NERC Self-Reporting: How to Make the Best of a Bad Situation
by Daniel Jenkins – NERC Reliability Specialist, NAES Corporation
From time to time, we all find ourselves in the awkward position of having to admit we made a mistake. It could be something minor, like forgetting your key card to get into work – or something bigger and messier, like a NERC violation. NAES holds itself to the highest standards of safety and reliability in operating power plants, and with that comes a commitment to regulatory compliance. If you’ve identified a possible NERC violation at your facility, here are some suggestions on how to proceed and what you might expect.
First, don’t hold back: share your concern immediately. Let your plant manager, compliance manager and corporate support personnel know as soon as possible. They can help determine what the issue is and what corrective action should be taken. If there’s a possible violation of a NERC Standard or Requirement, we support the NERC guidance that recommends filing a Self-Report. It demonstrates a strong culture of compliance and a proactive approach to maintaining reliability.
Second, start an internal investigation of the event immediately by gathering evidence, documentation and statements from all personnel who had any involvement in the event. With this information in hand, you can put together a timeline and review the scenario to determine if there has in fact been a NERC violation. As part of your investigation, create a list of possible root causes. These will help your team brainstorm preventive measures to avoid a recurrence of similar actions or inaction. They can also be included in a Mitigation Plan, if your Regional Entity determines that you need to submit one. (More about that later.)
Once you know exactly what has happened, you should start your Self-Report. To put it in proper contexts, note the NERC Rules of Procedure: a Self-Report should be filed ‘when a Registered Entity becomes aware that it has or may have violated a Reliability Standard or when the Violation Severity Level of a previously reported violation has changed.’
The Rules of Procedure also set forth a specific protocol to be followed once a Self-Report is filed. When your Regional Entity’s compliance department receives it, they will complete a Preliminary Screening within five days. If the screening determines that 1) the entity is a registered entity, 2) the standard being reported is applicable to the entity, and 3) there is not a duplicate possible violation currently being processed, the Self-Report will be moved on to the Enforcement Actions process. From there, the Regional Entity will further evaluate it and issue either a Compliance Exception; a Find, Fix and Track; or a Notice of Alleged Violation, depending on the severity and risk of the non-compliance.
In the end, your Regional Entity should feel confident that you have both corrected the issue and taken internal actions to prevent a recurrence. If you haven’t demonstrated this convincingly in your Self-Report, you may be required to submit a formal Mitigation Plan, which will need to be approved and then tracked. When all actions have been completed, you’ll receive a Notice of Completion of Enforcement Action to close out the violation. Your organization should then review this process in order to document lessons learned, develop internal controls and take any other action deemed necessary to support continuous improvement.