MetricStream

INDEPENDENT SYSTEM OPERATOR ACHIEVES AND ENSURES COMPLETE NERC COMPLIANCE FOR ITS MARKET PARTICIPANTS
Customer
The customer is a non-profit corporate entity, an Independent System Operator (ISO), which develops, enforces and monitors reliability standards and ensures compliance in the operations of the transmission systems of the entire province. The ISO connects all participants - generators, transmitters, retailers, industries that use it and local distribution companies. Overseeing hundreds of power entities in the region, the ISO ensures the reliable operation of the provincial electricity grid and acts as the reliability coordinator for the province and reports on the progress of projects underway to meet the reliability requirements of the province.

CASE STUDY

Overview Benefits
Absolute NERC compliance: With MetricStreams efficiently formulated workflows, pre-built NERC content libraries, configuration of existing framework, structured organization of dataand well-defined regulation relationships, the ISO is able to gain a strong grip over its NERC compliance requirements and fulfill them effectively. This has helped in weeding out inconsistencies, duplications and disparities among business units as well as market participant organizations and led to complete NERC compliance. Fool proof control: MetricStream Solutions detailed reporting, minute compliance tracking and efficient handling of non-compliance issues has paved the way to error-free control and mitigation processes at the ISO. Every incident of non-compliance is captured, closed and used for creating mitigation plans, further strengthening the complete control over compliance.With the ability to track the status, progress and outcome of control, compliance teams at the ISO are now able to plan and ensure ongoing compliance in the organization. Clear visibility into compliance and control activities: The integrated single platform covering the entire web of the ISOs operations, along with centrally stored and organized regulatory repository, provides the ISO a unified view of the compliance and control activities at every level. Improved safety of confidential information: Central organization of information coupled with secure, restricted access has resulted in improving the safety of confidential data, policies and documents. While making the relevant information available to every role in the ISO, MetricStream Solution has controlled the illegitimate access to confidential information and rooted out the possibility of data theft and system intrusions.

The power industry today goes beyond the management of a collection of power plants and transmission lines.Maintaining an effective grid calls for the management of diverse but connected flows such as the flow of energy across the grid, the exchange of information about power flows and the equipment it moves across, the flow of fundsamong producers, marketers, transmission owners, buyers and others. Adding to the challenges and complexity of active factors, the increasing number of regulatory demands renders another dimension to the landscape of the power industry. The province where the ISO operates, utilizes an enormous quantity of electricity a year. Ensuring the availability of enough energy to meet this demand is an ongoing and highly complex process which requires the close co-ordination of all parts of the system. The ISO is at the center of it all, directing the flow of power across the province. This makes it mandatory for the ISO to adhere to reliability standards such as those instituted by the Northeast Power Coordinating Council (NPCC), North American Electric Reliability Corporation (NERC), compliance requirements that impose stringent regulatory oversight and reporting needs. Being responsible for enforcing and monitoring reliability standards in the electricity system of the entire province, the ISO was keen on complete assured NERC compliance among all the entities and stakeholders.

Challenges
Ensuring compliance with NERC across a large number of participants The standards and regulatory requirementsin the power industry are increasing in number as well as rigorousness. The ISO needs to adhere to standards and regulations set by ERO, NPCC, NERC, FERC and Energy Policy Act (EP Act), Sarbanes Oxley Act (SOX) and much more. Ensuring a complete compliance with NERC across a large number of market participant organizations was proving challenging for the ISO. Lack of visibility into compliance levels of market participants With hunders of power entities to manage and the mammoth task of ensuring complete compliance across the participant universe including interconnections with neighboring provinces, the ISO needed to have enough visibilityin the NERC compliance levels. The absence of consolidated compliance and control information was leading to inconsistencies and duplications in regulatory and business assurance activities with implications on efficiency in productivity leading to dangers of catastrophes such as blackouts.

MetricStream
With MetricStream Solution, we achieve superior compliance with the multitude of standards that we are required to follow most stringently, NERC being the most prominent one among these. With advanced functionalities and robust architecture, MetricStreams platform is capable of completely supporting our complex NERC compliance frameworks, documentation workflows, and steep reporting demands, - says the spokesperson of the ISO Adhering to corporate ethics Ethics and compliance programs are integral to the creation of an informed workforce and ethical decision-making. Monitoring processes and providing constant access to information, training employees on compliance and ethics are some essential measures to ensure effective implementation of governance programssuch astraining on cyber security, code of conduct, consequences of unethical behavior, conflicts of interest, confidentiality of information and reporting violations and other programs that lead to better business practices and compliance with regulations.Creating a culture of compliance and maintaining a high level of integrity among employees are some of the challenges for the ISO. Need to consolidate compliance requirements Adopting a more sophisticated way to streamline and automate implementation and monitoring of standards and annual compliance reporting schedules for NERC standards across all components market participants, business units, standards authority, Core Reliability Standards Team, Extended Reliability Compliance Team, Compliance Enforcement Teamand the management was becoming imperative for the efficiency of the ISO.

Solution
MetricStream Solution is used by both internal users of the ISO as well as the market participants. The solution helps internal users: Create, schedule and manage self-certifi cation based on the IRCP schedule Manage escalation process for selfcertification Conduct and record gap analysis for market rules Conduct and record gap analysis for compliance evidences Request, submit and ratify mitigation plans Manage and document NERC, NPCC and OCEP library which includes standards, requirements and more The ISOs market participants use MetricStream Solution to create and submit: Self-certifications to indicate their compli ance status Self-reporting of non-compliance Submit mitigation plan and report the status of fulfillment of the mitigation plan The ISO needed to streamline and automate implementation and monitoring of multiple compliance requirements including NERC and NPCC and was looking at a solution for integrating standards and its requirements, capturing reporting from various market participant organizations across the province, ensuring compliance to those standards, and reporting compliance status to the standards authority. On scrutinizing various options, the ISO selected MetricStreams integrated NERC compliance and policy management solution along with, issue management and policy management (content management) solutions. The solution is a comprehensive, Web-based application based on MetricStream GRC Platform and designed to collate and manage vast amounts of regulatory information. The solution provides advanced reporting capabilities and complete workflow automation to allow the organization to track and monitor compliance with regulations following prescribed schedules. MetricStream Solution supports the ISOs organizational model across all the business units, power entities and departments, as well as their mapping to different roles and reporting relationships. The portal views are based on the users profiles and organizational mapping. The solution helps the compliance teams to track and report over a thousand standards and requirements for hundreds of participants in the energy market in the province. It facilitates report generation including Periodic Status Reports, Mitigation Status Reports,Compliance Self CertificationReportsand any other ad hoc or customized reports. MetricStream Solution extensively utilizes email as a mechanism for delivering event-based notifications, assignments, alerts, and escalations to relevant personnel to ensure timely completion of tasks. NERC Compliance Management MetricStream NERC Compliance Management Solution includes pre-populated NERC standards, prebuilt NERC content libraries, configurable compliance framework,requirements, and controls. The solution continuously monitors and captures any regulatory alert on these standards when the standards authority approves a reliability standard which can be new, revised or withdrawn. Email notifications and alerts are triggered automatically to initiate appropriate actions and stakeholders, market participants, business units are informed of approved standards. MetricStream configured the solution to map the ISOs NERC, NPCC and OCEP-compliance needs. Existing Forms and associated workflows were configured to facilitate the self-certification and selfreporting process of market participants. The solution maintains a central library of all portfolios (CIP, BAL and others), standards (CIP 001 009) and requirements in a hierarchical tree structure for users to access and reuse.

MetricStream
Why MetricStream
With advanced functionalities and easy-to-use interface, MetricStream GRC Platform is capable of completely supporting the ISOs required compliance frameworks, control and documentation workflows and reporting demands. MetricStream Solution includes pre-built NERC content libraries and ability to configure the existing complex compliance framework of the ISO. MetricStream has extensive experience and expertise in understanding NERC compliance requirements of large power companies. MetricStreams knowledge of the industry and its best practices was perceived as a huge plus point by the ISO. MetricStream has the ability to support large organizations and meet their IT requirements in the areas of integration, configurability, scalability and security.

Market participants have two roles: Delegates who are responsible for completing self-certifications, self-reporting and submit or track mitigation plans and Managers who are notified about interactions between the Delegates and the ISO and also act as the escalation points for the market participants. Delegatees can attach mitigation plans as part of their self-certification and reporting. Using the automated workflow, the Core Reliability Standards Team at the ISO coordinates all activities related to reliability standards including reporting compliance status for NERC and NPCC standards to NPCC, working with market participants and internal subject matter experts to record compliance evidence and monitor mitigation plans in cases of non-compliance. The documented NERC standards are continuously monitored for compliance. If market participants or internal subject matter experts discover that they are not compliant witha reliability standard, they immediately self-report to the ISO using the common platform. Any gaps identified during assessment are captured and tracked to closure. The solution also allows users to search for specific NERC requirements based on user-defined search parameters, including wild-card searches. Market participants are responsible for compliance to reliability standards that relate to their function on the bulk power system. The solution allows the participants to self-certify directly, through the Reliability Compliance Program. The market participants can report compliance status to the ISO, provide evidence of compliance when requested, and achieve compliant status through a mitigation plan in cases of non-compliance. Issue Management The solution supports identification and evaluation of issues as well as case investigation and tracking, leading to an elaborate remediation or corrective action process. Using the solution, the Compliance Enforcement Team coordinates corrective measures in cases of non-compliance, and ratifies the mitigation plans proposed by market participants and business units. MetricStream Solution enables the ISO to identify and resolve documentation discrepancies, gaps, coding errors and other issues that might lead to non-compliance with applicable regulations. The system assigns a unique ID to each issue, making it easy to track it from one stage to the next. Detailed information about each issue is provided and issues are categorized based on predefined criteria. Action owners are assigned for particular issues related to regulatory compliance. Failure investigations are also conducted to determine the root cause of the issue. The investigation is conducted using collaborative workflows and investigative tasks are assigned to appropriate personnel. The system sends automatic alerts and notifications to the appropriate personnel for remedial action. When a corrective action is initiated, the case closes only after the action plan is carried out. Policy and ProcedureManagement (Document Management) MetricStream Solution provides a central repository to store and organize documents. Integrated collaboration and workflow tools can be used to access, create, modify, review, and approve documents globally in a controlled manner. The solution ensures secure document access with centrally managed policy-driven controls. Rights to view, modify, distribute, or print are granted based on roles and user groups. Distribution lists are defined for a document category and check-in and check-out logs are maintained. MetricStream Solution helps various teams and business units in the ISO, market participants and management to complete a wide range of tasks and activities such as: assign subject matter experts; conduct gap analysis; record gaps;develop and submit Compliance Certification Form,Compliance Reporting Schedules; request compliance information;record Compliance EvidenceReport and compliance status;collect and record Compliance Certifications; report compliance status;request, submit, record and ratify mitigation plan; submit Periodic Status Reports;record Mitigation Status Reports;review mitigation progress.

For more information, visit www.metricstream.com Copyright 2011. All Rights Reserved.