Deferred implementation of NERC reliability standards: what it means for power and utility companies

Start adding items to your reading lists:
or
Save this item to:
This item has been saved to your reading list.

Due to the impact of COVID-19, the Federal Energy Regulatory Commission (FERC) approved a request by the North American Electric Reliability Corporation (NERC) to defer the implementation of reliability standards scheduled to become effective in 2020.

Deferred implementation at a glance

FERC’s approved motion represents a measure to help assure grid reliability amid the impacts posed by the COVID-19 outbreak. NERC had requested this action to provide NERC, the Regional Entities and registered entities with regulatory certainty while companies deal with the unprecedented COVID-19 public health emergency.

NERC has also stated that COVID-19 may be considered an acceptable reason on a case-by-case basis for non-compliance with Reliability Standard requirements involving periodic actions that would have been taken between March 1, 2020 and July 31, 2020. Furthermore, NERC has relaxed reliability standard PER-003-2, for the period of March 1, 2020 to Dec. 31, 2020, allowing COVID-19 impacted entities to use system operator personnel that are not NERC-certified.

Regarding sanctions, NERC has stated that it will consider the coronavirus outbreak an extenuating circumstance under its Sanction Guidelines for all instances of noncompliance where the impacts of the outbreak, such as impacts on workforce availability or the supply chain, were a cause or contributing factor to the noncompliance.

Maintaining compliance with NERC requirements

COVID-19 will undoubtedly impact many organizations’ NERC programs and the ongoing execution of reliability and compliance operations, as well as the way in which evidence of compliance is retained. As the situation continues to evolve, it’s important for organizations to look at their NERC compliance obligations and plan accordingly.

With the impacts of COVID-19 still being assessed and continuing to develop, we encourage Registered Entities to maintain compliance where feasible with existing and upcoming compliance obligations, while considering risks of losing reliable operations in light of an easing regulatory environment. Where registered entities cannot support continued compliance, timely communications with Regional Entities is required to reach alignment and maintaining documented support including rationale for any deviations is recommended. According to NERC, registered entities must report to their Regional Entity on the standards or requirements involved, details of the impact, efforts to mitigate risk, the expected timeline for mitigating the shortcoming and the cause of the shortcoming in the first place.

Considerations for success

Incident  Response Team

Incident response team

Maintain a COVID-19 FERC/NERC Incident Command Committee to assist with assessing risks of taking advantage of easements and establishing a plan to get back to normal operations. Registered entities should also continuously monitor skill sets present throughout the pandemic and consider engaging supplemental resources if warranted.

Personnel icon

Personnel

Identify and protect mission-critical staff, such as control center operators and instrument technicians. Physically segregate crews, disinfect frequently touched equipment, provide PPE, run temperature checks and avoid shared vehicles. Enforce other health measures where a virtual workforce isn't an option. Registered entities should also stand ready to implement advanced business continuity plans should critical personnel become exposed or ill.

Cyber security

Cybersecurity

Remote technology use poses a heightened cybersecurity risk, so it’s essential to analyze the adequacy of technology resources to support increased remote work —without compromising security. Registered Entities should consider enhanced training related to social engineering attacks, apply more stringent access controls, take steps to inventory and monitor remote assets, ensure continued patching and perform stress testing to identify any additional security measures that might be needed in different scenarios.

Supply chain

Supply chain

Prioritize construction and maintenance activities and assess COVID-19 impacts to ongoing operations and outage schedules. Understand existing inventories of critical equipment and supporting supply chain resources on hand and with key suppliers. Force-majeure situations have already been reported in recent weeks, so knowing your third party’s (and their third party’s) availability to provide ongoing construction, maintenance and equipment needed during the crisis should be continuously evaluated. Registered entities may also want to encourage critical small business suppliers to tap into funding available through the CARES Act.

Alternative evidence

Alternative evidence

As processes temporarily change, the underlying evidence of compliance is expected to shift as well. Determine how the design or evidence of compliance might need to be modified. For example, virtual sign-offs instead of manual signatures might be standard practice for a period of time instead of manual signatures.

Looking ahead

Looking ahead

Registered Entities should consider real-time adjustments to project plans in order to continue meeting NERC’s new standards, while Registered Entities proactively address hazards presented by COVID-19. The FERC-approved delays are only three to six months per standard, and deferring readiness activities until business has returned to normal operations may jeopardize the ability to meet the newly established deadlines.

You are not alone.

Dealing with staff shortages or have questions about supportive technologies? Connect with one of our specialists in NERC, business continuity, crisis management, cybersecurity, supply chain, construction or outage management. We’re here for you.

Contact us

Gavin S. Hamilton

US Energy, Utilities & Mining Assurance Leader, PwC US

Alan Conkle

Power & Utilities Risk Assurance Leader, PwC US

Dennis Curtis

Power & Utilities Risk Assurance Partner, PwC US

Jake Stricker

Power & Utilities Risk Assurance Managing Director, PwC US

Amanda Herron

Power & Utilities IA, Compliance & Risk Leader, PwC US

Follow us