Internal Controls Cheat Sheet - rfirst.org
Transcript of Internal Controls Cheat Sheet - rfirst.org
Welcome to
August 16, 20212:00 pm
PUBLIC
Technical Talk with RFMonday, August 16 2:00 – 3:30 p.m. EDT
Join the conversation at
Slido.com#TechTalkRF
Please keep your information up-to-date! • CDMS, CORES, Generation Verification Forms, Entity Profile Questionnaires (quarterly)
Following an event, send EOP-004 or OE-417 forms to [email protected] incident reports are sent to the E-ISAC and the DHS CISA
Check our monthly CMEP update and quarterly newsletter for: • 2021 ERO Periodic Data Submittal schedule• Timing of Standard effectiveness. Note: some changes due to COVID-19.
BES Cyber System Categorization (CIP-002-5.1a)• Assess categorization (low, medium, or high) regularly and notify us of changes
CIP Evidence Request Tool V5.0 is online, see website.
Technical Talk with RFReminders
Technical Talk with RFReminder
RF Compliance Program Monthly Update LetterThe monthly update letter is posted to our website in the Compliance Monitoring program area under Compliance Program Update. This letter contains information on CORES, Align, Technical Talk with RF, workshop announcements, plus updates from FERC and NERC.
Chain of Custody and Critical Infrastructure Systems The Cybersecurity and Infrastructure Security Agency (CISA) released a new CISA insights which offers critical infrastructure owners and operators guidance for security chain of custody for their physical and digital assets. This insight provides an overview of what chain of custody is, highlights the potential impacts and risks resulting from a broken chain of custody, and offers critical infrastructure owners and operators an initial framework with five actionable steps for securing chain of custody for their physical and digital assets.
CISA Posting
Technical Talk with RFAnnouncements
2021 ERO Reliability Risk Priorities ReportNERC’s 2021 ERO Reliability Risk Priorities Report, a forward-looking view of imminent and projected risks to bulk power system (BPS) reliability, has identified four significant evolving and interdependent risks. The most significant, grid transformation, has broad implications as it can be a catalyst for additional changes, often amplifying the impact on reliability, resilience and security. The report also examines in detail the three additional risks: security; increased vulnerability due to extreme events — most recently related to weather and the pandemic; and critical infrastructure interdependencies, such as the ability to deliver natural gas to generating units supporting reliability, resilience and security of the BPS.
Report Link
Technical Talk with RFReminder
Security Working Group (SWG) Assessing and Reducing Risk Technical Reference Document plus Risk Tool and SurveyThe Risk Reference document can help organizations evaluate their security and compliance posture and determine how to address any gaps that are identified.
The Risk Tool maps requirements of the CIP Reliability Standards to the National Institute of Standards and Technology (NIST) Cybersecurity Framework.
A Tool Survey has also been developed; users are asked to complete it so the SWG can use the results to identify areas where improvements could be made.
Technical Talk with RFReminder
MRO’s Security Advisory Council (SAC) and Compliance Monitoring & Enforcement Program Advisory Council (CMEPAC) are hosting:BES Cyber System Information in the CloudAugust 18, 10:00 – 11:00 a.m. Central (11-12 EDT)Compliance experts will provide an overview of the minimum requirements and recently approved standard modifications, and cyber security experts will explore various cloud security topics your organization will need to be familiar with to store BCSI securely in the cloud.
Registration Link
Technical Talk with RFAnnouncements
RF Compliance Committee Meetings – Open SessionAugust 18, 1:00 – 3:00 p.m. EasternRF Entities and stakeholders are encouraged to join the open session of our Compliance Committee Meetings. This Wednesday’s meeting includes presentations on winter preparedness and violation trends, as well as feedback from Exelon on their recent compliance monitoring engagement combining a CIP and Operations & Planning audit.
Registration Link
Technical Talk with RFAnnouncements
MRO 2021 Reliability ConferenceAugust 24, 9:00 a.m. – 3:30 p.m. Central (10-4:30 EDT)
MRO’s Annual Reliability Conference will include presentations on electric grid dependence on natural gas, the changing resource mix and impact on coal plant operations, facility ratings, the 2021 cold weather event, and Canadian provincial grid code review.
Registration Link Meeting Agenda
Technical Talk with RFAnnouncements
SERC & ReliabilityFirst Joint Webinar onCold Weather PreparednessAugust 24, 9:00 a.m. – 12:00 p.m.
This webinar will utilize the results of the 2020/2021 SERC Winter Weather Survey plus industry experts across the ERO and industry to provide insight into Cold Weather best practices with a focus on exposed equipment, training, documentation, experiences, and lessons learned.
Registration Link
Technical Talk with RFAnnouncements
RF Internal Controls WebinarAugust 25, 1:00 – 4:30 p.m. EDT
Technical Talk with RFAnnouncements
Building on our last Internal Controls event, this webinar will focus on the importance of culture within the internal control program; how and why the tone at the top, tone at the middle and the acceptance throughout is crucial; and how that can drive the appropriate mitigation of risk, as well as reliability, resilience and security.
This event is especially relevant for C-suite and Vice Presidents, directors, supervisors, managers, primary/alternate compliance contacts, plus SMEs involved in creating and managing internal controls.
Registration Link
Winter Preparation for Severe Cold WeatherSeptember 2, 1:30 – 4:00 p.m. EasternThe North American Electric Reliability Corporation will conduct a webinar to provide the industry information and material for use in entity cold weather preparedness. The webinar will include topics like generator failure modes and mechanisms, a winter reliability assessment, and natural gas and electrical operation coordination considerations. Special updates on the latest Electric Reliability Organization winter weather activities will also be shared.
Registration Link
Technical Talk with RFAnnouncements
CMEP Practice Guide Application of the BES Definition to Battery Energy Storage Systems (BESS) and Hybrid ResourcesSeptember 2, 11:00 a.m. – 12:00 p.m. EasternNERC and Regional representatives will be holding an informal webinar to discuss the CMEP Practice Guide on considerations for ERO Enterprise CMEP staff regarding application of the BES definition to BESS and Hybrid Resources, as well as provide associated guidance related to the NERC Registration requirements for the owners and operators of these resources.
Registration Link
Technical Talk with RFAnnouncements
Save the Date! An ERO Enterprise Align Training will be scheduled for September 28 from 12:00 – 3:00 p.m. Eastern. NERC will host the meetings and the regions will all participate with sharing content and answering questions.
Reminder! Technical Feasibility Exceptions (TFEs) need to be re-entered into Align by September 30. Any questions, please contact Ray Sefchik or visit www.rfirst.org/align
Technical Talk with RFAnnouncements
GridSecCon Registration is Open
NERC and Texas RE are co-hosting the 10th annual GridSecCon virtually on October 19-20, with training opportunities available October 18. GridSecCon features world-class training sessions, cutting-edge discussions, and in-depth presentations on emerging cyber and physical threats. Plus, don’t worry, we are moving up Technical Talk with RF one week that month to October 11.
Registration Link
Technical Talk with RFAnnouncements
GridEx VIE-ISAC will facilitate its sixth grid security exercise, GridEx VI, on November 16-17, 2021. GridEx provides the electricity industry, government agencies, and other relevant organizations the opportunity to exercise emergency response and recovery plans in response to simulated cyber and physical security attacks and other contingencies affecting North America’s electricity system.
Registration Link GridEx Fact Sheet
Technical Talk with RFAnnouncements
Technical Talk with RFAnnouncements
Technical Talk with RF is typically scheduled the third Monday of each month 2:00-3:30 p.m.
However, save the date for our next event, Monday, September 13
moved up one week due to the RF Annual Reliability & Compliance WorkshopSeptember 22 & 23, 1:00 – 5:00 p.m. Eastern
Next month’s Technical Talk with RF will focus on Vegetation Management and Emergency Preparedness.
Welcome toTechnical Talk with RF
August 16, 2021
PUBLIC
Tech Talk announcements and presentations are posted on our calendar on www.rfirst.org under Upcoming Events
Technical Talk with RFReminder
Technical Talk with RF
Anti-Trust StatementIt is ReliabilityFirst’s policy and practice to obey the antitrust laws and to avoid all conduct that unreasonably restrains competition. This policy requires the avoidance of any conduct which violates, or which might appear to violate, the antitrust laws. Among other things, the antitrust laws forbid any agreement between or among competitors regarding prices, availability of service, product design, terms of sale, division of markets, allocation of customers or any other activity that unreasonably restrains competition.
It is the responsibility of every ReliabilityFirst participant and employee who may in any way affect ReliabilityFirst’s compliance with the antitrust laws to carry out this policy.
Technical Talk with RFMonday, August 16 2:00 – 3:30 p.m. EDT
Join the conversation at
Slido.com#TechTalkRF
Technical Talk with RFAugust 16, 2021
Today’s Agenda
Align UpdateRay Sefchik – Director, Entity Engagement, RF
Security Integration and Technology Enablement Subcommittee (SITES)Dr. Ryan Quint – Senior Manager, BPS Security & Grid Transformation, NERCJohnny Gest – Manager, Engineering and System Performance, RFDavid Sopata – Principal Reliability Consultant, Entity Engagement, RF
Real-time Assessments FERC/ERO Joint ReportBrian Thiry – Manager, Entity Engagement, RFClayton Calhoun – Senior Engineer, Grid Planning & Operations, NERC