Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
WECC Process for Risk-Based Compliance Oversight
Inherent Risk Assessment and Compliance Oversight Plan
WECC Entity Oversight
Effective Date: April 1, 2017
155 North 400 West, Suite 200
Salt Lake City, Utah 84103-1114
WECC Process for Risk-Based Compliance Oversight 2
W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
Table of Contents
Introduction ................................................................................................................................ 3
1.1 Purpose ..................................................................................................................................... 3
1.2 Document Owner ..................................................................................................................... 3
1.3 Scope ........................................................................................................................................ 3
Risk Based Compliance Oversight Framework Overview .............................................................. 3
2.1 WECC’s Risk-Based Compliance Oversight Team ..................................................................... 4
IRA Process Overview .................................................................................................................. 4
3.1 Entity Participation in the IRA Process ..................................................................................... 4
3.2 IRA Frequency and Revisions .................................................................................................... 4
3.3 IRA Process Workflow............................................................................................................... 5
3.3.1 Gather and Review Entity Information ................................................................................. 5
3.3.2 Perform Risk Factor Assessment .......................................................................................... 5
3.3.3 Perform Data Analysis and Assess Additional Considerations ............................................. 6
3.3.4 Identify a List of Standards for Compliance Monitoring ....................................................... 6
3.3.5 Document IRA Results ........................................................................................................... 7
3.3.6 Share IRA Results .................................................................................................................. 7
Compliance Oversight Plan .......................................................................................................... 7
4.1 COP Frequency and Revisions .................................................................................................. 8
4.2 COP Inputs ................................................................................................................................ 8
4.3 Document COP Results ............................................................................................................. 8
Data Retention ............................................................................................................................ 9
Process Feedback to NERC ........................................................................................................... 9
Revision History ........................................................................................................................ 10
References ................................................................................................................................ 11
Attachment A: Risk Factor Criteria ................................................................................................... 12
Attachment B: Additional IRA Considerations .................................................................................. 16
WECC Process for Risk-Based Compliance Oversight 3
W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
Introduction
This document describes the process used by WECC to conduct Risk-Based Compliance Oversight based
on the ERO Enterprise Guide for Compliance Monitoring.1 Specifically, this document describes how
the Inherent Risk Assessment (IRA) and other performance considerations are used to develop an
entity-specific Compliance Oversight Plan (COP).
1.1 Purpose
The purpose of this document is to provide guidance to registered entities and WECC staff on
the framework WECC uses during the IRA and COP processes.
1.2 Document Owner
WECC’s Director of Risk Assessment and Mitigation (RAM) is the owner of this document.
The document owner may delegate coordination but is responsible for:
• Reviewing, editing, and updating;
• Coordinating revisions across the Entity Oversight department management; and
• Posting.
1.3 Scope
This document applies to WECC and all United States registered entities in the Western
Interconnection. WECC’s international partners are not implementing the Risk-Based
Compliance Oversight Framework.
Risk-Based Compliance Oversight Framework Overview
As described in the Electric Reliability Organization (ERO) Enterprise Guide for Compliance Monitoring,
WECC follows the Risk-Based Compliance Oversight Framework (Framework) which focuses on
identifying, prioritizing, and addressing risks to the Bulk Power System (BPS), enabling WECC to focus
its compliance monitoring approach based on risk for each registered entity.
The Framework consists of multiple, interdependent components including Risk Elements, IRAs,
Internal Controls Evaluation (ICE), Compliance Monitoring and Enforcement Program (CMEP) Tools,
and COPs.
1 ERO Enterprise Guide for Compliance Monitoring, October 2016:
http://www.nerc.com/pa/comp/Reliability%20Assurance%20Initiative/ERO%20Enterprise%20Guide%20for%20Compliance%20Monitoring.pdf
WECC Process for Risk-Based Compliance Oversight 4
W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
The IRA and COP processes are key to developing an entity-specific risk profile and oversight plan for
each NERC registered entity in the Western Interconnection.
2.1 WECC’s Risk-Based Compliance Oversight Team
WECC’s Risk-Based Compliance Oversight processes, including IRA and COP, are shared efforts
by the WECC Oversight staff including the RAM team, Compliance Audit Teams, and Compliance
Program Coordinators (CPC). WECC relies on the collective experience and professional
judgment of the Oversight staff during these processes.
IRA Process Overview
IRA is a process within the Framework in which WECC identifies inherent risks for the registered entity
to determine areas of focus for the entity’s future compliance monitoring activities. Inherent risks are
attributes specific to a registered entity that could impact the reliability of the BPS.
In coordination with other components of the Framework, WECC uses the results of the IRA to develop
an entity-specific COP for each registered entity.
3.1 Entity Participation in the IRA Process
WECC collaborates with the entity throughout the IRA process to ensure WECC has current,
appropriate, and sufficient information necessary to conduct the IRA and reach accurate
conclusions. This collaboration may include phone calls and requests for information.
Entities participate in the IRA process by completing the IRA and COP Survey. WECC typically
requires entities to complete an IRA and COP Survey before it starts the IRA process. WECC
follows the documentation protocols listed in the NERC Rules of Procedure and relies on the
professional judgment of WECC staff when gathering information from the entity during the IRA
process.
Entities are encouraged to respond promptly and accurately to the IRA and COP Survey and any
other requests for information. Throughout the process, the entity can submit questions about
the IRA or COP to the WECC RAM team at [email protected].
3.2 IRA Frequency and Revisions
WECC may review and revise an entity’s IRA at any time. A review or revision is more likely to
occur if an entity experiences significant changes or if new reliability risks emerge. Significant
changes may include, but are not limited to, registration changes, asset ownership changes,
system events, changes in compliance history or activity, organization changes, or changes in
the overall risk elements in the Western Interconnection.
WECC Process for Risk-Based Compliance Oversight 5
W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
3.3 IRA Process Workflow
WECC follows six steps during the IRA process:
1. Gather and review entity-specific data.
2. Assess the entity’s inherent risk in context of pre-determined ERO Enterprise Risk Factor criteria
and the professional judgement of the IRA team.
3. Perform data analysis and review additional performance considerations to further understand
the entity and refine the risk associated with the entity.
4. Identify and prioritize a list of Regional and NERC Reliability Standards that are associated with
the entity’s risks for consideration in the COP.
5. Document the decisions made during the risk assessment process and provide supporting
justification.
6. Share results of the IRA with the registered entity.
3.3.1 Gather and Review Entity Information
In this step, WECC gathers and reviews information about the registered entity. This allows
WECC to determine which Risk Factors and other considerations apply to the entity based on
the entity’s registered functions, assets, system, geography, interconnectivity, compliance
history, corporate structure, delegation agreements, etc.
Initially, WECC reviews entity information that is already available to WECC. Next, it determines
whether additional information is needed to complete the IRA process. To facilitate the
collection of accurate background information and get a more complete understanding of the
entity, WECC usually requests that the entity complete an IRA and COP Survey. WECC will direct
the entity when to complete the IRA and COP Survey. The IRA and COP Survey contains
questions related to an entity’s Operations and Planning and Critical Infrastructure Protection
information and practices. WECC may also gather entity background information through
phone calls and targeted requests for information as needed.
At the end of this step, WECC has gathered and reviewed entity background information. With
this information, WECC determines which Risk Factors and additional performance
considerations are applicable to the entity.
3.3.2 Perform Risk Factor Assessment
In this step, WECC uses entity-specific information and data to identify the risks associated with
the entity based on pre-determined Risk Factor criteria and the professional judgement of
WECC staff.
WECC Process for Risk-Based Compliance Oversight 6
W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
The ERO Enterprise Guide for Compliance Monitoring identifies a common set of pre-
determined Risk Factor criteria for use across the ERO Enterprise. As permitted under the ERO
IRA Process, WECC has implemented technical variances to certain Risk Factor Criteria based on
the Western Interconnection’s unique risk profile. WECC’s region-specific Risk Factor Criteria
are documented in Appendix A.
WECC reviews entity information to determine the risks associated with the entity based on the
Risk Factor criteria. The Risk Factor criteria serve as a guideline and helps WECC follow a
consistent and repeatable process for assessing quantitative areas of risk. In addition to using
the established criteria, WECC uses professional judgement to determine the risk rating based
on each entity’s specific circumstances. Based on the Risk Factor criteria and professional
judgement of the IRA team, WECC identifies a risk rating of high, medium, or low and
associated justification for each applicable Risk Factor.
Later in the IRA process, the Risk Factor ratings will be used to identify an initial list of Regional
and NERC Reliability Standards and requirements associated with the entity’s inherent risks to
the BPS. This list will be used as an input to the COP.
At the end of this step, WECC has assessed information about the entity to identify a high,
medium, or low rating for each Risk Factor and documented justifications that support the risk
ratings.
3.3.3 Perform Data Analysis and Assess Additional Considerations
Throughout the IRA process, WECC analyzes entity information to gain a better understanding
of the entity’s unique characteristics and understand the entity’s inherent risk to the BPS. In
addition to the Risk Factor Analysis, WECC considers additional factors such as compliance
history, performance trends, recently completed or planned system changes, or any other
circumstances that might affect WECC’s decision to monitor a specific risk area or Standard.
A list of performance considerations that WECC may use to understand and evaluate the entity
is included as Attachment B.
At the end of this step, WECC has assessed and documented information about the entity to
develop a more refined understanding of the entity’s risk to the BPS.
3.3.4 Identify a List of Standards for Compliance Monitoring
In this step, WECC reviews the Risk Factor ratings to identify areas of focus for future
compliance monitoring.
Based on the risk assessment results and an understanding of the registered entity’s unique
characteristics, WECC identifies and prioritizes a list of Standards and requirements associated
WECC Process for Risk-Based Compliance Oversight 7
W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
with the registered entity’s risks to select appropriate CMEP tools for compliance monitoring.
This prioritized list of Standards and requirements and compliance monitoring recommendation
is a key input into the COP.
3.3.5 Document IRA Results
The results of the IRA are documented in an IRA Summary Report. The IRA Summary Report
identifies the inherent risks applicable to the entity based on the Risk Factors and a list of
associated Reliability Standards and requirements for COP consideration.
3.3.6 Share IRA Results
Prior to finalizing the IRA process, WECC shares a draft of the IRA Summary Report with the
registered entity. Entities have the opportunity to share feedback with WECC on the IRA
process and are encouraged to share ideas that WECC may consider to further improve and
refine the IRA process. Entities are encouraged to notify WECC if the IRA Summary Report
contains outdated information or factual inaccuracies so that WECC may determine whether
updates to the IRA are needed.
Entities are invited to submit feedback to WECC using the Entity Inherent Risk Assessment and
Compliance Oversight Plan Draft Report Comment Form. For Reliability Coordinator (RC),
Balancing Authority (BA), and Transmission Operator (TOP) registered entities, WECC schedules
a follow-up call with the compliance contact to review the entity’s feedback. WECC may
coordinate a follow-up conference call with other non-BA/TOPs in instances where the entity
has submitted feedback to WECC.
3.3.7 Finalize IRA Summary Report
WECC adheres to a formal approval process prior to the completion of the IRA Summary
Report. During the approval process, the Director of RAM reviews, verifies, and approves the
results of the IRA and the IRA Summary Report.
After the IRA is approved, WECC shares a final version of the document with the entity and
NERC.
Compliance Oversight Plan
The COP is the final output of the ERO Enterprise Risk-Based Compliance Oversight Framework. WECC
uses the COP process to tailor its compliance monitoring activities for NERC Reliability Standards based
on an entity’s specific risks and performance considerations. For each registered entity, the COP
identifies NERC Reliability Standards selected for monitoring, the interval of monitoring activities, and
WECC Process for Risk-Based Compliance Oversight 8
W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
the possible type of CMEP tool (such as Compliance Audit, Spot Check, or Self-Certification) that WECC
may use for compliance monitoring.
4.1 COP Frequency and Revisions
WECC completes the COP process concurrently with the IRA. WECC may review and revise an
entity’s COP at any time. Periodic COP revisions may be based on factors such as updates to the
IRA, the identification and assessment of internal controls, changes to NERC Reliability
Standards, WECC’s quarterly Compliance Monitoring Strategy (CMS) meeting, Reportable
Events, System Outage(s), changes in compliance history or activity, or other changes to the
entity’s characteristics and risks.
WECC may choose not to revise the COP for the sole purpose of updating minor Standards
changes such as Errata changes or Interpretations2. The version of the Standard subject to
enforcement will be identified in WECC’s official notification for the selected CMEP monitoring
tool.
4.2 COP Inputs
As described in the ERO Enterprise Guide for Compliance Monitoring, WECC uses the following
inputs during the development of the COP:
1. IRA Results, including a list of entity-specific risks and a prioritized list of applicable
Standards and requirements that were identified for future compliance monitoring.
2. ERO-wide Risk Elements
3. Regional Risk Assessment results
4. Internal Controls and mitigating activities such as those identified during an ICE or
reviewed during compliance monitoring activities, such as during an audit.
5. The results of WECC’s previous CMEP activities, such as audit findings.
4.3 Document COP Results
The results of the COP process are incorporated into an entity-specific COP report.
2 Reference NERC Standards Numbering System:
http://www.nerc.com/pa/Stand/Resources/Documents/NERC_Standards_Numbering_System_(Update).pdf
WECC Process for Risk-Based Compliance Oversight 9
W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
4.3.1 Develop COP Report
The COP includes the following items: a list of NERC Standards and requirements identified for
monitoring, possible CMEP Tools used for monitoring the identified Standards, and the interval
in which the monitoring is to be performed.
4.3.2 Share the COP
Prior to finalizing the COP process, WECC shares a draft of the COP report with the registered
entity. Entities have the opportunity to share feedback with WECC on their COP. Entities are
encouraged to notify WECC if the COP contains outdated information or factual inaccuracies so
that WECC may determine whether updates to the COP are needed.
Entities are invited to submit feedback to WECC using the Entity Inherent Risk Assessment and
Compliance Oversight Plan Draft Report Comment Form. For RC, BA, and TOP registered
entities, WECC schedules a follow-up call with the compliance contact to review the entity’s
feedback. WECC may coordinate a follow-up conference call with other non-BA/TOPs in
instances where the entity has submitted feedback to WECC.
4.3.3 Finalize COP Report
WECC adheres to a formal approval process prior to the completion of the Compliance
Oversight Plan and COP report. During the approval process, the Director of RAM reviews,
verifies, and approves the results of the Compliance Oversight Plan. After the COP is approved,
WECC shares a final version of the document with the entity and NERC.
Data Retention
WECC’s Compliance Oversight staff complies with WECC’s Records Retention Policy during and after
the IRA and COP processes. After completing an IRA or COP, WECC retains relevant documentation that
supports the analysis performed and conclusions drawn during each process. The retained
documentation may be used to evaluate the entity’s controls during the ICE process or used during
subsequent reviews or revisions of the entity’s IRA and COP.
Process Feedback to NERC
WECC will continue to give feedback to NERC and industry on lessons learned during the Risk-Based
Compliance Monitoring processes such as IRA and COP. WECC’s feedback to NERC may include
information about an entity’s IRA and COP results, regional trends identified through the IRA process,
metrics such as IRA and COP completion status or the average time taken by WECC to complete each
process, and information about WECC’s planned CMEP activities.
WECC Process for Risk-Based Compliance Oversight 10
W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
Revision History
Revision Update Date
Modified By Approval Date
Approved By Comments
1 3/26/2015 Ruchi Ankleshwaria DJ McCarty
6/30/2015 Michael Moon
Initial draft for posting and registered entity input. Enhancements include: - internal process improvement - consideration of ICE and audit scheduling processes
2 4/1/2017 Jennifer Hart 7/9/2018 Ruchi Shah Updated to align with the October 2016 ERO Enterprise Guide for Compliance Monitoring. Major changes include: - updates to the IRA process workflow - addition of the COP processes - clarification on inputs to the IRA and COP process Approved with an effective date of 4/1/2017
WECC Process for Risk-Based Compliance Oversight 11
W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
References
NERC Rules of Procedure
NERC ERO Enterprise Guide for Compliance Monitoring
NERC Overview of the ERO Enterprise’s Risk-Based Compliance Monitoring and Enforcement Program
NERC Annual ERO CMEP Implementation Plan
NERC Risk Elements Guide
NERC ERO Enterprise Internal Control Evaluation Guide
Generally Accepted Government Auditing Standards
WECC IRA and COP Survey
WECC COP Template
WECC CMEP Implementation Plan
WECC Records Retention Policy
WECC Process for Risk-Based Compliance Oversight 12
W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
Attachment A: Risk Factor Criteria
The ERO Enterprise Guide for Compliance Monitoring identifies a common set of pre-determined Risk
Factor criteria for use across the ERO Enterprise. As permitted under the ERO IRA process, WECC has
requested technical variances to the Risk Factor Criteria based on the Western Interconnection’s
unique risk profile. WECC uses the following Risk Factor Criteria, effective April 1, 2017, to conduct
IRAs.
Risk Factor Criteria for Assessment
Risk Factor N/A Low Risk Medium Risk High Risk
CIP - Impact Rating Criteria
Entity has no BES Cyber Systems
(BCS)
Entity has one or more low-impact
BCS(s)
Entity has one or more medium-impact BCS(s)
Entity has one or more high-impact
BCS(s)
Critical Transmission
Entity does not own, operate,
coordinate, plan, design, or
monitor the status of
transmission facilities
Entity’s system is not critical to
adjacent entities as it is not being used as a flow-through system for power
flow
Entity’s system is critical to adjacent entities as it is
being used as a flow-through system for power
flow
Entity's system includes elements
(owned or operated) of an IROL / Flowgate / Major Transmission
Path (WECC) / Generic Transmission Limit
(Texas RE) / Cranking Path
ICCP Connectivity
Entity has no BES Cyber Systems
(BCS)
Entity has low-impact BCS(s) without ICCP
connections or external routable
connectivity
Entity has low-impact BCS(s) with at least one
ICCP connection - or -
Entity has low impact BCS(s) with external
routable connectivity (LERC) - or -
Entity has medium-impact BCSs
Entity has medium-impact BCS(s) with at
least one ICCP connection
- or - Entity has high-impact
BCS(s)
Largest Generator Facility
Entity does not own any
generation facilities
Entity’s largest single generation facility is less than
500 MVA
Entity’s largest single generation facility is
between 500 - 1,000 MVA
Entity’s largest single generation facility is greater than 1,000
MVA
Load
Entity does not have any system
load
Entity’s system load is less than
300 MW
Entity’s system load is between 300 - 2,000 MW
Entity’s system load is greater than 2,000
MW
WECC Process for Risk-Based Compliance Oversight 13
W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
Monitoring and Situational Awareness Tools
Entity does not meet any of the
identified criteria
Entity does not have monitoring and situational
awareness tools and operates 10 or
more lines over 100 kV
Entity does not have monitoring and situational
awareness tools and operates 10 or more lines
over 200 kV
Entity does not have monitoring and
situational awareness tools and operates 20
or more lines over 200kV
Planned Facilities
Entity does not meet any of the
identified criteria
Entity is planning on or currently
building transmission
facilities less than 200 kV in the next
three years - or -
Entity is planning on or currently
building generation facilities that are
less than 500 MVA in the next three
years
Entity is planning on or currently building
transmission facilities between 200 - 300 kV in
the next three years - or -
Entity is planning on or currently building
generation facilities that are between 500 and
1,000 MVA in the next three years
Entity is planning on or currently building
transmission facilities greater than 300 kV in the next three years
- or - Entity is planning on or currently building generation facilities greater than 1,000
MVA in the next three years
RAS/SPS
Entity does not own, operate,
coordinate, plan, design, or
monitor the status of a RAS/SPS
----------
Entity owns or designed a RAS/SPS that is not needed to meet TPL
requirements - or -
Entity owns or operates equipment that is part of
a RAS/SPS that is not needed to meet TPL
requirements
Entity owns or designed a RAS/SPS
that is needed to meet TPL
requirements - or -
Entity owns or operates equipment
that is part of a RAS/SPS that is
needed to meet TPL requirements
System Restoration
Entity has no responsibilities during system
restoration
Entity has regional or company system
restoration responsibilities limited to load
restoration
Entity has Blackstart Resource(s)
- or - Entity provides switching
or other logistics based on the direction from a
different entity responsible for the
restoration plan
Entity is an RC - or -
Entity is responsible for independent
actions coordinated with an RC
WECC Process for Risk-Based Compliance Oversight 14
W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
Total Generation Capacity
Entity does not own or operate any generation
facilities
Entity’s total generation
nameplate capacity is less than 1,000
MVA
Entity’s total generation nameplate capacity is between 1,000 - 5,000
MVA
Entity’s total generation nameplate
capacity is greater than 5,000 MVA
Transmission Portfolio
Entity does not own, operate,
coordinate, plan, design, or
monitor the status of
transmission facilities
Entity has transmission
facilities less than 200kV
Entity has transmission facilities between 200 -
300 kV - or -
Entity has over 1,000 miles of transmission lines
100 kV or greater
Entity has transmission facilities greater than 300 kV
- or - Entity has over 4,000 miles of transmission
lines 200 kV or greater
UFLS Development and Coordination
Entity is not responsible for developing or coordinating a UFLS program
Entity is responsible for
developing and/or coordinating a
UFLS program for less than 500 MW
of load
Entity is responsible for developing and/or
coordinating a UFLS program for 500 MW to
900 MW of load
Entity is responsible for developing and/or coordinating a UFLS
program for 900 MW of load
UFLS Equipment
Entity does not own or operate UFLS equipment
Entity is responsible for 0% up to 0.3% of the entire regionally identified UFLS
program
Entity is responsible for 0.3% to 1.3% of the entire regionally identified UFLS
program
Entity is responsible for more than 1.3% of the entire regionally
identified UFLS program
UVLS
Entity does not have any UVLS responsibilities
The Registered Entity owns or
operates UVLS that is less than 10% of
its peak load
The Registered Entity owns or operates UVLS that is greater than or equal to 10%, but less
than 25%, of its peak load
The Registered Entity owns or operates
UVLS that is greater than or equal to 25%
of its peak load
Variable Generation
Entity does not meet any of the
identified criteria
Less than 10% of the entity’s BA
Area total generation
nameplate MVA is comprised of non-
10% - 25% of the entity’s BA Area total generation
nameplate MVA is comprised of non-
dispatchable generation
Over 25% of the entity’s BA Area total generation nameplate MVA is comprised of
non-dispatchable generation
WECC Process for Risk-Based Compliance Oversight 15
W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
dispatchable generation
Voltage Control
Entity does not own or operate
any voltage control
equipment
----------
Entity owns and/or operates reactive
resources to provide voltage control
Entity owns and/or operates reactive
resources other than generators to provide
voltage control
Workforce Capability
Entity does not meet any of the
identified criteria
Less than 25% of the entity’s System
Operators have less than 5 years of System Operator
experience
Between 25 - 50% of the entity’s System Operators have less than 5 years of
System Operator experience
Greater than 50% of the entity’s System Operators have less
than 5 years of System Operator experience
WECC Process for Risk-Based Compliance Oversight 16
W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
Attachment B: Performance Considerations
During the IRA process, WECC considers a variety of factors such as an entity’s compliance history,
performance trends, recently completed or planned system changes, and other qualitative information
to better understand the entity’s inherent risks and inform the Compliance Oversight Plan. The
following list is an example of the types of information WECC uses to understand and evaluate the
registered entity.
WECC reviews the current status of the Performance Considerations as well as significant past changes
and any changes planned for the future.
Organizational Characteristics
• Compliance History (non-compliances, monitoring, audit feedback)
• JRO/CFR/Agreements
• Organizational Structure
• Registered Functions
Critical Infrastructure Protection
• Networks and Electronic Security Perimeters
• Physical Security and Physical Security Perimeters
• Cyber Systems (including EMS/SCADA)
• Cyber Security Incidents
• User management (Governance and Personnel)
• Asset Management
• Change Management
Transmission Facilities
• BESnet inclusions/exclusions
• Changes in footprint
• Coordination with other Registered Entities
• Transmission Availability Data System
• Vegetation management
Generating Facilities
• BESnet inclusions/exclusions
• Blackstart operability
• Changes in footprint
• Coordination with other Registered Entities
• Generation Availability Data System
• Reserve capability/RSG participation
• Resource mixture
WECC Process for Risk-Based Compliance Oversight 17
W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
• Vegetation management
Load Management
• Composition (Industrial/Residential/Commercial)
• Profile
Events
• Event Analysis practices
• NERC Reportable Events
• OE-417 Electric Emergency Incident and Disturbance Report
• Operating capacity/Energy emergency
• SOL/IROL/Path exceedances
Protections Systems
• Coordination
• Facility maintenance
• Misoperations
• UVLS/UFLS/RAS operations