NERC Standards for new NERC Compliance Professionals

Is your company looking to clarify compliance in 2024? Do you have new subject matter experts (SMEs) on your team? Over the years I have realized North American Electric Reliability Corporation (NERC) Compliance is a team sport, and it is only a matter of time before you are drafted… if you have not been already. If you have recently been drafted into NERC Compliance, welcome; if you are a seasoned compliance professional, we are glad to have you on the team! No matter your tenure in compliance you may be feeling overwhelmed by resources scattered across multiple locations. It is my hope that this article will streamline some of the resources and information available to you and your team. Some basic foundations are needed to help clarify compliance.

Functional Registration

NERC’s Rules of Procedure (ROP) requires organizations that have a material impact on the Bulk Power System (BPS) to register by a functional type or category to verify that entity is capable of responsibilities for tasks associated with that function, such as Balancing Authority, Transmission Operator, or Reliability Coordinator. For example, it is through NERC’s registration process that organizations like Southwest Power Pool (SPP) and Midcontinent Independent System Operator (MISO) become registered as Reliability Coordinators (RCs) and thereby responsible for meeting standards requirements applicable to RCs.

The criteria by which a bulk power system user, owner, or operator must register with NERC, and therefore be subject to applicable NERC Reliability Standards, is described in the Rules of Procedure Section 500 – Organization Registration and Certification and Appendices 5A and 5B. Per NERC Rules of Procedure (ROP), entities are responsible for compliance with all NERC Reliability Standards that apply to each function for which they are registered. Compliance with the standards is the responsibility of each registered entity.

An entity’s compliance obligations begin on the day the entity is registered with NERC unless a Requirement or Reliability Standard implementation plan (or other authoritative document) specifies the date by which the entity is required to be compliant.

The Functional Registrations are:

Reliability Coordinator (RC)

Transmission Operator (TOP)

Balancing Authority (BA)

Planning Authority/Planning Coordinator (PC)

Transmission Planner (TP)

Transmission Service Provider (TSP)

Transmission Owner (TO)

Resource Planner (RP)

Distribution Provider (DP)

Generator Owner (GO)

Generator Operator (GOP)

Reserve Sharing Group (RSG)

Frequency Response Sharing Group (FRSG)

Regulation Reserve Sharing Group

NERC maintains and publishes the NERC Compliance Registry, which identifies actively registered entities and the applicable functional categories for which each is registered.

Reliability Standards

A Reliability Standard includes a set of requirements that define specific obligations of owners, operators, and users of the North American bulk power system and include cybersecurity requirements. The NERC Glossary of Terms is very helpful in establishing an understanding of compliance terminology and fostering effective communication.

Standards Families

Currently, there are fourteen families of standards. FERC Order 693 made compliance mandatory for what we know today as the Operations & Planning Standards and FERC Order 706 created the Critical Infrastructure Protection Standards. Each standard family is represented by a the three-character abbreviation as follows:

Elements of a Reliability Standard

Each Reliability Standard includes the same elements of information, arranged into the following sections:

• Introduction – Includes the name, number, purpose, and applicability of the standard. The applicability element of a Reliability Standard identifies the specific Functional Entities and Facilities responsible for enforcing the standard. The effective date of the standard and any background information that helps explain the need for the standard will be found in this section.

• Requirements and Measures – Depending on the standard, these may appear as a single section or as two different sections. The Requirements section describes the action or outcome that must be achieved to be compliant with the standard. The Measures section describes how the registered entity is to prove compliance with the requirement. There is one measure for each requirement.

• Compliance – Provides information about the compliance monitoring process for the standard, including evidence retention requirements. This is also where to find information about violation severity levels (VSL) for the standard.

Types of Reliability Requirements

NERC Reliability Standards identify what Functional Entities shall do, and under what conditions, to achieve a specific reliability objective. It is important to note the NERC Reliability Standards set minimum criterion for operations, planning, and security. There are several types of requirements, each with a different approach to measurement.

• Performance-based Requirements define a specific reliability objective or outcome with a direct, observable effect on reliability of the bulk power system. It can be measured using power system data or trends. In its simplest form, a performance-based requirement has four components: who, under what conditions (if any), shall perform what action, to achieve what particular result or outcome.

• Risk-based Requirements define actions that reduce an identified risk to the reliability of the bulk power system to an acceptable tolerance level. It can be measured by evaluating a particular product or outcome resulting from the required actions. A risk-based reliability requirement should be framed as: who, under what conditions (if any), shall perform what action, to achieve what particular result or outcome that reduces a stated risk to the reliability of the bulk power system.

• Capability-based Requirements define capabilities needed to perform reliability functions and can be measured by demonstrating that the capability exists as required. A capability-based reliability requirement should be framed as: who, under what conditions (if any), shall have what capability, to achieve what particular result or outcome to perform an action to achieve a result or outcome or to reduce a risk to the reliability of the bulk power system.

If you would like to learn more, I highly encourage you to check out SERC Reliability Corporation’s  SERC University course on the NERC Reliability Standards,  as well as NERC ROP, Section 2.0: Elements of a Reliability Standard.

NERC Reliability Standards Audit Worksheet

A Reliability Standard Audit Worksheet (RSAW) is a guide provided by the Electric Reliability Organization (ERO) that provides some of the methodology that NERC uses to assess compliance with the requirements of a given Reliability Standard.

NERC Compliance Enforcement Authorities (CEAs), such as MRO, use RSAWs when auditing registered entities. This can make the RSAW the registered entity’s primary method of communicating internal compliance process, controls, and evidence to the audit team.

Each RSAW includes a table that lists each requirement within the standard and identifies the Functional Registrations to which it applies. This table can serve as a quick visual of the applicability for each of the Functional Registrations.

CIP-004-7 Example:

To ensure both a strong narrative and compliance posture, SMEs should review the Compliance Assessment Approach for each Reliability Standard Requirement to ensure all audit or verification questions have been addressed in procedures and responses. Without verification, entities are left to assume that processes are designed effectively, operating as designed, and procedures are being executed as written. Without self-assessment, how would you know and how can you be certain that you have identified and mitigated all potential reliability and compliance gaps?

CIP-004-7 Example:

Completing RSAWS annually can enhance registered entities’ compliance programs by:

1. Providing detective, preventative, and corrective controls in the compliance process.
2. Serving as a training tool to SMEs for the regulation for which the registered entity is responsible to comply.
3. Evidence can be date stamped and stored, ensuring the registered entity is “audit ready” at any moment.
4. A “Library” of compliance history is populated, where evidence can be obtained by anyone should turnover occur.

When completing the Internal Compliance Review and completion of RSAWs, a few checklist items should include:

• Review of both currently effective and future mandatory Reliability Standards to address possible updates/changes.
• Verification of all document references within a procedure.
• Clarification of findings from last audit, mock audit, or other Regional Entity engagements.

NERC Reliability Standard Audit Worksheets (RSAWs) are available for download on NERC’s website. 

In 2024, I challenge each of you to clarify compliance and remember daily activities foster intentional compliance. When approaching compliance, come with intent, purpose, and energy. I know at times there can be a lack of certainty or understanding with compliance… and it can be hard to commit until there is clarity, but many times clarity comes with movement and action. So, let us commit to moving forward with intent, purpose, and energy.

• Other Resources:
• The History of the North American Electric Reliability Corporation
• Reliability Primer
• One-Stop Shop
• Compliance Guidance

By Courtney Vetter, Manager, Electric System Compliance, Montana-Dakota Utilities Co.

About the Author

DISCLAIMER

MRO is committed to providing non-binding guidance to industry stakeholders on important industry topics. Subject matter experts from MRO’s organizational groups have authored some of the articles in this publication, and the opinion and views expressed in these articles are those of the author(s) and do not necessarily represent the opinions and views of MRO.