AICPA SOC Service Organizations - Certrec

Dominion Energy Virginia (DEV-NUC) Penalized $150,000 for Noncompliance

Summary of NERC Penalties









Quarter 2 - June 2024

Virginia Electric & Power Company d/b/a Dominion Energy Virginia – Nuclear (DEV-NUC)

SERC's Regulations

VAR-002-4.1 R2

Failure to notify the Transmission Operator (TOP) when it could not maintain the generator voltage schedule for 30 minutes. This involved multiple instances from 2020 to 2022 due to procedural deficiencies, ineffective monitoring controls, and data discrepancies.



Virginia Electric & Power Company d/b/a Dominion Energy Virginia – Nuclear (DEV-NUC) notified SERC that it was noncompliant with VAR-002-4.1 R2. DEV-NUC failed to notify the Transmission Operator (TOP) when it could not continuously maintain its generator voltage schedule for 30 minutes. SERC determined that this issue began under VAR-002-1 and spanned to VAR-002-4.1. On December 14, 2021, while preparing for an upcoming audit, DEV-NUC discovered multiple occasions since 2020 where both of its power stations (four total units) operated outside the assigned voltage schedule for longer than 30 minutes and no notification was made to the TOP. The TOP’s procedure requires that a Generator Owner (GO) notify both the TOP and Transmission Owner (TO) when voltage cannot be maintained within the voltage schedule continuously for 30 minutes. Additionally, the TOP’s procedure requires that the TO assign either the TOP’s default voltage schedule or an alternative voltage schedule that the GO must comply with. The TOP’s default voltage schedule for 500 kV unit is 525 +/- 8 kV and the default voltage schedule for a 230 kV unit is 235 +/- 4 kV. However, in this case, before the Standard became mandatory and enforceable, the TO assigned the following more conservative voltage schedule: for a 500 kV unit 524 +/- 4kV, and for a 230 kV unit, 232 +/- 3 kV. During its audit preparations, DEV-NUC reviewed 2020 and 2021 voltage data from its Systems Operations Center (SOC), which serves as the TO. In this review, it discovered 1,421 instances where voltage exceeded the TO’s assigned schedule for longer than 30 minutes without the proper notifications being made. The SOC data reviewed showed that for DEV-NUC’s three 500 kV units, the maximum upper exceedance was 3.76 kV, and the maximum exceedance duration was 12.9 hours. For DEV-NUC’s one 230 kV unit, the maximum upper exceedance was 4.10 kV, and the maximum exceedance duration was 164.4 hours. Both the SOC and the GO’s power station control rooms independently receive voltage readings. While verifying the SOC voltage data, DEV-NUC compared the data with each power station’s control room voltage data and discovered a discrepancy in the parameters used to monitor the voltage data in the power station control rooms. This discrepancy resulted in the GO’s control room voltage data reading approximately 1-4 kV lower than the actual voltage, which was being correctly relayed to the SOC. As a result, during the voltage schedule exceedances discovered in the 2020 and 2021 SOC data, the power station’s control room operators did not recognize they were operating outside the assigned voltage schedules. After its initial review of the 2020 and 2021 operating data, DEV-NUC continued reviewing all the 2022 and Q1 2023 voltage data from the SOC. In this extended review, DEV-NUC discovered 86 additional voltage schedule exceedances that occurred for longer than 30 minutes without the proper notifications being made. As DEV-NUC began implementing its mitigating activities, it found there was a sharp decline in these additional instances of noncompliance. Specifically, 81 of the 86 additional exceedances occurred at the beginning of 2022, 1 instance occurred in April 2022, and the remaining 4 instances occurred from October 13 through 14, 2022. DEV-NUC did not perform an additional historical review of its voltage data prior to 2020, as it was focused on correcting and mitigating the noncompliance moving forward. However, since the TO’s voltage schedules had not changed for the generating units since the standard’s effective date of June 18, 2007, there was a historical parameter that incorrectly reported the voltage data to the power stations’ control room, there was a lack of controls for maintaining voltage within the voltage schedule, and there was a lack of procedural guidance informing personnel of the requirement to notify the TOP, it was conservatively concluded that the noncompliance began when the standard and requirement first became mandatory and enforceable.

Additional Discussion:


The causes of the noncompliance were deficient procedural guidance for the control room operators and deficient voltage monitoring controls. DEV-NUC’s procedural guidance included directions to notify the TO (the SOC) but did not include guidance to notify the TOP when operating outside the voltage schedule for longer than 30 minutes. Additionally, there were ineffective voltage monitoring controls because not only was there not a control to alert the operators when the voltage exceeded the TO’s set voltage schedule, but the degradation in the analog signal carrying the voltage data over a long distance back to each power station’s control room caused the voltage data to read approximately 1-4 kV lower than the actual voltage. Thus, the power station control rooms were monitoring inaccurate voltage data. This noncompliance started on June 18, 2007, when the standard became mandatory and enforceable and DEV-NUC failed to notify the TOP of voltage schedule exceedances lasting longer than 30 minutes, and ended on October 14, 2022, when DEV-NUC last operated outside the assigned voltage schedule for longer than 30 minutes without making the required notifications.


The civil penalty of $150,000 was determined after consideration of the following:

  • SERC considered DEV-NUC’s compliance history and determined there were no relevant instances of noncompliance.
  • SERC reviewed DEV-NUC’s internal compliance program (ICP) and considered it to be a neutral factor in the penalty determination. DEV-NUC, as a Dominion Energy Virginia (DEV) registered entity, has a compliance document that follows guidance provided in the DEV corporate NERC ICP. The DEV ICP covers topics from internal controls, self-assessments, and tools for addressing root cause analysis and extent-of-condition. Although DEV-NUC’s document mentions performance of self-assessments, the actionable requirements for personnel to perform the self-assessment were not clearly defined or owned by responsible groups with adequate dedicated resources. Self-assessments are an important control to help reduce risks to the BPS as they provide a method for reducing the potential duration of a noncompliance and allow for prompt mitigation. However, in this instance, no periodic assessment was conducted for DEV-NUC’s VAR-002 compliance, which resulted in a lengthy duration. As a result, SERC determined that the ICP was not a mitigating factor in the penalty determination. SERC encourages DEV-NUC to review the implementation of self-assessments for its other mandatory compliance requirements as a way to help identify other long-standing historical deficiencies and ensure the controls outlined in the ICP are functioning as intended.
  • DEV-NUC did not receive mitigating credit for self-reporting because the self-report was submitted after receiving notice of an upcoming Compliance Audit.

About Certrec:
Certrec is a leading provider of regulatory compliance solutions for the energy industry with the mission of helping ensure a stable, reliable, bulk electric supply. Since 1988, Certrec’s SaaS applications and consulting expertise have helped hundreds of power-generating facilities manage their regulatory compliance and reduce their risks.

Certrec’s engineers and business teams bring a cumulative 1,500 years of working experience in regulatory areas of compliance, engineering, and operations, including nuclear, fossil, solar, wind facilities, and other Registered Entities generation and transmission.

Certrec has helped more than 200 generating facilities establish and maintain NERC Compliance Programs. We manage the entire NERC compliance program for 80+ registered entities in the US, Canada, and Mexico that trust us to decrease their regulatory and reputational risk. Certrec is ISO/IEC 27001:2013 certified and has successfully completed annual SOC 2 Type 2 examinations.

For press and media inquiries, please contact