NERC Is Getting Serious About Financial Penalties
As is evident by the latest round of financial penalties (February 23, 2011) from NERC, the time for forgiveness is over. $1,145,500 in financial penalties were handed down to 24 organizations according the latest statistics — and none were zero dollar fines.
With penalties ranging from $3,000 all the way up to a whopping $450,000, and with the average penalty at just under $48,000, now is the time to ensure that your NERC compliance program is tightened down.
In the past, we have stressed the importance of training your staff; testing your various procedures as well as maintenance programs for completeness and accuracy; and, using different methods and methodologies to ensure your NERC compliance program is complete and ready to be audited by your Regional Entity and/or NERC at a moment’s notice.
So, with that said, let’s go back over a check-list of the areas that you will need to ensure are addressed in order to keep from having your organization’s name listed on the NERC Enforcement Actions Web page.
The following list is in no particular order, so don’t think you need to follow this in chronological order.
- Internal Compliance Program (FERC Required — FERC released a guidance document on this back in 2008 — use it!)
- Pandemic (Critical Assets Only — Use the CIKR documentation on the DHS website as guidance)
- Facility Ratings Methodology (it better be more than one or two pages — ours average 39 pages)
- Maintenance and Testing programs for PRC-005 (don’t forget to include the basis for your testing AND the intervals — if in doubt, use the ANSI or IEEE standards as your basis)
- CIP-001 training for your staff (having your staff sign a piece of paper that they may or may not have read isn’t going to cut it, use a real training program)
This is a partial list of what needs to be addressed so that you don’t become a statistic. As I stress to our clients, don’t overlook anything. If in doubt, ask someone who knows what they are doing and preferably someone who has been down the audit path before. Always remember, just because you passed your last audit, doesn’t mean you are going to pass your next one. Stay alert, stay focused and above all, stay calm, it’s not as bad as it seems.
James Holler is founder of Abidance Consulting.