Update on NERC CIP 002-009 ComplianceMay 18th, 2007
NERC’s proposed Compliance Program will be different than most standards conformance auditing programs in that ALL requirements must be met to be compliant. Compliance uses clear decision points: yes or no, done or not done. Compliance will be measured as quantitative not qualitative. NERC has announced four phases of compliance:
- Begin Work
- Substantially Compliant
- Auditably Compliant (to be auditably compliant, the responsible entity must be “compliant” for one year prior to the audit. All entities must reach “AC” in 2010)
Proposed auditing will begin in the year 2010 with evaluations of the “Reliability Readiness and Improvement Program” beginning as early as 2008. Utilities must take a proactive stance now in order to avoid hefty fines that will be imposed for not meeting the standards.
Beginning in 2010, NERC will begin enforcing the CIP standards through audits and/or known violations. Depending on the Violation Security Level (lower, moderate, high, and severe) and the Violation Risk Factor (lower, medium, high), the monetary penalty applied will range from $1,000 per violation per day up to $1,000,000 per violation per day.
NERC has published the following Penalties and Sanctions table:
|Violation Security Level|
The current status of the proposed NERC CIP Standards:
- NERC adopted standards in June 2006
- FERC submitted negative assessment response in December 2006
- Responses to FERC assessment filed in February 2007
- FERC reviewing industry responses
- FERC will issue Notice of Proposed Rulemaking (NOPR) in June 2007
- Industry will have 60 days to comment on NOPR
- FERC will issue Final Rule (approximately September 2007)
- Notice will be filed in Federal Register
- FERC effective date 60 days after Notice (approximately November 2007)
The Odyssey™ Solution is the only retrofit solution available that not only addresses all of the NERC CIP requirements but exceeds them. Odyssey™ not only prepares you for the near future, but also for standards that will be enforced years from now.
For more information on how the ETT Odyssey™ Solution addresses the CIP standards: