the registered entitys history of self-assessment, self-reporting,
and timely and thorough mitigation, and (3) the quality, comprehensiveness, and execution of the registered
entitys internal compliance program. For most registered entities, this is information that is already available to
ReliabilityFirst.
A registered entitys current practices to identify, assess, and correct noncompliances is important to the analysis
because self-logging relies on the registered entitys ability to properly arrive at its minimal risk determinations.
In a traditional self-reported enforcement action, ReliabilityFirst does its own risk analysis and makes its decision
about how to treat the violation based on that analysis. For ReliabilityFirst to allow the presumption of compliance
exception treatment for minimal risk issues for which a registered entity is awarded self-logging privileges,
ReliabilityFirst must have adequate assurance that the registered entity has processes in place to identify, assess
and correct noncompliances. In some circumstances, this information may already be available to ReliabilityFirst
through prior dealings with a registered entity. If it is not already available, ReliabilityFirst may request that
information through interviews and documentation. One way to provide that information, and also potentially
reduce audit scope, is to have ReliabilityFirsts Entity Development team conduct an internal controls evaluation
focused on risk management. However, an internal controls evaluation is not required for ReliabilityFirst to award
self-logging privileges.
ReliabilityFirst also requires self-logging entities to undergo training in Risk Harm Assessment and Estimating
Uncertainties. This is a training that is offered periodically on-site at ReliabilityFirst, or ReliabilityFirst staff
members can conduct training at the registered entitys facilities. This training provides an overview of how
ReliabilityFirst makes its risk assessments. A registered entity is not required to adopt this method, but
ReliabilityFirst has found that this training is a key component to ensuring justified and reasonable risk
assessments on the registered entitys log. It is also helpful for resolving noncompliances that do not qualify for
self-logging, because it creates a common understanding between the registered entity and ReliabilityFirst
regarding risk analysis.
The types of region-specific information and data the RRA Team reviews includes, but is not limited to: US
Population and Census Data, Severe Weather Related Outages (e.g., OE-417 reports, Outages), Generation
Availability Data System (GADs), Transmissions Availability Data System (TADS), Misoperations, Event Analysis,
Load Analysis, Locational Marginal Pricing, System Operating Limits (SOL), Interconnection Reliability Operating
Limits (IROL), TIER Power Line Ranking, Interconnection Points, Cyber Security data, Physical Security data, and
data on Threats and Vulnerabilities. After a period of information gathering, analysis and decision making, the RRA
team develops the results of the RRA in the form of ReliabilityFirst Risk Elements.
The 2015 ReliabilityFirst RRA identified the following 2016 ReliabilityFirst Risk Elements (in no particular order or
ranking), which align with the 2016 ERO Risk Elements and therefore constitute Expanded ERO Risk Elements.
Human Performance
Section 3 of this document contains additional detail on the ReliabilityFirst risk elements and their associated
Standards and Requirements, which ReliabilityFirst may include in the 2016 registered entity -specific compliance
oversight plans.
The RRA is performed annually, but may be updated more frequently as necessary. As new and emerging threats
and risks are identified, system events take place, and compliance monitoring activities are performed,
ReliabilityFirst will update the RRA to keep current with potential issues, threats, and risks.
ReliabilityFirst reviews the potential risks to the reliability of the BPS posed by an individual registered entity by
using the IRA Inherent Risk Assessment guide and the associated internal IRA procedure, which were developed
as part of the Risk Based Compliance Oversight Framework implementation resulting from the Reliability
Assurance Initiative. This assessment helps identify the areas of focus and the level of compliance oversight
required for each registered entity.
The output from an IRA yields a compliance oversight plan (containing the scope of Standards and Requirements,
monitoring frequency, and CMEP tools audit, spot check, or self-certification), which is shared with the
registered entity via the IRA Summary Report included within the ReliabilityFirst Compliance Engagement
notification package. Going forward, ReliabilityFirst will perform an IRA for each registered entity on the annual
CIP and Operations and Planning compliance monitoring schedules. However, an IRA may also be completed in
response to new emerging risks or if a registered entity undergoes changes that may impact its risk to the BPS.
In addition to the Risk Elements and focus areas identified in the RRA, ReliabilityFirst considers the following risk
factors when conducting an IRA (set forth in Appendix C to the Inherent Risk Assessment Guide): functional
registered responsibilities, system geography, peak load and capacity, BPS exposure, interconnection points and
critical path/IROLs, special protection systems/UVLS/UFLS, SCADA and EMS, System restoration responsibilities,
system events and trends, compliance history and trends, culture of compliance, and overall composition.
NERC | 2016 ERO CMEP Implementation Plan Version 2.5| July 2016
38
ReliabilityFirst also considers the information attributes set forth in Appendix B of the Inherent Risk Assessment
Guide when conducting an IRA.
The tangible information attributes ReliabilityFirst considered during the IRA include the following:
Population and Geographic Location The ReliabilityFirst region includes three of the most populated
areas in the United States (Chicago, Philadelphia, and Washington DC). The ReliabilityFirst region also
contains many medium-sized urban areas such as Baltimore, Cleveland, Pittsburgh, Indianapolis,
Cincinnati, and Toledo. Maintaining and ensuring reliable service to these areas of the country is critical
to the overall well-being of the nation and national security. Any registered entity serving the load in these
areas and those registered entities responsible for operating and maintaining reliability of the BPS
supplying these areas, or in close proximity to these populated areas, may pose a higher risk.
Entity Make-up and Diversity The ReliabilityFirst region is a summer peaking region, with several
registered entities serving peak loads or operating an individual resource in excess of 500 MWs.
Maintaining and ensuring reliable service to these areas of the country is critical to the well-being of the
people and in some cases to national security.
Entity Registration ReliabilityFirst takes into account Entity Registration during the assessment of
registered entities. For example, Reliability Coordinators, Balancing Authorities, and Transmission
Operators have the authority to issue operating orders, instructions, and directives and ultimately may
play a larger role in safeguarding the reliability of the BPS than other registrations.
Transmission Assets The transmission network in the ReliabilityFirst region consists of 765kV; 500kV;
345kV; 230kV; 138kV and 115kV lines. The majority of transmission facilities are overhead, with large
urban areas serviced by underground transmission cables. Overall asset ownership (lines, transformers,
generators, voltage, size of units, fuel type, flowgates, SOL, IROL, etc.) are also considered as part of the
IRA. These assets form the backbone of the system and may be assessed with a higher risk due to their
importance to maintain the reliability of the BPS. A registered entity that owns these types of facilities
may have their audit scope adjusted to address owning and maintaining these types of equipment.
Misoperations The number of protection system misoperations within the ReliabilityFirst region has
been an issue of focus over the last few years. There is a proportionately higher risk to the BPS if
misoperations due to controllable and avoidable circumstances occur. Registered entities having these
types of misoperations may have their audit scope adjusted to address resolving these misoperations.
Special Protection Schemes and Relay Protection Registered entities in the ReliabilityFirst region use
special protection schemes to mitigate system constraints until transmission reinforcements can be
planned and built. In some cases, these special protection schemes are left in place indefinitely. Special
protection schemes can present a high risk to the BPS when they are not properly implemented,
coordinated, or operated as intended.
Emergency Operations and Blackstart Facilities There are multiple facilities designated as blackstart
units in the ReliabilityFirst region. Registered entities are required to regularly test these blackstart units
and submit results to ReliabilityFirst annually. There is a potential risk that there may be insufficient
blackstart resources designated for an area, or that blackstart resources may not be available if they are
not properly tested.
Generation Assets ReliabilityFirsts generation mix is made up of units that are nuclear, coal, gas, hydro,
wind, solar, and refuse power assets. The asset mix for the next few years is expected to change, with a
decrease in coal generation and an increase in renewable resources such as wind generation and solar
generation. There is a risk that generating capacity and available resources may not be available to meet
demand on a real-time, near-term and long-term time horizons. Registered entities owning these
NERC | 2016 ERO CMEP Implementation Plan Version 2.5| July 2016
39
resources may be monitored to ensure the availability and proper maintenance of these resources is
retained.
EMS and Monitoring Tools Availability Keeping monitoring tools available and operational for system
operators use is imperative to maintaining a reliable grid. Registered entities with these types of
monitoring tools may have additional Standards and Requirements in their audit scope to ensure these
monitoring tools are maintained and available to the system operator.
The intangible information attributes ReliabilityFirst considered during the IRA include the following:
Operating Performance ReliabilityFirst analyzes data from the GADS and TADS reports and information
from reviewed system events. Since 2008, there have been various system events ranging from local load
drop to interconnection frequency excursions. There is always some risk that a system event could cause
a large scale blackout, but it is more probable that a series of smaller system events will occur and if
undetected, could manifest into a larger system event. This information can help to pinpoint problems or
identify trends for a registered entity and help to focus the scope of an audit to deter future events from
occurring.
Compliance History Assessing the violation history, audit performance, self-certification, and self-report
performance of a registered entity shows past performance trends and a registered entitys behavior
towards compliance and performance of its compliance program. Registered entities with a history of
compliance issues may have their audit scope adjusted to ensure that their mitigating measures achieve
full compliance and prevent recurrence.
Normal System Performance The flow of power across the ReliabilityFirst region is normally from west
to east, to supply the beltway of the mid-Atlantic region and northeast (including the New York City area).
There are instances when this normal power flow is disrupted and system constraints are realized. These
system constraints rely on operator intervention for resolution. A registered entitys system events
(involvement, impact to BPS, significance, availability of operators tools, EMS, etc.), their operational
performance (use of emergency procedures), and their overall situational awareness all play a role in their
system performance.
System Maintenance Upkeep and Replacement - Continued maintenance of equipment, systems, and
facilities is essential to a reliable BPS. As equipment gets older, system maintenance may increase and
facility availability may decrease.
Additionally, where ReliabilityFirst has confidence in a registered entitys internal compliance program as a result
of an Internal Control Evaluation (ICE), ReliabilityFirst may narrow the audit scope and audit periodicity to reflect
the compliance maturity of the registered entity. To support a strong culture of compliance and to demonstrate
robust internal controls, registered entities are encouraged to continually perform self-assessments of their
compliance programs and internal controls on an ongoing basis.
ReliabilityFirst will notify registered entities of the Reliability Standards and Requirements for which they will be
monitored via posting of the Compliance Monitoring Schedule for Data Submittals, the audit notification letter,
the guided Self-Certification notification, and the IRA report which serves as the registered entitys tailored
compliance monitoring plan.
table below, ReliabilityFirst provides additional justifications where applicable. These Standards and
Requirements will be considered as part of an Inherent Risk Assessment and may or may not be included in the
registered entity -specific compliance oversight plan.
NOTE: Standards and/or Requirements in BLUE denote their inclusion in both the ReliabilityFirst CMEP IP Appendix
A4 and 2016 ERO Enterprise CMEP IP.
Expanded ERO Risk Elements
Expanded ERO Risk
Element(s)
Extreme Physical
Events:
- Acts of Nature
Event Response /
Recovery
Justification
ReliabilityFirst is expanding the ERO risk element(s) as a
result of strained operating conditions in RFs footprint
during unusually hot and extreme cold weather
conditions.
The 2015 winter marked the second consecutive year
during which extreme cold weather conditions affected
the ReliabilityFirst footprint. Importantly, system
performance during the 2015 cold weather events of
January 7 and 8 and February 19 and 20 showed
improvements from the 2014 winter as a result of
registered entities actions, which they took in response to
analyses, lessons learned, and recommendations from the
2014 winter conditions. However, generation outage rates
during the 2015 winter remained above historical norms.
Thus, generation performance, particularly during peak
winter demand periods, continues to be a key area where
registered entities should continue focus on improved
performance.
As a result of cold weather events in the ReliabilityFirst
footprint, the following are important considerations for
winter preparedness activities: (1) ensure processes are
adequate for unit testing and preparation of resources in
advance of winter operations, including testing dual-fuel
capability; (2) review operator communications with
respect to fuel-limited generation commitment decisions
for accuracy and consistency; (3) make process changes as
necessary to allow adjustment of start times based on
changes in fuel used; (4) ensure requirements are met for
generation units for which primary fuel may not be natural
gas but that require gas to operate; (5) review emergency
procedures to ensure effective communication and
coordination of emergency procedures; (6) ensure
transmission owners understand their existing voltage
reduction capabilities (amount, time frame, etc.); and (7)
consider adjustments to the roles and responsibilities for
communications during emergency procedures other than
refining the training to reinforce processes and tools.
NERC | 2016 ERO CMEP Implementation Plan Version 2.5| July 2016
41
Associated Standard(s)
and Requirement(s)
EOP-001-2.1b R4
TOP-001-1a R4, R5
PER-005-1 R1 until
6/30/2016.
Justification
Extreme Physical
Events:
- Acts of Nature
Event Response /
Recovery
Associated Standard(s)
and Requirement(s)
EOP-001-2.1b R4
TOP-005-2a R2
TOP-002-2.1b R6,R7,R14
TPL-001-4 R2
Extreme Physical
Events:
- Acts of Nature
Maintenance and
Management of BPS
Assets
Monitoring and
Situational Awareness
Event Response /
Recovery
Planning and System
Analysis
NERC | 2016 ERO CMEP Implementation Plan Version 2.5| July 2016
42
Justification
Associated Standard(s)
and Requirement(s)
Extreme Physical
Events:
- Acts of Nature
Maintenance and
Management of BPS
Assets
Monitoring and
Situational Awareness
Event Response /
Recovery
Justification
During the 2012 Hurricane Sandy event, some TO and DP
entities, particularly those that were not on the coast,
experienced serious damage. For one entity, all service
areas were impacted. The majority of increased staffing
during this event occurred in the restoration area. Another
entity, a nuclear facility, experienced a temporary loss of
off-site power due to switchyard damage and a bushing on
a voltage regulator associated with a transformer. During
loss of off-site power at this facility, the reactor shutdown
cooling and spent fuel cooling was temporarily lost, but
was restored when emergency diesels started and loaded.
Fossil units were forced off both pre-storm (in anticipation
of potential flooding) and as the stations flooded. Five
potential lessons learned were identified for generation
stations during the storm:
1. Independent System Operators and Reliability
Coordinators should look for opportunities for
improvement with respect to communication with
generation plants during major events;
2. Independent System Operators and Reliability
Coordinators should look for opportunities for
improvement with respect to developing and
documenting alternate communications methods
when normal methods are lost;
3. Comprehensive weather preparation procedures need
to be developed or improved;
4. Improvements can be made for managing personnel
who remain on-site; and
5. Development of anticipated generation reductions is
necessary for the loss of one or more nearby
transmission elements.
In addition to the lessons learned, several generation
operation risks and challenges were identified during the
Hurricane Sandy, including:
1. Increased potential for loss of off-site power to nuclear
facilities;
2. Increased potential for loss of off-site power due to
switchyard damage, or loss of normal condenser
cooling and loss of availability of service water due to
high water;
3. Curtailments due to wet coal, which is normal with any
significant precipitator; and
NERC | 2016 ERO CMEP Implementation Plan Version 2.5| July 2016
44
Associated Standard(s)
and Requirement(s)
Justification
Associated Standard(s)
and Requirement(s)
Event Response /
Recovery
Planning and System
Analysis
Event Response /
Recovery
NERC | 2016 ERO CMEP Implementation Plan Version 2.5| July 2016
45
Justification
Associated Standard(s)
and Requirement(s)
Extreme Physical
Events:
- Acts of Nature
Event Response /
Recovery:
NERC | 2016 ERO CMEP Implementation Plan Version 2.5| July 2016
46
Critical Infrastructure
Protection:
- System Downtime
- Unauthorized Access
- Corruption of
Operational Data
Human Performance
Justification
ReliabilityFirst is expanding the ERO risk element(s)
because CIP-006 is a widely violated standard in the
ReliabilityFirst Region. Also, CIP-014 is a newly released
standard focused on protections of Transmission stations
and substations, and their associated primary control
centers. Thus, additional focus is needed to address and
minimize both the magnitude and duration of the
consequences of physical events or attacks. Furthermore,
physical access to cyber systems must be restricted and
appropriately managed to ensure the integrity of the cyber
systems within the Physical Security Perimeter.
Failure to comply with the requirements of these
standards can lead to threats in physical security space.
ReliabilityFirst is expanding the listed risk element(s)
because registered entities within the ReliabilityFirst
footprint have had varying issues with these Standards and
Requirements that warrant increased focus.
In CIP-002, CIP-005, and CIP-007, a failure to comply with
these Standards can lead to threats in the cyber security
space.
ReliabilityFirst is expanding the listed risk element(s)
because human performance and human interaction with
critical elements on the BPS attributed to system operating
issues in the ReliabilityFirst footprint.
Due to human performance being a root cause of many
noncompliances in the ReliabilityFirst footprint, Entities in
the ReliabilityFirst region should understand that any
operating condition that has not been studied or analyzed
and where no valid operating limits exist is considered an
unknown operating state and could negatively impact the
reliability of the BPS.
As an example, in one case, due to reconfiguration at a
substation for breaker installation and relay replacement
by a Transmission Operator, a line outage resulted in
disabling of the primary and backup protection on an
energized bus. The implications of removing the 138 kV
line facilities and the change in protection status of the bus
was not recognized by field personnel. As a result, the
system operator was not informed of the disabling of bus
protection during the outage resulting in this information
not being communicated to the Reliability Coordinator.
NERC | 2016 ERO CMEP Implementation Plan Version 2.5| July 2016
47
Associated Standard(s)
and Requirement(s)
CIP-0066 R1-R3
CIP-014-2 R1, R2, R3
CIP-0025.1 R1-R2
CIP-005-5 R1-R2
CIP-007-6 R1-R3, R5
FAC-010-2.1 R2.2
IRO-010-1a R3
TOP-002-2.1b R6
TOP-004-2 R4
Justification
Associated Standard(s)
and Requirement(s)
Human Performance
Human Performance
FAC-010-2.1 R2.2
IRO-010-1a R3
PER-005-1 R2 until
6/30/2016.
PRC-001-1.1(ii) R1
TOP-002-2.1b R6
TOP-004-2 R4
Event
Response/Recovery:
Human Performance
Maintenance and
Management of BPS
Assets
Protection System
Failures
Maintenance and
Management of BPS
Assets
Human Performance
Justification
Associated Standard(s)
and Requirement(s)
COM-002-2 R2 until
6/30/2016
EOP-001-2.1b R2, R3, R4
EOP-003-2 R8
EOP-005-2 R10-R11, R17
EOP-006-2 R9-R10
PER-005-1 R3 until
6/30/2016.
ReliabilityFirst is expanding the listed risk element(s) BAL-006-2 R4.3
because equipment failures or improper scheduling
operations, or improper AGC performance may contribute
to Area Interchange Error and ReliabilityFirst would like to
confirm this within its region and determine if the number
of equipment failures that impact AIE is presently known
for BAs in the its region.
Per the Compliance Monitoring Section of this standard,
each Balancing Authority shall perform an Area
Interchange Error (AIE) Survey as requested by the NERC
Operating Committee to determine the Balancing
Authoritys Interchange error(s) due to equipment failures
or improper scheduling operations, or improper AGC
performance.
ReliabilityFirst is expanding the listed risk element(s)
because, as a result of the history of issues in the
ReliabilityFirst region relating to protection system
failures, registered entities in the ReliabilityFirst region
should understand that any operating condition that has
not been studied or analyzed and where no valid operating
limits exist is considered an unknown operating state. This
understanding, or lack of understanding, can potentially
be due to or can impact the listed risk elements and
therefore warrants increased focus.
NERC | 2016 ERO CMEP Implementation Plan Version 2.5| July 2016
49
FAC-010-2.1 R2.2
IRO-010-1a R3
PRC-001-1.1(ii) R2, R2.2
PRC-004-2.1(i)a R1, R2
TOP-002-2.1b R6
Maintenance and
Management of BPS
Assets
Justification
ReliabilityFirst is expanding the listed risk element(s)
because, as a result of the history of issues in the
ReliabilityFirst region relating to protection system
failures, registered entities in the ReliabilityFirst region
should understand that any operating condition that has
not been studied or analyzed and where no valid operating
limits exist is considered an unknown operating state. This
understanding, or lack of understanding, can potentially
be due to or can impact the listed risk elements and
therefore warrants increased focus.
Associated Standard(s)
and Requirement(s)
TOP-004-2 R4
FAC-010-2.1 R2.2
TOP-002-2.1b R6
IRO-010-1a R3
NERC | 2016 ERO CMEP Implementation Plan Version 2.5| July 2016
50
Justification
Associated Standard(s)
and Requirement(s)
Maintenance and
Management of BPS
Assets
FAC-003-3 R1-R7
PRC-005-2(i) R3-R4 (as of
4/1/15)
PRC-008-0 R1-R2
PRC-011-0 R1
PRC-017-0 R1
BAL-002-1 R1.
EOP-002-3.1 R2, R4
IRO-005-3.1a R2
TPL-001-4 R-R2
VAR-001-4 R2
Critical Infrastructure
Protection:
- System Downtime
Event Response /
Recovery
(With a focus on
Resiliency
Unpreparedness)
EOP-005-2 R10-R11,R17
EOP-006-2 R9-R10
CIP-008-5 R1-R3
CIP-009-6 R1-R3
Monitoring and
Situational Awareness
Maintenance and
Management of BPS
Assets
Justification
the electricity industry strive to restore and maintain
reliable operations under rapidly changing circumstances
never before experienced. It will not be possible to meet
all electricity consumers demands for rapid restoration of
service as entities prioritize their work with limited
resources. The recommendations from the SIRTF are
intended to prompt BPS entities to develop their own
approaches and flexible plans that would be applicable
under a wide variety of circumstances. These suggestions
are in the form of industry guidelines that describe
practices that may be used by individual entities according
to local circumstances, as opposed to standards. Page 2.
ReliabilityFirst is expanding the listed risk element(s)
because registered entities in the ReliabilityFirst region
have had issues in this area as identified through the Event
Analysis process and noncompliance dispositions,
therefore warranting increased focus. This risk area
considers loss of remote terminal units, energy
management system outages, Supervisory Control and
Data Acquisition issues, and loss of contingency analysis
capabilities, ICCP, State Estimator, and Nonconvergence.
ReliabilityFirst is expanding the listed risk element(s)
because registered entities in the ReliabilityFirst region
have had performance issues in this area, therefore
increased focus is warranted. PRC-005 has the highest
number of reported noncompliances and serious or
moderate risk filings in the past four years.
Associated Standard(s)
and Requirement(s)
EOP-004-2 R2
EOP-008-1 R1
TOP-004-2 R4
TOP-006-2 R1-R2,R5
PRC-005-2(i)
R1,R2,R3,R4,R5 as of
4/1/2015
PRC-005-3 R1,R2,R3,R4,R5
as of 4/1/2016
NERC | 2016 ERO CMEP Implementation Plan Version 2.5| July 2016
52
scheduled for audit in the years 2017 and 2018. The Spot Check will help ensure that medium and small
entities are following their voltage schedules and/or have implemented the necessary procedures
according to the Requirements of this Standard. Audit engagements have indicated that some Generator
Operators are unaware when their unit(s) are in Automatic Voltage Regulator mode. Without the units in
Automatic Voltage Regulator mode, continuous operator interaction is required and during a system
event, the system operator may not know or receive the proper reactive support needed to maintain
voltage.
3. PRC-005-2: ReliabilityFirst will conduct a Spot Check of PRC-005-2 on Transmission Owners, Generator
Owners, and Distribution Providers. The Spot Check will help ensure that these entities are prepared to
meet compliance requirements based upon the implementation plan for PRC-005-2, given the complexity
of the Standards implementation plan and changes to the Standard.
4. EOP-010-1: ReliabilityFirst will conduct a Spot Check of EOP-010-1 on Reliability Coordinators,
Transmission Operators, and a sample of Transmission Owner/Local Control Centers in the PJM footprint.
The Spot Check will help ensure that this new geomagnetic disturbance standard has been properly
addressed. With the possibility of increased geomagnetic disturbance going forward, registered entities
should be prepared to communicate and react to geomagnetic disturbances as they occur to help
minimize the effect on the BPS.
Compliance Monitoring Schedule for Data Submittals
ReliabilityFirst developed a Compliance Monitoring Schedule that contains the Standards and Requirements for
the Data Submittals scheduled for 2016. The Compliance Monitoring Schedule is based upon the NERC risk
elements set forth in the NERC 2016 ERO CMEP Implementation Plan and the ReliabilityFirst risk elements. Most
of these data submittals are associated with the monthly, quarterly, and or annual reporting requirements set
forth in the Requirements.
Monitoring of New or Revised Standards
ReliabilityFirst will include new or revised Standards in the IRA process based upon their implementation plans
and as required by NERC and FERC.
ReliabilityFirsts audit schedule will be posted on the ReliabilityFirst website, but is subject to change based upon
each registered entitys IRA. If a registered entity has a question concerning its audit schedule, please contact
ReliabilityFirst.27
NCR #
CIP Audits
NCR00685
NCR10337
NCR00740
NCR00761
NCR00794
NCR02611
27
As mentioned above, for registered entities that have declared that they own no Critical Assets (CAs) or Critical Cyber Assets,
ReliabilityFirst will perform self-certifications and data submittals in lieu of conducting an off-site audit. This determination is based
upon Cyber Security Reliability Standards CIP V5 Transition Guidance provided by NERC.
For those registered entities that are also registered for functions that are audited on a six year cycle, ReliabilityFirst will evaluate and
determine the scope of those Registered Entity audits based upon the risk those functions pose to the BES (i.e. a Transmission Operator
that is also registered as a GO, etc.). There may be times when these audits are not conducted based upon the registered entity IRA.
NERC | 2016 ERO CMEP Implementation Plan Version 2.5| July 2016
54
6. Compliance Outreach
NERC | 2016 ERO CMEP Implementation Plan Version 2.5| July 2016
55
NERC | 2016 ERO CMEP Implementation Plan Version 2.5| July 2016
56
Anticipated Date
Bi-Monthly
throughout the year.
Updated throughout
the year as needed.
Monthly throughout
the year.
Semi-annual (March
and October).
Monthly throughout
the year.
Updated throughout
the year as needed.
Monthly throughout
the year.
Monthly throughout
the year.
As requested by our
registered entities.
exception; however, no penalties or settlement agreements are required. In 2016, SERC will continue to ensure
that minimal-risk issues are considered for compliance exception processing.
Identify/nominate risks.
Determine time horizon (i.e., immediate, next-day, operational, seasonal, and long-term).
Prioritize risks.
SERCs Reliability Risk Team (RRT) is a major participant in the program. The RRT is responsible for identifying risks
based on the probability of occurrence and severity of impact. SERCs RRT identified three different areas of risk:
Operation Risk(s)
Engineering Risk(s)
SERC also identified risk elements within each group. These identified risk elements align with the 2016 ERO-wide
risk elements:
NERC | 2016 ERO CMEP Implementation Plan Version 2.5| July 2016
58
As new and emerging threats and risks are identified, system events occur, and compliance monitoring activities
are performed, SERCs RRT will update the regional Reliability Risk Assessment program to include current
potential issues, threats, and risks. In addition, as SERC performs IRAs of its registered entities, SERC will review
potential risks to BPS reliability posed by individual registered entities.
The coordination among the SERC registered entities, SERC technical committees, SERC staff, neighboring system
personnel, and other members of the ERO is vital to the understanding and analysis of potential major reliability
issues. In 2015, SERC implemented its Integrated Risk Management (IRM) program. The IRM process addresses
SERCs need to gather and analyze data to support risk-based techniques. SERC determined the best method to
support this initiative is through uninhibited sharing of data across SERC program areas. The objective of the IRM
is to support risk-based compliance monitoring and enforcement by defining and deploying sound business
policies, procedures, and process tools across all SERC departments to implement a comprehensive integrated
risk management program.
SERC, through its members and staff, is heavily engaged with NERC and its initiatives. SERCs risk management
programs enable it to focus compliance monitoring oversight activities on those Reliability Standards which, if
violated, would pose the greatest risk to the reliable operation of the SERC portion of the BPS. The Reliability
Standards listed in Section 3 are the programs recommendation for 2016 and are based on what is known at the
time of this submittal.
SERC has recognized one NERC Reliability Standard, PRC-006, as needing greater specificity to achieve successful
coordination of the registered entities within the SERC Region. PRC-006 has Requirements that identify the
Planning Coordinator (PC) as the registered entity responsible for developing Underfrequency Load Shedding
(UFLS) schemes within its PC area. However, the NERC Standard does not provide specific guidance regarding the
extent of cooperation with surrounding PCs. The lack of specificity may lead to inconsistent set points and other
regional inconsistencies for key UFLS parameters. In response, SERC created a Regional Reliability Standard, PRC006-SERC-01, to establish consistent and coordinated Requirements for the design, implementation, and analysis
of UFLS programs among applicable SERC registered entities. The Regional Reliability Standard adds specificity not
contained in the NERC Standard for the development and implementation of the UFLS scheme in the SERC Region.
PRC-006 effectively mitigates the consequences of an underfrequency event.
Associated Standard
and Requirement(s)
SERC is adopting this risk element based on operational risks, such BAL-001-2 R1, R2; BALas deficient entity responses and performance, identified during 002-1 R1; BAL-005-0.2b
the events summarized by the final and preliminary Polar Vortex R7; COM-002-2 R1, R2
reports
(until June 30, 2016);
COM-002-4 R5, R6, R7
(starting July 1, 2016)
Major Storm
Events such as
Hurricanes and
Tornados
Justification
NERC | 2016 ERO CMEP Implementation Plan Version 2.5| July 2016
59
Justification
Associated Standard
and Requirement(s)
R1,
NCR #
NCR01321
NCR01168
NCR01169
NCR10203
NCR01290
NCR01265
NCR01177
NCR08087
NCR11066
NCR01180
NCR00026
NCR01151
NCR01196
NCR01320
NCR01319
NCR00063
NCR00761
NCR01219
NCR01298
Functions Audited
CIP and O&P
CIP and O&P
CIP and O&P
CIP and O&P
CIP and O&P
CIP and O&P
CIP and O&P
CIP and O&P
CIP and O&P
CIP and O&P
CIP and O&P
CIP
CIP and O&P
CIP
CIP
CIP and O&P
CIP and O&P
CIP and O&P
CIP and O&P
5. Compliance Outreach
Compliance Outreach Activities
Outreach Activity
Outreach Events
Anticipated Date
NERC | 2016 ERO CMEP Implementation Plan Version 2.5| July 2016
61
Anticipated Date
As available
throughout the
year
Updated as
needed
throughout the
year
The SERC Transmission newsletter is distributed to registered entities within the SERC
Region each month and posted on the SERC website. Articles contain links to scheduled
outreach information for both SERC and NERC events, along with other topics helpful to
maintaining BPS reliability.
SERC Compliance Portal
SERC registered entities submit Self-Certifications, Self-Reports, Mitigation Plans, and
Data Submittals via the SERC Portal. Surveys are conducted for feedback to allow SERC to
incorporate enhancements based on the needs of the users, and outreach events include
training on upgrades and enhancements.
NERC | 2016 ERO CMEP Implementation Plan Version 2.5| July 2016
62
As needed
throughout the
year
SPP RE budgeted for two open positions in 2016 the Compliance Director and a CIP Compliance
Specialist. The open CIP Compliance Specialist position was filled in 2015. Due to attrition, the
enforcement department has one open position at this time SPP RE will continue to use contractors or
consultants during 2016 to assist Staff during audits, investigations and/or enforcement activities.
SPP RE Compliance staff will complete Risk Assessment for the registered entities that are on the 2016
monitoring schedule prior to the end of 2015, and will complete Risk Assessments for all remaining
registered entities in 2016. Concurrent with each Risk Assessment the SPP RE Compliance Staff will
determine the monitoring oversight method and monitoring scope.
SPP RE CIP monitoring will focus on the high and medium impact registered entities.
Specific Reliability Standards require periodic data submittals. The SPP RE, SPP RTO, and MISO collect data
submittals on a monthly, quarterly, or annual basis. To fulfill the requirements, registered entities will
submit reports according to the 2016 periodic data submittal schedule as noted in the Notice to Registered
Entities of SPP RE 2016 Reporting Requirements Schedule. spp.org>Regional Entity Home>Compliance and
Enforcement>2016 Compliance Documents
The SPP RE identified requirements that will be monitored through self-certification on either a quarterly
or annual basis. The requirements and schedule are noted in the Notice to Registered Entities of SPP RE
2016 Reporting Requirements Schedule. spp.org>Regional Entity Home>Compliance and
Enforcement>2016 Compliance Documents
SPP RE will continue to engage the registered entities that request Internal Control Evaluations.
SPP RE will continue to engage the registered entities that request Self-Logging.
SPP RE has developed new tools and templates to implement Risk Assessments and Internal Control
Evaluations for the registered entities.
SPP RE is developing internal guide documents for both compliance and enforcement activities.
SPP RE will continue to collaborate with NERC, Regional Entities and the registered entities to identify
changes to enhance the risk-based approach to monitoring and enforcement processes.
SPP RE CIP Staff will continue the CIP Version 5 Outreach Program that will assist the registered entities
in the transition to CIP Version 5.
NERC | 2016 ERO CMEP Implementation Plan Version 2.5 | July 2016
63
Appendix A6 - Southwest Power Pool Regional Entity (SPP RE) 2016 CMEP Implementation Plan
SPP RE developed RE-specific risk elements based on compliance findings in the SPP RE footprint, regional
system events and SPP RE staffs professional judgement.
SPP RE has developed a Regional Audit Scope Plan that identifies the risk elements within the SPP RE
footprint. The SPP RE risk focus areas identified include the facility rating, restoration, frequency response,
voltage support, new standards for 2016, and Cyber Assets.
SPP RE will consider these Regional risk focus areas when following the ERO Risk-based Compliance
Oversight Framework described in the ERO CMEP. SPP RE will also consider the Regional risk focus areas
when conducting risk assessments to develop the audit scope for the registered entities that are
scheduled for audits during 2016.
Frequency
Response
Voltage Support
Justification
SPP RE identified this risk element due to a regional
deficiency in UFLS relay testing that has led to a
frequency response vulnerability. These risk elements
will ensure the established frequency response
programs are designed, implemented and coordinated
so that the BES will be able to arrest a frequency
decline event. Failure to implement the UFLS program
or a correct frequency bias setting according to design
may result in cascading outages of the BES.
SPP RE identified this risk element due to the number
of Self-Reports indicating failure to maintain reactive
support and voltage control. The purpose is to ensure
generators provide reactive support and voltage
control in order to protect equipment and maintain
reliable operation.
BAL -003-1 R1
Enforceable 7/1/2016
PRC-006-2 R8, R9
VAR-002-4 R1, R2
Justification
SPP RE is expanding this ERO Risk Element in
response to a regional concern about maintaining
proper decision making and performance by system
operations. These risk elements will help ensure that
systems operators will continue to maintain a high
NERC | 2016 ERO CMEP Implementation Plan Version 2.5| July 2016
64
Appendix A6 - Southwest Power Pool Regional Entity (SPP RE) 2016 CMEP Implementation Plan
Justification
PRC-005-1.1b R1, R2
PRC-004-4 R1, R2
Enforceable 7/1/2016
PRC-005-6 R1, R3, R4, R5
Enforceable 4/1/2016
COM-001-2 R3, R9
EOP-005-2 R6, R10
EOP-008-1 R4
TOP-002-2.1b R6, R11, R19
VAR-001-4 R2
On-Site Audits SPP RE will continue to audit the Transmission Operator and Balancing Authority entities
on a three year cycle in 2016.
NERC | 2016 ERO CMEP Implementation Plan Version 2.5| July 2016
65
Appendix A6 - Southwest Power Pool Regional Entity (SPP RE) 2016 CMEP Implementation Plan
In 2016, registered entities with high and medium BES Cyber systems will have on-site audits based upon
a three year cycle.
Off-Site Audits- SPP RE will conduct Operation and Planning audits of the registered entities that were
previously scheduled for an audit in 2016 based upon a six year audit cycle, and will audit registered
entities that have been registered within the last two years. Off-site CIP audits will not be performed in
2016 for registered entities with low impact BES Cyber systems.
Spot-Checks Spot-Checks may be used in lieu of Off-Site audits for registered entities that have been
identified as lower risk through the entity risk assessment. There are no mandatory Spot Checks listed in
the 2016 ERO Enterprise CMEP IP. However, SPP RE may initiate a Spot Check at any time to verify or
confirm Self Certifications, Self-Reports, Periodic Data Submittals or in response to operating problems or
system events.
Self-Certification SPP RE will continue to require SPP RE registered entities to perform a Self-Certification
to ensure that the registered entity is maintaining rigorous internal controls for ensuring compliance with
the Reliability Standards. SPP RE has identified Self-Certification requirements based on the ERO
Enterprise CMEP IP and Regional Assessment for the registered entities. Self-Certification will be
conducted using webCDMS. Entities will receive additional notice and instructions before each quarterly
reporting window.
Periodic Data Submittal - The 2016 ERO Enterprise CMEP IP does not identify Reliability Standards and
Requirements that require periodic data submittals. SPP RE will require period data submittals for the
specific Reliability Standards and Requirements that SPP RE, SPP RTO, MISO and Lead Regional Entities
collect operational data on a monthly, quarterly, or annual basis.
NCR #
NCR01061
NCR11407
NCR11354
NCR01067
NCR06033
NCR01071
NCR01083
Cleco Corporation
NCR01092
NCR11314
NCR01072
NCR11329
NCR01114
NCR01116
NCR06050
NCR11264
NCR01139
NCR06010
NCR11322
NCR11323
Functions Audited
DP, GOP, GO, RP,
TOP,TO,TP
GOP, GO
GO
DP
DP, TO
DP, GOP, GO, TO
BA, DP, FOP, GO, RP, TOP,
TO, TP
GOP, GO
GOP, GO
DP, GOP, GO, RP, TOP,
TO, TP
GOP, GO
BA, DP, GOP, GO, TOP,
TO, TP
BA
RP, TO
GOP, GO
DP
DP, TO
GOP, GO, TO
GOP, GO, TO
Appendix A6 - Southwest Power Pool Regional Entity (SPP RE) 2016 CMEP Implementation Plan
NCR #
NCR01148
NCR00658
Functions Audited
DP, GOP, GO, RP, TOP,
TO, TP
DP, GOP, GO, RP, TOP,
TO, TP
*-CIP audit
**- CIP and O&P audit
5. Compliance Outreach
Compliance Outreach Activities
Outreach Activity
Newsletters
SPP.org RE Webpages
2016 Spring Compliance Workshop
2016 CIP Workshop
2016 Fall Compliance Workshop
Webinars
Training Videos
Event Analysis Lessons Learned
NERC | 2016 ERO CMEP Implementation Plan Version 2.5| July 2016
67
Anticipated Date
Monthly
Updated as needed
March 15-16, Little
Rock, AR
May 24-25, Little
Rock, AR
September 20-21,
Oklahoma City, OK
Approx. 9 per year
As developed
As developed
NERC | 2016 ERO CMEP Implementation Plan Version 2.5 | July 2016
68
Appendix A7 - Texas Reliability Entity (Texas RE) 2016 CMEP Implementation Plan
http://www.texasre.org/CPDL/2014%20Texas%20RE%20Assessment%20of%20Reliability%20Performance.pdf
NERC | 2016 ERO CMEP Implementation Plan Version 2.5| July 2016
69
Appendix A7 - Texas Reliability Entity (Texas RE) 2016 CMEP Implementation Plan
Compliance Working Group (PDCWG) that is responsible for reviewing, analyzing, and evaluating the frequency
control performance of the Interconnection. The PDCWG analyses generation loss events of 450 MW or greater
and system event frequency deviations of +/- 0.1 Hz or greater. The BAL-001-TRE Standard defines the updated
method for individual generator primary frequency response. As such, the Standard could be used in compliance
monitoring efforts for 2016.
Establishing knowledge of a new entity is important in determining risk associated with a new entity. Texas RE
carefully tracks new entities and will use registration input(s) as a way to help delineate the need to engage in
compliance monitoring. Risk-Based Registration, as discussed in the ERO IP, may shift focus onto some registered
entities and trigger review of their responsibilities, or of others as needed. The ERO IP states that monitoring of a
particular registered entity may include more, fewer, or different Reliability Standards than those outlined in the
ERO and RE CMEP IPs. Although the ERO IP and Regional IP identify NERC Standards and Requirements for
consideration for focused compliance monitoring, the ERO recognizes that the Framework and risk-based
processes will develop a more comprehensive, but still focused, list of NERC Reliability Standards and
Requirements specific to the risk a registered entity poses. Therefore, a particular area of focus under a risk
element does not imply: (1) that the identified NERC Standard(s) fully addresses the particular risk associated with
the risk element; (2) that the NERC Standard(s) is only related to that specific risk element; or (3) that all
Requirements of a NERC Standard apply to that risk element equally.
Texas RE will use determined risks to facilitate engagements with registered entities in such a way that prioritizes
the evaluation of compliance for the determined risks. Texas RE will apply the appropriate Risk Element or Risk
Elements and other clearly articulated factors to the appropriate registered entity to maintain a focus on
reliability. Each registered entity is subject to an evaluation of compliance for all Standards regardless of inclusion
within the Areas of Focus described in the ERO IP. That fact allows, as indicated by the ERO IP, for a more in-depth
review of additional Requirements associated with risks beyond those shown within the ERO IP. As each entity
represents a unique set of inherent risks to the Interconnection, Texas RE is committed to having each registered
entity understand how the risks were developed for compliance monitoring engagements. Additional Risk
Elements may be added as needed throughout the year.
Risk Element
Operational
Communication
29
As Standards are revised the most relevant Standard(s) and Requirement(s) managing the identified risk(s) will be used by Texas RE in
compliance monitoring efforts.
NERC | 2016 ERO CMEP Implementation Plan Version 2.5| July 2016
70
Appendix A7 - Texas Reliability Entity (Texas RE) 2016 CMEP Implementation Plan
Risk Element
SPS Management
IRO-005-3.1a R1;
IRO-010-1a R1, R3;
PRC-001-1.1(ii) R1, R6;
PRC-005 R1, R2;
PRC-017-0 R1, R2
http://www.texasre.org/CPDL/2014%20Texas%20RE%20Assessment%20of%20Reliability%20Performance.pdf
NERC | 2016 ERO CMEP Implementation Plan Version 2.5| July 2016
71
Appendix A7 - Texas Reliability Entity (Texas RE) 2016 CMEP Implementation Plan
Risk Element
UFLS Management
Critical
Support
TOP-002-2.1b R14;
TOP-004-2 R6;
TOP-006-2 R1, R2;
VAR-001-4 R1, R2, R5, R6;
VAR-002-4 R1, R2, R5
http://www.texasre.org/CPDL/2014%20Texas%20RE%20Assessment%20of%20Reliability%20Performance.pdf
NERC | 2016 ERO CMEP Implementation Plan Version 2.5| July 2016
72
Appendix A7 - Texas Reliability Entity (Texas RE) 2016 CMEP Implementation Plan
Risk Element
SOL/IROL
Management
32
http://www.texasre.org/CPDL/2014%20Texas%20RE%20Assessment%20of%20Reliability%20Performance.pdf
33
http://www.nerc.com/pa/Stand/Prjct201403RvsnstoTOPandIROStndrds/2014_03_fifth_posting_white_paper_sol_exceedance_2015010
8_clean.pdf
NERC | 2016 ERO CMEP Implementation Plan Version 2.5| July 2016
73
Appendix A7 - Texas Reliability Entity (Texas RE) 2016 CMEP Implementation Plan
Risk Element
UVLS Management
http://www.texasre.org/CPDL/2015%20Periodic%20Data%20Submittal%20Schedule.pdf
http://www.nerc.com/pa/Stand/Reliability%20Standards/PRC-004-3.pdf
NERC | 2016 ERO CMEP Implementation Plan Version 2.5| July 2016
74
Appendix A7 - Texas Reliability Entity (Texas RE) 2016 CMEP Implementation Plan
Rules of Procedure, Section 1600 Request for Data or Information. NERC will analyze the data to: develop
meaningful metrics; identify trends in Protection System performance that negatively impact reliability; identify
remediation techniques; and publicize lessons learned for the industry. Because misoperations exacerbate events
and significantly impact reliability, Texas RE will continue to include a review of the data in the development of
IRAs for registered entities. If any changes other than due dates are made to the 2016 Data Submittal Schedule,
the schedule will be updated and affected entities would receive adequate notification of the change.
NCR #
NCR11114
NCR04109
NCR04124
NCR04091
NCR04056
NCR04049
NCR04033
NCR04029
NCR04028
NCR04006
5. Compliance Outreach
Compliance Outreach Activities
Outreach Activity
Spring Compliance Workshop
Fall Compliance Workshop
Talk with Texas RE
Texas Review Newsletter
CIP Compliance Workshop(s)
NERC | 2016 ERO CMEP Implementation Plan Version 2.5| July 2016
75
Anticipated Date
Spring 2016
Fall 2016
Projected Monthly
(subject to change)
Projected Monthly
TBD
CIP v5 Implementation
WECC continued to provide guidance in a timely manner throughout the CIP v5 transition and will ultimately
facilitate full compliance by the effective date for registered entities throughout the Western Interconnection.
WECC CIP auditors served as technical experts and actively participated in the ERO CIP v5 Transition Advisory
Group to further the development of both CIP v5 Frequently Asked Questions (FAQs) and Lessons Learned. These
documents, once completed, will be posted to the NERC website to educate and inform registered entities in their
transition efforts. CIP v5 FAQs include over 100 common questions and answers, and several detailed Lessons
Learned.
The WECC CIP team prepared and delivered significant CIP v5 outreach sessions covering all of the new CIP
standards in 2015, with additional efforts in support of low impact entities. The onset of required controls for Low
Impact Systems identified in CIP-003-6 R2 will impact the majority of WECC registered entities. With this in mind,
WECC identified four registered entities to participate in a Low Impact Case study. The Case study team will work
closely with WECC CIP Auditors to identify potential hurdles and lessons learned that can be shared with the
broader industry. The WECC CIP staff will continue to develop and support NERC technical discussions to further
strengthen CIP Version 5 transition guidance in 2016.
NERC | 2016 ERO CMEP Implementation Plan Version 2.5 | July 2016
76
Appendix A8 - Western Electricity Coordinating Council (WECC) 2016 CMEP Implementation Plan
Areas of Focus
FAC-003-3 R1
FAC-003-3 R2
FAC-003-3 R6
FAC-003-3 R7
NERC | 2016 ERO CMEP Implementation Plan Version 2.5| July 2016
77
Appendix A8 - Western Electricity Coordinating Council (WECC) 2016 CMEP Implementation Plan
NCR #
NCR05329
NCR05447
NCR11118
NCR05368
NCR05097
NCR11094
NCR05020
NCR05338
NCR05032
NCR05126
NCR05155
NCR11039
NCR05304
NCR11078
NCR11360
NCR05344
NCR11372
NCR11103
NCR03049
NCR03050
NCR11393
NCR05169
NCR02552
NCR10395
NCR11382
NCR05372
NCR05016
NCR05195
* WECC will use the approved ERO Enterprise Risk-based Compliance Oversight Framework, as described in the
ERO Enterprise CMEP IP and will determine the schedule and scope of each audit based on the quarterly CMS
reviews, compliance history and/or results of IRA and ICE.
NERC | 2016 ERO CMEP Implementation Plan Version 2.5| July 2016
78
Appendix A8 - Western Electricity Coordinating Council (WECC) 2016 CMEP Implementation Plan
5. Compliance Outreach
Information for workshops and seminars (and others as they are finalized) and the dates on which they are
scheduled to occur will be posted on the WECC website.
Monthly Open Webinars
Since many of the questions the WECC Compliance Staff receives are very similar, WECC answers questions in an
open forum for greater efficiency. WECC Compliance Subject Matter Experts participate on this webinar and
respond to questions. In fairness to everyone on the call, WECC does not address entity- specific questions and
issues.
Compliance User Group (CUG)
The CUG meeting provides in-depth, in-person, and detailed training and education through structured lecture
and presentation, panels of experts, interactive dialog in an open forum, direct question and answer sessions and
invaluable networking opportunities. Workshops cover the entire compliance sphere with focus reflecting the
attendees and industries issues. These meetings provide direct access to the WECC Compliance management
team, staff, and Subject-Matter Experts. Participants may also attend telephonically or via video webinar.
Critical Infrastructure Protection User Group (CIPUG)
The mission of the CIPUG is to provide an open forum for the exchange of information regarding the WECC
Compliance Program's enforcement of mandatory CIP Standards in the Western Interconnection. Its meetings are
structured similarly to those of the Compliance User Group, and it is a forum for WECC to provide information
regarding NERC and WECC CIP activities and related training and workshops for registered entities on an asneeded basis.
Compliance Outreach Activities
Outreach Activity
Anticipated Date/Location
WECC Open Webinar
Third Thursdays of most months
Compliance 101 Webinar
Video Tutorial
Compliance User Group (CUG)
March 22-24, 2016
Critical Infrastructure Protection User Group (CIPUG)
San Diego, CA
May, 2016
CIP 101 Low Impact Assets Seminar
TBD
September 27-28, 2016
CIP Workshop
Salt Lake City, UT
Compliance User Group (CUG)
October 25-27, 2016
Critical Infrastructure Protection User Group (CIPUG)
Phoenix, AZ
NERC | 2016 ERO CMEP Implementation Plan Version 2.5| July 2016
79
Applicable Reliability
Standards and
Requirements
AAA-000-0 R 1
Details of CA Efforts
Findings
Finding conclusion
Equipment failure of a
high-side transformer
cleared along with two
transmission lines.
NERC | 2016 ERO CMEP Implementation Plan Version 2.5 | July 2016
80
No findings of
noncompliance