NERC Compliance Fundamentals
November 5-6, 2018 | Phoenix, AZ
If this event is of interest you may also be interested in NERC CIP: A Deeper Dive, November 6 – 7 in Phoenix.
Bulk electric system entities registered with the North American Electric Reliability Corporation (NERC) continue to wrestle with the complexities of the NERC reliability standards implementation, compliance, and enforcement process. Full audit schedules within each regional entity ensure that the stakes remain high. Critical Infrastructure Protection (CIP) standards add another level of complexity, further demonstrating to the power industry the difficulties of legislating reliability and security.
With the increasing number of new generation and transmission projects being proposed and built, it’s important to understand the implications of being a NERC registered entity and the complicated and costly process of compliance. This course is a great place to start for organizations that are a part of the bulk power system in North America. There are a host of important factors to consider that can have a significant impact on operations. One of the key tenets that supports compliance, or can help mitigate a penalty, is a robust culture of compliance. To demonstrate a culture of compliance, a registered entity must show an enterprise-wide commitment to the process.
This course is an in-depth introduction to NERC standards, compliance, and monitoring and is designed to give the necessary background for all staff to understand the concepts and complexities of NERC compliance in order to communicate and build a culture of compliance and reliability and prepare for upcoming audits.
- Define the role of FERC, NERC and Regional Entities
- Review the background for the NERC standards and discuss major recent revisions
- Explain how violations are determined and identify which standards are the most violated
- Define a culture of compliance and its importance in the compliance monitoring and enforcement process
- Examine strategies to build an internal compliance program
- Examine the NERC CIP requirements: Current version and upcoming revisions
- Analyze the audit process and demonstrate strategies for success before, during, and after an audit
- Discuss emerging trends in NERC compliance including CIP Version 5, the Reliability Assurance Initiative (RAI), the new and emerging standards on Physical Security, Geomagnetic Disturbances, Distributed Energy Resources, etc.
EUCI has been accredited as an Authorized Provider by the International Association for Continuing Education and Training (IACET). In obtaining this accreditation, EUCI has demonstrated that it complies with the ANSI/IACET Standard which is recognized internationally as a standard of good practice. As a result of their Authorized Provider status, EUCI is authorized to offer IACET CEUs for its programs that qualify under the ANSI/IACET Standard.
EUCI is authorized by IACET to offer 1.1 CEUs for this event.
Requirements for Successful Completion of Program
Participants must sign in/out each day and be in attendance for the entirety of the course to be eligible for continuing education credit.
This course will use PowerPoint presentations and group discussions.
Monday, November 5, 2018
8:00 – 8:30 a.m. :: Registration and Continental Breakfast
8:30 a.m. – 5:00 p.m. :: Course Timing
12:00 – 1:00 p.m. :: Group Luncheon
Overview of NERC Reliability Standards and Requirements
- NERC as the ERO
- Overview of entity registration
- Standards background and drafting process
- Trajectory of standards
- Results based standards
- Regional standards
- Compliance and enforcement
- Analysis of most violated non-CIP standards: Hot spots for current versions as well as status of revisions
- PRC 005
- FAC 008/009
NERC Compliance in Practice
- Define “culture of compliance ” and strategies to build, communicate and demonstrate a culture of compliance, as mandated by NERC
- The role of a culture of compliance in mitigation
- Preparing for an audit: What to do before, during and after an onsite compliance audit: successful strategies and avoiding common pitfalls
- Discuss the settlement process that occurs after a violation has been found
- Recognize how NERC compliance fits with other enterprise compliance needs and risk management
- Managing documentation and evidence
- Demonstrating a culture of compliance to auditors
- Reliability Assurance Initiative and what it means to you
Tuesday, November 6, 2018
8:00 – 8:30 a.m. :: Continental Breakfast
8:30 a.m. – 12:00 p.m. :: Course Timing
NERC Critical Infrastructure Protection (CIP)
This session will provide an overview of the NERC CIP Reliability Standards and provide insight into what it takes to comply with the same on an ongoing basis.
- History and background of the NERC CIP reliability standards
- Common assumptions and mistakes
- Prevalent NERC CIP compliance challenges (Version 3)
- A word about CIP Version 5
- Overview of the NERC CIP v3 reliability standards
- NERC CIP v5
- Overview of Version 5 NERC Cyber Security Standards
- Notable differences between Version 3 and Version 5 NERC CIP Reliability Standards
- Tools and resources
- A few words about “tools” and NERC CIP compliance
- Active Vulnerability Assessment Tools
- Danger: Active scanning of ICS environments is risky business!
- Emerging issues and new standards
Rick Terrill, P.E.
Rick’s industry experience spans 39 years in the electric power industry, including 37 years with a large utility, where he was the Director of Compliance for 17,000 MW of coal, nuclear, gas and combined cycle generation fleet leading and implementing all aspects of NERC and Regional compliance. Rick completed multiple NERC/Regional compliance audits and spot checks with zero violations identified by auditors. He also served the company as the designated CIP Senior Manager for NERC cyber compliance. Rick participated as a member of multiple NERC and Regional Standard Drafting Teams, was a member of the NERC Compliance and Certification Committee and received NERC Auditor training. Currently Rick is the Director of NERC Consultation Services at PCS. Rick is a Registered Professional Engineer in the State of Texas, and holds a Bachelor of Science degree, Civil Engineering, and an MBA in Management.
Carl Bench, CISA, PSP
Senior CIP Consultant, Proven Compliance Solutions
Carl has over 11 years’ experience in the electrical industry as an IT Systems Operator, CIP Auditor, and Audit Team Lead. He was most recently a CIP Auditor and Audit Team Lead at Western Electricity Coordinating Council (WECC). While as an Auditor at WECC he gained unique experience in compliance program management and audits. Areas of expertise include: Conducting and leading audits and assessments related to the NERC Critical Infrastructure Protection (CIP) Reliability Standards, NERC & Regional monitoring, NERC CIP V5 implementation/training, and risk-based compliance monitoring and enforcement procedures and implementation. He holds a bachelor’s degree in Information Technology Management. Carl is a Certified Information Systems Auditor(CISA), Physical Security Professional (PSP), Certified Business Resilience Manager (CBRM), Certified Business Resilience Auditor (CBRA).
The Scottsdale Resort at McCormick Ranch
7700 E McCormick Pkwy
Scottsdale, AZ 85258
Reserve your room:
please call 1-408-991-9000
Room Block Reserved For:
Nights of November 4 – 6, 2018
Room rate through EUCI:
$159.00 plus $15 resort fee single or double plus applicable taxes
Make your reservations prior to October 12, 2018.