Agenda Member Representatives Committee August 13, :15 5:15 p.m. Pacific

Transcription

1 Agenda Member Representatives Committee August 13, :15 5:15 p.m. Pacific The Westin Bayshore, Vancouver 1601 Bayshore Drive Vancouver, BC V6G 2V4 Canada Introductions and Chair s Remarks NERC Antitrust Compliance Guidelines and Public Announcement* Consent Agenda 1. Minutes Approve a. July 16, 2014 Conference Call* b. May 6, 2014 Meeting* 2. Future Meetings* 3. Nominations a. Update from Board of Trustees Nominating Committee* b. Schedule for MRC Officer and Sector Elections* Regular Agenda 4. Responses to the Board s Request for Policy Input* a. Reliability Assurance Initiative b. Critical Infrastructure Protection Version 5 Transition c. Risk-Based Registration Design and Implementation Plan d. Cybersecurity Risk Information Sharing Program 5. Additional Policy Discussion from Board Committee Meetings* a. Corporate Governance and Human Resources Committee b. Finance and Audit Committee i. NERC 2015 Business Plan and Budget ii. Regional Entities and WIRAB 2015 Business Plan and Budgets

2 iii. Long-term Assessment Stabilization Initiative c. Compliance Committee i. Physical Security Implementation d. Standards Oversight and Technology Committee i. ERO Enterprise IT Application Strategy ii. Geomagnetic Disturbance Standard iii. Defintion of Bulk Electric System Implementation iv. Reliability Standard Audit Worksheet Review and Revision Process e. Other 6. CO2 Strategic Discussion* 7. Polar Vortex Report Update* 8. Assessing the ERO s Effectiveness* 9. Regulatory Update* *Background materials included Member Representatives Committee Agenda August 13,

3 Antitrust Compliance Guidelines I. General It is NERC s policy and practice to obey the antitrust laws and to avoid all conduct that unreasonably restrains competition. This policy requires the avoidance of any conduct that violates, or that might appear to violate, the antitrust laws. Among other things, the antitrust laws forbid any agreement between or among competitors regarding prices, availability of service, product design, terms of sale, division of markets, allocation of customers or any other activity that unreasonably restrains competition. It is the responsibility of every NERC participant and employee who may in any way affect NERC s compliance with the antitrust laws to carry out this commitment. Antitrust laws are complex and subject to court interpretation that can vary over time and from one court to another. The purpose of these guidelines is to alert NERC participants and employees to potential antitrust problems and to set forth policies to be followed with respect to activities that may involve antitrust considerations. In some instances, the NERC policy contained in these guidelines is stricter than the applicable antitrust laws. Any NERC participant or employee who is uncertain about the legal ramifications of a particular course of conduct or who has doubts or concerns about whether NERC s antitrust compliance policy is implicated in any situation should consult NERC s General Counsel immediately. II. Prohibited Activities Participants in NERC activities (including those of its committees and subgroups) should refrain from the following when acting in their capacity as participants in NERC activities (e.g., at NERC meetings, conference calls and in informal discussions): Discussions involving pricing information, especially margin (profit) and internal cost information and participants expectations as to their future prices or internal costs. Discussions of a participant s marketing strategies. Discussions regarding how customers and geographical areas are to be divided among competitors. Discussions concerning the exclusion of competitors from markets. Discussions concerning boycotting or group refusals to deal with competitors, vendors or suppliers.

4 Any other matters that do not clearly fall within these guidelines should be reviewed with NERC s General Counsel before being discussed. III. Activities That Are Permitted From time to time decisions or actions of NERC (including those of its committees and subgroups) may have a negative impact on particular entities and thus in that sense adversely impact competition. Decisions and actions by NERC (including its committees and subgroups) should only be undertaken for the purpose of promoting and maintaining the reliability and adequacy of the bulk power system. If you do not have a legitimate purpose consistent with this objective for discussing a matter, please refrain from discussing the matter during NERC meetings and in other NERC-related communications. You should also ensure that NERC procedures, including those set forth in NERC s Certificate of Incorporation, Bylaws, and Rules of Procedure are followed in conducting NERC business. In addition, all discussions in NERC meetings and other NERC-related communications should be within the scope of the mandate for or assignment to the particular NERC committee or subgroup, as well as within the scope of the published agenda for the meeting. No decisions should be made nor any actions taken in NERC activities for the purpose of giving an industry participant or group of participants a competitive advantage over other participants. In particular, decisions with respect to setting, revising, or assessing compliance with NERC reliability standards should not be influenced by anti-competitive motivations. Subject to the foregoing restrictions, participants in NERC activities may discuss: Reliability matters relating to the bulk power system, including operation and planning matters such as establishing or revising reliability standards, special operating procedures, operating transfer capabilities, and plans for new facilities. Matters relating to the impact of reliability standards for the bulk power system on electricity markets, and the impact of electricity market operations on the reliability of the bulk power system. Proposed filings or other communications with state or federal regulatory authorities or other governmental entities. Matters relating to the internal governance, management and operation of NERC, such as nominations for vacant committee positions, budgeting and assessments, and employment matters; and procedural matters such as planning and scheduling meetings. NERC Antitrust Compliance Guidelines 2

5 Draft Minutes Member Representatives Committee Pre-Meeting Informational Session Conference Call and Webinar July 16, :00 a.m. 1:00 p.m. Eastern Introductions and Chair s Remarks Chair John Anderson, with vice chair Sylvain Clermont present, convened a duly-noticed open meeting by conference call and webinar of the North American Electric Reliability Corporation (NERC) Member Representatives Committee (MRC) on July 16, 2014 at 11:03 a.m., Eastern. The meeting provided the MRC and other stakeholders an opportunity to preview proposed agenda topics for the MRC Board of Trustees (Board) and Board committee meetings scheduled to be held August 13-14, 2014 in Vancouver, BC. The meeting announcement, agenda, and list of attendees are attached as Exhibits A, B, and C, respectively. NERC Antitrust Compliance Guidelines and Public Meeting Notice Kristin Iwanechko, committee secretary, directed the participants attention to the NERC Antitrust Compliance Guidelines and the public meeting notice included in the agenda. Schedule of Quarterly NERC Meetings and Conference Calls The draft schedule of events for the upcoming meetings in Vancouver was included in the agenda package for today s meeting. The MRC meeting is scheduled to begin at 1:15 p.m. on August 13. Review of Proposed Board and Board Committees Meeting Agenda Items Charlie Berardesco noted that the preliminary agenda items for the Board of Trustees and Board committee meetings scheduled for August 13-14, 2014 in Vancouver are identified in the slide presentation included in the agenda package for today s call (Exhibit D). Mr. Anderson encouraged MRC members to review all agenda materials for the Board and Board committee meetings, once posted and available on July 30, 2014, and attend as many of these meetings as possible, in advance of the MRC s meeting on August 13, Review of Proposed MRC Agenda Items for August 13 Mr. Anderson noted that the preliminary MRC agenda items for the upcoming August 13, 2014 meeting in Vancouver are identified in the slide presentation included in the agenda package for today s call (Exhibit D). Topics include: Update from the Board of Trustees Nominating Committee; Schedule for MRC officer and sector elections; Discussion of the responses submitted to the policy input request from the Board; Additional discussion of the issues presented at the Board committee meetings on August 13;

6 Update on the polar vortex report; and Strategic discussion on the proposed EPA CO2 Section 111(d) regulation. Policy Input Reminder Mr. Anderson announced that the Board s request for policy input is scheduled to be released today and responses are due by Wednesday, August 6 to Kristin Iwanechko, committee secretary. NERC staff provided updates on the following topics included in the policy input letter: Reliability Assurance Initiative (RAI); Risk-based Registration Initiative; Critical Infrastructure Protection (CIP) Version 5 Transition; and Cybersecurity Risk Information Sharing Program (CRISP). Informational Items NERC staff provided updates on the long-term reliability assessment and emerging issues, and the polar vortex report. Proxy Reminder Proxy notifications for the August 13 meetings must be submitted in writing to Kristin Iwanechko, committee secretary. Meeting Adjourned There being no further business, the call was terminated at 12:59 p.m., Eastern. Submitted by, Kristin Iwanechko Secretary MRC Informational Session Minutes, July 16,

7 Draft Minutes Member Representatives Committee May 6, :00 5:00 p.m. Eastern Hyatt Regency Philadelphia at Penn s Landing 201 South Columbus Blvd Philadelphia, PA Chair John Anderson, with Vice Chair Sylvain Clermont present, called to order the North American Electric Reliability Corporation (NERC) Member Representatives Committee (MRC) meeting on May 6, 2014, at 1:04 p.m., Eastern. The meeting announcement, agenda, and list of attendees are attached as Exhibits A, B and C, respectively. Introductions and Chair s Remarks Mr. Anderson welcomed attendees and acknowledged the attendance of FERC staff, the NERC Board of Trustees (Board), and new members Marion Lucas and State Commissioner Asim Haque. Mr. Anderson recognized the MRC responses to the April 9, 2014 policy input request from Fred Gorbet, chairman of the Board. He reminded attendees that full presentations were conducted at the committee meetings and will not be repeated during the MRC meeting. Mr. Anderson also thanked everyone that attended the informational session on April 9, 2014 and acknowledged that these sessions were started to better prepare participants for the upcoming quarterly meetings. He welcomed input from MRC members on whether a different format should be considered. NERC Antitrust Compliance Guidelines and Public Announcement Kristin Iwanechko, committee secretary, called attention to the NERC antitrust compliance guidelines and the public meeting notice. Any questions should be addressed to NERC s general counsel, Charles Berardesco. Ms. Iwanechko declared a quorum present with the following recognized proxies: Greg Ford for Michael L. Smith Cooperative Utility Barry Lawson for Jay Bartlett Cooperative Utility Jackie Sargent for John DiStasio State/Municipal Utility Martin Huang for Mike Penstone Federal/Provincial Charles Acquard for Lawrence Nordell Small End-Use Electricity Customer Holly Rachel Smith for David Clark State Government

8 Minutes The MRC approved, on a motion by Bill Gallagher and seconded by Steve Naumann, the draft minutes of its April 9, 2014 conference call and the draft minutes of its February 5, 2014 meeting in Phoenix, Arizona (Exhibits D and E, respectively) subject to a minor correction. Recommended Slate of Stakeholder-based Members to the Reliability Issues Steering Committee (RISC) Mr. Clermont reported that a nominating committee consisting of himself, Gerry Cauley, Ken Peterson, and Bob Schaffeld had been formed to propose nominees for the RISC. The nominating committee received a number of candidates and looked for a balance among executive level expertise, experience with NERC, and regional, regulator, and sector diversity. Based on its review, the nominating committee recommended five at-large members (Daniel Froetscher, Ray Gorman, Scot Hathaway, Duane Highley, and Steve Whitley) and Nabil Hitti as an MRC representative. Bob Schaffeld, chair of the RISC, also noted that Terry Bilke is included as the Compliance and Certification Committee representative on the slate of candidates submitted to the Board for approval. The MRC endorsed, on a motion by John Twitty and seconded by Steve Naumann, the recommended slate of stakeholder-based members to serve on the RISC for two-year terms for election by the Board of Trustees. Request for MRC Members to Serve on the Board of Trustees Nominating Committee Mr. Anderson noted that three Board members terms are ending February 2015 (Ken Peterson, Jan Schori, and Bruce Scherr, with Bruce Scherr being term limited). The nominating committee, chaired by Janice Case, will present three nominees for election at the February 2015 MRC meeting. All Board members not up for re-election will serve on the nominating committee and five MRC members are asked to serve on the nominating committee. Several MRC members have already volunteered and Mr. Anderson asked that any additional members interested in serving notify himself or Mr. Clermont before the end of the day. Mr. Anderson noted that the nominating committee will have a face-to-face meeting in August in Vancouver, with interviews occurring earlier than past years. Ms. Case noted that the Board of Trustees will approve the nominating committee either on a scheduled conference call or an action without a meeting. Responses to the Board s Request for Policy Input Mr. Anderson acknowledged the MRC s responses to Fred Gorbet s April 9, 2014 letter requesting policy input on the Reliability Standard Audit Worksheet (RSAW) review and revision process, the riskbased registration initiative, and a potential alternative funding mechanism to support expanded cyber security information sharing and capabilities. The following comments on the policy input topics are not all inclusive, but provide the general tenor and scope of the discussion: Member Representatives Committee Meeting Minutes May 6,

9 Reliability Standard Audit Worksheet (RSAW) Review and Revision Process MRC members were supportive of the process and believed the redline changes sent to the MRC in advance of the meeting were very responsive to the policy input submitted. MRC members recognized that there may be more issues to address that were outside the scope of the working group, but believed the proposed process is a step in the right direction. While MRC members were supportive, some raised questions during the Compliance Committee meeting in the morning to be addressed in the final process. An MRC member asked for clarification on the reference to the SOTC chair considering whether the effective date of the proposed changes would increase compliance requirements retroactively. NERC staff clarified that the RSAW cannot increase or change compliance requirements and the language would be refined to consider whether the RSAW revision seeks to retroactively change how evidence of compliance with the requirements is provided. An MRC member asked how often NERC expects to post revisions under the proposed process. Gerry Cauley noted that any new standard will already have a fairly stable RSAW that was posted with the standard during balloting, and he does not expect frequent revisions. An MRC member questioned the need for the process to be included in the Standard Oversight and Technology Committee s mandate and whether a periodic review of the process would be necessary. Mr. Anderson noted that he expects the process to be an ongoing effort. Mr. Cauley stated that the process itself would not likely need to be included in the mandate, but that addition to the mandate adding the new duty for the SOTC would be appropriate. MRC members agreed that no formal approval was necessary. NERC management and the NERC Board of Trustees supported the process and committed to developing a final version based on comments received during the May meetings. Risk-Based Registration Initiative Mark Lauby, senior vice president and chief reliability officer at NERC, discussed the current challenges that face registration and the vision of the risk-based registration initiative to tailor requirements based on risk. The advisory group developed a whitepaper that identified types of threshold changes initially being discussed and formed various ad hoc groups for threshold determination. Mr. Lauby highlighted some of the comments received in response to the policy input letter, including general support from industry, the need for a simple approach, appreciation for eliminating functions not impacting reliability, the need to ensure that risk-based registration activities are not in conflict with the BES definition, and the need to consider aggregate impacts. Mr. Lauby noted that the advisory group anticipates posting the draft design for industry comment in May or June, with the goal to present a final design to the Board at its November meeting. Some MRC members suggested that changing the applicability section of standards may be a better way to address the registration issues, but some also acknowledged that it would likely be a longer-term solution since those changes would require going through the standards development process. Member Representatives Committee Meeting Minutes May 6,

10 Mr. Cauley noted the whitepaper is an early draft that includes a lot of ideas and there seems to be an opportunity based on fact, analysis, and historical experience to potentially eliminate a small number of registered functions. To eliminate a function(s), the expectation is to have demonstrated analysis showing that nothing would be lost by removing the function(s). He also noted that there seems to be some confusion about tiers but reminded MRC members that a tiered approach has been used before and approved by FERC as part of the GO/TO project. Some MRC members were concerned about the tiered approach discussed in the whitepaper, specifically because this initiative is occurring at the same time as the implementation of the BES definition, which includes its own set of requirements. The MRC members want to make sure that the sequencing of initiatives does not create uncertainty; rather, create greater clarity and ensure that the registry only includes those entities that have an impact on reliability. Potential Alternative Funding Mechanism to Support Expanded Cyber Security Information Sharing and Capabilities Mr. Cauley noted that in an effort to further increase the separation of the ES-ISAC from compliance and enforcement activities, NERC recently separated the CIP compliance audit group from the ES-ISAC and moved that group under compliance operations reporting to Jerry Hedrick. The ES-ISAC director now reports directly to the president and CEO. NERC is also introducing a code of conduct which further memorializes very specific procedures for staff to ensure that security information received through the ES-ISAC is not shared with compliance and enforcement. Another separation that NERC is considering is a physical separation within the DC office. This is not currently included in the budget, but Mr. Cauley requested that industry provide feedback on the value of that separation. Steve Naumann provided an overview of CRISP, a tool developed by the US government national labs, and its deployment to industry was discussed at the ESCC. It is a public-private partnership to share cyber threat information in a timely manner where users that have an information sharing device will collect data that is sent to the CRISP analysis center to analyze the data and send alerts and mitigation measures to those entities that have a node in place. The CRISP system also includes the Cyber Federated Model (CFM) which is the exchange of the near real-time information. He noted that there are two companies that have the CRISP hardware/software in service, and three more are in negotiations. The proposal from the ESCC is to have 22 or 23 participants by the end of the year across different sectors. Essentially, the ES-ISAC would take information from those that have CRISP and use that information to benefit the electric industry. Mr. Cauley stated that he believed the CRISP program would be very valuable for industry and for the ES-ISAC. He noted that by installing a node, NERC would be able to take patterns of what is being seen and share it more broadly with industry. He stated that if there is a critical mass of CRISP users in the industry, it may be important for NERC to install a node and be active in this program. This would cost approximately $200-$300k for basic NERC participation and could likely be funded from reserves. There would also be an opportunity for additional NERC staff to assist with analysis which would require additional expenditures of approximately $600-$850k per year. Mr. Cauley asked whether the Member Representatives Committee Meeting Minutes May 6,

11 program should be funded through general assessment funds or through an additional fee from CRISP users. Several MRC members were supportive of NERC installing a node and believe it is critical for the ES-ISAC to be involved with the CRISP program. MRC members asked whether entities that did not volunteer funding would benefit from the program and wanted to ensure that the whole industry would benefit from NERC having a node. Mr. Cauley explained that if NERC had a node, NERC would be able to provide information more broadly to industry. In addition to the suggested physical separation of the ES-ISAC, an MRC member encouraged NERC and industry to consider whether there are other forms of separation that might be logicial. An MRC member asked what type of product would be sent to industry if NERC and the ES-ISAC get a node. Mr. Cauley noted that it could be some type of electronic post or alert. Mr. Naumann also stated that it could be as simple as a list of ISPs. An MRC member noted that at some point, NERC should think about how Canadian entities would be able to receive the data and how that could be managed. Additional Policy Discussion from Board Committee Meetings Attendees shared comments in response to the discussions from the Board committee meetings: Compliance Committee Regarding the Reliability Assurance Initiative (RAI), an MRC member acknowledged the timely distribution of the audit manual in April, but requested more frequent outreach and more communication to industry regarding the status and timing of future RAI deliverables. Standards Oversight and Technology Committee An MRC member emphasized the importance of timely distribution of materials to industry with respect to the CIP Version 5 transition. For the stage 2 geomagnetic disturbance mitigation standard, an MRC member asked if the work being done on the stage 2 standard is contemplating that some of the operating procedures entities have in place today will be part of the mitigating actions that would be accepted to meet the stage 2 standard requirements. Mark Lauby explained that the stage 2 standard will not be prescriptive as to what solutions make the most sense for any organization and entities will have to look at the different types of technologies and approaches that make sense Business Plan and Budget Michael Walker, senior vice president and chief and financial and administrative officer at NERC, noted that the strategic plan was updated to try to improve the focus, reduce the number of goals, and improve the metrics. The strategic plan, goals, and metrics drive the resource allocation and Member Representatives Committee Meeting Minutes May 6,

12 planning among NERC and the Regional Entities. Gerry Cauley provided an update on the 2014 metrics, noting that NERC revised some of the metrics based on feedback received at the February meeting. He also noted that NERC has developed an accountability matrix which captures stakeholder comments and how they were addressed. The accountability matrix was included in the Board agenda package. Mr. Walker then highlighted a number of priorities by department within NERC that are included in the business plan and budget: risk-based registration initiative; reliability standards initiatives; compliance and enforcement initiatives; reliability assessment and performance analysis initiatives; critical infrastructure protection initiatives; ES-ISAC initiatives; training; enterprise applications; and corporate services. He provided details on NERC budget projections, noting that NERC is becoming more mature as the Electric Reliability Organization and the budget is starting to stabilize in terms of overall operating expenses. He also noted that assessment projections are under development. Mr. Walker reminded attendees that a consolidated budget with assessments will be posted on May 16, 2014 for 45-day comment period. MRC members commended NERC on its transparency throughout the development of the 2015 business plan and budget. One MRC member asked how the Reliability Assurance Initiative (RAI) would affect the budget. Mr. Walker noted that there are some additional resource demands, but NERC does not see a need to increase resources across the board to implement RAI. A Board member encouraged industry to provide its view on the importance of the physical separation of the ES-ISAC and installing a node for the ES-ISAC when submitting comments on the 2015 business plan and budget. Understanding the industry s view on these items will be important when determining whether to include associated costs in the budget. Some MRC members expressed their support for including a line item in the budget for these items Long-Term Reliability Assessment: Development Plan and MRC Input Tom Burgess, vice president and director of reliability assessment and performance analysis at NERC, introduced this item stating that the long-term reliability assessment (LTRA) is one of NERC s key deliverables, and NERC has started the process of developing the assessment and collecting data. He noted that NERC will be asking the MRC for better insight on emerging issues and where NERC should focus its attention. John Moura, director of reliability assessment at NERC, discussed the need for more proactive thinking about whether the right framework for reliability assessment is being used and discussed proposed key issues for the 2014 LTRA. Mr. Moura explained that to develop the LTRA, NERC begins with the LTRA from the previous year and takes information that has passed through committees to put together a complete set of issues. To gather input from MRC members earlier in the development process, he noted that NERC would send out a survey after the meeting and urged MRC members to provide comments on how NERC and its committees should consider the emerging issues from a policy perspective. The survey will close on May 30, 2014, and NERC will begin developing the LTRA in June. Member Representatives Committee Meeting Minutes May 6,

13 Bob Schaffeld, on behalf of the RISC, encouraged MRC members to participate in the survey. He noted that the information is used in RISC prioritization efforts, and the RISC is looking for what emerging risks industry may be faced with in the future. Essential Reliability Services Whitepaper Mr. Burgess reported that NERC began an initiative and developed a whitepaper on essential reliability services. NERC established a task force (the ERSTF) of about 30 members led by Ken McIntyre. Throughout the rest of the year, various deliverables will be developed, including a framework and technical reference document. Mr. Moura stated that the formulation of the whitepaper resulted from a recommendation from the 2013 LTRA and the California ISO report. He noted that the objectives of this initiative, through the ERSTF, are to determine what are considered to be essential reliability services and how they impact reliability, how a resource mix change affects them, and what happens when you don t have them. There are six essential reliability services outlined in the whitepaper: 1) operating reserve; 2) frequency response; 3) ramping capability; 4) active power control; 5) reactive power and voltage control; and 6) disturbance ride-through tolerance. Mr. Moura noted that a framework will be developed by the task force and is expected to be completed in the last quarter of A final assessment, which will use the framework, is expected to be completed in Dave Goulding suggested that the task force take another look at dynamic stability as a key essential reliability service. An MRC member asked for clarification on the final assessment. Mr. Moura explained that there are three parts: 1) the primer, which lays out what each of the essential reliability services are; 2) setting the framework to determine how to assess the essential reliability services, what data is needed, and what metrics will be used; and 3) actually doing the assessment by collecting the data and using the framework. An MRC member asked if part of the assessment will include interconnection-wide studies. Mr. Cauley noted that he would expect there to be a real study interconnection-wide and regional about the observed impacts. MRC members identified fuel assurance, gas delivery, and gas and electric coordination as issues to be looked into further. Mr. Cauley stated that this is an important initiative for NERC and the industry, and he hopes the task force can press forward in a timely fashion. An MRC member asked about looking at costs of the alternatives. Mr. Cauley noted that the charter is to identify the risks, make people aware of them, and educate policymakers. The charter does not necessarily include cost. Five-Year Performance Assessment Willie Phillips, assistant general counsel at NERC, reminded attendees that FERC requires NERC to provide periodic performance assessments of the ERO. NERC is working on the first five-year Member Representatives Committee Meeting Minutes May 6,

14 assessment due for filing on July 21, On March 3, 2014, NERC posted the first draft of the fiveyear assessment and the comments received during that posting were focused on enforcement and compliance, and the impact major initiatives have had on the ERO. Mr. Phillips noted that the next steps are to incorporate edits based on comments received into another draft of the assessment, which will also include a region-by-region assessment of the functions that NERC delgates to the Regions. NERC plans to finalize the ERO performance assessment by the end of May and post a revised draft of in June. NERC is on track to file the final five-year performance assessment with FERC by the July 21, 2014 deadline. Charles Berardesco, senior vice president and general counsel at NERC, noted that NERC recently received comments from the CEA outside of the commenting process and ensured those comments will be reflected in the next draft. NERC is committed to responding to all comments received. An MRC member asked about a prior stakeholder survey tied to performance and how the feedback was incorporated. Mr. Phillips stated that the assessment will address the comments from the survey. Regulatory Update Mr. Berardesco invited questions or comments regarding the regulatory report, which highlights Canadian affairs, as well as past and future significant FERC filings. Future Meetings The following are future dates for the MRC Pre-Meeting and Informational Sessions: July 16, 2014 October 15, 2014 The following are future NERC Board and MRC meeting dates and locations: August 13-14, 2014 Vancouver, Canada November 12-13, 2014 Atlanta, GA February 11-12, 2015 San Diego, CA May 6-7, 2015 Washington, DC August 12-13, 2015 Toronto, Canada November 4-5, 2015 Atlanta, GA Member Representatives Committee Meeting Minutes May 6,

15 Adjournment There being no further business, the meeting terminated at 4:40 p.m., Eastern. Submitted by, Kristin Iwanechko Secretary Member Representatives Committee Meeting Minutes May 6,

16 Agenda Item 2 MRC Meeting August 13, 2014 Future Meetings Action Information Summary The following are the future meeting dates for 2014 and The dates for the 2014 Pre- Meeting and Informational Sessions conducted via conference call and webinar are also included below Dates October 15 November Dates February May 6-7 August November 4-5 Pre-Meeting and Informational Session Atlanta, GA San Diego, CA Washington, DC Toronto, Canada Atlanta, GA

17 Update from Board of Trustees Nominating Committee Agenda Item 3a MRC Meeting August 13, 2014 Action Information Background On May 6, 2014, Chair John Anderson invited MRC members to volunteer to serve on the Board of Trustees Nominating Committee (BOTNC). In response to this solicitation, several members of the MRC expressed interest in serving with the MRC chair and vice chair on the BOTNC, and the following MRC members were named by the Board of Trustees to the BOTNC: 1. John Anderson MRC Chair 2. Sylvain Clermont MRC Vice Chair 3. Nick Brown ISO/RTO 4. Bill Gallagher Transmission Dependent Utility 5. Steve Naumann Investor-Owned Utility The BOTNC chair, Janice Case, will provide a status report on the planned activities and schedule for the BOTNC.

18 Schedule for MRC Officer and Sector Elections Agenda Item 3b MRC Meeting August 13, 2014 Action Information Background Chair John Anderson will announce the upcoming nomination and election cycle for the Member Representatives Committee (MRC) officers and those members whose terms expire in February The tentative schedule is shown below. MRC Officer Elections Tuesday, September 9 nomination period opens Thursday, October 9 nomination period closes Wednesday, November 12 election of officers for following year by current MRC members MRC Member Nominations and Elections Friday, September 12 nomination period opens Wednesday, November 12 nomination period closes Tuesday, December 2 election begins Friday, December 12 election ends Reference Links Membership of MRC for NERC Bylaws

19 Responses to the Board s Request for Policy Input Agenda Item 4 MRC Meeting August 13, 2014 Action Discussion. NERC staff will present additional information on the policy input items at the Board Committee meetings (Reliability Assurance Initiative and Cybersecurity Risk Information Sharing Program) and at the MRC meeting (Risk-Based Registration Initiative and CIP Version 5 Transition) on August 13, Background The policy input letter is issued by the Chair of the NERC Board of Trustees (Board) four weeks in advance of the quarterly meetings and includes relevant materials necessary to inform discussion. Written input from the MRC and stakeholders is due one week before the meetings and is then revisited during a dedicated discussion time on the MRC s agenda, in the presence of the Board. Status On August 13, 2014, the MRC can expect to participate in further discussion of the responses received to the policy input request that was distributed on July 16, 2014 and of the presentations given on the policy input items at the Board Committee meetings and MRC meeting on August 13, The four items included in the policy input letter were presented at the MRC Pre-Meeting and Informational Session webinar on July 16, Background information on each of the policy input items are included in the agenda package for the webinar. Deadline for submitting policy input responses is August 6, 2014 and should be sent to Kristin.Iwanechko@nerc.net Enclosed Attachments 1. Background Document for CIP Version 5 Transition 2. Background Document for Risk-Based Registration Initiative 3. July 16, 2014 Board s Letter Requesting Policy Input

20 Agenda Item 4 Attachment 1 MRC Meeting August 13, 2014 Critical Infrastructure Protection (CIP) Version 5 Transition Action The information below was presented at the MRC Informational Session on July 16, A status update will be presented at the MRC meeting on August 13, Background Since October 2013, NERC has been actively collaborating with Regional Entities and industry to support transition from version 3 of the Critical Infrastructure Reliability Standards (CIP Version 3) to implementing the version 5 of the Critical Infrastructure Reliability Standards (CIP Version 5) in a manner that is timely, effective, and efficient. NERC established a transition program with the following goals and key elements: Periodic Guidance. To keep industry informed of various implementation and transition matters throughout the transition period. Implementation Study. To work closely with a small number of Responsible Entities to implement aspects of CIP Version 5 in an accelerated timeframe, and share lessons learned. Compliance and Enforcement. To further develop approaches that demonstrate compliance consistent with the Reliability Assurance Initiative (RAI) 1. Outreach and Communications. To keep all stakeholders informed of developments related to the implementation of CIP Version 5 and invite input throughout the transition period. Training. To provide timely training to Regional Entities and industry on CIP Version 5 implementation. As part of NERC s CIP Version 5 transition program, NERC staff posted a draft updated Cyber Security Standards Transition Guidance (Transition Guidance) document for industry and Regional Entities to review through June 25, The primary objective of the Transition Guidance is to address questions related to compliance preparation activities for industry and Regional Entities as they transition from Version 3 to Version 5. A Transition Guidance presentation was also provided to the Critical Infrastructure Protection Committee in June The documents are available on the transition program website 2 and will be updated based on stakeholder input as the transition program continues. The Implementation Study, another component of the transition program, is particularly important. The field work ended on June 26, 2014, providing an opportunity for NERC, Regional 1 Ref. NERC website 2

21 Entities, and certain Responsible Entities to experience what is required to implement the CIP Version 5 standards in operational environments. NERC, with input from Regional Entities and stakeholder participants, will be drafting an Implementation Study report to summarize lessons learned, 3 highlight certain implementation processes, and discuss CIP Version 5 resource impacts. NERC anticipates completion of that report in the third quarter of NERC and the Regions, with stakeholder input, also developed Reliability Standard Audit Worksheets (RSAWs), which cover the approved CIP Version 5 standards and the proposed modifications to those standards developed as part of the CIP Version 5 revisions project. The RSAWs were posted concurrently with the CIP Version 5 revisions for comment through July 16, In response to feedback on the RSAWs and Transition Guidance, NERC is developing auditor training to ensure that all Regional Entity CIP auditors have been trained on the CIP Version 5 standards (and revisions) and the RSAWs use. In addition, NERC produced an RAIbased Frequently Asked Questions 4 document to assist industry in understanding how RAI integrates with the concepts of CIP Version 5. Next Steps in Managing Transition to CIP Version 5 With the field work of the Implementation Study complete, along with closure of the comment period on the Transition Guidance, NERC, the Regional Entities, and industry have an opportunity to assess understanding of transition expectations and opportunities for increased engagement in specific areas. NERC is committed to a ensuring smooth transition to CIP Version 5, but it also understands that there is more work needed to increase confidence amongst entities that their transition activities and efforts will meet future compliance and enforcement expectations. NERC is initiating a collaborative effort involving NERC staff, Regional Entity staff, Implementation Study participants, and other stakeholders to coordinate monthly through the transition period to identify and address pressing industry questions about CIP Version 5. Input from these activities will result in coordinated guidance for the transition, which may include development of supporting documents approved under section 11 of the Standard Processes Manual. Among the priorities for this group will be identification of any obstacles and challenges to increasing transitioning entities confidence, along with partnering with the Regions and stakeholders through continued communication and engagement. There will also be a number of training and outreach sessions planned for industry and Regional Entity staff, which will include industry readiness reviews by regional staff, webinars and other opportunities to discuss technical questions. As these are developed, they will be announced and posted on the NERC calendar. Extensive auditor training is being prepared, with initial sessions occurring in September Additionally, as RAI concepts are finalized, NERC will ensure continued outreach and education to support continued alignment between industry and NERC s CIP compliance monitoring approaches

22 Additional Information A link to the CIP V5 Transition Program and files is included here for reference: [

23 Agenda Item 4 Attachment 2 MRC Meeting August 13, 2014 Risk-Based Registration Initiative Action The information below was presented at the MRC Informational Session on July 16, A status update will be presented at the MRC meeting on August 13, Background NERC launched the Risk-Based Registration (RBR) initiative in The ultimate end-state vision for the registration program is to ensure the right entities are subject to the right set of applicable Reliability Standards, using a consistent approach to risk assessment and registration across the ERO Enterprise. The RBR Advisory Group (RBRAG), comprised of representatives from NERC staff, Regional Entity staff, and Federal Energy Regulatory Commission staff, along with U.S. and Canadian industry representatives, has continued to provide valuable input and advice on the RBR design and implementation plan. The RBRAG technical task force also has made significant contributions to date and is continuing to work on technical support for the proposed design framework. Status Update On June 2, 2014, a draft design and implementation plan, draft NERC Rules of Procedure (ROP) Appendix 5B, and specific questions focused on key areas of the draft design were posted for public comment. NERC conducted an industry webinar on June 6, 2014 to provide an overview of the general project and answer general questions. Several hundred people attended the industry webinar. In addition, approximately fifty sets of comments were submitted by industry stakeholders. The RBRAG will post revised documents that take into account the comments received to date, as part of the MRC policy input package. The draft documents will be discussed at the MRC meeting in August. The draft design incorporates an evaluation of the risks and benefits provided by a given entity to ensure reliability, and identifies a corresponding properly tailored set of NERC Reliability Standard requirements for certain functional categories. The draft design also includes an implementation plan supporting a 2016 or sooner launch, along with business practice and IT requirements, with the possibility of early adoption options. These options result in addressing industry burden, while preserving reliability of the Bulk Power System. The second stage will address any remaining non-design issues or issues requiring a longer lead-time. Existing flexibility in the application of threshold criteria, the Functional Model categories, and scaled sets of applicable Reliability Standards provide opportunities for accelerated reform within the existing ROP. However, possible modifications to the ROP are being assessed and will be pursued as necessary. The final versions of registration criteria, implementation plan, and any necessary ROP changes will be presented to the MRC and Board of Trustees in November with an anticipated filing date at the end of that month.

24 Fred W. Gorbet, Chair Board of Trustees July 16, 2014 Mr. John A. Anderson, Chair NERC Member Representatives Committee c/o Electricity Consumers Resource Council th Street, NW Suite 700 Washington, DC Re: August 2014 Policy Input to NERC Board of Trustees Dear John: I would like to invite the Member Representatives Committee (MRC) to provide policy input on four issues of particular interest to the Board of Trustees (Board) as it prepares for the meetings on August 13-14, 2014, in Vancouver, BC. Enclosed with this request is additional background information to help MRC members solicit inputs from their respective sectors. The four issues are: Item 1: Reliability Assurance Initiative (RAI) The goal of RAI is to fully implement a risk-based compliance monitoring and enforcement program. Partnering with industry, the ERO Enterprise executed a series of pilots to test and implement activities and approaches to support risk-based methods and evaluated the results of the pilots. Since the completion of the pilots, activities continue to document the processes and procedures as well as expand the use of select tools and techniques to additional Registered Entities. The ERO Enterprise is currently finalizing the documentation to complete a single design for the four modules outlined in the Compliance Oversight Framework (Framework): risk elements, inherent risk assessment (IRA), internal controls evaluation, and compliance monitoring and enforcement tools. Following the Board meeting in May, the ERO Enterprise worked on developing the IRA Guide (see Attachment A). The IRA Guide describes the process used to assess inherent risk of Registered Entities by the Regions and serves as a guide for implementing and performing an IRA. The MRC is encouraged to provide feedback on the draft IRA Guide. Specifically, the Board requests input on the following questions: 1. Do you agree with the process design of the draft IRA Guide to appropriately scope oversight? Are there areas for enhancement in the draft IRA Guide that would address specific concerns (please provide examples)? 3353 Peachtree Road NE Suite 600, North Tower Atlanta, GA

25 2. What additional information or examples would help demonstrate the processes outlined in the draft IRA Guide? 3. What types of training and information on the draft IRA Guide would be beneficial to support clear communication and expectations between the CEA and registered entity for gathering and assessing data pertinent to risk? 4. Are there any other considerations not identified in the draft IRA Guide that you believe need to be addressed? Item 2: Risk-Based Registration Initiative The July 16, 2014 MRC Informational Session agenda materials included an update on the Risk-Based Registration (RBR) Initiative launched in 2014 (see Agenda Item 4b), focused on reviewing the current registration criteria and practices to ensure the right entities are subject to the right set of applicable Reliability Standards, using a consistent and common approach to risk assessment and registration across the ERO Enterprise. NERC established a RBR Advisory Group (RBRAG) to provide input and advice for the RBR design and implementation plan. The RBRAG is comprised of representatives from NERC staff, Regional Entity staff, and Federal Energy Regulatory Commission staff, along with U.S. and Canadian industry representatives. An RBRAG technical task force has also been formed to provide technical support. In June 2014, NERC posted drafts of the RBR design and implementation plan, NERC Rules of Procedure (ROP) Appendix 5B, and specific questions focused on key areas of the draft design for public comment. Approximately fifty sets of comments were received. These comments have been reviewed with the RBRAG technical task force and considered in the revisions of the draft design, implementation plan, and ROP Appendix 5B, which are included in this MRC policy input package. The MRC is encouraged to provide feedback on these draft documents (see Attachments B and C), addressing the following questions: 1. Are there any additional issues that should be considered when completing the technical assessments needed to measure the potential risks to Bulk Electric System reliability from the proposed reforms? 2. Do you agree with the proposed design of the RBR program? Are there areas for enhancement that would address specific concerns? 3. Do the implementation plan and ROP revisions provide a clear and concise plan toward implementation of the proposed design? 4. Are there additional venues or mechanisms that NERC should consider to communicate the details of the proposed design and implementation plan?

26 5. Are there any other considerations not identified in the draft design framework that you believe need to be addressed in this initiative? The RBR design, implementation plan, and ROP enhancements, which are part of the Phase 1 RBR effort, will be included in the MRC agenda for discussion at the August 2014 meeting. With the additional contributions provided by this policy input and discussions at the next MRC meeting, the refined version of these documents will subsequently be posted for an additional 45-day period for industry comment. The final drafts will be brought to the Board at its November 2014 meeting for approval. Separate efforts regarding sub-set lists of applicable Reliability Standards for Transmission Owners/Transmission Operators and Generator Owners/Generator Operators will be addressed in Phase 2. Functional registration categories that are not changing as part of Phase 1 of RBR also will be re-evaluated. Further information on Phase 2 will be provided at the November 2014 Board meeting. Item 3: Critical Infrastructure Protection (CIP) Version 5 Transition The July 16, 2014 MRC Informational Session agenda materials included an update on the CIP Version 5 transition (see Agenda Item 4c). In the context of CIP Version 5 transition activities, the Board would appreciate feedback from the MRC on issues or concerns regarding the transition to CIP Version 5. NERC, the Regional Entities, and the industry share a common vision of a smooth transition to CIP Version 5 in a manner that does not result in an unexpected, large volume of possible violations. NERC is currently assessing input from the Implementation Study and industry comments to the draft guidance documents. Further, a working group made up of NERC staff, Regional Entities, study participants, and other stakeholders has been created and will meet monthly to address emerging questions and issues regarding the transition to CIP Version 5. The background document included in the MRC Informational Session agenda identifies the ongoing activities that have been completed to date and provides an overview of proposed next steps in managing the transition, which may include development of supporting documents approved under section 11 of the Standard Processes Manual. Specifically, the Board seeks input from the MRC on steps that NERC and the Regional Entities can take to enhance the effectiveness of their transition guidance and coordination efforts to provide stakeholders increased confidence that their CIP Version 5 transition efforts and activities are meeting implementation expectations. Similarly, please provide input on what activities and resources you view as most useful to achieving confidence in entities transition efforts. Item 4: Cybersecurity Risk Information Sharing Program (CRISP) The July 16, 2014 MRC Informational Session agenda materials included an update on CRISP (see Agenda Item 4d), a voluntary program to facilitate the exchange of cybersecurity information between electric utilities and the Electricity Sector-Information Sharing and Analysis Center (ES-ISAC) to enable electric power critical infrastructure operators to better protect their networks from sophisticated cyber threats.

27 The Board seeks input from the MRC regarding the following: 1. Should NERC take on the risks and challenges associated with serving as the program lead for CRISP, as described in the MRC Informational Session background materials, and do you have any specific comments regarding the structure of the program? 2. On July 15, 2014, NERC posted the final draft of its 2015 business plan and budget and included detailed information regarding a proposed initial funding mechanism for NERC s participation in the CRISP program. Do you have any specific comments regarding the proposed initial funding mechanism? As a reminder, the full agenda packages for the Board, Board committees and MRC meetings will be available on July 30, I encourage the MRC to review the agenda materials for the August meetings, once available, and offer any additional input that is meaningful and timely to industry and stakeholders. Written comments should be sent to Kristin Iwanechko, MRC Secretary (Kristin.Iwanechko@nerc.net) by August 6, 2014 for the Board to review in advance of the meetings scheduled for Vancouver. Sincerely, Fred W. Gorbet, Chair NERC Board of Trustees cc: NERC Board of Trustees Member Representatives Committee

28 Attachment A Risk Elements and Inherent Risk Assessment Overview Summary The RAI Oversight Plan Framework (Framework) consists of four modules as shown in the diagram below: Risk Elements; Inherent Risk Assessment; Internal Control Evaluation; and CMEP Tools. RAI Oversight Plan Framework RE Functions Characteristics - ERO / Regional Events RISC Risk Elements Applicable Standards Input I R A Scope Input I C E Controls Not Evaluated Scope CMEP Tools Compliance Oversight Plan Inherent Risk Assessment Internal Controls Evaluation Oversight Scoping The Inherent Risk Assessment (IRA) module, the second module of the Framework, defines the approach for assessing a Registered Entity s risks in order to appropriately determine the scope for a chosen oversight method. The IRA is dependent upon the outputs of the Risk Elements module (currently under development and expected in August 2014). The attached draft IRA Guide documents lessons learned through the compliance pilots and how to implement risk assessment methodologies across the ERO Enterprise during the second half of The Risk Elements module will be used by the ERO, on an ongoing basis, to identify risks to the Bulk Electric System (BES) and evaluate where those risks correspond to registered functions and tasks, identifying those standards and requirements that address those risks. The Regional Entity will then conduct a more focused assessment on the Registered Entity s specific risk factors to more clearly understand how a Registered Entity s operations are exposed to those risks. The Risk Elements module provides the following inputs to the IRA model: 1. Specifically identified risks to the reliability of the BES ranked by considering significance, likelihood, vulnerability, and potential impact to the reliability of the BES; 2. Preliminary list of NERC Reliability Standards and requirements mapped to the reliability risks; and 3. Preliminary list of Registered Entities subject to the IRA process.

29 These inputs, and how they tie in to the IRA, are shown in the diagram below. Identify and Assess Inherent Risk to the BES Weight risks to functional tasks by impact, likelihood, & frequency. Link Reliability Standards and requirements to functional tasks Risk Elements BES Inherent Risk Map Risks to functions and rate Registered Functions & Tasks I R A Risk Sources Reliability Standards & Requirements

30 ERO Inherent Risk Assessment Guide Effective: TBD NERC IRA Guide July of Peachtree Road NE Suite 600, North Tower Atlanta, GA

31 Table of Contents 1.0 Introduction IRA Module IRA Role Within the Overall Risk-based Compliance Oversight Framework...4 Figure 1. Risk-based Compliance Oversight Framework Major inputs into the IRA module Inputs from the Risk Elements module Understanding the Registered Entity Objectives of IRA module IRA Module Overview Information Gathering Information Gathering Process Key Outputs Timing Decision Making Decision Making Process Key Outputs Timing IRA Outcomes IRA Outcomes Process Key Outputs Timing Revision of the Inherent Risk Assessment Documentation Results Documentation Documentation Retention Possible Tools, Templates, and Other Needs References Appendix A Definitions Appendix B Information Attribute List Appendix C Risk Factor Examples NERC IRA Guide July of 22

32 1.0 Introduction This Inherent Risk Assessment (IRA) Guide ( Guide ) describes the process used to assess inherent risk of registered entities by the Compliance Enforcement Authorities (CEAs) and serves as a standard for North American Electric Reliability Corporation (NERC) and the eight Regional Entities (REs) for implementing and performing an IRA process for the purpose of achieving its intended result. CEAs 1 perform an IRA of registered entities to identify areas of focus and the level of effort needed to monitor compliance with NERC Reliability Standards. The IRA is a review of potential risks posed by an individual registered entity to the reliability of the bulk power system (BPS). An assessment of BPS reliability impact due to inherent risk requires identification and aggregation of individual risk factors related to each registered entity, and the consideration of the significance of BPS reliability impact for identified risks. An IRA considers risk factors such as assets, systems, geography, interconnectivity, prior compliance history, and overall unique entity composition when determining the Compliance Oversight Plan for a registered entity. The IRA will be performed on a periodic basis. The frequency of the IRA may depend based on occurrence of significant changes or emergence of new reliability risks. Appendix A contains definitions of terms used within the IRA Guide. Revision History Date Version Number Comments 1 NERC ROP, Section 401 (Scope of the NERC Compliance Monitoring and Enforcement Program): CEAs, which consist of NERC and the eight REs, carry out Compliance Monitoring and Enforcement Program (CMEP) activities in accordance with the NERC ROP and Appendix 4C CMEP, the respective Regional Delegation Agreements between NERC and each RE, and other agreements with the Canadian and Mexican regulatory authorities NERC IRA Guide July of 22

33 2.0 IRA Module 2.1 IRA Role Within the Overall Risk-based Compliance Oversight Framework The IRA module is the second module within the Risk-based Compliance Oversight Framework and serves as an important part of the risk-based Compliance Oversight Framework. The IRA considers outputs from the Risk Elements module (see section for more details) Outputs from the IRA module are key input sources to the Internal Controls Evaluation (ICE) module, the Compliance Monitoring and Enforcement Program (CMEP) Tools module, and the overall Compliance Oversight Plan. Figure 1 below Illustrates the placement of the IRA module within the risk-based Compliance Oversight Framework. IRA Figure 1. Risk-based Compliance Oversight Framework Where the Risk Elements module provides a process for identifying and prioritizing risks the IRA module enables the CEAs in determining areas of focus for compliance oversight of a registered entity. Based on the risks formulated within the Risk Elements module, the IRA module is used to assist with the identification of Reliability Standards and Requirements that should be monitored. 2.2 Major inputs into the IRA module Inputs from the Risk Elements module The Risk Elements module outputs represent risks to the reliability of the BPS, as known by both NERC and the REs, which would be subject to the IRA process. The Risk Elements module should provide the following inputs into the IRA module: NERC IRA Guide July of 22

34 2.0 IRA Module Specifically identified risks to the reliability of the BPS ranked by considering significance, likelihood, vulnerability, and potential impact to the reliability of the BPS Preliminary list of NERC Standards and Requirements mapped to the reliability risks Preliminary list of registered entities subject to the IRA process Refer to the Risk Elements module for further details. Note: This Risk Elements phase is open to be completed Understanding the Registered Entity Understanding a registered entity is an essential aspect of the IRA and an overall risk-based Compliance Oversight Framework. CEA should conduct activities to gain an understanding of the registered entity and its operations (e.g. geographical foot print, prior compliance history/performance, types of BPS assets, recent asset acquisitions/changes, etc.). Some activities for understanding the registered entity and its operational environment may include: Gathering and maintaining registered entity specific information and data (e.g., historical registered entity information on file with CEA Entity databases). Proactively identifying risk trends and prevalent practices at the registered entity. Establishing qualitative and quantitative risk factors for evaluating whether areas and levels of oversight focus is appropriate. Considering the applicability and significance of standards / requirements that may apply to an entity based on the assets they own or operate. Identifying areas where special consideration may be necessary. Some examples include (1) changes to the entity s asset composition, (2) unique power system configuration or unique organizational structure, or (3) significant system events. Understanding a registered entity s attitude towards compliance with Reliability Standards. The attitude or compliance culture encompasses the organization, resources applied, objectives, and methods used by an organization to manage compliance. Characteristics of a strong risk and compliance culture include shared purpose and the dissemination of the purpose into commonality of purpose, values and honest communications throughout the registered entity. A registered entity s internal compliance plan may be used as one of the indicators of how an organization incorporates risk concerns in its compliance management policies and practices. 2.3 Objectives of IRA module The objective of the IRA module is to provide guidance to CEA on specific Reliability Standards and Requirements of focus for a registered entity. The IRA module includes the following phases: 1. Information Gathering 2. Decision Making 3. IRA Outcomes This Guide provides a framework for performing each phase of the IRA, identifying expected outcomes, and estimates timing and level of effort for each phase. NERC IRA Guide July of 22

35 3.0 IRA Module Overview The CEA should use the outputs from the Risk Elements module, identified risk factors, and its understanding of the registered entity and its operational environment (see section for further details) to identify information required for the IRA. In doing so, the CEA should gather and review information for appropriateness (relevance) and sufficiency (completeness and accuracy) to afford a reasonable basis for a conclusion. During this process, the CEA should leverage knowledgeable parties, both internal and external, to provide input as necessary. Professional judgment should be applied during the process and documented to support the conclusions reached. The IRA output should be used as a key input when developing the Compliance Oversight Plan for a registered entity. Figure 2 below illustrates the three IRA phases and steps within each phase. Information Gathering Decision Making IRA Outcomes Determine Information Needs to Perform IRA Risk Factor and Standards and Requirements Applicability Review Results Documentation Inventory On-hand Information Develop Targeted Information Request List and Collect Information Risk Factor Analysis Review of IRA Conclusions Draft Compliance Oversight Plan for Registered Entity Figure 2. IRA Module Flow Chart 3.1 Information Gathering Guidance is provided for the following elements of this phase: 1. Procedures the CEAs should follow to identify, collect and analyze information 2. Outcomes of the Information Gathering phase 3. Estimated timing and levels of effort required for Information Gathering Key Questions in Information Gathering Phase What are the preliminary Standards and Requirements of interest? What are the top risks identified in Risk Elements? What risk factors are in scope? What information do we need? Where do we get information from? Is the information appropriate and sufficient? NERC IRA Guide July of 22

36 3.0 IRA Module Overview Gathering appropriate and sufficient information is important to assess a registered entity s inherent risk to the reliability of the BPS. The CEAs should tailor information requests based on the following: Understanding of the entity (see Section for further details) Outputs from the Risk Element module (i.e., known risks to the reliability of the BPS, general risk rankings, and associated Reliability Standards and Requirements applicable to the entity s registered functions) Risk factors, as referenced in Appendix C, and associated Standards and Requirements (preliminary list) The CEAs should exercise professional judgment when identifying the most reliable sources that will provide the required information to perform an IRA. Professional judgment requires the proper skill set and experience to conduct the IRA. CEA staff should use existing information to conduct the IRA, rather than creating new data requests to the registered entity. Any additional data requests should be germane to the IRA Information Gathering Process Key Inputs (Sources): Prioritized list of risks (Risk Elements Module) Preliminary list of applicable Standards and Requirements (Risk Elements Module) Understanding of the registered entity and its operations (Understanding the Registered Entity section herein) Information Attributes Lists and their common sources (Appendix B) Determine information needs to perform IRA The CEAs should inventory registered entity information available at the both NERC and the Regional levels to identify (1) the current information on file, (2) any information requiring revision, and (3) any incomplete information. The following steps may assist the CEAs in identifying the information already available, while highlighting additional information that may be required to complete the information lists for IRA decision making: 1. Review outputs from the Risk Elements module for applicability to the entity (i.e., Do certain known risks to the reliability of the BPS, based on functional registration, apply to the entity and drive the need for further information?) (See Section herein for further details on Risk Elements outputs). 2. Leverage the CEA s existing understanding of the entity which may include inventorying and aggregating information already held by the ERO (e.g., information from prior audits, compliance history information, and Transmission Availability Data System (TADS) information, etc.). Reconcile the information on hand with the information attributes list in Appendix B to identify potential information gaps and data verification needs (See Section herein for detail on understanding the entity). The information attributes list in Appendix B contains primary and secondary information that is to be considered during the IRA process. 3. Reconcile and update, as necessary, risks factors to Standards and Requirements, and information on hand to identify further data needs for decision making in Section 3.2. The risk factors applied to the entity can be used to identify further information requests. Refer to Appendix C for examples of risk factors and risk factor criteria Develop Targeted Information Request List After completing an inventory of the information that is readily available and identifying the additional information needs, the CEA should develop targeted information requests. The information attributes list should NERC IRA Guide July of 22

37 3.0 IRA Module Overview be used as a resource when developing the information request. Refer to Appendix B for further instructions on information gathering and information attributes used during the Information Gathering phase. The CEA should minimize its request for IRA information from registered entities when the same information is available within the ERO or through other reliable sources. The CEA should confirm information collected is both appropriate and sufficient, noting that appropriateness is a measure of the quality of information that encompasses its relevance, validity, and reliability whereas sufficiency is a measure of the quantity of information that is necessary to draw conclusions. For example, to verify information appropriateness, CEA may confirm the accuracy and reliability of facility data with other independent sources such as maps, prior data requests, reliability assessments, event reports, and information from the Planning Authority (PA) or Transmission Planner (TP). Additionally, the information provided by the PA or TP should have a sufficient level of detail so one can understand the entity s area of operations (maps, facilities, neighboring systems, etc.) Key Outputs Timing Preliminary list of applicable risk factors Targeted Information Request List Updated / verified registered entity data Duration: 1 4 weeks Timing is dependent on, among other things, (1) the availability of qualified CEA Staff, (2) information required and available, (3) resource and scheduling constraints of the registered entities and/or (4) coordination of corroborating information. Level of effort: 8 to 160 hours Much of the information needed to conduct an IRA of a registered entity may already be available through other data collection processes (e.g., Rules of Procedure (ROP) Section 1600 data collection), periodic data submittals, and previous compliance monitoring activities. Information collection efforts depend on the availability of this information from the CEA. 3.2 Decision Making Guidance is provided for the following elements of this phase: 1. Identify processes the CEAs should follow to assess and draw conclusions around risk factors, Standards and Requirements applicable to the registered entity. 2. Identify outcomes of the Decision Making phase. 3. Provide estimated timing and levels of effort required for Decision Making. Key Questions for Decision Making Phase Based on Requirement and registered entity data, - Which Standards and Requirements are not applicable? - Which risk factors are not applicable? Which risk factors are used to assess the level of significance of Standards and Requirements in scope? What are the areas of focus? What level of effort should be assigned to each area of focus? What is our preliminary Compliance Oversight Plan? Once the CEA collects sufficient registered entity information, the CEA will reconfirm the Standards and Requirements that are applicable to the registered entity (refer to section ). For example, Risk Factors NERC IRA Guide July of 22

38 3.0 IRA Module Overview associated with special protective systems (SPSs) do not apply to a Transmission Operator (TOP) that does not have SPSs within its footprint. Additionally, a Vegetation Management Risk Element does not present a high risk to an entity operating in the desert in the Southwest. Once the CEA reconfirms the Standards and Requirements applicable to the registered entity, based on the defined evaluation criteria within the Risk Factor Analysis section, it will assess the risk factors applicable to the registered entity and determine the level of risk associated with each risk factor (refer to section ) Decision Making Process The following decision tree shows a high-level overview of the Decision Making phase Key Inputs (Sources): Prioritized list of risks (Risk Elements module) Preliminary list of applicable Standards and Requirements (Risk Elements module) Preliminary list of applicable risk factors (IRA Information Gathering) Risk Factor Examples (IRA Appendix C) Updated / verified registered entity data (IRA Information Gathering) Risk Factor and Standards and Requirements Applicability Review The purpose of this step is to review information gathered to confirm the applicability of Standards and Requirements to the registered entity. The initial list of potentially applicable Standards and Requirements is NERC IRA Guide July of 22

39 3.0 IRA Module Overview determined based on a registered entity s functional designation 2 ; however, because of specific characteristics of a registered entity (e.g. certain types of assets are not owned or operated by them) a number of Standards and Requirements may not be applicable to them (see examples below). The CEA should use information gathered and risk factors to exclude the registered entity s non-applicable Standards and Requirements. The CEA should document conclusions reached for Standards and Requirements excluded from further analysis based on the Applicability Review. For all Standards and Requirements (as well as corresponding risk factors) that are deemed applicable, the CEA will complete the Risk Factor Analysis in Section To illustrate the Applicability Review, refer to the two examples below. Using collected registered entity information, it is possible to determine whether or not the risk factors and certain Standards and Requirements are applicable to the registered entity. Example A: Applicability of Certain Risk Factors and Standards and Requirements Risk factor: Under Voltage Load Shedding (UVLS) consideration Information Attribute: UVLS Standard and Requirement Considerations: EOP R2 Decision criteria: Does the registered entity have UVLS? Applicability Review and Conclusion: Applicable: If the information gathered indicates the registered entity has UVLS, then the risk factor and Standard and Requirement considerations are applicable. The CEA would move forward to the Risk Factor Analysis (Section ). Inapplicable: If the information gathered indicated the registered entity does not have UVLS, then CEA would document and remove the risk factor and associate Standard and Requirement from further consideration. No further review is needed. Example B: Applicability of Certain Risk Factors and Standards and Requirements Risk factor: BPS exposure Information Attribute: Transmission Portfolio Standard and Requirement Considerations: FAC Decision criteria: Does the registered entity own transmission lines operated at 200 kv or above? Applicability Review: Applicable: If the information gathered indicates the registered entity owns transmission lines operated at 200kV or above, then the risk factor and Standard and Requirement considerations are applicable. CEA would move forward to the Risk Factor Analysis (Section ). 2 An entities functional designation is based on the nature of the entity which includes: (1) balancing authorities, (2) distribution providers, (3) generator operators, (4) generator owners, (5) interchange coordinators or interchange authorities, (6) reliability coordinators, (7) transmission operators, and (8) transmission owners. NERC IRA Guide July of 22

40 3.0 IRA Module Overview Inapplicable: If the information gathered indicated the registered entity does not own transmission lines operated at 200kV or above, the CEA would document and remove associated Standard and Requirement from further consideration. No further review is needed. Note: Examples A and B above are for illustrative purposes only. When making the determination of what would be applicable to a specific registered entity, the CEA will need to identify all relevant Standards and Requirements and related risk factors based on the information gathered Risk Factor Analysis After performing the Applicability Review, the CEA reviews the collected entity-specific information, as well as other known risks to the reliability of the BPS (i.e., inputs from the Risk Elements module), to determine areas of focus within the registered entity. Risk factors associated with the registered entity are weighted based on risk factor evaluation criteria as shown by the criteria columns in the Appendix C Risk Factor Examples. Refer to Appendix C for a list of risk factors and risk factor criteria that can be used as a guide when determining an entity s unique inherent risks to the reliability of the BPS. This can assist when evaluating the criteria of each risk factor associated with specific Standards and Requirements (e.g., qualitative risk classifications high, medium, low). Note: Certain risk factors and the associated criteria/thresholds may vary by region. Depending on the unique characteristics of the entity, the conclusion may be that some of the listed risk factors may be more applicable than others, some may not be applicable at all, or there may be additional risk factors not listed that would be appropriate to consider. The CEA should document their professional judgment used in identifying risk factors and developing risk factor evaluation criteria. To illustrate the risk factor analysis, refer to the example below: Example: Risk Factor Analysis for a generator operator (GOP) Registered function: GOP Risk factors: UVLS and System events and trends Associated NERC Standards & Requirements: VAR-002-2b R1, R2, R3, R4 Information Attributes: Reportable Events history (voltage instability/uvls load shed events) Generating Availability Data System (GADS), TADS data mining Presence of reactive compensation devices Risk Factor Criteria: 1. High urban area or critical customers without any other nearby generators that can provide voltage support and inadequate compensation devices in the area. Or regions served by multiple transmission lines from outside the local area, where special measures must be taken to schedule sufficient local generation to support voltage in the area. 2. Medium same conditions as above but with ample compensating devices and UVLS installations. 3. Low voltage sensitive areas with multiple nearby generators that can provide Mega Volt Ampere (MVA). NERC IRA Guide July of 22

41 3.0 IRA Module Overview The CEA applies professional judgment and reaches conclusions based on the assessment of information attributes reviewed against the defined risk factor criteria. Qualitative and quantitative attributes associated with the information should indicate whether the risk factor is high, medium, and low Quality Review of IRA conclusions: The CEA should leverage internal and external subject matter experts throughout the IRA process as necessary. Once preliminary conclusions about the applicability of risk factors and Standards and Requirements have been reached, the CEA should consider the findings of other subject matter experts (if applicable) or conduct an independent management review of the IRA output to verify they appear appropriate based on the information known about the registered entity. Please refer to the NERC ROP for further guidance around documentation and work papers Key Outputs Updated list of risk factors used to assess the registered entity s inherent risk to the reliability of the BPS. Comprehensive list of Standards and Requirements that are determined to be applicable to the registered entity based on the inherent risks to the reliability of the BPS. List of risk factors and criteria (including evaluation of impact) mapped to applicable Standards and Requirements Timing Documentation supporting inclusion/exclusion of Standards and Requirements. Duration: 1 2 weeks depending on availability of the CEAs and volume and complexity of applicable risk factors and Standards and Requirements. Level of effort: 5 10 full time employee (FTE) days. Specific time necessary to align risks with Standards and Requirements depends on the availability of this information and the CEA capabilities. 3.3 IRA Outcomes Once the IRA decisions process is complete, CEAs should document the process followed, the assumptions made, the specific information leveraged to identify areas of focus, and level of effort that occurred to perform the IRA. Additionally, the out of the IRA process should facilitate a collaborative dialogue with the registered entity regarding applicable risks IRA Outcomes Process The CEA should document each phase of the IRA process. To document each IRA phase, Information Gathering, Decision Making, and IRA Outcomes, CEAs should: 1. Identify processes the CEAs should follow to document conclusions around risk factors, Standards and Requirements applicable to the registered entity. 2. Document the outcomes of the Decision Making phase 3. Provide estimated timing and levels of effort required for IRA Outcomes Key Outputs Key Questions for IRA Outcomes Phase 3.3 What was done to support the conclusion? What level of information should the Compliance Oversight Plan include? How is supporting information documented and maintained? Registered entity specific IRA document that (1) identifies the inherent risks to the reliability of the BPS that are applicable to the registered entity, (2) lists the Standards and Requirements that could help NERC IRA Guide July of 22

42 3.0 IRA Module Overview prevent inherent risks, 3) list of identified risks that are not mitigated by any existing Standards and Requirements, (4) details relevant information including key assumptions used during the IRA decision making process, timing of the IRA, key individuals involved (preparer, reviewer, approver), and information used during the assessment, and (5) summarizes how the IRA ties to the different analyses performed and subsequent conclusions. Draft Compliance Oversight Plan for the registered entity Timing Duration: 1 2 weeks depending on availability of the CEAs and volume and complexity of applicable risk factors and Standards and Requirements. Level of effort: 5-10 FTE days. Level of effort is dependent on the volume and complexity of the information and conclusions reached. 3.4 Revision of the Inherent Risk Assessment The CEAs can review and revise the IRA of a registered entity at any time and should be cognizant of the effect that a registered entity s risks may pose to maintaining a reliable BPS. This understanding is essential in performing an IRA as it establishes a frame of reference by which the IRA is conducted. It is important to note that an IRA will need to be revised as new, emerging, or unique information is obtained. For example, if a registered entity s current IRA is based on ownership of a specific asset, but the registered entity later sells or retires that asset, the CEA should revise the IRA to consider the asset ownership change. NERC IRA Guide July of 22

43 4.0 Documentation 4.1. Results Documentation The CEAs should follow established documentation protocols, refer to the NERC ROP, and use its professional judgment, where appropriate, when determining documentation needs throughout the IRA process. The CEA should maintain documentation that clearly supports conclusions around scope. Documentation includes all data and information obtained, reviewed, and used as inputs to the IRA. Documentation should also include the process to review and analyze information such as, understanding of the Registered Entity and its environment, as well as any information regarding how a registered entity s inherent risks may impact the reliability of the BPS. The CEAs should maintain documentation, demonstrating the nature and extent of information reviewed and IRA conclusions reached. The extent of the resulting documentation is directly linked to the (1) nature, size, and complexity of the issues, (2) procedures performed, and (3) methodologies and technologies used during the process. The more significant and complex these factors are, the greater and more detailed the documentation may be Documentation Retention Upon completion of the IRA process, the CEA should retain relevant documentation that supports the procedures performed and conclusions reached. Examples of documentation that should be retained includes, but may not be limited to, the following: IRA programs, analyses, memoranda, summaries of significant findings or issues, checklists, abstracts, copies of important documents, and paper or electronic correspondence concerning significant findings or issues. Additionally, finalized narrative descriptions, questionnaires, checklists, and flowcharts created through the IRA process are also considered important documentation and should be retained. When making the determination of the nature and extent of documentation that should be retained, the CEA should consider the information that would be required for an experienced compliance team member to understand the work performed and the conclusions reached during the IRA. It is important to note that incomplete or preliminary documentation does not need to be maintained. NERC IRA Guide July of 22

44 5.0 Possible Tools, Templates, and Other Needs The purpose of this section is to identify possible tools, templates, or other needs to further enhance the IRA module and allow for the consistent execution of the IRA process. The ERO will identify next steps to develop and implement the items identified below. Information Gathering Template Template to maintain the preliminary list of applicable Standards and Requirements, by Registered Function (for the Registered Functions of the entity going through an IRA), that are linked to known risks to the reliability of the BPS. This template also includes a preliminary list of applicable risk factors. Standards and Requirements Applicability Criteria Criteria that need to be captured to identify which Standards and Requirements are not applicable to a registered entity based. One such criteria would be the fact the entity does not own or operate specific assets (e.g. if a registered entity does not own Transmission Facilities above 200kV or above, then FAC would not be applicable). Once the criteria are defined, the CEA should consider developing an automated solution for applicability. Risk Factors and Associated Criteria A list of risk factors and their associated criteria that are weighted against registered entity data. This will help identify the areas in which the registered entity has inherent risks to the reliability of the BPS, which will help identify Standards and Requirements that could mitigate them. IRA Output Template Used to capture output of the IRA module that (1) identifies the inherent risks to the reliability of the BPS that are applicable to the registered entity, (2) lists Standards and Requirements that would mitigate the inherent risks, (3) information including key assumptions used during the IRA decision making process, timing of the IRA, key individuals involved with the IRA (preparer, reviewer, approve), and references to information, and (4) and a summary of the data that was used during the IRA along with how it ties to the different analysis performed and conclusions. Compliance Oversight Plan Template to document the strategy for an individual registered entity (including the compliance monitoring methods that will be applied to a particular entity) CEA Competencies Skill sets necessary to perform each of the different IRA phases within the IRA module. These competencies need to be explicitly defined and documented. Updated / verified Registered Entity Data Inventory List of collected registered entity information for the IRA. Decision Making Template Template to maintain a list of registered entity inherent risks to the reliability of the BPS. The template includes Standards and Requirements applicable to the registered entity, list of risk factors and criteria (including evaluation of impact) mapped to applicable Standards and Requirements, and documentation supporting inclusion/exclusion of Standards and Requirements. IRA Training Materials Training and implementation plan for IRA, which includes initial roll-out and maintenance. IRA overview presentations and communications ERO standardized presentations and communications for IRA related material to be used at workshops, training, webinars, etc. Governance (change management, revisions, etc.) Governance processes that clearly identify ownership, change management, and other processes needed to maintain the IRA module. FAQ s for the IRA module A list of frequently asked questions posed by registered entities regarding the IRA module. NERC IRA Guide July of 22

45 6.0 References Below are a list of reference materials that support the basic principles, concepts, and approaches within this Guide. The CEAs can use these reference materials to assist in applying the IRA process detailed in this Guide. These reference materials can assist with determining: (1) where and to what extent professional judgment should be applied, (2) the sufficiency and appropriateness of evidence to be examined, and (3) the sufficiency and appropriateness of the documentation required. Generally Accepted Government Auditing Standards (GAGAS), located at: ERO Compliance Auditor Handbook, located at: Compliance-Auditor-Manual.aspx Annual ERO CMEP Implementation Plan, located at: NERC ROP, located at: NERC IRA Guide July of 22

46 Appendix A Definitions Areas of Focus: The outcomes of the IRA process and determines: Risks deemed applicable to the registered entity; Reliability Standards deemed appropriate to apply to the registered entity; and mapping of Risk Factors to Reliability Standards and Requirements Compliance Oversight Framework: The Compliance Oversight Framework is the risk-based approached that includes process steps and considerations of Risk Elements, IRA, Internal Control Evaluation (ICE), and CMEP Tools. Compliance Oversight Plan: A plan consisting of the oversight strategy for a registered entity. The plan will usually include areas of focus, level of efforts, timing, and overall strategy on use of CMEP tool(s). Compliance Enforcement Authority: NERC or the RE in their respective roles of monitoring and enforcing compliance with the NERC Reliability Standards. CMEP Tools: In context of IRA, these are tools used during the compliance monitoring processes to develop the CEAs Compliance Oversight Plan. CMEP tools are described in Section 3.0 of the NERC ROP, Appendix 4C, and includes but are not necessarily limited to Compliance Audits, Spot Checks, Self-Certifications, and Periodic Data Submittals. Information Attributes: Registered entity-specific data or information that is collected by Res to be used during IRA and the related process to support development of Compliance Oversight Plan. Inherent Risk: Risks specific to a registered entity that could impact the reliability of the BPS. Inherent Risk Assessment: A review of potential risks posed by an individual registered entity to the reliability of the BPS. Preliminary Area of Focus: At any point during the IRA module phases, the preliminary list of risks and mapped Reliability Standards that have not been removed from the potential Area of Focus. Professional Judgment: Represents the exercising of reasonable care and professional skepticism. Reasonable care concerns acting diligently in accordance with applicable professional standards and ethical principles. Professional skepticism is an attitude that includes a questioning mind and a critical assessment of evidence. Reasonable Assurance: Conclusions based on evidence that is sufficient and appropriate to support the CEA s conclusions. (Note: Emphasis on reasonable, not complete or absolute assurance). Risk Factors: Considerations used during an IRA to identify a registered entity s risk characteristics that are inherent to a registered entity s configuration and may impact the reliability of the BPS. NERC IRA Guide July of 22

47 Appendix B Information Attribute List The information attributes list below contains primary and secondary information that is to be considered during the IRA process. The primary information list is the minimum list of information that should be considered during the IRA process regardless of the analytic tools, techniques, or methods applied for risk identification. The secondary list includes additional criteria that a CEA may consider during its IRA process, but have not been identified as critical to the completion of the IRA. The information attribute list is not intended to be an allinclusive list for information considerations, but should serve as a guide to identify information needed for an IRA. The information attributes list summarizes the purpose of each information attribute, as well as provides criteria to understand data standards and rationale for collection. Specifically, the data criterion considers the nature and criticality of the data when conducting an IRA. It should be leveraged as a guide for identifying relevant data to be collected, but is not a comprehensive list. There are various sources of information used to collect data. These sources include: publicly available sources, third-party sources, CEA internal sources (i.e., NERC and REs), and direct information gathering from the registered entity. This guidance recognizes that each CEA may need to identify and prioritize its own methods for collecting information attributes based on its individual resources and capabilities. The CEA can refer to the source descriptions for each information attribute for possible collection methods. NERC advises Res to collaborate, where possible, to obtain registered entity information. However, due to certain limitations, a CEA may have to contact the registered entity directly. NERC IRA Guide July of 22

48 Appendix B Information Attribute List Primary Information Attributes Information Attribute Specific Information/Date Purpose of Information Attribute Source(s) Confirm registration and assess applicability of Standards and Registered Functions Number and type of functions and delegation responsibilities. agreements of responsibilities (JRO/CFRs, etc.) Understanding reliability risk to BES NERC Registry, CFR postings, Region, Entity Total megawatt capability Peak Load and area capacity Magnitude of possible impact for BAs/TOPs/LSEs Reliability Assessment Subcommittee (RAS), TP/PA models, entity Interconnection points and critical facilities and paths Special Protection Systems SCADA and EMS systems Undervoltage load shedding Underfrequency load shedding System restoration plan and responsibilities Blackstart resources IROLS SOLS, Voltage SOLS, Stability SOLS Critical Facilities designated by Planning Authority CIP Critical Transmission and Generation Facilities Cranking paths, Next start paths, synchronization points, and BA boundaries Design information EMS/GMS Systems and Vendors Power system analysis tools Network Diagrams Authentication and Encryption Operating Systems Use of specialized automation used in the control system Remote access capabilities Physical security System communication methods (e.g. copper, microwave, routable/nonroutable,etc.) ICCP systems Understanding of potential operating risk for certain entity's facilities. Reflects potential risks in system, management, awareness. Misoperation occurs if not working when called upon and understanding of roles and responsibilities(high impact low frequency) To identify possible cyber gaps, CIP guidance, controls and monitoring and operational planning (if the entity does not have power system analysis tools then ability to serve load is unknown). Possible risk is misplanning or causing an outage and identifying SOLs (N-1). Identify in-house design/vendor issues Regional assessments, TP/PA models, tieline database, one lines (entity), RC/TOP information, critical asset list (Region or entity), PRC-023 list Regional SPS database Entity and entity history Potential risks in local system, awareness, control, system PA study, entity data submittals to REs and support/restoration/prevention. Very high risk facilities when called other Regional data, upon to protect against misoperation Potential risks in local system, awareness, control, system PA study, entity data submittals to REs and support/restoration/prevention. Very high risk facilities when called other Regional data upon to protect against misoperation Understanding entity and responsibilities for how you restore system and reduce length of blackout RC/TOP Plans, PA submittals to REs Understanding entity and responsibilities for how you restore system and reduce length of blackout Entity Understanding of potential operating risk for certain entity's facilities RC/TOP, PA, Entity Understanding of potential operating risk for certain entity's facilities Entity Understanding of potential operating risk for certain entity's facilities PA Understanding of potential operating risk for certain entity's facilities Entity and Regional Entity database NERC IRA Guide July of 22

49 Appendix B Information Attribute List Primary Information Attributes Information Attribute Specific Information/Date Purpose of Information Attribute Source(s) Generation Portfolio Generator name Nameplate capacity MVAR capability Fuel type Ownership Compliance responsibilities Transmission line mileage Magnitude of possible impact Magnitude of possible impact Entity registration and system models TADs for 200 kv and higher/entity and system models for other Transmission line unique identifier Magnitude of possible impact TADs for 200 kv and higher/entity and system models for other Transmission portfolio Major changes to entity s operations Line voltage Compliance responsibilities Ownership and operation Changes to transmission and generation portfolios (sales/acquisitions/retirements/replacements) Magnitude of possible impact Awareness and entity understanding of entity footprint (asset ownership) Awareness and entity understanding of entity footprint (asset ownership) Magnitude of possible impact and potential changes in responsibilities Regional Factors Affecting Reliability System geography Impact awareness Public info Self-reports: Number, types, ratio of self-reports versus violation history, Standards violated in Understanding of entity culture of compliance and potential areas of Entity Self-Reports concern and possible IRA impacts. TADs for 200 kv and higher/entity and system models for other Entity Entity Public media, entity, PA/BA Compliance and Enforcement History Compliance activities: Involvement in TFEs, periodic data submittals, self-certifications, areas of concern and audit recommendations Understanding of entity culture of compliance and potential areas of concern and possible IRA impacts. Entity Events and Misoperations-operations History Enforcement activities: Mitigation Plans and milestones, corrective actions, mitigation plan status that would impact further compliance activities Number/type of misoperations Root cause analysis/corrective action/compliance assessment Understanding of entity culture of compliance and potential areas of concern and possible IRA impacts Understand potential risk related to corrective action Understand potential risk related to corrective action Event reports Understand entity operations and its high risk facility and interconnection information RE Emergency Energy Alerts To identify reoccurring issues that may impact reliable operations RC Entity Misoperations database, Entity reporting via TADS, GADS, DADS NERC/RE (RAPA, operations group) reports and information Secondary Information Attributes Data Element Sub data Element Purpose of Data Element Source (s) System drawings of the registered entity s area (overall system one lines) Awareness and entity understanding of entity footprint (asset ownership) RC/TOP Plans, PA submittals to REs, Regional databases Understanding of potential operating risk for certain entity's Entity operating planning guides facilities. Identify elements being monitored to implement operating Entity and RCs guide for system reliability. Helps identify high risks facilities that would need to implement operating guides. Number of Critical Assets Magnitude of possible impact Entity and Regional Entity database Control Center Location(s) for primary and back-up Understand level of redundancy and availability Certification documentation and Entity Major changes to entity s operations Magnitude of possible impact and potential changes in Seasonal shutdowns Entity, PA/BA responsibilities New and current Service Level Agreements with Coordination and assigned accountability Entity neighboring Registered Entities Registered Entity s current organizational reporting structure and upper management Understanding of general structure and accountability Entity Number of changes to direct and supporting staff to help ensure reliability. Understanding of general structure and accountability Entity Regional Factors Affecting Reliability Seasonal/ambient conditions Impact awareness Regional Entity and public information Legal or Regulatory Issues Affecting Reliability Understand potential impact on resources and company culture Public media Disturbance Monitoring Equipment Identifying equipment to determine applicability of standards and information responsibilities Individual (protecting working group) NERC IRA Guide July of 22

50 Appendix C Risk Factor Examples NERC IRA Guide July of 22

51 Appendix C Risk Factor Examples NERC IRA Guide July of 22

52 Attachment B Risk-Based Registration Phase 1 - Enhanced Draft Design Framework and Implementation Plan July Peachtree Road NE Suite 600, North Tower NERC Risk Based Registration Phase 1 Enhanced Draft Design Framework and Implementation Plan Atlanta, July 2014 GA www. nerc. com

53 Table of Contents Background and Introduction...1 Design Framework Overview...3 Ties to the BES Definition...3 Use of Materiality Test and NERC-Led Panel Review...3 Revisions to Registry Criteria...4 Removal of Three Functional Categories from NCR...4 Sub-sets of Applicable Reliability Standards...5 Other Key Features...5 Design Framework...7 New BES Definition as model and anchor for risk-based registration...7 Synchronize threshold revisions with BES Definition and align with risk...8 Functional registration category removal if not material to reliability...9 Risk-Based Application of Reliability Standards Clarify terms and improve current procedures Materiality Factors for Evaluating Materiality Establish a centralized review process BES references Deactivation NERC oversight and guidance on registration practices One-time attestations Entity risk assessment in a common registration form Status quo for other functional registration categories Appendix A Implementation Plan... A-1 Appendix B RBRAG and Task Force Rosters... B-1 NERC Risk-Based Registration Phase 1 - Enhanced Draft Design Framework and Implementation Plan July 2014 i

54 Background and Introduction 1 North American Electric Reliability Corporation s (NERC) Risk-Based Registration (RBR) initiative seeks to ensure that the right entities are subject to the right set of applicable Reliability Standards, using a consistent approach to risk assessment and registration across the electric reliability organization (ERO) Enterprise. 2 This document presents a draft design framework with proposed enhancements to the NERC Registration program, which is set forth in the NERC Rules of Procedure (ROP) Section 500, 3 as well as Appendix 5A 4 and Appendix 5B. 5 Implementation of the Registry Criteria over the last eight years has yielded a wealth of experience and information that have informed these efforts and will drive the Registration program to a mature end-state. The NERC Registry Criteria provides for the registration of bulk power system (BPS) owners, operators and users that perform a function listed in the functional types identified in Section II of the Registry Criteria, meet the criteria in the Registry Criteria, and have a material impact on BPS reliability to register as one or more of fifteen functions. 6 The NERC Compliance Registry (NCR) identifies the functional categories and entities that are subject to compliance with mandatory NERC Reliability Standards. The draft design framework reflects input from the Risk-Based Registration Advisory Group (RBRAG) 7 and the RBRAG technical Task Force (RBRAG Task Force), 8 both of which were established by NERC for this initiative. It also reflects input from industry survey responses, public comments during the meetings of the NERC Board of Trustees (Board) and its committees, as well as the Member Representatives Committee (MRC) policy input comments. It also reflects input from over fifty sets of comments on the Draft Design and Implementation Plan that were submitted in June. The framework includes: (i) refined thresholds, where warranted, based on sound technical analysis and support, (ii) reduced Reliability Standard applicability, where warranted, based on sound technical analysis and support, and (iii) clearly defined terms, criteria and procedures that are risk-based and ensure reliability of the BPS, as anchored in the new Bulk Electric System (BES) Definition. The proposed enhancements reduce unnecessary burdens by all involved, while preserving BES reliability, and avoid causing or exacerbating instability, uncontrolled separation, or cascading failures. Specifically, the draft design framework proposes to: 1 NERC is already removing references to Regional Reliability Organization in the NERC Reliability Standards. As a result, the RBR redesign will not include this term. 2 All references to the Federal Energy Regulatory Commission (FERC or Commission) apply to U.S. registration only. Applicable Governmental Authorities in Canadian jurisdictions may have adopted their own Rules of Procedure and Compliance Registry requirements. 3 NERC Rules of Procedure, available at 4 NERC Rules of Procedure at Appendix 5A, Organization Registration and Certification Manual, available at 5 NERC Rules of Procedure at Appendix 5B, NERC Statement of Registry Criteria (Registry Criteria), available at 6 NERC Statement of Compliance Registry Criteria (Registry Criteria) at 2 ( Organizations will be responsible to register and to comply with approved Reliability Standards to the extent that they are owners, operators, and users of the Bulk Power System, perform a function listed in the functional types identified in Section II of this document, and are material to the Reliable Operation of the interconnected Bulk Power System as defined by the criteria and notes set forth in this document. ). See Registry Criteria at 7 The RBRAG is comprised of NERC staff, the Regional Entities, FERC, and U.S. and Canadian industry representatives and was formed to provide input and advice regarding the initiative s design and implementation. The RBRAG provided the draft white paper to the Member Representatives Committee in April. See Appendix B hereto. 8 The RBRAG Task Force is an advisory group task force comprised of subject matter experts from NERC, the Regional Entities and industry. See Appendix B hereto. NERC Risk-Based Registration Phase 1 - Enhanced Draft Design Framework and Implementation Plan July

55 Background and Introduction 1. Synchronize the thresholds and criteria to the new BES Definition for the Generator Owners (GO)/Generator Operators (GOP) and Transmission Owners (TO)/Transmission Operators (TOP) functions 2. Refine the thresholds for one other functional category, Distribution Provider (DP), and ties it to the BES Definition 3. Deactivate registration of entities for three functional categories that are proposed for removal from the NCR that are commercial in nature, Purchasing-Selling Entity (PSE), Interchange Authority (IA) and Load- Serving Entity (LSE), recognizing that other entities are responsible for managing the aggregate reliability impacts of commercial transactions (e.g., BA, DP) 4. Develop Reliability Standard applicability sub-lists for certain limited situations, such as DPs that only own UFLS and do not meet other DP Registry Criteria ( UFLS-Only Distribution Providers ). The RBR is not changing Reliability Standard applicability sections for DPs and is not creating a new separate functional category. As separate efforts in Phase 2 of RBR, NERC will consider future development of applicability sub-lists for low risk TOs/ TOPs and GOs/GOPs 5. Clarify key Registry Criteria terms (BPS versus BES, material impact, materiality test, risk methods, etc.) 6. Develop Compliance Monitoring and Enforcement Program (CMEP) procedures to permit Registered Entities to make a one-time attestation of Not Applicable to a given Reliability Standard requirement with respect to self-certifications and other compliance monitoring activities 7. Implement a common ERO registration form that includes common data elements for registered entity registration. This form will be considered for future ERO Enterprise common IT platform applications 8. Centralize the review process for issues as to application of the Registry Criteria, materiality determinations not to register entities that meet the Registry Criteria thresholds, or to register entities that do not meet the Registry Criteria thresholds ( above-the-line and below-the-line registration determinations, respectively), as well as determinations as to targeted application of Reliability Standards 9. Identify any other new or modified processes and procedures 10. Describe oversight and respective roles of Regional Entities and NERC 11. Identify what is not changing At this time, there are no proposed recommendations with respect to the following seven functional categories: Balancing Authorities (BAs), Planning Authorities (PAs)/Planning Coordinators (PCs), Reliability Coordinators (RCs), Transmission Planners (TPs), Resource Planners (RPs), Reserve Sharing Groups (RSGs) and Transmission Service Provider (TSPs). NERC notes that the draft design framework and implementation plan will be posted for a 45 day comment period in August, The draft design framework, implementation plan and NERC Rules of Procedure revisions will be presented to the NERC Board in November, The implementation plan has been developed to have an appropriate pace for completion by the end of 2015 to ensure a smooth transition to the new Registration program. Key highlights of activities in 2014 and 2015 are set forth in Appendix A hereto. Technical reviews and analysis are underway and will help inform the final Phase 1 RBR design. NERC expects these analyses to be available for review at the November Board meeting. NERC Risk-Based Registration Phase 1 - Enhanced Draft Design Framework and Implementation Plan July

56 Design Framework Overview NERC s mission is to ensure reliability of the BPS. NERC achieves this, in part, by development and enforcement of mandatory Reliability Standards. Only those entities that are registered and included on the NCR are responsible and held accountable for compliance with mandatory Reliability Standards. Users, owners and operators of the BES are users, owners and operators of the BPS. Since 2006, NERC has registered entities for one or more functional categories depending on whether it is a user, owner or operator of the BPS. The overall objective of the RBR Initiative is to ensure that the right entities are subject to the right set of applicable Reliability Standards. This requires the use of a consistent approach to risk assessment and registration across the ERO Enterprise. The goal is to develop enhanced Registry Criteria, including the use of thresholds and specific Reliability Standards applicability, where appropriate, to better align compliance obligations with material risk to reliability. Ties to the BES Definition Going forward, entities will continue to be registered by the function(s) they perform as a user, owner or operator of the BES rather than on a facility-by-facility basis. Registration decisions will be made in accordance with proposed revised thresholds in the Registry Criteria. The proposed framework recognizes differences in treatment of owners and operators of the BES as compared to users of the BES. For owners and operators of the BES, the framework proposes to rely primarily on the BES Definition to determine eligibility for registration of such functions as TO, TOP, GO and GOP. A proposed tenet of registration is that those who own or operate BES Elements are eligible for registration as owners or operators. That is, for owners and operators, Registry Criteria are based on the BES Definition. This leaves the users of the BES and the question of what type of and how much use is material to the reliability of the BES. Even for use of the BES, the BES definition provides some guidance as to how much use has been deemed material when considering dispersed resources or power plants of greater than 75 MW. The framework proposes to: 1) use this 75 MW of use by energy produced by dispersed resources/power plants as a threshold for use deemed material by any type of use (including by load); and 2) test that 75 MW threshold through risk assessment. Use of Materiality Test and NERC-Led Panel Review Under both the current Registration program and the proposed revisions, if an entity meets the Registry Criteria, there is a rebuttable presumption that it has a material impact on the reliability of the BPS, and it is in a pool of eligible candidates that NERC and the Regional Entities may identify for registration. 9 NERC and the Regional Entities may exercise discretion not to pursue registration of an entity that meets the Registry Criteria if not warranted by BES reliability considerations. Where registration is pursued, an entity that meets the Registry Criteria may nevertheless be able to demonstrate through a materiality test that it is not material to reliability and should not be registered. In addition, the materiality test may be used to establish that an entity that does not meet Registry Criteria should be registered because it does have a material impact on reliability. Such a process parallels the BES definition and exception process, where after application of the bright-line criteria, exceptions can be justified (both above-the-line and below-the-line). That is, bright-line criteria determine eligibility for registration just as bright-lines determine eligibility for equipment to be part of the BES in the BES definition. After application of the bright-lines, there is a materiality process where an entity can provide evidence of immateriality and therefore not need to register even if bright-lines are met, or conversely a Regional Entity can provide evidence of materiality and cause registration to occur even if the bright-lines are not met. 9 An entity s obligations regarding self-registration are not changed by this initiative, nor is FERC s ruling that entities are subject to compliance and enforcement for requirements applicable to a functional category only once they have been registered for that function. NERC Risk-Based Registration Phase 1 - Enhanced Draft Design Framework and Implementation Plan July

57 Design Framework Overview Although the burden is on NERC and its Regional Entities to demonstrate that an entity meets the Registry Criteria for registration, the burden in the materiality process is on the entity making the request to be excluded from the NCR (despite satisfying the Registry Criteria) and on the Regional Entity to include an entity in the NCR (that does not satisfy the Registry Criteria), similar to the BES exception process. In the event of a dispute over whether an entity meets the Registration Criteria, the question goes to the NERC-led panel for review, as set forth in Figure 1 below. To make these determinations, a NERC-led panel, comprised of NERC and Regional Entity staff, is proposed to be established to address questions or issues that arise with respect to threshold application, materiality, or Reliability Standard requirement applicability. Revisions to Registry Criteria The proposed risk-based reforms to the Registry Criteria reflect and complement the new BES Definition. Namely, work over the last several years has culminated in a newly approved BES Definition that sets forth bright-line criteria as well as an exception process for transmission and generation assets that will go into effect in the U.S. on July 1, 2014, 10 clarifying which assets may subject an entity to registration for the functions that involve owning and operating assets. For example, specific language in Part III for TOs, TOPs, GOs and GOPs has been removed, due to existing language for TOs and TOPs and modifications to the language for GOs and GOPs in Part II that tie directly into the BES Definition. As a result, the BES Definition (including the core definition, inclusions, exclusions, and the results of the exceptions process) provides the thresholds for TOs, TOPs, GOs and GOPs. The framework proposes revisions to the Registry Criteria for the DP functional registration category to (i) increase the peak load threshold from 25 MW to 75 MW to reflect the comparative risk load poses to reliability as compared to energy from dispersed resources/power plants; (ii) retain existing language, consistent with NERC s clarification that it is the entity s system that is directly connected to the BES; 11 and (iii) add new registration criteria if an entity has responsibility for operating a cranking path or provides services to a nuclear plant, while retaining criteria related to owning or operating protection systems important for reliability (such as Special Protection Systems (SPS), undervoltage load shedding (UVLS) and transmission Protection Systems (TPS)). In addition, a sub-set of applicable Reliability Standards is identified for UFLS-Only DPs at or below 75 MW that do not meet the new thresholds, but who are part of a required underfrequency load shedding (UFLS) program. If an entity meets the Registry Criteria, it is deemed to have a material impact on the reliability of the BES, and it is in a pool of eligible candidates that NERC and the Regional Entities may identify for registration. 12 NERC and the Regional Entities may exercise discretion not to pursue registration of an entity that meets the Registry Criteria if not warranted by BES reliability considerations. Removal of Three Functional Categories from NCR Of the fifteen 13 functional registration categories, three functional users of the BES PSE, IA and LSE are proposed for removal from the NCR because (i) these functions are commercial in nature, (ii) the reliability impacts 10 The BES Definition went into effect on July 1, 2014 in certain Canadian jurisdictions. 11 The proposed reference to BES was formerly a reference to BPS. 12 An entity s obligations regarding self-registration are not changed by this initiative, nor is FERC s ruling that entities are subject to compliance and enforcement for requirements applicable to a functional category only once they have been registered for that function. 13 The fifteen registration functional categories include Reliability Coordinator (RC); Transmission Operator (TOP); Balancing Authority (BA); Planning Authority (PA); Transmission Planner (TP); Transmission Service Provider (TSP); Transmission Owner (TO); Resource Planner (RP); Distribution Provider (DP); Generator Owner (GO); Generator Operator (GOP); Load-Serving Entity (LSE); Purchasing-Selling Entity (PSE); Interchange Authority (IA); and Reserve Sharing Group (RSG). NERC Risk-Based Registration Phase 1 - Enhanced Draft Design Framework and Implementation Plan July

58 Design Framework Overview of commercial transactions are addressed in the aggregate within the standards (e.g., requirements to BAs, RPs and DPs within the BAL and other standards); and (iii) the requirements contained in the NERC standards for these functions are either already adequately covered by other contracts or regulations (e.g., pro forma Open Access Transmission Tariff (OATT), North American Energy Standards Board (NAESB) Standards, commercial contracts, market rules) or can be transferred to another entity or process without an adverse impact on reliability. Sub-sets of Applicable Reliability Standards For the remaining functional categories, RBR allows sub-sets of applicable Reliability Standards based on individual review of a specific entity as well as common characteristics of a class of entities, as applicable. This does not result in a change in the applicability section of a particular Reliability Standard; rather, it is the exercise of discretion, as part of the registration process, to determine whether a particular Reliability Standard or requirement shall apply to an entity. From Order No to date, FERC has long recognized that NERC and the Regional Entities have the ability to apply sub-sets of Standards to registered functions. Tailoring Reliability Standard obligations has been successfully implemented in both the registration appeal context and Project : Generator Requirements at the Transmission Interface (the GO/TO project). The redesigned framework builds on that use and experience to date and proposes a sub-set for one sub-category of the DP functional category as follows: UFLS-Only DP criteria apply to entities that do not meet the proposed DP registration criteria, but participate in a UFLS program needed for reliability. Such UFLS-Only DPs would only be responsible for complying with PRC and any Regional Reliability Standard(s) whose purpose is to develop or establish a UFLS Program (excluding any then-existing Standard whose purpose is maintaining Protection Systems used for underfrequency load-shedding systems) in effect as of November 1, 2014, as well as any other Reliability Standards that identify UFLS-Only entities in their applicability section, but not the other standards applicable to a DP. As a result, maintenance and testing of these distribution Protection Systems would be on a voluntary basis instead of mandatory compliance obligation (in PRC once per 6 to 12 years). Therefore, there is a small risk of potential failure to operate. NERC is moving consideration of a sub-set list of Reliability Standards for TOs/ TOPs and GOs/GOPs as separate efforts in Phase 2 of RBR. Other Key Features Other key features of the draft design framework include the use of one-time attestations and a common registration form. RBR also is exploring the use of a single, web-based design and other business tools and processes to support RBR. The RBR redesign reflects NERC s responsibility and oversight to ensure that a Regional Entity implements the Registration program in a consistent manner. Each of these is described in more detail below. Technical reviews of the proposals set forth herein are ongoing. Where tariff and other agreements under the Commission s Section 205 jurisdiction are considered in making a determination that subjecting a Registered Entity to a particular requirement is not justified based on risk, technical analyses in accordance with Section 215 of the Federal Power Act (FPA) will be required to identify any reliability implications of the proposals, so that no material reliability gaps are created. The proposed revisions remain subject to change based on technical review results and consideration of reliability stakeholder comments on the draft documents. 14 Mandatory Reliability Standards for the Bulk-Power System, 118 FERC 61,218, FERC Stats. & Regs. 31,242 (Order No. 693), order on reh g, Mandatory Reliability Standards for the Bulk-Power System, 120 FERC 61,053 (Order No. 693-A) (2007). NERC Risk-Based Registration Phase 1 - Enhanced Draft Design Framework and Implementation Plan July

59 Design Framework Overview Notably, Registration decisions are separate and apart from application of the BES definition, including the BES exception process. The new BES Definition and exception process may resolve, to some extent, the treatment of Elements that are not necessary for the reliable operation of the BES. However, the revised BES Definition does not affect NERC s ability to decide, on a case-by-case basis, that registration is not warranted in particular cases, or to restrict the applicability of standards to particular entities. Rather, the BES Definition solely relates to whether a particular Element is BES or not. Once the BES definition is applied, the owners and operators of the BES assets are eligible for registration. For users of the BES, the proposed registration criteria are specific to that function. The RBR process, including application of the Registry Criteria and materiality exception process, is then used as a way to identify those organizations that should be registered based on the functions they perform (e.g., do they own and maintain BES Facilities) and their risk or contribution to reliability. Figure 1.RBR Flow Chart Overview NERC Risk-Based Registration Phase 1 - Enhanced Draft Design Framework and Implementation Plan July

60 Design Framework New BES Definition as model and anchor for risk-based registration The new BES Definition went into effect on July 1, 2014 and includes processes for notifications of self-determined exclusions and inclusions, as well as exception requests to add elements to, or remove elements from, the BES on a case-by-case basis. Importantly, the BES Definition includes thresholds for transmission and generation owners and operators, but not users of the BES. The BES Definition is important to the RBR for two reasons. First, the structure of the BES Definition, approved by Federal Energy Regulatory Commission (FERC), is a useful model for the RBR. It begins with a bright-line threshold that identifies most facilities that are part of the BES, and then layers on clear exclusions and inclusions that address the most common configurations not adequately captured by the bright-line threshold. Combined, the BES Definition bright-line, exclusions and inclusions address the vast majority of elements that should be part of the BES, but elements can be included or excluded from the BES through a case-by-case exception process. The reformed registration process is similarly structured. The RBR redesign includes revised thresholds, with a caseby-case process to adjust registration (by inclusion or exclusion) where warranted based on a materiality determination that takes into account circumstances not captured by the revised thresholds. Second, the new BES Definition serves as a foundational anchor for Registry Criteria. While the statutory term BPS sets the outer limit of NERC authority, it has not been definitively defined by FERC. However, FERC has stated that users, owners and operators of the BES are users, owners and operators of the BPS. In addition, the existing Registry Criteria refers to the BPS as greater than 100 kv. Now that the BES is clearly defined, the term can be used to determine on a consistent basis the entities that warrant registration and address material impact on reliability. For this reason, certain of the proposals in the draft design framework for revising the Registry Criteria incorporate the BES Definition. Importantly, the new BES Definition and exception process relates to whether a particular Element is BES, and defines the Elements that are not necessary for the reliable BES operation. However, the revised BES Definition does not affect NERC s ability to decide, on a case-by-case basis, that registration is not warranted in particular cases, or to restrict the applicability of standards to particular entities. It remains within NERC and Regional Entity discretion to determine whether registration of an owner or operator of a particular BES Element is warranted based on all facts and circumstances. 15 For example, to date, load-only manufacturing facilities have not been registered as TO/TOPs. While some may have configurations that result in BES classification and make them candidates for registration, NERC and the Regional Entities will examine whether registration is warranted In accordance with Appendix 5C of the NERC Rules of Procedure, an entity that becomes a candidate for registration as a result of newly-identified Element(s) as a result of application of the BES Definition will not be registered during the pendency of an exception request with respect to such Element(s). With respect to an entity that already is registered for a function due to ownership or operation of an Element that is subject to a notification of self-determined exclusion, there is no automatic change in registration status as a result of validation of the notification by NERC and the Regional Entity. With respect to an entity that already is registered for a function due to ownership or operation of an Element and such entity submits an Exclusion exception request for that Element, there is no automatic change in registration status as a result of a decision that an Element is, or is not, a BES asset. Changes in registration status are governed by the provisions in Section 500, Appendix 5A and Appendix 5B of the NERC Rules of Procedure. 16 For such load-only manufacturing facilities (i.e., with no BES generation), factors to be considered would include whether the utility maintains the Element; whether the Element is embedded in a retail customer facility and serves a local distribution function; third-party usage; whether wide area view is relevant; and whether there is participation in SPS (RAS), UVLS or UFLS program for the protection of the BES. NERC Risk-Based Registration Phase 1 - Enhanced Draft Design Framework and Implementation Plan July

61 Design Framework Synchronize threshold revisions with BES Definition and align with risk Over time, entities have contended that the current thresholds are too low and include a large number of entities that pose little or no risk to reliability. Taking into account the new BES Definition and experience to date, the draft design framework includes proposals to revise the Registry Criteria for DPs, TOs, TOPs, GOs and GOPs to more clearly anchor them in the new BES Definition and align them with risk. The revised thresholds will be subject to a case-by-case process (modeled after the BES exceptions process) to allow for registration of entities that do not meet the Registry Criteria or deactivation of a function for entities that satisfy the Registry Criteria, based on a determination of materiality. Specific threshold criteria in Part III for TOs, TOPs, GOs and GOPs have been removed, due to existing language for TOs and TOPs and modifications to language for GOs and GOPs in Part II that tie directly into the BES Definition. As a result the BES Definition thresholds are the thresholds for TOs, TOPs, GOs and GOPs. With respect to the DP function, there are several proposed revisions to the threshold criteria. First, language is clarified to read that it is the entity s system that is directly connected to the BES. In addition, the threshold is increased to 75 MW (pending studies of the aggregate impact of such change) while retaining or adding other criteria for registration such as owning or operating Protection Systems important for reliability (SPS, UVLS and tps), responsibility for operating a cranking path, or responsibilities for providing services to a nuclear plant. UFLS- Only DPs would only be responsible for complying with PRC and any Regional Reliability Standard(s) whose purpose is to develop or establish a UFLS Program (excluding any then-existing Standard whose purpose is maintaining Protection Systems used for underfrequency load-shedding systems) in effect as of November 1, 2014, as well as any other Reliability Standards that identify UFLS-Only entities in their applicability section, but not the other standards applicable to a DP. The proposed changes include revising references from BPS to BES in specific provisions in the Registry Criteria; however, such changes would not apply when discussing NERC and FERC jurisdiction over the BPS. The greater than 75 MW threshold for the DP function tracks the 75 MW dispersed generation threshold in the BES Definition. RBRAG also took into account the impact of increasing the threshold to 75 MW on the following specific Reliability Standard considerations: CIP v5 EOP-004 R2 on Disturbance Reporting EOP-005-2: load important to a restoration plan FAC-002, coordination plans for new facilities NUC-001: providing Nuclear Plant Interface Requirements PRC-004, PRC-005 and PRC-023: DP that owns TPS DP <= 75 MW Already a 300 MW bright-line for automatic load shedding under a common BES Cyber System in the standard A 75 MW DP will not reach most of the thresholds in the standard Add to registry criteria for DP if the TOP s restoration plan identifies the DP as performing unusual tasks Immaterial impact and may be covered in pro forma OATT 17 Add to the registry criteria Retain in registry criteria. 17 Because tariff and other agreements are governed by Section 205 of the FPA, technical analyses in accordance with Section 215 of the FPA will be required to identify reliability implications and assess the materiality of associated risk, if any, of the proposed change. This information will be one of many factors considered and will not be the sole determining factor. NERC Risk-Based Registration Phase 1 - Enhanced Draft Design Framework and Implementation Plan July

62 Design Framework PRC-006 and PRC-008: UFLS PRC-010, PRC-010, PRC-021, PRC-022: UVLS PRC-015, PRC-016, PRC-017: SPS TOP-001: follow the directives of the TOP DP <= 75 MW Retain in registry criteria; but, consider a UFLS-Only DP for those entities <=75 MW who would only need to meet PRC and any Regional Reliability Standard(s) whose purpose is to develop or establish a UFLS Program (excluding any then-existing Standard whose purpose is maintaining Protection Systems used for underfrequency load-shedding systems) in effect as of November 1, 2014, as well as any other Reliability Standards that identify UFLS-Only entities in their applicability section, but not the other standards applicable to a DP. Retain in registry criteria. Retain in registry criteria. Immaterial impact equivalent to a <= 75 MW dispersed resource. Also, the pro forma OATT already gives the TSP authority over transmission customers. 18 Often, the TSP and TOP are the same entity. Functional registration category removal if not material to reliability NERC reviewed information from various sources to determine if any of the functional categories could be removed from the NCR as part of the RBR redesign. Three have been identified as commercial functions: 1) PSEs, 2) IAs, and 3) LSEs. Further examination, which is already underway and expected to be available for the November Board meeting, is required before any function can be completely removed. NERC also is evaluating whether the requirements contained in the NERC standards for these functions are either already adequately covered by other contracts or regulations (e.g., pro forma Open Access Transmission Tariff (OATT), North American Energy Standards Board (NAESB) Standards, commercial contracts, market rules) or can be transferred to another entity or process without an adverse impact on reliability. PSE In considering elimination of the PSE, RBRAG took into account that total interchange (i.e., the sum of the individual transactions), rather than individual transactions, is important for reliability purposes. The BAL standards already require the BA to manage total interchange. RBRAG determined that this function should be removed through the Standards Development Process. IA The recent changes to the INT standards remove the requirements applicable to the IA. Existing BA function and requirements are being evaluated to determine if reliability will be maintained without transferring the IA requirements to the BA. RBRAG determined that this function should be removed through the Standards Development Process. LSE Many standards are applicable to both the DP and LSE where the proper applicability should be the DP only and not the LSE. For example, in the Direct Energy case (Docket RC ), FERC found that a retail services provider 18 Id. NERC Risk-Based Registration Phase 1 - Enhanced Draft Design Framework and Implementation Plan July

63 Design Framework did not qualify as the LSE under NERC s Registry Criteria, but FERC approved NERC s proposal to require that the DP to whose system the electric loads in retail choice areas are connected are to be registered as the LSE for all loads connected to its system for the purpose of compliance with NERC s approved reliability standards applicable to the LSE. As a result, there is precedent that the currently assigned reliability activities of an LSE can be addressed by other registered entities. Below is a discussion of two primary functions assigned in the standards to the LSE that, under this proposal, would be assigned to another functional entity: Load shedding, either manual or automatic Load forecasting LSE The LSE controls no breakers and can only control Load through smart-meters if those meters are so equipped. The LSE should not be the entity responsible for load shedding The LSE is obligated in most cases under the Pro Forma OATT and other agreements to provide both operating horizon load forecasts (IRO- 010, TOP-002) and planning horizon load forecasts (MOD- 031) to their TSP/BA. 19 The load forecasting is top down rather than bottom up. OTHER Instead, the DP owns the breakers and can readily install automatic load shedding equipment on those breakers (UFLS, UVLS) and can respond effectively to directives to manually shed load. In the case of an RTO or ISO, the applicable entity may be the TOP. Operating horizon load forecasts should be developed and provided by the BA or DP, depending on whether there is an RTO or ISO market. Planning horizon load forecasts should be developed and provided by the RP. Below is a table showing a proposal, which is subject to ongoing technical reviews, as to re-assignment of LSE activities to another functional entity: Assign to BAL-005-2b, R1 within metered boundaries of BA the BA EOP R9: emergency energy alert BA DP a new connection to the BES will be from a DP instead of and end user. If a large end-user directly connects, there FAC-002, coordination plans for new facilities are tariff provisions that cover that and FAC-002 would obligate the TO to coordinate. IRO-001: follow directives of RC DP (addressed in V3) DP. In addition, may be covered in NAESB TLR procedures IRO-005: operate to the most limiting (WEQ-008) which gives the RC the authority to direct parameter curtailments. Also, FERC Order No. 693 describes the LSE responsibility to this requirement as following directives. 19 Id. NERC Risk-Based Registration Phase 1 - Enhanced Draft Design Framework and Implementation Plan July

64 IRO-010: data specifications of the RC INT-011 on requesting interchange (new standard) MOD-004: CBM MOD-017 through MOD-021 (and new MOD- 031) on planning horizon load forecasts and amount of Demand Response NUC-001: providing Nuclear Plant Interface Requirements PRC-010,, PRC-021, PRC-022: UVLS TOP-001: follow the directives of the TOP TOP-002: coordinate current day, next day and seasonal plans Design Framework Assign to Current day/next day load forecasts - BA, Remote Terminal Unit (RTU) telemetered load DP May be covered by NAESB standards, pro forma OATT and FERC Orders. 20 Standard is to be retired, and CBM is in the pro forma OATT. 21 RP DP DP DP Current day/next day load forecasts - BA, RTU telemetered load DP VAR-001, R5 Retired effective 1/1/15 For all Reliability Standards that apply to LSEs, this function should be removed through the Standards Development Process. Special Considerations for Load-Only Manufacturing Plants Because most large manufacturing plants are served by multiple feeds, this configuration may result in BES classification and therefore a candidate for registration based on the bright-line application of the new BES Definition. To date, load-only manufacturing plants have not been registered as TOs/TOPs. Rather, in the case of these retail loads, BES reliability has been assured by the real-time actions of the RC/BA/TOP service providers. Entity Risk Assessment Applicable to Load-Only Manufacturing Plants Based on a case-by-case review, NERC and the Regional Entities will continue to exercise discretion not to register load manufacturing plants that continue to meet the non-exclusive factors below: No BES behind-the-meter generation at the site. 1. Utility maintains the element (e.g., the interconnecting substation and/or protection equipment under the terms and conditions of the applicable interconnection agreement or tariff). 2. Not an integrated transmission Element necessary to provide for the reliable operation of the interconnected transmission grid. Element is embedded in a retail customer s electrical configuration and serves a local distribution function. 3. No third-party usage of element under terms and conditions of a FERC-jurisdictional OATT. 4. The plant is a retail load. 5. The following additional factors may be used in support of the above criteria, which include that the organization is not required to participate in SPS (or RAS), UVLS or UFLS programs. 20 Id. 21 Id. NERC Risk-Based Registration Phase 1 - Enhanced Draft Design Framework and Implementation Plan July

65 Design Framework The application of the above criteria would not preclude the ability of the retail customer s Regional Entity, in consultation with the entity s RC/BA/TOP service providers, to register the entity if the Regional Entity can establish that the plant is material to the reliability of the BES. Such demonstration of materiality shall include a fact-specific analysis reflecting technical judgment. In the event that such load-only manufacturing plants are determined to be subject to registration as TO/TOP under this analysis, review of the TO/TOP Reliability Standards should be undertaken to determine if a sub-list of applicable requirements is appropriate from a risk-based perspective. Moreover, because tariff and other agreements arise under Section 205 of the FPA, technical analyses in accordance with Section 215 of the FPA will be required to identify any reliability implications so that no material reliability gaps are created. The technical analysis should take into the need for coordinating high voltage protection schemes and recognizing dependency by BAs and RPs on reserves, resource adequacy and ancillary services, which are important fundamental aspects needed to support reliability. This information will be one of many factors considered and will not be the sole determining factor. ELCON provided RBRAG with an estimated order of magnitude of the number of US manufacturing plants in the lower 48 states that might be interconnected with the BES at voltages in excess of 100 kv. There are over 600,000 manufacturing plants in the continental USA. An unknown but not insignificant number of these plants are at risk of becoming BES classified and subsequently registered entities based on a literal application of the BES bright lines. After a review of only 16 manufacturing sectors (out of a total of 36), ELCON has conservatively estimated that 1,100 plants are potentially interconnected at 100 kv or higher. This number should be considered the lower end of a broad range. The high end could easily be two or three times that number. It is not known if 1%, 5% or 10% of these facilities would fail to meet the criteria for exclusion in BES Exclusions E2 and E3. The best-guess, order of magnitude estimate of the number of plants that are at risk of registration is between 11 and 330. Special Considerations for Industrial Cogeneration (i.e., behind-the-meter generation) The following criteria could be applied to behind-the-meter generation where discretionary sales to the BES may exceed the net 75 MVA threshold applicable to behind-the-meter generation under Exclusion E2. These criteria are contingent on the development of a higher risk-based threshold [X] MVA as determined through further study: 1. Sales in excess of 75 MW are energy only but not to exceed [X] MW, as determined by the BA. 2. Capacity sales in excess of 75 MVA as requested and directed by the BA, TOP or RC. 3. Additional factors in support of the above criteria, include that the entity is not a registered TO or TOP (or not otherwise a TO/TOP by virtue of generator tie lines) and does not otherwise affect SOLs or Interconnection Reliability Operating Limits (IROLs). The working assumption is that all BES generating resource owners and operators with more than 75 MVA (or other threshold as determined through further study) are providing material amounts of capacity and energy to the BES and that misoperation of such BES resources could have an adverse reliability impact, and should accordingly remain subject to the full set of applicable Reliability Standards. Owners and operators of Blackstart Resources would also remain subject to full compliance responsibilities. ELCON provided comments to RBRAG stating that it considers any customer-owned cogeneration plant with a nameplate rating in excess of 150 MW to have the potential to control its power sales to the grid to avoid crossing the 75-MVA threshold for entity registration. The aggregate nameplate rating of these plants in both the continental USA and Canada is 48,101 MW. The average nameplate rating of these plants is 362 MW. NERC Risk-Based Registration Phase 1 - Enhanced Draft Design Framework and Implementation Plan July

66 Design Framework Standards Applicability The core standard requirements that need to apply across the board to small GO/GOP generators include those focused on voltage and reactive control (VAR), protection systems (PRC) and modeling (MOD). Further analysis is required with respect to other Reliability Standards that should remain applicable, including, but not limited to, EOP-004-2, FAC-008-3, IRO-010, and TOP Technical analyses in accordance with Section 215 of the FPA will be required to identify any reliability implications so that no material reliability gaps are created. As a result, this initial assessment of risk could be revised based on further analysis. Risk-Based Application of Reliability Standards The redesigned framework includes the ability to apply sub-sets of standards to entities based on risk. One approach is to establish that certain requirements do not apply to classes or groups of registered entities, based on uniform characteristics. Corresponding language changes are set forth in Appendix 5B to the NERC ROP. In the case of a UFLS-Only DP, the proposed design contemplates limited Reliability Standard applicability. RBR calls for sub-sets of applicable Reliability Standards based on individual review of a specific entity, as well as common characteristics of a class of entities, as applicable. From Order No. 693 to date, FERC has long-recognized that NERC and the Regional Entities have the ability to apply sub-sets of Standards to registered functions. Excerpts from some of the orders are provided below for ease of reference: Order No As stated in the NOPR, NERC has indicated that in the future it may add to a Reliability Standard limitations on applicability based on electric facility characteristics such as generator nameplate ratings.[] While the NOPR explored this approach as a means of addressing concerns over applicability to smaller entities, the Commission believes that, until the ERO submits a Reliability Standard with such a limitation to the Commission, the NERC compliance registry process is the preferred method of determining the applicability of Reliability Standards on an entity-by-entity basis. 22 Order No The Commission also rejects NERC s argument that subjecting the elements associated with this type of radial system to all the Reliability Standards has a limited benefit to the reliability of the interconnected transmission network. In cases of radial tie-lines for bulk electric system generators where the generator owner also owns the tie-line, NERC has exercised discretion, on a case-by-case basis, in determining which entities require registration as transmission owners/operators and identified sub-sets of applicable reliability standard requirements for these entities. 151 In other situations, such generator tie-lines may appropriately be considered an extension of the generation facility, which would not subject significant additional compliance obligations on the generator owner and/or operator E.g., New Harquahala Generating Company, LLC, 123 FERC 61,173, order on clarification, 123 FERC 61,311 (2008). 22 Order No. 693 at P 98 (emphasis added). 23 Revisions to Electric Reliability Organization Definition of Bulk Electric System and Rules of Procedure, Order No. 773 at P 52, 141 FERC 61,236 (2012), order on reh g, Order No. 773-A, 143 FERC 61,053 (2013). See also Order Approving Revised Definition, 146 FERC 61,199 (2014) (emphasis added). NERC Risk-Based Registration Phase 1 - Enhanced Draft Design Framework and Implementation Plan July

67 Design Framework Order No. 773-A We disagree with APPA that the directive to include 100 kv and above generator interconnection facilities connected to bulk electric system generators will result in making the owners of these qualifying 100 kv and above generator interconnection facilities subject to the full range of transmission planner, transmission owner and transmission operator Reliability Standards and requirements. As we state above, in cases of generator interconnection facilities for bulk electric system generators where the generator owner also owns the generator interconnection facility, NERC has determined on a case-by-case basis which entities require registration as transmission owners/operators and identified sub-sets of applicable Reliability Standard requirements for these entities rather than automatically subjecting such generators to the full scope of standards applicable to transmission owners and operators In addition, in Docket No. RM , NERC has submitted proposed revisions to certain Reliability Standards to assure that generator interconnection facilities are adequately covered rather than subjecting them to all of the requirements applicable to transmission owners and operators. Generator Interface Final Rule We also reject TDU Systems and other commenters request to clarify that generator owners and operators will no longer be asked to register as transmission owners or operators under any circumstances. Quite the contrary, as we stated in the NOPR, our proposed approval of the revised Reliability Standards was based on the understanding that additional Reliability Standards or individual requirements may need to be applied to the generator interconnection facilities... based on individual assessments. 80 We leave open the possibility that in some cases, the interconnection facilities may be so extensive that the entity should not only be registered as a transmission owner or operator, but should be subject to all of the Reliability Standards and requirements applicable to such an entity. In other cases, it may be appropriate to waive a significant portion of the standards or requirements generally applicable to transmission owners and operators, even if the entity is technically registered as a transmission owner or operator. 53. However, consistent with our prior decisions in Harquahala and Cedar Creek, we clarify that for the anticipated small number of generator owners and operators owning facilities deemed to be complex and therefore potentially subject to additional Reliability Standards, NERC should evaluate, in consultation with the Regional Entity, which Reliability Standards should apply to the particular entity based on the specific facts and circumstances. We further clarify that the generator owner or operator should only be obligated to comply with those Reliability Standards and requirements necessary to close the identified reliability gap. 81 To the extent that disputes remain about the appropriate application of Reliability Standards and requirements, we note that generator owners and operators continue to have the right to bring any such dispute to the Commission. Tailoring Reliability Standard obligations has been successfully implemented in both the registration appeal context and Project : Generator Requirements at the Transmission Interface (the GO/TO project). In addition, historically, some Regional Entities have addressed the challenges of Reliability Standard applicability to entities through their compliance monitoring activities, such as adjusting the scope of audits. These experiences have helped inform RBR efforts. 24 Order No. 773-A at P 52 (emphasis added). 25 Generator Requirements at the Transmission Interface, 144 FERC 61,221 (2013) (Order No. 785). NERC Risk-Based Registration Phase 1 - Enhanced Draft Design Framework and Implementation Plan July

68 Design Framework Consistent with this precedent, and subject to additional technical analysis to be conducted, the draft design framework proposes to restrict the requirements applicable to entities that fall below the revised DP thresholds, but that are necessary participants in a UFLS program. Separate efforts in Phase 2 of RBR will address whether a sub-set list of Reliability Standards for TOs/TOPs and GOs/GOPs should be granted. Clarify terms and improve current procedures Materiality NERC s existing Registry Criteria allows NERC and the Regional Entities to register an entity that does not meet the criteria or to decline to register an entity that meets the criteria, as warranted, based on whether the entity is material to the reliability of the bulk power system. (Registry Criteria at note 1). As part of the RBR, a new materiality test is being established that would apply solely in evaluating whether to register an entity that does not meet the criteria or to determine not to register an entity that meets the criteria. In addition, materiality assessments also will be useful in connection with assigning registered entities sub-sets of applicable Reliability Standards. Although the burden is on NERC and its Regional Entities to demonstrate that an entity meets the threshold criteria for registration, the burden in the materiality process is on the entity making the request, i.e., the entity asking to be excluded from the NCR (despite satisfying the threshold criteria) and the Regional Entity seeking to include an entity in the NCR (that does not satisfy the threshold criteria). To ensure consistency, NERC is establishing a centralized, NERC-led review process, described in more detail below, to address questions or issues that arise with respect to threshold application, materiality, or Reliability Standard requirement applicability. This process will include requests for deactivation of, or decisions not to register, an entity that meets Registry Criteria or requests to add an entity that falls below the Registry Criteria, as well as requests for a sub-set list of applicable Reliability Standards. The materiality test may also include a review of individual and aggregate system-wide risks and considerations to reliability of the BPS, as anchored in the new BES Definition. The draft RBR design framework sets forth a consistent approach to assessing materiality by identifying factors that must be evaluated. A common set of factors for consideration is identified below; however, only a sub-set of these factors may be applicable to particular functional registration categories. As these factors are considered in more detail through the RBR development process, function-specific factors may be developed. This approach to materiality parallels the factors for consideration developed as Exhibit C, Detailed Information to Support an Exception Request to the BES Definition. Factors for Evaluating Materiality Factors that have been identified by the RBRAG as relevant to assessing an entity s materiality to BES reliability and making an informed engineering judgment include, but are not limited to other factors that may be relevant in individual cases: 1. Is the entity specifically identified in the emergency operation plans and/or restoration plans of an associated Reliability Coordinator (RC), Balancing Authority (BA), GOP or TOP? 2. Will intentional or inadvertent removal of an Element owned or operated by the entity, or a common mode failure of two Elements as identified in the Reliability Standards (for example, loss of two Elements as a result of a breaker failure), lead to a Reliability Standards issue on another system (such as a neighboring entity s Element exceeding an applicable rating, or loss of non-consequential load due to a single contingency). Conversely, will such contingencies on a neighboring entity s system result in Reliability Standards issues on the system of the entity in question? 3. Can the normal operation, Misoperation or malicious use of the entity s cyber assets cause a detrimental impact (e.g., by limiting the operational alternatives) on the operational reliability of an associated BA, GOP or TOP? NERC Risk-Based Registration Phase 1 - Enhanced Draft Design Framework and Implementation Plan July

69 Design Framework 4. Can the normal operation, Misoperation or malicious use of the entity s Protective Systems (including underfrequency load shedding (UFLS), undervoltage load shedding (UVLS), special protection system (SPS) and other Protective Systems protecting BES Facilities) cause a detrimental adverse impact on the operational reliability of any associated BA, GOP or TOP, or the automatic load shedding programs of a PC or TP (UFLS, UVLS)? Establish a centralized review process To provide a basis for NERC and regional consistency, the RBR framework calls for a NERC-led, centralized review panel, comprised of a NERC lead with Regional Entity participants, to vet deactivation of, or decisions not to register, an entity that meets Registry Criteria or requests to add an entity that falls below the Registry Criteria, as well as requests for a sub-set list of applicable Reliability Standards and disputes regarding application of the Registry Criteria. The entity with the burden of proof in a panel review situation shall submit to NERC in writing the details of the issues and identification of any Regional Entity, RC and TOP that has (or will have upon registration of the entity) the entity within its scope of responsibility 26 in the Region, NERC will send a notification to the Regional Entity, the entity whose registration status is at issue, the referenced RC and TOP acknowledging receipt of the request for panel review. 27 The panel review process will parallel the timelines in the Appeals process, which are set forth in Appendix 5A (Section V and Figure 3). A parallel process will govern requests for Panel resolution of disputes regarding the application of Registry Criteria thresholds. Once a decision is made, it will be shared throughout the ERO Enterprise. The RBRAG expects this to result in consistency across the ERO Enterprise with respect to threshold, materiality, or applicable Reliability Standard class determinations. In addition, improved procedures, with defined timelines, would be established for registration and deactivation, as well as Reliability Standard applicability class determinations and associated appeals. This provides a foundation for consistent decision-making and application of the criteria and thresholds. This process will be included in Appendix 5A to the NERC ROP. The NERC Board of Trustees Compliance Committee (BOTCC) will resolve appeals of registration disputes in accordance with NERC ROP Section 500 and Appendix 5A Section V, which will be revised as appropriate to accommodate these new procedures. 26 The scope of responsibility is defined as the registered functions of a RC and TOP and the geographical or electric region in which the RC and TOP operates to perform its registered functions, or with respect to a Regional Entity, its Regional Entity Region. 27 Input from Reliability Coordinator, Transmission Operator, and Transmission Planner can be used to understand the aggregate impacts of changes in registration activities for Reliability Standards. The Standard Drafting Team on the Generator Interface Project noted the following in its Technical Justification Document Petition of the North American Electric Reliability Corporation for Approval of Proposed Reliability Standards FAC-001-1, FAC-003-3, PRC a and PRC b in Docket No. RM , Exhibit C - Technical Justification Resource Document at 16 (July 30, 2012), which was included in the petition for approval to FERC: The SDT does, however, acknowledge that some Facilities used solely to connect generators to the transmission system are more complex and therefore require individual assessment. The SDT has concluded that reliability gaps associated with such Facilities should not be addressed simply through application of all standards applicable to Transmission Owners and Transmission Operators, but instead has concluded that an individualized assessment of the impact of such a Facility on neighboring transmission Facilities is warranted. The SDT concluded that this assessment should, at a minimum, be based upon the output of transmission planning and operating studies used by the Reliability Coordinator, Transmission Operator, and Transmission Planner in complying with applicable Reliability Standards (Specifically, IRO, TOP and TPL). NERC Risk-Based Registration Phase 1 - Enhanced Draft Design Framework and Implementation Plan July

70 Design Framework BES references The proposed changes include revising references from BPS to BES in specific provisions in the Registry Criteria; however, such changes would not apply when discussing NERC and FERC jurisdiction over the BPS. The NERC Glossary of Terms Used in NERC Reliability Standards (NERC Glossary) includes the definition of BPS that was set forth in the Energy Policy Act of 2005, as well as the newly approved definition of BES. No changes to those definitions are proposed as part of the RBR design framework. Deactivation NERC maintains the NCR, which identifies each registered entity and the applicable functional categories for which it is registered. The term deactivation refers to removal of an entity from the NCR for a specific functional category. As a result of deactivation, the entity is no longer subject to any compliance obligations with respect to Reliability Standards applicable to that functional category. The term deactivation is used rather than deregistration, to avoid confusion over an entity s status because often an entity is registered for more than one functional category. However, deactivation is deregistration for a specific functional category and such functional category will be removed from the NCR. Therefore, if all functional categories have been deactivated for a given entity, such entity would be deregistered and removed from the NCR. However, the entity s compliance history will be retained. As part of the transition to the redesigned framework, Regional Entities and registered entities will not need to submit a registration appeal pursuant to the NERC ROP Section 500 or Appendix 5A to deactivate entities that do not meet the new threshold criteria. For functional categories that are removed from the NCR, such as the PSEs, NERC, in concert with the Regional Entities will remove all PSE registrations and send a letter to the former PSEs, without the need for action by the registered entities. For entities that no longer meet the Registry Criteria, the registered entity is obligated to update its information in accordance with Section of the NERC ROP. The Regional Entity will in turn notify NERC of changes in registration status. NERC will issue a letter to the registered entity identifying changes in registration status. NERC and the Regional Entity may request additional information, as needed, to process a change in registration status. This process tracks the self-determined notification process as a result of the new BES Definition. Registered entities that are eligible to deactivate for functional categories are encouraged to discuss this in advance with the Regional Entity. NERC and Regional Entities shall act promptly to process registration status changes. Updates to the NCR are reflected on a monthly basis. Timelines governing deactivation requests and reviews shall be set forth in Appendix 5A. NERC oversight and guidance on registration practices NERC retains responsibility and oversight to ensure that a Regional Entity implements the Registration program in a consistent manner. Towards this end, the RBR redesign ensures that NERC is periodically performing programmatic reviews of the Regional Entities registration activities to ensure uniformity in due process and consistency in application. This will include development of controls to ensure consistency. Improvements to the program include, but are not limited to: sampling and auditing of Regional Entity application of RBR classes and individual entity application; using surveys to reach out to registered entities as a means of identifying that a given entity is registered for the proper functions; using ongoing outreach to registered entities on registration issues; and mapping entities within each Regional Entity footprint to ensure awareness of entities that may have a material impact on reliability. NERC Risk-Based Registration Phase 1 - Enhanced Draft Design Framework and Implementation Plan July

71 Design Framework One-time attestations With respect to self-certifications and other compliance monitoring activities, Registered Entities will be permitted to record a one-time attestation of Not Applicable to a given Reliability Standard requirement. These attestations are necessary where an existing physical or technical limitation makes a requirement inapplicable, or where the requirement is not applicable for another reason. For example, if the registered entity does not own or operate UFLS or UVLS assets, it should simply use the Not applicable designation. The Regional Entity will then carry forward this declaration from year-to-year, without requiring the registered entity to repeat the attestation each year, unless circumstances materially change requiring the need for the registered entity to notify the appropriate Regional Entity. NERC or the Regional Entity would have the ability to audit to verify the recordation is correct, on an as needed basis, but this should be infrequent. In addition, NERC and the Regional Entities should allow multi-regional registered entities (MRRE) to use a single, one time attestation, updated as needed. In such a case, NERC and the Regional Entities would have the opportunity to audit to verify the single attestation is true and correct. Attestations received in 2015 will inform the separate efforts in Phase 2 regarding consideration of sub-set lists of applicable Reliability Standards for TOs/TOPs and GOs/GOPs. Entity risk assessment in a common registration form The NERC Registration Functional Group is currently collaborating with the Regional Entities to develop a common registration form to ensure consistency during the registration process. The common registration form is pending consideration as part of the ERO Enterprise applications. The RBR provides an opportunity to finalize and implement the common registration form for use by NERC, Regional Entities, and registered entities. The use of a common form will facilitate uniformity in the information being collected from registration candidates regardless of where they are located in North America. The common form and future IT interface is intended, among other things, to capture, without undue complexity, key factors relevant to an assessment of an entity s inherent risk. Inherent risk is a function of an entity s various registrations and other relevant factors like its system design, configuration, size, etc. The RBR redesign must necessarily address potential impacts on business processes and tools needed to support RBR both within the ERO Enterprise and in industry. RBR recommends exploring use of a single, web-based design. In the interim, changes to the portals and various electronic forms used by NERC and the Regional Entities will need to be adapted to take into account Reliability Standard applicability classes. This will affect compliance monitoring and enforcement activities and will need to be addressed as part of the implementation plan. 28 In addition, entity risk assessments should take into account information from neighbor surveys that Regional Entities issue to RCs as part of certification and other activities to ensure coordination with adjacent entities. This survey approach also may increase awareness and tracking by NERC, Regional Entities and RCs of entities within each RC s footprint and help identify needed revisions to an entity s registration. Status quo for other functional registration categories As discussed above, recommendations for changes apply to eight of the 15 functional categories, including PSEs, IAs, DPs, LSEs, GOs, GOPs, TOs and TOPs. At this time, there are no proposed recommendations with respect to the following seven functional categories: BAs, PAs/PCs, RCs, TPs, RPs, RSGs and TSPs. NERC will re-evaluate these functional categories in Phase 2. In addition, NERC is not proposing changes to Coordinated Functional Registration (CFR) or Joint Registration Organization (JRO) agreement NERC Rule of Procedure provisions. These are voluntary agreements between two 28 See Appendix B hereto. NERC Risk-Based Registration Phase 1 - Enhanced Draft Design Framework and Implementation Plan July

72 Design Framework or more entities that allow them to allocate compliance responsibility that is then used in compliance monitoring and enforcement activities. Entities are encouraged to discuss interest in a CFR or JRO with their respective Regional Entities. NERC recognizes that some CFRs and JROs may be affected as a result of the proposals in the RBR effort. To the extent that CFRs or JROs are affected by elimination of certain functional categories or revised Registry Criteria, entities are encouraged to work with their respective Regional Entity. NERC Risk-Based Registration Phase 1 - Enhanced Draft Design Framework and Implementation Plan July

73 Appendix A Implementation Plan Purpose This Appendix A reflects future activities pending the Board approval of the design and implementation plan. The RBR implementation plan is an activity-based approach focused on completion of key RBR activities. NERC, with the assistance of the RBRAG, established integrated activity timelines to provide industry with the anticipated implementation dates and milestones in order to prepare internal programs for the new process. This implementation plan follows the structure, objectives and purpose of the RBR end-state vision. The major goals of the NERC RBR Initiative are to: Develop and deploy a sustainable Registration Program design that incorporates evaluation of the risks and benefits provided by a given entity to ensure reliability of the BES and identifies a corresponding properly tailored set of NERC Reliability Standard requirements. Create an implementation plan that supports a 2016 or sooner launch, along with business practice and IT requirements, with the possibility of early adoption options that can result in high reduction of industry burden, while preserving an adequate level of reliability. In addition, coordination of this effort will enhance the ability to: Develop a common approach to identify and evaluate risks to reliability for use across the ERO Enterprise Identify changes to the registration criteria, if any, needed to align RBR with NERC s Reliability Assurance Initiative; and Incorporate recent implications to Registration resulting from changes to the BES Definition. Benefits of deploying the RBR program include: Aligning entity registration and compliance burden to its risks and contributions to BES reliability; Reducing the industry burden associated with registration, while sustaining continued BES reliability; Improving use of NERC, Regional Entity and registered entity resources; Providing feedback to Reliability Standards development to enhance the applicability of currently enforceable and future Reliability Standards; and Increasing consistency in registration across the eight Regional Entities by developing a common and repeatable approach, along with improving registration and de-registration procedures. In addition, coordination of this effort will enhance the ERO s ability to: Evaluate risks to reliability for use across the ERO Enterprise; and Align changes to the Registry Criteria with other NERC activities and the BES Definition. NERC and the Regional Entities will develop and deliver business practices, consolidated IT platforms and a training program for Regional Entity Staff along with necessary registered entity communication touch points such as workshops and informational webinars to support the transition to RBR. Project Method and Incremental Rollout The RBR project method follows 4 individual stages of Phase 1 incremental activity. The implementation plan reflects activities in stages 2 4. The purpose of this systematic approach is: 1) set program and implementation project expectations, 2) identify the expected targets and milestones required to complete the objectives identified NERC Risk-Based Registration Phase 1 - Enhanced Draft Design Framework and Implementation Plan July 2014 A-1

74 Appendix A Implementation Plan for the RBR initiative, 3) ensure alignment with sponsors and, 4) establish a culture of communication and address assumptions and team and industry stakeholder concerns. A brief summary of the phases are outlined below: Plan/Analyze Design Feedback Train/Deploy 1. Plan/Analyze: Define the scope of work and requirements (completed Q1-Q2 2014) 2. Design: Design and develop revised approach 3. Feedback: Incorporate feedback into design 4. Train/Deploy: Feedback from testing; train regions inform industry and implement RBR Project Timeline Completion Targets by Stages in Phase 1 Phase Q1-Q Q3-Q Q Q Q Q Plan/Analysis 2. Design 3. Feedback 4. Train/Deploy Phase 1 NERC Risk-Based Registration Phase 1 - Enhanced Draft Design Framework and Implementation Plan July 2014 A-2