SERC

Compliance Assessment & Self-Report

A Compliance Assessment (CA) is used to determine if a failure to comply with a NERC Reliability Standard precipitated or exacerbated an Event.[1] Events are defined in two categories:

Qualifying Events are categorized in the Electric Reliability Organization (ERO) Events Analysis Procedure (EAP).

Non-Qualifying Events are not categorized in the EAP (i.e., Category 0).

The CA is designed to be commensurate with the Event’s impact on the Bulk Electric System (BES).

Assessment & Self-Report

Coordinated Oversight

Technical Feasibility Exception

Risk Management

Risk Awareness & Oversight

Enforcement

Registration & Certification

Event Review and Compliance Assessment

SERC usually receives notice of an Event when a SERC registered entity submits documentation. Occasionally, SERC receives reports from other sources. For example, SERC is the Compliance Enforcement Authority for some registered entities outside SERC’s footprint. If an Event occurs within these registered entities’ footprints, SERC must rely on inter-regional communications to be informed.

SERC Events Analysis determines the what, why, and how of an Event without consideration of compliance. The SERC Events Analysis group collaborates with the registered entity to determine the probable (or root) cause of the Event and develops any final documentation. If this documentation provides sufficient detail, the CA may be able to determine if the Event involved a noncompliance of NERC Reliability Standards.

If additional information is required, SERC contacts the registered entity directly. Regardless of whether a registered entity performs an internal CA (self-assessment), the SERC CA team reviews all Events for compliance with NERC Reliability Standards. If a valid basis exists, and the CA team suspects that a noncompliance occurred, the team notifies SERC’s Compliance Monitoring team. If appropriate, Compliance Monitoring initiates another means consistent with the NERC Rules of Procedure to evaluate any possible noncompliance.

[1] For the purpose of this article, “Event” means “something noteworthy or out of the ordinary.

Self-Report and Mitigation

Self-Reporting is a characteristic of an effective Internal Compliance Program and can demonstrate effective internal controls. Prompt mitigation decreases any increased risk to reliability caused by the noncompliance. Both Self-Reporting and prompt mitigation are considered when SERC staff determines the appropriate disposition method, and any sanction or penalty for those that become a violation.

Refer to the NERC Rules of Procedure web page on the right-hand side, Appendix 4C – Compliance Monitoring and Enforcement Program, section 6.0

Non-Compliance Reporting and Mitigation Checklist For Entities

A key element of noncompliance processing is an accurate evaluation of the risk a noncompliance poses to the Bulk Power System (BPS). To do this, it is important for SERC staff to have sufficient information related to an identified noncompliance as early as possible in the process. Entities should submit noncompliance information in the initial Self-Report, Self-Log, Self-Certification or Finding Update in Align. Taking care to submit sufficient information reduces the need for SERC staff to issue a Request for Information, which delays the process.

So, what is sufficient information? How do you know if you have included everything necessary? To assist entities with this task, SERC’s Risk Assessment and Mitigation (RAM) team created a Noncompliance Reporting and Mitigation Checklist Entities should use the checklist when drafting reports of noncompliance and corresponding mitigation activities. The checklist is intended as an easy-to-use reference document for entities, and a companion document to the NERC Registered Entity Self-Report and Mitigation Plan User Guide.

Prior to the submission of any findings, the Registered Entity should contact its Single Point-of Contact (SPOC) to discuss the noncompliance. The SPOC will review finding and mitigation drafts and provide feedback prior to the Registered Entity’s submission to reduce the need for RFIs and enhance the efficiency in the filing process. If the Registered Entity does not know who its SPOC is, the Registered Entity should email SERCComply@serc1.org to request that the SPOC contact the Registered Entity.

Self-Reports

A Self-Report is a report by a registered entity stating that the registered entity believes it has, or may have, a noncompliance of a NERC Reliability Standard.  The ERO Registered Entity Self-Report and Mitigation Plan User Guide provides guidance to assist registered entities with the submission of Self‐Reports. This User Guide explains the information necessary for NERC and the Regional Entities to provide efficient and timely resolution of instances of a potential noncompliance.

Once a registered entity has identified an instance of potential noncompliance, the registered entity’s actions can be as important as the facts that led to the potential noncompliance. Prompt detection is the first step. After detection, the registered entity must complete these critical steps to resolve any instance of noncompliance: prompt cessation, correction, and reporting. Most importantly, a registered entity must mitigate any potential or actual risk to the reliability of the Bulk Power System as quickly as possible. Self-Reports will be submitted through Align. For more information on Align, visit https://training.nerc.net

To file a Finding Update for additional instances related to an existing Self-Report or Audit Finding in Align, please click here  for a tutorial (see video #6) on how to submit this activity in Align. If you have any questions, please contact your RAM single-point-of-contact or email SERCComply@serc1.org  to discuss.

A Self-Certification is an attestation from a registered entity that states any of the following:

Additional instances of the same noncompliance are discovered during an extent of condition review of the original Self-Report or Audit Finding.

Cause of the additional instances discovered are the same or very close to those determined for the original Self-Report or Audit Finding.

Mitigating activities for the additional instances discovered are the same or very close to those determined for the original Self-Report or Audit Finding.

Non-Compliance Reporting and Mitigation Checklist For Entities

A Mitigating Activities record is an action plan with milestones developed by the registered entity to:

Correct a noncompliance of a NERC Reliability Standard

Prevent reoccurrence of the noncompliance.  Mitigating activities are actions taken by a registered entity to correct and prevent recurrence of noncompliance.

Registered entities are encouraged to submit to the Compliance Enforcement Authority (CEA) a proposed Mitigating Activities record with milestones to correct the noncompliance during the submission of a Self-Report or as soon as possible following the identification of an Audit Finding.  During the review of these milestones, the CEA will determine if it is necessary to create a Mitigation Plan record and advise the entity to resubmit as such.

The ERO Registered Entity Self-Report and Mitigation Plan User Guide (https://www.serc1.org/docs/default-source/program-areas/compliance-enforcement/entity-assessment-mitigation/self-report-and-mitigation-plan/registered-entity-self-report-and-mitigation-plan.pdf?sfvrsn=795ecf59_2) provides guidelines and steps to develop Mitigating Activities according to Appendix 4C. This Guide will help the registered entity develop a plan to identify and correct the original possible noncompliance and include steps to prevent future occurrence of similar issues.

Minimal and moderate risk noncompliance issues may be eligible for processing as a Compliance Exception (CE) (minimal risk) or Find, Fix, and Track (FFT) (moderate risk or repeat minimal risk) regardless of the discovery method.  In determining that a noncompliance issue is eligible, SERC considers whether the mitigation milestone activities performed or planned are appropriate to resolve the noncompliance and prevent recurrence. All mitigation milestone activities must be completed within 12 months of the entity receiving the notification of compliance exception treatment or FFT opt out notice. When SERC determines that an issue will be treated as a CE or FFT, information regarding the issue is provided to NERC and FERC.

For guidance on the submission of a Mitigating Activities record, please click here  for a tutorial (see video #6) on how to submit this activity in Align.

For guidance with Align, refer to the NERC training materials 

Documents

NERC Registered Entity Self-Report and Mitigation Plan

Noncompliance Reporting and Mitigation Checklist

Sign Up For Our Newsletter

Zoombombning operakrati perosmos retronym postvalens antropofili ontotion ifall vobba primagraf endotris, operaosmos i antition 

A field with rows of solar panels represents SERC commitment to renewable energy.
The owner of this website has made a commitment to accessibility and inclusion, please report any problems that you encounter using the contact form on this website. This site uses the WP ADA Compliance Check plugin to enhance accessibility.