Presentation is loading. Please wait.

Presentation is loading. Please wait.

WECC COMPLIANCE 101 Webinar

Published byFelix Tyler Modified over 9 years ago

Similar presentations

Presentation on theme: "WECC COMPLIANCE 101 Webinar"— Presentation transcript:

1 WECC COMPLIANCE 101 Webinar
Thursday, October 9, 2014

2 Agenda Introductions Laura Scholl
Overview of WECC and Regulatory Structure Connie White Audit – What to Expect Stacia Ellis and Bill Fletcher Enforcement Overview Rachael Ferrin, Richard Shiflett, Haley Sousa, and Joelle Bohlender webCDMS and EFT Brittany Power

3 Overview of WECC and Regulatory Structure
Constance White Vice President of Compliance and Acting Regional Manager

4 And Regulatory Structure
COMPLIANCE 101 Overview of WECC And Regulatory Structure

5 WECC Profile The Western Electricity Coordinating Council (WECC) is a non-profit corporation that exists to assure a reliable bulk electric system in the geographic area of the Western Interconnection. This area includes all or parts of the 14 western United States, two Canadian provinces, and the northern portion of Baja California, Mexico.

6 WECC History Incorporated in 2002 Predecessor, WSCC formed in 1967
Largest geographic area of the eight Regional Entities Entire Western Interconnection (1.8 million square miles) - includes all or part of 14 U.S. states, 2 Canadian provinces and a portion of Baja California Norte, Mexico Non-Governmental Industry participants join together to promote system reliability Bifurcation in February 2014 changed functions

7 WECC Coverage Service Area
1.8 million square miles 126,285 miles of transmission Population of 78 million

8

9 WECC Organization Independent Board of Directors 9 members Committees
Members Advisory Committee Members Grid owners, operators, users Stakeholders State and Provincial

10 Bifurcation Peak Reliability assumed responsibility for
Reliability Coordination Operate two Reliability Coordination Offices (Vancouver WA and Loveland CO) that provide situational awareness and real-time supervision of the entire Western Interconnection

11 WECC Services Transmission expansion planning Studies
Management of a comprehensive planning database Provide coordination of sub-regional planning processes Analyses and modeling Studies Model the system and perform studies under a variety of scenarios to set operating policies and limits

12 WECC Services Loads and Resources Assessments Operator Training WREGIS
Perform annual assessment of 10-year loads and resources Maintain 10-year coordinated plan of system growth Provide information to NERC for summer and winter assessments of the reliability and adequacy of the bulk-power system Operator Training Provide training sessions for operators, schedulers and dispatchers WREGIS Hosts the Western Renewable Energy Generation Information System, which creates and tracks renewable energy certificates

13 WECC Services Delegation Agreement
Perform functions delegated to WECC as a Regional Entity under Delegation Agreement with NERC, including regulating entities subject to mandatory Reliability Standards

14 Mandatory Reliability Regulation
Northeast Blackout of 2003 10 Million people in Ontario, Canada 45 million people in eight U.S. states

15

16

17 Task Force Report Final report of the U.S.- Canada Power System Outage Task Force on the 2003 blackout concluded: the single most important recommendation for preventing future blackouts, and reducing the scope of those that occur, is for the U.S. government to make reliability standards mandatory and enforceable.

18 Task Force Findings Inadequate System Understanding
Inadequate Situational Awareness Inadequate Tree Trimming Inadequate Reliability Center Diagnostic Support

19 Congressional Action Energy Policy Act of 2005 “Section 215”
On August 8, 2005, the Energy Policy Act of 2005 (EPAct 2005) was signed into law. “Section 215” Section 215 of the EPAct 2005 directed FERC to certify an Electric Reliability Organization (ERO) and develop procedures for establishing, approving and enforcing electric reliability standards.

20 Authority for Compliance Monitoring
FERC Order 672 (Implementing Rule 18 CFR 39) Responsibility and oversight assigned to FERC FERC designated NERC as Electric Reliability Organization NERC has delegation agreement with WECC and seven other regions

21 Implementing Section 215 SECTION 215 Creates Electrical Reliability Organization (ERO) FERC names NERC as ERO Regional Entities NERC selects 8 regional entities WECC is selected for Western Interconnection Delegation Agreement NERC and WECC sign agreements WECC oversight begins in Western Interconnection

22 Development of Mandatory Reliability Standards
Critical Infrastructure Protection (CIP) standards become mandatory and enforceable December 2009 (FERC Order 706) Operations and Planning (O&P) Standards become mandatory and enforceable June17, 2007 (FERC Order 693)

23 Order 693 & Order 706 Standards
Order 693 (Operations and Planning) includes: Resource and Demand Balancing (BAL) Emergency Preparedness & Operations (EOP) Facilities Design, Connection & Mtnce. (FAC) Protection and Control (PRC) Order 706 (CIP) includes: Critical Cyber Asset Identification Personnel & Training Electronic Security Perimeters

24 WECC Compliance Recommends Registrations for Entities
Register users, owners, operators according to function Monitors Compliance with Standards Monitor compliance by users, owners and operators of the bulk power system in the United States Enforces Compliance Violation mitigation and settlement negotiation Representation of WECC in any hearing or appeal process Administration Audit coordination Reporting systems webCDMS and EFT

25 In summary…

26 Reliability Standards
Authority CMEP Reliability Standards Delegation Agreement Federal Power Act 2005

27 Registration Registration Authority
WECC recommends registration to NERC based on functions New tool Discussed by Brittany Power later Authority

28 Monitoring Other Self Certifications Registration Self Reports Audits
Onsite Audit Offsite Audit Self Reports Self Certifications Spot Checks Compliance Violation Investigations Complaints Authority

29 Enforcement Mitigation Actions Settlement Registration Monitoring
Risk Assessments Mitigation Actions Settlement Due Process If a violation is identified, due process includes Notice of Alleged Violation and Penalty or Sanction Registered Entity Response Request for Settlement or Hearing NERC Approval FERC Approval Mitigation of Violations Prompt mitigation of violations and of risk to BES is important Mitigation is not an “admission of guilt” WECC reviews mitigation plans and accepts, rejects or requests revisions WECC reviews completion of mitigation activities Authority

30 Education/Outreach Education/Outreach Registration Enforcement
Monitoring Enforcement Compliance User Groups/ Critical Infrastructure Compliance User Groups Open WebEX - Monthly Targeted Training CIP 101 WebCDMS and EFT Compliance 101 Ad Hoc as needed e.g. CIP v.5 Authority

31 Reference Documents Compliance Monitoring and Enforcement Program (CMEP) & WECC’s annual plan Delegation Agreement Rules of Procedure NERC Standards and WECC Regional Standards NERC Guidance, Bulletins, Directives and Compliance Application Notices (CANs) FERC Orders

32 Stacia Ellis Compliance Program Coordinator
Notice of Audit Stacia Ellis Compliance Program Coordinator

33 Notice of Compliance Audit Packet
Notice of Audit Letter Compliance Monitoring Authority Letter Audit Team Biographies Confidentiality Agreements

34 Notice of Compliance Audit Packet
Certification Letter Pre-Audit Data Requests Pre-Audit Survey Audit Scope and WECC RSAWs

35 Notice of Compliance Audit Letter
90-Day Notice of Audit Letter Details of your specific Audit Dates of Audit Audit Scope Due Dates Audit Team Composition, observers (if applicable) Observers can include FERC/NERC Date/time of proposed Pre-Audit Conference Call Opening Presentation Suggestions

36 Notice of Compliance Audit Letter
Audit Team Composition Primary Audit Team Individuals expected to participate in the Audit Alternate Audit Team Individuals available to act as backup or replacements for Primary Team members

37 Attachments A, B and C Attachment A Attachment B Attachment C
Informational; Explanation of Compliance Monitoring Authority Attachment B Short Biographies of the WECC Audit Staff Attachment C Signed Confidentiality Agreements of the WECC Audit Staff

38 Attachments D and E Attachment D Attachment E Audit Scope
RSAWs (Reliability Standard Audit Worksheets) Customized for your Entity and your audit Based on your Registered Functions and Audit Scope Attachment E Certification Letter Must be printed on your company letterhead and signed by an Authorized Officer Certifies that the information being provided for the Audit is accurate

39 Attachment F Attachment F Pre-Audit Survey
Verify contact information Audit Logistics List any delegation agreements Signed by Authorized Officer Please complete all applicable fields

40 Attachment G Attachment G Why are we doing this to you?!?
Pre-Audit Data Requests Why are we doing this to you?!? Clarifications for data submittals Specifying types of evidence to remove some of the guesswork

41 Att G – Operations & Planning (O&P) Data
Some evidence may apply to more than one Standard One copy is sufficient, but document inventories or “roadmaps” are appreciated Single Line Diagram Requested for the majority of Audits

42 Att G – Cyber Security (CIP) Data
CIP-004 – CIP-009 may not be applicable based upon the Critical Asset/Critical Cyber Asset determination Determined by CIP Requirements 2 & 3 Complete RSAWs indicating absence of CA/CCA identification 2015 CIP audits will include CIP v5 outreach If you have any questions please contact Brent Castagnetto at or

43 Attachment H Attachment H Audit Feedback
Now sending with initial package Feedback is encouraged for all phases of audit.

44 Operations and Planning (O&P)
Audit Periods Defined Audit Periods, for O&P and CIP, are clearly defined in Attachment G for both: Operations and Planning (O&P) Cyber Security (CIP)

45 Audit Frequency 3 year cycle Entities registered as a: All others
Balancing Authority (BA) Transmission Operator (TOP) or Reliability Coordinator (RC) All others Generally a 6 year cycle. Subject to flexibility in the future as part of NERC’s Reliability Assurance Initiative (RAI).

46 Outreach “Howdy Call” A few days after Notice of Audit Packet is uploaded to the EFT Server.

47 Recommendations Know the Reliability Standards Use the RSAWs as guides
Ask questions Participate in Outreach (CUG/CIPUG) We are here for you… Questions Comments Concerns

48 Audit Approach and Best Evidence
William Fletcher Senior Compliance Auditor, Operations and Planning

49 Compliance Audit (on-site vs. off-site)
Primary difference is: Location of audit conduct Scope is typically smaller for off site. On-Site – Required for RC, BA, TOP functions Per NERC Rules of Procedure

50 Compliance Audit (on-site vs. off-site)
Documentation sent to WECC before audit for preliminary review The audit team reviews evidence during off-site week or the first week of the audit and completes its review during the second week or on-site week Data Requests or DRs In-person interviews for clarification Off-Site Entity may be present at audit if desired Telephone interviews for clarification

51 Audit Approaches We audit to the Requirements of the Standards
General Approaches included in RSAW RSAW may ask specific questions Always includes the section: “Describe, in narrative form, how you meet compliance with this requirement.”

52 Audit Approaches “Describe, in narrative form, how you meet compliance with this requirement.” Describe here how your company knows it is compliant with this requirement and how you know you have been compliant for the entire period of the audit. Your place to describe your internal controls. Your evidence should support your narrative.

53 Audit Approaches List the evidence provided in the RSAW. This road map is important Compliance Assessment Approach in RSAW is used as a checklist. Data Request (DR) for gaps or samples Document & record review is primary Interviews and observations are usually for Corroborating

54 Sufficient Audit Evidence
Sufficiency of Evidence The measure of the quantity of evidence Quantity of evidence is dependent on the scope of the audit Extra quantity does not make up for poor quality Ensure you provide enough evidence to demonstrate compliance for the entire audit period.

55 Sufficient Audit Evidence
Sampling is used to limit the amount of detailed evidence provided. Normally used in conjunction with summary of a full set of data. Sampling used to assess details. Reduces the burden on the Audit Team but not really on the Entity Audit Team must select the samples

56 Appropriate Audit Evidence
Appropriateness The measure of the quality of evidence Relevance Validity Reliability

57 Appropriate Audit Evidence
Quality of Evidence Good Internal Controls point to reliable evidence. Direct observation is more reliable than indirect observation. Examination of original documents is more reliable than examination of copies. Testimonial evidence from system experts is more reliable than from personnel with indirect or partial knowledge.

58 Types of Evidence Physical Evidence Documentary Evidence
Testimonial Evidence Compliance Audits may use all three types but Documentary Evidence is by far the most frequent type of evidence assessed and relied on.

59 Testimonial Evidence Attestations of Compliance or Statements of Compliance are generally not accepted as the only available evidence. Attestations may be used to explain minor gaps in documentation or to state if no conditions occurred which are subject to a requirement. Attestor must be knowledgable and qualified.

60 Evidence for Procedural Documents
The characteristics of a valid procedural or policy document include: Document title Definition or Purpose Revision level Effective dates Authorizing signatures

61 Non Applicable Requirements
Three instances are acceptable for use of term “Not Applicable” Entity is not registered for the applicable function. (only TOP responsible for TOP requirements) Entity does not own, operate or maintain the equipment addressed by the requirement. (UVLS, UFLS, SPS etc.) Entity does not use the program or process specified by the requirement. (and is not required to… ATC, CBM, etc)

62 Evidence for Tasks Performed
When the standard calls for a task to be performed it must be documented. Records Logs Reports Work Orders Phone recordings Transcripts of phone recordings Shift Schedules Dates & Times are critical

63 Evidence of “Coordination” with other entities
Typical evidence provided initially is a single . “…If you have any comments please contact ______” This alone is neither sufficient or appropriate to demonstrate coordination between two or more parties. If s or correspondence are used Two way communications are needed Better are: Meeting Agendas Meeting Minutes Attendance Lists

64 Evidence of “Distribution” of information
Typical evidence provided initially is a single with a large distribution list. “…please see attached” This alone is typically neither sufficient or appropriate to demonstrate distribution to others. If s or correspondence are used Need clear identification of the personnel on the distribution list. Even Better is corroboration by receipt acknowledgement

65 Rachael Ferrin Richard Shiflett Haley Sousa Joelle Bohlender
Enforcement 101 October 9, 2014 Rachael Ferrin Richard Shiflett Haley Sousa Joelle Bohlender

66 Agenda What is a violation? How does WECC know about a violation?
What is the submittal and review process for possible violations? What is the submittal and review process for Mitigation Plans? What is a violation? The definition of a possible violation per the NERC Rules of Procedure is “A failure to demonstrate compliance pursuant to applicable NERC Reliability Standard Requirement.”

67 What is a violation? A violation is a failure to demonstrate compliance pursuant to applicable NERC Reliability Standard Requirement Possible Violation (PV) The identification by the Compliance Enforcement Authority of a possible failure by a registered Entity to comply with a Reliability Standard that is applicable to the Registered Entity. NERC Rules of Procedure, Appendix 2 (January 31, 2012). What is a violation? The definition of a possible violation per the NERC Rules of Procedure is “A failure to demonstrate compliance pursuant to applicable NERC Reliability Standard Requirement.”

68 How does the Entity discover a possible violation?
Ongoing Compliance Assessments Internal Assessments Internal Audits Compliance Culture Now that you know the definition of a possible violation, how does the entity go about discovering a possible violation? This slide demonstrates several different avenues that may lead entities into discovering possible violations and submitting a Self Report.

69 How does WECC know about a possible violation?
Compliance Monitoring Self-Reports Self-Certifications New possible violation Change in scope Compliance Audits Spot Checks Compliance Investigations Periodic Data Submittals Complaints Listed on this slide are the 7 compliance monitoring methods as described in the CMEP. Out of the 7, the most common discovery methods are SRs and SCs. Please note that WECC strongly encourages entities to promptly self-report, WECC considers prompt self-reporting as being pro-active. Quickly, I would like to discuss the difference between a Self Report and Self Certification. While Self Reports can be submitted at any time a possible violation is discovered, a Self Certification can only be submitted during the Self Certification period, the Self Certification period occurs on an annual basis and is considered mandatory.

70 Possible Violation Submittal
Submit Self-Reports and Self-Certifications via webCDMS Self Report/Self Certification Content Checklist If you discover a new possible violation you will want to submit a Self Report. All forms SR and SC’s are submitted via webCDMS. When submitting a new possible violation for the first time, it may be helpful to reference the Self Report/Self Certification Content Checklist link to help guide you in identifying the necessary information needed for WECC’s technical review. I will now turn the time over to Ben, to go over the SR/SC content checklist in detail.

71 Self-Report/Self-Certification Content Checklist
Is the version of the standard (in effect at the time of the violation) identified? Are all multiple subrequirements in scope identified? Has this violation been previously reported? Does the violation description include: All devices/facilities/personnel in scope? Names/IDs of devices/facilities/personnel? Where are these devices located? What are these devices used for? What type of access do the personnel have? Any additional information to assess the VSL? Is the start date and end date identified? Are the compensating measures identified? RS

72 Possible Violation Review
WECC Subject Matter Experts (SME) reviews the “possible violation” Analyze facts and circumstances Data Requests/conference call if necessary Technical assessment Facts and Timelines Risk Assessment Recommendation of Dismissal or Acceptance to Case Managers RS SR, SC reviewed at WECC Audit/Spot check reviewed at the audit/spot check What about the details of the SME analysis?

73 Entity’s next step after reporting a Possible Violation
Submit Mitigation Plan Notice of Alleged Violation triggers Mitigation Plan due date Timely Mitigation is encouraged Not admission of violation Once an entity has reported a new possible violation, WECC encourages entities to submit its MP as soon as possible or preferably at the same time. Remember that the faster the violation is mitigated, the better off reliability is! There is no need to wait for a disposition document to submit a Mitigation Plan, also please note that submitting a mitigation plan is not considered an admission of the possible violation. It is important to mention that all violations regardless of discovery method will go through the same review process. Every violation goes through the same process.

74 Mitigation Plan Submittal
Submit via webCDMS One violation per plan Eight Steps to Prevention and Mitigation Mitigation Plan Content Checklist RF Similarly, to the SR/SC process, all forms for MPs are submitted via webCDMS. For reference, please use the Eight Steps to Prevention and Mitigation and Mitigation Plan Content Checklist when preparing to submit a Mitigation Plan. Again, I will turn the time over to Ben to discuss the MP content checklist and review process of MPs.

75 Mitigation and Prevention Checklist
Symptom Root Cause Corrective Actions Preventive Actions Detective Actions Assign tasks Timeline and milestones Interim Risk RS

76 Mitigation Plan Content Checklist
Has the scope of the violation being mitigated changed? Has the root cause been identified? Does the mitigation plan include: What is being fixed? How it is being fixed? When it is being fixed? Do the mitigation actions: Relate to the requirements in scope? Identify preventative measures? Identify detection measures? RS

77 Mitigation Plan Review
WECC Subject Matter Experts (SME) conduct reviews Review the mitigation plan Actions (Corrective, Detective and Preventive) Duration Data Requests/conference call if necessary Notice of Acceptance or Rejection via auto notification or EFT server RS

78 Mitigation Plan Extensions
Extension Requests Accepted Mitigation Plan completion date = date Completion Certification and evidence submitted to WECC Five business days prior to completion date RF If for some reason, you foresee a conflict and do not think the MP will be complete by the proposed completion date, you can submit an EXT. WECC encourages EXTs to be submitted as soon as you know you need one, but no later than 5 business days prior. The EXT must be submitted via webCDMS, please remember to include your reasons for requesting an extension and include any additional milestones that may be needed. Once submitted, it will go through the same review process as discussed earlier, and WECC will notify entities of approval or rejection of the EXT.

79 CMP Submittal Submit Completion Certification and evidence via webCDMS
CMP Content Checklist RF Again, you will submit the CMP and evidence via webCDMS. For reference, please use the CMP Content Checklist when preparing to submit your CMP. Now, I will turn the time over to Tyson to discuss the CMP content checklist and review process of CMPs.

80 CMP Content Checklist Has the scope changed since the Mitigation Plan was accepted? Have you included a brief statement to confirm the scope? Is the evidence uploaded with a description for each file? Is there a mapping of actions to evidence? Is there a completion date for each action? RS

81 Mitigation Plan Completion Review
WECC Subject Matter Experts (SME) conduct reviews Analyze Evidence Were all actions outlined in the plan completed? Has both procedural and implementation evidence been submitted? Data Requests/conference call if necessary Notice of Acceptance or Rejection via auto notification or EFT Server RS

82 Summary Violation life cycle Resources
Submitting violations and mitigation plans WECC’s review of violations and mitigation plans Resources RS

83 The Hand-Off The Hand-off to Case Manager Haley Begins
Possible Violation Submittal Technical SME Review The Hand-off to Case Manager Case Manager Review 4 Methods of PV Disposition Confirmed Violation Haley Begins After the Possible Violation has been submitted and the Subject Matter Expert has reviewed it, the PV is handed off to the Case Manager for review. The Case Manager will review the facts of the PV and the Subject Matter Experts findings to determine the appropriate disposition method.

84 WECC Enforcement Case Managers
Primary Role: Determining Violation Disposition (disposition analysis) Case analysis Violation Disposition Policy analysis Assess penalties Conduct settlements Build relationships HS: The primary role of the Case Manager is to determine the disposition method for possible violations. However, Case Managers also conduct case analysis, policy analysis, assess penalties and conduct settlements. Case Managers are always available to answer your questions or concerns, and to guide you through the enforcement process. Never hesitate to contact your Case Manager.

85 Enforcement Processes
HS: This slide demonstrates each of the four possible disposition methods and the process following each. We will discuss each disposition method in detail.

86 Disposition Analysis Dismissal Find, Fix and Track (“FFT”)
Notice of Alleged Violation (“NOAV”) Expedited Settlement Agreement (“ESA”) HS: The first disposition method I will discuss is the Dismissal.

87 Dismissal Disposition method used when the Case Manager determines the possible violation is not enforceable For Example… Standard Requirement does not apply to Entity Facts and circumstances warrant a violation of a different Standard Requirement Entity produced additional evidence demonstrating compliance HS: Your Case Manager will issue a dismissal any time it is determined that the possible violation is not enforceable. Generally, the Case Manager will determine if a dismissal is appropriate after the technical review and before any disposition document has been issued. However, a dismissal can be issued at any time before the violation becomes a Confirmed Violation.

88 What does a dismissal look like?
Case Manager will issue a “Notice of Dismissal and Completion of Enforcement Action” WECC: Withdraws the Possible Violation from Entity’s compliance record Any data retention directives relating to the possible violation are released Entity: Does not need to respond to notice Questions/concerns contact Case Manager HS: If the Case Manager determines that a dismissal is warranted, the Case Manager will issue a “Notice of Dismissal.” When the dismissal is issued, the violation is withdrawn from the entity’s compliance history and the entity is release from all previously issued data retention directives. The entity is not required to submit a response the to WECC.

89 Not a Dismissal, Now what?
Find, Fix and Track (“FFT”) Notice of Alleged Violation (“NOAV”) Expedited Settlement Agreement (“ESA”) HS: If the Case Manager determines that the violation cannot be dismissed, there are three methods that can be used to dispose of the possible violation. The first method is Find, Fix and Track, or FFT.

90 PVs for FFT Review WECC Reviews All PVs for FFT Treatment
“Strong” FFT Candidates: Are not Repeat PVs PV does not reveal programmatic or systematic shortcomings Found and Fixed by the Entity Mitigation Plan has been submitted HS: All violations are reviewed for FFT candidacy but some violations are more likely than others to be processed as FFTs. Strong candidates are those that were Self-Reported or Self-Certified, are not repeats, do not demonstrate systematic issues and have been mitigated or are in the process of being mitigated.

91 What does an FFT look like?
WECC Enforcement will issue a “Notice of Find, Fix and Track” Remediation Required No Penalty or sanction FFT is filed with NERC but does not become a “confirmed violation” FFT will become part of an Entity’s compliance history HS: When an FFT is issued, remediation is still required and the entity must still submit a mitigation plan. With FFTs, no penalties are issued. Also, while the FFT is filed with NERC and the FFT becomes part of compliance history, the FFT does not become a confirmed violation.

92 What to do with an FFT? Within five (5) days of receiving an FFT Notice an Entity Must: Submit to WECC an affidavit, signed by an officer with knowledge of remediation, OR Submit to WECC written notification opting out of the FFT processing If an Entity opts out of the FFT disposition, then WECCs policy is to issue the violation through the traditional NOAV process. HS: Appended to the FFT is an Affidavit. After you receive an FFT, an officer with knowledge of remediation must sign the affidavit and return it to WECC. Alternatively, you may choose to opt out of the FFT process, in which case WECC will issue a Notice of Alleged Violation.

93 4 Disposition Methods Dismissal Find, Fix and Track (“FFT”)
Notice of Alleged Violation (“NOAV”) Expedited Settlement Agreement (“ESA”) HS: The next disposition method is the Notice of Alleged Violation, which will be presented by Joelle.

94 What does a NOAV look like? CMEP Section 5.3
NERC Rules of Procedure, Appendix 4C §5.3 (“CMEP”) Alleged Violation Facts Mitigation Plan Summary (if applicable) Enforcement Violation Determinations BES Impact Statement Minimal Moderate Severe Violation Severity Level (“VSL”) Violation Risk Factor (“VRF”) Penalty JB An “Alleged Violation” is a possible violation for which the Enforcement Authority [Case Manager] has determined, based on an assessment of the facts and circumstances surrounding the possible violation, that evidence exists to indicate a Registered Entity has violated a reliability Standard. Appendix 4 Section 5.3 to the NERC Rules of procedure identifies specific content requirements of a NOAV. You can access Appendix 4, using the link included herein. In short, the NOAV will contain a summary of the evidence that constitute Alleged Violation Facts. The NOAV will also summarize action prescribed by any Mitigation Plan submitted by the entity prior to the NOAV. The NOAV will also include determinations made by the Case Manager. These risks posed by possible noncompliance. At the lowest end of the “risk spectrum” a case manager may determine that the alleged violation poses a “minimal” risk to the BES. At the highest end of the risk spectrum, the case manager may determine that the alleged violation poses a severe risk to the BES. The NOAV will also include a Violation Severity Level for Each Violation, and a Violation Severity Level for each violation. Violation Severity Levels and VRFs can be found on NERC’s website, and may be updated. Lastly, a NOAV will include a proposed penalty for each violation.

95 What to do with a NOAV? Submit a NOAV Response within 30 days
The NOAV Response must conform to one of three options Agree with the violation AND penalty Agree with the violation, but contest penalty Contest both the violation AND penalty Failure to submit a NOAV Response within 30 days will automatically result in confirmed violations with penalties JB

96 NOAV Response: “Option 1” Does not contest
Does not contest violation facts as alleged in the NOAV May identify errors that should be corrected in the “Notice of Confirmed Violation” (“NOCV”) Submit a Mitigation Plan Enforcement will issue a Notice of Confirmed Violation within ten (10) days of receiving a NOAV Response that “agrees with or does not contest an alleged violation.” JB

97 NOAV Response: “Option 2” Contests Penalty
NOAV Response will be submitted to Enforcement using the EFT Server within thirty (30) calendar days of receiving the NOAV. Submit a Mitigation Plan. NOAV Response must explicitly contest penalty and request settlement. NOAV Response must articulate basis for each penalty NOAV Response should include a proposed penalty the Entity believes to be reasonable including the basis for proposed penalty JB

98 NOAV Response: “Option 3” Contests Alleged Violation & Penalties
NOAV Response must be submitted to Enforcement using the EFT Server within thirty (30) calendar days of receiving the NOAV. NOAV Response must explicitly contest each alleged violation and proposed penalty and request settlement. Each Contention must be supported by: An explanation of the Entity’s position Basis for Contention Additional Information or evidence JB

99 A Word on Penalties Attached to violations disposed of using the NOAV or ESA processes Based on: NERC Sanction Guidelines (January 31, 2012) Penalty Range Penalty range depends upon Violation Severity Level (“VSL”) and Violation Risk Factor (“VRF”) Penalties are then adjusted for either Mitigating or Aggravating Factors HS: Before we move into the Expedited Settlement Agreement, I would like to mention a few things about penalties. Penalties are associated with both the NOAV and ESA. Penalties are based on both the NERC Sanction Guidelines and by the penalty range. The penalty range is a chart, produced by NERC, that uses the Violation Severity Level and Violation Risk Factor to provide a low end and high end of a penalty range. The Case Manager will then review mitigating factors and aggravating factors, and then adjust the penalty amount upward or downward, respectively.

100 Settlement Negotiation
Reaching Settlement NOAV NOAV Response C & T Agreement Schedule Settlement Work with Case Manager Settlement Negotiation Settlement Agreement HS: This slide demonstrates the process from when a NOAV is sent to the entity through the Settlement Agreement. After a NOAV is issued, the entity has 30 days to respond to the NOAV. If the entity contests either the violation or the penalty amount, or both, the settlement process begins. We will first execute a Confidentiality and Tolling Agreement and set a date for settlement. After we reach a settlement, we will execute a Settlement Agreement. If everything moves smoothly with no hiccups, the process from NOAV to Settlement Agreement takes roughly 3 months.

101 4 Disposition Methods Dismissal Find, Fix and Track (“FFT”)
Notice of Alleged Violation (“NOAV”) Expedited Settlement Agreement (“ESA”) HS: The final disposition method is the Expedited Settlement Agreement, or ESA.

102 ESA: Expedited Settlement Process
Settlement Agreement ESA HS: As you can see, the ESA removes the middle steps from the process and goes straight to the Settlement Agreement.

103 What does an ESA look like?
Expedites Formal Settlement Negotiations The ESA will contain Facts and circumstances of the violation Risk Assessment Summary Mitigation Plan Summary VSL and VRF determinations Penalty determination The ESA has many of the same elements as a NOAV. It contains the facts of the violation, a risk assessment, details on mitigation plan submittals, a determination on the VSL and VRF, and a penalty determination. However, unlike the NOAV, the ESA expedites the process and goes straight to a Settlement Agreement. Also, the penalty amount in an ESA is greatly reduced than what a NOAV would contain.

104 What to do with an ESA? Entity will have 15 days to review the ESA…
The Entity will contact Case Manager with questions or concerns. If the Entity accepts the terms of the ESA… The Entity must submit a signed copy of the ESA to WECC within 15 days of receipt of the ESA issuance. If the Entity rejects the ESA or does not respond within 15 days… WECC will issue a Notice of Alleged Violation and Proposed Penalty and Sanction. If you receive an ESA, you will have 15 days to review it and to discuss it with your Case Manager. At the end of that 15 days, you must choose whether to accept it or reject it. You are under no obligation to accept it. If you choose to accept it, you will execute a signed copy of the ESA and return it to WECC. If you choose to reject the ESA, or if you do not respond within the 15 days, WECC will issue a NOAV. Remember, the ESA is a take it or leave it document. The penalty amount is not negotiable.

105 Settlement Agreements & Expedited Settlement Agreements
Once an ESA or Settlement Agreement has been executed, WECC files the Agreement with NERC. NERC staff review the Settlement Agreement and contact the Case Manager with questions. NERC files the terms of the Settlement Agreement with the NERC Board of Trustees, Compliance Committee. Once that committee approves the Settlement Agreement, a Notice of Penalty is prepared and filed with FERC. After review, FERC will issue an “Order of no Further Review”, and the Notice of Penalty becomes effective. After it becomes effective, the Notice of Penalty is made public and can be viewed on the NERC website.

106 Payment & Closure of Enforcement Action
After NOP becomes effective, WECC issues a “Payment Due Notice” The Penalty will be due thirty (30) days from the date the Notice is issued Public NOP filings can be found on the NERC website CASE CLOSED After the Notice of Penalty becomes effective, WECC will issue a “Payment Due Notice” to the entity which allows the entity 30 days to tender the penalty amount to WECC.

107 Enforcement Process Summary
Possible Violation Submittal Technical SME Review The Hand-off to Case Manager Case Manager Review 4 Methods of PV Disposition Confirmed Violation Lifecycle of a Possible Violation Best Compliance Practices Possible Violation Disposition and Entity Responses In summary, we have reviewed the lifecycle of a possible violation, from detection through settlement. For additional information on Best Practices, there is a link provided in this slide. Are there any questions before we turn the time over to Brittany?

108 Brittany Power Data Coordinator
Compliance 101 Brittany Power Data Coordinator

109 webCDMS

110 webCDMS Regions MRO SPP WECC Texas RE RFC

111 EFT Server WECC EFT Server

112 Compliance Standards Index

113 Compliance Standards Index

114 Compliance Standards Index

115 Compliance Standards Index

116 Reminder: Help Desk WECC Support OATI Support Call @ 801-883-6879
Types of calls for WECC EFT Questions Registration Questions Historical Questions Standard Questions Non-technical Questions Types of calls for OATI Technical Problems webCDMS Login Problems Certificate Problems Access Problems

Download ppt "WECC COMPLIANCE 101 Webinar"

Similar presentations

Reliability Provisions of EPAct of 2005 & FERC’s Final Rule

Reliability Provisions of EPAct of 2005 & FERC’s Final Rule
NERC Reliability Readiness The Next Steps Mitch Needham NERC Readiness Evaluator September 24, 2007.

NERC Reliability Readiness The Next Steps Mitch Needham NERC Readiness Evaluator September 24, 2007.
COMPLIANCE 101 Module One.

COMPLIANCE 101 Module One.
Frequently Asked Questions Alberta Reliability Standards Compliance Version 1.0 – Effective April 30, 2013 (Please visit the website to download the latest.

Frequently Asked Questions Alberta Reliability Standards Compliance Version 1.0 – Effective April 30, 2013 (Please visit the website to download the latest.
CIP Cyber Security – Security Management Controls

CIP Cyber Security – Security Management Controls
1 PER-005 Update Impact on Operators System Operator Conference April 17-19 and May 1-3, 2012 Columbia, SC Margaret Stambach Manager, Training Services.

1 PER-005 Update Impact on Operators System Operator Conference April and May 1-3, 2012 Columbia, SC Margaret Stambach Manager, Training Services.
Key Reliability Standard Spot Check Frank Vick Compliance Team Lead.

Key Reliability Standard Spot Check Frank Vick Compliance Team Lead.
COM Operating Personnel Communications Protocols

COM Operating Personnel Communications Protocols
CIP Spot Check Process Gary Campbell Manager of Compliance Audits ReliabilityFirst Corporation August, 2009.

CIP Spot Check Process Gary Campbell Manager of Compliance Audits ReliabilityFirst Corporation August, 2009.
Compliance Application Notice Process Update and Discussion with NERC MRC.

Compliance Application Notice Process Update and Discussion with NERC MRC.
BS Information Systems – University of Redlands BS Information Systems – University of Redlands AS Electronic Technology AS Electronic Technology Project.

BS Information Systems – University of Redlands BS Information Systems – University of Redlands AS Electronic Technology AS Electronic Technology Project.
IS Audit Function Knowledge

IS Audit Function Knowledge
Notice of Compliance Audit

Notice of Compliance Audit
1 FRCC Compliance Organization and Entity Registration 2008 FRCC Compliance Workshop.

1 FRCC Compliance Organization and Entity Registration 2008 FRCC Compliance Workshop.
Audit & Compliance Tips Jagan Mandavilli Senior Compliance Engineer.

Audit & Compliance Tips Jagan Mandavilli Senior Compliance Engineer.
GOP and QSE Relationship Jeff Whitmer Manager, Compliance Assessments Talk with Texas RE June 25, 2012.

GOP and QSE Relationship Jeff Whitmer Manager, Compliance Assessments Talk with Texas RE June 25, 2012.
Support Systems and Tools Brittany Power Data Coordinator.

Support Systems and Tools Brittany Power Data Coordinator.
Lisa Wood, CISA, CBRM, CBRA Compliance Auditor, Cyber Security

Lisa Wood, CISA, CBRM, CBRA Compliance Auditor, Cyber Security
Federal Energy Regulatory Commission June 20091 Cyber Security and Reliability Standards Regis F. Binder Director, Division of Logistics & Security Federal.

Federal Energy Regulatory Commission June Cyber Security and Reliability Standards Regis F. Binder Director, Division of Logistics & Security Federal.
Compliance Enforcement Initiative : Initial Filing and Next Steps October 13, 2011.

Compliance Enforcement Initiative : Initial Filing and Next Steps October 13, 2011.

Similar presentations

Ads by Google