1. No category

NERC Certification and Review Process Manual

ERO Certification and
Review Process Manual
January 2013
3353 Peachtree Road NE
Suite 600, North Tower
Atlanta, GA 30326
404-446-2560 | www.nerc.com
Table of Contents
Table of Contents .............................................................................................................................ii
Purpose ........................................................................................................................................... 3
Continuity Plan ................................................................................................................................ 3
Accountabilities/Responsibilities .................................................................................................... 4
NERC............................................................................................................................................ 4
Regional Entity (RE)..................................................................................................................... 4
Certification Process ....................................................................................................................... 6
Certification Review Process......................................................................................................... 12
Related Documentation ................................................................................................................ 13
Appendix I: Terms and Definitions ................................................................................................ 14
ii
Table of Contents
Purpose / Continuity Plan
Purpose
This ERO Certification Process Document serves two purposes.
First, it provides consistency in the implementation of an ERO-wide Certification process that
will meet the requirements of the NERC Rules of Procedure (ROP) Section 500 and Appendix 5A.
Second, it provides transparency in the implementation of the Certification process in order
that entities applying or registered for the Reliability Coordinator (RC), Balancing Authority (BA)
and/or Transmission Operator (TOP) functions will gain a better understanding of what to
expect as the process is executed.
Continuity Plan
The North American Electric Reliability Corporation’s (NERC) mission is to ensure the reliability
of the North American bulk power system. NERC is the electric reliability organization (ERO)
certified by the Federal Energy Regulatory Commission to establish and enforce reliability
standards for the bulk power system. NERC develops and enforces reliability standards;
assesses adequacy annually via a 10-year forecast, and summer and winter forecasts; monitors
the bulk power system; and educates, trains and certifies industry personnel. ERO activities in
Canada related to the reliability of the bulk power system are recognized and overseen by the
appropriate governmental authorities in that country.
NERC has delegated to Regional Entities (RE)s, via regional delegation agreements (RDA)s1,
certain responsibilities for the conduct of ERO statutory functions.
In accordance with the NERC Rules of Procedure Section 500, subsection 3 Delegation and
Oversight, NERC shall develop and maintain a plan to ensure the continuity of an Organization
Registration and Certification Program within the geographic or electrical boundaries of a
Regional Entity in the event that no entity is certified as a Regional Entity for that Region, or the
Regional Entity withdraws as a Regional Entity or does not operate its Organization Registration
and Certification Program in accordance with delegation agreements and other requirements.
To conduct this plan, NERC would follow and adhere to the Registration and Certification
procedural documents in order to successfully fulfill the day to day activities surrounding Entity
Registration and Certification.
1 Located on NERC’s website at http://www.nerc.com/page.php?cid=1|9|119|181
3
ERO Certification Process Manual
Accountabilities / Responsibilities
Accountabilities/Responsibilities
NERC
President and Chief Executive Officer (CEO), or Designee

Responsible for overall execution of the Continuity Plan as described on Page 3.
Director of Compliance Operations or Designee

Provides overall oversight of the ERO Certification process and maintains
responsibility for effective and consistent implementation of the Certification
process throughout the eight REs.
Manager Organization Registration & Certification

Provides direct oversight of the ERO Certification process and maintains contact with
REs for effective implementation of the Certification process.

Confirms that the composition of each Certification Team (CT) complies with ROP
requirements.

Assigns NERC member(s) to CT.

Establishes training requirements and facilitates training for CT members.

Maintains registry of CT member training.

Plans and organizes Certification workshops for REs and stakeholders.

Facilitates NERC approval of RE recommendation of entity certifications.

Proposes and maintains revisions to Certification process documents as required.
Regional Entity (RE)
President and Chief Executive Officer (CEO), or Designee

Responsible for overall execution of the Certification Process.

Acts upon the CT recommendation for certification.

Notifies the entity and NERC of the Certification decision.
Manager (or Designee) responsible for Certification
4

Ensures Regional execution of the ERO Certification process.

Identifies Certification Team Leader (CTL) and determines members of the CT in
coordination with the CTL, confirms completion of required training, and execution
of appropriate CT member documentation.

Approves and ensures the adequate implementation of subsequent action plans
from completed ERO Certifications.

Responsible for facilitating final RE approval of entity Certification.
ERO Certification Process Manual
Accountabilities / Responsibilities

Confirms all evidence and Certification documentation is kept in accordance with
the RE document retention procedures per ROP Section 502.2.
Certification Team Leader (CTL)

Must be a trained Team Leader.

Completed NERC online Auditor training.

Attended NERC’s Lead Auditor Training workshop.

Completed required reading package.

Participated as a Team Member on at least two (2) certifications

Coordinates Certification activities in accordance with ROP Section 500, Appendix
5A, and the Certification Process Manual to achieve stated objectives of the ERO
Certification process.

Establishes and maintains contact with entity applicant throughout the Certification
process.

Performs and oversees fact finding, interviews and data collection.

Prepares Opening and Closing Presentations.

Analyzes on-site interviews, observations, feedback, etc to complete the ERO
Certification.

Develops draft Final Report including coordination with CT members of wording
regarding positive observations and closed bucket 2 items.

Supports RE Manager, or designee, responsible for Certification in facilitating RE
approval of entity Certification.
Certification Team Member (Duties as assigned by the CTL)
5

Completes required training per ROP and executes Confidentiality agreements and
Conflict of Interest forms.

Reviews evidence presented by applicant, documents questions for entity SMEs,
submits requests for information to CTL.

Interviews subject entity management, SMEs, and system operators.

Acts as Scribe if assigned.

Contributes comments on Final Report
ERO Certification Process Manual
Certification Process
Certification Process
The certification2 of an entity requires a well-planned, in depth review and well documented
assessment of an entity’s capability to perform the tasks of the certifiable function for which it
has applied or has been registered. This document provides a summary of the steps required to
conduct the certification process. The following procedure is written generally in chronological
order and may be changed at the discretion of the CTL to meet schedules, differences in
Certification scope, management direction, differences in RE needs, etc. Further, it is written
on the basis that an entity has requested Certification. If an entity has received a registration
initiated by either the Regional Entity or NERC as allowed in ROP Appendix 5A, or if the entity is
already registered3 the procedure will be adjusted as appropriate.
If there are any discrepancies between the NERC ROP and this document, the NERC ROP shall
take precedence. All discrepancies must be brought to the attention of NERC or the
appropriate RE for further actions, as needed.
The Regional Entity shall assign a Certification Team Lead (CTL) once an application has been
received and accepted or an entity has been registered by the Regional Entity or NERC on
behalf of the entity4. The CTL should be a trained team leader5 as this will provide a solid
foundation for the Certification Team (CT). The CTL is responsible to develop a CT in compliance
with the NERC Rules of Procedure (ROP) Appendix 5A. All CT members must have completed
the requirements as described in the appropriate Member Training Form, prior to participation
in the certification process and adhere to ERO’s confidentiality agreements for any data or
information made available to the CT member through the certification process.
The following is a summary of steps to be followed during a certification:
Planning
1. As required by the ROP, the CT members:
a. Shall consist of:
i. For Balancing Authority, the CT shall have representation from the following:
o An existing BA, the entity’s proposed RC, TOP, each affected Regional
Entity, and NERC.
ii. For Reliability Coordinator, the CT shall have representation from the
following:
2
The certification of Reliability Coordinators (RC), Balancing Authorities (BA) and Transmission Operators (TOP) is an independent process from
the similar process of audits
3 For an entity that is already registered, the CTL will review any Potential Violations of record
4 An entity is registered ‘on behalf of’ if the RE or NERC determines the entity should be registered and the entity refuses to voluntarily register
In accordance with ROP Section 500 §2.2.7 NERC shall develop and provide training in auditing skills to all individuals prior to their
participation in Certification evaluations. Training for Certification Team leaders shall be more comprehensive than the training given to
industry subject matter experts and Regional Entity members.
5
6
ERO Certification Process Manual
Certification Process
2.
3.
4.
5.
6
7
o An existing RC, a BA and a TOP in the proposed RC area, each affected
Regional Entity, and NERC.
iii. For Transmission Operator, the CT shall have representation from the
following:
o An existing TOP, the entity’s proposed RC, each affected Regional
Entity, and NERC.
b. Additional CT members with expertise in any of the NERC registry functional areas
may be added as necessary (i.e. NERC, Regional Entity staff).
c. Entities such as government representatives or other stakeholders may be observers
in the certification process.
The CTL shall ensure all CT members have completed the following:
a. Certification Team Member Training Record form.
b. An ERO Conflict of Interest and business Ethics for Certification Team Members
form.
c. An ERO Confidentiality Agreement for NERC Certification Team form.
The Certification Scope:
a. The CT shall review the application for certification to determine the scope of the
assessment. Using the NERC Reliability Standards VRF Matrix, the team shall develop
a Master Matrix to identify which Reliability Standards shall be assessed based upon
the function(s) for which the entity is to be certified.
The CTL shall develop an online portal to store all documentation. The CTL shall set up a
secured server to house all relevant Certification Process documents, including but not
limited to:
a. The application
b. All relevant correspondence between the CTL and the applicant, including the
Certification Packet described in 4 below
c. All relevant correspondence between the CTL and the CT members
d. Instructions for the entity to access the server in order for the entity to submit their
responses and allow for CT members to access the documentation supplied
e. The agreed applicable Master Matrix to be evaluated during the process
f. The overall process schedule
g. The agenda for the on-site visit if required
h. The Final Report
i. The RE approval/rejection of application for certification
A Certification Packet shall be developed and sent to the entity 90 days prior to the on-site
visit6 and shall consist of:
This procedure recognizes circumstances may arise that require a timeline appropriate for the circumstances and the event durations are
predicated on adequate time available.
ERO Certification Process Manual
Certification Process
a. Notification of the certification process
b. The tentative overall process schedule and on-site agenda for the certification
process
c. The appropriate questionnaires7
d. The Master Matrix
e. The CT Roster and CT member biographies requesting no-objections to CT members
f. Pre-Certification survey which is to be returned to the CTL days within 15 days
g. Any specific requests for information (RFI) known
6. CTL should contact the entity within one week of submitting the packet to:
a. Confirm receipt of the package
b. Discuss any concerns the entity may have
7. The entity shall complete and return to the CTL the questionnaires, master matrix and
supporting documentation no later than four weeks prior to the on site visit.
8. The CTL shall schedule a document review to take place prior to the on-site visit, preferably
the document review should take place face to face with the CT members, however a
teleconference is acceptable.
9. The CTL and CT shall review the Pre-certification survey, in order to:
a. Develop an understanding of the entity being certified
b. Make all travel arrangements
10. The CTL shall assign a scribe(s) to document the assessment and identify teams if the CT is
to be broken into smaller groups:
a. For complex certifications of new facilities, the CTL may assign members of the CT
into different focus areas such as:
i. Facilities – examples of items that could be included (but are not limited to
the following) are: the physical cyber assets against the CIP standards, the
cyber training, the maintenance contracts and records for the facilities, the
electrical system and UPS, the cyber security of servers, passwords, etc. per
the CIP standards, and the physical installation of data and voice equipment.
ii. EMS/SCADA – Interview the EMS/SCADA subject matter experts (SMEs) to
ensure that the tools will provide adequate situational awareness against the
NERC Standards. Ensure adequate change control of the EMS/SCADA. Review
the data transfer, server, applications, and redundancy configuration of the
core tools including: EMS, OSI-PI, ICCP, outage scheduling, scheduling, map
board displays, communication systems, etc.
iii. Operator Preparedness – Interview the operators at their workstations and
ask them to present the tools, procedures, CIP readiness, and their
7
At the discretion of the CTL, the CTL will forward a Neighboring Entity questionnaire to an appropriate neighboring entity.
8
ERO Certification Process Manual
Certification Process
procedure use for normal day-to-day and emergency operations. Interview
the training staff regarding initial, training needed to support the transition
to the new responsibilities and continuing training against the NERC
Standards. Interview the planning staff to ensure adequate contingency
planning and proper interaction with the real time operators.
11. The CT shall conduct a document review of the documentation provided prior to the on-site
visit and shall document all:
a. Questions for the entity’s management, SMEs and system operators based upon the
review of the supporting documentation
b. Additional RFIs and submit to the entity prior to the on-site visit
c. document all comments which support of the entity’s abilities to perform the
function for which the entity applied during the document review and close out
those items which do not need further review
d. Issues which need to be addressed prior to certification being granted
12. The CTL shall provide the entity a final schedule and agenda for the on-site visit based upon
the results of the document review.
Fieldwork
1. Opening Presentation
a. The CTL shall provide an opening presentation the first day on site.
b. The entity shall provide an opening presentation, briefly describing the entity, the
location, evacuation and other safety issues, restrooms and other housekeeping
information.
2. The CT shall interview entity personnel to provide clarification to responses provided and
reviewed during the document review.
a. The CT shall request electronic copies of documents provided.
b. Security sensitive materials shall be documented, however, they shall remain at the
entity’s facility.
3. The CT shall tour the facilities observing and noting the required physical assets. The CT may
request a demonstration of the tools used to support the function.
4. At the end of each day, the CT will caucus in preparation for the daily debriefing.
Subsequently, the CTL shall lead a daily debriefing with the entity in order to:
a. Identify the status of the assessment.
b. Identify any items of concern which need to be addressed, identify which bucket
each item is in.
c. Provide an update to the schedule.
d. Identify any possible violations of applicable standards in order for the entity to selfreport to its respective region.
5. The CTL shall provide an exit briefing at the end of the on site visit in order to:
9
ERO Certification Process Manual
Certification Process
a. Identify any items of concern which need to be addressed, identify which bucket
each item is in.
b. Discuss the reporting process.
c. Discuss the next steps in the certification process, including the post on site visit
anticipated schedule, including closing bucket 2 items.
d. Confirm that Entity Feedback Forms will be forwarded to the entity with a sincere
request for candid feedback.
Reporting
1. The CTL will provide the CT with the Feedback Form-CT Member and request that they be
returned within 5 calendar days with a copy to the NERC Certification email
[email protected].
2. After completion of the on-site visit the CTL should develop:
a. a spread sheet listing all Bucket 2 items which are to be tracked and closed prior to
requesting RE management approve certification; and
b. the draft Final Report, in coordination with input from the CT, which presupposes
bucket 2 items are closed,.
3. Upon completion of the draft Final Report, the CTL should transmit the draft Final Report to
the CT requesting return with final comments within 2 calendar days.
4. Upon completion, the CTL should transmit the draft Final Report to the entity requesting
return with comments within 14 calendar days.
5. The comments received from the entity will be given due consideration and incorporated in
the Final Report at the discretion of the CTL, in consultation with the CT.
6. The CTL will review the completed Final Report one last time with the CT and when all
Bucket 2 items are closed to the satisfaction of the CT, submit to the appropriate RE
management8 the CT recommendation and Final Report for consideration and approval.
7. If rejected by RE management, the CTL will work with the CT and the entity to resolve any
issues.
8. If approved by RE management, the RE CEO9 (or a designee) will transmit to the entity, with
a copy to NERC, the formal RE approval and RE recommendation for NERC approval using as
a template, the “Region Certification Approval Recommendation Letter” available on
NERC’s website.
9. If approved by NERC, NERC shall transmit via email to the applicant, confirmation of
Certification of the application function, noting that the applicant will receive via post, a
hard copy of:
8 For multi region entities, the CTL will submit the CT recommendation and Final Report to each region’s management for consideration and
approval.
9 Each RE management is to issue the letter of approval and recommendation
10
ERO Certification Process Manual
Certification Process
a. The Certification Letter
b. Certificate of functional Certification
10. After the applicant is certified, the RE will register the applicant; the applicant will be
registered for the new function on the confirmed date that operations will begin10.
11. After the applicant is certified, the applicant must commence operations for the application
function within 12 months after being notified of approval by NERC. If the applicant fails to
commence operation within 12 months, the certification process must be repeated.
10 Within the Certification Approval letter, the entity is reminded to advise the RE when it is to commence operations.
11
ERO Certification Process Manual
Certification Review Process
Certification Review Process
Functional Entity Certification Review will follow the same processes and procedures as a
Functional Entity Certification with an appropriately scoped evaluation effort, including team
composition, onsite visit needs and change in terminology as appropriate. Items that are to be
considered in this decision are listed in ROP Appendix 5A Section IV §4, and include one or
more of the following:
 Changes to a Registered Entity’s Footprint or operational challenges (i.e., TLRs) due to
the changes
 Organizational restructuring that could impact the Bulk Power System reliability
 Relocation of the control center
 Changes to Registered Entity ownership requiring major operating procedure changes
 Significant changes to JRO / CFR assignments or agreements changes
 Addition or removal of member JRO / CFR utilities or entities
 Complete replacement of a SCADA/EMS system
A Registered Entity requiring review shall complete the appropriate form from Regional Entity
and submit the completed form to its applicable RE.
Using professional judgment, the CT shall limit the scope to those requirements which are
affected as a direct result of the reason for the review; such as if an entity installed a new EMS,
there should be no reason to conduct Personnel Risk Assessments due to the change if access
to the Critical Cyber Assets remains the same.
12
ERO Certification Process Manual
Related Documentation
Related Documentation





All Certification process templates, including the Certification Process Manual are available
on NERC’s website11
NERC Rules of Procedure Section 500 - Organization Registration and Certification
NERC Rules of Procedure Appendix 5A - Organization Registration and Certification Manual
NERC Rules of Procedure Appendix 5B - Statement of Compliance Registry Criteria
NERC Rules of Procedure - Section 1500 Confidential Information
11 http://www.nerc.com/page.php?cid=3|25|294‘ Certification Process Documents’
13
ERO Certification Process Manual
Appendix I: Terms and Definitions
Appendix I: Terms and Definitions
For purposes of this document to understand the Certification Process
Term
Definition
Bucket Items
Bucket 1 are issues that would prevent CT
recommendation for certification; Bucket 2 are issues that
require resolution prior to resolution; and Bucket 3 are
suggestions offered to the entity to improve performance.
Days
Days as used in the Registration and Certification
processes are defined as calendar days.
Electric Reliability
Organization (ERO)
The ERO refers to both NERC and the REs.
Functions requiring
Certification
Per ROP Section 501, entities applying or which are
registered to perform the function of Reliability
Coordinator (RC), Balancing Authority (BA) and/or
Transmission Operator (TOP) must be certified.
Functional Entity
Certification
The process undertaken by the ERO to verify an entity has
the tools, processes, procedures, training and personnel
to perform the tasks associated with a function requiring
certification such as a RC, BA, and/or TOP.
Functional Entity
Certification Review12
The process undertaken by the ERO to verify an entity
continues to have the tools, processes, procedures,
training and personnel to perform the tasks associated
with a function requiring certification such as a RC, BA,
and/or TOP after the entity has experienced changes such
as those listed in Appendix 5A.
Master Matrix
The spread sheet created using the VRF Matrix on NERC’s
Standards link depicting those standards applicable to the
specific function to be certified or reviewed due to listed
changes.
Multi-Region Entity
An entity applying for Certification whose facilities are
located within more than one Region’s footprint.
12
The decision to certify changes to an already operating and certified Registered Entity is a collaborative decision between the affected Regional
Entity(s) and NERC. NERC has the final authority regarding this decision. Items to consider for this decision are listed in Appendix 5A
14
ERO Certification Process Manual
Appendix I: Terms and Definitions
Term
NERC Rules of Procedure
(ROP)
15
Definition
NERC Rules of Procedure (including all Appendixes),
approved by the Federal Energy Regulatory Commission
(FERC), in effect at the time of the Certification process
activities.
ERO Certification Process Manual

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2026 Paperzz