CERM® – Electric Reliability™

THE CHALLENGE
All registered entities have heard about or will soon hear about NERC’s Reliability Assurance Initiative (RAI).  It may be a game changer for ERO compliance and enforcement. Why?  NERC and the Regional Entities currently “follow a ‘zero tolerance’ application of compliance and monitoring without regard to the risk to the bulk electric system.”   In the current state of compliance, all noncompliance issues with requirements are treated equally.  According to a NERC ‘White Paper’, the ERO plans to abandon its ‘zero tolerance’ compliance monitoring and enforcement because:

  • Pursuit of violations without regard to risk is not effective.
  • Focus is now on documenting compliance, not reducing risk and improving reliability
  • Enforcement focuses on the past not on current state or future state of reliability.
  • Improvement to processes focus on administration but do not have a commensurate impact on improving reliability

QUALITY + ENGINEERING SOLUTION
Quality Plus Engineering (Q+E) developed Certified Enterprise Risk Manager® (CERM) certificate to address 1: Risk based problem solving and 2. Risk based decision-making challenges facing all organizations in these times of volatility, uncertainty, complexity, and ambiguity (VUCA).  Q+E designed CERM to provide Proactive-Preventive-Predictive-Preemptive™ assurance processes. Q+E developed CERM – Electric Reliability™ (CERM – ER) to address the challenges of NERC’s Reliability Assurance Initiative.  CERM – ER offers the following benefits:

  • Provide risk-based problem-solving and decision making tools similar to FERC’s Risk-Informed-Decision-Making (RIDM).
  • Know the essentials of enterprise risk management (ERM) including a common vocabulary, standards, principles in NERC RAI, DOE’s risk management process, and other regulatory risk standards such as RAMCAP, ISO 31K, FAA SMS, and others.  Visit Critical Questions Answered by CERM – ER and CERM – ER Outline and Learning Objectives and CERM ER exam questions for more information.   
  • Know how to design, develop, and deploy a tailored system of controls at the enterprise, process, and transactional levels.  System is harmonized to the DOE Cyber Security Risk Management Process.
  • Know how to conduct Red Book/Yellow Book audit based on the Q+E’s Value Added Auditing that has been DHS designated and certified under the Safety Act.
  • Learn how to apply risk management and internal controls in the context of the ERO enterprise.  CERM – RE was piloted with Midwest Reliability Organization (MRO).  CERM – RE offers Ops/Planning and CIP examples of control systems, risk management, and assurance.  DHS risk management best practices are also emphasized.
  • Get ahead of NERC by developing a risk based problem solving and risk based decision making internal control framework that will satisfy RAI requirements.
  • Self assess your reliability governance model, risk management processes, and your transactional controls to each OPS/Planning and CIP standard.
  • Obtain guidance from on a Critical Infrastructure Protection: Forensics, Assurance, Analytics™ engineering firm that has forensics and assurance experience in more then 5 CIP sectors, including gas, electric reliability, chemicals, cyber security, water and other CIPS.  Q+E technologies have been  certified by DHS under the Safety Act.  Q+E has developed best selling assurance products published by John Wiley, Prentice Hall and other global publishers.  
  • Learn FISMA, NIST 800, DOE and other cyber security guidelines.  CERMs also can attend specialized webinars for the first year at no charge.
  • Develop a ‘Next Steps: Implementation plan for complying with NERC’s Reliability Assurance Initiative (RAI).
Note:  Q+E has worked with the enforcement side.  Q+E is looking for partners to pilot CERM – RE on the registered entity side.

For Additional Information, contact:
 Greg Hutchins PE CERM
GregH@QualityPlusEngineering.com
503.233.1012 or 800.COMPETE