North American Electric Reliability Corporation (NERC)
What is the North American Electric Reliability Corporation (NERC)?
NERC is a non-profit regulatory authority that is responsible for oversight of the electric grid in the United States, Canada, and part of Mexico. NERC creates and implements a set of reliability standards that are meant to guide the planning and operations of the entire North American power system.
There are six regional entities in different locations that are each responsible for the reliability and security of the grid in their area.
Who is Required to Comply with NERC?
All owners, operators, and users of bulk power systems in North America are required to register with NERC via their local regional entity and comply with the reliability standards. This is a non-negotiable condition of operating a business in the electricity sector.
Topics Included in the NERC Standards
NERC has defined for itself 4 pillars of success:
- Reliability – ensuring and improving the reliability of the power system by addressing identifiable risks.
- Assurance – providing assurance to citizens, companies, and government that the bulk power system will operate reliably.
- Learning – promoting ongoing learning and improvement of operations leading to greater reliability.
- Risk-Based Approach – focusing attention and resources on the issues that are deemed the highest-risk and most likely to impact the system’s reliability.
The standards are designed around the guiding principles of the 4 pillars. They are periodically updated and changed, and currently include the following topics:
- Asset Identification
- Policy and Governance
- Personnel and Training
- Network Security
- Security of Cyber Assets
- System Security Controls
- Cyber Security Incident Response
- Recovery Plans
- Change and Vulnerability Management
- Protection of BES Cyber System Information
- Control Center Communications
- Supply Chain Security
- Physical Security of Key Substations
What are the Benefits of NERC?
The main benefit of NERC and the standards that it puts out and enforces is the resulting overall reliability of the bulk power system throughout North America. By holding all operators subject to the same standards, NERC ensures that best practices are being followed.
Complying with NERC standards does not eliminate all risks to critical infrastructure, but it does significantly reduce the chances of any major disruptions to the delivery of electrical power.
How Does NERC Monitor and Enforce Compliance?
Each year, NERC and its regional entities’ Compliance Monitoring and Enforcement Program (CMEP) publishes an implementation plan that details how the standards will be monitored and enforced. Each year, the plan relates to specific risk elements that the committee deems most relevant, including issues such as the protection of critical infrastructure, event response, protection against system failures, and others.
NERC audits all registered organizations every six years, and those with certifications every three years. The relevant regional entity provides the organization with the forms and templates they need to fill out to provide the information required for the audit. These audits help identify gaps and areas for improvement that can help ensure that the power system remains as reliable as possible.
If your company is required to comply with NERC or other regulatory bodies, book a demo to see how LeapXpert can help streamline the compliance process.