2015 CMEP Implementation Plan
2015 ERO Compliance Monitoring and Enforcement Implementation Plan Revised November 18, 2014 NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 I Table of Contents Preface ....................................................................................................................................................................... iii Introduction ................................................................................................................................................................4 Purpose ...................................................................................................................................................................4 Implementation Plan ..............................................................................................................................................4 RE Implementation Plans ....................................................................................................................................4 Risk-based Approach to Compliance Monitoring and Enforcement ..........................................................................6 Risk-based Compliance Monitoring ........................................................................................................................6 Deployment of Risk-based Compliance Oversight ..............................................................................................6 Risk-based Compliance Oversight Framework....................................................................................................6 Risk-based Enforcement .........................................................................................................................................9 Risk-based Compliance Oversight Plan ................................................................................................................... 10 Risk Elements Results .......................................................................................................................................... 10 2015 Risk Elements .......................................................................................................................................... 10 Regional Risk Assessments .................................................................................................................................. 16 Regional Compliance Oversight Plan ................................................................................................................... 16 NERC Oversight of Regional Implementation Plans ......................................................................................... 17 Revision History ....................................................................................................................................................... 18 Appendix A1 - Florida Reliability Coordinating Council (FRCC) 2015 CMEP Implementation Plan ......................... 19 Appendix A2 - Midwest Reliability Organization (MRO) 2015 CMEP Implementation Plan ................................... 24 Appendix A3 - Northeast Power Coordinating Council (NPCC) 2015 CMEP Implementation Plan......................... 28 Appendix A4 - ReliabilityFirst Corporation (ReliabilityFirst) 2015 CMEP Implementation Plan ............................. 34 Appendix A5 - SERC Reliability Corporation (SERC) 2015 CMEP Implementation Plan .......................................... 51 Appendix A6 - Southwest Power Pool Regional Entity (SPP RE) 2015 CMEP Implementation Plan ....................... 58 Appendix A7 - Texas Reliability Entity (Texas RE) 2015 CMEP Implementation Plan ............................................. 61 Appendix A8 - Western Electricity Coordinating Council (WECC) 2015 CMEP Implementation Plan ..................... 68 Appendix B - Compliance Assessment Report......................................................................................................... 83 NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 ii Preface The North American Electric Reliability Corporation (NERC) is a not-for-profit international regulatory authority whose mission is to ensure the reliability of the bulk power system (BPS) in North America. NERC develops and enforces Reliability Standards; annually assesses seasonal and long‐term reliability; monitors the BPS through system awareness; and educates, trains, and certifies industry personnel. NERC’s area of responsibility spans the continental United States, Canada, and the northern portion of Baja California, Mexico. NERC is the electric reliability organization (ERO) for North America, subject to oversight by the Federal Energy Regulatory Commission (FERC) and governmental authorities in Canada. NERC’s jurisdiction includes users, owners, and operators of the BPS, which serves more than 334 million people. The North American BPS is divided into several assessment areas within the eight Regional Entity (RE) boundaries, as shown in the map and corresponding table below. The ERO Enterprise is comprised of NERC and the eight REs. FRCC MRO NPCC RF SERC SPP-RE Texas RE WECC Florida Reliability Coordinating Council Midwest Reliability Organization Northeast Power Coordinating Council ReliabilityFirst SERC Reliability Corporation Southwest Power Pool Regional Entity Texas Reliability Entity Western Electricity Coordinating Council NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 iii Introduction Purpose The ERO Compliance Monitoring and Enforcement Program Implementation Plan (Implementation Plan) is the annual operating plan carried out by Compliance Enforcement Authorities (CEAs) while performing their responsibilities and duties as called for in the Compliance Monitoring and Enforcement Program (CMEP). CEAs, which consist of NERC and the eight REs, carry out CMEP activities in accordance with the NERC Rules of Procedure (ROP), including Appendix 4C, the respective Regional Delegation Agreements between NERC and each RE, and other agreements with the Canadian regulatory authorities. Historically, the Implementation Plan has specified the NERC Reliability Standards and Requirements to be actively monitored and audited by the REs during the implementation year.1 For the 2015 Implementation Plan and beyond, NERC will replace the approach used to develop the ERO CMEP Implementation Plan and the Actively Monitored List (AML) with processes that identify and prioritize continent-wide risks to the reliability of the BPS, as well as related Reliability Standards and registration functional categories. The new approach will provide input to a more individualized compliance oversight plan for registered entities. The transformation to focus on identifying and prioritizing risks replaces a static, one-size-fits-all list of Reliability Standards and prioritizes functions and Reliability Standards based on risk to determine the appropriate oversight method. The NERC ROP requires that NERC provide the Implementation Plan to the REs on or about September 1 of the preceding year.2 REs must submit their Implementation Plans to NERC for review and approval on or about October 1. Regional Implementation Plans provide: Details on Regional Risk Assessment processes and results, Reliability Standards and Requirements associated with Regional Risk Assessment results, Regional compliance oversight plan, which includes its annual audit plan, and Other key activities and processes used for CMEP implementation. Implementation Plan The ERO Enterprise maintains a consolidated Implementation Plan that provides guidance and implementation information common among the NERC and the eight REs. During the implementation year, NERC or a RE may update the Implementation Plan. Updates could include, but are not limited to: changes to compliance monitoring processes, changes to regional processes, or updates resulting from a major event, FERC Order, or other matter. When updates occur, NERC will post a revised plan on the NERC website and issue a compliance communication. REs should submit updates to the NERC Compliance Operations group, which will review and act on any proposed changes. NERC will be responsible for updating the ERO CMEP Implementation Plan to reflect any RE changes and will post the updated plan to the website and issue compliance communications. RE Implementation Plans The Regional Implementation Plans supplement the ERO CMEP Implementation Plan and provide information that is RE-specific. The Regional Implementation Plan describes Regional risk assessments that identify risks that Regions will consider as part of their compliance oversight plan, which includes the 2015 annual audit plan. 1 2 NERC ROP, Section 401 (Scope of the NERC Compliance Monitoring and Enforcement Program). NERC ROP, Section 403 (Required Attributes of RE Compliance Monitoring and Enforcement Programs). NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 4 Introduction Appendices 1.1-1.8 contain the Regional Implementation Plans. NERC will update the Implementation Plan on or about November 1 to include the Regional Implementation Plans. Regional Implementation Plans are due to NERC for review on or about October 1. NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 5 Risk-based Approach Enforcement to Compliance Monitoring and Risk-based Compliance Monitoring Deployment of Risk-based Compliance Oversight Through a Reliability Assurance Initiative (RAI), NERC has transformed its compliance and enforcement program into one that is forward-looking, focuses on areas that represent a high risk to BPS reliability, and reduces the administrative burden on registered entities. The transformed approach to compliance monitoring emphasizes an examination of reliability risks as the basis for the determination of the appropriate oversight framework, including scope, frequency, and what monitoring tools are appropriate in each case. During 2015, CEAs will begin deploying processes and tools used to support risk-based compliance oversight. NERC and the REs are committed to ensuring full transformation to risk-based compliance oversight, and NERC and the REs plan continued communications, training, and outreach throughout 2015 to support risk-based compliance oversight. Risk-based Compliance Oversight Framework The ERO Enterprise’s Risk-based Compliance Oversight Framework (Framework) consists of processes that involve reviewing system-wide risk elements, an assessment of a registered entity’s inherent risk, and, on a voluntary basis, an evaluation of a registered entity’s internal controls prior to establishing a monitoring plan that is tailored to a particular entity or group of entities. Figure 1 below illustrates the ERO Enterprise’s transformation from a static compliance approach to a dynamic approach. Reliability risk is not the same for all registered entities; therefore, this Framework examines BPS risk as well as individual registered entity risk to determine the most appropriate CMEP tool to use when monitoring a registered entity’s compliance with Reliability Standards. This Framework also promotes examination of how registered entities operate. As illustrated by the blue arrows in Figure 1, the Framework tailors compliance monitoring focus to those areas that pose the greatest risk to BPS reliability. The elements in Figure 1 are dynamic and are not independent; rather, they are complementary and interdependent on each another. Figure 1: Risk-based Compliance Oversight Framework NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 6 Risk-based Approach to Compliance Monitoring and Enforcement Risk Elements The first step of the Framework consists of identifying and prioritizing continent-wide risks. These risks are identified and prioritized based on, among other things, the work done by NERC staff, the Reliability Issues Steering Committee (RISC), initiatives such as the Standards Independent Experts Review Project, and risks identified in the ERO Enterprise Strategic Plan. Risks are identified and prioritized based on significance, likelihood, vulnerability, and potential impact to the reliability of the BPS. They may be categorized as operational and planning risks, as well as threats to cyber systems or physical security. While risk identification occurs on at least an annual basis, they are dynamic and continually evolve. Accordingly, periodic reviews and updates may be necessary and appropriate to address increased or emerging risks as well as reflect mitigated risks. However, the risks and associated Reliability Standards identified through this process do not constitute the entirety of risks that may affect the reliability of the BPS. Regional Entities are expected to consider local risks and specific circumstances associated with individual registered entities within their footprint when developing their compliance oversight plans. Inherent Risk Assessment REs perform an Inherent Risk Assessment (IRA) of registered entities to identify areas of focus and the level of effort needed to monitor compliance with NERC Reliability Standards for a particular registered entity. The IRA is a review of potential risks posed by an individual registered entity to the reliability of the BPS. An IRA considers risk factors such as assets, systems, geography, interconnectivity, prior compliance history, and overall unique entity composition when determining the compliance oversight plan for a registered entity. The IRA will be performed on a periodic basis, with the frequency based on a variety of factors, including, but not limited to, changes to a registered entity and significant changes or emergence of new reliability risks. For monitoring activities performed in 2015, REs may be in various stages of conducting IRAs for registered entities within their footprint. During 2015 and beyond, REs will continue to expand the IRA process to registered entities in their footprints based on risk and compliance monitoring schedules. Internal Controls Evaluation To further tailor monitoring plans in accordance with risk for registered entities in their footprints, the Regional Entities also take into account any information obtained through the processes outlined in the Internal Control Evaluation (ICE) Guide. For those entities who volunteer to undergo an ICE, REs will select those who will participate in the ICE process based on the risk posed by particular entities and compliance monitoring schedules. The Internal Controls Evaluation (ICE) enables a further refinement of the registered entity’s compliance oversight plan. Registered entities have an opportunity to: (i) provide, on a voluntary basis, information to their respective RE about their internal controls that address the risks applicable to the entity and for identifying, assessing, and correcting noncompliance with Reliability Standards; and (ii) demonstrate the effectiveness of such controls. As a result of the ICE, there may be additional focus of the compliance assurance activities for an entity. Registered entities may elect not to participate in an ICE. In that case, the CEA will use the results of the IRA to determine the appropriate compliance oversight strategy, including focus and tools within the determined scope. CMEP Tools Ultimately, the RE will determine which of the compliance monitoring tools (i.e., off-site or on-site audits, spot checks, or Self-Certifications) are warranted. REs will tailor compliance monitoring activities for registered entities in their footprint based on reliability risks. Reliability Coordinators, Balancing Authorities, and Transmission Operators are expected to remain on a three-year audit cycle. The determination of the appropriate CMEP tools will be adjusted, as needed, within a given implementation year. Self-certifications In the 2015 ERO CMEP Implementation Plan, the ERO identifies continent-wide reliability risks to the BPS and a core set of Reliability Standards and Requirements associated with those risks for specific registered functions. NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 7 Risk-based Approach to Compliance Monitoring and Enforcement In developing a compliance oversight plan for registered entities in its footprint, REs should support compliance assurance with these identified Standards and Requirements. Through a risk assessment, an RE may determine that regional risks or risks associated with any particular registered entity drive more, less, or different priorities, and, therefore, the RE may modify the set of core Reliability Standards or pursue compliance assurance through any monitoring tools to address those regional and entity-specific considerations. If an annual self-certification program is not included in a Regional IP, the RE will be expected to address the identified risks through other means. Compliance Assessments for Events and Disturbances An important component of the ERO enterprise’s risk-based approach to compliance monitoring is the voluntary participation in the Compliance Assessment (CA) Process by registered entities after an event or disturbance. Through the Events Analysis Process, the ERO enterprise promotes a culture of reliability excellence that encourages an aggressive and critical self-review and analysis of operations, planning, and critical infrastructure performance. The CA Process is a complementary review of the event focused on the evaluation of compliance with Reliability Standards. A registered entity completes a CA by reviewing the facts and circumstances of an event or disturbance, identifying relevant Reliability Standards and Requirements, evaluating compliance with these Standards and Requirements, and self-reporting any potential noncompliance. Regional Entity (RE) compliance staff also assesses significant events and disturbances to improve understanding of reliability risks that may guide further compliance monitoring activities. Registered Entity Responsibilities The ERO enterprise encourages registered entities to perform a voluntary, systematic CA in response to all system events and disturbances. Registered entities are also expected to share the CA with the RE for all Category 2 and above events. The ERO Events Analysis process document describes the categories for events.3 Registered entities should use the Sample Compliance Assessment Report Template (Appendix 3 of this document) when performing a CA. In addition to the completed CA template, registered entities should provide to the RE sufficient event information, such as the Brief Report or Event Analysis Report, so the RE may thoroughly understand the event. Registered entities that follow the process above to systematically evaluate their own compliance performance, identify, self-report potential noncompliance, and address reliability issues demonstrate the effectiveness of their internal controls and their commitment to a culture of compliance. Registered entities that are able to demonstrate strong internal controls and a robust culture of compliance that mitigates risk may be afforded some recognition by way of reduced levels and frequency of compliance monitoring activities. Mitigating credit for these actions is also considered during the enforcement of a noncompliance. Such credit is available to the registered entity for comprehensive compliance assessments that clearly demonstrate a systematic review of applicable Standards and, as appropriate, self-reporting. Regional Entity Responsibilities REs will review system event reports and CA reports provided by registered entities and may utilize a risk-based approach to prioritize these evaluations. However, the REs will conduct a regional compliance evaluation (RCE) for all Category 2 and above events. By exception, the RE may also examine lower category events that indicate the need for closer examination. As part of its independent evaluation of the CA, the RE may request additional information from the registered entity if it is needed to better understand the event. This process, while informal, may be used to recommend a formal compliance monitoring method, such as a spot check or be used to recommend the modification the scope of an upcoming audit. The scope of RCEs and the manner in which the REs and NERC evaluate, process, and respond to these reviews is intended to reflect the significance of the event. The registered entity can greatly assist the RE by providing a thorough and systematic self-evaluation with its CA. The RE will share the RCE and CA with NERC staff. 3 http://www.nerc.com/pa/rrm/ea/EA%20Program%20Document%20Library/Final_ERO_EA_Process_V2.1.pdf NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 8 Risk-based Approach to Compliance Monitoring and Enforcement Risk-based Enforcement The ERO Enterprise recognizes that not all instances of noncompliance require the same type of processing and documentation and that there is a need to streamline processes for resolving minimal and moderate risk issues. This is necessary to enable the ERO Enterprise, as well as industry, to allocate resources to address the issues posing a higher level of risk to reliability. The ERO Enterprise will continue to use more formal enforcement processes, particularly Notices of Penalty, to respond to higher risk issues. Such cases can lead to the identification and implementation of above-and-beyond activities and other non-monetary sanctions, in addition to financial penalties. Compliance Exceptions Based on the experience with a streamlined process and a reduced record since 2013, NERC and the REs have exercised discretion when deciding whether to initiate an enforcement action for instances of noncompliance posing a minimal risk to the reliability of the BPS. Issues resolved outside of the enforcement process are referred to as compliance exceptions. The resolution of these issues outside of the enforcement process has not eliminated oversight or visibility over the issues. Rather, these issues are provided for review by NERC and FERC. The process has allowed NERC and the Regional Entities to work with registered entities to identify and mitigate minimal risk issues promptly and more efficiently. Beginning in January 2015, all minimal risk instances of noncompliance will be eligible for resolution as a compliance exception. While compliance exceptions will effectively supersede Find, Fix, Track and Report (FFT) as the process for resolving minimal risk instances of noncompliance in the future, for the time being, the FFT process remains relevant, particularly as it relates to moderate risk issues or minimal risk issues that a region may not deem appropriate to be treated a compliance exception, based on individual facts and circumstances of a particular noncompliance. Self-Logging Program Beginning in October 2013, NERC and the Regional Entities began to allow select registered entities with demonstrated effective management practices to self‐identify, assess, and mitigate instances of noncompliance to self-log4 minimal risk instances of noncompliance that would otherwise be individually self‐reported. Properly logged items will be presumed appropriate for resolution as compliance exceptions unless there are additional risk factors identified by the CEA. This is consistent with the notion that instances of noncompliance that are selfidentified through internal controls, corrected through a strong compliance culture, and documented by the registered entity, should not be resolved through the enforcement process or incur a penalty, absent a higher risk to the BPS. The self-logging program also encourages the development and communication of management practices by registered entities and rewards registered entities for implementing demonstrated, effective controls in place to detect and correct issues as they arise. 4 The program is also known as the aggregation program. NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 9 Risk-based Compliance Oversight Plan Risk Elements Results The ERO Enterprise has always assessed risks to the reliability of the BPS, as well as mitigating factors that may reduce or eliminate a given reliability risk, and the ERO Enterprise will continue to do so under the Framework referenced above. The ERO Enterprise developed a risk elements Guide to describe a process for identifying risks to the BPS and associated registration functional categories and NERC Reliability Standards to those risks. In 2015, the ERO Enterprise identified nine risk elements with specific areas of focus. REs will consider the nine risk elements, along with regional risk considerations, to develop their Regional Implementation Plans. The risk elements identify and prioritize existing risks to the reliability of the BPS. Each of the nine risk elements below is accompanied by a table identifying Reliability Standards and Requirements associated with each risk. The risk elements serve as an input into the overall Regional Risk Assessment to support a risk-informed compliance oversight plan. Risk elements do not serve as a baseline list of Reliability Standards and Requirements, as previously identified through the AML in prior years’ CMEP Implementation Plans, nor do they identify Reliability Standards and Requirements that must be audited. Rather, they provide the starting point for the analysis of regional risks which will then be reflected in the Regional Implementation Plans. 2015 Risk Elements The nine risk elements below are not a comprehensive list of all risks to the reliability of the BPS. Where issues are being addressed through other mechanisms, they are not included herein for compliance assurance activities.5 1. Infrastructure Maintenance As the BPS continues to age, lack of infrastructure maintenance is a reliability risk that continues to grow in importance. AC Substation Equipment Failures As reported in the State of Reliability 2014 report, AC Substation Equipment Failures had the largest positive correlation with automatic transmission outage severity in 2013. The correlation is statistically significant: a pattern and underlying dependency exists between AC substation equipment failures and transmission outage severity. While it is unclear whether or not there is a relationship between substation equipment failures and maintenance, such a relationship may exist. The issue of AC Substation Equipment Failure is one that is still being investigated, and action plans to address this concern are being developed. Thus, the ERO CMEP IP may be updated during the year to reflect new activities based on NERC’s investigation. Aging Infrastructure The general concern of Infrastructure Maintenance has been highlighted in other NERC documents. The 2013 Long-Term Reliability Assessment highlighted this area of concern, stating: Aging transmission system infrastructure has many challenges, such as the availability of spare parts, the obsolescence of older equipment, the ability to maintain equipment due to outage scheduling restrictions, and the ability to keep pace with technological advancements … Larger scale “infrastructure revitalization” may be necessary in the future; however, with older generation retiring throughout the next decade, the average age of BPS generation facilities will be relatively young. Implementation of any replacement strategy and in-depth training programs 5 For example, vegetation management and right-of-way clearances, while key priorities, are not areas of focus for compliance assurance activities because they are being addressed through other ongoing targeted initiatives. NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 10 Risk-based Compliance Oversight Plan requires additional capital investment, engineering and design resources, and construction labor resources, all of which are in relatively short supply. Areas of Focus Table 1 – Infrastructure Maintenance Standard Requirements PRC-005-2 R3, R4 PRC-008-0 R1, R2 PRC-011-0 R1 PRC-017-0 R1 Entities for Attention Generator Owners Transmission Owners Distribution Provider Distribution Providers Transmission Owners Distribution Providers Transmission Owners Distribution Providers Generator Owners Transmission Owners 2. Uncoordinated Protection Systems Protection systems that trip unnecessarily can contribute significantly to the extent of an event. When protection systems are not coordinated properly, the order of execution can result in either incorrect elements being removed from service or more elements being removed than necessary. This can also occur with Special Protection Systems, Remedial Action Schemes, and Underfrequency Load Shedding and Undervoltage Load Shedding schemes. Such coordination errors occurred in the September 8, 2011 event (see recommendation 19)6 and the August 14, 2003 event (see recommendation 21).7 Both the RISC’s ERO Priorities: RISC Updates and Recommendations report and NERC’s ERO Top Priority Reliability Risks 2014-2017 report recognize protection systems as a significant risk based on the extensive work and detailed analysis contained in the State of Reliability reports from 2012 and 2013. Areas of Focus Table 2 – Uncoordinated Protection Systems Standard Requirements Entities for Attention PRC-001-1.1 R3, R5 Generator Operator Transmission Operator Transmission Operator R4 3. Protection System Misoperations Protection systems are designed to remove equipment from service to avoid damage to equipment when a fault occurs. A protection system that does not trip or is slow to trip may lead to the damage of equipment (which may result in degraded reliability for an extended period of time), while a protection system that trips when it should not can remove important elements of the power system from service at times when they are needed most. Unnecessary trips can even start cascading failures as each successive trip can cause another protection system to trip. NERC’s 2012 and 2013 State of Reliability Reports identified protection system misoperations as a significant threat to BPS reliability. Additional activities are needed to ensure this risk is managed adequately. 6 7 See Arizona-Southern California Outages on September 8, 2011. See Final Report on the August 14, 2003 Blackout. NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 11 Risk-based Compliance Oversight Plan Key Finding 3 of NERC’s State of Reliability 2014 report was based on the continuing history of misoperations being a significant contributor to events. The report notes: In 2013, there were 71 transmission-related system disturbances that resulted in a NERC Event Analysis reported event. Of those 71 events, 47 (about 66 percent) had associated misoperations. Of these 47 events, 38 (about 81 percent) experienced misoperations that were contributory to or exacerbated the severity of the event. In several cases, multiple misoperations occurred during a single disturbance. Cause coding has not yet been completed for all 2013 events, but it is estimated that there were 60–75 misoperations associated with these 38 reportable events. Therefore, out of approximately 2,000 total misoperations in 2013, approximately 3.0 to 3.5 percent were causal to or exacerbated by the severity of reportable system disturbances. Both the RISC’s ERO Priorities: RISC Updates and Recommendations report and NERC’s ERO Top Priority Reliability Risks 2014-2017 report recognize protection systems and their failures as a significant risk based on the extensive work and detailed analysis contained in the State of Reliability reports from 2012 and 2013. Areas of Focus Table 3 – Protection System Misoperations Standard Requirements PRC-004-2.1a R1. R2. PRC-016-0.1 R1, R2 PRC-023-38 R1. PRC-025-1 R1 Entities for Attention Transmission Owner Distribution Provider Generator Owner Transmission Owner Generator Owner Distribution Provider Transmission Owner Generator Owner Distribution Provider Transmission Owner Generator Owner Distribution Provider 4. Workforce Capability A lack of knowledge, experience, and capabilities is a common threat in any industry that relies on skilled workers. The RISC, in its ERO Priorities: RISC Updates and Recommendations report, highlighted Workforce Capability and Human Error as a priority area needing focus. Findings of the RISC focused around the need to improve organizational performance and culture to ensure support for the individual worker to gain knowledge and address known issues in advance of their reoccurrence. This is also reflected in NERC’s ERO Top Priority Reliability Risks 2014-2017 report. NERC has also identified the challenge of maintaining a robust and knowledgeable workforce for a number of years. In the 2013 Long-Term Reliability Assessment, NERC notes, “Workers entering the power industry will be tasked with understanding and implementing a variety of new technologies and smarter systems and devices. Across the industry, there is substantial interest in training and hiring workers to support these industry needs as well as transferring the expertise and knowledge of retiring workers.” 8 Reliability Standard PRC-023-3 is effective October 1, 2014. However, PRC-023-2 remains relevant as Criterion 6 of Requirement R1 will remain in effect until PRC-025-1 is fully implemented pursuant to its phased in implementation plan. NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 12 Risk-based Compliance Oversight Plan Areas of Focus Table 4 – Workforce Capability Standard CIP-004-3a Requirements R1, R2 EOP-001-2.1b R2, R3 R4 EOP-003-2 R8. R10. EOP-005-2 R11. EOP-006-2 R17. R9, R10 PER-005-1 R3. TOP-004-2 R6 Entities for Attention Balancing Authority Generator Operator Generator Owner Reliability Coordinator Transmission Operator Transmission Owner Transmission Operator Balancing Authority Transmission Operator Balancing Authority Transmission Operator Transmission Operator Transmission Owner Distribution Provider Generator Operator Reliability Coordinator Reliability Coordinator Balancing Authority Transmission Operator Transmission Operator 5. Monitoring and Situational Awareness Without the right tools and data, operators can make uninformed decisions which may or may not be appropriate to ensure reliability for the given state of the system. NERC’s ERO Top Priority Reliability Risks 2014-2017 notes that “stale” data and lack of analysis capabilities contributed the 2003 and 2011 events. Certain essential functional capabilities must be in place, with up-to-date information, available for use on a regular basis, and utilized by staff to make informed decisions. An essential component of Monitoring and Situational Awareness is the availability of information when needed. Unexpected outages of tools, or planned outages without appropriate coordination or oversight, can leave operators without visibility to some or all of the system they operate. While failure of a decision‐support tool is rarely the cause of an event, such failures manifest as latent risk that further hinders the decision‐making capabilities of the operator. One clear example of this is the August 14, 2003 event. NERC has analyzed data and identified that outages of tools and monitoring systems are fairly common occurrences. The RISC’s ERO Priorities: RISC Updates and Recommendations report, NERC’s ERO Top Priority Reliability Risks 2014-2017 report, and the Cyber Attack Task Force final report recognize this concern. Areas of Focus Table 5 – Monitoring and Situational Awareness Standard Requirements Entities for Attention EOP-010-19 IRO-002-2 IRO-005-3.1a IRO-008-1 IRO-014-1 R2 R6, R7, R8 R1 R1, R2 R1 PRC-001-1.1 R6 Reliability Coordinator Reliability Coordinator Reliability Coordinator Reliability Coordinator Reliability Coordinator Transmission Operator Balancing Authority Transmission Operator Balancing Authority Transmission Operator TOP-002-2.1b R4, R19 R11 9 EOP-010-1 becomes effective on April 1, 2015. Pursuant to the implementation plan, Requirement 2 of EOP-010-1 will become effective on the first day following the retirement of IRO-005-3.1a. NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 13 Risk-based Compliance Oversight Plan Table 5 – Monitoring and Situational Awareness Standard Requirements TOP-006-2 R2 TOP-008-1 FAC-011-2 R4 R1, R2, R3 FAC-014-2 R5, R6 Entities for Attention Reliability Coordinator Transmission Operator Balancing Authority Transmission Operator Reliability Coordinator Reliability Coordinator Planning Authority Transmission Planner Transmission Operator 6. Long Term Planning and System Analysis Long term planning and system analysis is related to several other areas (such as increased use of DSM, integration of variable generation, changes in load and system behavior, Smart Grid, increased dependence on natural gas, fossil requirements and retrofit outage coordination, nuclear generation retirements and outages, and resource planning). Long-term planning and analysis have been highlighted as a concern in RISC’s ERO Priorities: RISC Updates and Recommendations report, and in NERC’s ERO Top Priority Reliability Risks 2014-2017 report. Areas of Focus Table 6 – Long Term Planning and System Analysis Standard 10 TPL-001-0.1 Requirements Entities for Attention R1. Planning Authority Transmission Planner 7. Threats to Cyber Systems Threats to cyber systems remain an area of significant importance. The need for attention in this area is addressed in the 2013 Long-Term Reliability Assessment report, in the RISC’s ERO Priorities: RISC Updates and Recommendations report, the Cyber Attack Task Force final report, and in NERC’s ERO Top Priority Reliability Risks 2014-2017 report. The risk includes threats and vulnerabilities that result from compromise of technology or communications that support the reliable operations of the BPS. Areas of Focus11 Table 7 – Cyber Security Standard CIP-002-3 Requirements Entities for Attention R2, R3 Balancing Authority Generator Operator Generator Owner Reliability Coordinator Transmission Operator Transmission Owner 10 The effective date of TPL-001-4 is January 1, 2015. However, as a result of the phased implementation plan, earlier versions of the TPL Reliability Standards are referenced here. 11 While Table 7 lists the CIP version 3 Reliability Standards (as those are currently enforceable), the ERO, through release of its Cyber Security Reliability Standards CIP V5 Transition Guidance, actively encourages and supports registered entities transitioning from compliance with the version 3 Reliability Standards directly to the version 5 Reliability Standards. As stated in that guidance, NERC and the Regional Entities will take a flexible compliance monitoring and enforcement approach for the CIP Reliability Standards, recognizing that the details of implementing a version 3 to version 5 transition may cause a significant impact on certain compliance monitoring activities. NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 14 Risk-based Compliance Oversight Plan Table 7 – Cyber Security Standard CIP-003-3 CIP-004-3a CIP-005-3a CIP-006-3 CIP-007-3a CIP-009-3 Requirements R4, R6 R3, R4 R1, R4 R1, R4, R5 R1, R2, R4, R6, R8 R1, R2 Entities for Attention Balancing Authority Generator Operator Generator Owner Reliability Coordinator Transmission Operator Transmission Owner Balancing Authority Generator Operator Generator Owner Reliability Coordinator Transmission Operator Transmission Owner Balancing Authority Generator Operator Generator Owner Reliability Coordinator Transmission Operator Transmission Owner Balancing Authority Generator Operator Generator Owner Reliability Coordinator Transmission Operator Transmission Owner Balancing Authority Generator Operator Generator Owner Reliability Coordinator Transmission Operator Transmission Owner Balancing Authority Generator Operator Generator Owner Reliability Coordinator Transmission Operator Transmission Owner 8. Human Error Human Error remains a key focus for the ERO Enterprise. Included in this subset are communication errors which can pose a significant potential risk to BPS reliability. Human Error was identified as a key issue by both the RISC in its ERO Priorities: RISC Updates and Recommendations report and by NERC in its ERO Top Priority Reliability Risks 2014-2017 report. Areas of Focus Table 8 – Human Error Standard Requirements Entities for Attention COM-002-2 R2. Reliability Coordinator Transmission Operator Balancing Authority 9. Extreme Physical Events Extreme Physical Events are those events that result in extensive damage to equipment, irrespective of cause. Such events could include earthquake, GMD events, high wind, flooding, physical attack, or sabotage. NERC identified this concern as a significant risk in its ERO Top Priority Reliability Risks 2014-2017 report. As concluded in the report, risk avoidance is insufficient to manage this risk, and additional focus must be given to those things that focus on resiliency and recovery. Risk mitigation efforts (reducing the potential consequence) are underway, but additional focus is needed to address and minimize both the magnitude and duration of the consequences of an extreme physical event. NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 15 Risk-based Compliance Oversight Plan Areas of Focus 12 Table 9 – Extreme Physical Events Standard Requirements EOP-0023.1 R6, R7, R8 EOP-004-2 R2 EOP-005-2 EOP-005-2 EOP-006-2 EOP-008-1 R1, R6 R9. R1. R3 EOP-008-1 R4 EOP-010-1 R1. R3. TPL-002-0b R1. TPL-003-0b R1. TPL-004-0a R1. Entities for Attention Balancing Authority Reliability Coordinator Reliability Coordinator Balancing Authority Transmission Owner Transmission Operator Generator Owner Generator Operator Transmission Operator Transmission Operator Reliability Coordinator Reliability Coordinator Balancing Authority Transmission Operator Reliability Coordinator Transmission Operator Planning Authority Transmission Planner Planning Authority Transmission Planner Planning Authority Transmission Planner Regional Risk Assessments When considering risk elements, REs will perform a Regional Risk Assessment, identifying risks specific to the region that could potentially impact the reliability of the BPS. After determining region-specific risks, REs will also identify the related Reliability Standards and Requirements associated with those risks. These Reliability Standards and Requirements are not intended to be a static list that must be examined during all Compliance Audits. Rather, the risk elements identified by the RE will serve as input considerations when conducting an IRA for a registered entity. REs are ultimately responsible for identifying and prioritizing risk elements within their footprints. REs should consider risk elements as an input into their Regional Risk Assessments. In doing so, REs are expected to: Gather and review RE-specific risk reports and operational information (e.g. interconnection points and critical paths, system geography, seasonal/ambient conditions, etc.), Review and prioritize potential RE-specific risks, and Identify associated Reliability Standards and Requirements that will be inputs into the IRAs, ICE, and ultimately the compliance oversight plan. The Regional Implementation Plans will describe the process and results. It should explain how it identified the risk in a particular RE footprint, including reasons why any risk elements identified above are not included or applicable to the RE footprint. Although each RE will consider risk elements, and may use similar risk considerations, the output of the Regional Risk Assessments may differ as a result of regional characteristics and the uniqueness of each RE’s footprint. Regional Compliance Oversight Plan Based on the RE’s consideration and assessment of risk elements and Regional Risk Assessments, each RE will develop a compliance oversight plan, which, in 2015, will include, at a minimum, the list of planned audits for 12 CIP-014-1 – Physical Security also addresses extreme physical events, but it is not yet FERC-approved. Table 9 may be modified to reflect the Requirements of CIP-014-1 following such approval. NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 16 Risk-based Compliance Oversight Plan Reliability Coordinators, Balancing Authorities, and Transmission Operators that are in the three-year audit cycle. REs may also identify other registered entities that it will monitor through appropriate CMEP tools based on risk elements and Regional Risk Assessments, and the application of IRA and ICE. NERC Oversight of Regional Implementation Plans NERC collects and reviews the Regional Implementation Plans prior to posting the final version of the ERO CMEP Implementation Plan. NERC oversight of the Regional Implementation Plans will focus on how the REs conducted Regional Risk Assessments and how the assessments’ results ultimately led to the compliance oversight plan. The RE should document all processes, conclusions, and results used to develop a registered entity’s oversight plan and will not need to obtain prior approval from NERC on oversight plans. However, REs should maintain supporting documentation for review by NERC in connection with its oversight of the compliance assurance program. The application of the Framework by the REs will reflect RE-specific circumstances including, as noted above, varying stages of conducting IRAs and ICEs. NERC oversight and regular training will ensure that all processes discussed herein are implemented in a consistent manner throughout the ERO Enterprise. NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 17 Revision History Version Version 0.0 Version 1.0 Date September 8, 2015 November 18, 2014 Revision Detail Initial release of ERO CMEP IP ERO CMEP IP updated to include Regional Entity IPs in Appendices. Additional updates include: Added section and guidance on Compliance Assessments for Events and Disturbances. Refer to “Risk-based Compliance Monitoring” section and Appendix B. Added details and guidance for Self-Certification requirements for registered entities in 2015. Refer to “Risk-based Compliance Monitoring” section. NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 18 Appendix A1 - Florida Reliability Coordinating Council (FRCC) 2015 CMEP Implementation Plan This Appendix contains the CMEP Implementation Plan (IP) for the FRCC as required by the NERC Rules of Procedure. 1. Compliance Monitoring and Enforcement 1.1 CMEP IP Highlights and Material Changes In mid-2014, the FRCC Compliance department reorganized to create a department called Risk Assessment and Mitigation (RAM). This group will be focused on risk assessment both before a monitoring activity takes place to help determine the scope of monitoring oversight, and after a possible violation is discovered to help determine the risk posed by that violation so the most efficient disposition can take place. The risk evaluation of an entity, which precedes the entity’s compliance oversight plan, will include the Inherent Risk Assessment and voluntary Internal Controls Evaluation(s) of registered entities. In addition to performing risk determinations, RAM is the registered entities’ primary contact for selfreporting and mitigation plans. The formation of the RAM group and associated new division of responsibilities, has enabled the FRCC enforcement group to concentrate on violation determination and disposition, and compliance department metrics. Audit notification letters will be sent to the registered entities ninety (90) days prior to commencement of a Compliance Audit. Per CMEP section 3.1.4.2, audit period End Dates are being modified to thirty (30) days following the date of the audit notification letter. The audit period will still begin on the day after the End Date of the registered entity’s prior Compliance Audit by the FRCC (or the later of June 18, 2007 or the date the registered entity became subject to Reliability Standards if the registered entity has not previously been subject to a Compliance Audit). Compliance audits conducted in 2015 will include a management review of any possible non-compliance findings prior to the completion of the audit. In order to facilitate the management review, audit exit briefings may be conducted remotely, following on-site activities. However, the audit team will present a summary briefing prior to concluding the on-site portion of the audit. 1.2 Other Regional Key Initiatives & Activities FRCC enforcement will include the “Exception” method as an option for disposition of minimal risk noncompliances in 2015. The FRCC enforcement program will reserve enforcement actions to include the Find, Fix, Track and Report process and Notices of Penalties for those non-compliances that pose moderate or serious/ substantial risks to the reliability of the BPS. As to other non-compliances, FRCC enforcement will exercise appropriate discretion to initiate the Exception process for minimal risk non-compliances of Reliability Standards. FRCC will continue to evaluate registered entities for potential inclusion into the Entity Self-Logging program (formerly known as the “Aggregation” pilot program) which allows those registered entities that have demonstrated effective management practices to keep track of minimal risk non-compliances (and associated mitigation) on a log that is periodically reviewed by FRCC. 2. Regional Risk Assessment Process The FRCC has reviewed the nine ERO identified risk elements and associated areas of focus for implementation plan coordination and concurs with the specified Standards/Requirements in all the areas of focus with additions documented below in the Regional Risks and Associated Reliability Standards section. NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 19 Appendix A1 - Florida Reliability Coordinating Council (FRCC) 2015 CMEP Implementation Plan FRCC also considered the following risk elements and identified additional Standards/Requirements for monitoring as detailed below in the Regional Risks and Associated Reliability Standards section. Number and type of registered functions As of September 24, 2014, FRCC has sixty-eight (68) registered entities.13 The FRCC Regional Entity is registered as a Reliability Coordinator and Planning Coordinator. The SERC Regional Entity organization is the Compliance Enforcement Authority for these functions. The FRCC has not identified any region-specific risks associated with the number and type of registered functions within the FRCC, and therefore has not included additional Reliability Standards due to registered functions. Geographic location such as seasonal/ambient conditions and terrain The area of the State of Florida that is within the FRCC Region is peninsular Florida east of the Apalachicola River. Areas west of the Apalachicola River are within the SERC Region. The entire FRCC Region is within the Eastern Interconnection and is under the direction of the FRCC Reliability Coordinator. The FRCC considers factors such as its susceptibility to tropical storms and hurricanes when selecting additional Reliability Standards for inclusion in its monitoring activities. Such storms increase the probability of the region experiencing transmission line vegetation contact, significant imbalances in generation and load, the need to evacuate control centers, and the need to implement restoration plans. As a result, requirements of the Reliability Standards for Loss of Control Center Functionality, Transmission Vegetation Management, and Automatic Underfrequency Load Shedding have been added. BPS transmission lines (circuit miles, voltage levels, IROL flowgates) The FRCC has not identified any region specific risks associated with the BPS transmission lines located in the FRCC region, and therefore has not included additional Reliability Standards due to BPS transmission lines. BPS generation facilities The FRCC has not identified any region specific risks associated with the BPS generation facilities located in the FRCC region, and therefore has not included additional Reliability Standards due to BPS generation facilities. Blackstart Resources Requirements of the Reliability Standard for System Restoration from Blackstart Resources are already included in NERC’s risk elements results. Therefore, no requirements have been added. Interconnection points and critical paths The FRCC region only connects to the Eastern Interconnection on the north side of the region due to its peninsular geography. Therefore, the FRCC considers factors such as susceptibility to system separation when selecting additional Reliability Standards for inclusion in its monitoring activities. As a result of the FRCC’s limited interconnection points, and as also mentioned for geographic location previously, requirements of the Reliability Standard for Automatic Underfrequency Load Shedding have been added. 13 Registered functions include: Balancing Authority, Distribution Provider, Generator Owner, Generator Operator, Interchange Authority, Load Serving Entity, Planning Authority, Purchasing Selling Entity, Resource Planner, Reserve Sharing Group, Transmission Owner, Transmission Operator, Transmission Planner, and Transmission Service Provider. NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 20 Appendix A1 - Florida Reliability Coordinating Council (FRCC) 2015 CMEP Implementation Plan Special Protection Schemes (SPS) The FRCC considers factors such as any major SPS installed in the FRCC region when selecting additional Reliability Standards for inclusion in its monitoring activities. As a result of a major SPS in the FRCC region, and as also mentioned for geographic location and interconnection points previously, requirements of the Reliability Standard for Automatic Underfrequency Load Shedding have been added. System events and trends The FRCC considers internal system events when selecting additional Reliability Standards for inclusion in its monitoring activities. External events are reviewed and considered in NERC’s risk elements. As no major internal events have occurred recently, FRCC has not included additional Reliability Standards due to system events and trends. Compliance history trends The FRCC considers historical compliance trends within the region when selecting additional Reliability Standards for inclusion in its monitoring activities. As a result, requirements of the Reliability Standards for Cyber Security – Electronic Security Perimeter(s), Cyber Security – Physical Security of Critical Cyber Assets, Cyber Security – Systems Security Management, Loss of Control Center Functionality, and Facility Ratings have been added. 3. Regional Risks and Associated Reliability Standards The table below contains the Regional risk focus areas identified during the Regional Risk Assessment. The table also contains associated Reliability Standards/Requirements to identified risks that may be considered in the Regional compliance oversight plan. Reliability Standards Subject to Regional Monitoring Regional Risk Focus Areas Infrastructure Maintenance Extreme Physical Events Extreme Physical Events Extreme Physical Events Compliance History Trends Justification The implementation plan for PRC-005-2 will result in PRC-005-1.1b remaining in effect for 2015. Registered entities are likely to have Protection Systems subject to the current version of the standard, as well as the new version. Therefore, monitoring activities for PRC-005 may include both PRC-005-1.1b and PRC-005-2. This is a clarification on FRCC monitoring, and is not a newly identified regional risk element. FRCC’s susceptibility to hurricanes increases the risk of a control center event. FRCC’s susceptibility to hurricanes and frequent storms, along with an extended growth season, increases the risk of vegetation related outages. The FRCC’s peninsular geography along with its susceptibility to hurricanes, limited connections to the Eastern Interconnect and the existence of a significant SPS that could result in islanding increase the risk of an island event occurring. FRCC has experienced a high number violations with these Standards/Requirements. Associated Standard & Requirement(s) PRC-005-1.1b R2 EOP-008-1 R6 FAC-003-3 R1, R2, R6 & R7 PRC-006-1 R8 & R9 FAC-008-3 R2, R3 & R6 CIP-005-3a R2 CIP-006-3c R2 CIP-007-3c R3 NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 21 Appendix A1 - Florida Reliability Coordinating Council (FRCC) 2015 CMEP Implementation Plan 4. Compliance Oversight Plan Self-Certifications For 2015 compliance monitoring, FRCC will forgo the annual Self-Certification process and replace annual Self-Certification activities with a more focused risk based approach. FRCC will use Self-Certification in a coordinated approach with the other compliance monitoring methods to address the Standards and requirements that represent the greatest risk to the reliability to the Bulk Power System (BPS) based on the registered entities’ overall risk assessment. FRCC will follow the guidance in the 2015 ERO CMEP IP, as well as consider results from Regional risks assessments, registered entity inherent risk assessments, etc. FRCC will implement guided Self-Certification for registered entities to Self-Certify compliance with those Standards and Requirements identified through the risk assessment process. The registered entity should provide the methodology and other documentation used for self-assessment to determine the compliance status for those requirements. This “guided” approach will include more information on the expectations of what the registered entity should consider and include in their response to the FRCC. Reliability Standards monitored through guided Self-Certification will not be included in the 2015 registered entity Compliance Audit scope. Those responsible entities that do not have any Critical Assets or Critical Cyber Assets under the CIP V3 Standards will not be scheduled for an off-site audit for the CIP Reliability Standards during the CIP Version 5 Transition Period (August 2014 through March 31, 2016). Instead, those Responsible Entities will be monitored via the guided Self-Certification process for the applicable CIP Standards. In addition, non-BA/TOP registered entities that were initially scheduled for a six-year audit during 2015 will instead be monitored by guided Self-Certifications. This will allow the RAM department time to perform the necessary IRAs and ICEs. Periodic Data Submittals FRCC has identified the Reliability Standards and requirements listed in the table below that require Periodic Data Submittals. The Monthly data submittals are due by the 10th of the month for the previous month’s data and the Quarterly data submittals are due by the 15th of the month following the previous quarter. All data submittals are to be submitted via the Compliance Tracking and Submittal system (CTS). For Quarterly submittals for FAC-003-3 R1 and R2, if an entity does not have any Sustained Outage(s) during a respective quarter, they are not expected to submit a quarterly report. In turn, FRCC will advise NERC that there were no Sustained Outages within the quarter. However, entities are expected to submit a FAC-003-3 Event form for ALL Sustained Outages within the quarter in which the event occurs, as specified in the standard. Again, while not specifically required by FAC-003-3, FRCC strongly encourages and appreciates entities’ reporting, within 48 hours, all Sustained Outages for Categories 1A&B, 2A&B and 4A&B utilizing the FAC-003-3 Event form. FRCC will be notified when an event is reported by the CTS system and will follow-up accordingly with the submitting entity and NERC. 2015 Periodic Data Submittal Plan Standard & Requirement BAL-001-1 R1, R2 BAL-002-1 R1 FAC-003-3 R1 and R2 Justification CPS 1 and CPS 2 data collected by applicable registered entities DCS 2 data collected by applicable registered entities Sustained Outage data collected by applicable registered entities Compliance Audits The audit schedule is also located on the FRCC’s website here: NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 22 Appendix A1 - Florida Reliability Coordinating Council (FRCC) 2015 CMEP Implementation Plan https://www.frcc.com/Compliance/FRCCCompliance/ComplianceDocumentLibrary.aspx NCR # NCR00004 NCR00021 NCR00023 NCR00045 NCR00057 NCR00068 NCR00073 NCR00079 2015 Compliance Audit Plan Registered Entity Beaches Energy Services of Jacksonville Beach (BES) Florida Keys Electric Cooperative Assn (FKEC) Florida Municipal Power Pool (FMPP) Lee County Electric Cooperative, Inc (LCEC) Orlando Utilities Commission (OUC) Seminole Electric Cooperative (SEC) Tallahassee, City of (TAL) Vero Beach, City of (VERO) 5. Compliance Outreach Compliance Outreach Activities Outreach Activity Spring Compliance Workshop CIP Compliance Workshop Fall Compliance Workshop Reliability Standard Webinars CIP Compliance Newsletter Anticipated Date April 14-16, 2015 May 12-14, 2015 November 10-12, 2015 Periodic Periodic CIP Version 5 (V5) Outreach FRCC will also develop a CIP Outreach Program for the FRCC registered entities to educate and provide transparency on outstanding CIP V5 issues. This outreach may involve NERC staff support, evaluating an entity’s V5 progress, proactively addressing V5 related questions and spending additional time assessing V5 readiness during CIP Compliance Audits. NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 23 Appendix A2 - Midwest Reliability Organization (MRO) 2015 CMEP Implementation Plan This Appendix contains the CMEP Implementation Plan (IP) for MRO as required by the NERC Rules of Procedure. 1. Compliance Monitoring and Enforcement 1.3 CMEP IP Highlights and Material Changes Mitigating Activities for Compliance Exceptions As part of the Annual Implementation Plan, MRO staff will periodically sample Compliance Exceptions to verify that the mitigating activities have been completed. The sample will come from only those Compliance Exceptions that have been identified by a registered entity as already mitigated, or Compliance Exceptions that have a planned mitigation date that has passed. Also, the Compliance Exceptions sampled are not restricted to the registered entities that have an Inherent Risk Assessment performed on them for 2015. The periodic sampling may occur at any time, and will be reviewed through informal means, Spot Checks, or during a normally scheduled Compliance Audit. MRO staff are required to document the results regardless of whether a formal or informal review process is used. All mitigation activities relating to enforcement matters that are filed with regulators will be verified for completion. 2. Regional Risk Assessment Process Analysis performed by MRO on risks related to the Risk Areas within the Risk Elements resulted in the identification of a list of Requirements determined to provide an initial level of risk mitigation within the MRO region. (Section 3 below contains this list of requirements.) The analysis focused on several areas that have been identified as having a larger impact to reliability, including areas identified within the 2003 and 2011 blackout reports. The Requirements in Section 3 are not considered the only or complete way to mitigate the related risks, but were determined to be a starting point to focus oversight in the MRO region related to these risks. As referenced in Section 4 below, these requirements are subject to guided SelfCertifications in 2015. In addition to this oversight, as part of the Inherent Risk Assessments that will be performed on registered entities, additional Standards and Requirements will be considered and potentially scoped into entity-specific oversight plans. 3. Regional Risks and Associated Reliability Standards The table below contains the Regional risk focus areas identified during the Regional Risk Assessment process. The table also contains Reliability Standards/Requirements associated with identified risks that may be considered in the Regional compliance oversight plan. Reliability Standards Subject to Regional Monitoring Risk Area Protection System Misoperations Long Term Planning and System Analysis Associated Standard & Requirement(s) It is important for entities with awareness of a wide area of the PRC-023-2 R6 BES, to determine those facilities which are most important and require relay loadability attention. Planning criteria were called out in the 2003 and 2011 blackout TPL-002-0b R2 reports. Justification NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 24 Appendix A2 - Midwest Reliability Organization (MRO) 2015 CMEP Implementation Plan Reliability Standards Subject to Regional Monitoring Associated Standard & Requirement(s) Threats to Cyber It is important to periodically assure that the ESP is secure, even if CIP-005-3a R4 Systems (risk testing is being done after individual changes. Small changes in elements) networks that seem to have no impact locally can cause changes in the security posture of the overall network. Threats to Cyber It is important to periodically assure that CCAs are secure, even if CIP-007-3a R8 Systems (risk testing is being done after individual changes. Small changes in elements) systems that seem to have no impact locally can cause changes in the security posture. Human Error (risk The issuing of directives is crucial to reliable system operation, as COM-002-2 R2 elements) they are performed by those entities that have a wide area view, and are used during times of emergency to alleviate events. Monitoring and Evaluation of planning and operational criteria was a technical FAC-014-2 R2 Situational initiative from the 2003 blackout. Awareness Monitoring Real-time operating tools were called out in the 2003 blackout TOP-002-2.1b R11 Situational report as well as the 2011 blackout report. Awareness (risk elements) Extreme Physical It is important to inspect rights of way to determine if unscheduled FAC-003-3 R6 Events maintenance needs to occur, in order to preemptively identify vegetation issues that could cause a fault. Poor vegetation management was a contributing factor to the 2003 blackout. Extreme Physical It is important to complete vegetation management in order to FAC-003-3 R7 Events prevent transmission line faults, which can lead to cascading events. Poor vegetation management was a contributing factor to the 2003 blackout. Uncoordinated The performance of protection systems directly impacts the PRC-001-1 R3 Protection operation of the BES, therefore coordination of changes to Systems (risk protection systems is crucial to reliability. Improved protection elements) system coordination was a recommendation in the 2011 blackout report. Uncoordinated The performance of protection systems directly impacts the PRC-001-1 R5 Protection operation of the BES, therefore coordination of changes to the BES Systems (risk that impact protection systems is crucial to reliability. elements) Risk Area Justification 4. Compliance Oversight Plan Self-Certifications For 2015, Self-Certifications will include staff guidance and instructions. These “guided” Self-Certifications will focus more on risk and supporting evidence than the previous annual Self-Certifications. As part of the guided Self-Certification process, registered entities will provide MRO with supporting evidence to substantiate determinations. These guided Self-Certifications are intended to provide MRO with reasonable assurance of compliance based upon the results of the registered entity’s assessment. When appropriate, the guided SelfCertification can be used instead of Compliance Audits or Spot Checks as the monitoring tool for specific NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 25 Appendix A2 - Midwest Reliability Organization (MRO) 2015 CMEP Implementation Plan Reliability Standards and Requirements. The overall goal of the guided Self-Certification process is to improve the effectiveness of oversight and increase efficiency by relying on the work of registered entities in meeting compliance requirements. Part of the process of relying upon the work of others includes MRO performing a review of the work and evidence supporting the guided Self-Certification results. MRO may re-perform the work, in part, in order to verify the accuracy of the Self-Certification determinations. In the event that further substantiation is needed, MRO staff may conduct a random Spot Check of the work or include the applicable Standards and Requirements in a subsequent Compliance Audit. The overall goal of the guided Self-Certification process is to provide reasonable assurance that the entity meets compliance with the applicable Standards and Requirements. Guided Self-Certifications will be performed over the implementation period (January 1 to December 31) on a quarterly basis for an identified baseline set of high impact Reliability Standards that have been deemed important for reliable operations of the BPS. The intent of the quarterly frequency is to disperse the workload to assure sufficient time for completion and review, and to promote continuous self-monitoring of compliance. In addition to the quarterly guided Self-Certification schedule, guided Self-Certifications may also be used for lower risk compliance monitoring as a result of Inherent Risk Assessments of registered entities and for lower risk events that could or did negatively impact the reliable operation of the region or systems within the region. The following list of registered entities have been identified as being on the 2015 Compliance Audit schedule. Additional registered entities, at the discretion of MRO, will also be subject to Inherent Risk Assessments (IRAs). Based on IRA results and any subsequent Internal Control Evaluations (ICE), these additional registered entities may also be subject to a Compliance Audit in 2015. NCR # NCR01030 NCR01013 NCR01012 NCR01003 NCR10102 NCR00826 NCR00952 NCR01033 NCR01029 NCR00818 5. 2015 Compliance Audit Schedule Registered Entity Southern Minnesota Municipal Power Agency Minnkota Power Cooperative Minnesota Power Manitoba Hydro Tri-State Generation and Transmission Association Midcontinent Independent System Operator, Inc. Wisconsin Public Service Corporation Upper Peninsula Power Company Saskatchewan Power Corporation Madison Gas and Electric Compliance Outreach Compliance Outreach Activities Outreach Activity MRO Newsletter MRO Hot Topics MRO Operations Conference MRO Security Conference MRO Compliance and Enforcement Conference Anticipated Date Six times a year Periodically as needed Summer 2015 Fall 2015 Fall 2015 NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 26 Appendix A2 - Midwest Reliability Organization (MRO) 2015 CMEP Implementation Plan Compliance Outreach Activities Outreach Activity Registered Entity-specific conferences and meetings Anticipated Date Periodically as needed NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 27 Appendix A3 - Northeast Power Coordinating Council (NPCC) 2015 CMEP Implementation Plan for Entities within the U.S. This Appendix contains the CMEP Implementation Plan (IP) for the registered entities within the U.S. portion of NPCC as required by the NERC Rules of Procedure. 1. Compliance Monitoring and Enforcement 1.1 CMEP IP Highlights and Material Changes NPCC will continue to implement a cyber-security outreach program that consists of NPCC Subject Matter Experts visiting critical facilities owned by participating entities (participation is voluntary) and assessing the cyber security posture of the control systems that support the operation of these facilities. NPCC will continue the physical security outreach program in 2015 (participation is also voluntary) and NPCC staff will hold a Security Information Exchange session, which will include entity presentations, at the spring and fall Compliance Workshops. As part of the CIP Version 5 transition and consistent with NERC guidance, NPCC will perform CIP audits based on the entity’s selected option for maintaining compliance with CIP standards during the Transition Period: Continue to comply by maintaining a valid RBAM for Critical Asset identification pursuant to CIP-002-3. Option 1 For Responsible Entities that have already adopted the CIP V4 Critical Asset Criteria (CIP-002-4, Attachment 1), use the CIP V4 Critical Asset Criteria in its entirety, with the exception of criterion 1.4 (Blackstart Resources) and criterion 1.5 (Cranking Paths), to identify assets subject to the controls in CIP-003-3 through CIP-009-3. Option 2 Use the CIP V5 “High” and “Medium” Impact Rating Criteria (CIP-002-5.1, Attachment 1) to identify assets subject to the controls in the CIP V5 Standards. Option 3 The on-site CIP Audits will be conducted as directed in the Guidance document. CIP Audits of those entities that have not chosen to move to Version 5 (Options 1 and 2) will be audited to Version 3. If an entity indicates that they have adopted CIP Version 5 (Option 3), NPCC will review their compliance with Version 5 Standards. In all cases, NPCC’s approach would be to perform a review of those Standards / Requirements that are “mostly compatible” with the Version 5 Standards. Since Version 3 is enforceable until July 1, 2016, no findings of non-compliance with Version 5 Standards will be issued. A non-public document will be issued indicating any areas of concern where future compliance with version 5 may be in jeopardy. Previously, off-site CIP audits had been conducted to verify that an entity does not have any Critical Cyber Assets. In accordance with the recently released CIP Transition Guidance, there are no off-site CIP audits scheduled in 2015. NPCC may include selected Spot Checks in place of the Off-site CIP Audits. NPCC will be providing more details on the CIP approach to Compliance Monitoring in an upcoming Webinar (date not yet determined) and at our Compliance Workshops. 1.2 Other Regional Key Initiatives & Activities NPCC will continue to participate in the Risk Based Registration Advisory Group (RBRAG) which is charged with the ERO-wide development of criteria for risk-based registration. NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 28 Appendix A3 - Northeast Power Coordinating Council (NPCC) 2015 CMEP Implementation Plan for Entities within the U.S. NPCC will continue to participate in the Reliability Assurance Initiative Advisory Group (RAIAG) which is monitoring and ensuring the uniform ERO-wide implementation of RAI monitoring and enforcement activities. NPCC will continue to participate in the RAI Program related to the Logging (Aggregation) of Minimal Risk Issues. NPCC also expects to treat certain minimal risk violations as Compliance Exceptions. NPCC will continue to be a member of the RAI Regional Entity Group (RAIRE), which is formulating the overall RAI Training and ICE protocol and guidance documents. NPCC supported all six Webinars associated with the NERC Compliance Auditors Handbook and ERO Checklist. NPCC will continue to provide input to the NERC Manual Task Force (MTF) tasked with maintaining the Auditors Handbook and enhancing Auditor Tools. NPCC will continue to participate in the development of a program to implement CIP-014-1, Physical Security. NPCC will continue to participate in the NERC CIP Version 5 Transition Guidance workgroup. As part of the Events Analysis process, NPCC will continue to encourage registered entities to perform a voluntary, systematic Compliance Analysis (CA) in response to all system events and disturbances. Registered entities are also expected to share the CA with the RE for all Category 2 and above events. 2. Regional Risk Assessment Process NPCC’s Regional Risk Assessment Process is a summary and compilation of specific parts of NPCC’s Entity Inherent Risk Assessment process and NERC’s IRA Assessment Guide that takes into account the nine areas of focus for 2015 consideration. 1. Infrastructure maintenance 2. Uncoordinated protection systems 3. Protection systems misoperations 4. Workforce capability 5. Monitoring and situational awareness 6. Long term planning and system analysis 7. Threats to cyber systems 8. Human error 9. Extreme physical events NPCC’s Regional Risk Assessment Process includes the following: 2.1 Functional Registration Impact Profile The Functional Registration Impact Profile is used to populate NPCC’s standards subject to Regional monitoring. It considers the potential effect on the reliability of the Bulk Power System (BPS) based on NPCC’s Regional perspective and registered entity’s functions. The following table shows the initial impact classification of registered entities. Assignment of Initial Functional Registration Impact High Impact Medium Impact Low Impact RC/BA TO w/o BES facilities GO/GOP under 200 MW TOP TO w/ BES facilities GO /GOP over 500 MW GO /GOP between 200 MW and 500 MW DP peak load over 1000 MW DP peak load under 1000 MW NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 29 Appendix A3 - Northeast Power Coordinating Council (NPCC) 2015 CMEP Implementation Plan for Entities within the U.S. 2.2 NPCC Regional Compliance History NPCC will examine the past compliance history of the entire Region. This will include an identification of the Standards and Requirements that have been violated the most within the NPCC Region. It will examine past audit performances, including the number and type of violations that were discovered through audits compared with the number and type of violations that were discovered through self-reports or SelfCertifications. It will also incorporate any issues or problems that may have been identified that did not result in a potential violation. 2.3 NPCC Regional Enforcement History Profile NPCC will analyze violations to identify any trends regarding: Level of risk to the BPS (operational vs. documentation) Timeframes of violations (real time, next day, planning) Number of repeat violations 2.4 NPCC Overall Evaluation Based on a registered entity’s function, NPCC will specifically examine impact and violations based on the following: RC Qualifying IROL/SOL events Qualifying loss of load events BA DCS Performance (ACE or restoration of reserve) Qualifying IROL/SOL events Qualifying loss of load events TO/TOP Qualifying IROL/SOL events Protection System Misoperations Qualifying loss of load events GO Protection System Misoperations 3. Regional Risks and Associated Reliability Standards The table below contains the Regional risk elements identified during the Regional Risk Assessment. The table also contains associated Reliability Standards/Requirements to identified risks that may be considered in the Regional compliance oversight plan. Reliability Standards Subject to Regional Monitoring Regional Risk Focus Associated Standard & Justification Areas Requirement(s) Uncoordinated NPCC identified three risk elements where it was PRC-002-NPCC-01 Protection Systems; necessary to develop a Regional Standard to Protection System ensure that applicable entities had Disturbance Misoperations; Monitoring Equipment and capabilities to Monitoring and monitor and capture adequate disturbance data Situational Awareness to facilitate Bulk Electric System event analyses. Infrastructure Basic capability required to manage reliability FAC-003-3 R1,R2,R4,R5,R6,R7 Maintenance during emergency conditions NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 30 Appendix A3 - Northeast Power Coordinating Council (NPCC) 2015 CMEP Implementation Plan for Entities within the U.S. Regional Risk Focus Areas Uncoordinated Protection Systems Reliability Standards Subject to Regional Monitoring Associated Standard & Justification Requirement(s) Basic capability required to manage reliability PRC-006-1 R8,R9,R10 during emergency conditions PRC-015-0 R1 NPCC reliability area of focus in 2015 Workforce Capability NPCC reliability area of focus in 2015 Basic capability required to manage reliability during emergency conditions Process is critical to maintaining the power system equipment capability/reliability Monitoring and Basic capability required to manage reliability Situational Awareness during emergency conditions Long Term Planning and System Analysis Human Error Extreme Physical Events PRC-005-1.1b R1,R2 PRC-023-3 R1 to R6 IRO-005-3.1a R6,R7 TOP-002-2.1b R5,R6,R7,R8,R10,R14 TOP-008-1 R1,R2,R3 TOP-007-0 R1 to R4 VAR-002-2b R1 to R3 BAL-001-1 R1 to R4 BAL-002-1 R1 to R6 BAL-003-0.1b R2,R3,R5 Conditions/equipment/capability to perform the functions can change as technology changes COM-001-1.1 R1,R2 NPCC reliability area of focus in 2015 IRO-005-3.1a R9,R12 IRO-009-1 R3 MOD-001-1a R2 to R5 and R7 to R9 NPCC reliability area of focus in 2015 Basic capability required to manage reliability during emergency conditions Basic capability required to manage reliability during emergency conditions Basic capability required to manage reliability during emergency conditions MOD-029-1a R1 to R8 TPL-003-0b R1 to R3 PER-003-1 R2 EOP-001-2.1b R2,R6 EOP-002-3.1 R1,R3,R5 EOP-005-2 R2 4. Compliance Oversight Plan The specific list of audited standards will be contained in the entity’s audit notification letter sent at least 90 days prior to the scheduled audit. The specific list of 2015 Self Certifications, applicable registered functions, dates, and scheduled reporting dates will be posted on the NPCC website. The link to the Self Certification Schedule is: https://www.npcc.org/Compliance/Compliance%20Reporting%20Schedules/Forms/Public%20List.aspx NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 31 Appendix A3 - Northeast Power Coordinating Council (NPCC) 2015 CMEP Implementation Plan for Entities within the U.S. NPCC will not audit Interchange Authorities, Load Serving Entities or Purchase-Selling Entities in 2015. The audit schedule is also located on the NPCC’s website here: https://www.npcc.org/Compliance/Audit%20Schedule/2015%20Preliminary%20Audit%20Schedule.pdf Audits of Canadian Entities will be conducted in accordance with the appropriate agreements. The following U.S. entities are scheduled for an audit in 2015: NCR # NCR00538 NCR11377 NCR11324 NCR07024 NCR07025 NCR07026 NCR07029 NCR00200 NCR04057 NCR07087 NCR07090 NCR11121 NCR07101 NCR07108 NCR07111 NCR00124 NCR07124 NCR07130 NCR11339 NCR00164 NCR07132 NCR07133 NCR11287 NCR00208 NCR07136 NCR07139 NCR07141 NCR07128 NCR07154 NCR07091 NCR07160 NCR10332 NCR07180 NCR07181 NCR11337 NCR11152 NCR00543 NCR00088 NCR07220 2015 Compliance Audit Plan Registered Entity Astoria Energy, LLC Brayton Point Energy, LLC Brookfield White Pine Hydro, LLC Burlington Electric Department Calpine Energy Services Capitol District Energy Center Cogeneration Associates, JV Central Maine Power Company Dynegy Power, LLC Exelon Generation Co., LLC (Power) Flat Rock Windpower L.L.C. Fortistar North Tonawanda GenOn East 1 Granite Ridge Energy, LLC Huntley Power LLC Hydro-Quebec Production Ipswich Municipal Light Department ISO-NE KIAC Partners Lakeside New York LLC Littleton Electric Light Department Lockport Energy Associates Long Island Power Authority Marble River LLC Marblehead Municipal Light Department Mass. Municipal Wholesale Electric Company MASSPOWER Middletown Power LLC National Grid Generation LLC New Athens Generating Company, LLC New Hampshire Transmission, LLC New York Independent System Operator NextEra Energy Resources, LLC NSTAR Electric Company NYSEG ReEnergy Black River Tanner Street Generation, LLC TC Ravenswood LLC TC Ravenswood Services Corp. TransCanada Hydro Northeast Inc NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 32 Appendix A3 - Northeast Power Coordinating Council (NPCC) 2015 CMEP Implementation Plan for Entities within the U.S. NCR # NCR07228 5. 2015 Compliance Audit Plan Registered Entity Vermont Transco, LLC Compliance Outreach Compliance Outreach Activities Outreach Activity Anticipated Date 2015 workshop dates: NPCC utilizes its semi-annual workshops as a primary mechanism for outreach to its registered entities. An Introduction to NPCC presentation is included at each workshop. May 19-21 and Nov 1719. NPCC conducts webinars open to all NPCC registered entities on an as needed basis. It also posts webinar question-and-answer documents as appropriate. NPCC responds to individual requests from registered entities, but if an individual concern can be applied to all registered entities, NPCC will post a Compliance Guidance Statement or clarification to address that concern. NPCC conducts surveys of its registered entities as needed to acquire registration data, BES element data, workshop content preferences, etc. NPCC hosts monthly Compliance Committee meetings to disseminate the latest information regarding the compliance program to industry stakeholders. In 2013, NPCC implemented a Physical Security Outreach Program. Under this continuing program, NPCC physical security subject matter experts perform voluntary physical security assessments for certain registered entities. NPCC developed a Cyber Security Outreach Program that began in 2014 and will continue in 2015. In 2015, NPCC will institute a CIP Version 5 transition outreach program. NPCC developed an internal entity guide to assist registered entities in meeting quarterly reporting requirements pursuant to PRC-004 and NERC ALR4-1. The NPCC website includes links associated with the areas of Standards, Registration, Compliance Monitoring, and Enforcement. NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 33 Appendix A4 - ReliabilityFirst Corporation (ReliabilityFirst) 2015 CMEP Implementation Plan This Appendix contains the CMEP Implementation Plan (IP) for ReliabilityFirst as required by the NERC Rules of Procedure. 1. Compliance Monitoring and Enforcement 1.1 CMEP IP Highlights and Material Changes ReliabilityFirst will follow and implement the ERO Risk-based Compliance Oversight Framework described in the ERO CMEP IP. The 2015 ERO CMEP Implementation Plan identifies a number of risk elements and areas of focus, which provide a starting point for ReliabilityFirst’s risk analysis and Compliance Oversight Plan. However, the plan recognizes that it does not containcomplete set of the risks that may affect the BPS, and that Regional Entities are expected to consider local risks and the specific circumstances associated with individual registered entities within their footprint when developing their compliance oversight plans. As such, ReliabilityFirst performed its Regional Risk Assessment (RRA), which identified areas of focus specific to the ReliabilityFirst region (ReliabilityFirst areas of focus), set forth in Section 3 of this document. ReliabilityFirst may monitor the Reliability Standards (Standards) and Requirements associated with the ReliabilityFirst risk elements in 2015. ReliabilityFirst has the discretion to add, subtract, or modify Standards and Requirements as it deems necessary based on the individual Inherent Risk Assessments (IRA).14 The ReliabilityFirst RRA is discussed in further detail in Section 2 of this document. CMEP Implementation Plan Updates and Changes throughout the Year ReliabilityFirst monitors FERC and NERC activities, system events, and events in the ReliabilityFirst region. Based on these monitoring activities, ReliabilityFirst may modify its CMEP Implementation Plan throughout the year to include Standards that address and mitigate situational awareness and reliability issues as they arise. 1.2 Other Regional Key Initiatives & Activities Risk-based Enforcement ReliabilityFirst is implementing a risk based enforcement approach consistent with that of the ERO Enterprise. Specifically, ReliabilityFirst will be exercising enforcement discretion by processing qualified minimal risk issues as “compliance exceptions.” Compliance Exceptions will effectively supersede the Find, Fix, Track and Report (“FFT”) disposition method for most minimal risk noncompliances. Self-Logging ReliabilityFirst is implementing self-logging approach consistent with that of the ERO Enterprise. Self-logging allows qualified registered entities to keep a log of minimal risk noncompliances that is periodically checked by ReliabilityFirst instead of submitting individual self-reports and corresponding mitigation plans for each noncompliance. Once ReliabilityFirst approves the log entries, they are processed as compliance exceptions. 2. Regional Risk Assessment Process The RRA identifies risks within the ReliabilityFirst region that could potentially impact the reliability of the BPS. To accomplish the RRA, ReliabilityFirst utilizes a cross-functional team of internal Subject Matter Experts (the RRA Team) to review and analyze information and data to determine the highest-priority risks to the ReliabilityFirst region. The types of region-specific information and data the RRA Team reviews includes: US Population & Census Data, Severe Weather Related Outages (e.g., OE-417 reports, Outages), Generation 14 Additionally, ReliabilityFirst audit teams have the discretion to adjust audit scope during an engagement at a registered entity. NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 34 Appendix A4 - ReliabilityFirst Corporation (ReliabilityFirst) 2015 CMEP Implementation Plan Availability Data System (GADs), Transmissions Availability Data System (TADS), Misoperations, Event Analysis, Load Analysis, Locational Marginal Pricing, System Operating Limits (SOL), Interconnection Reliability Operating Limits (IROL), TIER Power Line Ranking, Interconnection Points, Cyber Security data, Physical Security data, and data on Threats and Vulnerabilities. After a period of information gathering, analysis and decision making, the RRA team develops the results of the RRA in the form of ReliabilityFirst risk elements. The 2014 ReliabilityFirst RRA identified the following five ReliabilityFirst risk elements (in no particular order or ranking): Weather Related Physical Threat Cyber Security Human Error Equipment Failure The five ReliabilityFirst risk elements align with five of the nine NERC risk elements discussed in the 2015 ERO CMEP Implementation Plan: Infrastructure Maintenance Workforce Capability Threats to Cyber Systems Human Error Extreme Physical Events ReliabilityFirst believes that the four NERC risk elements that do not align with ReliabilityFirst risk elements, set forth below, are best assessed at the registered entity level during the Inherent Risk Assessment (ReliabilityFirst’s Entity Risk Assessment): Uncoordinated Protection Systems Protection System Misoperations Monitoring and Situational Awareness Long Term Planning and System Analysis Section 3 of this document contains additional detail on the five ReliabilityFirst risk elements and their Reliability Standards and Requirements, which ReliabilityFirst may include in the 2015 ReliabilityFirst Compliance Oversight Plans. The RRA is performed annually and will be updated as necessary. As new and emerging threats and risks are identified, system events take place, and compliance monitoring activities are performed, ReliabilityFirst will update the RRA to keep current with potential issues, threats and risks. ReliabilityFirst reviews potential risks posed by an individual registered entity to the reliability of the BPS, by utilizing the IRA – Inherent Risk Assessment guide developed as part of the RAI Initiative. This assessment helps identify areas of focus and the level of compliance oversight required. Reliability Standards and Requirements may be added to or removed from the scope of an audit. Going forward, ReliabilityFirst will perform risk assessment prior to each audit, and at least two weeks prior to the development of a registered entity’s audit notification package. In additional to the risk elements and focus areas identified in the RRA, ReliabilityFirst identified Regionspecific risk factors that it will consider when evaluating a registered entity. The items below provide Regionspecific details on additional risk areas that ReliabilityFirst may consider when identifying and assessing risk. NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 35 Appendix A4 - ReliabilityFirst Corporation (ReliabilityFirst) 2015 CMEP Implementation Plan Population and geographic location – The ReliabilityFirst region includes three of the most populated areas in the United States (Chicago, Philadelphia, and Washington DC). The ReliabilityFirst region also contains many medium-sized urban areas such as Baltimore, Cleveland, Pittsburgh, Indianapolis, Cincinnati, and Toledo. Maintaining and ensuring reliable service to these areas of the country is critical to the overall well-being of the nation and national security. Any registered entity serving the load in these areas and those registered entities responsible for operating and maintaining reliability of the BPS supplying these areas, or in close proximity to these populated areas, may pose a higher risk. Entity Make-up and diversity – The ReliabilityFirst region is a summer peaking region, with several registered entities serving peak loads or operating an individual resource in excess of 500 MWs. Maintaining and ensuring reliable service to these areas of the country is critical to the well-being of the people and in some cases to national security. Entity Registration – ReliabilityFirst takes into account Entity Registration (i.e. RC, BA, TOP versus DP, PSE), during the assessment of registered entities. RCs, BAs and TOPs have the authority to issue operating orders, instructions, and directives and ultimately play a larger role in safeguarding the reliability of the BES. Transmission Assets – The transmission network in the ReliabilityFirst region consists of 765kV; 500kV; 345kV; 230kV; 138kV and 115kV lines. The majority of transmission facilities are overhead, with large urban areas serviced by underground transmission cables. Overall asset ownership (lines, transformers, generators, voltage, size of units, fuel type, flowgates, SOL, IROL, etc.) are also considered as part of the assessment. These assets form the backbone of the system and will be assessed with a higher risk due to their importance to maintain the reliability of the BPS. A registered entity that owns these types of facilities may have their audit scope adjusted to address owning and maintaining these types of equipment. Misoperations – the number of misoperations within the ReliabilityFirst region has been an issue of focus over the last few years. There is a higher risk to the BPS if the cause for a misoperation is due to controllable circumstances. Registered entities having these types of misoperations may have their audit scope adjusted to address resolving these misoperations. Special Protection Schemes and Relay Protection – registered entities in the ReliabilityFirst region use special protection schemes to mitigate system constraints until transmission reinforcements can be planned and built. In some cases these special protection schemes are left in place indefinitely. Special protection schemes can present a higher risk to the BPS when they are not properly implemented, coordinated, or operated as intended. Emergency Operations and Blackstart Facilities – There are multiple facilities designated as blackstart units in the ReliabilityFirst region. Registered entities are required to regularly test these blackstart units and submit results to ReliabilityFirst annually. There is a potential risk that there may be insufficient blackstart resources designated for an area, or that blackstart resources may not be available if they are not properly tested. Generation Assets – ReliabilityFirst generation mix is made up of units that are nuclear, coal, gas, hydro, wind, solar, and refuse power assets. The asset mix for the next few years is expected to change, with a decrease in coal generation and an increase in renewable resources such as wind generation and solar generation. There is a risk that generating capacity and available resources may not be available to meet demand on a real-time, near term and long term time horizon. Registered entities owning these NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 36 Appendix A4 - ReliabilityFirst Corporation (ReliabilityFirst) 2015 CMEP Implementation Plan resources may be subject to standards and requirements to ensure availability and proper maintenance of these resources is retained. EMS and Monitoring Tools Availability – Keeping monitoring tools available and operational for system operators’ use is imperative to maintaining a reliable grid. Registered entities with these types of monitoring tools may have additional Standards and Requirements in their audit scope to ensure these monitoring tools are maintained and available to the system operator. The non-physical characteristics considered by ReliabilityFirst during the IRA include the following: Operating Performance – ReliabilityFirst analyzes data from the GADS, TADS reports and information from reviewed system events. Since 2008 there have been various system events ranging from local load drop to interconnection frequency excursions. There is always a risk that an event could cause a large scale blackout, but it is more probable that a series of smaller events will occur and if undetected, will manifest into a larger event. This information can help to pinpoint problems or identify trends for a registered entity and help to focus the scope of an audit to deter future events from occurring. Compliance History – Assessing the violation history, audit performance, Self-Certification, and self-report performance indicates past performance trends and a registered entity’s behavior towards compliance and their implementation of their compliance programs. Registered entities with a history of compliance issues may have their audit scope adjusted to ensure their mitigating measures achieve full compliance and prevent recurrence. Normal System Performance – The flow of power across the ReliabilityFirst region is normally from west to east, to supply the beltway of the mid-Atlantic region and northeast (including the New York City Area). There are instances when this normal power flow is disrupted and system constraints are realized. These system constraints rely on operator intervention for resolution. A registered entity’s system events (involvement, impact to BPS, significance, availability of operators tools, EMS, etc.), their operational performance (use of Emergency procedures and why), and their overall situational awareness all play a role in their system performance. System Maintenance upkeep and replacement (EMS, Physical plant, age of equipment, record keeping, tracking, and overall program) Continued maintenance of equipment is essential to a reliable BPS. As equipment gets older, system maintenance may increase and facility availability may decrease. Additionally, where ReliabilityFirst has confidence in a registered entity’s internal compliance program as a result of an Internal Control Evaluation (ICE), ReliabilityFirst may narrow the audit scope and audit periodicity to reflect the compliance maturity of the registered entity. To support a strong culture of compliance and to demonstrate robust internal controls, registered entities are encouraged to continually perform selfassessments of their compliance program and internal controls on an ongoing basis. ReliabilityFirst will notify registered entities of the Reliability Standards and Requirements to which they will be monitored against through the posting of the CMS for Self-Certification and Data Submittals, the Compliance Monthly Update Letter, the audit notification packages, as well as any of the outreach programs listed in Section 5 of this document. NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 37 Appendix A4 - ReliabilityFirst Corporation (ReliabilityFirst) 2015 CMEP Implementation Plan 3. Regional Risks and Associated Reliability Standards The table below contains the ReliabilityFirst risk focus areas identified during the ReliabilityFirst RRA. The table also contains the Reliability Standards and Requirements associated with each risk element. NOTE: Standards and/or Requirements in BLUE denote inclusion within the NERC risk elements identified in the 2015 ERO CMEP IP. Regional Risk Focus Areas Weather Related (Aligns with ERO risk element: Extreme Physical Events) Reliability Standards Subject to Regional Monitoring Associated Standard & Justification Requirement(s) As a result of ReliabilityFirst’s review of the NERC risk EOP-001-2.1b R4 elements and the ReliabilityFirst risk elements, TOP-001-1a R5 ReliabilityFirst identifies these Standards and TOP-001-1a R4 Requirements for compliance monitoring focus in PER-005-1, R1.1.1 2015. Weather Related (Aligns with ERO risk element: Extreme Physical Events) 2014 Cold Weather Event: As a result of this event, there is a need to: (1) determine that entities investigate a process for unit testing and preparation of resources in advance of winter operations, including testing dual-fuel capability, (2) review operator communications with respect to fuel-limited generation commitment decisions for accuracy and consistency, (3) changes to allow adjustment of start times based on changes in fuel utilized, (4) requirements for generation units whose primary fuel may not be natural gas but that require gas to operate, (5) review the entities emergency procedures to ensure overall communications and coordination of emergency procedures, (6) ensure transmission owners understand their existing voltage reduction capabilities (amount, time frame, etc.), (7) have the entities consider adjustments to the roles and responsibilities for communications during emergency procedures besides refining the training to reinforce processes and tools. As a result of ReliabilityFirst’s review of the NERC risk TOP-005-2a R2 elements and the ReliabilityFirst risk elements, ReliabilityFirst identifies these Standards and Requirements for compliance monitoring focus in 2015. Weather Related Attachment 1-TOP-005 lists the types of data that BAs and TOPs are expected to share with other BAs and TOPs. Item 2. Other operating information updated as soon as available. Item 2.8. Severe weather, fire, or earthquake. There is a continual need to ensure that the conditions of Item 2.8 are met per R2. As a result of ReliabilityFirst’s review of the NERC risk EOP-003-2 R1,R3,R5,R8 elements and the ReliabilityFirst risk elements, TOP-002-2.1b R5,R6,R7 NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 38 Appendix A4 - ReliabilityFirst Corporation (ReliabilityFirst) 2015 CMEP Implementation Plan Regional Risk Focus Areas (Aligns with ERO risk element: Extreme Physical Events) Reliability Standards Subject to Regional Monitoring Associated Standard & Justification Requirement(s) ReliabilityFirst identifies these Standards and Requirements for compliance monitoring focus in 2015. 2013 Hot Weather Event. Several days of unusual, extremely hot weather led to emergency conditions in an RC service area. In order to avoid more serious impacts, the RC had to direct transmission owners to implement controlled outages in a few contained areas for limited time periods. Controlled outages such as these are a last resort to prevent uncontrolled blackouts over larger areas (SEE EOP-003-2, R1, R3, R5 & R8). Weather Related (Aligns with ERO risk element: Extreme Physical Events) During this period, temperatures were approximately 20 degrees above normal, and demand for electricity reached an all-time high. At the same time, some generation and transmission facilities were scheduled out of service for routine maintenance because lower system demand was usually experienced during this period (SEE TOP-002-2.1b, R5, R6 & R7). As a result of ReliabilityFirst’s review of the NERC risk elements and the ReliabilityFirst risk elements, ReliabilityFirst identifies these Standards and Requirements for compliance monitoring focus in 2015. BAL-005-0.2b R7 COM-001-1.1 R3,R5 EOP-001-2.1b R4 EOP-005-2 R1, R1.2 NUC-001-2.1 R7,R8,R9.4,R9.4.13 2012 Hurricane Sandy Event. Some TO/DP entities in TOP-001-1a R4,R5 the RTO, particularly those that were not on the coast, TOP-002-2.1b R7 experienced greater damage in other storms, such as the 2012 Derecho storm. However, the damage that others experienced from Hurricane Sandy exceeded that caused by both Hurricane Irene and the Derecho storm. In fact, one entity reported that Sandy was the most damaging storm to them since record keeping began. For one entity, all service areas were impacted. The majority of increased staffing was in the restoration area. Additional areas that received increased staffing were operations centers, primary control centers, and backup control centers. 1. A large NPGOP had only one nuclear station that was damaged due to the loss of transmission system load and experienced high voltage. Another nuclear facility had a temporary loss of off-site power due to switchyard damage and a bushing on a voltage regulator associated with a transformer. During loss of off-site power at this facility, the reactor shutdown NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 39 Appendix A4 - ReliabilityFirst Corporation (ReliabilityFirst) 2015 CMEP Implementation Plan Regional Risk Focus Areas Weather Related (Aligns with ERO risk element: Extreme Physical Events) Reliability Standards Subject to Regional Monitoring Associated Standard & Justification Requirement(s) cooling and spent fuel cooling was temporarily lost but was restored when emergency diesels started and loaded. Fossil units were forced off both pre-storm (in anticipation of potential flooding) and as the stations flooded. 2. Five potential lessons learned were identified for generation stations during the storm: ISOs/RCs need to improve communication with generation plants during major events. ISOs/RCs should develop or document alternate communications methods when normal methods are lost. More comprehensive weather preparation procedures need to be developed. Improvements can be made for managing personnel who remain on-site. Development of anticipated generation reductions is necessary for the loss of one or more nearby transmission elements. 3. Several generation operation risks were identified during the storm. These include: Increased potential for Loss of Off-site Power (LOOP) to nuclear facilities. Possibility of LOOP due to switchyard damage, or loss of normal condenser cooling and loss of availability of service water due to high water. Curtailments due to wet coal, which is normal with any significant precipitator. Potential lack of fuel due to damage to the fuel provider’s facilities. 4. The largest challenge for the BA was coordinating load lost on the distribution systems with lost generation—in particular, the loss of entire generating stations or the loss of multiple units within close temporal proximity. This at times forced ACE to go either high or low for extended periods of time. It was also challenging to maintain load/generation balance during restoration as generation and/or load was added back into the system. As a result of ReliabilityFirst’s review of the NERC risk EOP-005-2 R6, R9 elements and the ReliabilityFirst risk elements, ReliabilityFirst identifies these Standards and Requirements for compliance monitoring focus in 2015. EOP-005-2, R6 & R9: A large TOP has not been audited for these requirements. NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 40 Appendix A4 - ReliabilityFirst Corporation (ReliabilityFirst) 2015 CMEP Implementation Plan Regional Risk Focus Areas Weather Related (Aligns with ERO risk element: Extreme Physical Events) Reliability Standards Subject to Regional Monitoring Associated Standard & Justification Requirement(s) As a result of ReliabilityFirst’s review of the NERC risk EOP-006-2 R1 elements and the ReliabilityFirst risk elements, ReliabilityFirst identifies these Standards and Requirements for compliance monitoring focus in 2015. Weather Related (Aligns with ERO risk element: Extreme Physical Events) EOP-006-2, R1: The two RCs have not been audited for this requirement. As a result of ReliabilityFirst’s review of the NERC risk EOP-010-1 R1,R3 (as of 4/1/15) elements and the ReliabilityFirst risk elements, ReliabilityFirst identifies these Standards and Requirements for compliance monitoring focus in 2015. EOP-010, R1 & R3: Although the results of a GMD are reported under EOP-004-2, means of detection and correction for these types of events will eventually fall under EOP-010 which was recently approved by FERC in June 2014, but has no enforcement date at this time. GMDs are confined to a small eastern portion of PJM. MISO is not significantly impacted by GMDs. PJM addresses GMDs in their Emergency Procedures Manual. Weather Related (Aligns with ERO risk element: Extreme Physical Events) As a result of ReliabilityFirst’s review of the NERC risk elements and the ReliabilityFirst risk elements, ReliabilityFirst identifies these Standards and Requirements for compliance monitoring focus in 2015. Weather Related (Aligns with ERO risk element: Extreme Physical Events) TPL-002-0b, 003-0b & 004.0a: TPs have not been audited for this requirement since 2009 and 2010. As a result of ReliabilityFirst’s review of the NERC risk elements and the ReliabilityFirst risk elements, ReliabilityFirst identifies these Standards and Requirements for compliance monitoring focus in 2015. TPL-002-0b R1 TPL-003-0b R1 TPL-004-0a R1 EOP-001-2.1b R1,R2,R3,R4,R6 EOP-002-3.1 R1,R2,R3,R4,R5 EOP-003-2 R1,R3,R7,R8 EOP-004-2 R2 IRO-003-2 R1,R2 IRO-004-2 R1 IRO-005-3.1a R5,R6,R9 PRC-006-1 R1,R2,R3,R4,R5,R9,R10 PRC-022-1 R1 TOP-006-2 R2,R6,R7 TOP-007-0 R1,R2,R3,R4 TOP-008-1 R1,R2,R3,R4 TPL-001-4 R1, R7 (as of 1/1/15) TPL-002-0b R1 NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 41 Appendix A4 - ReliabilityFirst Corporation (ReliabilityFirst) 2015 CMEP Implementation Plan Physical Threat (Aligns with ERO risk element: Extreme Physical Events) Reliability Standards Subject to Regional Monitoring Associated Standard & Justification Requirement(s) TPL-003-0b R1 TPL-004-0a R1 VAR-002-2b R2,R3 (v3 as of 10/1/14) As a result of ReliabilityFirst’s review of the NERC risk CIP-006-3c elements and the ReliabilityFirst risk elements, R1,R2,R3,R4,R5,R6,R7,R8 ReliabilityFirst identifies these Standards and Requirements for compliance monitoring focus in 2015. Cyber Security (Aligns with ERO risk element: Threats to Cyber Systems) In CIP-006-3, failure to comply with the requirements of this standard can lead to threats in cyber and physical security space. As a result of ReliabilityFirst’s review of the NERC risk elements and the ReliabilityFirst risk elements, ReliabilityFirst identifies these Standards and Requirements for compliance monitoring focus in 2015. Regional Risk Focus Areas Human Error (Aligns with ERO risk element: Human Error & Workforce Capability) Human Error (Aligns with ERO risk element: Human Error & Workforce Capability) Access control is defined by CIP-004-3a, R4. In CIP-005-3a, CIP-006-3c & CIP-007-3a, failure to comply with the requirements of these standards can lead to threats in cyber and physical security space. As a result of ReliabilityFirst’s review of the NERC risk elements and the ReliabilityFirst risk elements, ReliabilityFirst identifies these Standards and Requirements for compliance monitoring focus in 2015. A medium size entity had an established procedure that required a series of communications in advance of energizing new equipment to assure ratings information is timely updated. It was determined that procedure was not strictly followed for two projects and resulted in a communication gap between the project team and the groups responsible for updating and communicating the facility ratings. As a result of ReliabilityFirst’s review of the NERC risk elements and the ReliabilityFirst risk elements, ReliabilityFirst identifies these Standards and Requirements for compliance monitoring focus in 2015. CIP-004-3a R4 CIP-005-3a R1,R2,R3,R4,R5 CIP-006-3c R1,R2,R3,R4,R5,R6,R7,R8 CIP-007-3a R1,R2,R3,R4,R5,R6,R7,R8,R9 FAC-008-3 R8 IRO-010-1a R3 Due to reconfiguration at a substation for breaker installation and relay replacement by a TO, a line outage resulted in disabling of the primary and backup NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 42 Appendix A4 - ReliabilityFirst Corporation (ReliabilityFirst) 2015 CMEP Implementation Plan Regional Risk Focus Areas Human Error (Aligns with ERO risk element: Human Error & Workforce Capability) Human Error (Aligns with ERO risk element: Human Error & Workforce Capability) Human Error (Aligns with ERO risk element: Human Error & Workforce Capability) Human Error (Aligns with ERO risk element: Human Error & Workforce Capability) Reliability Standards Subject to Regional Monitoring Associated Standard & Justification Requirement(s) protection on an energized bus. The implications of removing the 138 kV line facilities and the change in protection status of the bus was not recognized by field personnel. As a result, the system operator was not informed of the disabling of bus protection during the outage resulting in this information not being communicated to the RC. As a result of ReliabilityFirst’s review of the NERC risk PRC-005-1.1b R3 (v2 as of elements and the ReliabilityFirst risk elements, 4/1/15) ReliabilityFirst identifies these Standards and Requirements for compliance monitoring focus in 2015. An oversight in an medium size entity's Generator Protection System Maintenance and Testing Program which required testing of relays that were changed, their associated control circuitry paths, as well as all of the other input paths of the associated lockout relays resulted in these devices not being tested. As a result of ReliabilityFirst’s review of the NERC risk PRC-023-2 R2 (v3 as of 10/1/14) elements and the ReliabilityFirst risk elements, ReliabilityFirst identifies these Standards and Requirements for compliance monitoring focus in 2015. A large entity's Out-of-Step Blocking (OSB) Relay Loadability Spreadsheet contained an error in the formula used to calculate certain OSB relay loadability values. As a result of ReliabilityFirst’s review of the NERC risk TOP-004-2 R4 elements and the ReliabilityFirst risk elements, ReliabilityFirst identifies these Standards and Requirements for compliance monitoring focus in 2015. A large registered entity recently failed to recognize they had entered an unknown operating state when extremely low substation battery voltage was intermittently occurring which compromised the relay protection at the substation. As a result of ReliabilityFirst’s review of the NERC risk elements and the ReliabilityFirst risk elements, ReliabilityFirst identifies these Standards and Requirements for compliance monitoring focus in 2015. NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 43 Appendix A4 - ReliabilityFirst Corporation (ReliabilityFirst) 2015 CMEP Implementation Plan Regional Risk Focus Areas Human Error (Aligns with ERO risk element: Human Error & Workforce Capability) Human Error (Aligns with ERO risk element: Human Error & Workforce Capability) Reliability Standards Subject to Regional Monitoring Associated Standard & Justification Requirement(s) A small GOP identified that they had exceeded their VAR-002-2b R2 (v3 as of voltage schedule without making notification to the 10/1/14) TOP. It was determined that the Control Room Operator failed to recognize the elevated voltage condition in spite of received alarms, operator aids, and training. Another small GOP was unaware of their obligation to notify the TOP when their assigned voltage schedule could not be met. Following a planned outage, a Power System Stabilizer (PSS) status change was not reported within the required 30 minutes. The exciter went through a control upgrade during the outage and during the course of the project, the PSS was disabled. The cause was determined to be an oversight of the operator due to not verifying the PSS was in service during start up due to past routine sequence. A large GOP on numerous occasions, exceeded their voltage schedules at various generating facilities due to lack of operator situation awareness of the AVR status. As a result of ReliabilityFirst’s review of the NERC risk elements and the ReliabilityFirst risk elements, ReliabilityFirst identifies these Standards and Requirements for compliance monitoring focus in 2015. As a result of ReliabilityFirst’s review of the NERC risk elements and the ReliabilityFirst risk elements, ReliabilityFirst identifies these Standards and Requirements for compliance monitoring focus in 2015. In CIP-002-3 - CIP-009-3, there is a possibility of Human Error associated with any of the requirements in these standards. Equipment Failure (Aligns with ERO risk element: Infrastructure Maintenance) As a result of ReliabilityFirst’s review of the NERC risk elements and the ReliabilityFirst risk elements, ReliabilityFirst identifies these Standards and Requirements for compliance monitoring focus in 2015. VAR-002-2b R3, R3.1 (v3 as of 10/1/14) CIP-004-3a R1,R2 COM-002-2 R2 EOP-001-2.1b R2,R3,R4 EOP-003-2 R8 EOP-005-2 R10,R11,R17 EOP-006-2 R9,R10 PER-005-1 R3 CIP-002-3 R1,R2,R3, R4 CIP-003-3 R1,R2,R4,R5,R6 CIP-004-3a R1,R2,R3,R4 CIP-005-3a R1,R2,R3,R4,R5 CIP-006-3c R1,R2,R3,R4,R5,R6,R7,R8 CIP-007-3a R1,R2,R3,R4,R5,R6,R7,R8,R9 CIP-008-3 R1,R2 CIP-009-3 R1,R2,R3,R4,R5 BAL-006-2 R4.3 Per the Compliance Monitoring Section of this standard, Each BA shall perform an Area Interchange Error (AIE) Survey as requested by the NERC Operating NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 44 Appendix A4 - ReliabilityFirst Corporation (ReliabilityFirst) 2015 CMEP Implementation Plan Reliability Standards Subject to Regional Monitoring Associated Standard & Justification Requirement(s) Committee to determine the BA’s Interchange error(s) due to *equipment failures or improper scheduling operations, or improper AGC performance. Note: *ReliabilityFirst wishes to determine if the number of equipment failures that impact AIE is presently known. Equipment Failure As a result of ReliabilityFirst’s review of the NERC risk PRC-001-1.1 R2, R2.2 (Aligns with ERO elements and the ReliabilityFirst risk elements, risk element: ReliabilityFirst identifies these Standards and Infrastructure Requirements for compliance monitoring focus in Maintenance) 2015. Regional Risk Focus Areas During relay testing, a large registered entity recently failed to report a relay failure which would not initiate a breaker trip and thus reduced system reliability for twelve days. The equipment failure and reduced reliability was not reported to the respective entities. It is also believed that this entity had entered an unknown operating state per TOP-004-2, R4. Equipment Failure As a result of ReliabilityFirst’s review of the NERC risk TOP-004-2 R4 (Aligns with ERO elements and the ReliabilityFirst risk elements, risk element: ReliabilityFirst identifies these Standards and Infrastructure Requirements for compliance monitoring focus in Maintenance) 2015. A large registered entity recently failed to recognize they had entered an unknown operating state when extremely low substation battery voltage was intermittently occurring which comprised the relay protection at the substation. The condition was not studied or analyzed to determine any possible impacts to the reliability of the BES. Equipment Failure As a result of ReliabilityFirst’s review of the NERC risk (Aligns with ERO elements and the ReliabilityFirst risk elements, risk element: ReliabilityFirst identifies these Standards and Infrastructure Requirements for compliance monitoring focus in Maintenance) 2015. A medium-size entity experienced an ECS failure TOP-006-2 R1 which resulted in loss of monitoring and control capabilities due to failure of their front-end processors. It's RC and neighboring TOPs were only able to monitor the tie-lines. During an ECS outage TOP-006-2 R2 while the TOCC asked neighboring TOPs to monitor tie lines, the TOCC could not monitor the applicable transmission line status, real and reactive power flows, voltage, and status of rotating and static NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 45 Appendix A4 - ReliabilityFirst Corporation (ReliabilityFirst) 2015 CMEP Implementation Plan Reliability Standards Subject to Regional Monitoring Associated Standard & Justification Requirement(s) reactive resources. Also, the TOCC did not have control to operate the system during the ECS outage Equipment Failure As a result of ReliabilityFirst’s review of the NERC risk FAC-003 R1,R2,R3,R4,R5,R6,R7 (Aligns with ERO elements and the ReliabilityFirst risk elements, PRC-005-1.1b R3,R4 (v2 as of risk element: ReliabilityFirst identifies these Standards and 4/1/15) Infrastructure Requirements for compliance monitoring focus in PRC-008-0 R1,R2 Maintenance) 2015. PRC-011-0 R1 PRC-017-0 R1 Equipment Failure As a result of ReliabilityFirst’s review of the NERC risk CIP-008-3 R1 (Aligns with ERO elements and the ReliabilityFirst risk elements, risk element: ReliabilityFirst identifies these Standards and Infrastructure Requirements for compliance monitoring focus in Maintenance) 2015. Regional Risk Focus Areas CIP-008-3 requires an Incident Response Plan for Critical Cyber Assets. Lack of such a plan, in the event of an incident, will leave the entity with the inability to properly respond to the incident. Equipment Failure As a result of ReliabilityFirst’s review of the NERC risk CIP-009-3 R1,R2,R3,R4,R5 (Aligns with ERO elements and the ReliabilityFirst risk elements, risk element: ReliabilityFirst identifies these Standards and Infrastructure Requirements for compliance monitoring focus in Maintenance) 2015. CIP-009-3 requires a recovery plan for Critical Cyber Assets. Lack of such a plan, in the event of equipment failure, will leave the entity with the inability to properly recover from an event. 4. Compliance Oversight Plan Self-Certifications and Spot Checks ReliabilityFirst will require Self-Certifications by all registered entities, including those that will be audited in 2015. ReliabilityFirst will require all Self-Certifications to be completed on a Requirement-level basis. ReliabilityFirst will publish a list of the Standards and Requirements to which registered entities must selfcertify in the ReliabilityFirst 2015 Compliance Monitoring schedule. ReliabilityFirst presently has no Spot Checks scheduled for 2015, but reserves the option to initiate Spot Checks throughout the year as needed.15 In addition, ReliabilityFirst may use the Spot Check process to verify mitigation plans as needed. Compliance Monitoring Schedule for Self-Certifications and Data Submittals ReliabilityFirst developed a Compliance Monitoring Schedule (CMS) that contains the Standards and Requirements for the Self-Certifications and Data Submittals scheduled for 2015. The CMS is based upon the NERC risk elements set forth in the NERC 2015 ERO CMEP Implementation Plan and the ReliabilityFirst risk 15 As part of its oversight of the PJM Local Control Centers, ReliabilityFirst conducts one random spot-check of a Local Control Center each year. NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 46 Appendix A4 - ReliabilityFirst Corporation (ReliabilityFirst) 2015 CMEP Implementation Plan elements set forth in Section 3 below. Several Requirements in the CMS include a data submittal. Most of these data submittals are associated with the monthly, quarterly, and or annual reporting requirements set forth in the Requirements. CIP Self-Certifications and Data Submittals in Lieu of CIP Audits for Registered Entities with no Critical Assets or Critical Cyber Assets For registered entities subject to the CIP Standards that own no Critical Assets or Critical Cyber Assets, ReliabilityFirst will perform Self-Certifications and data submittals in lieu of conducting an off-site audit. This determination is based upon NERC’s Cyber Security Reliability Standards CIP V5 Transition Guidance which states: For those Responsible Entities that do not have any Critical Assets or Critical Cyber Assets under the CIP V3 Standards…Regional Entities will forgo off-site audits of the CIP Reliability Standards during the Transition Period. Regional Entities may instead use compliance monitoring methods, such as Spot Checks, Self-Certifications, among others.16 Compliance Monitoring of Purchase-Selling Entity (PSEs) For registered entities registered for the PSE function, ReliabilityFirst will perform Self-Certifications in lieu of conducting an audit, as their ERAs indicate the need. These Self-Certifications will apply to registered entities that are registered for multiple functions in addition to the PSE function (e.g., if a registered entity is registered as a DP, LSE and PSE, the audit scope will only include Standards and Requirements applicable to the DP and LSE functions, and the registered entity will submit Self-Certifications for the Standards and Requirements applicable to the PSE function). This determination is based on ReliabilityFirst’s experience to date and will be reevaluated in future Implementation Plans as needed.17 PSEs are obligated to maintain compliance with applicable Reliability Standards at all times.18 Monitoring of New or Revised Standards ReliabilityFirst will monitor new or revised Standards based upon their implementation plans and as required by NERC and FERC. A list of new and revised Standards and their effective dates is set forth below: Standards Subject to Monitoring in late 2014 Standard Effective Date INT-004-3 10-1-2014 INT-006-4 10-1-2014 INT-009-2 10-1-2014 INT-010-2 10-1-2014 INT-011-1 10-1-2014 PRC-023-3 10-1-2014 PRC-025-1 10-1-2014 VAR-001-4 10-1-2014 VAR-002-3 10-1-2014 16 NERC Cyber Security Reliability Standards CIP V5 Transition Guidance, Section 5, page 7, http://www.nerc.com/pa/CI/Documents/V3V5%20Transition%20Guidance%20FINAL.pdf. 17 If the Risk-Based Registration Initiative becomes effective prior to 2015 or ReliabilityFirst otherwise identifies a need to change this approach, ReliabilityFirst will update the Implementation Plan as appropriate. 18 It should be noted that if the Risk Based Registration initiative becomes effective, there is the possibility that the PSE function may be removed and ReliabilityFirst will no longer require these self-certifications. NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 47 Appendix A4 - ReliabilityFirst Corporation (ReliabilityFirst) 2015 CMEP Implementation Plan Standards Subject to Monitoring in 2015 Standard Effective Date BAL-003-1 4-1-2015 EOP-010-1 4-1-2015 MOD-032-1 7-1-2015 PRC-005-2 4-1-2015 TPL-001-4 1-1-2015 The audit schedule will not be posted on the ReliabilityFirst website. If an entity has a question concerning its audit, please contact ReliabilityFirst.19 NCR # NCR08039 NCR00680 NCR08077 NCR08034 NCR08053 NCR00941 NCR00761 NCR08001 NCR00711 NCR00748 NCR08019 NCR10257 NCR00417 NCR08013 NCR00917 NCR11235 NCR00896 NCR00822 NCR11097 NCR00721 NCR11247 NCR11297 NCR00794 NCR00954 NCR11380 2015 Compliance Audit Schedule Registered Entity Allegheny Ridge Wind Farm, LLC American Bituminous Power Partners, L.P. Wheelabrator Falls Inc. US Operating Services Company - Chambers Hancock-Wood Electric Cooperative, Inc. Washington City Light & Power Duke Energy Ohio/Kentucky PJM Bryan Municipal Utilities City of Batavia Municipal Electric Utility The Dayton Power and Light Company East Coast Power Linden Holding LLC EFS Parlin Holdings LLC Whiting Clean Energy, Inc. Commonwealth Edison Company Southern Indiana Gas & Electric Company d/b/a Vectren Energy Delivery of Indiana, Inc. Gratiot County Wind LLC Public Service Electric & Gas Company Michigan Public Power Agency TAQA Gen X LLC City of Rochelle GSG 6, LLC Homer City Generation, L.P. Hoosier Energy REC, Inc. Wolverine Power Supply Cooperative, Inc. Kincaid Generation, LLC 19 As mentioned above, for registered entities where the CIP Standards apply, that have declared that they own no Critical Assets (CAs) or Critical Cyber Assets (CCAs), ReliabilityFirst will perform self-certifications and data submittals in lieu of conducting an off-site audit. This determination is based upon Cyber Security Reliability Standards CIP V5 Transition Guidance provided by NERC. For those registered entities that are also registered for functions that are audited on a six year cycle, ReliabilityFirst will evaluate and determine the scope of those registered entity audits based upon the risk those functions pose to the BES (i.e. a TOP that is also registered as a LSE, etc.). There may be times when these audits are not conducted based upon the registered entity ERA. NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 48 Appendix A4 - ReliabilityFirst Corporation (ReliabilityFirst) 2015 CMEP Implementation Plan NCR # NCR08026 NCR00337 NCR00889 NCR00884 NCR00940 NCR00006/NCR04026/NCR05055 NCR07025/NCR01189/NCR00007/ NCR10115 NCR10208 NCR00682/NCR01056 NCR03044 NCR00761 NCR00936 NCR00826 NCR00688 NCR00752 NCR00881 2015 Compliance Audit Schedule Registered Entity PECO Energy Company Troy Energy, LLC PPL Susquehanna, L.L.C. PPL Electric Utilities Corporation Wabash Valley Power Association, Inc. Calpine Corporation Calpine Energy Services Lincoln Generating Facility, LLC American Electric Power Service Corporation as agent for Appalachian Power Company, Indiana Michigan Power Company, Kentucky Power Company, Kingsport Power Company, Ohio Power Company, Wheeling Power Company, AEP Ohio Transmission Company, AEP Appalachian Transmission Company, AEP West Virginia Transmission MISO-MBHydro Contingency Reserve Sharing Group Duke Energy Corporation University Park Energy, LLC Midcontinent Independent System Operator, Inc. Atlantic City Electric Company Delmarva Power & Light Company Potomac Electric Power Company 5. Compliance Outreach Compliance Outreach Activities Outreach Activity Monthly Newsletter - The ReliabilityFirst Newsletter provides registered entities with news and information relating to reliability activities. Monthly Compliance Update Letter - The ReliabilityFirst Monthly Compliance Update Letter provides registered entities with any changes made to the Compliance Monitoring Schedule and the due dates for compliance submittals. ReliabilityFirst Website - The ReliabilityFirst website provides compliance and technical materials to support compliance program implementation. Workshops/Seminars/Webinars - ReliabilityFirst Compliance workshops/seminars or webinars, will be scheduled to assist the registered entities in the understanding of their responsibilities to satisfy compliance to the Reliability Standards throughout the year. CIP Version 5 Outreach and Awareness – ReliabilityFirst will conduct CIP Version 5 outreach, including training and education engagements, to ensure that registered entities have confidence in their implementation of the CIP V5 Standards and Requirements. These engagements will primarily be conducted as Workshops and Webinars. Compliance Data Management System (CDMS) - ReliabilityFirst allows its registered entities to report compliance via CDMS, an internet based application. The CDMS home page provides informational announcements, updates, and newsworthy items of interest to the registered entities. NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 49 Anticipated Date Monthly throughout the year. Updated throughout the year as needed. Monthly throughout the year. Semi-annual (March and October). Monthly throughout the year. Updated throughout the year as needed. Appendix A4 - ReliabilityFirst Corporation (ReliabilityFirst) 2015 CMEP Implementation Plan Compliance Outreach Activities Outreach Activity Periodic Reports - ReliabilityFirst will provide Periodic Reports to its registered entities identifying compliance related activities that the registered entities continue to struggle with. These reports will be posted on the ReliabilityFirst website. Open Compliance Calls - ReliabilityFirst has implemented a monthly conference call to provide an open forum for registered entities to call and voice concerns, ask questions, and to gain information about upcoming compliance items. Assist Visits - ReliabilityFirst has implemented a program whereby a registered entity may request a one on one or a small group meeting where guidance on compliance related activities can be provided. These Assist Visits can be in the form of a conference call, web meeting, or on-site visit. Topics can range from helping an entity become more familiar with compliance related material and activities, to special guidance and education when either the registered entity or ReliabilityFirst believes the registered entity needs special attention or additional help. NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 50 Anticipated Date Monthly throughout the year. Monthly throughout the year. As requested by our registered entities. Appendix A5 - SERC Reliability Corporation (SERC) 2015 CMEP Implementation Plan This Appendix contains the CMEP Implementation Plan (IP) for SERC as required by the NERC Rules of Procedure (ROP). 1. Compliance Monitoring and Enforcement 1.1 CMEP IP Highlights and Material Changes As part of SERC’s efforts to be more efficient and effective, and to strengthen and support the Compliance area, the Operations and Planning (O&P) and Critical Infrastructure Protection (CIP) audit resources were brought under one monitoring area function, Compliance Monitoring. This will allow SERC to be more consistent in the application of tools and processes in compliance monitoring activities. SERC will continue to support its Industry Subject Matter Expert (ISME) program, through which SERC frequently uses industry volunteers employed by registered entities in the SERC Region as supplemental compliance audit team members. SERC continues to be a leader among the Regions in this area. In 2014, the program was enhanced to focus on identification, qualification, and assignment of ISMEs to match the technical resource needs of specific audits, evaluation of ISME participation and performance during audits, and training of ISMEs. During 2015, the ISME program will continue to be supported, highlighted during certain SERC outreach events, and have information available on the SERC public website. 1.2 Other Regional Key Initiatives and Activities Building from the successful momentum with the Reliability Assurance Initiative (RAI) in 2014, SERC will continue to support RAI in 2015 in various ways. SERC will scope the appropriate Compliance Monitoring Plan for each registered entity based on ERO Risk-based Compliance Oversight Framework, as described in the ERO CMEP IP, which includes:-- the NERC 2015 risk elements Guide, SERC Regional Risk Assessment, Inherent Risk Assessment (IRA), and Internal Control Evaluation (ICE). The Compliance Monitoring Oversight Plan will include areas of focus, level of efforts, timing, and overall strategy on use of CMEP tool(s). Note, however, each registered entity remains responsible for compliance with all Mandatory and Enforceable Reliability Standard Requirements applicable to its registered function(s). For registered entities identified as a Multiple Region registered entity (MRRE), the lead Region shall be responsible for the coordination of compliance monitoring oversight activities. The lead Region is responsible for coordinating and conducting the IRA and ICE; however, each Region shall have input to ensure regional risks are identified. The lead Region may modify the Compliance Monitoring Oversight Plan as appropriate. 2. Regional Reliability Assessment Process and Regional Risk Identification The SERC Region encompasses a large area, has some of the nation's largest cities and utilities, and serves a significant portion of the U.S. population. Protecting the reliability of the electric grid in the SERC Region is the responsibility of SERC members with the support of SERC staff and reliability programs. Reliable operation of the Bulk Power System (BPS) is essential to regional economic viability. While each registered entity within the SERC Region is diligent with respect to reliability and resiliency within their service area, it is the responsibility of SERC to coordinate the reliability-related activities throughout the Region. It should be recognized that the BPS in the SERC Region has been planned, built, and operated as part of the integrated Eastern Interconnection. This integrated system serves the electric customers in the region under both traditional vertically integrated and market-based generation dispatch mechanisms. SERC has worked with its members since 2012 to develop and implement a continuous program of Regionwide assessments of potential reliability risks that could impact the SERC Region BPS. The SERC Regional Reliability Risk Assessment program is a robust, centralized process for analyzing, prioritizing, addressing, and NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 51 Appendix A5 - SERC Reliability Corporation (SERC) 2015 CMEP Implementation Plan communicating significant risks and risk-controlled initiatives. This is the first application of the output of this program communicating the choice of Standards for inclusion in the SERC CMEP. The SERC Standing Committees, the SERC Reliability Risk Team (RRT)20, and SERC Reliability Assessment and Performance Analysis staff contribute to the SERC Regional Reliability Risk Assessment Program. The objective of the program is to improve BPS reliability through a coordinated effort that identifies, analyzes, prioritizes, and addresses reliability risks. In conformance with the ERO RAI risk management program, the SERC process consists of the following major activities: Identify/Nominate Risks Determine Time Horizon (e.g. immediate, next-day, operational, seasonal, and long-term). Assess and Rank Risk Determination of the consequence, or severity impact(s) Determination of the probability of occurrence Assignment of High, Medium, or Low from the Risk Assessment Matrix Prioritization of risks Stored in the Risk Registry Develop Risk Control Initiatives Monitor and Reevaluate Risk Impact The coordination of the efforts with the SERC registered entities, the SERC technical committees, SERC staff, neighboring system personnel, and other members of the ERO is vital to the understanding and analysis of potential major reliability issues. SERC, through its members and staff, is heavily engaged with NERC and its risk initiatives. SERC’s risk management programs enable it to focus compliance monitoring oversight activities on those Reliability Standards which, if violated, would pose the greatest risk to the reliable operation of the SERC portion of the BPS. The Reliability Standards listed in Section 3 are the program’s recommendation for 2015 and are based on what is known at the time of this submittal. SERC has recognized one NERC Reliability Standard, PRC-006, as needing greater specificity to achieve successful coordination of the registered entities within the SERC Region. PRC-006 has Requirements that identify the Planning Coordinator (PC) as the registered entity responsible for developing under frequency load shedding (UFLS) schemes within their PC area. However, the NERC Standard does not provide specific guidance regarding the extent of cooperation with surrounding PCs which may lead to inconsistent set points and other regional inconsistencies for key UFLS parameters. In response, SERC created a Regional Reliability Standard, PRC-006-SERC-01, to establish consistent and coordinated Requirements for the design, implementation, and analysis of UFLS programs among applicable SERC registered entities. The Regional Standard adds specificity not contained in the NERC Standard for development and implementation of the UFLS scheme in the SERC Region that effectively mitigates the consequences of an under-frequency event. SERC has numerous UFLS schemes deployed within its Region; therefore, SERC developed and implemented the Regional Standard to ensure more comprehensive UFLS testing to identify possible regional gaps. 3. Regional Risk Focus Areas and Associated Reliability Standards The table below contains the Regional risks focus areas identified during the Regional Reliability Assessment process. The table also links associated Reliability Standards/Requirements to identified risks that may be 20 The RRT includes SERC Engineering Committee, Operating Committee, and CIP Committee members and was explicitly created to formalize and apply a process to carry out the basic elements of reliability risk monitoring, classification and management. It is noteworthy that the RRT monitors many risks not defined in the Reliability Standards, but are in support of best practices that promote BPS reliability. NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 52 Appendix A5 - SERC Reliability Corporation (SERC) 2015 CMEP Implementation Plan considered in the Regional Compliance Monitoring Plan. Note that the Standards/Requirements listed below are in addition to the Standards/Requirements identified in the 2015 ERO risk elements Guide. Reliability Standards Subject to Regional Monitoring Regional Risk Focus Area External Risks associated with Critical Cyber Assets Physical Events/Threats Cyber System Integrity Risks Cold weather impacts on transmission and generation Justification Electronic Access Points (EAP) often provide the first level of defense against vulnerability-based attacks, and based on SERC’s most violated Reliability Standards/Requirements (previous three years) CIP005 is the Region’s third most violated CIP Standard. Given the EAP is often the first level of defense, controlling access into the perimeter and monitoring for cyber-based attacks is critical to protecting cyber assets within and reducing the risk of degradation to the BPS. Physical Events represent those events that result in extensive damage to equipment, irrespective of cause. Based on SERC’s most violated Reliability Standards/Requirements report (previous three years) CIP-006 is the Region’s second most violated CIP standard. Additional focus is needed to address and minimize both the magnitude and duration of the consequences of a physical event. Physical access to cyber systems must be restricted and appropriately managed to ensure the integrity of the cyber systems within the Physical Security Perimeter. As the top violated Reliability Standard within the SERC Region, additional focus must be placed on cyber system integrity. Two key parts of ensuring system integrity are security patch and user account management. Security patch management is crucial in monitoring and addressing known security vulnerabilities prior to those vulnerabilities being exploited in a malicious manner that could degrade, or render unavailable, the cyber systems required to ensure the reliability of the BPS. User account management is essential in ensuring only authorized personnel can gain electronic access to Critical Cyber Assets. The SERC and NERC Polar Vortex related research, final and preliminary reports reveal numerous operational risks inherent to SERC registered entities, which may degrade the SERC Region’s BPS reliability performance below what is required by the NERC Standards. Standard & Requirement CIP-005-3a R2, R3 CIP-006-3c R2, R5, R6 CIP-007-3 R3, R5 BAL-001-1 R1, R2; BAL-002-1 R1; BAL-005-0.2b R7; COM002-2 R1, R2 NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 53 Appendix A5 - SERC Reliability Corporation (SERC) 2015 CMEP Implementation Plan Reliability Standards Subject to Regional Monitoring Regional Risk Focus Area Major storm events such as hurricanes and tornados Justification Standard & Requirement The SERC Region historically has experienced severe COM-002-2 R1, R2 weather events, such as hurricanes and tornados. The most recent noteworthy weather events are hurricane Katrina and recurring mass tornado events in 2008 and 2011. These events usually create system contingencies beyond existing planning criteria; however, emergency procedures and other operating standards still apply. Over the years, the Region has identified this risk and emphasized system preparedness through the 2012 Assessment of SERC Performance Information for Identifying Potential Reliability Risk, as well as through the NERC Reliability Assessment reporting process. Power System coordination and modeling Increased BPS use in a manner for which the system wasn’t originally designed, coupled with insufficient operating experience, coordinated studies and coordinated operations, can introduce risk to reliable operation of the BPS in the SERC Region. The NERC Arizona-Southern California Outages report highlighted potential areas of vulnerability. Significant changes in generation dispatch, particularly if such changes are unstudied, increases reliability risk. As a result, additional focus on registered entities impacted by these issues with respect to these Standards is warranted. References to neighboring system coordination and recommendations can be found in the NERC Arizona-Southern California Outages report.” MOD-001-1a R6; FAC-008-3 R6; FAC-014-2 R1, R2, R3, R4 ; IRO-003-2 R1, R2; IRO-004-2 R1; VAR-001-4 R1, R2; VAR002-3 R1, R2, R3 UFLS Schemes The SERC UFLS Regional Standard is to establish PRC-006-SERC-01 R1, R2, R3, consistent and coordinated requirements for the R4, R5, R6 design, implementation, and analysis of UFLS programs among SERC applicable registered entities. The regional standard adds specificity not contained in the NERC standard for development and implementation of the UFLS scheme in the SERC Region that effectively mitigates the consequences of an under-frequency event. 4. Compliance Oversight Plan Scheduling of Audits Registered entities registered as a Balancing Authority (BA), Reliability Coordinator (RC), or Transmission Operator (TOP) will continue to be audited every three years per the current NERC ROP. SERC will continue to monitor registered entities that are scheduled for an audit based on SERC’s long term monitoring plan in 2015. For all registered entities scheduled for an audit in 2015, flexibility to adjust the periodicity, as well as NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 54 Appendix A5 - SERC Reliability Corporation (SERC) 2015 CMEP Implementation Plan audit scope, will be considered and adjusted based upon the Regional Risk Assessment, the Risk-based Compliance Oversight Plan provided by NERC, and the Inherent Risk Assessment (IRA) of the registered entity performed by SERC. For registered entities registered only as a Purchasing-Selling Entity (PSE), SERC will use the Self-Certification monitoring method in lieu of conducting an audit of these registered entities. This monitoring method was selected based upon SERC’s Regional Risk Assessment conducted for 2015 and the limited number of reliability issues posed by PSE operation. SERC will not conduct an off-site or on-site CIP audit for registered entities that have declared that they own no Critical Assets (CAs) or Critical Cyber Assets (CCAs). This determination is based upon the Cyber Security Reliability Standards CIP V5 Transition Guidance provided by NERC that states, “For those Responsible Entities that do not have any Critical Assets or Critical Cyber Assets under the CIP V3 Standards, however, Regional Entities will forgo off-site audits of the CIP Reliability Standards during the Transition Period.” SERC may determine to use another monitoring method based on the registered entity IRA. SERC is gathering CIP V5 data from its registered entities to better understand the scope and focus of required outreach during 2015 and beyond. SERC is conducting a survey during the implementation period to determine the status of each registered entity’s transition to the CIP V5 Standards. Based on the data obtained, SERC will further align its outreach activities. Self-Certification Monitoring SERC will use Self-Certifications based on the guidance in the ERO CMEP IP, SERC’s annual Regional Risk Assessments, registered entity IRA, internal controls evaluations (if applicable), compliance history, etc. SelfCertifications may also use guided self-certifications that include specific questions and/or data requests. SERC will require all Self-Certifications to be completed on a Requirement basis. This will require a Self-Certification in which all sub-Requirements must be completed for each Requirement listed. SERC will provide additional guidance on Self-Certification requirements to registered entities throughout 2015 as needed Spot Checking SERC will determine the need for Spot-Checks based on the outcome of the registered entity IRA. In addition, SERC may use the Spot Check process to verify Mitigation Plans as needed. Periodic Data Submittals SERC will still have a number of Standards and Requirements that require a data submittal. Most of these data submittals serve as reminders to our registered entities of a monthly, quarterly, and/or annual reporting Requirement in the Standard. The audit schedule below shows registered entities that are subject to an audit during 2015 based on the three year cycle prescribed by NERC’s ROP. The schedule is also located on the SERC’s website here: http://www.serc1.org/Documents/Compliance/2015%20Program/2015%20SERC%20Audit%20Schedule.pdf NCR # NCR01312 NCR00070 NCR01225 NCR01223 NCR01151 NCR01359 2015 Compliance Audit Schedule Registered Entity South Carolina Public Service Authority-Audit Southeastern Power Administration-Audit East Kentucky Power Cooperative-Audit LG&E and KU Services Company-Audit Tennessee Valley Authority-Audit USACE-Mobile District-Audit NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 55 Appendix A5 - SERC Reliability Corporation (SERC) 2015 CMEP Implementation Plan NCR # NCR01359 NCR00826 NCR01315 NCR01361 NCR01234 NCR01320 NCR11305 2015 Compliance Audit Schedule Registered Entity City of Springfield, IL-CWLP-Audit Midwest Independent Transmission System Operator Inc. (RFC Lead)Audit South Mississippi Electric Power Association-Audit USACE-Savannah District-Audit Entergy-Audit Southern Company Services, Inc.– Trans-Audit Smoky Mountain Transmission LLC-Audit 5. Compliance Outreach Compliance Outreach Activities Outreach Activity SERC Compliance Portal SERC registered entities submit Self-Certifications, Self-Reports, Mitigation Plans, and Data Submittals via the SERC Portal. Surveys are conducted for feedback to allow SERC to incorporate enhancements based on the needs of the users and outreach events include training on upgrades and enhancements. Outreach Events SERC outreach events are planned throughout the year to accommodate the training needs of registered entities. Planned events, listed here, with specific themes will also feature compliance and reliability topics of importance at the time of the event. All events are posted to the SERC website, listed in the SERC Outreach & Training Catalog on the website, featured in the monthly SERC Transmission newsletter, and email notifications and reminders are sent to primary and alternate compliance contacts for all registered entities within the SERC Region footprint. Open Forum (WebEx): SERC’s Redesigned Website Spring Compliance Seminar Small Entity Workshop: CIP V5 Transition Open Forum (WebEx) Open Forum (WebEx) CIP Compliance Seminar Fall Compliance Seminar Focused Workshops / Webinars Supplemental focused events will be scheduled on an as-needed basis to provide outreach and training for new or revised Reliability Standards, targeted groups of registered entities based on functional Registration, and ERO initiatives. Lessons Learned Lessons Learned website postings will share information among registered entities. NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 56 Anticipated Date As needed throughout the year Jan 26, 2015 Feb 24-25, 2015 Feb 25, 2015 Apr 13, 2015 Jul 20, 2015 Sep 29-30, 2015 Oct 27-28, 2015 As needed throughout the year As available throughout the year Appendix A5 - SERC Reliability Corporation (SERC) 2015 CMEP Implementation Plan Compliance Outreach Activities Outreach Activity Anticipated Date Training and Education Catalog SERC maintains a catalog of recorded and upcoming training and education activities Updated as needed on its website to increase the number of people who are aware and are able to take throughout the year advantage of SERC’s training and education programs. Compliance Outreach Assistance Upon receipt of a New Registration Application, a document containing links to “Compliance 101” files on the FERC, NERC, and SERC websites will be sent to the applicant to provide basic compliance information in one convenient location. A sample of the links includes information such as the Energy Policy Act (EPA) of 2005 on the FERC site, ROP and Reliability Standards on the NERC site, and Acronym Reference Index and SERC Filing Due Dates on the SERC site. The SERC Transmission newsletter is distributed to registered entities within the SERC Region on a monthly basis. Articles contain links to scheduled outreach information for both SERC and NERC events, along with other topics helpful to maintain BPS reliability. NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 57 Updated as needed throughout the year Appendix A6 - Southwest Power Pool Regional Entity (SPP RE) 2015 CMEP Implementation Plan This Appendix contains the CMEP Implementation Plan (IP) for the SPP RE as required by the NERC Rules of Procedure. 1. Compliance Monitoring and Enforcement 1.1 CMEP IP Highlights and Material Changes SPP RE budgeted for four open positions in 2015 – the Compliance Director, two (2) Lead Engineers and a CIP Compliance Specialist. SPP RE will also utilize contractors or consultants during the 2015 year to assist Staff during audits, investigations and/or enforcement activities. SPP RE will be developing new tools and templates to implement the Reliability Assurance Initiative (RAI) activities. 1.2 Other Regional Key Initiatives & Activities SPP RE will continue to collaborate with NERC, Regional Entities and the registered entities to identify changes to enhance the risk-based approach to the monitoring and enforcement processes. SPP RE CIP Staff will begin an Outreach Program that will assist the registered entities in the transition to CIP version 5. 2. Regional Reliability Assessment Process and Regional Risk Identification SPP RE has developed a Regional Audit Scope Plan that identifies the risk elements within the SPP RE footprint. The SPP RE risk focus areas identified include the top violated requirements, facility rating impacts, newly enforceable Reliability Standards, System Awareness and protection of Cyber Assets. SPP RE will consider these Regional risk focus areas when following the ERO Risk-based Compliance Oversight Framework described in the ERO CMEP. SPP RE will also consider the Regional risk focus areas when conducting risk assessments for the registered entities that are scheduled for audits during 2015 to develop the audit scope. 3. Regional Risks Focus Areas and Associated Reliability Standards The table below contains the Regional risk focus areas identified during the Regional Risk Assessment process. The table also contains associated Reliability Standards/Requirements for identified risks that may be considered in the Regional compliance oversight plan. Reliability Standards Subject to Regional Monitoring Regional Risk Focus Areas Protection of Cyber Assets Protection of Cyber Assets Protection of Cyber Assets Facility Ratings Impacts Justification Associated Standard & Requirement(s) CIP-005-3 R2, R3 Essential to ensure the system protecting the cyber system can continue to maintain a security perimeter. Essential to ensure the protection of Cyber Assets from CIP-006-3 R2, R3, R6 unauthorized physical access. Essential to ensure applicable security patches are CIP-007-3 R3, R5 identified and installed on the CIP systems. Essential to ensure Generator Owners and Transmission Owners develops, maintain and FAC-008-3 R1, R2, R3, R6, R7 coordinate accurate facility ratings. NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 58 Appendix A6 - Southwest Power Pool Regional Entity (SPP RE) 2015 CMEP Implementation Plan Reliability Standards Subject to Regional Monitoring Regional Risk Focus Areas Facility Ratings Impacts System Awareness System Awareness New Requirements Top Violated Justification Essential to ensure Transmission Operators and Planning Authorities and Reliability Coordinators establish and coordinate SOLs and IROLs. Essential to ensure the Balancing Authorities and Transmission Operators operates and maintains the reliability of the system. Essential to ensure the Balancing Authorities and Transmission Operators operates and maintains the reliability of the system. Essential to ensure Generator Owners have a strategy to prevent vegetation encroachment into the MVCD. Top violated in the SPP RE area. Essential to ensure the BPS infrastructure is maintained. Associated Standard & Requirement(s) FAC-014-2 R2 TOP-002-2.1b R6 TOP-004-2 R1, R4 FAC-003-3 R3 (GO only) PRC-005-1.b R1, R2 4. Compliance Oversight Plan SPP RE will use the following monitoring tools for 2015: On-Site Audits –SPP RE will continue to audit the Transmission Operator and Balancing Authority entities that are on the three (3) year cycle for the Ops & Planning and CIP audits in 2015. Off-Site Audits- SPP RE will continue to audit the registered entities that are scheduled for a six (6) year audit cycle and for registered entities that have been registered within the last two (2) years for the Ops & Planning, CIP will not perform off-site audits in 2015 per the CIP V3 to V5 Transition Documentation. Spot-Checks – Spot-Checks may be used in lieu of Off-Site audits for entities that have a lower risk identified through the entity assessment. There are no mandatory Spot Checks listed in the 2015 NERC IP. However, SPP RE may initiate a Spot Check at any time to verify or confirm Self Certifications, Self Reports, and Periodic Data Submittals or in response to operating problems or system events. SPP RE may initiate Spot-Checks for the six (6) year audit cycle registered entities that had Area of Concerns identified in the audits during 2012. Self-Certification – SPP RE will continue to require SPP RE registered entities to perform a Self-Certification to ensure that the entity is maintaining the rigor of their internal controls for reviewing compliance with the Reliability Standards. SPP RE has identified such requirements based on the ERO CMEP IP and Regional Assessment for the registered entities. Self-Certification will be conducted using webCDMS. Entities will receive additional notice and instructions before each quarterly reporting window. Periodic Data Submittal The 2015 NERC IP does not identify Reliability Standards and Requirements that require periodic data submittals. SPP RE will require specific Reliability Standards and Requirements that contain periodic data submittal requirements for which SPP RE or SPP RTO will collect on a monthly, quarterly, or annual basis. The reporting requirements and the Audit Scope Plan are located on the SPP RE’s website here: http://www.spp.org/section.asp?group=3290&pageID=27 The audit schedule is also located on the SPP RE’s website here: http://www.spp.org/section.asp?group=3290&pageID=27 NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 59 Appendix A6 - Southwest Power Pool Regional Entity (SPP RE) 2015 CMEP Implementation Plan 2015 Compliance Audit Schedule Registered Entity American Electric Power Service Corp. (AEPW) Borger Energy Associates, LP (BOEA) Chisholm View Wind Project, LLC Dogwood Power Management, LLC (DPM) East Texas Electric Cooperative, Inc. (ETEC) Kansas City Power & Light Company (KCPL) Lea County Electric Cooperative, Inc. (LCEC) Midcontinent Independent System Operator, Inc (MISO) Midwest Energy, Inc. (MIDW) MISO-MBHydro Contingency Reserve Sharing Group (MRSG) NAES Corporation - Goodman Energy Center (NAESGEC) NextEra Energy Resources, LLC (NEXTERA) North American Energy Services - Dogwood (NAESDOGW) Northeast Texas Electric Cooperative, Inc (NTEC) PIC Group, Inc.- Mustang (PICMUS) Post Rock Wind Power Project, LLC Sunflower Electric Power Corporation (SECI) Terrebonne Parish Consolidated Government (TERREBONNE) Tex-La Electric Cooperative Of Texas, Inc (TEXL) Western Farmers Electric Cooperative (WFEC) w/ TRE City Utilities of Springfield Southwestern Power Administration Western Farmers Electric Cooperative (WFEC) w/ TRE Midcontinent Independent System Operator, Inc (MISO) Grand River Dam Authority Oklahoma Gas & Electric Company NCR # NCR01056 NCR01062 NCR11291 NCR11250 NCR01227 NCR01107 NCR06047 NCR00826 NCR01118 NCR03044 NCR11236 NCR01096 NCR06054 NCR01124 NCR11224 NCR11264 NCR01148 NCR01152 NCR01342 NCR01160 NCR01081 NCR01144 NCR01160 NCR00826 NCR01101 NCR01130 5. Compliance Outreach Compliance Outreach Activities Outreach Activity Newsletters SPP.org RE webpages (http://www.spp.org/section.asp?pageid=87) 2015 Spring Compliance Workshop 2015 CIP Workshop 2015 Fall Compliance Workshop Webinars Training Videos (http://www.spp.org/section.asp?pageID=92) Event Analysis Lessons Learned (http://www.spp.org/section.asp?group=2243&pageID=27) NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 60 Anticipated Date Monthly Updated as needed March 10-11, Little Rock June 2-3, Kansas City September 29-30, Dallas Approx. 9 per year As developed As developed Appendix A7 - Texas Reliability Entity (Texas RE) 2015 CMEP Implementation Plan This Appendix contains the CMEP Implementation Plan (IP) for the Texas RE as required by the NERC Rules of Procedure. 1. Compliance Monitoring and Enforcement 1.1 CMEP IP Highlights and Material Changes Texas RE in 2015 will continue to implement the Reliability Assurance Initiative (RAI), the Electric Reliability Organization’s strategic initiative to transform the current compliance and enforcement program into a program that is forward-looking and focuses on high risks to the Bulk Power System (BPS). In Section 4 below, Texas RE provides a list of registered entities that are planned to undergo compliance monitoring in the Texas Interconnection in 2015 and additional information on its compliance monitoring. Consistent with the NERC Rules of Procedure and approved practices, registered entities were selected for compliance monitoring based on three-year and six-year cycles. 1.2 Other Regional Key Initiatives & Activities Texas RE will be engaged in a significant amount of outreach associated with transition to CIP Version 5 throughout 2015. The outreach will consist of frequent, information-rich calls, newsletters and specialized workshops (as needed), intended to provide guidance and support for all entities. Texas RE will continue its collaborative effort between NERC, the Regional Entities, and registered entities to identify and implement changes that enhance the effectiveness of the Compliance Monitoring and Enforcement Program. 2. Regional Reliability Assessment Process and Regional Risk Identification As part of the Reliability Assurance Initiative, the level of scrutiny a registered entity receives in terms of compliance monitoring will be directly commensurate with the risk it poses to the reliability of the BPS. For entities that do not pose a significant reliability risk, the minimum compliance monitoring activities may suffice. For entities that do pose a significant risk to reliability, it will be necessary for those entities to undergo additional compliance monitoring such as additional focused spot checks, a greater number of SelfCertifications, or broader and deeper audits of greater frequency. To assist Texas RE in determining how much risk an entity poses to reliability, Texas RE utilizes dedicated staff to review risk within the ERCOT Interconnection. The staff relies heavily on feedback from other groups within Texas RE such as Registration, Enforcement, Reliability Services, and Compliance to achieve an understanding of the risks encountered or emerging within the region. Additionally, Texas RE reviews externally created reports and discussions focusing on reliability risks. The recently developed risk elements Guide provides basic guidance for determining risks for which some level of compliance monitoring may be appropriate. Texas RE will utilize the risk elements Guide to focus on risks within the region by involving local subject matter experts. For example, the Texas RE Reliability Services department creates an annual state of reliability report. Some aspects within the report correlate to the risk elements determined within the risk elements Guide but others are corollaries, such as “Unplanned generation outages with emphasis on winter preparation,” a localized issue requiring localized focus. Texas RE will utilize determined risks to facilitate engagements with registered entities in such a way that prioritizes the evaluation of compliance for the determined risks. Texas RE will apply the appropriate risk element or risk elements to the appropriate registered entity to maintain focus on reliability. NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 61 Appendix A7 - Texas Reliability Entity (Texas RE) 2015 CMEP Implementation Plan Every registered entity is subject to an evaluation of compliance for all Standards determined to be within the Areas of Focus described within the risk elements Guide. Additional risk elements may be added as needed throughout the year. For Critical Infrastructure Protection requirements, Texas RE will utilize the approved transition guide and apply RAI concepts to determine relevant risks to reliability and appropriate Compliance Monitoring and Enforcement Program processes. 3. Regional Risk Focus Areas and Associated Reliability Standards The table below contains examples of Regional risk focus areas identified during the Regional Reliability Assessment process. The table also contains examples of associated Reliability Standards/Requirements to identified risks that may be considered in the Regional compliance monitoring plan. This table may be updated as needed and in no way restricts Texas RE from utilizing other regional risks and associated Standards/Requirements determined throughout the year. Reliability Risks Subject to Regional Monitoring Regional Risk Focus Justification Area Planning Planning is considered a risk due to the nature of this Interconnection. The list of requirements covers a broad perspective of the different facets of planning requirements that have an impact on reliability. Emergency Response and Recovery SPS Management Standard & Requirement BAL-001-1 R1-R2; BAL-003-0.1b R1, R2, R4, R5, R6; EOP-001-2.1b R2-R4;EOP-0023.1 R2; EOP-003-2 R2-R8;EOP-004-2 R1R3; EOP-005-2 R1, R3, R4, R6; EOP-006-2 R1; FAC-008-3 R3, R6- R8; FAC-010-2.1 R1-R4; FAC-011-2 R1-R4; FAC-013-2 R1; FAC-014-2 R1-R4; PRC-006-1 R1-R14; VAR-001-4 R1-R5; VAR-002-3 R5, R6 The nature of this Interconnection BAL-001-1 R1-R2; BAL-002-1 R1; COMrequires monitoring of the reliability 001-1.1 R5; COM-002-2 R1-R2; EOP-001related activities needed to respond and 2.1b R1-R6; EOP-002-3.1 R1-R9; EOPrecover to emergencies. 003-2 R1, R2; EOP-005-2 R1-R18; EOP006-2 R1-R10 ; EOP-008-1 R1-R8; EOP010-1 R1-R3; FAC-010-2.1 R2; FAC-011-2 R2; FAC-014-2 R1-R4, R6; IRO-001-1.1 R3, R8; IRO-002-2 R1, R4, R6, R7; IRO-003-2 R1, R2; IRO-005-3.1 R12; IRO-006-5 R1; IRO-006-TRE-1 R1-R2; IRO-009-1 R1-R5; IRO-010-1a R1, R3; IRO-016-1 R1; PER001-0.2 R1; PER-004-2 R1, R2; PER-005-1 R3; PRC-001-1.1 R2, R6; TOP-001-1a R1R6, R8; TOP-002-2.1b R6; TOP-003-1 R1; TOP-004-2 R4-R6; TOP-006-2 R5, R6; TOP-007-0 R1-R4; TOP-008-1 R1-R4; TPL002-0b R1-R3; TPL-003-0b R1-R3; TPL004-0a R1-R2 SPS remains a facet of operations that can PRC-001-1.1 R1-R6; PRC-005-2 R1-R5; have an impact on reliability. There has PRC-015-0 R1-R3; PRC-016-0.1 R1-R3; been a significant amount of change with PRC-017-0 R1-R2 respect to the quantity of SPS’s within this Interconnect NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 62 Appendix A7 - Texas Reliability Entity (Texas RE) 2015 CMEP Implementation Plan Reliability Risks Subject to Regional Monitoring Regional Risk Focus Justification Standard & Requirement Area UVLS Management There are areas within this Interconnect EOP-003-2 R2, R4, R7; PRC-001-1.1 R1that require monitoring of this operational R5; PRC-004-2.1a R1-R3; PRC-005-2 R1tool. R5; PRC-010-0 R1; PRC-011-0 R1-R2; PRC021-1 R1-R2; PRC-022-1 R1 UFLS Management Frequency control is significant within this PRC-001-1.1 R1-R5; PRC-004-2.1a R1-R3; Interconnection and monitoring the UFLS PRC-005-2 R1-R5; PRC-006-1 R1-R12; aspect is important to ensure reliability. PRC-008-0 R1-R2; Local Emergency There are localized emergencies that, if COM-001-1.1 R5; COM-002-2 R1-R2, Management not managed well, could lead to broader EOP-001-2.1b R1-R5; EOP-002-3.1 R1-R9, impacts to the Interconnection. EOP-003-2 R1-R8; EOP-005-2 R1-R18; EOP-006-2 R1-R10; IRO-006-TRE-1 R1-R2; TOP-001-1a R1-R6, R8; TOP-002-2.1b R1, R4, R6, R10; TOP-003-1 R1-R3; TOP-004-2 R1-R4, R6; TOP-006-2 R1, R2, R4; TOP007-0 R1-R4; TOP-008-1 R1-R4 Operations Guides The management of the various operating IRO-006-TRE-1 R1-R2 (RAP, MP, PCAP, tools available to preserve reliability TOAP, etc…) require a level of compliance monitoring. SOL/IROL The nature of the Interconnection COM-002-2 R1-R2; EOP-001-2.1b R1-R3; Coordination requires this risk to be closely monitored FAC-002-1 R1; FAC-008-3 R1-R3, R6, R8; and reviewed. FAC-010-2.1 R1-R4; FAC-011-2 R1-R4; FAC-013-2 R1, R2, R4, R5; FAC-014-2 R1R5 ; IRO-001-1.1 R1, R2, R4, R6-R9; IRO002-2 R3-R5, R7; IRO-003-2 R1-R2; IRO004-2 R1; IRO-005-3.1a R1, R2, R5, R9, R12; IRO-006-5 R1; IRO-006-TRE-1 R1R2; IRO-008-1 R1-R2; IRO-009-1 R1-R5; IRO-010-1a R1-R2; IRO-014-1 R1-R4; IRO015-1 R1; MOD-010-0 R1; MOD-012-0 R1-R2; MOD-018-0 R1; NUC-001-2.1 R4, R9; PER-004-2 R2; PER-005-1 R3; TOP001-1a R1-R3, R7; TOP-002-2.1b R1, R2, R4, R10, R11, R13, R16, R18; TOP-003-1 R1, R2; TOP-004-2 R1, R4-R6; TOP-005-2a R2; TOP-006-2 R3, R5, R6; TOP-007-0 R1, R2, R4; TOP-008-1 R1-R4; TPL-001-0.1 R1-R2; TPL-002-0b R1-R2; TPL-003-0b R1R2; TPL-004-0a R1; VAR-002-3 R2 Critical Voltage This risk is closely related to the UVLS CIP-002-3 R1; COM-002-2 R1; FAC-002-1 Support management but covers risks in other R1; FAC-008-3 R6, R7, R8; IRO-002-2 R4, portions of the Interconnect that may not R5; PRC-010-0 R1; PRC-011-0 R1-R2; TOPhave UVLS. 003-1 R2; TOP-006-2 R2, R5; VAR-001-4 R1-R5; VAR-002-3 R1-R4, R6 NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 63 Appendix A7 - Texas Reliability Entity (Texas RE) 2015 CMEP Implementation Plan Reliability Risks Subject to Regional Monitoring Regional Risk Focus Justification Standard & Requirement Area SCADA/EMS Outage NERC has recognized this as a re-occurring CIP-003-3 R1,R2, R4-R6;; CIP-005-3a R1and Problems event that requires monitoring to R4; CIP-006-3c R2-R6; CIP-007-3a R1-R9; determine impacts to reliability. CIP-008-3 R1-R2; CIP-009-3 R1-R4; COM001-1.1 R1-R5; COM-002-2 R1-R2; EOP001-2.1b R2, R3, R5; EOP-003-2 R5, R6, R8; EOP-004-2 R1-R2; EOP-005-2 R1, R3, R10; EOP-008-1 R1-R8; IRO-001-1.1 R1, R4; IRO-002-2 R5, R6, R7, R8; IRO-003-2 R1, R2; IRO-005-3.1a R1, R2, R5, R7, R8, R9; IRO-006-TRE-1 R1, R2; IRO-010-1a R1; PER-005-1 R1; PRC-001-1.1 R6; TOP-0011a R1-R5, R7-R8; TOP-002-2.1b R1, R5, R6, R10, R11, R14, R16; TOP-004-2 R1, R4, R6; TOP-005-2a R2; TOP-006-2 R1-R6; TOP-007-0 R1; TOP-008-1 R1-R4 Internal Access Even with the transition to CIP V5 there is BAL-005-0.2b R3; CIP-002-3 R1-R2; CIPPoints PSP a need to maintain security and provide 003-3 R1, R5; CIP-004-3a R1-R4; CIP-006monitoring activities associated with CIP. 3c R1-R6, R8 External Access Even with the transition to CIP V5 there is BAL-005-0.2b R3; CIP-002-3 R1-R3; CIPPoints ESP a need to maintain security and provide 003-3 R1, R4-R6; CIP-004-3a R1-R4; CIPmonitoring activities associated with CIP. 005-3a R1-R4 Network Even with the transition to CIP V5 there is BAL-005-0.2b R3; CIP-002-3 R1-R3; CIPArchitecture a need to maintain security and provide 003-3 R1,R2, R4-R6; CIP-004-3a R1-R4; monitoring activities associated with CIP. CIP-005-3a R1-R4; CIP-006-3c R2-R6; CIP007-3a R1-R9 Critical Assets Even with the transition to CIP V5 there is BAL-005-0.2b R3; CIP-002-3 R1-R4 Selection a need to maintain security and provide monitoring activities associated with CIP. Frequency The nature of this Interconnection BAL-001-1 R1-R3; BAL-001-TRE-1 R2, R3, Response and requires monitoring of the reliability R6-R10; BAL-003-0.1b R1, R4; BAL-005Control related activities needed to maintain 0.2b R14; COM-002-2 R1; EOP-001-2.1b frequency. R2; EOP-002-3.1 R5; EOP-003-2 R6, R7; EOP-006-2 R7; PRC-006-1 R1-R14; PRC008-0 R1, R2; TOP-006-2 R7 Protection System Protection System performance remains a PRC-001-1.1 R2-R6; PRC-004-2.1a R1-R3; Performance risk requiring focused attention. PRC-023-3 R1-R6,; PRC-025-1 R1; NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 64 Appendix A7 - Texas Reliability Entity (Texas RE) 2015 CMEP Implementation Plan Reliability Risks Subject to Regional Monitoring Regional Risk Focus Justification Standard & Requirement Area Operational Communication is a critical aspect of BAL-003-0.1b R1; BAL-004-0 R2, R4; BALCommunication reliability. 005-0.2b R4; BAL-006-2 R2-R5; COM-0011.1 R1, , R3, R4; COM-002-2 R1, R2; EOP001-2.1b R3, R6; EOP-002-3.1 R3, R7, R9; EOP-003-2 R3; EOP-005-2 R1-4, R8, R15; EOP-006-2 R2, R4, R5, R7, R8, R10; EOP008-1 R8; EOP-010-1 R2; FAC-001-1 R1;; IRO-002-2 R1-R3; IRO-004-2 R1; IRO-0053.1a R3, R4, R6, R9, R10, R12; IRO-006-5 R1; IRO-009-1 R4; IRO-016-1 R1; MOD001-1a R4, R5; PRC-001-1.1 R2, R6; TOP001-1a R3-R5, R7, R8; TOP-002-2.1b R3, R4, R11, R13-R17,; TOP-003-1 R1-R3,; TOP-004-2 R6,; TOP-005-2a R1-R3; TOP006-2 R1; TOP-007-0 R1, R4; TOP-008-1 R3; VAR-001-4 R3; VAR-002-3 R1-R4, R6 Renewables The management of renewable BAL-001-TRE-1 R2, R3, R6-R10; BAL-005Integration integration is important to reliability due 0.2b R1, R14; CIP-002-3 R1-R3,; COMto the nature of this Interconnection. The 002-2 R1-R2; EOP-004-2 R1, R2; FAC-001Interconnect has had a significant change 1 R1-R3; FAC-002-1 R1; FAC-008-3 R1, R2, in topology to allow integration and the R6, R7; IRO-002-2 R1-R8; MOD-026-1 R2results of that integration are becoming R5; MOD-027-1 R1-R5; PRC-001-1.1 R3; more apparent during grid operations. PRC-018-1 R1-R6; TOP-001-1a R3, R6, R7; TOP-002-2.1b R13- R15; TOP-006-2 R1; VAR-002-3 R1-R2 4. Compliance Oversight Plan Texas RE will use the approved ERO Compliance Oversight Framework, as described in the ERO CMEP IP, to determine the scope of each compliance engagement and the method for conducting the engagement (such as by audit, Self-Certification, or spot check). Texas RE will evaluate risk elements and apply compliance monitoring subject to NERC Standards and Requirements applicable to the risks. Each registered entity will undergo an Inherent Risk Assessment using characteristics of the specific entity to help determine the scope of the compliance review. The scope of review may be further tailored for those registered entities that opt to undergo an Internal Control Evaluation. Texas RE will notify registered entities of upcoming compliance engagements within the timeframes required by Appendix 4C to the NERC Rules Procedure (at least 90 days before an audit, 30 days before a SelfCertification, and 20 days before a spot check). Texas RE will evaluate Operations and Planning Requirements and Critical Infrastructure Protection Standards and Requirements concurrently during an engagement instead of conducting separate engagements. For Critical Infrastructure Protection Requirements, Texas RE will refer to the approved transition guide. Texas RE will also implement a change for use of Self-Certifications for registered entities within the Texas RE footprint. Texas RE will require more information from entities selected to self-certify, and the SelfCertification will be limited to Standards and Requirements related to risks identified through the compliance monitoring processes. The intent of this change is to implement RAI goals by focusing on risks and properly leveraging the resources of registered entities and Texas RE. NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 65 Appendix A7 - Texas Reliability Entity (Texas RE) 2015 CMEP Implementation Plan Texas RE will use the approved Compliance Oversight Framework to determine the scope of each compliance engagement and the method for conducting the engagement (such as by audit, Self-Certification, or spot check). Texas RE will notify registered entities of upcoming compliance engagements within the timeframes required by Appendix 4C to the NERC Rules Procedure (at least 90 days before an audit, 30 days before a SelfCertification, and 20 days before a spot check). The candidate list below is considered an initial list and is subject to change. NCR # NCR01160 NCR01342 NCR02910 NCR04003 NCR04004 NCR04006 NCR04010 NCR04013 NCR04018 NCR04021 NCR04027 NCR04038 NCR04056 NCR04082 NCR04092 NCR04094 NCR04118 NCR04119 NCR04121 NCR04124 NCR04127 NCR04160 NCR10004 NCR10090 NCR10173 NCR10174 NCR10211 NCR10219 NCR10249 NCR11074 NCR11076 NCR11383 2015 Compliance Audit Schedule Registered Entity Western Farmers Electric Cooperative Tex-La Electric Cooperative of Texas, Inc. Nextera Energy Resources, LLC Forest Creek Wind Farm, LLC Sand Bluff Wind Farm LLC American Electric Power Service Corp. Barney M Davis Unit 1 Bluebonnet Electric Co Op, Inc. Brownsville Public Utilities Board Brownsville Public Utilities Board Silas Ray Calpine Power Management, LP CPS Energy ERCOT ISO Ingleside Cogeneration, LP Lower Colorado River Authority Magic Valley Electric Coop Inc. San Bernard Electric Coop, Inc. Sharyland Utilities LP Sid Richardson Carbon LTD South Texas Electric Cooperative, Inc. STP Nuclear Operating Company Weatherford Municipal Utility System City of Georgetown NRG Texas Power, LLC Champion Wind Farm, LLC Roscoe Wind Farm, LLC Electric Transmission Texas, LLC Luminant Generation Company, LLC Panther Creek Wind Farm I & II, LLC Wind Energy Transmission Texas, LLC Lone Star Transmission, LLC EC&R QSE, LLC 5. Compliance Outreach Compliance Outreach Activities Outreach Activity Spring Compliance Workshop Fall Compliance Workshop NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 66 Anticipated Date Spring 2015 Fall 2015 Appendix A7 - Texas Reliability Entity (Texas RE) 2015 CMEP Implementation Plan Compliance Outreach Activities Outreach Activity Talk With Texas RE Texas REview Newsletter CIP Compliance Workshop(s) NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 67 Anticipated Date Projected Monthly (subject to change) Projected Monthly TBD Appendix A8 - Western Electricity Coordinating Council (WECC) 2015 CMEP Implementation Plan This Appendix contains the CMEP Implementation Plan (IP) for WECC as required by the NERC Rules of Procedure. 1. Compliance Monitoring and Enforcement 1.1 CMEP IP Highlights and Material Changes Enhanced Regional Coordination In 2014, WECC coordinated enforcement activities for some registered entities across multiple regions. In addition, WECC continued to identify registered entities that could qualify for coordinated compliance and enforcement activities under a forthcoming Multi-Regional registered entity (MRRE) Process. WECC plans to work with NERC and the other Regions in 2015 to implement the MRRE Process as appropriate. Departmental Reorganization: Enforcement and Compliance Risk Analysis In 2014, the WECC Compliance Department restructured to more appropriately allocate resources to prepare to implement the Reliability Assurance Initiative (RAI) in 2015. Subject matter experts previously working within the WECC Enforcement Team moved to the newly created Compliance Risk Analysis functional group. The Compliance Risk Analysis Group will continue to focus on conducting reviews and technical assessments of all self-identified violations and mitigation plans. In addition, this group will focus on Inherent Risk Assessments (IRAs) and Internal Controls Evaluations (ICEs) as part of the RAI. Strengthened Settlement Process During 2014, WECC continued to leverage information gained from risk analysis, lessons learned, best practices, and other information to enhance monitoring and enforcement activities. For example, in negotiating settlement agreements disposing of violations, WECC may propose reliability-focused terms aimed at improving reliability, culture of compliance, internal controls, and internal compliance programs. Most settlements reached in 2014 included such reliability-focused activities. In addition, WECC began sharing best practices and lessons learned on its Compliance website during 2014 and will continue to expand this information in 2015. 1.2 Other Regional Key Initiatives & Activities During 2015, WECC will implement the ERO’s risk-based approach to compliance monitoring in conducting CMEP-related activities. WECC will phase in implementation of IRA and ICE activities to help determine the best use of its resources and understand that WECC’s processes will evolve throughout the year. Risk-based Framework for Off-site Audits In 2015, WECC will implement the ERO Risk-based Compliance Oversight Framework, as described in the ERO CMEP IP, for conducting off-site audits for certain registered entities, different from the annual “one-size-fitsall” formal off-site compliance audit strategy that WECC has implemented since 2007. This tailored audit strategy considers the inherent risks posed by the registered entities in choosing the appropriate monitoring engagement. WECC conducted a risk assessment of all entities scheduled for off-site audits in 2015. Based on the risk assessment, WECC will conduct off-site audits as usual for some entities. However, for most entities otherwise due for the off-site audit, WECC will substitute the annual Self-Certification process, combined with a focused validation of the annual Self-Certifications. WECC plans to continue to perform all on-site audits during 2015 as scheduled. NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 68 Appendix A8 - Western Electricity Coordinating Council (WECC) 2015 CMEP Implementation Plan Inherent Risk Assessment (IRA) Process WECC Compliance will perform an IRA of registered entities to identify areas of focus and the level of effort needed to monitor compliance with NERC Reliability Standards for a particular Entity or category of Entity. While the IRA is similar in nature to what WECC has been doing in the past several years when scoping audits, the IRA will strengthen the process. In 2015, WECC plans to conduct IRAs for registered entities that have an on-site audit scheduled. If resources permit, during 2015 WECC may conduct IRAs for other registered entities as well. Internal Controls Evaluation (ICE) Process WECC Compliance may perform an ICE of certain registered entities to assess their internal controls, which may further focus the level and effort needed to monitor compliance with NERC Reliability Standards for a particular Entity. For 2015, WECC will roll out the ICE process on a limited basis. Any entity that has a scheduled audit in third or fourth quarters 2015 may volunteer for the ICE program. WECC will contact each such entity in early 2015 to provide more information and discuss the Entity’s options. If a registered entity volunteers for the ICE process, WECC will evaluate its internal controls that support compliance with the Reliability Standards. WECC will assess the strength of these controls and provides the entity with feedback. WECC will use its evaluation of internal controls to determine the scope and depth of the compliance monitoring activity and any potential impacts on enforcement processing of violations and mitigation plans submitted by entities. Registered entities may elect not to participate in an ICE. In that case, WECC will use the results of the IRA to determine the appropriate compliance monitoring strategy. WECC also will provide more information in 2015 regarding the expansion of this program in 2016 and beyond. For Entities not eligible for this process in 2015, WECC will work with interested entities to recommend how it could focus on identifying, organizing, and strengthening detective, preventative and corrective controls pertaining to the Reliability Standards. WECC will post guidance specific to its ICE review process in early 2015 and will update ICE-related information during the year as appropriate. Internal Compliance Program Assessment (ICPA) WECC will continue its voluntary ICPA Program, originally launched during 2012, in 2015. The ICPA Program is a tool Entities can but are not required to use to assist in the development of strong Internal Compliance Programs (ICPs). WECC provides feedback, highlighting exemplary practices and providing recommendations for improvement where appropriate. As the ICE process develops, WECC will consider merging the ICPA process with the ICE process. CIP v5 Implementation In 2014, WECC made significant efforts to prepare both staff and registered entities to be compliant with CIP v5. WECC will follow NERC’s Transition Guidance for CIP-related monitoring and enforcement during 2015, in anticipation of the 2016 compliance date. During 2014, WECC conducted numerous outreach activities and materials to assist registered entities in making the transition. All presentations and associated material are available via WECC’s website. The WECC Cyber Security Audit Team will use the NERC CIP v5 transition guidance in conjunction with the NERC RAI program during its 2015 audit engagements. While maintaining its schedule of 2015 on-site audits, the WECC Cyber Security Audit Team will continue to engage its registered entities, NERC and the other Regions in ensuring a consistently applied audit approach on CIP v5. WECC encourages registered entities to take a proactive approach in transitioning to CIP v5. If registered entities encounter any issues in its transition, WECC encourages them to contact WECC to work through the issues. Physical Security Standard Implementation NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 69 Appendix A8 - Western Electricity Coordinating Council (WECC) 2015 CMEP Implementation Plan WECC has been actively engaged in CIP-014 activities during 2014, dedicating resources and leveraging key relationships with Standard Drafting Team members and industry to inject subject matter expertise and practical experience into both the Standard and RSAW. WECC has a number of CIP auditors with strong physical security credentials. To share this expertise, WECC has developed and delivered multiple presentations to both industry and other Regions, providing a “next-steps” perspective aimed at aiding registered entities in a move toward increased security and compliance with CIP-014. Presentations and other materials are on WECC’s website. 2. Regional Risk Assessment Process This section provides a description of how WECC assessed risk in the Western Interconnection and determined associated Reliability Standards for consideration its Regional compliance monitoring plan. In identifying risks, WECC considered risks identified by NERC in its risk elements Guide for Development of the 2015 CMEP IP. In addition, for the Western Interconnection, WECC specifically considered factors such as footprint and registered entity characteristics, registered functions, geographic locations, system events and trends, compliance history, SCADA systems, FERC Orders and Guidance, et al. A summary of the specific risks, and associated standards, follows, for both Critical Infrastructure Protection (CIP) and Operations and Planning (O&P) Standards: 3. Regional Risks and Associated Reliability Standards The standards identified below generally will be in scope for compliance monitoring for entities to which the standards apply, and thus they are similar to the Actively Monitored Lists in the past. During 2015, as WECC phases in and matures its RAI-related activities, it will begin to tailor monitoring activities to more closely match individual entity risks. WECC may contact individual Entities to provide more focused scope for audits or Self-Certifications, for example. WECC will give priority to focusing on entities scheduled for on-site audits during 2015, and to other Entities for which it may have conducted the Inherent Risk Analysis and, if applicable, the Internal Controls Evaluation. Critical Infrastructure Protection (CIP) Over the past several years, cyber security threats have been on the rise in the electricity sector. As Entities have become more reliant on automated systems and integrated technology, it has become more important to identify the cyber security risks associated with using these advanced technologies. While the electric sector has yet to experience a cyber-attack affecting reliable operation of the Bulk Power System, WECC believes the risk of a large-scale cyber-attack is significant and must be addressed to the extent possible through standards monitoring. To help focus compliance monitoring and enforcement efforts, WECC has identified seven cyber security areas of risk that pose the greatest threat to the Western Interconnection. WECC’s Compliance Risk Analysis and Cyber Security Audit teams developed the seven areas of risk identified below. These risks were identified by considering the risks identified by NERC, the history of most violated CIP Standards in the Western Interconnection, and WECC’s experience in conducting Cyber Security audits, reviewing self-disclosed violations, and professional expertise of Compliance Risk Analysis and Cyber Security Audit teams. Event and incident response, continuity of operations: This area relates to establishing and maintaining plans, procedures, and technologies to detect, analyze, and respond to cyber security events. Threat and vulnerability management: This area relates to establishing and maintaining plans, procedures, and technologies to detect, identify, analyze, manage, and respond to cyber security threats and vulnerabilities. Risk management: This area relates to establishing, operating, and maintaining an enterprise cyber security risk management program to identify, analyze, and mitigate cyber security risk to the organization. NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 70 Appendix A8 - Western Electricity Coordinating Council (WECC) 2015 CMEP Implementation Plan Asset and configuration management: This area relates to managing an entity’s information technology assets, including hardware and software. Identity and access management: This area relates to creating and managing logical or physical access to an entity’s assets. Workforce management: This area relates to establishing and maintaining plans, procedures, technologies, and controls to create a culture of cyber security and to ensure the ongoing suitability and competence of personnel. Situational awareness: This area relates to establishing and maintaining activities and technologies to collect, analyze, alarm, present, and use power system and cyber security information, including status and summary information. As part of this project, WECC also identified the CIP Standards most commonly associated with these areas of risk. Based on the degree of association of the CIP Standards with a given risk area, WECC created a list of Standards most closely associated with these areas of risk: CIP Reliability Standards Subject to WECC Monitoring Regional Risk Focus Area Event and incident response, continuity of operations Justification It is essential for registered entities to develop plans to respond to cyber-security events. Failure to do so could significantly increase the exposure of the threat and time a realized threat exists. Significant impact could occur if entities cannot properly and quickly respond to threats. This area has been reported on as needing attention in the NERC Cyber Attack Task Force final report and the ERO Priorities – RISC Updates and Recommendations report. Threat and Not having procedures to detect and respond to cyber vulnerability vulnerabilities could adversely affect organizational management operations, including logical and physical assets. This risk area has been highlighted in the NERC Cyber Attack Task Force final report, ERO Priorities – RISC Updates and Recommendations report, 2013 Long-Term Reliability Assessment report, and ERO Top Priority Reliability Risks 2014-2017 report. Risk management A risk management program that oversees an organization’s cyber security risk could have far reaching affects throughout all the entity's cyber security programs to mitigate threats both physical and logical. This area makes the foundation of a registered entity’s cyber security framework. The DOE guide “Risk Management Process” highlights the need for cyber security risk management being a part of an organization’s mission and business requirement. Standard & Requirement CIP-007 R6 CIP-008 R1 CIP-009 R2 CIP-005 R4 CIP-007 R8 CIP-008 R1 CIP-002 R1 CIP-008 R1 NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 71 Appendix A8 - Western Electricity Coordinating Council (WECC) 2015 CMEP Implementation Plan CIP Reliability Standards Subject to WECC Monitoring Regional Risk Focus Area Asset and configuration management Identity and access management Situational awareness Justification Not knowing which assets are performing critical functions for the entity could lead to misconfigured assets and lack of necessary protections for those assets. Since asset configurations impact the security and operation of every asset, it is critical to properly account for, and manage this area. Standard & Requirement CIP-002 R2 CIP-002 R3 CIP-003 R6 CIP-005 R1 CIP-007 R1 CIP-007 R2 CIP-007 R3 CIP-007 R4 CIP-004 R4 CIP-005 R2 CIP-006 R1 CIP-006 R4 CIP-007 R5 Identity and access management is one of the most important components of a registered entity’s security infrastructure. An entity’s information assets must be accessible only to individuals who are granted explicit entitlements to specific information. Failure to manage identity and access to cyber assets could allow malicious individuals to have access to key facilities, devices and services. Not having information about an entity’s systems does CIP-005 R3 not allow the entity to take corrective actions to detect CIP-006 R5 and prevent failure and compromise. It is essential for CIP-007 R6 registered entities to have awareness about their environment. Failing to do so could them from being protected against attacks. The RISC’s ERO Priorities – RISC Updates and Recommendations report, NERC’s ERO Top Priority Reliability Risks 2014-2017 report, and the Cyber Attack Task Force final report highlight this concern. Operations and Planning (O&P) The O&P Audit team and Compliance Risk Analysis team have identified areas of risk to the Western Interconnection. These risks were identified by considering the risks identified by NERC documents (ERO Top Priority Reliability Risks 2014-2017 and 2015 ERO Compliance Monitoring and Enforcement Implementation Plan), history of most violated Operations and Planning Standards in the Western Interconnection, Event analysis reports, WECC’s experience in conducting Operations and Planning audits, reviewing self-disclosed violations, and professional expertise of WECC Compliance Risk Analysis and Operations and Planning Audit teams. Human Performance: This area relates to a range of issues facing the electricity industry today, including the imminent loss of critical skills and knowledge with the retirement of an aging workforce, cognitive overload of System Operators complicating the task of maintaining reliability, and an apparent shift in operating philosophy toward operating to standards rather than to reliability. Equipment Failure: This area relates to equipment failure due to aging infrastructure of generation facilities, transmission facilities, and substations. In addition to this, there is a risk associated with failure of adequate coordination with other entities and consideration of impact on the BPS. Changing Resources: Variable Generation Integration: This area refers to the composition of installed electric generation capacity that makes up the resource portfolio. Additionally this area also refers to the challenges faced due to integration of variable generation, planning for changes in system composition, replacing retired capacity or coal generation. NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 72 Appendix A8 - Western Electricity Coordinating Council (WECC) 2015 CMEP Implementation Plan Protection System Reliability: This area relates to Special Protection Scheme/Remedial Action Scheme (SPS/RAS) effectiveness, SPS/RAS proliferation, misoperation of the protection system devices, and increasing RAS events. In addition to this, there is a risk associated with failure of adequate coordination with other entities and consideration of impact on the BPS. Situational Awareness: Situational awareness refers to the ability to see and comprehend what is happening on the system. This area relates to importance of including Real-Time Contingency Analysis (RTCA) Tools, next-day studies in planning studies. It also relates to inadequate data coordination, data failure, data shrinkage (unexpected outages of tools providing data to operators) leading to operators not having enough visibility to some or all the system they operate. Changing Load Composition: This area relates to changing load shape, changing load patterns, increased A/C penetration like plug-in vehicles. Vegetation and Right of Way issues: This area relates to outages that are caused due to inability to maintain vegetation like grow-in issues in the transmission line or Right of Way clearance issues. It refers to recently approved new NERC standard that specifically relates to the outages caused due to interrelationship between vegetation growth rates, vegetation control methods and inspection frequency which if ignored might lead to encroachment into minimum vegetation clearance distances. This can lead to loss of load or generation. Transmission Planning Adequacy: This area relates to need and importance of transmission study models in forecasting and monitoring load, transmission, generation, and facility devices. High-Impact Low-Frequency Events: This area relates to specific events that might not happen frequently but might pose a higher impact to the reliability of the BPS. Adequacy of Reserves: This area relates to changing Reserve Sharing requirements due to increasing risk of distributed generation, retirement of certain generations due to environmental regulations. As a result of this project, WECC identified the O&P Standards most commonly associated with these areas of risk. Based on the degree of association of the O&P Standards with a given risk area, WECC created a list of Standards most closely associated with these areas of risk: O&P Reliability Standards Subject to WECC Monitoring Regional Risk Focus Area Human Performance Justification Standard & Requirement Human Error has been responsible for many historical COM-002-2 R2 outages. Human performance challenges encompass a PER-005-1 R3 range of issues including the imminent loss of critical skills and knowledge with the retirement of an aging workforce, cognitive overload of System Operators complicating the task of maintaining reliability, and an apparent shift in operating philosophy toward operating to standards rather than to reliability. These issues are pervasive and require coordinated industry efforts to address. NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 73 Appendix A8 - Western Electricity Coordinating Council (WECC) 2015 CMEP Implementation Plan O&P Reliability Standards Subject to WECC Monitoring Regional Risk Justification Standard & Requirement Focus Area Equipment Failure As the components of the BPS continue to age, the FAC-501-WECC-1 R3 likelihood of failure increases. Additionally, engineering PRC-005-1 R2 margins have been minimized through advances in PRC-005-2 R3 technology which means that BPS components PRC-005-2 R4 construction practices are less robust. For example, a PRC-008-0 R1 1940’s transformer may have been over-built to take PRC-008-0 R2 system changes, but today’s transformers are built with PRC-011-0 R1 thinner margins and are less likely to withstand system PRC-017-0 R1 dynamics as well. Hence, tracking the rate of occurrence aids industry in understanding and identifying potential systemic issues, such as manufacturing flaws or operational practices. Changing Resources: Variable Generation Integration The 2013 and 2014 NERC State of Reliability Reports identified AC substation equipment failure as significant contributors to disturbance events, with a positive correlation to increased transmission outage severity. With the increased installation of variable generation, fluctuations in generation and load increase the dependency of system reserves, peaking plants, and energy storage systems. Also, as generation and load fluctuate, facilities need to ramp up and down more frequently increasing maintenance requirements and the risk of mechanical and electrical failures. BAL-002-WECC-2 R1 BAL-002-WECC-2 R2 BAL-002-WECC-2 R3 BAL-002-WECC-2 R4 As more renewable resources are brought online and traditional resources are decommissioned, the available rotating inertia and base-load is reduced which may increase the risk to BES stability. Maintaining resource adequacy will be an ongoing challenge as the resource mix changes. As noted in the WECC annual Power Supply Assessment Report’s current projection, the reserve margins will be adequate for the next seven to ten years. Changes outside the assumptions used in resource adequacy evaluations could present challenges. Coal plants are also used for base loading. With the expansion in variable generation, base load plants are needed to provide operating reserves during periods of generation fluctuations (solar and wind). The loss of these plants will increase generation availability risk and grid volatility. NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 74 Appendix A8 - Western Electricity Coordinating Council (WECC) 2015 CMEP Implementation Plan O&P Reliability Standards Subject to WECC Monitoring Regional Risk Justification Standard & Requirement Focus Area Protection System A failure of the protection system reliability could result PRC-001-1.1 R3 Reliability in increased risk of cascading events, system instability, PRC-001-1.1 R4 and interconnection separations. While protection PRC-001-1.1 R5 systems continue to be upgraded to microprocessor PRC-001-1.1 R6 based systems, the older Electro-Mechanical and solid PRC-004-2.1a R1 state designs are still used and, given their age, impose PRC-004-2.1a R2 a risk to reliability. PRC-004-WECC-1 R1 PRC-004-WECC-1 R2 Additionally, interaction of Remedial Action Scheme PRC-005-1 R2 (RAS) poses a challenge. RAS are designed and tested for PRC-005-2 R3 specific systems or parts of systems, so their operation PRC-005-2 R4 in protecting those systems is well understood. But PRC-008-0 R1 understanding of how RAS interact or impact one PRC-008-0 R2 another is less well understood. Evaluating the potential PRC-011-0 R1 interactions, and then managing those interactions that PRC-016-0.1 R1 present a risk, is important for reliability. PRC-016-0.1 R2 PRC-017-0 R1 PRC-023-3 R1 PRC-025-1 R1 Situational Situational Awareness refers to the ability to see and COM-002-2 R1 Awareness comprehend what is happening on the system. There EOP-010-1 R2 are a number of processes necessary to maintaining EOP-006-2 R1 situational awareness, including real-time monitoring EOP-006-2 R9 and real-time and near-term contingency analysis EOP-006-2 R10 studies. The coordination and sharing of data is critical EOP-008-1 R3 to situational awareness because each process relies on EOP-008-1 R4 various types of data. The lack of adequate situational IRO-002-2 R6 awareness limits entities’ ability to identify and plan for IRO-002-2 R7 the next most critical contingency, which, in turn, IRO-002-2 R8 impacts the reliability of the entire system. IRO-005-3.1a R1 IRO-008-1 R1 IRO-008-1 R2 PER-005-1 R3 TOP-002-2.1b R4 TOP-002-2.1b R11 TOP-002-2.1b R19 TOP-004-2 R6 TOP-006-2 R2 TOP-007-WECC-1a R1 NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 75 Appendix A8 - Western Electricity Coordinating Council (WECC) 2015 CMEP Implementation Plan O&P Reliability Standards Subject to WECC Monitoring Regional Risk Focus Area Changing Load Composition Justification Load composition refers to the combination of energy consumption patterns, e.g., peaks, and types of demand, e.g., residential or commercial. Both consumption patterns and types of demand are changing. Future changes to load composition could present operational and planning challenges like mechanism for reducing demand, mechanism for removing load, high penetration of new types of demand and load changes that affect stability considerations. Vegetation and Vegetation management and Right of Way issues refer Right of Way to the encroachment of vegetation due to lack of issues trimming or due to incorrect clearances of the transmission lines. Aging transmission lines might not adhere to the minimum clearances. Having less clearance along with vegetation growth issues could lead to vegetation related outages. Per NERC Technical Reference, trees that have grown out of specification could contribute to a cascading grid failure, especially under heavy electrical loading conditions. Transmission Maintaining a healthy transmission system is vital for Planning reliability of the grid. Transmission Planning adequacy Adequacy refers to accuracy and reliability of various study models to study load forecast, transmission system behavior for addition or retirement of generating facilities and facility designs. A coordinated and accurate transmission model becomes important for identifying system behaviors and planning for future load demand. Additionally, planning and operational models that use different representations lead to inconsistent understanding of contingencies and duplication of modeling efforts, both of which may lead to inaccurate prediction of power system behavior. High-Impact Low- High-impact low-frequency events refer to events such Frequency Events as coordinated physical or cyber-attack, pandemic, geomagnetic disturbance, or large-scale disasters. A coordinated attack on the electric system could result in damage to key systems and components and render part or all of the system inoperable for an extended period of time. Standard & Requirement BAL-002-WECC-2 R1 BAL-002-WECC-2 R2 BAL-002-WECC-2 R3 BAL-002-WECC-2 R4 PER-005-1 R3 TPL-001-0.1 R1 TPL-002-0b R1 TPL-003-0b R1 TPL-004-0a R1 FAC-003-3 R1 FAC-003-3 R2 FAC-003-3 R6 FAC-003-3 R7 FAC-014-2 R5 FAC-014-2 R6 TOP-004-2 R6 TOP-006-2 R2 TOP-008-1 R4 TPL-001-0.1 R1 TPL-002-0b R1 TPL-003-0b R1 TPL-004-0a R1 EOP-001-2.1b R2 EOP-001-2.1b R3 EOP-001-2.1b R4 EOP-003-2 R8 EOP-005-2 R1 EOP-005-2 R6 EOP-005-2 R9 EOP-005-2 R10 EOP-005-2 R11 EOP-005-2 R17 EOP-006-2 R1 EOP-006-2 R9 EOP-006-2 R10 EOP-008-1 R3 NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 76 Appendix A8 - Western Electricity Coordinating Council (WECC) 2015 CMEP Implementation Plan O&P Reliability Standards Subject to WECC Monitoring Regional Risk Focus Area Adequacy of Reserves Justification Plant retirements due to implemented environmental regulations increase uncertainty in future resources. Additionally, other potential environmental regulations are leading to cases where resources may be inadequate to ensure firm demand is served at all times. As the system continues to change, some concerns are identified with insufficient reserve margins by some entities. Standard & Requirement EOP-008-1 R4 PER-005-1 R3 BAL-002-WECC-2 R1 BAL-002-WECC-2 R2 BAL-002-WECC-2 R3 BAL-002-WECC-2 R4 4. Compliance Oversight Plan WECC will perform all on-site audits during 2015 as scheduled, as required by the NERC Rules of Procedure. Entities scheduled for on-site audits during 2015 are included in the table titled “2015 Audit Schedule” below. For all such audits, WECC will apply a risk-based approach in accordance with the RAI. For Entities due for an off-site audit during 2015, WECC has conducted a risk assessment. Based on that assessment, WECC has, for most of these entities, substituted the annual Self-Certification process for reporting year 2014 combined with a focused validation of the Self-Certifications. WECC will conduct off-site audits as scheduled for all other Entities. Entities still scheduled for an off-site audit are included in the 2015 Audit Schedule below Compliance Audits WECC will conduct scheduled Compliance Audits for 2015 using the Reliability Standard Requirements listed in the tables titled “CIP Reliability Standards Subject to WECC Monitoring” and “O&P Reliability Standards Subject to WECC Monitoring” in Section 3 above (collectively, the “Reliability Standards Subject to WECC Monitoring in 2015”) as a baseline, as well as an Entity’s Registered Functions. A summarized list of CIP and O&P Reliability Standards subject to Audit for 2015 is included in the Reliability Standards Subject to WECC Monitoring – 2015 document on the WECC website. The scope of each audit, however, may be adjusted based on WECC’s risk IRA (and ICE if available) of the registered entity. Annual Self-Certification As noted in WECC’s 2014 CMEP Implementation Plan, the annual Self-Certification for reporting year 2014 will begin December 15, 2014, when WECC will post the Self-Certification Schedule and Forms and send notification to registered entities. The submittal period will run from January 1 through March 2, 2015. In 2016, WECC will conduct the annual Self-Certification for reporting year 2015. WECC will post the SelfCertification Schedule and Forms and send the Self-Certification notification to registered entities on December 15, 2015. The notification will inform Entities of the reporting period (January 1 through December 31, 2015) and the submittal period (January 1 through March 1, 2016), as well as provide information on the Reliability Standard Requirements covered. Subject to an entity’s Registered Functions, the Reliability Standards Requirements for Self-Certification will be determined, in part, by those listed in the tables titled “CIP Reliability Standards Subject to Regional Monitoring” and “O&P Reliability Standards Subject to Regional Monitoring” in Section 3 above. In addition, Reliability Standard Requirements listed in the table titled “Additional Reliability Standards Subject to Self-Certification” below is included to make up the SelfCertification baseline. A summarized list of Reliability Standards subject to Self-Certification for 2015 is included in the Reliability Standards Subject to WECC Monitoring – 2015 document on the WECC website. The NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 77 Appendix A8 - Western Electricity Coordinating Council (WECC) 2015 CMEP Implementation Plan scope of each Self-Certification, however, may be adjusted based on WECC’s IRA (and ICE if available) of the registered entity. WECC may also validate the accuracy of Self-Certification submittals of Compliant, Not Applicable and/or Do Not Own through various analyses, including sending data requests to registered entities for randomly selected Self-Certifications for certain Reliability Standard Requirements and Registered Functions. Additional Reliability Standards Subject to Self-Certification Regional Risk Focus Area Repeat Violations Justification Reliability Standard Requirements with repeat violations over the most recent 12-month period can be one indication of the possibility of increased risk. These Standard Requirements are included in addition to those listed in the tables in Section 3 titled “CIP Reliability Standards Subject to Regional Monitoring” and “O&P Reliability Standards Subject to Regional Monitoring” to form the baseline of Reliability Standard Requirements subject to Self-Certification for reporting year 2015. Standard & Requirement CIP-002 R4 CIP-003 R2 CIP-004 R3 CIP-005 R5 CIP-006 R2 CIP-006 R6 CIP-007 R9 CIP-009 R5 EOP-001 R5 FAC-008 R2 FAC-008 R3 FAC-010 R1 FAC-010 R4 FAC-010 R3 IRO-010 R3 PER-005 R1 PRC-005 R1 VAR-001 E.A.14 VAR-002 R3 VAR-002 R2 NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 78 Appendix A8 - Western Electricity Coordinating Council (WECC) 2015 CMEP Implementation Plan Periodic Data Submittals (PDS) As part of the CMEP, registered entities must submit Periodic Data Submittals (PDS) on schedules required by applicable Reliability Standards, or as established by NERC, or on an as-needed basis where requested by WECC. These Reliability Standards are listed in the table below titled Reliability Standards Subject to Periodic Data Submittal. A summarized list at the Sub-Requirement level is also included in the Reliability Standards Subject to WECC Monitoring - 2015 on the WECC website. Reliability Standards Subject to Periodic Data Submittal Justification Standard & Requirement These Reliability Standards include requirements for registered entities with BAL-001-1 R1 applicable Registered Functions to submit data on a periodic basis as BAL-001-1 R2 indicated in the Requirement or relevant Sub-Requirement. BAL-002-1 R1 BAL-002-1 R2 BAL-002-1 R3 BAL-002-1 R4 BAL-002-1 R5 BAL-002-1 R6 BAL-003-0.1b R1.2 BAL-006-2 R4 COM-002-2 R2 EOP-004-2 R2 FAC-003-3 R1 FAC-003-3 R2 FAC-003-3 R6 FAC-003-3 R7 IRO-006-WECC-1 R1 IRO-006-WECC-1 R2 PRC-004-2.1a R3 PRC-004-WECC-1 R3 PRC-021-1 R1 PRC-023-3 R5 PRC-023-3 R6 TPL-002-0b R3 TPL-003-0b R3 TPL-004-0a R2 VAR-002-WECC-1 R1 VAR-002-WECC-1 R2 VAR-501-WECC-1 R1 VAR-501-WECC-1 R2 NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 79 Appendix A8 - Western Electricity Coordinating Council (WECC) 2015 CMEP Implementation Plan 2015 Audit Schedule Note that the WECC audit schedule may be revised from time to time during 2015. Thus, the “2015 Audit Schedule” shown below for both on-site and off-site audits applies only as of November, 2014. The most up-to-date audit schedule, including all revisions and updates, is on the WECC’s website here: WECC 2015 Audit Schedule. The on-line schedule should be consulted to ensure accuracy as this 2015 IP will not be republished and re-posted to reflect each change to the audit schedule during 2015. 2015 Audit Schedule NCR # NCR05335 NCR11458 NCR10292 Registered Entity Public Utility District No. 1 of Snohomish County RockTenn Shiloh Wind Project 2, LLC NCR05402 Southwest Transmission Cooperative, Inc. NCR05321 NCR05441 NCR05441 NCR10310 NCR10311 NCR10347 NCR11150 NCR10289 NCR05282 NCR05153 NCR05106 NCR05465 NCR05430 NCR10323 NCR11054 NCR10350 Platte River Power Authority US Bureau of Reclamation US Bureau of Reclamation Brush Cogeneration Partners Colorado Energy Management - BCP Panoche Energy Center LLC GenOn Delta Peak Reliability NorthWestern Corporation Eugene Water & Electric Board Colorado Springs Utilities Western Area Power Administration - Sierra Nevada Region Transmission Agency of Northern California Midway Peaking, LLC South Feather Power Project Windy Flats Partners, LLC Tri-State Generation and Transmission Association, Inc. Reliability Intermountain Rural Electric Association San Diego Gas & Electric Pend Oreille County Public Utility District No. 1 Sunray Operating Services, LLC EthosEnergy Group Three Buttes Windpower LLC Black Hills Corporation Klickitat County PUD NextEra Energy Resources, LLC Idaho Power Company Rocky Mountain Reserve Group Northwest Power Pool Reserve Sharing Group Colorado Energy Management - MPC Western Area Power Administration - Rocky Mountain Region Basin Electric Power Cooperative NCR10030 NCR11226 NCR05377 NCR05315 NCR10348 NCR10349 NCR10345 NCR05030 NCR05206 NCR05163 NCR05191 NCR05366 NCR05281 NCR10378 NCR05464 NCR05023 NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 80 Appendix A8 - Western Electricity Coordinating Council (WECC) 2015 CMEP Implementation Plan 2015 Audit Schedule NCR # NCR05315 NCR05299 NCR05398 NCR10396 NCR11104 NCR05377 NCR05299 NCR05048 NCR03036 Registered Entity Pend Oreille County Public Utility District No. 1 Pacific Gas and Electric Company Southern California Edison - Transmission & Distribution Business Unit Otay Mesa Energy Center, LLC NAES Corporation - Harvest Wind Project San Diego Gas & Electric Pacific Gas and Electric Company California Independent System Operator Trans Bay Cable LLC 5. Compliance Outreach WECC conducts seminars and workshops for Registered Entities to assist them in their compliance activities. The seminars and workshops are important learning exercises for those subject to Reliability Standards. During 2015, WECC will continue its outreach efforts to provide education, seminars, workshop and panel discussions to increase registered entities’ awareness of and understanding of Reliability Standards. A few of WECC's outreach efforts are as follows: Compliance Outreach Activities Outreach Activity Compliance User Group (CUG)/Critical Infrastructure Protection User Group (CIPUG) Compliance User Group (CUG)/Critical Infrastructure Protection User Group (CIPUG) Compliance User Group (CUG)/Critical Infrastructure Protection User Group (CIPUG) CIP 101 Seminar CIP Low Impact Assets Seminar WECC Open Webinar Compliance 101 Webinar Anticipated Date January 27-29, 2015 Anaheim, CA June 2-4, 2015 Portland, OR October 13-15, 2015 San Diego, CA Sept. 9-10, 2015 Salt Lake City, UT Feb. 3-5, 2015 Salt Lake City, UT Third Thursdays of most months Three times a year prior to CUG/CIPUG Monthly Open Webinars Since many of the questions the WECC Compliance Staff receives are very similar, WECC answers questions in an open forum for greater efficiency. WECC Compliance Subject Matter Experts participate on this webinar and respond to questions. In fairness to everyone on the call, WECC does not address entityspecific questions and issues. Compliance User Group (CUG) The CUG meeting provides in-depth, in-person, and detailed training and education through structured lecture and presentation, panels of experts, interactive dialog in an open forum, direct question and answer sessions and invaluable networking opportunities. Workshops cover the entire compliance sphere with focus reflecting the attendees’ and industries’ issues. These meetings provide direct access to the NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 81 Appendix A8 - Western Electricity Coordinating Council (WECC) 2015 CMEP Implementation Plan WECC Compliance management team, staff, and Subject-Matter Experts. Participants may also attend telephonically or via webinar. Critical Infrastructure Protection User Group (CIPUG) The mission of the CIPUG is to provide an open forum for the exchange of information regarding the WECC Compliance Program's enforcement of mandatory CIP Standards in the Western Interconnection. Its meetings are structured similarly to those of the Compliance User Group, and it is a forum for WECC to provide information regarding NERC and WECC CIP activities and related training and workshops for registered entities on an as-needed basis. Information for these workshops and seminars (and others as they are finalized) and the dates on which they are scheduled to occur will be posted on the WECC website. NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 82 Appendix B - Compliance Assessment Report Compliance Assessment Process for Events and Disturbances The ERO encourages registered entities to perform an initial compliance assessment (CA) concurrent with the registered entity’s event review and analysis. When completing a CA, the registered entity should follow these steps: 1. Refer to the causes and contributing factors of the event as determined by the registered entity’s events analysis process. 2. Identify all applicable NERC Reliability Standards and Requirements that may have been implicated by the causes and contributing factors of the event. 3. After reviewing the facts and circumstances of the event, develop conclusions that are relevant to step 2 above as they apply to the applicable NERC Reliability Standards Requirements. 4. Self-report any findings of noncompliance to the RE per the CMEP procedures. 5. Provide a copy of its CA report to the RE Compliance organization. The CA should be accompanied by the separate Event Analysis Report, “Brief Report,” or similar document that provides sufficient information for the RE to understand the event. Sample Compliance Assessment Report Template Event Cause or Contributing Factor Applicable Reliability Standards and Requirements Cause–Example 1 AAA-000-0 R 1 Details of CA Efforts 1. Identify the process used to assess compliance with this Requirement. Findings Finding conclusion 2. Identify any evidence that demonstrates compliance Equipment failure of a high side transformer— cleared along with two transmission lines. TOP-002-2a R6. Each BA and TOP shall plan to meet unscheduled changes in system configuration and generation dispatch (at a minimum N-1 contingency planning) in accordance with NERC, Regional Reliability Organization, sub-regional and local reliability Requirements 3. Identify any evidence that suggests noncompliance Established transfer limits were followed such that the event did not result in instability. The limit for operating across this internal interface is established in the RC. “XYZ Interface All Lines In Stability Guide” (document provided) NERC | 2015 ERO CMEP Implementation Plan Version 1.0 | November 18, 2014 83 No findings of noncompliance
© Copyright 2024