NERC Compliance Could be Tougher in 2011
As one year winds down, let’s peer ahead to see what compliance “surprises” could come from our friends at NERC in 2011 and beyond.
We all know there are no guarantees that there won’t be any “surprises” next year or beyond. What we, as an industry, do know is that there is going to be a new version of the CIP requirements that will cause most, if not all, registered entities to become a low, medium or high impact critical asset. This change will require registered entities to prepare new policies and procedures as well as implement a series of fail-safes to protect the facility from a physical and/or logical intrusion.
Beyond the revised CIP requirements on tap, there is no telling what the compliance future holds in store for us. This past year there have been multiple NERC Alerts issued that would have affected a majority of the registered entities to some extent.
Then there was AURORA, a big NERC Alert that did affect the current status of many registered entities. As you may know, this alert was issued in October and gave registered entities only a few weeks to respond to NERC.
Next year may have a similar number of Alerts issued, there is no way to determine what may or may not affect you until the Alerts or directives are issued either by your region, NERC or even FERC. One way to stave off any unforeseen expenses, including some of the ones registered entities incurred this year, is to outsource all of your NERC compliance efforts for a fixed fee via a Master Services Agreement (MSA) to either an internal corporate division or to a competent consulting firm. In either case, whomever you outsource your compliance efforts to must be fully adept at both CIP and Reliability Standards. This outsourcing could, in effect, negate any unforeseen expenses for consulting and other initiatives since all NERC Alerts, etc. would be covered.
In addition to helping you prepare for and handle a prospective audit, your consultants should also be responsible for keeping you compliant at all times, filing the appropriate self certifications, self reports, updating all policies and procedures to reflect any changes that may occur and also to address all NERC Alerts and new requirements that affect you.
James Holler is founder of Abidance Consulting.