AICPA SOC Service Organizations - Certrec

NERC Common Questions and Answers

NERC Common Questions and Answers - Opt - Certrec
What is the difference between FERC and NERC?

The Federal Energy Regulatory Commission (FERC) is a federal agency that regulates the interstate transmission of electricity, natural gas, and oil. FERC oversees NERC in the United States, as do provincial governments in Canada.

To whom do FERC and NERC apply?

NERC is the Electric Reliability Organization (ERO) for North America, subject to oversight by the FERC and governmental authorities in Canada. NERC’s jurisdiction includes users, owners, and operators of the bulk power system, which serves nearly 400 million people.

When did NERC standards become mandatory?

From June 18, 2007, compliance with approved NERC Reliability Standards became mandatory and enforceable in the United States.

Why is NERC certification important?

NERC certification is important because it ensures that individuals and entities responsible for the reliability and security of the bulk power system have the necessary knowledge and skills. In addition, it demonstrates an organization’s commitment to maintaining the reliability and security of the power grid.

What type of legal structure does NERC have?

NERC operates as a not-for-profit corporation and is classified as a 501(c)(6) organization under the United States Internal Revenue Code.

What are NERC reliability standards?

NERC Reliability Standards define the reliability requirements for planning and operating the North American bulk power system and are developed using a results-based approach that focuses on performance, risk management, and entity capabilities.

How many NERC reliability standards are there?

NERC enforces approximately 100 standards across 14 different disciplines. Enacting and following requirements, as well as proving compliance with these standards, requires a team of people. Examples of commonly known standards include the 12 NERC CIP standards and the NERC 693 standards such as FAC-008, PRC-005, and MOD-025.

What are the NERC 693 standards?

The NERC 693 reliability standards define the reliability requirements for planning and operating the North American bulk power system. NERC 693 standards govern all stages of the energy process from generation to distribution to transmission.

What is NERC CIP-014?

The NERC CIP-014 reliability standard is for the protection of electrical facilities from physical attacks that could threaten the stability and operation of the electric grid distribution system.

What is NERC CIP-004?

The purpose of this standard is to mitigate the potential risks associated with unauthorized access to Bulk Electric System (BES) Cyber Systems, which may result in operational disruptions or instability within the BES. To achieve this objective, the standard mandates the implementation of personnel risk assessment, comprehensive training, and robust security awareness measures. These requirements are designed to safeguard BES Cyber Systems and uphold their protection.

Who must comply with NERC CIP?

All bulk power system owners, operators, and users must comply with NERC-approved Reliability Standards. These entities are required to register with NERC through the appropriate Regional Entity of which there are six.

What is a NERC registered entity?

Organizations that are registered and included on the NERC Compliance Registry (NCR) are responsible for complying with all applicable Reliability Standards. Registered Entities are not and cannot become members of the NERC or any Regional Entity.

What is the maximum fine that NERC can impose on a NERC-registered entity?

In the United States, the maximum penalty amount that the NERC or a Regional Entity will assess for a violation of a Reliability Standard Requirement is

$1,000,000 per day per violation.

How long does it take to get NERC certified?

The certification process shall be completed within nine months of the application acceptance date unless otherwise agreed by all parties involved in the process and approved by NERC.

What is the 15-minute rule for NERC CIP?

As stated by NERC in the current set of CIP standards and NERC’s Glossary of Terms, BES Cyber Assets perform real-time functions of monitoring or controlling the BES and would affect the reliable operation of the BES within 15 minutes of being impaired.

What is the threshold for NERC compliance?

The threshold for NERC registration is 75 megawatts. NERC registration requirements are in the rules of procedure. Essentially, if a facility is 75 megawatts or greater, it has to register with NERC.

However, in 2023, there are potential strategies that NERC is looking at, which could force all Inverter Based Resource owners, called GO-IBRs, to   register with NERC even if they produce 20 MVA or more. This will mean many more power generators attached to the grid will have to register with  NERC.

See Owners.aspx

What alert was issued by NERC in March 2023?

In March 2023, NERC issued the Inverter-Based Resource Performance Issues Alert, which has been distributed to Generator Owners (GOs) of BES solar photovoltaic (PV) generating resources. This alert came after NERC analyzed multiple large-scale disturbances involving widespread loss of IBRs, which resulted in abnormal performance across several BES solar PV generating resources. These resources have exhibited systemic performance issues that could lead to potential widespread outages if they persist. As the penetration of BPS-connected IBRs continues to rapidly increase, it is paramount that any performance deficiencies with existing and future generating resources be addressed effectively and efficiently.

What specific actions and responses are required from entities in the issued alert?

As a Level 2 Alert, the document contains recommendations for specific actions that should be taken, and entities registered under the GO function are required to acknowledge receipt and respond to a series of questions. Responses are due by 12:00 a.m. Eastern on June 30, 2023. NERC strongly recom- mends that registered GOs also adopt the recommendations and supply data for their non-BES solar PV facilities so that NERC can more comprehensively assess potential BPS reliability risks in this area. While entities other than GOs are not required to submit a response, NERC also advises that all registered entities assess the content of the alert for applicability to their operations and incorporate recommendations where possible.