Case Study: An Independent System Operator (ISO) selects MetricStream NERC Compliance and Issue Management Solution to ensure market participants are complying with the NERC reliability standards.
1. CASE STUDY
MetricStream INDEPENDENT SYSTEM OPERATOR ACHIEVES AND ENSURES
COMPLETE NERC COMPLIANCE FOR ITS MARKET PARTICIPANTS
Customer
The customer is a non-profit corporate entity, an Independent System Operator (ISO), which develops,
enforces and monitors reliability standards and ensures compliance in the operations of the transmis-
sion systems of the entire province.
The ISO connects all participants - generators, transmitters, retailers, industries that use it and local
distribution companies. Overseeing hundreds of power entities in the region, the ISO ensures the reli-
able operation of the provincial electricity grid and acts as the reliability coordinator for the province
and reports on the progress of projects underway to meet the reliability requirements of the province.
Overview
The power industry today goes beyond the management of a collection of power plants and transmis-
Benefits sion lines.Maintaining an effective grid calls for the management of diverse but connected flows such
as the flow of energy across the grid, the exchange of information about power flows and the equip-
ment it moves across, the flow of fundsamong producers, marketers, transmission owners, buyers
Absolute NERC compliance: With MetricStream’s and others.
efficiently formulated workflows, pre-built NERC
content libraries, configuration of existing framework,
structured organization of dataand well-defined regu- Adding to the challenges and complexity of active factors, the increasing number of regulatory de-
lation relationships, the ISO is able to gain a strong mands renders another dimension to the landscape of the power industry.
grip over its NERC compliance requirements and
fulfill them effectively. This has helped in weeding out The province where the ISO operates, utilizes an enormous quantity of electricity a year. Ensuring the
inconsistencies, duplications and disparities among availability of enough energy to meet this demand is an ongoing and highly complex process which
business units as well as market participant organiza-
requires the close co-ordination of all parts of the system. The ISO is at the center of it all, directing
tions and led to complete NERC compliance.
the flow of power across the province. This makes it mandatory for the ISO to adhere to reliability
standards such as those instituted by the Northeast Power Coordinating Council (NPCC), North Ameri-
Fool proof control: MetricStream Solution’s detailed can Electric Reliability Corporation (NERC), compliance requirements that impose stringent regulatory
reporting, minute compliance tracking and efficient
handling of non-compliance issues has paved the
oversight and reporting needs.
way to error-free control and mitigation processes
at the ISO. Every incident of non-compliance is Being responsible for enforcing and monitoring reliability standards in the electricity system of the
captured, closed and used for creating mitigation entire province, the ISO was keen on complete assured NERC compliance among all the entities and
plans, further strengthening the complete control stakeholders.
over compliance.With the ability to track the status,
progress and outcome of control, compliance teams
at the ISO are now able to plan and ensure ongoing Challenges
compliance in the organization.
Ensuring compliance with NERC across a large number of participants
Clear visibility into compliance and control The standards and regulatory requirementsin the power industry are increasing in number as well as
activities: The integrated single platform covering rigorousness. The ISO needs to adhere to standards and regulations set by ERO, NPCC, NERC, FERC
the entire web of the ISO’s operations, along with and Energy Policy Act (EP Act), Sarbanes Oxley Act (SOX) and much more. Ensuring a complete com-
centrally stored and organized regulatory repository, pliance with NERC across a large number of market participant organizations was proving challenging
provides the ISO a unified view of the compliance and for the ISO.
control activities at every level.
Improved safety of confidential information:
Lack of visibility into compliance levels of market participants
Central organization of information coupled with se- With hunders of power entities to manage and the mammoth task of ensuring complete compliance
cure, restricted access has resulted in improving the across the participant universe including interconnections with neighboring provinces, the ISO needed
safety of confidential data, policies and documents. to have enough visibilityin the NERC compliance levels. The absence of consolidated compliance and
While making the relevant information available to control information was leading to inconsistencies and duplications in regulatory and business assur-
every role in the ISO, MetricStream Solution has ance activities with implications on efficiency in productivity leading to dangers of catastrophes such
controlled the illegitimate access to confidential as blackouts.
information and rooted out the possibility of data theft
and system intrusions.
2. MetricStream
Adhering to corporate ethics
Ethics and compliance programs are integral to the creation of an informed workforce and ethi-
“With MetricStream Solution, we achieve cal decision-making. Monitoring processes and providing constant access to information, training
superior compliance with the multitude of employees on compliance and ethics are some essential measures to ensure effective implementation
standards that we are required to follow most of governance programssuch astraining on cyber security, code of conduct, consequences of unethi-
stringently, NERC being the most prominent one cal behavior, conflicts of interest, confidentiality of information and reporting violations and other
among these. With advanced functionalities and programs that lead to better business practices and compliance with regulations.Creating a culture of
robust architecture, MetricStream’s platform is compliance and maintaining a high level of integrity among employees are some of the challenges for
capable of completely supporting our complex the ISO.
NERC compliance frameworks, documentation
workflows, and steep reporting demands,” Need to consolidate compliance requirements
- says the spokesperson of the ISO Adopting a more sophisticated way to streamline and automate implementation and monitoring of
standards and annual compliance reporting schedules for NERC standards across all components -
market participants, business units, standards authority, Core Reliability Standards Team, Extended
Reliability Compliance Team, Compliance Enforcement Teamand the management – was becoming
imperative for the efficiency of the ISO.
Solution
MetricStream Solution is used by both inter- The ISO needed to streamline and automate implementation and monitoring of multiple compliance
nal users of the ISO as well as the market requirements including NERC and NPCC and was looking at a solution for integrating standards and its
participants. requirements, capturing reporting from various market participant organizations across the province,
ensuring compliance to those standards, and reporting compliance status to the standards authority.
The solution helps internal users:
• Create, schedule and manage self-certifi On scrutinizing various options, the ISO selected MetricStream’s integrated NERC compliance and
cation based on the IRCP schedule policy management solution along with, issue management and policy management (content manage-
• Manage escalation process for self- ment) solutions. The solution is a comprehensive, Web-based application based on MetricStream GRC
certification Platform and designed to collate and manage vast amounts of regulatory information. The solution
• Conduct and record gap analysis for provides advanced reporting capabilities and complete workflow automation to allow the organization
market rules to track and monitor compliance with regulations following prescribed schedules.
• Conduct and record gap analysis for
compliance evidences MetricStream Solution supports the ISO’s organizational model across all the business units, power
• Request, submit and ratify mitigation entities and departments, as well as their mapping to different roles and reporting relationships.
plans The portal views are based on the users’ profiles and organizational mapping. The solution helps the
• Manage and document NERC, NPCC and compliance teams to track and report over a thousand standards and requirements for hundreds of
OCEP library which includes standards, participants in the energy market in the province.
requirements and more
It facilitates report generation including Periodic Status Reports, Mitigation Status Reports,Compliance
The ISO’s market participants use Metric- Self CertificationReportsand any other ad hoc or customized reports.
Stream Solution to create and submit:
• Self-certifications to indicate their compli MetricStream Solution extensively utilizes email as a mechanism for delivering event-based notifica-
ance status tions, assignments, alerts, and escalations to relevant personnel to ensure timely completion of tasks.
• Self-reporting of non-compliance
• Submit mitigation plan and report the NERC Compliance Management
status of fulfillment of the mitigation plan MetricStream NERC Compliance Management Solution includes pre-populated NERC standards, pre-
built NERC content libraries, configurable compliance framework,requirements, and controls. The solu-
tion continuously monitors and captures any regulatory alert on these standards when the standards
authority approves a reliability standard which can be new, revised or withdrawn. Email notifications
and alerts are triggered automatically to initiate appropriate actions and stakeholders, market partici-
pants, business units are informed of approved standards.
MetricStream configured the solution to map the ISO’s NERC, NPCC and OCEP-compliance needs.
Existing Forms and associated workflows were configured to facilitate the self-certification and self-
reporting process of market participants. The solution maintains a central library of all portfolios (CIP,
BAL and others), standards (CIP 001 – 009) and requirements in a hierarchical tree structure for users
to access and reuse.
3. MetricStream
Market participants have two roles: ‘Delegates’ who are responsible for completing self-certifications,
Why MetricStream self-reporting and submit or track mitigation plans and ‘Managers’ who are notified about interactions
between the ‘Delegates’ and the ISO and also act as the escalation points for the market participants.
With advanced functionalities and easy-to-use ‘Delegatees’ can attach mitigation plans as part of their self-certification and reporting.
interface, MetricStream GRC Platform is capable of
completely supporting the ISO’s required compliance Using the automated workflow, the Core Reliability Standards Team at the ISO coordinates all
frameworks, control and documentation workflows
activities related to reliability standards including reporting compliance status for NERC and NPCC
and reporting demands.
standards to NPCC, working with market participants and internal subject matter experts to record
MetricStream Solution includes pre-built NERC compliance evidence and monitor mitigation plans in cases of non-compliance.
content libraries and ability to configure the existing
complex compliance framework of the ISO. The documented NERC standards are continuously monitored for compliance. If market participants
or internal subject matter experts discover that they are not compliant witha reliability standard, they
MetricStream has extensive experience and expertise immediately self-report to the ISO using the common platform. Any gaps identified during assess-
in understanding NERC compliance requirements of
large power companies. MetricStream’s knowledge
ment are captured and tracked to closure. The solution also allows users to search for specific NERC
of the industry and its best practices was perceived requirements based on user-defined search parameters, including wild-card searches.
as a huge plus point by the ISO.
Market participants are responsible for compliance to reliability standards that relate to their function
MetricStream has the ability to support large organi- on the bulk power system. The solution allows the participants to self-certify directly, through the
zations and meet their IT requirements in the areas of Reliability Compliance Program. The market participants can report compliance status to the ISO,
integration, configurability, scalability and security.
provide evidence of compliance when requested, and achieve compliant status through a mitigation
plan in cases of non-compliance.
Issue Management
The solution supports identification and evaluation of issues as well as case investigation and track-
ing, leading to an elaborate remediation or corrective action process. Using the solution, the Compli-
ance Enforcement Team coordinates corrective measures in cases of non-compliance, and ratifies the
mitigation plans proposed by market participants and business units.
MetricStream Solution enables the ISO to identify and resolve documentation discrepancies, gaps,
coding errors and other issues that might lead to non-compliance with applicable regulations. The sys-
tem assigns a unique ID to each issue, making it easy to track it from one stage to the next. Detailed
information about each issue is provided and issues are categorized based on predefined criteria.
Action owners are assigned for particular issues related to regulatory compliance. Failure investiga-
tions are also conducted to determine the root cause of the issue. The investigation is conducted
using collaborative workflows and investigative tasks are assigned to appropriate personnel.
The system sends automatic alerts and notifications to the appropriate personnel for remedial action.
When a corrective action is initiated, the case closes only after the action plan is carried out.
Policy and ProcedureManagement (Document Management)
MetricStream Solution provides a central repository to store and organize documents. Integrated col-
laboration and workflow tools can be used to access, create, modify, review, and approve documents
globally in a controlled manner. The solution ensures secure document access with centrally managed
policy-driven controls. Rights to view, modify, distribute, or print are granted based on roles and user
groups. Distribution lists are defined for a document category and check-in and check-out logs are
maintained.
MetricStream Solution helps various teams and business units in the ISO, market participants and
management to complete a wide range of tasks and activities such as: assign subject matter experts;
conduct gap analysis; record gaps;develop and submit Compliance Certification Form,Compliance
Reporting Schedules; request compliance information;record Compliance EvidenceReport and
compliance status;collect and record Compliance Certifications; report compliance status;request,
submit, record and ratify mitigation plan; submit Periodic Status Reports;record Mitigation Status
Reports;review mitigation progress.
4. For more information, visit
www.metricstream.com
Copyright 2011. All Rights Reserved.