200 likes | 358 Views
Compliance Works TM. Electric Reliability Standards Compliance Management (NERC, Regional, ISO, CIP) Application Overview Andre Chon, Vice President AUS Consultants Steve Rossi, Managing Director Flexnova. Application Overview.
E N D
ComplianceWorksTM Electric Reliability StandardsCompliance Management(NERC, Regional, ISO, CIP)Application OverviewAndre Chon, Vice PresidentAUS ConsultantsSteve Rossi, Managing DirectorFlexnova
Application Overview • Ability to store and manage the compliance, responsibility, accountability and audit-readiness of an electric utility’s various legal entities for appropriate time periods relative to their functional roles as detailed by the NERC and regional standards • Enables proactive planning and delegation of tasks to address announced compliance schedules • Easy to configure for company-specific needs • Capability to manage all compliance activities for approved standards, standards under development and retired standards • Pre-loaded with all NERC (including CIP) and applicable regional standards, requirements and measures • Captures the approval of line of business employees and executives (can be recorded using electronic signatures applied to approved documents and integrated with Active Directory records) • Configurable to suit varying needs across multiple operating units • Appropriate visibility and dashboards available to different levels of management as needed • Ability to manage all reliability related standards (NERC, RRO, ISO, Internal) • Rapid deployment within and across operating units • Leverages proven off-the-shelf technology platform (SharePoint) to provide familiar Windows interface and advanced document management capabilities • Reasonable investment in terms of cost and effort required Based on the Electric Utility industry’s reliability standards compliance needs, we designed ComplianceWorks with the following attributes:
Features The following is a brief overview of some of the key features of the application: • Coordinated management of compliance across all legal entities and functional roles • Relational database which serves as system of record for legal entities, functional roles and corresponding NERC and regional standards, requirements and measures, ISO tariffs, etc. • Compliance dashboards with color coded indicators for key compliance information • Configurable tasks, roles and processes • Look-back function showing which standards and requirements were applicable to each legal entity based on functional roles • Ability to produce electronic and hard copy documents for audit purposes • Automated task assignment and tracking based on regional and NERC audit schedules. • Task assignment, tracking and escalation • Flexible and intuitive workflow for standards, requirements, measures and compliance planning. • Automated audit preparation and submission of information to Regional Reliability Organizations (RRO’s).
Features (cont.) The following is a brief overview of some of the key features of the application: • Ad hoc and canned reporting and statistics on all compliance management data • Audit trails and automated document indexing, storage and retrieval. • Ability to effective date the addition and deletion of functional roles and legal entities for historical reporting. • Robust Search capabilities • Ability to automatically populate workspaces and repositories with template forms, documents and folder structures • Ability to manage and view compliance information by voluntary, pending, approved or mandatory standards • Configurable event based notification • Ability to add/modify/delete navigational elements of the application to suit business needs • Ability to expand and collapse standard requirement sections and sub-sections for granular or aggregated delegation and reporting
The application is pre-packaged with all approved NERC and regional Standards and Requirements
All application data is stored in a relational database that correlates all relevant information including: standards, requirements, legal entities, functions, roles, events, compliance levels, gaps, compliance schedules, etc.
External and internal audit schedules can be set up to automatically assign tasks to various roles for each Standard/Requirement applicable to one or more functions
Compliance workflow events and notifications can be configured for each role that is defined by the company
The Company’s legal entities are entered into the application database with their appropriate functional roles Flexibility: Additional fields can be added to each of the database records to suit company-specific needs.
Ad hoc and canned reporting of all fields in the database is available.
Work areas and document repositories are automatically populated with predefined role assignments and template documents for all standards and requirements that the legal entities are responsible for, based on their functional roles
Work areas and document repositories are accessed via SharePoint (Includes Gap Analysis views and filters of all compliance information with color coded indicators)
Dashboards with drilldowns can be configured using various compliance related parameters and measures
Artifacts (files and links) for substantiating compliance are worked on and stored in an “In-Process” library and automatically moved to an archive in preparation for scheduled audits (uploads to RROs can also be configured)
Edit screen for managing and tracking compliance status of each Requirement for a given Entity/Function combination
Configurable role-specific assignment and task completion screens
Critical Cyber Assets (CIP Standards) Home (Genco-GO-CIP-002-1-R3) Critical Cyber Assets Search Locate by: Type: All Critical Asset Supported: All Physical Security Perimeter: All Function: All Service Start Date: All Criticality: All Service End Date: All Critical Cyber Assets Prev Next Page 1 of 52 (312 items total)
Workflow, task assignment and document management for SARs are also supported
Approach and Background Information • Our software is built on top of Microsoft SharePoint, a widely used and industry accepted technology platform. • The application leverages the integration between SharePoint, Office, SQL and Outlook to provide a fully integrated collaboration, document management and business process enablement platform. • ComplianceWorks was developed in close consultation with various electric utilities. Our advisors included AEP, Otter Tail Power, Sempra, PHI, ConEdison, Constellation Energy, and Kansas City Power & Light. • ComplianceWorks leverages components from the already proven regulatory compliance framework (CaseWorks) we developed to help Utilities manage their rate case and regulatory activities. Current CaseWorks customers:AEP, AGL, APS,CenterPoint Energy,ConEdison,Constellation Energy,Kansas City Power & Light,Otter Tail Power,PHI, Washington Gas. • We combine extensive utility industry experience (AUS’s 40 years in the business) and technology expertise (Flexnova) to deliver an application which can be configured and deployed with minimal customization and effort. • The software license cost includes training for all users.
Approach and Background Information (cont.) • Users Group Conferences - As we have done with CaseWorks, we will hold annual Users Group meetings to provide our NERC compliance customers a forum to share best practices and exchange ideas for dealing with evolving NERC compliance standards. • We expect that NERC and regional standards will be in a state of flux for the foreseeable future because the mandatory compliance process is something new to both the regulators and the utilities. We will be actively monitoring the situation and collaborating with customers and regulatory bodies to make sure that our application continuously evolves to enable customers to meet all regulatory requirements. • The software maintenance agreement entitles you to take advantage of all subsequent enhancements we make to the application for other customers. Example: Constellation Energy, our first CaseWorks customer, has benefited from the addition of more new features and functions than those that were part of the original application. • We have an excellent reputation for being easy to reach and responding quickly to customer questions and issues. • The application can be configured and fully deployed within as little as 3 – 6 weeks. Why can we do this so quickly? Because we leverage reusable standards templates and database structures. Also, using our SharePoint-based business process support framework enables most needs to be met via configuration as opposed to building custom code.