ERO Compliance. Compliance Monitoring and Enforcement Program. Texas Reliability Entity, Inc Implementation Plan. November 1, Version 0.

Transcription

1 ERO Compliance Compliance Monitoring and Enforcement Program Texas Reliability Entity, Inc Implementation Plan Version 0.1 November 1, Peachtree Road NE Suite 600, North Tower Atlanta, GA

2 Table of Contents Table of Contents Table of Contents...ii Introduction Executive Summary... 3 ERO CMEP Description... 5 Risk-Based Compliance Monitoring Approach Implementation Plan Development Methodology... 9 ERO High-Risk Priorities... 9 Southwest Blackout Report... 9 Compliance History and Culture AML and Implementation Plan Input Future Considerations Three-Tiered Compliance Approach Three-Tiered Approach to Requirements Specification Three-Tiered Approach to Audit Scope Determination Reliability Standards Subject to 2013 CMEP Implementation High-Risk Priority Standards List High-Risk Priority Standards and Tier 1 Requirements CIP Critical Infrastructure Protection EOP Emergency Preparedness and Operations FAC Facilities Design, Connections, and Maintenance IRO Interconnection Reliability Operations and Coordination PER Personnel Performance, Training, and Qualifications PRC Protection and Control ii 2013 NERC CMEP Implementation Plan

3 Table of Contents Other Standard Families External CMEP Discovery Methods Compliance Audits Audit Focus or Scope CIP Reliability Standards Compliance Audits Compliance Audit Schedule Compliance Audit Reports Compliance Tools Mitigation Plans Spot Checks CIP Reliability Standards Compliance Investigations Complaints Internal CMEP Discovery Methods Self-Reports Self-Certifications CIP through CIP Reliability Standards Periodic Data Submittals Exception-Reporting Key CMEP Activities and Initiatives Registration and Certification Joint Registration Organization and Coordinated Functional Registration Results of Abrupt or Forced Registration Changes CMEP Transparency Elements iii 2013 NERC CMEP Implementation Plan

4 Table of Contents Compliance Operations and REs Communications Seminars and Workshops Newsletters Transparent Communications Training Compliance Auditors Compliance Investigative (CI) Staff Enforcement Streamlining Compliance Reviews of Events and Disturbances Registered Entity Responsibilities Regional Entity Responsibilities Compliance Review Process Monitoring Enforcement Initiatives Further Implementation of the CEI Closeout of Past Caseload ERO Guidance on COM Communication and Coordination Approved Standards Which Reference Unapproved Standards Regional Entities CMEP Implementation Plans Conclusion Appendix ERO High-Risk Priorities with High Value Associated Reliability Standards.. 59 Appendix Actively Monitored List (AML) Analysis Appendix Regional Entity Request to Defer or Reduce the Scope of a Compliance Audit Appendix CMEP Implementation Plan Survey Appendix 5 Compliance Assessment Template iv 2013 NERC CMEP Implementation Plan

5 Table of Contents Appendix High-Risk Priority Standards and Tier 1 Requirements BAL Resource and Demand Balancing CIP Critical Infrastructure Protection COM Communications EOP Emergency Preparedness and Operations FAC Facilities Design, Connections, and Maintenance IRO Interconnection Reliability Operations and Coordination MOD Modeling, Data, and Analysis NUC Nuclear PER Personnel Performance, Training, and Qualifications PRC Protection and Control TOP Transmission Operations Appendix 7 Standards and Requirements Implicated by the 2011 Southwest Blackout v 2013 NERC CMEP Implementation Plan

6

7 Introduction Introduction The electric reliability organization (ERO) Compliance Monitoring and Enforcement Program (CMEP) Annual Implementation Plan (Annual Plan) is the annual operating plan for compliance monitoring and enforcement activities to ensure the North American Electric Reliability Corporation (NERC), as the international ERO, and the Regional Entities (REs) fulfill their responsibilities under legislation in the United States and other applicable obligations in jurisdictions in Canada and Mexico. 1 The annual plan provides guidance for both REs and registered entities about the direction Compliance Monitoring and Enforcement will take in Major changes from the 2012 annual plan are found in the Executive Summary. Currently, reliability standards are mandatory and enforceable in the United States and the Canadian provinces of British Columbia, 2 Ontario, 3 New Brunswick, 4 Saskatchewan, 5 and Manitoba. 6 The Canadian province of Alberta 7 has adopted some of the reliability standards and is in the process of reviewing others. The legislative framework to make reliability standards mandatory and enforceable exists in Nova Scotia 8 and Quebec. 9 In Nova Scotia, the reliability standards are pending the approval of the Nova Scotia Utility and Review Board. The National Energy Board of Canada 10 is in the process of making reliability standards mandatory and enforceable for international power lines. The compliance monitoring and enforcement activities are carried out by NERC and the eight REs based on the regulatory authority-approved uniform CMEP, 11 the NERC Rules of Procedure (ROP), 12 the respective RDA 13 with the eight REs, and other agreements including Memoranda of Understanding with the Canadian provinces. This plan outlines the implementation requirements to be followed by NERC and the eight REs. Each RE submits its annual Implementation Plan to NERC by November 1 of the prior compliance year. NERC is responsible for approving RE Implementation Plans See Appendix 4C of the NERC ROP at Section 4.2: Texas RE CMEP Implementation Plan

8 Introduction The 2013 Implementation Plan includes a set of reliability standards that were selected based upon ERO-identified high-risk priorities and a three-tiered approach to compliance auditing. In addition to ERO-wide audit scope guidance, the Implementation Plan requires REs to consider a registered entity s actual and potential risk to the bulk power system (BPS) when determining the specific scope of each compliance monitoring activity. The objectives of the Implementation Plan are to: Promote the reliability of the BPS through rigorous compliance monitoring and enforcement activities Facilitate improved consistency of compliance activities throughout North America Monitor all regulatory authority approved reliability standards by using the eight CMEP compliance monitoring methods Use risk-based and performance-based criteria for determining the scope of compliance audits Allow flexibility for the ERO and REs to investigate trends that may pose a near term risk to reliability either across the North American BPS, across an Interconnection or within a RE boundary Improve the ERO CMEP by analyzing the compliance monitoring experience across North America and implementing necessary improvements 2013 Texas RE CMEP Implementation Plan 2

9 2013 Executive Summary 2013 Executive Summary Noteworthy changes to the 2013 Implementation Plan include: 1. Audit Scope and Periodicity: Both audit scope and audit periodicity for a registered entity starts with the tier one and the usual audit scope and can be adjusted by the RE with NERC oversight based on appropriate justification: a. For entities registered as Balancing Authority (BA), Reliability Coordinator (RC) or Transmission Operator (TOP), scope can be modified however per the current ROP they are still required to be audited every three years. 15 b. For all other registered entities that NERC has previously directed be audited on a six year cycle there is flexibility to adjust the periodicity as well as scope, again with appropriate justification provided by the RE. 2. Registered Entity Compliance Assesments: To support a strong culture of compliance, registered entities are encouraged to perform a compliance assessment in response to all system events and disturbances. Registered entities conducting compliance assessments are encouraged to provide a compliance assessment report to the Regional Entity for system events that fall in category 2 and above as outlined in the ERO events analysis process document. The Compliance Assessment Template, as found in Appendix 5, should be used when performing these assessments. Registered entities that utilize compliance assessments to self-identify and address possible reliability issues, demonstrate their effectiveness of their internal controls and their commitment to their culture of compliance. Registered entities that are able to demonstrate strong internal controls and a robust culture of compliance that mitigate risk may be afforded some recognition in consideration of reduced levels and frequency of compliance monitoring activities and given credit in enforcement space for self-reported possible violations. 3. Critical Infrastructure Protection (CIP) Standards and Tier Assignments: Tier assignments in the CIP standards have been reassigned so that each requirement, along with its subrequirements, is assigned a single tier. When there is confidence in entity assessments, both audit scopes and audit periodicity can be specifically tailored to each registered entity. In 2012 it was emphasized that Tier 1 standards represent minimum audit scope. However, if an entity s assessment indicates such, either its audit scope can be reduced below Tier 1 or its audit periodicity 16 can be reduced. 17 This 15 Audit periodicity for entities registered as BAs, RCs, and TOPs must be every three years and cannot be reduced per section of the NERC Rules of Procedure at 16 Audit periodicity for entities registered as BAs, RCs, and TOPs must be every three years and cannot be reduced per section of the NERC Rules of Procedure at 17 Using the form found in Appendix 3 of this document entitled 2013 Regional Entity Request to Defer or Reduce the Scope of a Compliance Audit Texas RE CMEP Implementation Plan

10 2013 Executive Summary reduction can allow for more compliance monitoring of entities which pose more risk to the reliability of the Bulk Electric System (BES), which is the heart of performance monitoring. NERC staff continues to monitor recent activites and major events, such as the southwest cold weather event, 18 the southwest blackout event, 19 as well as the progress of the Find, Fix, Track and Report (FFT) mechanism of the Compliance Enforcement Initiative (CEI). As a result of the Southwest Blackout 20 report by FERC and NERC, REs are expected to consider critical standards that include aspects of situational awareness, including both planning and coordination, in their audit and self-certification programs for Additionally, Regional Entities should broadly consider the themes of the Southwest Blackout Report: communication, coordination, planning, and modeling. A list of these standards is provided in Appendix 7 of this report. The impact of new or revised standards coming into effect in 2013 include the introduction of: New CIP Tier reassignments, effective 1/1/2013 FAC 008 3, effective 1/1/2013 (no effect on the Actively Monitored List (AML)) PER-005-1, effective 4/1/2013 EOP-001-2b, EOP-005-2, EOP-006-2, and EOP-008-1, effective 7/1/2013. Specifics of the changes can be found in the 2013 High-Risk Priority Standards and Tier 1 Requirements section of this report and in the 2013 AML. 18 Report from NERC and FERC: 19 Report from NERC and FERC: Section 215(d)(2) of the Federal Power Act located at Texas RE CMEP Implementation Plan 4

11 ERO CMEP Description ERO CMEP Description Reliability and accountability are basic tenets of the CMEP. The objective of the NERC and the REs is to achieve the highest level of reliability for the BPS. NERC, as the Federal Energy Regulatory Commission (FERC) certified ERO, together with the REs, is accountable to government regulators and industry stakeholders. The CMEP is a critical component in supporting reliability and accountability. The CMEP covers monitoring and enforcement activities in addition to training and informational activities designed to assist the industry in achieving and sustaining effective compliance and enhanced reliability. The CMEP also complements other critical ERO activities aimed at improving reliability such as: facilitating the industry in the development and improvement of reliability standards, providing reliability assessments, and identifying lessons learned from events analysis that can assist the industry in enhancing reliability. There is clear ERO and industry accountability for the development of reliability standards in accordance with the 2005 Federal Power Act 21 and FERC Order No. 672, 22 which duly recognize the collective expertise, experience and judgment needed to develop and improve reliability standards. NERC continues to refine and improve the annual CMEP and AML by focusing its efforts and resources on those standards that pose the greatest risk to BPS reliability. NERC ROP 23 states that all BPS users, owners, and operators are required to comply with all applicable ERO governmental authority-approved reliability standards at all times. Regional reliability standards and regional variances approved by NERC and the applicable ERO governmental authority are enforceable and apply to all registered entities responsible for meeting those reliability standards within the RE boundaries, whether or not the BPS user, owner or operator is a member of the RE. The CMEP is developed under Section 215(c) of the Federal Power Act 24 to establish and enforce reliability standards for the BPS, subject to review by FERC and in general accordance with the Principles for an Electric Reliability Organization that can Function on an International Basis. 25 The CMEP is designed to improve reliability through the effective and efficient monitoring and enforcement of reliability standards. 21 Section 215(d)(2) of the Federal Power Act located at 22 Rules Concerning Certification of the Electric Reliability Organization; and Procedures for the Establishment, Approval, and Enforcement of Electric Reliability Standards, 114 FERC 61, 104 (2006) at P 324 located at 23 See Rules of Procedure, Section at Federal Power Act, 16 U.S.C. 824o. a.3 (2005). Located at 25 Bilateral Electric Reliability Oversight Group, August 3, 2005 (the Bilateral Principles ). 26 See Events Analysis: Alerts at See United States Government Accountability Office Government Auditing Standards (GAGAS) at Chapter 1: Use and Application of GAGAS at Section Texas RE CMEP Implementation Plan

12 ERO CMEP Description To help fulfill its responsibilities under its rules filed with regulatory authorities, NERC, as the international ERO, has delegated authority to qualified REs to monitor and enforce compliance with reliability standards by users, owners, and operators of the BPS. This delegation is governed by Regional Delegation Agreements (RDA) that have been approved by the appropriate regulatory authorities. NERC and these REs are responsible for carrying out the CMEP. Each RE submits its regional CMEP Implementation Plan to NERC for approval based on the requirements of this document. NERC and the REs recognize that there are important reliability matters that require prompt communication to industry. NERC has used the Alerts/Advisory 26 process to rapidly inform the industry of such matters. The Implementation Plan strongly encourages the applicable registered entities to proactively address such communications as a way of demonstrating good utility practice and a strong culture of compliance and reliability excellence. 26 See Events Analysis: Alerts at See United States Government Accountability Office Government Auditing Standards (GAGAS) at Chapter 1: Use and Application of GAGAS at Section Texas RE CMEP Implementation Plan 6

13 Risk-Based Compliance Monitoring Approach Risk-Based Compliance Monitoring Approach The premise of risk-based compliance monitoring is that scrutiny is directly proportional to the risk or impact posed to the reliability of the BPS by a registered entity. Risk is not to be considered as a negative in any way, but simply a consideration of the complex nature of the industry. Risk is neither uniform across the diverse industry that is responsible for the reliability of the BPS nor is it consistent over time. Compliance monitoring encompasses a range of activities, both internal and external to the registered entity. External compliance monitoring activities include audits, spot checks, investigations, and complaints. Internal activities include self-reports, self-certifications, periodic data submittals, and exception reporting. Of note is that in 2011, registered entities self identified 67 percent of the possible violations (PVs) and compliance issues. This clearly speaks to the continued compliance efforts of the industry. While compliance auditing is an important compliance monitoring discovery method, it may not always be the most effective of the eight methods based upon an entity s risk or other associated factors. For entities that pose minimal reliability risk, the activities specifically prescribed in this Implementation Plan may suffice. For registered entities that pose a significant risk to reliability, it is the responsibility of REs to mitigate this risk through the use of compliance monitoring, which includes audits of increased scope and frequency, focused spot checks, self-certifications, etc. Where an entity can develop and present a complete self assessment, an RE will give strong consideration to how the registered entity describes its own risk and how it manages and, where necessary, mitigates this risk. This could lead to a discussion between an entity and the RE about the possibility of modifying future compliance monitoring activities. Registered entities are responsible for compliance with all regulatory approved reliability standards and requirements in effect per their registered functions at all times, regardless of what is specified in the AML. One of the key components to an effective risk-based audit approach is the incorporation of performance-based auditing. Performance audits, according to the United States Government Accountability Office, 27 are defined as engagements that provide assurance or conclusions based on an evaluation of sufficient, appropriate evidence against stated criteria, such as specific requirements, measures, or defined business practices. Another component to a riskbased audit approach involves the detailed reviews/walkthroughs and testing of registered entities programs and procedures utilized to control risk in order to assure performance rather 27 See United States Government Accountability Office Government Auditing Standards (GAGAS) at Chapter 1: Use and Application of GAGAS at Section Texas RE CMEP Implementation Plan

14 Risk-Based Compliance Monitoring Approach than relying solely on documentation. This will be further developed in 2013 by the ERO and registered entities. It must be emphasized that registered entities are responsible for compliance with all regulatory approved Reliability Standards and Requirements in effect for their registered function at all times, regardless of what a registered entity s risk profile may indicate. Regional Entities have the authority and responsibility to expand the scope of an audit, spot check, or any other compliance monitoring process if they consider it necessary when evaluating the compliance of a registered entity Texas RE CMEP Implementation Plan 8

15 2013 Implementation Plan Development Methodology 2013 Implementation Plan Development Methodology As part of an overall compliance plan, NERC developed the AML of reliability standards for 2013 based on the methodology outlined in this section. This framework builds on the development process utilized for the 2012 Implementation Plan. The 2013 Implementation Plan is designed to realize risk-based approaches for ERO programs, priorities and initiatives that meet reliability goals and improve efficiencies. Achieving these goals will be accomplished through the development, maintenance, and implementation of a list of the highest priority reliability standards. The reliability standards and associated requirements populating this list will be determined through an annual review of the following: ERO High-Risk Priorities Southwest Blackout Report FERC Orders and Guidance Compliance History and Culture Input from NERC Staff including Compliance Operations (OC), Critical Infrastructure Protection (CIP), Enforcement, Events Analysis (EA) and Investigations, Legal, Reliability Assessments and Performance Analysis, and Standards Input from RE Staff Input from the NERC CCC Future Considerations ERO High-Risk Priorities The purpose of identifying and using a set of priorities is to focus on requirements within reliability standards that are most critical to the reliability of the BPS as determined by a set of risk-based criteria. The priorities and correlated reliability standards are explained in further detail in Appendix ERO High-Risk Priorities with High Value Associated Reliability Standards. NERC and the REs considered these priorities and identified a number of reliability standards that apply to each criterion. Many of these reliability standards apply to multiple priorities, bolstering their importance and reason for inclusion into the AML. Southwest Blackout Report The joint FERC/NERC report on the southwest blackout of September was released on May 1, Areas of continuing concern are: situational awareness, communications, Texas RE CMEP Implementation Plan

16 2013 Implementation Plan Development Methodology coordination, planning and modeling. Many of these concerns are already addressed by the AML, and will be bolstered by the release of EOP when it comes into effect July 1, Compliance History and Culture An analysis of the compliance history with reliability standards is only one aspect for determining the risk-based compliance approach, and provides insight into which reliability standards have proven most challenging for registered entities. Reliability standards that are understood by registered entities will typically result in PVs being discovered through selfreport and self-certification monitoring methods. Reliability standards that are not well understood typically result in more PVs through the audit and spot check monitoring methods. Through the identification and inclusion of reliability standards with high violations discovered directly by REs into the AML, registered entities will have the ability to learn through personal experience, regional workshops, and other outreach programs and resources on how best to improve their compliance programs. Improved compliance programs will result not only in enhanced compliance for these reliability standards in particular, but for all reliability standards through the growth of compliance processes and systems. A collection of violation statistics for the most highly violated reliability standards is provided in Tables 1 and 2. Table 1 emphasizes violations from the recent past while Table 2 focuses upon violations stemming back to June 18, The NERC total is sometimes a few more that the total of the Interconnections. This is due to violations found by NERC directly, which are known as NERC Compliance Enforcement Authority (NCEA) violations. Table 1: Top 10 Violation statistics for the near term in all Regions and by Interconnection for all reliability standards Texas RE CMEP Implementation Plan 10

17 2013 Implementation Plan Development Methodology Table 2: Top 10 Violation statistics for all time in all Regions and by Interconnection for all reliability standards. The significant presence of FERC Order No (CIP) reliability standards among near term violations makes it difficult to gauge how FERC Order No (O&P Operations and Planning) reliability standards rank in terms of violations. Removing the CIP reliability standards from this analysis, the violation statistics for O&P reliability standards in the near term and for all time can be seen in Tables 3 and 4 respectively. Table 3: Top 10 Violation statistics for the near term in all Regions and by Interconnection for O&P reliability standards. 29 Mandatory Reliability Standards for Critical Infrastructure Protection, 122 FERC 61,040 (2008) (Order No. 706). 30 Mandatory Reliability Standards for the Bulk-Power System, 72 FR 16,416 (Apr. 4, 2007), FERC Stats. & Regs. 31,242 (2007) (Order No. 693). NERC realizes each Canadian province has separate Memoranda of Understanding and the use of 693 and 706 in this document for referencing CIP and non-cip standards Texas RE CMEP Implementation Plan

18 2013 Implementation Plan Development Methodology Table 4: Top 10 Violation statistics for all time in all Regions and by Interconnection for O&P reliability standards. Risk-based compliance includes high-impact violations as well as low-impact violations that are widespread enough to, as an aggregate, represent a high impact to reliability. Thus, violation history analysis is an important tool for assessing which reliability standards and, in turn, which functions have proven to be most difficult for compliance and require more attention during audits. AML and Implementation Plan Input All eight REs provided valuable input into the development of the 2013 AML and Implementation Plan. In addition, several NERC departments provided insight in terms of the relationship of reliability standards to ERO High-Risk Priorities, supplementary information from these groups has been provided in order to help further refine the list of High-Risk Priority Standards. Specifically, the departments that contributed to the 2013 Implementation Plan include COs, CIP, Enforcement, EA and Investigations, Legal, Reliability Assessment and Performance Analysis, and Standards. The Reliability Assessment and Performance Analysis (RAPA) department is continuing its ongoing process in which a subset of requirements with the highest impact to reliability is identified according to a Standards/Statute Driven Index (SDI). The SDI measures improvement in compliance with reliability standards as part of a Reliability Metrics and Integrated Risk Assessment study. 31 As of August 2012, this subset consists of the same 26 Requirements from previous years and is found in Table 5. These requirements have high Violation Risk Factors (VRFs) and the violations of these requirements have severe Reliability Impact Statements (RIS) as determined by the RE Texas RE CMEP Implementation Plan 12

19 2013 Implementation Plan Development Methodology Table 5: 26 Requirements considered by the Standards/Statute Index as part of Reliability Metrics and Integrated Risk Assessment Standard Req. Standard Req. Standard Req. Standard Req. Standard Req. EOP R1. FAC R1. PER R3. PRC R2. TOP R1. EOP R7. IRO R17. PER R4. TOP R3. TOP R2. EOP R6. PER R1. PRC R1. TOP R6. TOP R6. EOP R1. PER R1. PRC R2. TOP R7. TOP R2. FAC R1. PER R2. PRC R1. TOP R17. VAR R1. FAC R2. The Reliability Assessment and Performance Analysis group has also completed an analysis of the BPS transmission system through the Transmission Availability Data System (TADS). As shown in Figure 1, this analysis points to several causes for sustained outages 32 experienced by North America s transmission system. Keeping these outage causes in mind can be helpful in determining the priority of individual Requirements within already designated, high-risk priority reliability standards. 32 Individual sustained outages of AC circuit transmission line categorized by cause. An Automatic Outage with an Outage Duration of a minute or greater. The TADS definition of Sustained Outage is different than the NERC Glossary of Term Used in Reliability Standards definition of Sustained Outage which is presently only used in FAC The glossary defines a Sustained Outage as follows: The deenergized condition of a transmission line resulting from a fault or disturbance following an unsuccessful automatic reclosing sequence and/or unsuccessful manual reclosing procedure. The definition is inadequate for TADS reporting for two reasons. First, it has no time limit that would distinguish a Sustained Outage from a Momentary Outage. Second, for a circuit with no automatic reclosing, the outage would not be counted if the TO has a successful manual reclosing under the glossary definition Texas RE CMEP Implementation Plan

20 2013 Implementation Plan Development Methodology Figure 1: Initiating causes of sustained outages for the BPS from 2008 to Texas RE CMEP Implementation Plan 14

21 2013 Implementation Plan Development Methodology Future Considerations Future considerations refer to those reliability standards that are not yet enforceable, but are implicated by the 2013 ERO high-risk priorities as referenced in Appendix 1. Thus, these suggested reliability standards provide guidance on what should immediately be considered for incorporation into the AML following FERC approval and given the current priorities. As indicated by the NERC Standards group, the applicable reliability standards subject to future enforcement 33 for 2013 include EOP-001-2b, EOP-005-2, EOP-006-2, EOP-008-1, FAC-008-3, FAC-013-2, and most requirements of PER Three-Tiered Compliance Approach Following the compilation of the complete list of high-priority reliability standards based upon the sources described above, the AML, being the minimum scope of compliance audits, will include a subset 34 of Requirements from these high-priority reliability standards. The requirements identified for the 2013 AML are designated as Tier 1 within the three-tiered approach that was initially developed for the 2012 Implementation Plan. Three-Tiered Approach to Requirements Specification After selecting a set of reliability standards based upon the priorities and criteria identified above, it is necessary to identify the specific Requirements within each of the reliability standards that most directly relate to the purpose of the standard itself in terms of its relationship to the identified ERO high-risk priorities and, ultimately, its support for the reliability of the BPS. In accordance with the FERC approved ROP, the ERO has selected a subset of the reliability standards and requirements to be actively monitored and audited in the ERO annual compliance program for The three-tiered approach for identifying the requirements of the AML is described below. For further information regarding the Implementation Plan methodology, refer to Appendix ERO High-Risk Priorities with High Value Associated Reliability Standards. Tier 1 Requirements are those that are the most critical to the purpose and intent of the standard of which they are a part. Additionally, the ability of a registered entity to demonstrate compliance with Tier 1 Requirements will provide guidance to audit teams on the necessity to investigate further and broaden an audit s scope in additional Requirements or reliability standards or both. Tier 2 Requirements are also critical to the purpose of a standard, but less so than Tier 1 in that Tier 2 does not address the ERO high-risk priorities as directly as Tier 1. Tier 2 also does not 33 See the NERC site for the latest information regarding in-effect dates for Reliability Standards: 34 See NERC ROP, Section Texas RE CMEP Implementation Plan

22 2013 Implementation Plan Development Methodology pose as severe a risk as Tier 1. The determination of what tier each assignment is assigned is done using all the data and input mentioned earlier in this section of the report, applied with professional judgement and input from the REs. This is not to say that compliance with Tier 2 Requirements is not mandatory. Instead, Tier 2 Requirements represent an additional level of inquiry that must be undertaken when a registered entity does not display clear compliance with those most critical Requirements of Tier 1 or if other facts and circumstances relating to the entity or system events raise issues for additional review. In the process of this added level of investigation, it may become necessary to branch off into other reliability standards that were not identified as relating directly to an ERO priority. Audit scope expansion can occur at any point during the process, from the initial review of the registered entity through the close of the audit. Tier 3 Requirements are those that, while still being significant to BPS reliability, do not represent the purpose of a reliability standard directly or are not representative of ERO priorities. The exploration of an audit team into the compliance of a registered entity with Tier 3 Requirements will be initiated through links between identified deficiencies in Tier 1 and 2 Requirements and those of Tier 3. The basis for the requirements of the high-risk priority reliability standards in the Tier 1 classification is covered in the following section. Three-Tiered Approach to Audit Scope Determination RE audit teams are authorized and obligated to expand the scope of a compliance audit to include Tier 2 and Tier 3 Requirements and any other requirements they may deem necessary based on the results of the Registered Entity Risk Profile Assessment or the audit team s collective professional judgment. Audit scope expansion can occur at any point during the process: from the initial review of the Registered Entity Profile Assessment through the close of the audit. The implementation plan for 2013 will use Tier 1 Requirements as the AML, which is the usual minimum audit scope. Both audit scope and audit periodicity for a registered entity, with exception of the RC, BA or TOP registered functions, starts with the tier one and the usual audit schedule, but can be reduced (with NERC oversight) or expanded by the Regional Entity based upon entity assessment. The audit scope for registered entities with identical functional registrations will not always be identical. Registered entities will be advised of their specific audit scopes when they receive a formal audit notification. Compliance information and data archived by the RE from the implementation of previous monitoring methods will be used in the development of a registered entity s audit scope, including but not limited to previous audits, self-certifications, events, and previous or current enforcement actions Texas RE CMEP Implementation Plan 16

23 2013 Implementation Plan Development Methodology The overall monitoring scope of the 2013 Implementation Plan and AML is based on reliability standards that are anticipated to be in effect on January 1, To the extent new or revised reliability standards are adopted, approved by the regulatory authority or in effect during the course of 2013, NERC will work with the RE to determine whether the 2013 program needs to be amended. All NERC Reliability Standards identified in the 2013 Implementation Plan are listed in the 2013 AML posted on the NERC website. The 2013 AML includes several tabs. A description of each is listed below: Summary Tabs: Quick reference listings of the reliability standards and requirements identified for compliance audits, self-certifications, periodic data submittals, and spot checks required by NERC in 2013, and mandatory effective dates for reliability standards. These tabs are designed to give the user a quick reference of the Implementation Plan lists. Requirements Detail Tab: A detailed list of the requirements included in the 2013 Implementation Plan. Revision History: The revision history that will allow users, owners and operators of the BPS to see all of the changes to the 2013 Actively Monitored Reliability Standards spreadsheets. An analysis of the applicability of Tier 1 to the various registered functions is located in Appendix 2, 2013 AML Analysis. Table 6 highlights some of this analysis and shows that the 2013 AML is nearly identical to the 2012 AML on January 1, 2013, except for 23 CIP requirements being moved into Tier 1, which will be further explained in the next section Texas RE CMEP Implementation Plan

24 2013 Implementation Plan Development Methodology Table 6: Comparision Between Total Applicable Requirements and the AML Requirements 2013 Texas RE CMEP Implementation Plan 18

25 Reliability Standards Subject to 2013 CMEP Implementation Reliability Standards Subject to 2013 CMEP Implementation The regulatory authority approved reliability standards and requirements are monitored through at least one of the CMEP compliance monitoring methods. For the audit monitoring method, NERC and the REs have developed and implemented risk based and performance based criteria for determining the scope of the reliability standards to be reviewed during the conduct of the audit; risk based and performance based audits are discussed in the section 2013 Implementation Plan Development Methodology. In addition to these established priorities, other elements considered include FERC Orders and Guidance, compliance history, NERC departmental input, and future considerations all within the framework of a three-tiered approach. Audit scope is determined by factors that are associated with BPS issues across North America, across the respective Interconnection, and within a RE boundary, as well as specifics associated with a registered entity. High-Risk Priority Standards List Given the considerations of the ERO-identified high-risk priorities, as discussed in Appendix 1, the number of high-risk priority reliability standards is 57, as shown in Table 7. From this group of reliability standards, it has been the primary task of Compliance Operations working with input from other groups within NERC to determine and rank the specific requirements of each standard that best represent the core purpose of that standard to ensure the reliability of the BPS. With the further refined list of requirements, a subset has been taken as the 2013 AML and will be monitored by the Regions during the year in accordance with the CMEP. Table 7: High-Risk Priority Reliability Standards BAL-002 COM-002 FAC-009 MOD-030 TOP-002 BAL-003 EOP-001 IRO-002 NUC-001 TOP-004 CIP-001 EOP-002 IRO-004 PER-001 TOP-007 CIP-002 EOP-003 IRO-005 PER-002 TOP-008 CIP-003 EOP-004 IRO-006 PER-005 TPL-002 CIP-004 EOP-005 IRO-009 PRC-001 TPL-003 CIP-005 EOP-006 IRO-014 PRC-005 TPL-004 CIP-006 EOP-008 MOD-001 PRC-008 VAR-001 CIP-007 FAC-001 MOD-004 PRC-011 VAR Texas RE CMEP Implementation Plan

26 Reliability Standards Subject to 2013 CMEP Implementation CIP-008 FAC-002 MOD-008 PRC-017 CIP-009 FAC-003 MOD-028 PRC-023 COM-001 FAC-008 MOD-029 TOP High-Risk Priority Standards and Tier 1 Requirements For each high-risk priority standard identified in Table 7 above, only those requirements that are recognized as Tier 1 requirements are the AML. This section presents the changes that have taken place from 2012 to For a synopsis of the details considered within each family of reliability standards to determine the requirements that meet Tier 1 criteria in 2012, refer to Appendix High-Risk Priority Standards and Tier 1 requirements. The logic presented in Appendix 6 for 2012 still holds in For identification of Tier 1 down to the requirement level, refer to the 2013 AML. A discussion of the families of standards known to have changes coming into effect in 2013 follows. CIP Critical Infrastructure Protection The primary difference in the NERC tiers from last year s list is that tier assignments have been reassigned so that each CIP requirement, along with its subrequirements, all share a single tier. The anticipated effect of this change is to make it easier for a registered entity to prepare for its audit. Texas RE will audit registered entities undergoing a first time CIP audit for all applicable CIP standard requirements, and Texas RE will audit other entities for at least the CIP requirements in Tier 1 and 2, and will provide the full list of applicable requirements in the audit noticification. All Subrequirements Raised To All Subrequirements Lowered To Tier 1 Tier 2 Tier 2 Tier 3 CIP-002 R4 CIP-003 R4 CIP-005 R5 CIP-004 R1 CIP-003 R2 CIP-007 R9 CIP-003 R5 CIP-009 R1 CIP-004 R4 CIP-005 R2 CIP-005 R4 CIP-006 R1 CIP-006 R8 CIP-007 R8 CIP-008 R1 CIP-009 R2 CIP-009 R4 CIP-009 R5 EOP Emergency Preparedness and Operations 2013 Texas RE CMEP Implementation Plan 20

27 Reliability Standards Subject to 2013 CMEP Implementation On July 1, 2013, the introduction of EOP-001-2b, EOP-005-2, EOP-006-2, and EOP replacing previous standards will add five requirements to the AML for generator operator (GOP) and four for RC, while reducing the requirements of the AML by two for TOP and three for BA. The introduction of EOP on October 1, 2013, does not affect the AML as that standard is not tiered as discussed below. EOP-001-0, EOP , EOP-003-1, EOP-004-1, EOP-005-1, EOP-006-1, and EOP have been identified as high priority reliability standards. EOP-001 is critical in terms of Energy Emergency Alerts (EEAs), which were important for mitigating impacts from winter weather events taking place during early EOP-002 complements EOP-001 by assuring the performance of mitigating actions for the both the RC and the BA. EOP-003 designates loadshedding as a suitable action for maintaining the reliability of the BPS, but its action is implied in EOP-001, and therefore the requirements of EOP-003 are not considered Tier 1 requirements. EOP-004 is critical in terms of EA and helping with the process of mitigating future events, and it is vital that the disturbance reports do not stay within a region, but are shared with NERC for dissemination across North America. EOP-005 sets the foundation for system restoration if actions identified in other EOP reliability standards fail and the testing and confirmation of a blackstart capability process is engaged. EOP-006 ensures that the RC takes the lead role in system restoration initiated through EOP-005, such that coordination in these efforts is not an oversight. EOP-008 accounts for loss of a primary control center and many Requirements not accounted for in any other standard, so this is vital to include. FAC Facilities Design, Connections, and Maintenance The introduction of FAC on January 1, 2013, does not change the AML since all associated requirements have been identified as Tier 2 or Tier 3. The introduction of FAC on April 1, 2013 also does not affect the AML as that standard is not tiered. FAC-001-0, FAC-002-0, FAC-003-1, FAC-008-1, and FAC have been identified as high priority reliability standards. FAC-001 designates connections requirements for facilities, which is especially critical in terms of protection and construction of new facilities. With these facilities properly coordinated and accounted for, existing system performance will improve. FAC-002 expands on FAC-001 by requiring that assessments for facilities be undertaken and results coordinated. FAC-003 concerns vegetation management, which is a primary initiator of many events and points to the necessity of an effective vegetation management program. FAC- 008 is a documentation-based standard for Facility Ratings Methodology whose execution is accounted for in FAC-009. While both are heavily violated reliability standards historically, a review of FAC-009 can lead to the determination of compliance with FAC-008. Additionally, FAC-009 requires coordination of facility ratings, which opens those ratings to peer review as a further check. In that case the requirements of FAC-008 are not considered Tier 1 requirements Texas RE CMEP Implementation Plan

28 Reliability Standards Subject to 2013 CMEP Implementation IRO Interconnection Reliability Operations and Coordination The introduction of IRO-006-TRE-1 on October 1, 2013 does not change the AML since this regional standard is not tiered. IRO-002-2, IRO-004-2, IRO-005-3a, and IRO have been identified as high priority reliability standards. IRO-002 determines the sufficiency of tools needed for the RC to perform its role in maintaining the reliability of the BPS, which becomes increasingly imperative when emergency situations arise and BA and TOP require oversight. IRO-004 covers the planning the RCs must perform and ensures preparations are properly made for seen and unseen emergency events in the operation horizon. IRO-005 contains the only Tier 1 Requirement applicable to the Purchase-Selling Entity s (PSEs) function. It is expected that the REs will ensure all PSEs are audited according to a six year interval cycle, including those PSEs which were removed from the 2011 audit schedule. For audits of PSEs, REs will provide a complete audit report regardless of audit scope. IRO-006 discusses the process of transmission load relief (TLR), and while this is an important topic, performance is covered in IRO-005, and therefore the requirements of IRO- 006 are not considered Tier 1 requirements. PER Personnel Performance, Training, and Qualifications The introduction of PER on April 1, 2013 will add four requirements (R1.3, R2, R2.1, and R3) to the AML for functions BA, RC, and TOP. However, functions BA and TOP will have a net reduction of four requirements due to the retirement of PER PER and PER have been identified as high priority reliability standards. PER-001 speaks to the authority of operating personnel to operate independently and in a reliable manner. However, this authority is established in other reliability standards with more specific language based upon the function considered, and therefore the requirements of PER-001 are not considered Tier 1 Requirements. PER-002 encompasses the development of training as well as the training itself of all operating personnel responsible for ensuring reliability of the BPS. Training, especially in preparedness and real time mitigation of emergency events is essential. As such, several of the requirements supporting this training within PER-002 are considered to be Tier 1 Requirements. In anticipation of a number of the requirements of PER regarding operator training coming into effect April 1, 2013 and retiring PER in 2013, many of the requirements of PER-005 are also considered to be high priority and are identified with Tier 1. PRC Protection and Control The introduction of PRC on October 1, 2013 also does not affect the AML as that standard is not tiered. PRC-001-1, PRC-004-1, PRC-005-1, PRC-007-0, PRC-008-0, PRC-011-0, and PRC have been identified as high priority reliability standards. PRC-001 promotes understanding of the limitations and performance of protection systems, which is especially important from an operational standpoint such that protection systems are not overloaded and the system cannot be controlled. PRC-004 is a particularly important standard as it applies to misoperations analysis and reporting. As significant protection system misoperations are considered disturbance events, those misoperations for which BPS reliability is affected that are always 2013 Texas RE CMEP Implementation Plan 22

29 Reliability Standards Subject to 2013 CMEP Implementation addressed in PRC-004 are captured by EOP-004 R3 as well, and therefore the requirements of PRC-004 are not considered Tier 1 requirements. Significant misoperations are those that result in such actions as modifications to operating procedures or equipment and identification of lessons learned as identified by Attachment 1 to EOP-004. PRC-005 is the most violated standard of all time, and its mission to organize and implement protection system maintenance is especially critical for ensuring system reliability. PRC-007 and PRC-008 deal with underfrequency load-shedding (UFLS) while PRC involves undervoltage load-shedding (UVLS). Both UFLS and UVLS protection systems are important, but the level of compliance of a registered entity with PRC-005 will be most telling for compliance with these Reliability Standards. As a result, the requirements of PRC-007, PRC-008, and PRC- 011 are not considered Tier 1 Requirements. PRC-023, as with all reliability standards, has the chief purpose of promoting reliability in the BPS, and in this case it relates to transmission relay protection settings. The concerns surrounding these settings are that they are proper for detecting and protecting against fault conditions. As with UFLS and UVLS maintenance programs, the compliance performance of a registered entity with PRC-005 is a good guide as to how well protection systems at that entity are maintained and tested, which is applicable to PRC-023 as an indicator of the due diligence of an entity in properly setting relays and reviewing transmission system protection schemes. Also, significant misoperations resulting from improper relay settings are addressed through EOP-004, which would allow for a complete review of requirements in PRC-023 in response to any such event. For those reasons listed, the Requirements of PRC-023 are not considered Tier 1 Requirements. Other Standard Families For a synopsis of the details considered within all other families of reliability standards to determine the requirements that meet Tier 1 criteria, refer to Appendix High-Risk Priority Standards and Tier 1 requirements. There are no changes anticipated from the 2012 determination Texas RE CMEP Implementation Plan

30 External CMEP Discovery Methods External CMEP Discovery Methods Compliance Audits Texas RE will include all NERC Reliability Standards and requirements as defined in the 2013 NERC Implementation Plan for audits. This list of NERC Reliability Standards represents the minimum set of standards that will be included in the scope of each audit conducted by Texas RE in Additional standards may be identified and included in the audit. The reliability standards selected for compliance audit are determined based on the 2013 Implementation Plan Development Methodology. The REs will provide to the registered entity the initial scope of the compliance audit with the audit notification letter. The initial scope document may contain portions of the REs analysis of its risk and performance-based approach, which determines the initial audit scope for the registered entity being audited. The intervals for compliance audits is a maximum of three years for entities registered as a RC, BA, or TOP, and is a maximum of six years for entities registered for all other functions. 35 Registered entities may be audited more frequently as needed based upon the results of the RE s review of the risk, performance, and other the facts and circumstances surrounding those entities. REs have the authority to expand an audit to include other reliability standards and requirements, but cannot reduce the scope without NERC s consent (obtained through submitting the form found in Appendix 3 of this document). REs shall consider past performance, including historical violation trends across the Region and those specific to the registered entity, and changes to compliance responsibility resulting from mergers, acquisitions, corporate re-organizations, open investigations and other factors that in the judgment of the Regional Entity audit staff should be considered as part of the normal planning required for a compliance audit and consistent with generally accepted audit practices. Regional Entity audit teams are authorized and obligated to expand the scope of a compliance audit to include Tier 2 and Tier 3 Requirements and any other requirements they may deem necessary based on other relevant facts and circumstances related to the entity or system events. Audit scope expansion can occur at any point during the process, from the initial review of the registered entity through the close of the audit. The scope of the registered entities compliance audits will include a review of all mitigation plans 36 that are open during the audit, as discussed in the CMEP. REs must provide the 35 See Rules of Procedure, Section at 36 See Appendix 4C of the NERC ROP at Sections and 6.6: Texas RE CMEP Implementation Plan 24

31 External CMEP Discovery Methods compliance audit team with the status, documentation and evidence for all mitigation plans that are to be reviewed. Should an expanded scope be required based upon significant issues discovered during any portion of the audit process, the audit team will have the discretion to lengthen the current audit or to schedule a follow-up spot check for reviewing the registered entity s compliance with the reliability standards and Requirements forming the expanded scope. The audit team will issue a new 30-day notification letter for a spot check in order to allow the registered entity proper time to prepare evidence necessary for the expanded audit scope. Registered entities will not be expected to provide evidence outside of the current audit period for compliance purposes unless that evidence is required in accordance with the processes and procedures of the registered entity or it is required by the standard. For example, a registered entity is expected to provide evidence outside of the current audit period for substantiating long range plans that are longer than an audit period, such as Protection System maintenance and testing intervals. For those reliability standards that do not involve long-range plans, an audit team will not be able to require information that is outside of the bounds of the current audit either three or six years nor can it identify possible non-compliance outside of this audit period. In other words, the completion of an audit closes one audit period and initiates another, excluding future audit teams from reviewing a registered entity s compliance during past audit periods. This exclusion does not apply to ERO enforcement, investigations, or events analysis. Generally speaking, spot checks, periodic data submittals and self-certifications will not require evidence that precedes the current audit period. For compliance audits, NERC provides additional guidance: Audit Focus or Scope RE audit teams, as part of their evidence review when determining compliance with specific requirements or as part of their internal compliance program review, have the option, with clearly documented basis in the audit workpapers, of limiting the review of processes and procedures to the registered entity s current, in-force documentation. The audit teams will have the flexibility to review historical information on an as needed basis; this approach allows the audit team to focus on determining current reliability risk and compliance of a registered entity. In accordance with NERC s ROP, 37 documentation certifying evidence submitted to audit teams must be signed, either directly or electronically, by an authorized representative of the registered entity, regardless of whether or not the document is current or historical. In the event a finding of a possible violation is determined based upon the current, in-force documents, the audit team will review previous versions of the process and procedure documentation to determine the full extent of the possible violation. 37 See Section 3.0 of Appendix 4C of the NERC ROP at: Texas RE CMEP Implementation Plan

32 External CMEP Discovery Methods The audit period, being the range of time for which a registered entity is audited, will be individual to each entity based upon several factors. Depending upon a registered entity s particular situation, the start date for the audit period may be one of several possibilities: 1. The day after the prior audit, or 2. When other monitoring activity by the Compliance Enforcement Authority ended, or 3. The later of June 18, 2007 or the registered entity s date of registration if the registered entity has not previously been subject to a compliance audit. The end date for the period of time to be covered during compliance audits is outlined in the current CMEP, Section CIP Reliability Standards Compliance Audits Texas RE s proposed 2013 CIP audit schedule is as follows: NCR ID# Entity Name Functions Audit Type Start Date End Date Location NCR10392 Horse Hollow Generation Tie, LLC TP,TOP,TO Off-Site 1/21/13 2/1/13 Austin, TX NCR04075 GEUS - GO GO On-Site 1/21/13 2/1/13 Greenville, TX NCR11164 Aspen Power LLC GO,GOP Off-Site 2/5/13 2/7/13 Austin, TX NCR04088 Kiowa Power Partners, LLC TO,GO,GOP On-Site 2/25/13 3/8/13 Omaha, NE NCR11032 Duke Energy Generation Services, Inc. GOP Off-Site 3/12/13 3/14/13 Austin, TX Enerwise Global NCR11024 Technologies (Comverge, LSE Off-Site 3/19/13 3/21/13 Austin, TX Inc.) NCR04035 City of Garland - GO GO Off-Site 3/26/13 3/28/13 Austin, TX NCR10133 Luminant Energy Company, LLC GOP On-Site 4/1/13 4/12/13 Dallas, TX NCR10219 Luminant Generation Company, LLC GO On-Site 4/1/13 4/12/13 Dallas, TX NCR11075 Loraine Windpark Project LLC GO,GOP Off-Site 4/16/13 4/18/13 Austin, TX NCR04009 Barney M Davis LP GO,GOP Off-Site 4/23/13 4/25/13 Austin, TX NCR04093 Lower Colorado River Authority - GO GO Off-Site 4/30/13 5/2/13 Austin, TX NCR04033 City of Garland - DP-LSE-TO- TOP-TP LSE,TOP,TO On-Site 5/6/13 5/17/13 Garland, TX NCR04034 City of Garland - GOP-PSE GOP On-Site 5/6/13 5/17/13 Garland, TX NCR11022 MP2 Energy, LLC LSE,GOP Off-Site 5/21/13 5/23/13 Austin, TX NCR10100 Occidental Power Services, Inc. LSE Off-Site 6/4/13 6/6/13 Austin, TX NCR04141 Texas Municipal Power TO,GO On-Site 6/10/13 6/21/13 Anderson, TX 38 See Appendix 4C of the NERC ROP at Texas RE CMEP Implementation Plan 26

33 External CMEP Discovery Methods NCR ID# Entity Name Functions Audit Type Start Date End Date Location Agency NCR04138 Paris Generation, LP GO Off-Site 6/25/13 6/27/13 Austin, TX NCR11227 Phillips 66 Company GOP Off-Site 7/9/13 7/11/13 Austin, TX NCR04091 LCRA Transmission Services Corporation TO,TOP On-Site 7/15/13 7/26/13 Austin, TX NCR11058 South Trent Wind, LLC GO,GOP Off-Site 7/30/13 8/1/13 Austin, TX NCR10321 Scurry County Wind II, LLC GO,GOP Off-Site 8/5/13 8/16/13 Austin, TX NCR10224 Stanton Wind Energy, LLC GO,GOP Off-Site 8/5/13 8/16/13 Austin, TX NCR10277 Turkey Track Wind Energy Center GO,GOP Off-Site 8/5/13 8/16/13 Austin, TX NCR04109 Oncor Electric Delivery Company LLC LSE,TO,TOP On-Site 8/19/13 8/30/13 Dallas, TX NCR11221 Southern Power Company GO,GOP Off-Site 9/10/13 9/12/13 Austin, TX NCR04056 ERCOT ISO BA,RC,TOP, TSP,IA On-Site 9/23/13 10/4/13 Taylor, TX Texas Medical Center NCR11116 Central Heating and Cooling GO Off-Site 10/8/13 10/10/13 Austin, TX Services Corp NCR04148 Trent Wind Farm LP GO Off-Site 10/15/13 10/17/13 Austin, TX NCR10071 Valley NG Power Company, LLC GO Off-Site 10/22/13 10/24/13 Austin, TX NCR10261 Sherbino I Wind Farm, LLC GO,GOP Off-Site 10/29/13 10/31/13 Austin, TX NCR11206 Sherbino II Wind Farm LLC GO,GOP Off-Site 11/5/13 11/7/13 Austin, TX NCR10235 Silver Star I Power Partners, LLC GO,GOP Off-Site 11/12/13 11/14/13 Austin, TX NCR11205 Trinity Hills Wind Farm LLC GO,GOP Off-Site 11/19/13 11/21/13 Austin, TX NCR04124 South Texas Electric LSE,TOP,TO,G Cooperative, Inc. OP,GO On-Site 10/28/13 11/8/13 Nursery, TX NCR04029 City of Austin dba Austin Energy - DP-LSE-TO-TOP-TP LSE,TOP,TO On-Site 12/2/13 12/13/13 Austin, TX Registered entities are subject to audits for compliance with all requirements of CIP through CIP-009-3, which took effect October 1, If there are indications of possible noncompliance, auditors are authorized and obligated to review an entity s compliance throughout the entire audit period, which includes previous versions of CIP reliability standards, in order to determine the extent of PVs. If a responsible entity has active Technical Feasibility Exceptions (TFEs), the NERC ROP 39 requires that: 8.1. Following approval of a Responsible Entity s TFE Request, subsequent Compliance Audits of the Responsible Entity conducted prior to the Expiration Date shall include audit of (i) the Responsible Entity s implementation and maintenance of the compensating 39 See Section 8.1 of NERC ROP Appendix 4D,Procedure for Requesting and Receiving TFEs to NERC CIP Standards at Texas RE CMEP Implementation Plan

34 External CMEP Discovery Methods measures or mitigating measures or both specified in the approved TFE, in accordance with the time schedule set forth in the approved TFE, and (ii) the Responsible Entity s implementation of steps and conduct of research and analyses towards achieving Strict Compliance with the Applicable Requirement, in accordance with the time schedule set forth in the approved TFE. These topics shall be included in such Compliance Audits regardless of whether a Compliance Audit was otherwise scheduled to include the CIP Standard that includes the Applicable Requirement Compliance Audit Schedule Texas RE s proposed audit schedule is as follows: NCR ID# Entity Name Functions Audit Type Start Date End Date Location NCR11034 APX Power Markets, Inc. PSE,GOP Off-Site 1/15/13 1/17/13 Austin, TX NCR10392 Horse Hollow Generation Tie, Juno Beach, TO,TP,TOP On-Site 1/21/13 2/1/13 LLC FL NCR11164 Aspen Power LLC GO,GOP Off-Site 2/5/13 2/7/13 Austin, TX NCR11114 Cross Texas Transmission, LLC TP Off-Site 2/12/13 2/14/13 Austin, TX NCR04033 City of Garland - DP-LSE-TO- TOP-TP TOP On-Site 2/25/13 3/8/13 Garland, TX NCR11032 Duke Energy Generation Services, Inc. GOP Off-Site 3/12/13 3/14/13 Austin, TX NCR11024 Enerwise Global Technologies (Comverge, LSE Off-Site 3/19/13 3/21/13 Austin, TX Inc.) NCR04035 City of Garland - GO GO Off-Site 3/26/13 3/28/13 Austin, TX NCR04049 Denton Municipal Electric LSE,TP,TOP, DP,TO On-Site 4/1/13 4/12/13 Denton, TX NCR11075 Loraine Windpark Project LLC GO,GOP Off-Site 4/16/13 4/18/13 Austin, TX NCR04009 Barney M Davis LP GO,GOP Off-Site 4/23/13 4/25/13 Austin, TX NCR04093 Lower Colorado River Authority - GO GO Off-Site 4/30/13 5/2/13 Austin, TX NCR04091 LCRA Transmission Services Corporation TOP On-Site 5/6/13 5/17/13 Austin, TX NCR11022 MP2 Energy, LLC LSE,GOP Off-Site 5/21/13 5/23/13 Austin, TX NCR10100 Occidental Power Services, Inc. LSE Off-Site 6/4/13 6/6/13 Austin, TX NCR04109 Oncor Electric Delivery Company LLC TOP On-Site 6/10/13 6/21/13 Dallas, TX NCR04138 Paris Generation, LP GO Off-Site 6/25/13 6/27/13 Austin, TX NCR04124 South Texas Electric Cooperative, Inc. TOP On-Site 7/15/13 7/26/13 Nursery, TX NCR11058 South Trent Wind, LLC GO,GOP Off-Site 7/30/13 8/1/13 Austin, TX NCR10321 Scurry County Wind II, LLC GO,GOP Off-Site 8/5/13 8/16/13 Austin, TX NCR10224 Stanton Wind Energy, LLC GO,GOP Off-Site 8/5/13 8/16/13 Austin, TX NCR10277 Turkey Track Wind Energy Center GO,GOP Off-Site 8/5/13 8/16/13 Austin, TX NCR04141 Texas Municipal Power Agency TO,TP On-Site 8/19/13 8/30/13 Anderson, TX 2013 Texas RE CMEP Implementation Plan 28

35 External CMEP Discovery Methods NCR ID# Entity Name Functions Audit Type Start Date End Date Location NCR11221 Southern Power Company GO,GOP Off-Site 9/10/13 9/12/13 Austin, TX NCR04029 City of Austin dba Austin Energy - DP-LSE-TO-TOP- TOP On-Site 9/23/13 10/4/13 Austin, TX TP NCR11116 Texas Medical Center Central Heating and Cooling Services GO Off-Site 10/8/13 10/10/13 Austin, TX Corp NCR04148 Trent Wind Farm LP GO Off-Site 10/15/13 10/17/13 Austin, TX NCR10071 Valley NG Power Company, LLC GO Off-Site 10/22/13 10/24/13 Austin, TX NCR10261 Sherbino I Wind Farm, LLC GO,GOP Off-Site 10/29/13 10/31/13 Austin, TX NCR11206 Sherbino II Wind Farm LLC GO,GOP Off-Site 11/5/13 11/7/13 Austin, TX NCR10235 Silver Star I Power Partners, LLC GO,GOP Off-Site 11/12/13 11/14/13 Austin, TX NCR11074 Wind Energy Transmission Texas, LLC TP Off-Site 11/12/13 11/14/13 Austin, TX NCR11205 Trinity Hills Wind Farm LLC GO,GOP Off-Site 11/19/13 11/21/13 Austin, TX The 2013 ERO compliance audit schedule, which is a compilation of all regional schedules, will be posted on the Compliance Resource page on the NERC website. 40 This posted schedule is updated at least quarterly, allowing the registered entities to have access to the schedule for the upcoming year as soon as possible. The compliance audits listed on the schedule are labeled as on-site audits or off-site audits. This distinction is only relevant to the location of the audit activities, not the rigor of the audits. Both on-site and off-site audits are compliance audits and are performed using the same Reliability Standards Audit Worksheets (RSAW) and other audit tools and processes. The major difference is that on-site audits would entail physical access to the audited entity s premises. In fact, a large portion of the pre-audit work associated with an on-site audit may actually occur off-site. Nevertheless, certain types of audits must contain an on-site component because of the nature or functions of the registered entity. For example, RC, BA and TOP functions must be audited on-site. For other BPS users, owners, and operators on the NERC Compliance Registry, the Regions and NERC can use discretion on the location and the conduct of the audit. In either case, the RE should plan the audit to assure proper scope and rigor. As a final note regarding the audits of entities registered for the PSE function, it is expected that REs will ensure all PSEs are audited according to a maximum six year cycle, including those PSEs which were removed from the 2011 audit schedule Texas RE CMEP Implementation Plan

36 External CMEP Discovery Methods Compliance Audit Reports REs are obligated to provide written audit reports for all compliance audits and spot checks in accordance with NERC Compliance Process Directive #2010-CAG Regional Entity Compliance Audit Report Processing. 41 NERC posts all public versions of the REs compliance audit reports of registered entities on the NERC website to satisfy requirements of the CMEP. REs submit two audit reports for each compliance audit, excluding CIP audits, of a registered entity: a public report and a non-public report. The public report does not contain critical energy infrastructure information or any other information deemed confidential. The public report does not include a description of how the audit team determined its findings; rather, it includes a listing of the findings. The names of the RE personnel and registered entity personnel participating in the audit are excluded from the public report, and all participants are identified by title. In accordance with FERC expectations, 42 the non-public report shall document all areas of concern except those related to situations that involve a current or ongoing violation of a reliability standard requirement. Areas of concern are items identified that, according to professional judgement of the audit team, could become a violation based upon proposed changes to regulations or compliance guidance. The non-public report contains confidential information and detailed evidence that supports the audit findings. The names and titles of all Regional Entity personnel and all registered entity personnel participating in the audit are included in the non-public report. Public and non-public compliance audit reports that do not contain PVs are completed by the REs and are submitted to NERC simultaneously. Upon receipt of the reports NERC posts the public reports on its website and submits the non-public audit reports to the applicable regulatory authority. Public and non-public audit reports that contain PVs are submitted to NERC at different times. The non-public compliance audit reports are completed by REs as soon as practical after the last day of the audit and are then submitted to NERC. Upon receipt of the non-public reports, NERC submits them to the Applicable Governmental Authority. The public reports that contain PVs are completed by redacting all confidential information in the non-public reports. The REs retain the public version of compliance audit reports that contains PVs until all violations are processed through the NERC CMEP. Due process is considered complete when all PVs are dismissed or when a violation is confirmed or a settlement is reached and a decision has been rendered, if applicable, by the regulatory authority (e.g. Notice of Penalty (NOP) has been issued in the United States). Before or upon completion of due process, the REs submit the public version of the compliance audit reports to the registered entities for review and comment prior to submitting them to NERC. Upon receipt of the public reports NERC posts them on the NERC website Compliance with Mandatory Reliability Standards Guidance Order on Compliance Audits Conducted by the Electric Reliability Organization and Regional Entities, 126 FERC 61,038 (2009) at P13, 43 Public audit reports can be found at: Texas RE CMEP Implementation Plan 30

37 External CMEP Discovery Methods Compliance Tools The RSAWs are designed to add clarity and consistency to the assessment of compliance with reliability standards. The RSAWs are used for multiple compliance monitoring methods. Comments on these and any of the ERO s auditor resources are welcome and can be directed to the RE Compliance Managers. 44 The RSAWs are posted on the NERC public website 45 and provide information to the industry about expectations of the ERO compliance auditors when evaluating compliance with a reliability standard. NERC works in close coordination with the REs to ensure the information in existing RSAWs is updated with the latest regulatory authority language and guidance, and new RSAWs are developed as reliability standards are approved. It is recommended that REs and registered entities check the NERC website regularly to ensure the latest available versions of RSAWs are being used. Mitigation Plans Registered entities must be in compliance with all reliability standards at all times. NERC and the REs encourage aggressive self-assessments and analysis and self-reporting of noncompliance by registered entities. Registered entities are further encouraged to draft mitigation plans upon identification and self-reporting of PVs, prior to the required submission timeline per the CMEP. Mitigation plans are not an admission of a violation and are treated as voluntary corrective action. However, mitigation plans duly prepared and promptly submitted to Texas RE will be used to demonstrate a positive, proactive culture of compliance in any potential enforcement action. Open mitigation plans can also examined as part of the compliance audit process. Spot Checks Spot checks are compliance audits with a much narrower focus, but are performed with the same rigor as a compliance audit. NERC and the REs have the authority to conduct spot checks of any entity at any time, given the appropriate notification process, for regulatory approved reliability standards. Texas RE may include any applicable FERC-approved standard requirements in spot checks arising from system events. REs shall ensure, however, that they satisfy all spot check requirements in the NERC Reliability Standards, ROP, and CMEP. REs are obligated to provide written audit reports for all compliance audits and spot checks in accordance with NERC Compliance Process Directive #2010-CAG Regional Entity Compliance Audit Report Processing. 46 The standard audit report template and procedure provided in NERC Compliance Process Directive #2010-CAG-001 will be used for all spot check reports. 44 Information concerning Regional Entity programs is available at: under NERC Directives and Bulletins for Regional Entities Texas RE CMEP Implementation Plan

38 External CMEP Discovery Methods CIP Reliability Standards Selected reliability standards requirements of CIP through CIP will be audited and additional spot checks may be performed at the REs discretion. CIP audits, including CIP spot checks, will require the appropriate reports per the ROP, CMEP, and NERC Compliance Process Directive #2010-CAG Regional Entity Compliance Audit Report Processing. 47 Compliance Investigations A Compliance Investigation may be initiated at any time by Texas RE or NERC in response to a system disturbance, Complaint, or the PV of a reliability standard identified by any other means. Compliance Investigations are confidential, unless FERC directs otherwise and are generally led by the RE s staff. NERC reserves the right to assume the leadership of a Compliance Investigation. The Compliance Enforcement Authority reviews information to determine compliance with the reliability standards. The Compliance Enforcement Authority (CEA) may request additional data or information or both as necessary through formal requests for information, site visits, sworn statements, etc. to perform its assessment. Complaints NERC or Texas RE may receive a complaint from individuals or entities alleging a violation of a Reliability Standard by one or more Registered Entities. Texas RE will review each complaint it receives to determine if the complaint provides sufficient basis for an investigation, and provide notification to NERC in the agreed upon format. Exceptions are that NERC will review any complaint (1) that is related to Texas RE in its performance related to the functions in the delegation agreement; (2) where Texas RE determines it cannot conduct the review; (3) if the complainant wishes to remain anonymous; or (4) the complainant specifically requests NERC to conduct the review of the compliant. Notices and steps described in Section 3.8 of the CMEP will be used; the process is very similar to investigations described below and allows for similar requests for additional information. All regulatory authority-approved reliability standards or requirements can be the subject of a complaint regarding a compliance violation by a registered entity. Complaints, if validated, can initiate one of the other compliance monitoring methods in order to determine the full extent of potential non-compliance. Entities may submit complaints in Texas RE s area by sending notice to information@texasre.org or may submit a complaint through Texas RE s Compliance Hotline by going to clicking on File a New Report, and inputting Texas Reliability Entity or calling EthicsPoint at (888) toll-free (in the U.S. and Canada). Complaints submitted through ethicspoint.com will maintain requested confidentiality of reporters. NERC under NERC Directives and Bulletins for Regional Entities 2013 Texas RE CMEP Implementation Plan 32

39 External CMEP Discovery Methods also maintains a Compliance Hotline that is administered by the Reliability Risk Management (RRM) group. Any person may submit a complaint to report a PV of a reliability standard by calling (404) , sending an directly to hotline@nerc.net or completing the form on the NERC website. Unless specifically authorized by the complainant, NERC and RE staff will withhold the name of the complainant in any communications with the violating entity. All information provided will be held as confidential in accordance with the NERC Rules of Procedure. RRM will informally seek additional information regarding the potential violation of reliability standards from the submitter and others, as appropriate. RRM may refer the matter for further investigation by NERC or the appropriate RE. Note: The NERC Compliance Hotline is for reporting complaints or possible compliance violations of reliability standards by an entity. For other questions regarding the NERC CMEP or reliability standards, please send an to compliancefeedback@nerc.net Texas RE CMEP Implementation Plan

40 Internal CMEP Discovery Methods Internal CMEP Discovery Methods Self-Reports Texas RE reviews self-reported violations to validate the possible violation and provide information needed for enforcement. Registered Entities should self-report any possible violation through the Texas RE webcdms. Upon receipt of any self-report, Texas RE assigns an internal tracking number, sends an acknowledgement to the Registered Entity, and conducts its review process. The review checks the information provided by the entity against the standard requirements and may involve additional questions and requests for documentation, if needed. The RSAW is used as a guide to insure consistency. Self-reports are either dismissed after the evaluation or processed as possible violations for enforcement, with due consideration of Registered Entity s cooperation in providing the self-report, and mitigation of the violation is required. Registered entities are encouraged to self-report compliance violations with any regulatory authority-approved reliability standard. In most cases, self-reports of compliance violations are provided to the appropriate RE. 48 The ERO strongly encourages registered entities to report violations of reliability standards as soon as possible to ensure that the entity receives any potential cooperation credits 49 for self-reporting 50 and minimizing any ongoing risk to the BPS. FERC has issued the following guidance in the Turlock Rehearing Order 51 issued in June 2012: 32. While we continue to encourage self-reporting, we clarify that all self-disclosures are not of equal value and do not necessarily warrant self-reporting credit. Self-reporting credit is not warranted, for example, when a registered entity reports facts relating to a PV under an existing reporting obligation before making a self-report, or reports facts after the commencement of a compliance audit, spot check, or other compliance process. If the registered entity is otherwise required to report facts relating to a PV, through, for example, a self-certification or exception reports, self-reporting credit is not warranted. Or, as happened with Turlock, when a reliability standard requires a registered entity to report an event and, in reporting the event, the entity is required to disclose certain information sufficient to reveal a potential violation, self-reporting credit is not appropriate. Selfreporting credit, however, may be appropriate when the registered entity voluntarily discloses a violation in advance of any required report because learning of violations at an early stage facilitates an enforcement agency s review of the facts. 48 The exception would be where the self-reporting entity is itself a Regional Entity, in which case the self-report should go directly to NERC in accordance with the Regional Entity s delegation agreement and other agreements with NERC. 49 North American Electric Reliability Corporation, Order on Review of Notice of Penalty, 134 FERC 61,209 (2011) at P 13, 50 Guidance o Filing Reliability Notices of Penalty, North American Electric Reliability Corporation, Order on Review of Notice of Penalty, 124 FERC 61,015 (2008) at P 32, 51 Order Denying Rehearing and Providing Clarification, North American Electric Reliability Corporation, 139 FERC 61,248 (2012) at P32 and 33, Texas RE CMEP Implementation Plan 34

41 Internal CMEP Discovery Methods 33. Also, a registered entity s required reporting of an event would not foreclose selfreporting credit for all disclosures of violations related to the event. Rather, it would foreclose self-reporting credit only for violations for which the registered entity was required to disclose relevant facts. The registered entity, however, could still receive selfreporting credit for other violations, for which relevant facts were not required to be provided in the initial, required report, regardless of whether the entity provided that information in the initial report or later, as long as it was reported in advance of a requirement to do so. Moreover, if a registered entity s required reporting of an event provides extensive information and details that prove especially valuable in assisting REs and NERC s review of PV, separate mitigating credit may be warranted for the entity s cooperation. Self-Certifications Texas RE will send its 2013 self-certification schedule to all Registered Entities in the ERCOT region and will post this schedule on the Texas RE s Web site: Date August 1, 2013 September 2, 2013 Texas RE Comments Texas RE will post the Self-Certifications for all registered entities. Completed Self-Certifications from all registered entities will be due back to Texas RE. The most recent version of the Texas RE self-certification schedule can be found on the Texas RE Web site at: Texas RE will send Registered Entities a reminder 2 weeks prior to the start of the selfcertification period. Texas RE self-certification forms for all registered entities that will not be audited in 2013 (for all functions) will be available and submitted via the Open Access Technology International, Inc. (OATI) webcdms (Compliance Data Management System) ( per self-certification schedule. The Registered Entities must self-certify compliance or non-compliance with all applicable NERC Actively Monitored Reliability Standards requirements and submit the required forms through webcdms within 30 days, in accordance with the schedule. Texas RE will notify a Registered Entity if its self-certification submission is not timely received. If a Registered Entity fails to timely submit its self-certification forms, Texas RE will follow NERC s Process for Non-Submittal of Requested Data, contacting the Primary Compliance Contact and Senior Executive as needed Texas RE CMEP Implementation Plan

42 Internal CMEP Discovery Methods Registered Entities must identify all non-compliance with the standards during the relevant period on its submission, even if it has previously self-reported or has been previously found by Texas RE to be non-compliant with the standard during the same period. Texas RE will review such self-certifications and identical reports will not constitute additional violations. All registered entities are required to participate in the annual self-certification each year per the NERC Actively Monitored Reliability Standard list. Texas RE, at its discretion, may include additional Reliability Standards in its 2013 Implementation Plan. Self-certification is an important component of the ERO Compliance Monitoring and Enforcement Program. It is one of the discovery methods that monitor a Registered Entity s compliance with Reliability Standards, especially those that have not been included in audit scopes in recent years. Selfcertification waivers are not available as all applicable Reliability Standards must be selfcertified. Table 8 below shows a breakout of by function of the 413 requirements subject to selfcertification. 52 Regional Entities may add, at their discretion, additional requirements. Table 8: Number of Requirements Applicable To Self-Certification By Function in 2013 CIP through CIP Reliability Standards Applicable registered entities are required to self-certify once per year, as scheduled by Texas RE and according to Texas RE s 2013 Implementation Plan However, self-certification may expand to include CIP supplemental questionnaires as directed by NERC or an Applicable 52 This information can be found in the 2013 Actively Monitored Reliability Standards worksheet, Texas RE CMEP Implementation Plan 36

43 Internal CMEP Discovery Methods Governmental Authority. For further information, refer to Implementation Plan for Newly Identified Critical Cyber Assets and Newly registered entities. 53 A unique characteristic of the CIP Standards pertains to self-certification: CIP R4 requires all entities to annually approve their risk-based assessment methodology, the list of Critical Assets and the list of Critical Cyber Assets (CCAs), even if such lists are null. Thus, entities will need to submit self-certification for CIP even if they conclude they have no Critical Assets. Similiarly, a registered entity must self-certify CIP R2 even if they do not have any CCAs. The requirements for Self-Certification differ from the reporting requirements for approved TFEs. TFE reporting requirements for responsible sntities are described in Section 6 of NERC ROP - Appendix 4D, Procedure for Requesting and Receiving TFEs to NERC CIP Standards. Periodic Data Submittals Periodic submittals consist of required monthly, quarterly, and/or annual data submittals specified in certain Reliability Standards, as set forth below. Texas RE will monitor these submittals to confirm that requirements are met per Section 3.6 of the CMEP. For monthly and quarterly submittals, Texas RE will post the current data submittal reporting schedule and required formats on its Web site ( and inform the Registered Entities of changes or updates. Texas RE will directly notify Registered Entities of annual data submittal requirements at least 30 days prior to the requested date of submittal, if not otherwise specified in the Reliability Standard. As necessary, Texas RE will use escalating notices for any failure to timely submit information, in accordance with the NERC RoP s Process for Non- Submittal of Requested Data. For 2013, periodic data submittals are required from the Registered Entities to Texas RE for the following Reliability Standards: Reliability Standard Title Requirements Applicable Functions Submittal Frequency (Due to Texas RE) BAL a Real Power Balancing Control Performance R1, R2 BA Monthly (10 days after the end of the month) Texas RE CMEP Implementation Plan

44 Internal CMEP Discovery Methods Reliability Standard Title Requirements Applicable Functions Submittal Frequency (Due to Texas RE) BAL Disturbance Control Performance R1, R3, R4, R5, R6 BA, RSG Quarterly (10 days after the end of the quarter) BAL b Frequency Response and Bias R1.2 BA Annually i BAL Inadvertent Interchange R3, R4 BA Not applicable in ERCOT Region EOP Documentation of Blackstart Generating Unit Test Results R2 GO, GOP Annually (December 13, 2012) FAC Transmission Vegetation Management Program R3 TO Quarterly ii MOD Steady-State Data for Modeling and Simulation of the Interconnected Transmission System R2 TO, TP, GO, RP Annually (December 13, 2013) MOD Dynamics Data for Modeling and Simulation of the Interconnected Transmission System R2 TO, TP, GO, RP Annually (December 13, 2013) PRC Analysis and Mitigation of Transmission and Generation Protection System Misoperations R3 TO, DP, GO Quarterly iii PRC Assuring Consistency of Entity Underfrequency Load R2 TO, DP, TOP, LSE Annually Test date April 12, 2013 at 2013 Texas RE CMEP Implementation Plan 38

45 Internal CMEP Discovery Methods Reliability Standard Title Requirements Applicable Functions Submittal Frequency (Due to Texas RE) Shedding Programs 11:00AM (May 17, 2013) PRC Under-Voltage Load Shedding Program Data R1 TO, DP Annually (December 13, 2013) TPL System Performance Under Normal (No Contingency) Conditions (Category A) R3 PA, TP Annually (November 15, 2013) TPL-002-0b System Performance Following Loss of a Single Bulk Electric System Element (Category B) R3 PA, TP Annually (November 15, 2013) TPL-003-0a System Performance Following Loss of Two or More Bulk Electric System Elements (Category C) R3 PA, TP Annually (November 15, 2013) TPL System Performance Following Extreme Events Resulting in the Loss of Two or More Bulk Electric System Elements (Category D) R2 PA, TP Annually (November 15, 2013) Specific reliability standards and requirements have been identified for periodic data submittals. The periodic data submittals for 2013 are as shown on the requirements tab of the AML. Specific information regarding periodic data submittals is defined in the Texas RE s Implementation Plans Texas RE CMEP Implementation Plan

46 Internal CMEP Discovery Methods Exception-Reporting Texas RE s handling of exception reporting is a combination of self-reporting and selfcertification. Registered Entities are required to review their compliance internally per the list of requirements subject to exception reporting, with the period between assessments as identified in the standards list. If a registered entity believes that it is in violation of a requirement covered by an exception report, it should use the Texas RE webcdms portal to submit an exception report, providing details. Texas RE staff will evaluate all exception report violations provided using the same basic steps as a self-report acknowledgement, validation, and processing for dismissal or violation. Texas RE also requires Registered Entities to confirm the number of exceptions that have occurred in a given time period identified by NERC, even if the number of exceptions is zero. Annual confirmation for all standards with exception reporting will be requested. Since there is no specific form or template for Exception Reporting, Registered Entities should self-report, as possible violations, any exceptions to the Reliability Standard requirements designated for monitored through Exception Reporting, using the Texas RE webcdms portal Self-Report form. Submittal by Registered Entities of self-certifications for these Standards indicating the Registered Entity is Compliant will serve as a declaration by the Registered Entity that it has had no exceptions to the designated Reliability Standard requirements during the reporting period (a zero-exception report). Specific reliability standards and requirements in the 2013 AML have been identified for exception reporting. The registered entities are expected to report to the REs for all events or conditions occurring that are exceptions to the associated reliability standard requirement. In May of 2012, NERC filed 54 proposed revisions with FERC to Appendix 4C, CMEP (and other ROP provisions) that would remove exception reporting as one of the compliance monitoring methods. As the filing states, Exception Reporting will no longer be considered one of the compliance reporting processes, as Exception Reports are triggered by Requirements of particular reliability standards, and not on the initiative of the CEA. It is important to note that exception reporting will remain as a compliance monitoring method until these proposed revisions are accepted by FERC. The list of exception reporting requirements for the Texas RE s 2012 Implementation Plan is provided below: BAL b, R1.2 Frequency Response and Bias; BAL-004-0, R4.1 Time Error Correction; 54 See Petition of the North American Electric Reliability Corporation for Approval of Revisions to its Rules of Procedure at: Texas RE CMEP Implementation Plan 40

47 Internal CMEP Discovery Methods EOP-002-3, R9.2, R9.3, R9.4 Capacity and Energy Emergencies; EOP-004-1, R3 (subrequirements R3.1 and R3.3), R4, R5 Disturbance Reporting; INT-001-3, R1 (and subrequirements) Interchange Information; INT-003-3, R1 Interchange Transaction Implementation; IRO-004-2, R1 Reliability Coordination - Operations Planning; PER-003-0, R1(subrequirements R1.1 and R1.2) Operating Personnel Credentials; PRC , R3 Special Protection System Misoperations; TOP-005-2a, R1, R1.1, R3 Operational Reliability Information; TOP-007-0, R1, R2, R4 Reporting SOL & IROL Violations Evaluation. Note: The following requirements on NERC s list of 2013 Actively Monitored Reliability Standards are not applicable in the ERCOT Region: BAL-006-1, R5 Inadvertent Interchange; TOP-005-1, R2 Operational Reliability Information Texas RE CMEP Implementation Plan

48 Key CMEP Activities and Initiatives Key CMEP Activities and Initiatives NERC and the REs receive CMEP implementation feedback from the Members Representative Committee (MRC), Compliance and Certification Committee (CCC) and other stakeholders through the use of audited entity feedback forms. All feedback and input from these groups, among others, are reviewed on a continual basis for opportunities for improvement. NERC and the REs are committed to continuous improvement of the CMEP implementation. Registration and Certification The purpose of the Organization Registration Program is to clearly identify those entities that are responsible for compliance with the regulatory approved reliability standards and is described in the NERC ROP Appendix 5A Organization Registration and Certification Manual. As described in the NERC Statement of Compliance Registry Criteria, NERC will include in its compliance registry each entity that the ERO concludes can materially impact the reliability of the BPS. NERC is obligated to identify all organizations to be listed in the NERC compliance registry. Identifying these organizations is necessary and prudent for the purpose of determining resource needs both at the NERC and RE level, and to begin the process of communication with these entities regarding their potential responsibilities and obligations. Joint Registration Organization and Coordinated Functional Registration Joint Registration Organization (JRO) 55 : In addition to registering as the entity responsible for all functions that it performs itself, an entity may register as a JRO on behalf of one or more of its members or related entities for one or more functions for which such members or related entities would otherwise be required to register, and, thereby, accept on behalf of such members or related entities all compliance responsibility for that function or those functions, including all reporting requirements. Any entity seeking to register as a JRO must submit a written agreement with its members or related entities for all requirements/sub-requirements for the function(s) for which the entity is registering for and takes responsibility for, which would otherwise be the responsibility of one or more of its members or related entities. The JRO is responsible for providing all of the information and data, including submitting reports, as needed by the Regional Entity for performing assessments of compliance. For other duly executed legal agreements, please see the NERC Public Bulletin 56 which provides guidance for Entities that delegate reliability tasks to a third party Entity. Coordinated Functional Registration (CFR): 57 : In addition to registering as an entity responsible for all functions that it performs itself, multiple entities may each register using a CFR for one or more reliability standards or for one or more requirements/sub-requirements or both within particular reliability standards applicable to a specific function. The CFR submission must 55 Section 507 of the NERC ROP, 56 NERC Compliance Public Bulletin # , 57 Section 508 of the NERC ROP, Texas RE CMEP Implementation Plan 42

49 Key CMEP Activities and Initiatives include a written agreement that governs itself and clearly specifies the entities respective compliance responsibilities. The registration of the CFR is the complete registration for each entity. Additionally, each entity shall take full compliance responsibility for those reliability standards or requirements/sub-requirements or both it has registered for in the CFR. The Regional Entity s acceptance of that CFR shall be a representation by the Regional Entity to NERC that the Regional Entity has concluded the CFR will meet the Registration requirements of Section 501(1.4). Each CFR or each individual entity within a CFR identified point of contact shall inform the Regional Entity of any changes to an existing CFR. The Regional Entity shall promptly notify NERC of each such revision. Due to abrupt or forced registration changes, as described below, this form of registration may become more common in Results of Abrupt or Forced Registration Changes The conclusions drawn from the EOP-005 System restoration and Blackstart Compliance Analysis Report 58 completed by NERC indicate that an increasing number of self-reported Possible Violations (PVs) are being issued due to abrupt or forced registrations. As such, these types of PVs involve a heavier case load for registered entities, as some of the violations require lengthy mitigation plans. Furthermore, for issues that involve certifiable functions, a NERC certification must be completed per the ROP. NERC and Texas RE will continue to work together in the development of appropriate actions to efficiently manage the compliance issues resulting from abrupt and forced registration changes. CMEP Transparency Elements NERC and the REs continuously balance the request from the industry to improve transparency with the confidential nature of the CMEP processes. Figure 5 is a pictorial view of the compliance process, and it shows how most of the processes in the CMEP fall under a window of confidentiality. NERC and the REs are continuously identifying and implementing innovative ways to share CMEP process information while honoring confidentiality. Additional initiatives are underway to increase transparency of CMEP elements in They are discussed later in this Chapter Texas RE CMEP Implementation Plan

50 Key CMEP Activities and Initiatives Region notifies NERC (& entity) of Possible Violation within 2-5 days NERC notifies gov t authority Settlement negotiations Settlement Reached Settlement Approved by BOTCC External Monitoring Activities (can be prompted by Compliants) Audits Spot Checks Compliance Investigations Region continues review and evaluation Notice of alleged violation & proposed penalty sent to responsible entity Entity accepts violation Notice of confirmed violation sent to NERC & responsible entity NERC BOTCC reviews & approves region s proposed penalty Self Reports Mitigation Plan Region Review NERC Review Gov t Review Internal Monitoring Activities Selfcertifications Periodic Data Submittals Entity Contests Regional Hearing Appeals Process Exception Reporting Dismissed C O N F I D E N T I A L 5 DAY WAITING PERIOD Notice of penalty or settlement sent to FERC in U.S. & posted to NERC website (Processes differ in Canada) Figure 5: Compliance Process In 2010, NERC began publicly posting CMEP implementation and process information. NERC Compliance Operations will continue to review and publicly post CMEP implementation and process information in the form of public notices 59 in order to increase transparency of the CMEP application to registered entities. Compliance Operations and REs Communications Seminars and Workshops Seminars and workshops for compliance activities are conducted at both the RE and NERC levels. Each RE provides Compliance Workshops at least once a year. NERC offers two major Standards and Compliance workshops per year for registered entities. These workshops focus on assisting registered entities in understanding standards and improving their compliance programs. The seminars and workshops are important learning exercises for those subject to reliability standards. NERC and the REs will continue compliance seminars, workshops and panel discussions to educate registered entities and to increase transparency of CMEP processes that are important to reliability. In 2013, Texas RE will conduct at least two one to two-day Standards and Compliance, tentatively in the spring and the fall. These workshops will include information about Standards 59 Public notices are available at: Texas RE CMEP Implementation Plan 44

51 Key CMEP Activities and Initiatives and the Compliance Monitoring and Enforcement Program, including CIP and non-cip. Texas RE will use web conference remote meeting facilitation capability to reach a wider audience for these workshops. Texas RE also conducts monthly Talk with Texas RE meetings and conference calls to provide registered entities with information and provide a forum to talk with other stakeholders about reliability or compliance matters and also to ask questions of Texas RE subject matter expert employees. Texas RE will continue with these meetings in Texas RE also conducts other training and outreach activities as requested by its Member Representatives Committee, ERCOT regional stakeholders groups. Newsletters Texas RE has been publishing its quarterly Texas REview" newsletter since The newsletter is intended for users, owners, and operators of the BPS in the ERCOT region, and focuses on updates and information relating to reliability, compliance, and Standards. Each issue of the Texas REview offers a summary of Texas RE news, activities, and training opportunities, updates on NERC and Regional Reliability Standards, NERC news and communications, and related news of interest. Transparent Communications The NERC Compliance Operations Program and the REs are working toward common goals related to improving consistency, increasing transparency, and creating more efficiency in compliance processes. Past field experience gained by REs and NERC is an important part of meeting the goal to provide clarity on particular items and state the proper expectations. NERC provides transparency information in various formats, depending on the scope of the matter and relevance to the particular functions within the BPS. These include the following, as well as other means as NERC deems necessary: CANs Compliance Application Notices 60 (NERC Compliance Operations) CANs focus on current auditable compliance applications. CANs provide continued compliance and enforcement guidance to CEA staff as a means to facilitate consistency and also provide information to industry until Reliability Standards are revised and improved as discussed in the various FERC Orders that approved reliability standards, most notably orders 693 and 706. The CAN process can be found online. 61 CARs Compliance Analysis Reports 62 (NERC Compliance Operations) Compliance Analysis Reports (CARs) are a historical look at compliance trends for individual reliability standards and will include addendums when the information is updated The Compliance Application Notices Process are located on the NERC website at Texas RE CMEP Implementation Plan

52 Key CMEP Activities and Initiatives Case Notes 63 (NERC Enforcement) The Case Notes are based, in whole or in part, on information contained in mitigation plans that have been accepted by REs and approved by NERC, and are usually focused on CIP standards. This document is designed to convey compliance guidance from NERC s various activities. It is not intended to establish new requirements under NERC s Reliability Standards or to modify the requirements in any existing NERC Reliability Standard. Compliance will continue to be assessed based on language in the NERC Reliability Standards as they may be amended from time to time. This document is not intended to define the exclusive method an entity must use to comply with a particular standard or requirement, or foreclose a registered entity s demonstration by alternative means that it has complied with the language and intent of the standard or requirement, taking into account the facts and circumstances of a particular registered entity. Implementation of information in these Case Notes is not a substitute for compliance with requirements in NERC s Reliability Standards Texas RE CMEP Implementation Plan 46

53 Key CMEP Activities and Initiatives Bulletins 64 (NERC Compliance Operations) Bulletins provide general information or clarification on current and future issues. Lessons Learned 65 (NERC Events Analysis) NERC Lessons Learned result from an event analysis. They provide examples of how a problem occurred and was identified, and the corrective action taken, without consideration of reliability standards compliance. Texas RE posts Event Observations from system events, Lessons Learnedfrom Regional enforcement dismissals and possible violations trends in the ERCOT Region on its website. 66 Annual CMEP Report 67 (NERC Compliance Operations) Annual CMEP Reports are assessment of the previous year s CMEP and are used in the planning and development of future years annual CMEP Implementation Plans. Training Compliance Auditors The NERC compliance auditor training is based on current auditing processes and practices, and in part on generally accepted auditing practices such as the Government Accounting Office (GAO) Generally Accepted Government Auditing Standards, and is revised from time to time. Initial training is provided for all auditors, and separate audit team leader training is conducted quarterly. Continuing education is provided on specific auditing issues to promote consistency and increased reliability. In 2013, NERC Compliance Operations will continue to improve processes and practices, including broader implementation of the Compliance Enforcement Initiative. Effective training is an important part of delivering consistency across NERC and the Regions. In addition, NERC sponsors multi-day workshops on specific matters as a way to bring auditors together to provide continuing education to ERO staff. Beginning in 2011, two workshops have been conducted each year, and two are scheduled for Specialized training for CIP auditors will continue in 2013 to address technical issues unique to the CIP Standards environment and to increase the skills of CIP auditor staff. CIP Standards Training will be conducted in NERC encourages the CIP audit staff to have requisite experience, training and credentials in cyber security and IT auditing Texas RE CMEP Implementation Plan

54 Key CMEP Activities and Initiatives Compliance Investigative (CI) Staff A Fundamentals of CI course/seminar has been conducted for NERC and RE staff by NERC over the last several years. The training is scheduled to be conducted twice annually and is revised from time to time. Enforcement Streamlining Texas RE reminds registered entities of the importance of timely mitigation plans and that the submission of a mitigation plan is not an admission of a confirmed violation. Prompt voluntary correction amd reporting of possible violations in a timely manner may also reduce the potential of a penalty consistent with section of NERC s Sanctions Guidelines 68. Compliance Enforcement staff will continue to clarify the submission of a mitigation plan is not an admission of confirmed violation. Prior to, and if, enforcement confirms a possible violation to an alleged violation, the mitigation plan is treated as a voluntary corrective action. The evidence collected by ERO enforcement will determine whether a violation exists. Compliance Reviews of Events and Disturbances Through the events analysis process, 69 the ERO strives to develop a culture of reliability excellence that promotes aggressive, critical self-review, and analysis of operations, planning, and critical infrastructure protection performance This self-critical focus is ongoing and registered entities are linked together by their individual and collective performances. Focusing on critical self-review and analysis is the basis of understanding the root cause of events and, in turn, avoiding similar or repeated events by the timely identification and correction of their causes and by sharing lessons learned. As an important component of the ERO s risk-based approach to compliance monitoring, compliance assessments conducted after events and disturbances further enhances the overall strength of the ERO and the industry. Both Registered Entities and Regional Entities have responsibilities in this area to facilitate continued learning and demonstration of accountability to overall Bulk Power System (BPS). Registered Entity Responsibilities To support a strong culture of compliance, registered entities are encouraged to perform a compliance assessment in response to all system events and disturbances. Registered entities conducting compliance assessments are encouraged to provide a compliance assessment report to Texas RE for system events that fall in category 2 and above as outlined in the ERO Events Analysis Process document. The Compliance Assessment Template, as found in Appendix 5, should be used when performing these 68 See Appendix 4B Sanction Guidelines of the North American Electric Reliability Corporation from NERC s Rules of Procedure at: 69 The ERO Event Analysis Process Document is available at: Texas RE CMEP Implementation Plan 48

55 Key CMEP Activities and Initiatives assessments. Registered Entities that utilize compliance assessments to self-identify and address possible reliability issues demonstrate the effectiveness of their internal controls and their commitment to their culture of compliance. Registered Entities that are able to demonstrate strong internal controls and a robust culture of compliance that mitigate risk may be afforded some recognition in consideration of reduced levels and frequency of compliance monitoring activities. At a minimum, the entity is typically given credit for these actions in the enforcement of a self-reported possible violation(s) and non-compliance issue(s). Deference will be provided the Registered Entity for comprehensive compliance assessments that clearly demonstrate a review of applicable standards and as appropriate self reporting. Regional Entity Responsibilities Texas RE will review all system event reports and all compliance assessment reports provided by registered entities and may utilize a risk based approach to prioritizing these reviews. The scope and depth of compliance review and the manner in which Texas RE and NERC evaluate, respond, and process these reviews is intended to reflect the significance of the event and the thoroughness of the compliance assessment performed by the registered entity. Compliance reviews are an area that may also produce lessons learned to be shared at compliance workshops or compliance newsletters to facilitate improvement in industry compliance programs. These compliance lessons learned and the results of these reviews will be shared with NERC. In the case that a registered entity does not provide a compliance assessment, or if the Regional Entity determines the assessment was insufficient, Texas RE may perform an independent compliance assessment. Texas RE may request additional information from the registered entity. These compliance assessments can impact future compliance monitoring activity. Compliance Review Process Monitoring Over the course of 2013 NERC and Texas RE will continually assess the cost and benefit of the compliance review process. This monitoring and analysis will be addressed in the 2013 Annual CMEP Report. Enforcement Initiatives Texas RE s Compliance Enforcement department conducts Texas RE s mitigation, risk assessment and enforcement activities, including: Tracking of all possible violations coming into the Texas RE compliance monitoring and enforcement program, Conducting risk assessment and CMEP compliance enforcement proceedings regarding possible violations, Prosecution of compliance violation matters arising out of NERC-led investigations and audits, Texas RE CMEP Implementation Plan

56 Key CMEP Activities and Initiatives Review and tracking of all mitigation plans submitted by Registered Entities, Verification of completion of mitigation plans submitted by Registered Entities, Drafting of all settlement agreements in the region, Processing of all contested compliance violations, and Analysis of violation statistics. In 2013, Texas RE Enforcement will continue to develop enhancements to enforcement processing to achieve efficient and timely compliance outcomes, including streamlined procedures for lesser risk violations and improved workflow and tools at Texas RE. This will result in an increased focus of both NERC and Texas RE Compliance Enforcement resources on the cases that have the most significant impact on the reliability of the BPS. This should help reduce the caseload by ensuring that the number of cases processed, including through the filing of a notice of penalty (full and spreadsheet) and Find, Fix, Track and Report (FFT), exceeds the number of cases coming into Texas RE and should allow Texas RE to provide timely lessons learned to the industry Texas RE CMEP Implementation Plan 50

57 Key CMEP Activities and Initiatives In September 2011, NERC made its initial Compliance Enforcement Initiative (CEI) filing with the Federal Energy Regulatory Commission (FERC) that introduced the streamlined spreadsheet Notice of Penalty (NOP) and the FFT approaches. The CEI has received significant support from the REs and the industry. On March 15, 2012, FERC approved the FFT approach with certain proscribed conditions. Texas RE anticipates the FFT process will enable better alignment and substantially greater resources and attention to be devoted to matters that pose a more serious risk to the reliability of the BPS. Texas RE will continue to work collaboratively with NERC and the other RE s compliance and enforcement staffs as well as the industry hroughout 2013 to continue to implement and improve the CEI. Further Implementation of the CEI As the FFT implementation matures, auditors will be able to recommend FFT treatment of certain audit findings, but the decision to afford FFT treatment to a specific issue resides with Texas RE enforcement staff. NERC will be providing a series of webinars and workshops to guide compliance and enforcement staff at all levels on the application of FFT to PVs. NERC and RETexas are continuing to work toward further phases where an auditor will be authorized an appropriately higher level of discretion in the FFT process. NERC also has posted information regarding the CEI implementation on its website. This information includes guidance to registered entities on information to be included in selfreports, particularly with respect to the underlying factual situation, the assessment of the risk to the reliability of the BPS and mitigating activities to correct and prevent PVs. NERC will continue to hold webinars and workshops with the industry to enhance understanding of FFT and the ERO s enforcement efforts. These webinars and workshops will focus on case studies based on the FFT informational filings to date. NERC filed with FERC a six-month status update on CEI implementation in May That filing describes the experience gained and the results from implementation of the CEI to that were gathered and responds to specified compliance requirements outlined in the March 15 CEI order. Specifically, the six-month report addresses and provides context for the CEI processing statistics, discusses the benefits obtained from the program from a broad perspective (NERC, RE and industry), and discusses the challenges of implementation and NERC s plans for addressing them. In preparation of this filing, NERC worked with the REs to ensure that their input was incorporated into the filing. NERC also distributed a survey to solicit information from the registered entities regarding their experience with the implementation of the CEI that also informed the content of the six-month update to FERC. With additional efficiencies attained with the implementation of the FFT and spreadsheet NOP approach, NERC has been able to process a significant number of cases since September In the six-month period from September 2011 to the end of February 2012, as reflected in Figure 2, NERC filed 921 total violations, or on average 154 violations filed per month. Of the 921 violations, 428 were FFTs, representing an average filing rate of 71 FFTs per month. Over the past year, the ERO s caseload of active violations expanded from 3260 in February 2011 to 3611 in February The rate of new violations coming into the case load has increased Texas RE CMEP Implementation Plan

58 Key CMEP Activities and Initiatives dramatically from an average of 196 violations per month in February 2011 to an average of 267 violations per month in February The increase in caseload is primarily attributable to the large number of violations of CIP Standards that have been and will be entering the system. Figure 2: Total FFTs/NOPs Filed with FERC from September 2011 to February 2012 The average monthly processing rate over the last year is 233 violations per month, this includes both violations filed and dismissed. Figure 3 compares the number of incoming violations each month to the number of violations filed or dismissed. 70 There have been more violations processed than submitted in seven of the last nine months. This is very encouraging and is primarily a result of the new compliance initiative introduced in September The large number of violations in May 2011 and January 2012 are attributable to a large number of duplicate violations from CIP selfcertifications that were subsequently dismissed. This issue has been addressed Texas RE CMEP Implementation Plan 52

59 Key CMEP Activities and Initiatives Figure 3: Violation Processing in 2011 and 2012 Closeout of Past Caseload Another aspect of caseload management that will be addressed in 2013 is the aging caseload. Figure 4 shows the potential violations by region and year that remain to be closed out. There are approximately 1100 potential violations spanning 2007 through 2010 (including those on hold due to related jurisdictional issues). Of these, about 600 are in settlement and about 60 percent of the outstanding violations are related to about a dozen entities. Throughout 2013, Enforcement plans to work in concert with the REs that have potential violations prior to January 1, 2011 to reduce this past caseload. Texas RE does not have any caseload from 2007, 2008, or 2009, and has an October 2012 caseload of only nine violations from 2010 (including two from an on-going contested case and seven that have been submitted to NERC for processing). Figure 4: NERC Work CIP and Non-CIP Violations by Region ERO Guidance on COM Communication and Coordination Compliance monitoring for COM-002 will be based on the NERC Board of Trustees (BOT) approved interpretation effective as approved by the BOT on February 9, Background and further information is provided below. In December of 2011, a recirculation ballot was approved by the ballot pool regarding an interpretation 71 to COM regarding the use and associated circumstances of three-part communication for directives. Specifically, the interpretation states that: 71 See Standards Project Interpretation of COM Communications and Coordination R2 for the ISO/RTO Council at: Texas RE CMEP Implementation Plan

60 Key CMEP Activities and Initiatives COM R2 does not specify the conditions under which a directive is issued, nor does it define directive. It only provides that the requirements be followed when a directive is issued to address a real-time emergency. Routine operating instructions during normal operations would not require the communications protocols for repeat backs as specified in R2. Following the recirculation ballot, this interpretation was presented and subsequently approved by the NERC BOT in February This interpretation has designated that COM R2 is applicable to the use of directives in addressing real-time emergencies and, with BOT approval, now represents NERC guidance on the use of directives. To ensure consistency throughout the ERO for COM-002-2, NERC Compliance Operations is utilizing a strategy based upon the following four components: 1. NERC Staff will develop an enhanced COM-002 RSAW that provides the appropriate compliance guidance and relates industry best practices 2. NERC staff will work with the NERC Operating Committee (OC) and Standards Committee (SC) to develop and provide guidance regarding good utility practice on the use of three-part communication for real-time operations 3. NERC staff will work with the NERC SC to expedite the completion and FERC approval of Standards Project Operating Personnel Communications Protocols COM that addresses real-time communication protocols 4. Auditors will continue to use professional judgment when making recommendations for the use of three-part communication during all real-time operational communications Approved Standards Which Reference Unapproved Standards There are several approved reliability standards that reference or rely on not yet approved reliability standards. In Order No. 693, the Commission determined it could neither approve nor remand certain proposed reliability standards based on information provided. The ERO only enforces those standards that have been approved by FERC. In Order No. 693, the Commission did state, however, that the ERO has the authority to obtain necessary information through the Commission s regulations. In addition, the Commission stated that: 72 See the BOT approved revision to the COM that includes the interpretation at: 73 See Standards Project Operating Personnel Communications Protocols COM-003 at: Texas RE CMEP Implementation Plan 54

61 Key CMEP Activities and Initiatives The fact that a Reliability Standard simply references another, pending Reliability Standard, one that is not being approved or remanded here, does not alone justify not approving the former Reliability Standard. 74 Examples of these standards follow: Fill-in-the-blank standard: MOD filed 4/4/06 awaiting FERC action MOD filed 8/28/06 awaiting FERC action PRC filed 8/28/06 awaiting FERC action Referenced in: MOD-010-0, R1 and R2 effective 6/18/07 MOD-012-0, R1 and R2 effective 6/18/07 PRC-018-1, R1, R2, R3, R4, and (indirectly) R5. effective 6/18/07 74 Mandatory Reliability Standards for the Bulk-Power System, 72 FR 16,416 (Apr. 4, 2007), FERC Stats. & Regs. 31,242 (2007) (Order No. 693). P Texas RE CMEP Implementation Plan

62 Regional Entities CMEP Implementation Plans Regional Entities CMEP Implementation Plans Texas RE s Implementation Plan is an annual plan submitted to NERC no later than October 1 of each year for approval, that, in accordance with NERC ROP Section and the NERC CMEP Implementation Plan, identifies: 1. All reliability standards identified by NERC in the 2013 AML. 2. Other reliability standards proposed for monitoring by the RE; these will include any regional reliability standards and additional NERC Reliability Standards. 3. The methods to be used by the RE for reporting, monitoring, evaluation, and assessment of performance criteria with each reliability standard. NERC expects at a minimum for the REs to perform the compliance monitoring methods identified in the NERC 2013 AML. When a RE determines that an increased audit scope is necessary, then the RE shall notify the registered entity of the increased audit scope. This notification shall be part of the audit notification package and shall include the reliability standards and requirements that are included in the increased scope, as well as the justification for the increased scope. When a RE determines that an increased audit scope is necessary after the notification package is sent, or while the audit team is onsite, then the RE shall notify the registered entity of the increased audit scope as soon as possible. For references to NERC guidance or Implementation Plans such as the CIP Guidance, a link should be included in the RE Implementation Plan instead of listing the entire document. 4. The REs Annual Implementation Plan should include a list of registered entity names that are on the 2013 schedule, NERC Compliance Registration ID, and the year they will be audited. The RE can provide its audit plan for multiple years in the future. 5. The REs Annual Plan should address Key CMEP Activities and Initiatives Texas RE CMEP Implementation Plan 56

63 Conclusion Conclusion The ERO CMEP Implementation Plan, which is developed according to Section 215(c) of the Federal Power Act, is the operating plan for annual compliance monitoring and enforcement activities. NERC, as the international ERO, and the REs through their delegation agreements with NERC, monitor and enforce compliance of registered entities with all regulatory approved reliability standards. Registered entities include all BPS owners, operators and users. While the actions of the ERO in accordance with the CMEP are critical to the reliability of the BPS, it is only one part of an overall plan to ensure system reliability. The other part consists of the actions of the registered entities and the electric power industry at large, and these are equally as critical to system reliability. The registered entities must participate in the educational, informational and developmental efforts that are being undertaken not only to maintain reliability, but to enhance it as well. The sharing of the industry s technical expertise, experience, and judgment as well as its participation in the ERO s processes will help to further identify and remove reliability gaps and shortcomings. The ERO continuously seeks to improve the execution of its role in ensuring system reliability, as is the case with the advancements of the annual CMEP Implementation Plan undertaken for 2013, but the industry must continue to participate for the overall reliability plan to be successful Texas RE CMEP Implementation Plan

64 Conclusion REVISION NUMBER DATE NATURE OF CHANGE REVIEWER APPROVAL 0 3/15/2012 Original Development Ryan Mauldin, Kyle Howells Michael Moon 2013 Texas RE CMEP Implementation Plan 58

65 Appendix ERO High Risk Priorities with High Value Associated Reliability Standards Appendix ERO High-Risk Priorities with High Value Associated Reliability Standards The ERO high-risk priorities are those current issues challenging the BPS. NERC s RAPA group has confirmed that these priorities identified in previous years remain high-risk for These issues have been identified through the analysis of significant events on the BPS, such as the August 2003 blackout, and the execution of compliance actions in addition to input provided by numerous groups, including the REs, NERC s CEO, and many other industry stakeholders. Additionally, recent events within North America have highlighted several areas of importance within the BPS, and the lessons learned and circumstances surrounding these events have been taken into account as well. Therefore, the high-risk priorities are as follows: 1. Misoperations of relay protection and control systems Nearly all major system failures, excluding perhaps those caused by severe weather, have misoperations of relays or automatic controls as a factor contributing to the propagation of the failure. Protection systems are designed to operate reliably when needed under the presence of a fault on the system, to quickly isolate a piece of equipment or a zone of the BPS, without allowing the fault to transfer into adjoining facilities. The greater the number of facilities involved in an event, the more severe the impact to the rest of the BPS, with cascading failure such as the Zone 3 Relay issue in the August 2003 blackout being the extreme. Relays can misoperate, either operate when not needed or fail to operate when needed, for a number of reasons. First, the device could experience an internal failure but this is rare. Most commonly, relays fail to operate correctly due to incorrect settings, improper coordination (of timing and set points) with other devices, ineffective maintenance and testing, or failure of communications channels or power supplies. Preventable errors can be introduced by field personnel and their supervisors or more programmatically by the organization. Adding to the risk is that system protection is an extremely complex engineering field there are many practitioners but few masters. 2. Human errors by field personnel Field personnel play an important role in the maintenance and operation of the BPS. They often switch equipment in and out of service and align alternative configurations. Risks can be introduced when field personnel operate equipment in a manner that reduces the redundancy of the BPS, sometimes even creating single points of failure that would not exist normally. Taking outages of equipment to conduct maintenance is a routine and necessary part of reliable BPS operation. However, any alterations to the configuration of the network must be carefully planned in advance to minimize loss of redundancy and avoid unintended single points of failure. It is also important that such changes and risks be communicated to system operators and reliability coordinators in advance, so that they can make adjustments in their operating plans and reliability assessments. 3. Ambiguous or incomplete voice communications Out of longstanding tradition, system operators and reliability coordinators are comfortable with informal communications with field and power plant personnel and neighboring systems Texas RE CMEP Implementation Plan

66 Appendix ERO High Risk Priorities with High Value Associated Reliability Standards Experience from analyzing various events indicates there is often a sense of awkwardness when personnel transition from conversational discussion to issuing reliability instructions. It is also human nature to be uncomfortable in applying formal communication procedures after personnel have developed informal styles over many years. Confusion in making the transition from normal conversation to formal communications can introduce misunderstandings and possibly even incorrect actions or assumptions. Further, once the need to transition to more formal structure is recognized, the transition is often not complete or effective. Results can include unclear instructions, confusion as to whether an instruction is a suggestion or a directive, whether specific action is required or a set of alternative actions are permissible, and confusion over what elements of the system are being addressed. 4. Right-of-way maintenance The August 14, 2003 blackout highlighted effective vegetation management programs as a key recommendation for avoiding future cascading failures. More broadly, any encroachments in the right-of-way that reduce clearances to the point of lowering facility ratings or reducing the randomness of possible contacts can be a risk to reliability. Although these impacts may not always be readily apparent, under extreme wind and temperature conditions they may become more of a risk to BPS reliability. There are many challenges to effective right-of-way maintenance, especially maintaining proper clearances, including interventions by private landowners, local municipalities, and federal and state landowners. 5. Changing resource mix Energy and environmental policies along with energy markets are driving proposals toward unprecedented changes in the resource mix of the BPS. Examples include integration of significant amounts of renewable energy (variable such as wind and solar), natural gas, storage and demand resources to provide energy and capacity. Industry s knowledge of the characteristics of the BPS comes from nearly a century of operational experience with the existing resource mix. However, integration of these new resources results in operating characteristics significantly different from conventional steam production facilities. An array of reliability services must be provided over a range of time horizons from seconds to minutes to hours and days, and annually such as load following, contingency reserves, frequency response, reactive supply, capacity and voltage control, and power system stability. Continued reliable operation of the BPS will require an industry dialog with policymakers and regulators. Understanding the impacts on reliability will depend on accurate modeling of new resources, and development of new methods and tools for the provision of essential reliability services. 6. Integration of new technologies While the electric utility industry was once thought to be slow in adopting new technologies, smart grid initiatives across the country have proven this not be the case as of late. To continue this proactive trend of incorporating new technologies as well as to ensure proper coordination, a number of Reliability Standards should be considered in order to make this priority possible. Introduction of electric vehicles, demand-side management, variable generation, distributed resources and smart grid technologies presents tremendous opportunities but also introduces changes to the operating characteristics of the BPS. Integration of these new 2013 Texas RE CMEP Implementation Plan 60

67 Appendix ERO High Risk Priorities with High Value Associated Reliability Standards technologies requires changes in the way the BPS is planned and operated to maintain reliability. Further, additional tools/models are required to support their integration to meet policy and strategic goals. Without these changes, it will be challenging to maintain reliability with large-scale deployments. For example, some smart grid devices/systems increase exposure to cyber threats, while variable generation requires additional ancillary services. Integration of these new technologies must be achieved in a manner that does not undermine existing levels of stability, resilience and security of the BPS. 7. Preparedness for high-impact, low-frequency events Although there is a wide range of threats labeled high-impact, low-frequency, the greatest concern is being prepared for possible events that could debilitate the BPS for extended periods, such as widespread, coordinated physical/cyber attacks or geomagnetic storms. The industry must consider improving the design of the BPS to address these potential risks, prepare coordinated North American response plans for use during catastrophic events, and be ready to deploy those plans to restore essential services in a timely manner. 8. Non-traditional threats via cyber-security vulnerabilities Establishment of enterprise risk-based programs, policies and processes to prepare for, react to, and recover from cyber-security vulnerabilities is a high priority for the industry. The BPS has not yet experienced wide-spread cyber-attacks, and a contributing factor has been the traditional physical separation between the industrial control system/scada environment and the business and administrative networks. This situation, however, is rapidly changing, predominantly due to the efficiencies that can be achieved by leveraging shared networks and resources, so now even physically separated environments are susceptible. For example, the BPS could be as vulnerable to digital threats as IT systems, but with far more critical implications, as the recent Stuxnet virus has shown. Disabling or turning systems off in a binary fashion is concerning enough, but as illustrated by Stuxnet, industrial control system software can be changed and data can be stolen without intrusions even being detected. These injection vectors serve as a blueprint for future attackers who wish to access controllers, safety systems, and protection devices to insert malicious code-targeting changes to set points and switches as well as alteration or suppression of measurements. 9. Other Other priorities involve considerations that have potentially high impacts to reliability but do not necessarily fit cleanly into other categories. Such considerations include the Frequency Response Initiative, Winter Weather Events from the Southwest and Texas in February of 2011, and the Pacific Southwest Blackout in September of The Reliability Standards relating to these considerations, especially those corresponding to emergency procedures, are important in terms of enacting lessons learned and preventing detrimental conditions in the future. NERC has identified a number of reliability standards associated with each of the ERO high-risk priorities. These associated reliability standards have a high value in that they most directly address the concerns raised by the high-risk priorities. The relationships of these high-value reliability standards to the high-risk priorities are laid out in the list below Texas RE CMEP Implementation Plan

68 Appendix ERO High Risk Priorities with High Value Associated Reliability Standards 1. Ambiguous, Incomplete Voice Communications COM-002 EOP-002 EOP-005 EOP-006 EOP-008 IRO-002 IRO-006 TOP Mis-Operations of Relay and Controls Systems EOP-005 EOP-008 FAC-001 PRC-001 PRC-004 PRC-005 PRC-023 TPL-003 TPL Human Errors by Field Personnel COM-002 EOP-005 EOP-008 FAC-003 PER High-Priority CIP and Supporting Standards CIP-001 CIP-002 CIP-005 CIP-006 CIP-007 COM-001 COM-002 EOP-005 EOP Right-of-Way Maintenance and Clearances FAC-003 FAC-008 FAC-009 TOP-002 TPL-003 TPL Changing Resource Mix EOP-001 EOP-005 EOP-002 IRO-002 TOP High-Impact, Low-Frequency Events EOP-003 EOP-005 EOP-008 IRO-004 IRO-005 NUC-001 TOP-004 TOP Other Frequency response initiative BAL-003 Winter Weather Events (Texas, February 2011) o BAL-002 o EOP-001 o EOP-002 o EOP-004 o EOP Integration of New Technologies COM-001 FAC-001 FAC-002 FAC-009 IRO-002 PRC Texas RE CMEP Implementation Plan 62

69 Appendix Actively Monitored List (AML) Analysis Appendix Actively Monitored List (AML) Analysis As with the reliability standards selected for audit in 2013, the reliability standards selected for annual self-certification in 2013 represent the results of a risk-based approach. Due to the breadth of the AML, it can be helpful to perform targeted analysis in order to corroborate that the ERO priorities are being properly addressed. The average number of requirements per function was reduced substantially in 2012, and the AML in 2013 is unchanged except for reassigning 23 CIP requirements to Tier 1. Table 9: Requirements Analysis for the 2013 AML When looking at the total number of in-effect Requirements as of January 1, 2013 within the 2013 AML as applicable by function, there is a strong correlation between the potential reliability impact of a function and the proportion of its applicable requirements that are represented on the 2013 AML. For instance, the Reliability Coordinator, Balancing Authority, and Transmission Operator certified functions, all have over 30 percent of their applicable Requirements on the AML. For other functions, such as the Purchasing-Selling Entity (PSE) or Distribution Provider (DP), a much smaller proportion of their reliability standards are incorporated. These results are shown in Table NERC CMEP Implementation Plan

70 Appendix Actively Monitored List (AML) Analysis In some cases, such as the TSP, Generator Operator (GOP), Interchange Authority (IA), and Load-Serving Entity (LSE), there is perhaps an unexpectedly high percentage of applicable Reliability Standards within the 2013 AML. The TSP has a large number due to the inclusion by FERC Order 729 of MOD-001, MOD-004, and MOD-008, which alone count for 76 Requirements. The GOP, IA, and LSE functions have a large proportion of Requirements due to CIP. Looking at Table 11, which is similar to Table 9 but accounts only for 693 Reliability Standards, the GOP, IA, and LSE functions are shown to have 15 percent, 0 percent, and 15percent of applicable 693 Requirements within the 2013 AML respectively, which are much more reasonable numbers. Table 10: Percent of total in effect Requirements as of 1/9/2013 represented in the 2013 AML Table 11: Percent of total in effect 693 Requirements as of 1/9/2013 represented in the 2013 AML As new standard versions come into effect in 2013, these numbers will slightly change. The introduction of PER on April 1, 2013 will add four requirements (R1.3, R2, R2.1, and R3) to the AML for functions BA, RC, and TOP. However, functions BA and TOP will have a net reduction of four requirements due to the retirement of PER On July 1, 2013, the introduction of EOP-001-2b, EOP-005-2, EOP-006-2, and EOP replacing previous standards will add five requirements to the AML for GOP and four for RC, while reducing the requirements of the AML by two for TOP and three for BA. Table 12 shows that only 29 percent of all requirements within the three tier structure are included in the 2013 AML, which is represented by Tier 1 Requirements. Additional Tier 2 requirements in the 2013 AML from the 2012 AML are largely a result of FAC coming into effect on 1/1/2013. FAC has many more requirements than FAC did, and none of 2013 Texas RE CMEP Implementation Plan 64