2019 CIP Compliance Seminar

2019 CIP Compliance Seminar

CIP Compliance Seminar Agenda Brochure

September 17-18, 2019 Charlotte, NC / WebEx

Agenda

SERC is committed to providing training and non-binding guidance to industry stakeholders regarding emerging and revised Reliability Standards. However, compliance depends on a number of factors including the precise language of the Standard, the specific facts and circumstances, and the quality of evidence. The agenda allows time for Q&A after each presentation. Therefore, times listed may vary. WebEx begins at 9:30 a.m. (Eastern). Those who attend the entire seminar will receive a participation certificate. The certificate does not satisfy educational requirements such as NERC continuing education hours .

Agenda WebEx Logon 2019 Upcoming Events 2020 Outreach Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

Tuesday, September 17, 2019

7:30 a.m.

Continental Breakfast Visit with Registered Entity Forum Steering Committee Members in VACAR Conference Room.

Todd Curl, NCSO - SERC Senior Manager of Compliance Monitoring

Welcome

8:00 a.m.

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

8:15 a.m.

Registered Entity Forum (REF) REF Steering Committee Members Whether attending the seminar or not, registered entities may submit questions prior to the seminar to REF Steering Committee members at the email links below for discussion during the REF session. Please submit questions by noon on September 16. Jennifer Blair, CFE [email protected] LG&E and KU Energy Allan Long, PE [email protected] Memphis Light, Gas and Water Division Bill Thigpen [email protected] PowerSouth Energy Cooperative

9:15 a.m.

Break

2

Agenda

* * * WebEx Begins * * *

Agenda WebEx Logon 2019 Upcoming Events 2020 Outreach Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

9:30 a.m.

Welcome WebEx Attendees

Jason Blake - SERC President and CEO

and SERC Update

Risk-Based Audit Approach

Carlos Valiente - SERC Senior CIP Auditor

10:00 a.m.

10:30 a.m.

Break

10:45 a.m.

NERC CIP Update

Daniel Bogle - NERC Senior CIP Assurance Advisor

11:30 a.m.

CIP Themes Report and

Todd Beam - SERC

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

Lessons Learned

Senior Lead Compliance Specialist

12:00 p.m.

Lunch Visit with Registered Entity Forum Steering Committee Members in VACAR Conference Room.

12:45 p.m.

REF Recap

Todd Curl - SERC Senior Manager of Compliance Monitoring

SERC Audit Approach to CIP-014

Matt Stryker - SERC Senior CIP Auditor

1:00 p.m.

1:30 p.m.

Low Impact: CIP-003-7 Changes

Daniel Bogle - NERC Senior CIP Assurance Advisor

3

Agenda

2:00 p.m.

Break

Agenda WebEx Logon 2019 Upcoming Events 2020 Outreach Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

2:15 p.m.

Protected Entity Information

Chris Murphy - SERC Senior CIP Auditor

2:30 p.m.

SERC’s Initial Approach to Renny Ramai - SERC Low Impact Transient Cyber Assets Senior CIP Auditor

2:45 p.m.

FERC Report

David DeFalaise - FERC Office of Electric Reliability

3:30 p.m.

Break

3:45 p.m.

Evidence Request Tool

Clay Shropshire - SERC CIP Auditor

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

4:15 p.m.

SERC Assistance Team Visit

Eric Scott - Ameren Director, Reliability Standards Compliance

4:30 p.m.

Assistance Engagement

Wayne Ahl - SERC

Lessons Learned

Senior Program Manager, Assistance

4:45 p.m.

SERC Outreach & Training

Lynn Black - SERC

Opportunities

Senior Program Support Assistant

4:55 p.m.

Wrap-up

Todd Curl, NCSO - SERC Senior Manager of Compliance Monitoring

5:00 p.m.

Adjourn

4

Agenda

Wednesday, September 18, 2019

7:30 a.m.

Continental Breakfast Visit with Registered Entity Forum Steering Committee Members in VACAR Conference Room

Agenda WebEx Logon 2019 Upcoming Events 2020 Outreach Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

* * * WebEx Begins * * *

8:00 a.m.

Welcome: Day 2

Todd Curl - SERC Senior Manager of Compliance Monitoring Allan Long - Memphis Light, Gas and Water Division Manager of Regulatory Compliance Vice President, Chief Information Officer Nacy Millé - Entergy Manater, IT Regulatory Compliance & Continuous Improvement Zeeshan Sheikh - Entergy

8:05 a.m.

REF Steering Committee Election

8:15 a.m.

CIP Internal Controls:

Best Practices & Lessons Learned

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

8:45 a.m.

TVA’s Patch Management Program Ivana Hinton – Tennessee Valley Authority (CIP-007 R2) Configuration Management & Security Nick Van Allen Real Time Operations Infrastructure Administrator

9:15 a.m.

Break

5

Agenda

9:30 a.m.

Audit Preparation Panel Discussion

Jennifer Blair - LG&E and KU Energy, LLC

J Blair Presentation B Cain Presentation

Senior Compliance Specialist

Agenda WebEx Logon 2019 Upcoming Events 2020 Outreach Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

Brandon Cain - Southern Company CIP Compliance Assurance Manager

V Naik Presentation

Vijay Naik - SERC CIP Auditor

M Stryker Presentation

Matt Stryker - SERC Senior CIP Auditor

10:40 a.m.

Break

10:50 a.m.

Physical Security Access Revocation

Matt Stryker - SERC Senior CIP Auditor

11:20 a.m.

Align

Andrew Williamson - SERC Director, Reliability Assurance

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

11:25 a.m.

REF Responses

SERC Staff

Todd Curl, NCSO - SERC Senior Manager of Compliance Monitoring

11:55 a.m.

Wrap-up

12:00 p.m.

Adjourn

6

WebEx Logon

The WebEx session will not be recorded.

Tuesday, September 17, 2019 Join Webex meeting Meeting number (access code): 718 798 794 Meeting password: SERC Join by phone 1-408-792-6300 Call-in toll number (US/Canada) Wednesday, September 18, 2019 Join Webex meeting Meeting number (access code): 713 663 743 Meeting password: SERC Join by phone 1-408-792-6300 Call-in toll number (US/Canada)

WebEx Begins at 9:30 a.m. (Eastern)

Agenda WebEx Logon 2019 Upcoming Events 2020 Outreach Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

WebEx Begins at 8:00 a.m. (Eastern)

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

Participants will be muted upon entry to eliminate background noise. Please send questions through the Chat feature. If your question is too lengthy to type, send a request through the Chat feature to be un-muted. Can't join the meeting? IMPORTANT NOTICE: Please note that this WebEx service allows audio and other information sent during the session to be recorded, which may be discoverable in a legal matter. By joining this session, you automatically consent to such recordings. If you do not consent to being recorded, discuss your concerns with the host or do not join the session.

7

2019 Upcoming Events

September 24 - 26 System Operator Conference October 8 - 9 Fall Compliance Seminar

Technical Committee Meetings : Charlotte, NC / WebEx September 30 - October 2

8

2020 Outreach & Training Events

Compliance Seminars: Charlotte, NC / WebEx Event details and registration will be available on the SERC website under Outreach / Upcoming Events by November 15, 2019.

March 10 - 11

Spring Compliance Seminar

March 11 Small Entity Seminar October 6 - 7 CIP Compliance Seminar November 10 - 11 Fall Compliance Seminar

MORE

9

2020 Outreach & Training Events

Webinar Series Event details will be available on the SERC website under Outreach / Upcoming Events by November 15, 2019. No registration required.

January 27 February 10

Q1 2020 Open Forum

SERC 101

May 11 July 27

Q2 2020 Open Forum Q3 2020 Open Forum

MORE

10

2020 Outreach & Training Events

System Operator Conferences Event details and registration will be available on the SERC website under Outreach / Upcoming Events by November 15, 2019.

April 7 - 9

Greenville, SC

April 28 - 30 Greenville, SC August 25 - 27 Franklin, TN Sep 29 - Oct 1 Franklin, TN

MORE

11

2020 Technical Committee Meetings

Event details and registration will be available on the SERC website under Outreach / Upcoming Events by November 15, 2019. Technical Committee Meetings : Charlotte, NC / WebEx • Spring March 16 - 18 • Fall September 28 - 30

Summer Regional Meeting / Pig Roast To Be Announced

12

Antitrust

• It is SERC’s policy and practice to obey the antitrust laws and to avoid all conduct that unreasonably restrains competition. This policy requires the avoidance of any conduct that violates, or which might appear to violate, the antitrust laws. • It is the responsibility of every SERC member, every SERC member employee who participates in SERC activities, and SERC staff personnel who may in any way affect SERC’s compliance with the antitrust laws to carry out this commitment . • Participants in SERC activities should refrain from the following prohibited discussions when acting in their capacity as participants in SERC activities: – Discussions involving pricing information, especially margin (profit) and internal cost – Discussions of a participant’s marketing strategies – Discussions regarding how customers and geographical areas are to be divided among competitors – Discussions concerning the exclusion of competitors from markets – Discussions concerning boycotting or group refusals to deal with competitors, vendors, or suppliers • Any other matters that do not clearly fall within these guidelines should be brought to the attention of the SERC office.

Agenda WebEx Logon 2019 Upcoming Events 2020 Outreach Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

13

Confidentiality Policy

• Members of SERC committees may, in performing SERC functions, have to use information of a sensitive and commercial nature, including but not limited to that provided by SERC members and designated as “Confidential”, that SERC members customarily hold confidential and do not disclose publicly. • The SERC Confidentiality Agreement prohibits (i) the use of Confidential Information by Member Employees for other than SERC purposes and (ii) the disclosure of that information to any third party, unless disclosed to NERC pursuant to delegation agreement, or to a third party that has signed a Confidentiality Agreement with SERC. • If either you or your employer has not signed such an Agreement and/or your employer has not designated you as a Member Employee authorized to receive Confidential Information then you will not be given access to Confidential Information and you will be required to leave the meeting before any such information is disclosed, used, or discussed.

Agenda WebEx Logon 2019 Upcoming Events 2020 Outreach Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

14

Standards of Conduct

• The Federal Energy Regulatory Commission’s Standards of Conduct for transmission providers forbid a transmission provider from providing an undue preference or advantage to any person and require transmission providers to treat all customers in a not unduly discriminatory manner. • All participants in the SERC Identified Reliability Risk Team are expected to abide by the restrictions in the Standards of Conduct. • During any meetings, discussions, or other activities of the SERC Identified Reliability Risk Team, all participants should: – Refrain from disclosing non-public transmission function information, which includes any information related to day-to-day transmission operations and planning, such as transmission outages and constraints. – Refrain from discussing any non-public transmission customer-specific information. – If any non-public transmission function information or non-public customer information is disclosed during a SERC Identified Reliability Risk Team activity, the participants receiving that disclosure should not further disclose that information to any marketing function employees within their organizations or use any other person as a conduit to disclose such information.

Agenda WebEx Logon 2019 Upcoming Events 2020 Outreach Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

15

Acronyms

The master Acronym Reference Index is on the FAQ & Lessons Learned page of the SERC website under Outreach. It is updated following each outreach event.

Agenda WebEx Logon 2019 Upcoming Events 2020 Outreach Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

3PAO

Third party assessment organization

4Ps

[An organization’s] Policies, Programs, Plans, Procedures

AISME

Assistance Industry Subject Matter Expert

ANL

Audit Notification Letter

AoC

Areas of Concern

ATL

Audit Team Lead

BCS

BES Cyber System

BCSI

BES Cyber System Information

BES

Bulk Electric System

BU

Business Unit

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

CA

Compliance Assessment

Critical Infrastructure Protection (Family in NERC Reliability Standards)

CIP

CIWG

Compliance Input Working Group

CMEP

Compliance Monitoring and Enforcement Program

CMEP IP

Compliance Monitoring and Enforcement Program Implementation Plan

DR

>Page 1 Page 2 Page 3 Page 4 Page 5 Page 6 Page 7 Page 8 Page 9 Page 10 Page 11 Page 12 Page 13 Page 14 Page 15 Page 16 Page 17 Page 18 Page 19 Page 20 Page 21 Page 22 Page 23 Page 24 Page 25 Page 26 Page 27 Page 28 Page 29 Page 30 Page 31 Page 32 Page 33 Page 34 Page 35 Page 36 Page 37 Page 38 Page 39 Page 40 Page 41 Page 42

www.serc1.org

Made with FlippingBook - Online magazine maker