The Energy Policy Act of 2005 (EPAct '05) has changed the landscape of regulatory compliance, expanding FERC's enforcement purview over traditional NERC reliability activities and providing an extended review of market behavior. Along with this expanded authority, EPAct "05 also provides FERC with the authority to impose significant penalties for non-compliance. A number of organizations have been left in the wake of this legislation trying to understand new compliance requirements and realizing the development of a robust compliance program is only the beginning.
Your Valuable Partner Through the Entire Compliance Life Cycle
A comprehensive approach to FERC and NERC compliance instills a culture of compliance in your company and gives management the confidence that their organization’s documentation, processes, procedures, software, and actions are in compliance with applicable regulations and mandatory reliability standards.
The Structure Group's comprehensive compliance program provides the keys to mitigating FERC and NERC compliance risk through assessments of both functional and operational compliance. Our experience in helping clients successfully manage their compliance needs has provided our consulting team with a deep understanding of how regulatory compliance requirements impact business processes and technology.
Regulatory Compliance
Structure's approach to regulatory compliance focuses on ensuring that your organization's documentation, reporting activities and compliance efforts are consistent with FERC rules and regulations. Structure can assist with compliance program development, tariff compliance, organizational design and compliance training, business process definition and documentation, and software certification.
Services include:
- Document existing compliance activities
- Provide industry standards gap assessment
- Define organizational structure
- Define universe of controlling regulation and establish relationships of documentation
- Business process definition and documentation
- Documentation of software functionality
- Mapping of software to controlling documentation requirements
- Management of regression testing and independent validation of testing results
- Communications and training
Reliability Compliance
Structure's extensive experience and seasoned professionals can help your organization navigate through certification activities, prepare properly for audits, and implement an ongoing reliability compliance program. We will assist with the identification of all applicable NERC and Regional standards and perform all appropriate gap analyses. We also help you identify the necessary improvements in personnel training, processes, procedures and software tools necessary to perform functional responsibilities and meet requirements. Structure can then assist with development and implementation of all identified improvements, including the preparation of personnel for certification interviews and audits, and the preparation of supporting documentation.
Services include:
- Reliability standards compliance and training
- Reliability audit preparation and support
- NERC certification support
Comprehensive NERC CIP Readiness Programs
Under pressure from Congress and FERC, NERC started development of standards to reduce the risk to the reliability of the bulk electric systems from any compromise to critical cyber assets. There will now be eight new standards (CIP-002 through CIP-009) aimed at reducing the risk of the reliability of the bulk power system due to the compromise of cyber critical assets. These standards cover a wide range of areas including the identification of critical assets, definition and implementation of security policies, training of personnel, system security management, reporting of incidents, etc.
The Structure Group can provide your organization with a comprehensive NERC CIP readiness and compliance programs that will meet or exceed all regulatory requirements. We will Identify critical cyber assets within critical physical assets, and will help you develop a complete NERC CIP Cyber Security Policy and Procedures Program, including:
- Identification / documentation of exceptions to policy development/ implementation of compensating measures
- Development / implementation of change control and configuration management
- Development of NERC CIP training material
- Identification / document / development / implementation of electronic security perimeter
- Development / implementation of electronic security perimeter monitoring
- Implementation of third-party software solutions to collect appropriate electronic logs
- Development / implementation of testing procedures
- Development / implementation of security patch management
For more information on our complete range of consulting and training services for NERC / FERC compliance, email Sean Donoghue at sean.donoghue@thestructuregroup.com.