Industry Webinar: Risk-Based Compliance Monitoring and COM-003 · New!! -- Draft 3 of COM-003-1 represents a new paradigm for reliability standards New!! -- COM-003-1 RSAW was developed

Industry Webinar: Risk-Based Compliance Monitoring and COM-003 Project 2007-02 Operating Personnel Communications Protocols Standard Drafting Team

September 6, 2012

2 RELIABILITY | ACCOUNTABILITY

NERC Antitrust Guidelines

It is NERC’s policy and practice to obey antitrust laws. Prohibited Activities:

•Discussions involving pricing information, margin, internal cost, future prices or internal costs.

•Discussions of a participant’s marketing strategies.

•Discussions on how customers and areas are to be divided among competitors and the exclusion of any competitors, vendors and suppliers from markets.


Public Reminder

• Participants are reminded that this Webinar is public. The access number was posted on the NERC website and widely distributed.

• Speakers on the call should keep in mind that the listening audience may include members of the press and representatives of various governmental authorities, in addition to the expected participation by industry stakeholders.


Agenda

•Remarks by NERC President and CEO, Gerry Cauley

•Remarks by the Operating Personnel Communications Protocols Standard Drafting Team (OPCPSDT) Chair, Lloyd Snyder

•Risk-Based Compliance Monitoring by Mike Moon, Senior Director of Reliability Risk Management

•Draft Reliability Standard COM-003

•Draft Reliability Standard Audit Worksheet (RSAW)

•Next steps

• Summary


Remarks by NERC President and CEO, Gerry Cauley


Risk-Based Compliance Monitoring


Risk-Based Compliance Monitoring

Program Level Annual Implementation Plan and

Actively Monitored List (AML)

Entity Evaluations Appropriately scope

Compliance Monitoring

Field Work Verify Scope

Adjust as Necessary

Notice of Penalty

No non-compliance

Find, Fix, Track and

Report

Non-compliance?

Reliability Standard

RSAW


Entity level

• AML Tier 1 provides base

• Entity assessment

• Field work Consider the control environment

Test and assess the entities procedures o Identify, assess and correct deficiencies

• Self and continuous improvement

• Look at program and system

Risk-Based Compliance Monitoring (Continued)


COM-003-1 Overview


COM-003-1

• Today’s important takeaways: New!! -- Draft 3 of COM-003-1 represents a new paradigm

for reliability standards

New!! -- COM-003-1 RSAW was developed in concert with the standard

Standard COM-003-1 addresses an important reliability gap


COM-003-1 Draft 3

COM-003-1 Draft 3 Addresses:

• The 2003 Blackout Report “Ineffective communications contributed to a lack of

situational awareness and precluded effective actions to prevent the cascade. Consistent application of effective communications protocols, particularly during alerts and emergencies, is essential to reliability.”

Report also recommended that industry “…tighten communications protocols, especially for communications during alerts and emergencies.”


COM-003-1 Draft 3 (Continued)

• FERC Order 693, P.532 Directs the Electric Reliability Organization and the industry

to develop communication protocols based on a set of guidelines

• The 2007 COM-003-1 Standard Authorization Request Requires the development of communications protocols for

use by real-time system operators “during normal and emergency operations to improve situational awareness and shorten response time.”

• One of the eight high priority issues identified in the NERC President’s Top Priority Issues for Bulk Power System Reliability Issued January 7, 2011


• Confusion in transitioning from normal conversation to formal communications can result in: Unclear instructions

Whether an instruction is a suggestion or a directive

Whether specific action is required or a set of alternative actions are permissible

What elements of the system are being addressed

COM-003-1 Draft 3 (Continued)


Highlights of COM-003-1 Draft 3 Changes


Changes from COM-003-1 Draft 2

Definition changes Operating Instruction — Command from a System Operator to change or preserve the state, status,

output, or input of an Element of the Bulk Electric System or Facility of the Bulk Electric System.

Completely changed: Requirement Section

Measure Section Violation Risk Factor (VRF) and Violation Severity

Level (VSL) Section

Made Changes to: Compliance Section to address comments


Features of COM-003-1 Draft 3

Requirement R1

Entities that both issue and receive Operating Instructions shall have documented communication protocols.

Requirement R2

Entities that (only) receive Operating Instructions shall have documented communication protocols.

Requirement R3 and R4 Entities shall implement a process for identifying deficiencies with adherence to the documented communication protocols specified in Requirement R1 and R2 that: -Identifies potential deficiencies, -Assesses the deficiencies found, -Corrects the deficiencies, and -Evaluates the process based on deficiencies found external to Part.1


COM-003-1 Key Elements

• R1 and R2

• Each entity must have documented communication protocols for Operating Instructions that incorporate the certain elements


COM-003-1 Feedback

Feedback diagram (R3 Part 3.4 and R4 Part 4.4)

Deficiencies found outside the entity’s process

Entity’s Process Results •Deficiencies

Entity’s Process •Identify •Assess •Correct

Disparity •Review Process

No Disparity •Reasonable Assurance


COM-003-1 R3 and R4

R3 and R4:

• Identifies, assesses and corrects deficiencies Generally not a finding of non-compliance

Evaluate deficiencies found outside the Entity’s implemented process o Modify the process when necessary; or

o Demonstrate that no modification is necessary

• More Compliance Enforcement Authority (CEA) guidance in RSAW section


COM-003-1 Draft RSAW


COM-003-1 RSAW

• The OPCPSDT and NERC compliance staff worked together

• Goal: Compliance expectations aligned between the standard and RSAW


COM-003-1 RSAW (Continued)

Excerpt from R3 from COM-003-1 RSAW Note 1: The entity has implemented its internal process to identify, assess and correct deficiencies in the entity’s execution of its communication protocols.

•Verify that the entity is identifying, assessing, and correcting deficiencies in its execution of its process: Obtain a copy of the entity’s process

Understand the entity’s process

Deviation from process is not necessarily a possible non-compliance



• CEA to review a sample of the entity’s communication activities based on the auditor’s confidence in the entity’s ability to identify, assess, and correct its deficiencies

• Where the auditor can verify that the entity is identifying, assessing, and correcting its own deficiencies, the auditor will not have a finding of non-compliance



• If an entity is not adequately identifying, assessing, and correcting its own deficiencies due to limitations in its process, the auditor will not necessarily have a finding of non-compliance. The auditor will provide the entity with recommendations as necessary .

• Deficiencies self-identified and addressed through identification, assessing and correction activities should not be noted as possible non-compliance.

• Based on the results of the compliance monitoring, the CEA is to determine whether any follow up compliance monitoring is necessary.



Excerpt form R3 from COM-003-1 RSAW Note 2: The entity has implemented its method for evaluating the process based on deficiencies found external to Part 3.1 and determining whether modification of the process is necessary.

• Where same or similar deficiencies continue to occur after the entity was provided the feedback by the CEA, the CEA will seek to understand what changes the entity made to their process based on prior recommendations.

• If changes to the entity’s process are not implemented to identify, assess and correct deficiencies, the auditors may make a determination of possible non-compliance with Requirement 3, Part 3.4.


COM-002-3 and COM-003-1


Comparative Table

Normal Communication Reliability Directives

COM-003-1 COM-002-3

Command by a System Operator to change or preserve the state, status, output, or input of an Element of the Bulk Electric System

or Facility of the Bulk Electric System.

3-Part 3-Part

English, 24-hour clock, time-zone, owner’s identifier, and alpha-numeric identifiers


COM-003-1 R1 VRFs/VSLs

R # Time Horizon

VRF Violation Severity Levels

Lower VSL Moderate VSL High VSL Severe VSL

R1 Long Term Planning

Low The responsible entity did not include one (1) of the nine (9) parts of Requirement R1, Parts 1.1 to 1.9 in their documented communication protocols

The responsible entity did not include two (2) of the nine (9) parts of Requirement R1, Parts 1.1 to 1.9 in their documented communication protocols

The responsible entity did not include three (3) of the nine (9) parts of Requirement R1, Parts 1.1 to 1.9 in their documented communication protocols

The responsible entity did not include four (4) or more of the nine (9) parts of Requirement R1, Parts 1.1 to 1.9 in their documented communication protocols OR The responsible entity did not have documented communication protocols as required in Requirement R1.


COM-003-1 R2 VRFs/VSLs

R # Time Horizon

VRF Violation Severity Levels

Lower VSL Moderate VSL High VSL Severe VSL

R2 Long Term Planning

Low N/A N/A The responsible entity did not include one (1) of the two (2) parts of Requirement R2, Parts 2.1 to 2.2 in their documented communication protocols

The responsible entity did not include Parts 2.1 to 2.3 (3) of Requirement R2, in their documented communication protocols OR The responsible entity did not have documented communication protocols as required in Requirement R2.


COM-003-1 VRFs/VSLs

• R3 and R4 Time Horizons - Operations Planning

Medium VRFs

Binary VSL


COM-003-1

• Today’s important takeaways: New!! -- Draft 3 of COM-003-1 represents a new paradigm

for reliability standards

New!! -- COM-003-1 RSAW was developed in concert with the standard

Standard COM-003-1 addresses an important reliability gap


Comment and Ballot Process for COM-003-1


Stakeholder Consensus Process

New/Successive Ballot: At this step, the standard is either “new” or significantly changed from the last version posted for comment/ ballot. The ballot record starts with no votes and no comments.

Recirculation Ballot: At this step, there have been no significant changes to the standard from the last ballot. The ballot record starts with all votes and comments from the previous ballot.

Informal Feedback

Post Standard for Comment

Consider/Respond to Comments

Post Standard for Comment/Ballot

Consider/Respond to Comments

Recirculation Ballot

Posted for 30-day Formal Comment and 10-day Successive Ballot


Comment and Ballot Period

• August 22, 2012 through September 20, 2012 Formal 30-day comment period

• September 11, 2012 through September 20, 2012 Initial Ballot and Non-binding Poll open

o Definition

o Implementation Plan

o VSLs and VRFs


Navigating Stakeholder Input Toward Consensus

• Stakeholder feedback is essential

• Almost 270 pages of comments and responses

• Very comprehensive comments from last posting

• Drafting team considered all viewpoints


Submitting Comments

• Ballot comments Submit through “checkbox form” – not within ballot

No need to submit same comment more than once

• Comments on proposed standards Submit through electronic form

Be brief

Focus on question asked

Indicating agreement with others is preferred over copying the comments (e.g., “ABC agrees with XYZ’s comments...” or “ABC agrees with XYZ’s comments except for …”)


Comment Form

• Unofficial comment form Provided to assist comment development

Formatting will not transfer from unofficial form to official form (web-based)

• Warning included on comment form:


Sample Comment Form

1. The SDT modified the requirement for use of the R1 Part 1.2 NATO phonetic alphabet to allow use of another correct alpha numeric clarifier. Do you agree with this modification?

Yes No

2. The SDT modified the requirement R1 Part 1.1.4 for use of identifiers for interface Elements/Facilities only. The identifiers will be assigned by the transmission owner of the Elements/Facilities. Do you agree with this modification?

Yes No

3. Do you agree with the VRFs and VSLs for Requirements R1, R2and R3?

Yes No

4. Do you have any other comments or suggestions to improve the draft standard?

Comments:


Standard Drafting Team Response Process

• Issues and responses for each individual requirement

• Effective feedback: Specific to question

Provide proposed change/rationale

• Less effective feedback: Repeating comment multiple times/responses to entire

standard in every question

No reference to where suggested change should occur

Non-specific concerns, e.g. “I do not like this standard.”


COM-003-1 Schedule


Next Steps

• September 2012: Successive Ballot

• October 2012: Recirculation Ballot

• November 2012: Present Standard to the NERC BOT


Questions?

• Please submit your questions via the ReadyTalk chat window (referencing the slide number if possible)

• Moderator and point of contact – Joseph Krisiak, NERC [email protected]

• Key dates:

August 22, 2012 through September 20, 2012 – Formal Comment Period

September 11, 2012 through September 20, 2012 – Ballots Open

• Slides and recording of this webinar will be posted to the NERC website (usually within three business days)

mailto:[email protected]�

Documents

Industry Webinar: Risk-Based Compliance Monitoring and COM-003 · New!! -- Draft 3 of COM-003-1 represents a new paradigm for reliability standards New!! -- COM-003-1 RSAW was developed