PCS supports NERC’s guidance on designing and implementing a robust framework for managing evidence to demonstrate compliance with the Reliability Standards. This is vital to the overall effectiveness of a Registered Entity’s NERC Compliance Program.
Below are some guiding principles PCS offers for consideration in managing your NERC Compliance Program.
Produce Quality Evidence
Implement practices to ensure appropriate audit evidence records are developed.
Establish internal controls, actionable processes, and procedures that, when implemented, naturally produce the evidence needed to demonstrate compliance to the given Standard requirement(s).
Ensure policies and procedures are formalized with a consistent look and feel that contain a document title, authorizing signature(s), effective dates, version levels, revision history, definitions, or purpose statement.
When a requirement contains a performance-related task, PCS recommends it be documented. Implement practices to ensure records are appropriately dated and timestamped.
If emails are used as evidence, ensure they are saved in a text-searchable format.
Request acknowledgment from parties to whom you are submitting the required information. Maintain the acknowledgment from the receiving party with your submittal record.
Establish a Secure Evidence Repository
Ensure records are regularly backed-up and stored in a secured environment.
Implement controls to ensure records are unable to be accidentally deleted.
Implement measures to protect and restrict access to Critical Energy/Electric Infrastructure Information (CEII) data and applicable Bulk Electric System Cyber System data that are required to be encrypted in storage and during transit.
Implement Evidence Retention Practices
Implement practices for adhering to the evidence retention requirements typically addressed in Section C of the Reliability Standards.
Ensure that evidence records used to demonstrate compliance are retained and disposed of through a controlled process by designated personnel. Refer to your organization’s records retention policy, if applicable.
Assure Documentation is Easily Retrievable
Implement practices to regularly process and format evidence records so that they are easily retrievable. This practice becomes very important when personnel changes occur.
Conduct Periodic Reviews
Implement a process to periodically review your evidence to assure you are gathering the appropriate documentation, especially if a new RSAW or Standard is approved. The Compliance Monitoring Approach Section within the NERC RSAWs can be beneficial for this task.
If you have questions regarding NERC Compliance Program Recordkeeping Practices or other NERC Reliability Standards compliance needs, PCS can help. Please contact Dale Zahn at dzahn@provencompliance.com or (262) 436-4116 for further information. To learn more about Proven Compliance Solutions Inc., visit our website at www.provencompliance.com.