NERC Certification and Review Process Manual Registration1... · Web viewThe North American...
Transcript of NERC Certification and Review Process Manual Registration1... · Web viewThe North American...
3353 Peachtree Road NESuite 600, North Tower
Atlanta, GA 30326404-446-2560 | www.nerc.com
ERO Certification and Review Process Manual
January 2013
Table of Contents
Table of Contents........................................................................................................................... ii
Purpose..........................................................................................................................................3
Continuity Plan.............................................................................................................................. 3
Accountabilities/Responsibilities...................................................................................................4
NERC.......................................................................................................................................... 4
Regional Entity (RE)................................................................................................................... 4
Certification Process......................................................................................................................6
Certification Review Process........................................................................................................12
Related Documentation...............................................................................................................13
Appendix I: Terms and Definitions...............................................................................................14
ii Table of Contents
Purpose / Continuity Plan
PurposeThis ERO Certification Process Document serves two purposes.
First, it provides consistency in the implementation of an ERO-wide Certification process that will meet the requirements of the NERC Rules of Procedure (ROP) Section 500 and Appendix 5A.
Second, it provides transparency in the implementation of the Certification process in order that entities applying or registered for the Reliability Coordinator (RC), Balancing Authority (BA)
Areas Addressed
and/or Transmission Operator (TOP) functions will gain a better understanding of what to expect as the process is executed.
Continuity PlanThe North American Electric Reliability Corporation’s (NERC) mission is to ensure the reliability of the North American bulk power system. NERC is the electric reliability organization (ERO) certified by the Federal Energy Regulatory Commission to establish and enforce reliability standards for the bulk power system. NERC develops and enforces reliability standards; assesses adequacy annually via a 10-year forecast, and summer and winter forecasts; monitors the bulk power system; and educates, trains and certifies industry personnel. ERO activities in Canada related to the reliability of the bulk power system are recognized and overseen by the appropriate governmental authorities in that country.
NERC has delegated to Regional Entities (RE)s, via regional delegation agreements (RDA)s1, certain responsibilities for the conduct of ERO statutory functions.
In accordance with the NERC Rules of Procedure Section 500, subsection 3 Delegation and Oversight, NERC shall develop and maintain a plan to ensure the continuity of an Organization Registration and Certification Program within the geographic or electrical boundaries of a Regional Entity in the event that no entity is certified as a Regional Entity for that Region, or the Regional Entity withdraws as a Regional Entity or does not operate its Organization Registration and Certification Program in accordance with delegation agreements and other requirements. To conduct this plan, NERC would follow and adhere to the Registration and Certification procedural documents in order to successfully fulfill the day to day activities surrounding Entity Registration and Certification.
1 Located on NERC’s website at http://www.nerc.com/page.php?cid=1|9|119|181
4 Table of Contents
Accountabilities / Responsibilities
Accountabilities/Responsibilities
NERCPresident and Chief Executive Officer (CEO), or Designee
Responsible for overall execution of the Continuity Plan as described on Page 3.
Director of Compliance Operations or Designee
Accountabilities / Responsibilities
Provides overall oversight of the ERO Certification process and maintains responsibility for effective and consistent implementation of the Certification process throughout the eight REs.
Manager Organization Registration & Certification Provides direct oversight of the ERO Certification process and maintains contact with
REs for effective implementation of the Certification process.
Confirms that the composition of each Certification Team (CT) complies with ROP requirements.
Assigns NERC member(s) to CT.
Establishes training requirements and facilitates training for CT members.
Maintains registry of CT member training.
Plans and organizes Certification workshops for REs and stakeholders.
Facilitates NERC approval of RE recommendation of entity certifications.
Proposes and maintains revisions to Certification process documents as required.
Regional Entity (RE)President and Chief Executive Officer (CEO), or Designee
Responsible for overall execution of the Certification Process.
Acts upon the CT recommendation for certification.
Notifies the entity and NERC of the Certification decision.
Manager (or Designee) responsible for Certification
Ensures Regional execution of the ERO Certification process.
Identifies Certification Team Leader (CTL) and determines members of the CT in coordination with the CTL, confirms completion of required training, and execution of appropriate CT member documentation.
Approves and ensures the adequate implementation of subsequent action plans from completed ERO Certifications.
Responsible for facilitating final RE approval of entity Certification.
Confirms all evidence and Certification documentation is kept in accordance with the RE document retention procedures per ROP Section 502.2.
Certification Team Leader (CTL)
Must be a trained Team Leader.
Completed NERC online Auditor training.
Attended NERC’s Lead Auditor Training workshop.
Completed required reading package.
6 ERO Certification Process Manual
Accountabilities / Responsibilities
Participated as a Team Member on at least two (2) certifications
Coordinates Certification activities in accordance with ROP Section 500, Appendix 5A, and the Certification Process Manual to achieve stated objectives of the ERO Certification process.
Establishes and maintains contact with entity applicant throughout the Certification process.
Performs and oversees fact finding, interviews and data collection.
Prepares Opening and Closing Presentations.
Accountabilities / Responsibilities
Analyzes on-site interviews, observations, feedback, etc to complete the ERO Certification.
Develops draft Final Report including coordination with CT members of wording regarding positive observations and closed bucket 2 items.
Supports RE Manager, or designee, responsible for Certification in facilitating RE approval of entity Certification.
Certification Team Member (Duties as assigned by the CTL) Completes required training per ROP and executes Confidentiality agreements and
Conflict of Interest forms.
Reviews evidence presented by applicant, documents questions for entity SMEs, submits requests for information to CTL.
Interviews subject entity management, SMEs, and system operators.
Acts as Scribe if assigned.
Contributes comments on Final Report
8 ERO Certification Process Manual
Certification Process
The certification2 of an entity requires a well-planned, in depth review and well documented assessment of an entity’s capability to perform the tasks of the certifiable function for which it has applied or has been registered. This document provides a summary of the steps required to conduct the certification process. The following procedure is written generally in chronological order and may be changed at the discretion of the CTL to meet schedules, differences in Certification scope, management direction, differences in RE needs, etc. Further, it is written on the basis that an entity has requested Certification. If an entity has received a registration initiated by either the Regional Entity or NERC as allowed in ROP Appendix 5A, or if the entity is already registered3 the procedure will be adjusted as appropriate.
If there are any discrepancies between the NERC ROP and this document, the NERC ROP shall take precedence. All discrepancies must be brought to the attention of NERC or the appropriate RE for further actions, as needed.
The Regional Entity shall assign a Certification Team Lead (CTL) once an application has been received and accepted or an entity has been registered by the Regional Entity or NERC on behalf of the entity4. The CTL should be a trained team leader5 as this will provide a solid foundation for the Certification Team (CT). The CTL is responsible to develop a CT in compliance with the NERC Rules of Procedure (ROP) Appendix 5A. All CT members must have completed the requirements as described in the appropriate Member Training Form, prior to participation in the certification process and adhere to ERO’s confidentiality agreements for any data or information made available to the CT member through the certification process.
The following is a summary of steps to be followed during a certification:
Planning1. As required by the ROP, the CT members:
a. Shall consist of:i. For Balancing Authority, the CT shall have representation from the following:
o An existing BA, the entity’s proposed RC, TOP, each affected Regional Entity, and NERC.
ii. For Reliability Coordinator, the CT shall have representation from the following:
o An existing RC, a BA and a TOP in the proposed RC area, each affected Regional Entity, and NERC.
iii. For Transmission Operator, the CT shall have representation from the following:
2 The certification of Reliability Coordinators (RC), Balancing Authorities (BA) and Transmission Operators (TOP) is an independent process from the similar process of audits
3 For an entity that is already registered, the CTL will review any Potential Violations of record4 An entity is registered ‘on behalf of’ if the RE or NERC determines the entity should be registered and the entity refuses to voluntarily
register5 In accordance with ROP Section 500 §2.2.7 NERC shall develop and provide training in auditing skills to all individuals prior to their participation in Certification evaluations. Training for Certification Team leaders shall be more comprehensive than the training given to industry subject matter experts and Regional Entity members.
10 ERO Certification Process Manual
Certification Process
o An existing TOP, the entity’s proposed RC, each affected Regional Entity, and NERC.
b. Additional CT members with expertise in any of the NERC registry functional areas may be added as necessary (i.e. NERC, Regional Entity staff).
c. Entities such as government representatives or other stakeholders may be observers in the certification process.
2. The CTL shall ensure all CT members have completed the following:a. Certification Team Member Training Record form.
Certification Process
b. An ERO Conflict of Interest and business Ethics for Certification Team Members form.
c. An ERO Confidentiality Agreement for NERC Certification Team form.3. The Certification Scope:
a. The CT shall review the application for certification to determine the scope of the assessment. Using the NERC Reliability Standards VRF Matrix, the team shall develop a Master Matrix to identify which Reliability Standards shall be assessed based upon the function(s) for which the entity is to be certified.
4. The CTL shall develop an online portal to store all documentation. The CTL shall set up a secured server to house all relevant Certification Process documents, including but not limited to:
a. The applicationb. All relevant correspondence between the CTL and the applicant, including the
Certification Packet described in 4 belowc. All relevant correspondence between the CTL and the CT membersd. Instructions for the entity to access the server in order for the entity to submit their
responses and allow for CT members to access the documentation suppliede. The agreed applicable Master Matrix to be evaluated during the processf. The overall process scheduleg. The agenda for the on-site visit if requiredh. The Final Reporti. The RE approval/rejection of application for certification
5. A Certification Packet shall be developed and sent to the entity 90 days prior to the on-site visit6 and shall consist of:
a. Notification of the certification processb. The tentative overall process schedule and on-site agenda for the certification
processc. The appropriate questionnaires7
d. The Master Matrixe. The CT Roster and CT member biographies requesting no-objections to CT membersf. Pre-Certification survey which is to be returned to the CTL days within 15 daysg. Any specific requests for information (RFI) known
6. CTL should contact the entity within one week of submitting the packet to:a. Confirm receipt of the packageb. Discuss any concerns the entity may have
6 This procedure recognizes circumstances may arise that require a timeline appropriate for the circumstances and the event durations are predicated on adequate time available.
7 At the discretion of the CTL, the CTL will forward a Neighboring Entity questionnaire to an appropriate neighboring entity.
12 ERO Certification Process Manual
Certification Process
7. The entity shall complete and return to the CTL the questionnaires, master matrix and supporting documentation no later than four weeks prior to the on site visit.
8. The CTL shall schedule a document review to take place prior to the on-site visit, preferably the document review should take place face to face with the CT members, however a teleconference is acceptable.
9. The CTL and CT shall review the Pre-certification survey, in order to:a. Develop an understanding of the entity being certifiedb. Make all travel arrangements
Certification Process
10. The CTL shall assign a scribe(s) to document the assessment and identify teams if the CT is to be broken into smaller groups:
a. For complex certifications of new facilities, the CTL may assign members of the CT into different focus areas such as:
i. Facilities – examples of items that could be included (but are not limited to the following) are: the physical cyber assets against the CIP standards, the cyber training, the maintenance contracts and records for the facilities, the electrical system and UPS, the cyber security of servers, passwords, etc. per the CIP standards, and the physical installation of data and voice equipment.
ii. EMS/SCADA – Interview the EMS/SCADA subject matter experts (SMEs) to ensure that the tools will provide adequate situational awareness against the NERC Standards. Ensure adequate change control of the EMS/SCADA. Review the data transfer, server, applications, and redundancy configuration of the core tools including: EMS, OSI-PI, ICCP, outage scheduling, scheduling, map board displays, communication systems, etc.
iii. Operator Preparedness – Interview the operators at their workstations and ask them to present the tools, procedures, CIP readiness, and their procedure use for normal day-to-day and emergency operations. Interview the training staff regarding initial, training needed to support the transition to the new responsibilities and continuing training against the NERC Standards. Interview the planning staff to ensure adequate contingency planning and proper interaction with the real time operators.
11. The CT shall conduct a document review of the documentation provided prior to the on-site visit and shall document all:
a. Questions for the entity’s management, SMEs and system operators based upon the review of the supporting documentation
b. Additional RFIs and submit to the entity prior to the on-site visitc. document all comments which support of the entity’s abilities to perform the
function for which the entity applied during the document review and close out those items which do not need further review
d. Issues which need to be addressed prior to certification being granted
12. The CTL shall provide the entity a final schedule and agenda for the on-site visit based upon the results of the document review.
Fieldwork1. Opening Presentation
a. The CTL shall provide an opening presentation the first day on site.b. The entity shall provide an opening presentation, briefly describing the entity, the
location, evacuation and other safety issues, restrooms and other housekeeping information.
14 ERO Certification Process Manual
Certification Process
2. The CT shall interview entity personnel to provide clarification to responses provided and reviewed during the document review.
a. The CT shall request electronic copies of documents provided.b. Security sensitive materials shall be documented, however, they shall remain at the
entity’s facility.3. The CT shall tour the facilities observing and noting the required physical assets. The CT may
request a demonstration of the tools used to support the function.
Certification Process
4. At the end of each day, the CT will caucus in preparation for the daily debriefing. Subsequently, the CTL shall lead a daily debriefing with the entity in order to:
a. Identify the status of the assessment.b. Identify any items of concern which need to be addressed, identify which bucket
each item is in.c. Provide an update to the schedule. d. Identify any possible violations of applicable standards in order for the entity to self-
report to its respective region.5. The CTL shall provide an exit briefing at the end of the on site visit in order to:
a. Identify any items of concern which need to be addressed, identify which bucket each item is in.
b. Discuss the reporting process. c. Discuss the next steps in the certification process, including the post on site visit
anticipated schedule, including closing bucket 2 items. d. Confirm that Entity Feedback Forms will be forwarded to the entity with a sincere
request for candid feedback.
Reporting1. The CTL will provide the CT with the Feedback Form-CT Member and request that they be
returned within 5 calendar days with a copy to the NERC Certification email [email protected].
2. After completion of the on-site visit the CTL should develop:a. a spread sheet listing all Bucket 2 items which are to be tracked and closed prior to
requesting RE management approve certification; andb. the draft Final Report, in coordination with input from the CT, which presupposes
bucket 2 items are closed,.3. Upon completion of the draft Final Report, the CTL should transmit the draft Final Report to
the CT requesting return with final comments within 2 calendar days.4. Upon completion, the CTL should transmit the draft Final Report to the entity requesting
return with comments within 14 calendar days.5. The comments received from the entity will be given due consideration and incorporated in
the Final Report at the discretion of the CTL, in consultation with the CT.6. The CTL will review the completed Final Report one last time with the CT and when all
Bucket 2 items are closed to the satisfaction of the CT, submit to the appropriate RE management8 the CT recommendation and Final Report for consideration and approval.
7. If rejected by RE management, the CTL will work with the CT and the entity to resolve any issues.
8 For multi region entities, the CTL will submit the CT recommendation and Final Report to each region’s management for consideration and approval.
16 ERO Certification Process Manual
Certification Process
8. If approved by RE management, the RE CEO9 (or a designee) will transmit to the entity, with a copy to NERC, the formal RE approval and RE recommendation for NERC approval using as a template, the “Region Certification Approval Recommendation Letter” available on NERC’s website.
9. If approved by NERC, NERC shall transmit via email to the applicant, confirmation of Certification of the application function, noting that the applicant will receive via post, a hard copy of:
a. The Certification Letter
Certification Process
b. Certificate of functional Certification10. After the applicant is certified, the RE will register the applicant; the applicant will be
registered for the new function on the confirmed date that operations will begin10.11. After the applicant is certified, the applicant must commence operations for the application
function within 12 months after being notified of approval by NERC. If the applicant fails to commence operation within 12 months, the certification process must be repeated.
9 Each RE management is to issue the letter of approval and recommendation10 Within the Certification Approval letter, the entity is reminded to advise the RE when it is to commence operations.
18 ERO Certification Process Manual
Related Documentation
Certification Review ProcessFunctional Entity Certification Review will follow the same processes and procedures as a Functional Entity Certification with an appropriately scoped evaluation effort, including team composition, onsite visit needs and change in terminology as appropriate. Items that are to be considered in this decision are listed in ROP Appendix 5A Section IV §4, and include one or more of the following:
Certification Review Process
Changes to a Registered Entity’s Footprint or operational challenges (i.e., TLRs) due to the changes
Organizational restructuring that could impact the Bulk Power System reliability Relocation of the control center Changes to Registered Entity ownership requiring major operating procedure changes Significant changes to JRO / CFR assignments or agreements changes Addition or removal of member JRO / CFR utilities or entities Complete replacement of a SCADA/EMS system
A Registered Entity requiring review shall complete the appropriate form from Regional Entity and submit the completed form to its applicable RE.
Using professional judgment, the CT shall limit the scope to those requirements which are affected as a direct result of the reason for the review; such as if an entity installed a new EMS, there should be no reason to conduct Personnel Risk Assessments due to the change if access to the Critical Cyber Assets remains the same.
20 ERO Certification Process Manual
Certification Review Process
All Certification process templates, including the Certification Process Manual are available on NERC’s website11
NERC Rules of Procedure Section 500 - Organization Registration and Certification NERC Rules of Procedure Appendix 5A - Organization Registration and Certification Manual NERC Rules of Procedure Appendix 5B - Statement of Compliance Registry Criteria NERC Rules of Procedure - Section 1500 Confidential Information
11 http://www.nerc.com/page.php?cid=3|25|294‘ Certification Process Documents’
22 ERO Certification Process Manual
Appendix I: Terms and Definitions
Appendix I: Terms and DefinitionsFor purposes of this document to understand the Certification Process
Term Definition
Bucket Items Bucket 1 are issues that would prevent CT recommendation for certification; Bucket 2 are issues that
Appendix I: Terms and Definitions
Term Definition
require resolution prior to resolution; and Bucket 3 are suggestions offered to the entity to improve performance.
DaysDays as used in the Registration and Certification processes are defined as calendar days.
Electric Reliability Organization (ERO) The ERO refers to both NERC and the REs.
Functions requiring Certification
Per ROP Section 501, entities applying or which are registered to perform the function of Reliability Coordinator (RC), Balancing Authority (BA) and/or Transmission Operator (TOP) must be certified.
Functional Entity Certification
The process undertaken by the ERO to verify an entity has the tools, processes, procedures, training and personnel to perform the tasks associated with a function requiring certification such as a RC, BA, and/or TOP.
Functional Entity Certification Review12
The process undertaken by the ERO to verify an entity continues to have the tools, processes, procedures, training and personnel to perform the tasks associated with a function requiring certification such as a RC, BA, and/or TOP after the entity has experienced changes such as those listed in Appendix 5A.
Master Matrix
The spread sheet created using the VRF Matrix on NERC’s Standards link depicting those standards applicable to the specific function to be certified or reviewed due to listed changes.
Multi-Region Entity An entity applying for Certification whose facilities are located within more than one Region’s footprint.
NERC Rules of Procedure (ROP)
NERC Rules of Procedure (including all Appendixes), approved by the Federal Energy Regulatory Commission (FERC), in effect at the time of the Certification process activities.
12 The decision to certify changes to an already operating and certified Registered Entity is a collaborative decision between the affected Regional Entity(s) and NERC. NERC has the final authority regarding this decision. Items to consider for this decision are listed in Appendix 5A
24 ERO Certification Process Manual