Compliance Monitoring
Compliance monitoring is accomplished through several compliance monitoring methods: Audits, Spot Checks, Self-Certifications, Compliance Investigations, Self-Reports, Periodic Data Submittals, and Complaints
Multi-Region Registered Entities (MRRE) are subject to monitoring based on collaboration between the Lead Regional Entity (LRE) and the Affected Regional Entity (ARE). More information can be found on the Coordinated Oversight (MRRE)
Explore Compliance Pages
Coordinated Oversight
Technical Feasibility Exception
Risk Management
Risk Awareness & Oversight
Assessment & Self-Report
Enforcement
Registration & Certification
Risk-Based Compliance Monitoring Tailored to Reliability Needs
With the implementation of the Risk-based Compliance Monitoring and Enforcement Program (https://www.nerc.com/pa/comp/Pages/Reliability-Assurance-Initiative.aspx), SERC determines the type and frequency of the compliance monitoring tools (i.e., off-site or on-site audits, spot checks or self-certifications) that are warranted for a particular registered entity based on reliability risks. The determination of the appropriate CMEP tools will be adjusted, as needed, within a given implementation year.
The Compliance Oversight Plan (COP)
tailors compliance monitoring activities, such as Compliance Audits, Spot Checks, and Self-Certifications, based on entity-specific risks and associated NERC Reliability Standards. The COP is dynamic, which will require updating from time to time, as it identifies and prioritizes risks considering risk mitigation activities, such as an entity’s internal controls, and determines the interval of monitoring and depth of testing. The COP considers Risk Elements, IRA results, and other risk inputs and regional considerations. Considerations may include, but are not limited to, the following:
Additional documents about the annual Compliance Monitoring program, including the SERC Annual Implementation Plan and Filing Due Dates matrix, are listed in the Documents section.
Regional Risk Elements identified by the Compliance Enforcement Authority (CEA)
Regional Risk Assessments conducted by the CEA
NERC Reliability Issues Steering Committee (RISC)
Event Analysis
NERC Alerts
Evaluations of internal controls and mitigating activities
Additional qualitative and performance related factors (e.g. compliance history)
COMPLAINT
A Complaint is an allegation that a registered entity has violated a Reliability Standard. A Complaint can be submitted directly to NERC and will be shared with SERC if it involves a registered entity in the SERC Region. If such a Complaint is made, SERC is notified and must determine whether there is sufficient basis for a Compliance Monitoring and Enforcement Program (CMEP) activity.
To submit a Complaint, the complainant can complete the NERC Complaint form (nerc.net/hotline/), call the NERC Complaint hotline at 866-888-0451, or by send an email directly to hotline@nerc.net
The Compliance Oversight Plan (COP)
A Compliance Audit is a systematic, objective review and examination of records and activities to determine whether a registered entity meets the requirements of applicable Reliability Standards.
According to the NERC Rules of Procedure, registered entities that are subject to a Compliance Audit, on-site or off-site, will receive notice at least 90 days in advance of the audit. The notice explains the compliance monitoring period for the audit, provide a list of the requirements that will be included in scope, and list any initial Requests for Information (RFIs) that must be submitted to SERC in advance of the audit.
Compliance Investigation
A Compliance Investigation is a comprehensive investigation to determine if a violation of a Reliability Standard has occurred. The investigation may include an on-site visit and interviews of the appropriate personnel. A Compliance Investigation is usually initiated by a system disturbance, Bulk Electric System Event, Complaint, or a registered entity’s Periodic Reporting. However, a Compliance Investigation may be initiated at any time and at the discretion of the Compliance Enforcement Authority. The scope of a Compliance Investigation is generally limited to Reliability Standards that are reasonably associated with the issue. Compliance Investigations are usually led by the SERC Compliance staff; however, FERC and NERC have the right to assume the leadership of a Compliance Investigation.
Periodic Data Submittal
Periodic Data Submittals are models, studies, analyses, documents, procedures, methodologies, operating data, process information, or other information to demonstrate compliance with Reliability Standards. Registered entities provide these submittals to the Compliance Enforcement Authority within a time frame required by a Reliability Standard or on an ad-hoc basis. The submission of the Periodic Data Submittals take place in NERC Align. For access to NERC Align, please see “User Access Guide.” For any technical issues, please submit a NERC Footprint ticket. If a registered entity identifies the need to submit information or data related to a data submittal request, they must upload the applicable forms with data via Align and the ERO Secure Evidence Locker (SEL). For the NERC RE User Guide.
For ERO Enterprise Periodic Data Submittal Schedule, please refer to NERC website.
For SERC’s Periodic Data Submittal Schedule, please CLICK HERE.
Self-Certification
Registered entities submit Self-Certifications to SERC using the Align Self-Certification Form in NERC Align. SERC requires registered entities to self-certify to Reliability Standards and Requirements that SERC and NERC identify as “Risk Areas.” SERC may request additional documents, data, and information, if necessary. For access to NERC Align, please see “User Access Guide”
A Guided Self-Certification could focus on certain requirements in the monitoring scope, and evidence is required to be submitted via the ERO Secure Evidence Locker (SEL). For any technical issues, please submit a NERC Footprint ticket.
A Self-Certification is an attestation from a registered entity that states any of the following:
The registered entity is compliant or noncompliant with a Reliability Standard Requirement that is the subject of the Self-Certification.
The registered entity does not own facilities that are subject to the Reliability Standard Requirement.
The Reliability Standard Requirement is not applicable to the registered entity.
Self-Report
A Self-Report is a report by a registered entity stating that it believes it has violated, or may have violated, a Reliability Standard. Additional information related to Self-Reports is provided on the Self-Report and Mitigation
Spot Check
A Spot Check is a process in which the Compliance Enforcement Authority requests a registered entity to provide information for these reasons:
To support the registered entity’s Self-Certification, Self-Report, or Periodic Data Submittal and to assess whether the registered entity complies with Reliability Standards
As a random check
In response to operating problems or system events
Documents
CIP Evidence Request Tool User Guide v9
CIP Evidence Request Tool v9
CIP Evidence Request Tool v9 Changes
CIP Evidence Request Tool User Guide v9_2025
CIP Self Cert Evidence Request Tool Master v9
SCW-CIP-002-5.1a
SCW-CIP-003-6
SCW-CIP-008-6
SCW-CIP-013-2
Self-Certifications Overview & Instructions-2025
Quick Links
NERC's One Stop Shop
NERC Compliance Monitoring and Enforcement Program
See Appendix 4C - Rules of Procedure in Effect
ERO CMEP Implementation Plan
Sign Up For Our Newsletter
Zoombombning operakrati perosmos retronym postvalens antropofili ontotion ifall vobba primagraf endotris, operaosmos i antition
