Reliability Standard Audit Worksheet
CIP-SUPP-002-AB
Cyber Security – Supplemental CIP Alberta Reliability
Standard Technical Feasibility Exceptions
Audit Summary
Registered Entity:
[Registered Entity name as it appears in the AESO ARS Registry]
Functional Entity:
[Functional entities for which the Registered Entity above was registered
throughout the audit period]
Audit Period:
From: [Audit start date or standard effective date, whichever comes later]
To:
[Audit end date or standard withdrawal/supersede date, whichever
comes first]
Audit:
[Scheduled (YYYY-QX) or Spot Check YYYY-MM-DD]
Compliance Monitoring
Entity:
Alberta Electric System Operator (AESO)
Suspected Non-Compliance
to the standard?
Date of Completion:
No
Yes
[If Yes, list the requirements with suspected contravention
findings e.g. R1, R2, R7]
[Use YYYY-MM-DD format]
Assessment Commentary
[Information (if any) relevant to audit findings below]
Findings
R1
[Summary of Findings]
R2
[Summary of Findings]
R3
[Summary of Findings]
R4
[Summary of Findings]
R7
[Summary of Findings]
Document1
Page 1 of 9
Version 1.0 – 2017-05-02
CIP-SUPP-002-AB
Cyber Security – Supplemental CIP
Alberta Reliability Standard Technical Feasibility Exceptions
Contact Information
Audited Entity
Compliance Primary
[Name]
[Title]
[Phone]
[Email]
Subject Matter Expert
[Name]
[Title]
[Phone]
[Email]
AESO Team
Lead Auditor
Auditor
Compliance Manager
Standard Owner
Document1
Sign-off
[Name]
[Title]
[Phone]
[Email]
Date:
[Name]
[Title]
[Phone]
[Email]
Date:
[Name]
[Title]
[Phone]
[Email]
Date:
[Name]
[Title]
[Phone]
[Email]
Date:
Signature:
Signature:
Signature:
Signature:
Page 2 of 9
Version 1.0 –2017-05-02
CIP-SUPP-002-AB
Cyber Security – Supplemental CIP
Alberta Reliability Standard Technical Feasibility Exceptions
Applicability
This reliability standard applies to those Responsible Entities listed in CIP-002-AB-5.1, Cyber
Security – BES Cyber System Categorization, section 4, Applicability.
Document1
Page 3 of 9
Version 1.0 –2017-05-02
CIP-SUPP-002-AB
Cyber Security – Supplemental CIP Alberta Reliability Standard Technical Feasibility Exceptions
Compliance Assessment
Requirement & Measure
Evidence Submission
R1 A Responsible Entity other than the ISO must,
AR1 Please provide:
where:
(i) a list of the technical
(a) a requirement in the CIP Cyber Security reliability
feasibility exception
standards uses the phrase “where technically feasible”;
requests submitted to the
and
ISO during the audit period.
(b) the Responsible Entity seeks a variance from the
requirement referenced in sub-requirement R1(a) on the
grounds of technical feasibility,
request that the ISO approve a technical feasibility
exception.
or any other evidence to
demonstrate compliance to R1.
Evidence Description
Evidence
[Click and edit to enter description for
AR1(i) submitted evidence]
[Click and edit to embed file or link to
evidence]
[Click and edit to enter description for any
other submitted evidence]
[Click and edit to embed file or link to
evidence]
Assessment Approach
Verify the dates of the technical feasibility
exception requests submitted to ensure these
were submitted in the audit period.
Auditor Notes
[For AESO use only]
[For AESO use only]
MR1 Evidence of a request for a technical feasibility
exception as required in requirement R1 exists.
Evidence may include, but is not limited to, a hard copy
or electronic copy of the request, or other equivalent
evidence.
Findings
[For AESO use only]
Document1
Page 4 of 9
Version 1.0 –2017-05-02
CIP-SUPP-002-AB
Cyber Security – Supplemental CIP Alberta Reliability Standard Technical Feasibility Exceptions
Requirement & Measure
R2 A Responsible Entity must make a request under
requirement R1 in writing in the form specified by the
ISO.
MR2 Evidence of making a request in writing as
described in requirement R1 exists. Evidence may
include, but is not limited to, a hard copy or electronic
copy of the request, or other equivalent evidence.
Evidence Submission
AR2 Please provide:
(ii) copies of the technical
feasibility exception
requests submitted to the
ISO during the audit period.
or any other evidence to
demonstrate compliance to R2.
Evidence Description
Evidence
Assessment Approach
Auditor Notes
[Click and edit to enter description for
AR2(i) submitted evidence]
[Click and edit to embed file or link to
evidence]
Verify that the submission of technical feasibility [For AESO use only]
exception request(s) was in writing and in the form
specified by the ISO.
[Click and edit to enter description for any
other submitted evidence]
[Click and edit to embed file or link to
evidence]
[For AESO use only]
Findings
[For AESO use only]
Document1
Page 5 of 9
Version 1.0 –2017-05-02
CIP-SUPP-002-AB
Cyber Security – Supplemental CIP Alberta Reliability Standard Technical Feasibility Exceptions
Requirement & Measure
R3 At the ISO’s request, a Responsible Entity must
provide:
(a) any additional information relating to a request for a
technical feasibility exception; or
(b) the reasons why the additional information will not be
provided.
MR3 Evidence of providing additional information or
reasons in accordance with requirement R3 exists.
Evidence may include, but is not limited to, a hard copy
or electronic copy of the request and the response, or
other equivalent evidence.
Evidence Submission
AR3 Please provide:
(i)
a list of ISO’s requests
pertaining to R3 received
during the audit period,
including an indication on
whether the reply included
the response or the reasons
for not providing the
information.
or any other evidence to
demonstrate compliance to R3.
Evidence Description
Evidence
[Click and edit to enter description for
AR3(i) submitted evidence]
[Click and edit to embed file or link to
evidence]
[Click and edit to enter description for any
other submitted evidence]
[Click and edit to embed file or link to
evidence]
Assessment Approach
Verify that additional information and/or reason(s)
was provided to each ISO’s request.
Auditor Notes
[For AESO use only]
[For AESO use only]
Findings
[For AESO use only]
Document1
Page 6 of 9
Version 1.0 –2017-05-02
CIP-SUPP-002-AB
Cyber Security – Supplemental CIP Alberta Reliability Standard Technical Feasibility Exceptions
Requirement & Measure
Evidence Submission
AR4 Please provide:
request for a technical feasibility exception under
(i) evidence to demonstrate
requirement R1, and all records related to such a
that the information related
request, as confidential in accordance with the
to technical feasibility
provisions of section 103.1 of the ISO rules,
exception request and all
Confidentiality, provided however that where the request
records related to such a
for a technical feasibility exception is made by a
request are treated in
Responsible Entity whose rights and obligations are the
accordance to R4.
subject of a power purchase arrangement, that
Responsible Entity may disclose to its counterparties
such information in respect of the technical feasibility or any other evidence to
demonstrate compliance to R4.
exception as and if required under the terms of the
power purchase arrangement.
R4 The ISO and the Responsible Entity must treat a
Evidence Description
Evidence
[Click and edit to enter description for
AR4(i) submitted evidence]
[Click and edit to embed file or link to
evidence]
[Click and edit to enter description for any
other submitted evidence]
[Click and edit to embed file or link to
evidence]
Assessment Approach
Verify that all the records were treated in
accordance with R4.
Auditor Notes
[For AESO use only]
[For AESO use only]
MR4 Evidence of treating the request as confidential as
described in requirement R4 exists.
Findings
[For AESO use only]
Document1
Page 7 of 9
Version 1.0 –2017-05-02
CIP-SUPP-002-AB
Cyber Security – Supplemental CIP Alberta Reliability Standard Technical Feasibility Exceptions
Requirement & Measure
Evidence Submission
AR7 Please provide:
material change in the facts underlying the request for or
approval of a technical feasibility exception, submit a (i) a dated record of becoming
aware of a material change,
revised request to the ISO under requirement R2 within
and a dated copy of the
sixty (60) days of becoming aware of the material
revised request;
change.
R7 A Responsible Entity must, where there is a
MR4 Evidence of submitting a revised request to the
ISO in accordance with requirement R7 exists.
Evidence may include, but is not limited to, a dated
record of becoming aware of a material change
in facts and a dated hard copy or electronic copy of the
revised request, or other equivalent
evidence.
Evidence Description
Evidence
Assessment Approach
Auditor Notes
[Click and edit to enter description for
AR7(i) submitted evidence]
[Click and edit to embed file or link to
evidence]
Verify that any revised requests were submitted
[For AESO use only]
within sixty (60) days of the entity becoming aware
of the material change.
[Click and edit to enter description for any
other submitted evidence]
[Click and edit to embed file or link to
evidence]
[For AESO use only]
if no material change were
identified during the audit
period, an attestation letter
to this effect.
or any other evidence to
demonstrate compliance to R7.
Findings
[For AESO use only]
Document1
Page 8 of 9
Version 1.0 –2017-05-02
CIP-SUPP-002-AB
Cyber Security – Supplemental CIP
Alberta Reliability Standard Technical Feasibility Exceptions
General Notes
The AESO developed this Reliability Standard Audit Worksheet (RSAW) to add clarity and consistency to the
audit team’s assessment of compliance with this reliability standard, including the approach elected to assess
requirements.
Additionally, the RSAW provides a non-exclusive list of examples of the types of evidence a market
participant may produce or may be asked to produce to demonstrate compliance with this reliability standard.
A market participant’s adherence to the examples contained within this RSAW does not constitute compliance
with the reliability standard.
This document is not an AESO authoritative document and revisions to it may be made from time to time by
the AESO. Market participants are notified of revisions through the stakeholder update process.
Notes to File
[For AESO use only: any observations, remarks or action items for future audits]
Revision History
Version
1.0
Document1
Issue Date
Description
May 2, 2017
Initial version of Worksheet
Page 9 of 9
Version 1.0 – 2017-05-02