Deferred implementation of NERC reliability standards: what it means for power and utility companies

Start adding items to your reading lists:
or
Save this item to:
This item has been saved to your reading list.

Due to the impact of COVID-19, the Federal Energy Regulatory Commission (FERC) approved a request by the North American Electric Reliability Corporation (NERC) to defer the implementation of reliability standards scheduled to become effective in 2020.

Deferred implementation at a glance

FERC’s approved motion represents a measure to help assure grid reliability amid the impacts posed by the COVID-19 outbreak. NERC had requested this action to provide NERC, the Regional Entities, and registered entities with regulatory certainty while companies deal with the unprecedented COVID-19 public health emergency.

NERC has also stated that COVID-19 may be considered an acceptable reason on a case-by-case basis for non-compliance with Reliability Standard requirements involving periodic actions that would have been taken between March 1, 2020 and July 31, 2020. Furthermore, NERC has relaxed reliability standard PER-003-2, for the period of March 1, 2020 to Dec. 31, 2020, allowing COVID-19 impacted entities to use system operator personnel that are not NERC-certified.

Regarding sanctions, NERC has stated that it will consider the coronavirus outbreak an extenuating circumstance under its Sanction Guidelines for all instances of noncompliance where the impacts of the outbreak, such as impacts on workforce availability or the supply chain, were a cause or contributing factor to the noncompliance.

Maintaining compliance with NERC requirements

COVID-19 will undoubtedly impact many organizations’ NERC programs, and the ongoing execution of reliability and compliance operations as well as how evidence of compliance is retained. As the situation continues to evolve, it’s important for organizations to look at their NERC compliance obligations and plan accordingly.

With the impacts of COVID-19 still being assessed and continuing to develop, we encourage Registered Entities to maintain compliance where feasible with existing and upcoming compliance obligations while considering risks of losing reliable operations in light of an easing regulatory environment. Where registered entities cannot support continued compliance, timely communications with Regional Entities is required to reach alignment and maintaining documented support including rationale for any deviations is recommended. According to NERC, registered entities must report to their Regional Entity on the standards/requirements involved, details of the impact, efforts to mitigate risk, expected timeline for mitigating the shortcoming, and cause of the shortcoming.

Considerations for success

Incident  Response Team

Incident Response Team

Maintain a COVID-19 FERC/NERC Incident Command Committee to assist with assessing risks of taking advantage of easements and establishing a plan to get back to normal operations. Registered entities should also continuously monitor skill sets present throughout the pandemic and consider engaging supplemental resources if warranted.

Personnel

Personnel

Identify and protect mission critical staff such as control center operators and instrument technicians. There has already been reported generation units taken off-line due to the health effects of COVID-19. Physically segregating crews, disinfecting frequently touched equipment, providing PPE, running temperature checks, avoiding shared vehicles and other health measures should be enforced where a virtual workforce is not an option. Registered entities should also stand ready to implement advanced business continuity plans should critical personnel become exposed or ill.

Cyber security

Cyber security

Analyze the adequacy of technology resources to support increased remote work without compromising cyber security. Remote technology use during a time of crisis poses heightened cyber security risk. Registered Entities should consider enhanced training related to social engineering attacks, applying more stringent access controls, taking steps to inventory and monitor remote assets, ensure continued patching, and perform stress testing to identify added security measures needed under different scenarios.

Supply chain

Supply chain

Prioritize construction and maintenance activities and assess COVID-19 impacts to ongoing operations and outage schedules. Understand existing inventories of critical equipment and supporting supply chain resources on hand and with key suppliers. There have already been force-majeure situations reported and knowing your third party’s (and their third party’s) availability to provide ongoing construction, maintenance and equipment needed during the crisis should be continuously evaluated. Registered entities may also want to encourage critical small business suppliers to tap into funding available through the CARES Act.

Alternative evidence

Alternative evidence

As processes temporarily change, the underlying evidence of compliance is expected to as well. Determine if changes are needed in response to COVID-19 altering, even temporarily, the design or evidence of compliance - e.g., virtual sign offs instead of manual signatures.

Looking ahead

Looking ahead

Registered Entities should consider real-time adjustments to project plans to continue confronting NERC’s new standards as Registered Entities proactively address hazards presented by COVID-19. The FERC- approved delays are only three to six months per standard and deferring readiness activities until business has returned to normal operations may jeopardize the ability to meet the newly established deadlines.

You are not alone.

We are here to help if you are dealing with staff shortages, have questions about supportive technologies, or would like to connect with one of specialists in areas such as NERC, business continuity, crisis management, cyber security, supply chain, construction or outage management. We’re here for you.

Contact us

Gavin S. Hamilton

US Energy, Utilities & Mining Assurance Leader, PwC US

Alan Conkle

Power & Utilities Risk Assurance Leader, PwC US

Dennis Curtis

Power & Utilities Risk Assurance Partner, PwC US

Jake Stricker

Power & Utilities Risk Assurance Managing Director, PwC US

Amanda Herron

Power & Utilities IA, Compliance & Risk Leader, PwC US

Follow us