AICPA SOC Service Organizations - Certrec

No Compliance Issues Identified for Leading GO/GOP During NERC CIP & Operator Standards Audit

CERTREC’S Office of NERC Compliance Identifies Areas for Improvement and Potential Regulatory Vulnerabilities

Ft. Worth, TX (PRWEB) September 26, 2011 — Certrec, a leading regulatory and compliance solutions provider, announced today that a southwest generation owner/operator and Certrec customer experienced a successful NERC CIP and Standards audit with no compliance deficiencies identified. 

“NERC pre-audit assessments allow generator operators and owners to understand the potential for violating a compliance requirement and the risk of such violations,” says Bob Biggs, Certrec’s Manager of NERC Regulatory Services. “Readiness assessments can estimate the probability of violation, likely type of violation and expected severity to determine the enterprise-wide risk of noncompliance.” 

To ready itself for a Regional Entity audit of both its Cyber Security (CIP) program and applicable NERC Generator Owner and Operator Standards and Requirements, a leading provider of renewable energy enlisted Certrec’s Office of NERC Compliance experts to: 

  • Conduct a gap analysis in preparation for an upcoming audit 
  • Ensure the RBAM (Risk Based Assessment Methodology) update met current regulatory expectations • Identify areas for improvement and potential regulatory vulnerabilities 
  • Develop any NERC self-reports and supporting mitigation plans 
  • Update all compliance procedures and policies to ensure that NERC Compliance Application Notices (CANs) and industry lessons learned have been incorporated and that any organizational specifics are addressed • Prepare all Reliability Standard Audit Worksheets(RSAWs) and catalog all supporting information • Transmit pre-audit information (RSAWs, evidence, pre-audit surveys, and compliance program description) to the Regional Entity 
  • Prepare responses to Regional Entity Requests for Information (RFI) prior to and during the audit

“Understanding the metrics against which a regulatory compliance program will be held and having a common language for communicating about the existing and desired state is critical,” says Certrec President, Ted Enos. “By having this foundation, the Regional Entities were provided with necessary Cyber Security (CIP) and Generator Owner and Operator Standards, Requirements, and documentation by our client.” 

Success! No Compliance Issues Identified 

“Additionally,” continues Enos, “Certrec was able to directly support the management onsite in response to regulator requests during the audit. From our twenty plus years of experience handling audits and auditors, we were able to quickly prepare our client so that information was easy to articulate during the audit and appropriate to the request – providing the precise level of detail needed. Our client was pleased with the level of support Certrec provided and excited that no compliance issues were identified.” 

The Office of NERC Compliance (ONC) is the utility industry’s first, comprehensive NERC compliance, audit, and monitoring solution for Registered Entities. Certrec’s Office of NERC Compliance (ONC) helps compliance managers to manage the impact of the NERC regulatory process, manage communication with multiple regulators, and maintain NERC compliance. 


About Certrec:
Certrec is a leading provider of regulatory compliance solutions for the energy industry with the mission of helping ensure a stable, reliable, bulk electric supply. Since 1988, Certrec’s SaaS applications and consulting know-how have helped hundreds of power-generating facilities manage their regulatory compliance and reduce their risks.

Certrec’s engineers and business teams bring a cumulative 1,500 years of working experience in regulatory areas of compliance, engineering, and operations, including nuclear, fossil, solar, wind facilities, and other Registered Entities generation and transmission.

Certrec has helped more than 120 generating facilities establish and maintain NERC Compliance Programs. We manage the entire NERC compliance program for 60+ registered entities in the US and Canada that trust us to decrease their regulatory and reputational risk. Certrec is ISO/IEC 27001:2022 certified and has successfully completed annual SOC 2 Type 2 examinations.

For press and media inquiries, please contact