NERC Compliance Success Through a Corporate Community Approach

In 2003, the Northeastern United States and parts of Canada experienced a significant and disruptive blackout event with root causes related to trees (right of way vegetation management), training (system control center personnel), tools (real-time situational awareness) and wide-area support (inadequate reliability coordinator diagnostics). In the decade since, NERC has developed a host of new, interrelated mandatory compliance standards to address reliability shortcomings and encourage the power industry to improve overall collaboration and work processes to ensure uninterrupted access to electricity for all.

The proliferation of interrelated NERC standards has encouraged a spirit of communication, collaboration and cooperation across internal utility departments, requiring a corporate community approach that emphasizes a culture of teamwork and safety for ultimate compliance success.

Interrelationships Between NERC Standards

A good portion of NERC Standards (and corresponding standard requirements) are interrelated either directly or indirectly. There are standard requirement outputs that serve as inputs into other standard requirements or depend on deliverables from them. Examples of compliance tie-ins include:

When drafting your operating policies, along with NERC Audit Readiness documentation (like RSAWs), compliance stakeholders should contemplate these internal links when preparing for any future Regional Entity (RE) engagements. This would be an optimal time to formally integrate the objective QA/QC document reviews from the leaders in the other impacted departments. It clearly demonstrates to auditors that there is an intentional effort to breakdown operational silos and encourage compliance awareness across corporate boundaries. Furthermore, the better that individual contributors understand the importance of their work output within the broader context of overall NERC compliance, the more likely that they are to become more focused on the quality of their work.

There are many positive outcomes when stakeholders have an improved sense of their NERC compliance awareness, including:

• Mitigating repeat violations and unforced compliance errors. This creates an overall greater culture of compliance through this community effort and helps to improve an entity’s NERC compliance reputation with their Regulators.
• Increasing overall corporate productivity. With a decline in incident management activities and continuously implementing mitigation plans, individual contributors and subject matter experts can spend more time on executing core company duties and responsibilities.
• Avoiding financial penalties. There is a direct, positive impact on shareholder value, since NERC fines and penalties are not recoverable.

Increasing Compliance Awareness and Promoting Best Practices

Your company’s compliance success is influenced by how willing all compliance stakeholders are and how aware they are that their work is externally influenced, in conjunction with how their work affects other corporate compliance colleagues. Action items for companies to consider implementing to improve their overall compliance awareness and performance include:

• Schedule ongoing, periodic coordination discussions that help open lines of communication between all mutually impacted compliance stakeholders.
• Establish a centralized, corporate source of truth to breakdown compliance silos.
• Perform annual QA/QC document reviews of all policies, procedures and guidelines with NERC compliance implications. This includes incorporating policy reviewers, signatures and approvers from other accountable organizations.
• Cultivate, Acknowledge and Submit NERC compliance evidence throughout the audit cycle, as opposed to 30 to 90 days prior to a formal audit. This requires stakeholders to compile NERC compliance evidence periodically, such as monthly or quarterly (cultivate), self-certify evidence throughout the audit cycle (acknowledge), and locally archive certified NERC evidence in parallel with transmittal to the Regions (submit).
• Encourage the proactive compliance engagement from ancillary stakeholders that do not have any official NERC Registered Function. For example, Corporate Telecommunications with supporting COM-001-3 (Communications), or Corporate Human Resources with supporting CIP-004-7 (Cyber Security – Personnel & Training). Notably, this tends to require executive leadership motivation to inspire active employee participation.
• Ongoing, continuous training and awareness seminars to keep NERC Compliance at the forefront of everybody’s focus. Use near misses and close calls as the background for future training materials and highlight ongoing required training explicitly called out in the NERC standards.

Next Steps

It is essential that adherence with NERC compliance obligations is considered by all stakeholders from a wider corporate perspective, as opposed to a parochial team by team focus. The work inside the office, as well as the efforts out in the field, have some direct or indirect correlation to your company’s overall compliance posture. It is imperative to gain a better understanding of the work that you are responsible for executing and how it impacts the other compliance stakeholders, within your individual boundary of influence. It is important to remember these key compliance takeaways when considering a corporate community approach:

• NERC Compliance is a team sport. No one individual or department is an island onto themselves.
• The Regional Entities (RE) audit (e.g. Reliability First, Midwest Reliability Organization, etc.) assess your company’s overall compliance adherence as a whole enterprise. You are not being audited or graded on a department-by-department basis.
• It is essential to demonstrate the principles of collaboration, cooperation and transparency while in front of the auditors. Once it is clear that your company is not internally aligned amongst themselves, the line of questioning will help further explore any lack of transparency and communication amongst the various compliance stakeholders.

TRC Can Help

At TRC, we focus on enhancing shareholder value and corporate compliance reputation by mitigating the risk of non-recoverable NERC fines, improving audit readiness, eliminating silos, enhancing operational efficiency, streamlining workflows and establishing a centralized document repository for core compliance data.

Our tested practitioners have decades of experience with utility-based regulatory requirements. We conduct NERC gap assessments, execute audit readiness initiatives and power flow studies. We also support physical and cyber security assessments and onsite walk downs of transmission lines and substations to verify FAC-008 facility rating data values. Our team is accustomed to working closely with utilities to analyze, evaluate and prepare for cold and extreme weather events, PRC related relay studies and MOD related studies.