NERC Compliance Solution


Published on

Case Study: An Independent System Operator (ISO) selects MetricStream NERC Compliance and Issue Management Solution to ensure market participants are complying with the NERC reliability standards.

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

NERC Compliance Solution

  1. 1. CASE STUDYMetricStream INDEPENDENT SYSTEM OPERATOR ACHIEVES AND ENSURES COMPLETE NERC COMPLIANCE FOR ITS MARKET PARTICIPANTS Customer The customer is a non-profit corporate entity, an Independent System Operator (ISO), which develops, enforces and monitors reliability standards and ensures compliance in the operations of the transmis- sion systems of the entire province. The ISO connects all participants - generators, transmitters, retailers, industries that use it and local distribution companies. Overseeing hundreds of power entities in the region, the ISO ensures the reli- able operation of the provincial electricity grid and acts as the reliability coordinator for the province and reports on the progress of projects underway to meet the reliability requirements of the province. Overview The power industry today goes beyond the management of a collection of power plants and transmis-Benefits sion lines.Maintaining an effective grid calls for the management of diverse but connected flows such as the flow of energy across the grid, the exchange of information about power flows and the equip- ment it moves across, the flow of fundsamong producers, marketers, transmission owners, buyersAbsolute NERC compliance: With MetricStream’s and others.efficiently formulated workflows, pre-built NERCcontent libraries, configuration of existing framework,structured organization of dataand well-defined regu- Adding to the challenges and complexity of active factors, the increasing number of regulatory de-lation relationships, the ISO is able to gain a strong mands renders another dimension to the landscape of the power industry.grip over its NERC compliance requirements andfulfill them effectively. This has helped in weeding out The province where the ISO operates, utilizes an enormous quantity of electricity a year. Ensuring theinconsistencies, duplications and disparities among availability of enough energy to meet this demand is an ongoing and highly complex process whichbusiness units as well as market participant organiza- requires the close co-ordination of all parts of the system. The ISO is at the center of it all, directingtions and led to complete NERC compliance. the flow of power across the province. This makes it mandatory for the ISO to adhere to reliability standards such as those instituted by the Northeast Power Coordinating Council (NPCC), North Ameri-Fool proof control: MetricStream Solution’s detailed can Electric Reliability Corporation (NERC), compliance requirements that impose stringent regulatoryreporting, minute compliance tracking and efficienthandling of non-compliance issues has paved the oversight and reporting needs.way to error-free control and mitigation processesat the ISO. Every incident of non-compliance is Being responsible for enforcing and monitoring reliability standards in the electricity system of thecaptured, closed and used for creating mitigation entire province, the ISO was keen on complete assured NERC compliance among all the entities andplans, further strengthening the complete control stakeholders.over compliance.With the ability to track the status,progress and outcome of control, compliance teamsat the ISO are now able to plan and ensure ongoing Challengescompliance in the organization. Ensuring compliance with NERC across a large number of participantsClear visibility into compliance and control The standards and regulatory requirementsin the power industry are increasing in number as well asactivities: The integrated single platform covering rigorousness. The ISO needs to adhere to standards and regulations set by ERO, NPCC, NERC, FERCthe entire web of the ISO’s operations, along with and Energy Policy Act (EP Act), Sarbanes Oxley Act (SOX) and much more. Ensuring a complete com-centrally stored and organized regulatory repository, pliance with NERC across a large number of market participant organizations was proving challengingprovides the ISO a unified view of the compliance and for the ISO.control activities at every level.Improved safety of confidential information: Lack of visibility into compliance levels of market participantsCentral organization of information coupled with se- With hunders of power entities to manage and the mammoth task of ensuring complete compliancecure, restricted access has resulted in improving the across the participant universe including interconnections with neighboring provinces, the ISO neededsafety of confidential data, policies and documents. to have enough visibilityin the NERC compliance levels. The absence of consolidated compliance andWhile making the relevant information available to control information was leading to inconsistencies and duplications in regulatory and business assur-every role in the ISO, MetricStream Solution has ance activities with implications on efficiency in productivity leading to dangers of catastrophes suchcontrolled the illegitimate access to confidential as blackouts.information and rooted out the possibility of data theftand system intrusions.
  2. 2. MetricStream Adhering to corporate ethics Ethics and compliance programs are integral to the creation of an informed workforce and ethi- “With MetricStream Solution, we achieve cal decision-making. Monitoring processes and providing constant access to information, training superior compliance with the multitude of employees on compliance and ethics are some essential measures to ensure effective implementation standards that we are required to follow most of governance programssuch astraining on cyber security, code of conduct, consequences of unethi-stringently, NERC being the most prominent one cal behavior, conflicts of interest, confidentiality of information and reporting violations and otheramong these. With advanced functionalities and programs that lead to better business practices and compliance with regulations.Creating a culture of robust architecture, MetricStream’s platform is compliance and maintaining a high level of integrity among employees are some of the challenges for capable of completely supporting our complex the ISO. NERC compliance frameworks, documentation workflows, and steep reporting demands,” Need to consolidate compliance requirements - says the spokesperson of the ISO Adopting a more sophisticated way to streamline and automate implementation and monitoring of standards and annual compliance reporting schedules for NERC standards across all components - market participants, business units, standards authority, Core Reliability Standards Team, Extended Reliability Compliance Team, Compliance Enforcement Teamand the management – was becoming imperative for the efficiency of the ISO. SolutionMetricStream Solution is used by both inter- The ISO needed to streamline and automate implementation and monitoring of multiple compliancenal users of the ISO as well as the market requirements including NERC and NPCC and was looking at a solution for integrating standards and itsparticipants. requirements, capturing reporting from various market participant organizations across the province, ensuring compliance to those standards, and reporting compliance status to the standards authority.The solution helps internal users: • Create, schedule and manage self-certifi On scrutinizing various options, the ISO selected MetricStream’s integrated NERC compliance and cation based on the IRCP schedule policy management solution along with, issue management and policy management (content manage- • Manage escalation process for self- ment) solutions. The solution is a comprehensive, Web-based application based on MetricStream GRC certification Platform and designed to collate and manage vast amounts of regulatory information. The solution • Conduct and record gap analysis for provides advanced reporting capabilities and complete workflow automation to allow the organization market rules to track and monitor compliance with regulations following prescribed schedules. • Conduct and record gap analysis for compliance evidences MetricStream Solution supports the ISO’s organizational model across all the business units, power • Request, submit and ratify mitigation entities and departments, as well as their mapping to different roles and reporting relationships. plans The portal views are based on the users’ profiles and organizational mapping. The solution helps the • Manage and document NERC, NPCC and compliance teams to track and report over a thousand standards and requirements for hundreds of OCEP library which includes standards, participants in the energy market in the province. requirements and more It facilitates report generation including Periodic Status Reports, Mitigation Status Reports,ComplianceThe ISO’s market participants use Metric- Self CertificationReportsand any other ad hoc or customized reports.Stream Solution to create and submit: • Self-certifications to indicate their compli MetricStream Solution extensively utilizes email as a mechanism for delivering event-based notifica- ance status tions, assignments, alerts, and escalations to relevant personnel to ensure timely completion of tasks. • Self-reporting of non-compliance • Submit mitigation plan and report the NERC Compliance Management status of fulfillment of the mitigation plan MetricStream NERC Compliance Management Solution includes pre-populated NERC standards, pre- built NERC content libraries, configurable compliance framework,requirements, and controls. The solu- tion continuously monitors and captures any regulatory alert on these standards when the standards authority approves a reliability standard which can be new, revised or withdrawn. Email notifications and alerts are triggered automatically to initiate appropriate actions and stakeholders, market partici- pants, business units are informed of approved standards. MetricStream configured the solution to map the ISO’s NERC, NPCC and OCEP-compliance needs. Existing Forms and associated workflows were configured to facilitate the self-certification and self- reporting process of market participants. The solution maintains a central library of all portfolios (CIP, BAL and others), standards (CIP 001 – 009) and requirements in a hierarchical tree structure for users to access and reuse.
  3. 3. MetricStream Market participants have two roles: ‘Delegates’ who are responsible for completing self-certifications,Why MetricStream self-reporting and submit or track mitigation plans and ‘Managers’ who are notified about interactions between the ‘Delegates’ and the ISO and also act as the escalation points for the market participants.With advanced functionalities and easy-to-use ‘Delegatees’ can attach mitigation plans as part of their self-certification and reporting.interface, MetricStream GRC Platform is capable ofcompletely supporting the ISO’s required compliance Using the automated workflow, the Core Reliability Standards Team at the ISO coordinates allframeworks, control and documentation workflows activities related to reliability standards including reporting compliance status for NERC and NPCCand reporting demands. standards to NPCC, working with market participants and internal subject matter experts to recordMetricStream Solution includes pre-built NERC compliance evidence and monitor mitigation plans in cases of non-compliance.content libraries and ability to configure the existingcomplex compliance framework of the ISO. The documented NERC standards are continuously monitored for compliance. If market participants or internal subject matter experts discover that they are not compliant witha reliability standard, theyMetricStream has extensive experience and expertise immediately self-report to the ISO using the common platform. Any gaps identified during assess-in understanding NERC compliance requirements oflarge power companies. MetricStream’s knowledge ment are captured and tracked to closure. The solution also allows users to search for specific NERCof the industry and its best practices was perceived requirements based on user-defined search parameters, including wild-card a huge plus point by the ISO. Market participants are responsible for compliance to reliability standards that relate to their functionMetricStream has the ability to support large organi- on the bulk power system. The solution allows the participants to self-certify directly, through thezations and meet their IT requirements in the areas of Reliability Compliance Program. The market participants can report compliance status to the ISO,integration, configurability, scalability and security. provide evidence of compliance when requested, and achieve compliant status through a mitigation plan in cases of non-compliance. Issue Management The solution supports identification and evaluation of issues as well as case investigation and track- ing, leading to an elaborate remediation or corrective action process. Using the solution, the Compli- ance Enforcement Team coordinates corrective measures in cases of non-compliance, and ratifies the mitigation plans proposed by market participants and business units. MetricStream Solution enables the ISO to identify and resolve documentation discrepancies, gaps, coding errors and other issues that might lead to non-compliance with applicable regulations. The sys- tem assigns a unique ID to each issue, making it easy to track it from one stage to the next. Detailed information about each issue is provided and issues are categorized based on predefined criteria. Action owners are assigned for particular issues related to regulatory compliance. Failure investiga- tions are also conducted to determine the root cause of the issue. The investigation is conducted using collaborative workflows and investigative tasks are assigned to appropriate personnel. The system sends automatic alerts and notifications to the appropriate personnel for remedial action. When a corrective action is initiated, the case closes only after the action plan is carried out. Policy and ProcedureManagement (Document Management) MetricStream Solution provides a central repository to store and organize documents. Integrated col- laboration and workflow tools can be used to access, create, modify, review, and approve documents globally in a controlled manner. The solution ensures secure document access with centrally managed policy-driven controls. Rights to view, modify, distribute, or print are granted based on roles and user groups. Distribution lists are defined for a document category and check-in and check-out logs are maintained. MetricStream Solution helps various teams and business units in the ISO, market participants and management to complete a wide range of tasks and activities such as: assign subject matter experts; conduct gap analysis; record gaps;develop and submit Compliance Certification Form,Compliance Reporting Schedules; request compliance information;record Compliance EvidenceReport and compliance status;collect and record Compliance Certifications; report compliance status;request, submit, record and ratify mitigation plan; submit Periodic Status Reports;record Mitigation Status Reports;review mitigation progress.
  4. 4. For more information, visitwww.metricstream.comCopyright 2011. All Rights Reserved.