NERC Compliance Services
GDS provides a full spectrum of NERC Compliance Services, including CIP preparation and implementation. We have offered NERC Compliance Services since 2005, prior to the mandatory and enforceable standards. We are experienced in assisting load-serving entities, transmission operators, transmission owners, balancing authorities, and generation owners and operators in meeting their respective NERC and regional entity compliance requirements.
We assist our clients with:
- Preparation for compliance audits and assessments
- NERC TOP and BA certifications
- Implementing changes necessary to achieve full compliance with the reliability standards
Reliability Risk Management – FERC, through the NERC, will assess financial penalties to entities that are not compliant with the mandatory reliability standards. These penalties will vary based on the level of non-compliance, the size of the entity, and the type of reliability standard and requirement which the utility was found to be not in compliance. FERC has the statutory authority to assess a fine of up to $1,000,000 per day for non-compliance. GDS is equipped to assist clients in understanding the risks associated with non-compliance and to make an informed business decision regarding compliance with the relevant reliability standards and requirements.
FERC AND ERO DEVELOPMENTS
GDS staff has assisted several clients by following the new industry developments and preparing them for the upcoming mandatory standards.These reliability standards can have a substantial impact on load serving entities and generation and transmission owners and operators. It is important to understand how current and proposed reliability standards can affect operational practices, reporting requirements and ultimately, the bottom line. GDS can:
- Review FERC orders and rulemakings
- Review and develop comments on standards
- Participate in technical conferences and other meetings
- Participate in industry groups
- Evaluate client use of the Bulk Electric System and determine the impact of new legislation and policy
NERC AND REGISTERED ENTITY CERTIFICATION
All registered entities in the NERC Compliance Registry for the RC, TOP, and/or BA functions must be certified. Certification requires the registered entities to start operation within 12 months of being NERC certified. GDS offers extensive experience in developing plans and implementation programs for new TOPs and for the recertification process of a TOP following a major system change. GDS has developed project plans and assisted multiple clients with some of the first NERC Certifications of TOPs since NERC Standards became mandatory and enforceable in June 2007.
CRITICAL INFRASTRUCTURE PROTECTION (CIP)
NERC’s reliability standards include CIP Standards addressing the security of cyber assets essential to the reliable operation of the electric grid. To date, these standards (and those promulgated by the Nuclear Regulatory Commission) are the only mandatory cybersecurity standards in place across the critical infrastructures of the U.S. GDS offers development of compliance programs, program support, program assessments, and ongoing compliance updates such as:
- Procedures built on proven frameworks including the NIST SP800 Series and ISO 27001
- Best practices of configuring systems impacted by NERC CIP Standards
- Evaluation of CIP compliance program efficacy
- Performance of mock audits
- SME preparation for compliance audits including evidence gathering and interview support
- Regulatory evaluation of the changes to the CIP Standards, including enforcement, activity or trends
NERC has developed over 100 reliability standards which contain nearly 500 actively monitored requirements. These reliability standards and requirements are FERC approved and are mandatory for all users of the Bulk Electric System. The NERC is assisted by eight Regional Entities (REs) in implementing and enforcing the mandatory reliability standards. GDS assists clients in complying with the current NERC and regional standards and will continue to provide assistance and guidance in complying with new mandatory NERC and RE standards.
- Review reliability standards and requirements
- Assess client’s operation to determine which standards and requirements apply
- File quarterly and annual compliance reports with the RE
- Development of internal control programs
- Attend RE and NERC compliance seminars and meetings
- Participate in NERC and RE working groups and committees
RELIABILITY AUDITS AND ASSESSMENTS
NERC, through the REs, conducts reliability readiness audits and assessments to help entities identify their current compliance with the standards. GDS assists its clients with preparation for these audits and assessments in order to ensure auditable compliance. In addition, GDS can assist clients with implementing any recommended changes that might be necessary to achieve full compliance with the reliability standards.
- Develop documentation required for audits
- Review audit questionnaires and responses
- Conduct mock audits
- Perform “post mortem” analysis on compliance audit recommendations
- Identify areas for improvement and develop applicable processes