Browse: Home > Solutions > GRC & Audit Enterprise Suite > Compliance > FERC/NERC Compliance (Utilities)

FERC/NERC Compliance (Utilities)

Background

Congress and the President in the Energy Policy Act of 2005 gave the Federal Energy Regulatory Commission (FERC) important new regulatory authority over the reliability of the nation’s bulk-power system. Mandatory and enforceable reliability standards and a strong reliability program are critical elements of that new authority.

On February 2, 2006, landmark new rules on the certification of an Electric Reliability Organization (ERO) and the procedures for the establishment, approval and enforcement of mandatory electric reliability standards were established. On July 20, 2006, the FERC certified the North American Electric Reliability Corp. (NERC) as the nation’s ERO, making it responsible for developing and enforcing mandatory electric reliability standards under the Commission’s oversight. The standards will apply to all users, owners and operators of the bulk-power system.

The necessary compliance includes meeting both Electric Reliability Standards and Critical Infrastructure Protection (CIP):

“The mandatory reliability standards require certain users, owners and operators of the bulk power system to establish policies, plans and procedures to safeguard physical and electronic access to control systems, to train personnel on security matters, to report security incidents, and to be prepared to recover from a cyber incident.”

Recommended Actions By Providers

The eight CIP reliability standards address the following topics:

  • Critical Cyber Asset Identification
  • Security Management Controls
  • Personnel and Training
  • Electronic Security Perimeters
  • Physical Security of Critical Cyber Assets
  • Systems Security Management
  • Incident Reporting and Response Planning and
  • Recovery Plans for Critical Cyber Assets.

FERC can audit a company’s internal compliance procedures and support systems, looking at the “current system and protocols for monitoring, identifying, and correction of possible violations.” Since FERC has the authority to enforce a compliance plan upon an organization in violation, it is critical that companies subject to NERC/FERC oversight have a robust monitoring and self-assessment process in place to pre-empt any violations noted in a NERC/FERC audit. It should be noted that violations of reliability standards can result in penalties of up to $1 million per day per violation.

The DoubleCheckā„¢ FERC/NERC Solution

DoubleCheck offers a comprehensive platform that can manage an enterprise-wide compliance program, including NERC/FERC requirements. With the capability of fielding, consolidating and reporting assessments on a real-time basis, the NERC/FERC Compliance Manager can be up-to-date on the status of the organization’s compliance with any or all of the CIP or related standards. Automatic “trigger limits” can be set within the Platform’s properties to alert the appropriate parties to any violation, allowing for the proper remediation steps as necessary. In summary, the DoubleCheck Platform will assist in the management of NERC/FERC required activities by:

  • Maintaining documentation of regulatory requirements
  • Managing controls and control testing
  • Track related issues and tasks
  • Provide dashboards tracking priority rankings
  • Allow assignment of risks to regulatory requirements or controls
  • Create and manage surveys
FERC NERC issue Dashboard

Questions About Our FERC/NERC Compliance Solution?

Don’t hesitate. Contact us today at 1-888-299-3980.

Custom Website Design NJ
Reinhart Marketing Group