NERC Compliance Fundamentals
June 15-16, 2020 | Online :: Central Time
If this event is of interest you may also be interested in this related event
NERC CIP: A Deeper Dive, June 16-17, 2020, Online
Bulk electric system entities registered with the North American Electric Reliability Corporation (NERC) continue to wrestle with the complexities of the NERC reliability standards implementation, compliance, and enforcement process. Full audit schedules within each regional entity ensure that the stakes remain high. Critical Infrastructure Protection (CIP) standards add another level of complexity, further demonstrating to the power industry the difficulties of legislating reliability and security.
With the increasing number of new generation and transmission projects being proposed and built, it’s important to understand the implications of being a NERC registered entity and the complicated and costly process of compliance. This course is a great place to start for organizations that are a part of the bulk power system in North America. There are a host of important factors to consider that can have a significant impact on operations. One of the key tenets that supports compliance, or can help mitigate a penalty, is a robust culture of compliance. To demonstrate a culture of compliance, a registered entity must show an enterprise-wide commitment to the process.
This course is an in-depth introduction to NERC standards, compliance, and monitoring and is designed to give the necessary background for all staff to understand the concepts and complexities of NERC compliance in order to communicate and build a culture of compliance and reliability and prepare for upcoming audits.
- Define the role of FERC, NERC and Regional Entities
- Review the background for the NERC standards and discuss major recent revisions
- Explain how violations are determined and identify which standards are the most violated
- Define a culture of compliance and its importance in the compliance monitoring and enforcement process
- Examine strategies to build an internal compliance program including internal controls
- Analyze the audit process and demonstrate strategies for success before, during, and after an audit
- Examine the NERC CIP requirements: Current version and upcoming revisions
- Discuss emerging trends in NERC compliance including, the Risk Based CMEP, the new and emerging standards on Physical Security, Geomagnetic Disturbances, Distributed Energy Resources, and other emerging topics
EUCI has been accredited as an Authorized Provider by the International Association for Continuing Education and Training (IACET). In obtaining this accreditation, EUCI has demonstrated that it complies with the ANSI/IACET Standard which is recognized internationally as a standard of good practice. As a result of their Authorized Provider status, EUCI is authorized to offer IACET CEUs for its programs that qualify under the ANSI/IACET Standard.
EUCI is authorized by IACET to offer 1.1 CEUs for this event.
Requirements for Successful Completion of Program
You must be logged in for the entire presentation and send in the evaluation after the online course is completed.
This course will use PowerPoint presentations and group discussions.
Monday, June 15, 2020
8:30 – 9:00 a.m. :: Log in
9:00 a.m. – 4:00 p.m. :: Course Timing
12:00 – 12:30 p.m. :: Lunch Break
Overview of NERC Reliability Standards and Requirements
- NERC as the ERO
- Overview of entity registration
- Standards background and drafting process
- Trajectory of standards
- Results based standards
- Regional standards
- Compliance and enforcement
- Analysis of most violated non-CIP standards: Hot spots for current versions as well as status of revisions
- PRC 005
- FAC 008/009
- NERC compliance in practice
- Define “culture of compliance” and strategies to build, communicate and demonstrate a culture of compliance, as mandated by NERC
- The role of a culture of compliance in mitigation
- Preparing for an audit: What to do before, during and after an onsite compliance audit: successful strategies and avoiding common pitfalls
- Discuss the settlement process that occurs after a violation has been found
- Recognize how NERC compliance fits with other enterprise compliance needs and risk management
- Managing documentation and evidence
- Demonstrating a culture of compliance to auditors
- Risk based CMEP and what it means to you
Tuesday, June 16, 2020
8:30 – 9:00 a.m. :: Log in
9:00 a.m. – 12:00 p.m. :: Course Timing
NERC Critical Infrastructure Protection (CIP)
This session will provide an overview of the NERC CIP Reliability Standards and provide insight into what it takes to comply with the same on an ongoing basis.
- History and background of the NERC CIP reliability standards
- Common assumptions and mistakes
- Prevalent NERC CIP compliance challenges
- A word about CIP v5/v6
- Overview of the NERC CIP reliability standards
- NERC CIP v5/v6
- Overview of Version 5 NERC Cyber Security Standards
- Notable differences between Version 3 and Version 5 NERC CIP reliability standards
- Tools and resources
- A few words about “tools” and NERC CIP compliance
- Active vulnerability assessment tools
- Danger: Active scanning of ICS environments is risky business!
- Emerging issues and new standard
Ryan Carlson, CISSP, PSP, Vice President – Critical Infrastructure Protection Services, Proven Compliance Solutions
Ryan has over 25 years of experience in Cyber Security, IT project management, network system engineering, and network/server system administration. Ryan’s career has been devoted exclusively to assisting clients with their NERC Critical Infrastructure Protection (CIP) compliance program needs since 2008. Ryan has conducted hundreds of CIP mock audit/gap analysis projects over the last 10 years and participated in dozens of regional CIP audits as an expert advisor, observer, and embedded Subject Matter Expert. Ryan is actively involved in monitoring the CIP Standards development process by attending NERC Critical Infrastructure Protection Committee (CIPC) meetings, as well as numerous NERC/regional CIP user group meetings and conferences. Ryan is an active member of the NERC Compliance Input Working Group (CEIWG) and the NERC Supply Chain Working Group. Ryan is a Certified Information Systems Security Professional (CISSP) and Physical Security Professional (PSP) and holds a Bachelor’s Degree in Economics, International Relations and Marketing from the University of Minnesota.
Mitchell E. Needham, P.E. Vice President – NERC Consultation Services O&P, Proven Compliance Solutions
Mitchell’s industry experience spans over 40 years in the electric power industry, including 28 years with the Tennessee Valley Authority prior to working for NERC. Mitchell is both a former NERC Readiness Auditor and Regional Compliance Oversight Liaison for two NERC Regions and received NERC and FERC training in reliability compliance auditing. He has extensive experience conducting actual and mock audits of BES O&P and CIP Reliability Standards with expertise in protective relaying, process development, power system operations, reliability benchmarking, and compliance management. Mitchell is a registered Professional Engineer in the State of Tennessee, holding license #15926 and holds a Master of Science, Electrical Engineering (University of Tennessee – Chattanooga), & Bachelor of Science in Electrical Engineering (University of Tennessee – Knoxville).
Our courses are designed to be the best possible use of your valuable time – get the information you need to improve your position in the market in an interactive, dynamic format.
We will be using Microsoft Teams to facilitate your participation in the upcoming event. You do not need to have an existing Teams account in order to participate in the broadcast – the course will play in your browser and you will have the option of using a microphone to speak with the room and ask questions, or type any questions in via the chat window and our on-site representative will relay your question to the instructor.
- You will receive a meeting invitation will include a link to join the meeting.
- Separate meeting invitations will be sent for the morning and afternoon sessions of the course.
- You will need to join the appropriate meeting at the appropriate time.
- If you are using a microphone, please ensure that it is muted until such time as you need to ask a question.
- The remote meeting connection will be open approximately 30 minutes before the start of the course. We encourage you to connect as early as possible in case you experience any unforeseen problems.