NERC Fundamentals and Compliance/Critical Infrastructure Protection

Live Streaming Online September 26-28, 2023

A Program

Click Here to register ($2195 ($1195 each course)

If you are unable to attend at the scheduled date and time, we make recordings available to all registrants for three business days after the event

NERC Fundamentals and Compliance

September 26, 2023 | Online

“Good introduction and history into the world of NERC compliance.” GM-Engineering Services, Duke Energy

“Very informative and time well spent.” Compliance Superintendent, Alameda Municipal Power

Entities registered with the North American Electric Reliability Corporation (NERC) continue to address the complexities of NERC reliability standards implementation, on-going compliance and enforcement. Full audit schedules ensure the stakes remain high (as evidenced by the recent $10 million fine imposed on a Registered Entity). Critical Infrastructure Protection (CIP) standards involve an added level of complexity.

With an increasing number of generation and transmission projects being proposed and built, it’s important to understand the implications of being a NERC-registered entity and the complicated and, often, costly compliance process.  A host of important factors can significantly impact operations. One of the key tenets supporting compliance, or which can mitigate a penalty, is having a robust compliance program.  To demonstrate a culture of compliance, a registered entity must show an enterprise-wide commitment to the process. 

This course is an overview of NERC standards, compliance, and monitoring and will provide the necessary background for staff with compliance responsibilities to understand the concepts and complexities of NERC compliance to build a culture of compliance and reliability and prepare for audits. The course will help registered entities understand the background for the NERC standards, proven methods of compliance and how to best organize evidence to demonstrate compliance during an audit.

Learning Outcomes

  • Define the role of FERC, NERC and Regional Entities
  • Review the background for the NERC standards and discuss major recent revisions
  • Explain how regional entities calculate violations
  • Discuss how to comply with the most difficult standards
  • Define a culture of compliance and its importance in the compliance monitoring and enforcement process
  • Examine strategies to build an internal compliance program
  • Examine the NERC CIP requirements
  • Analyze the audit process and demonstrate strategies for success before, during, and after an audit
  • Review emerging trends in NERC compliance including:
    • Standards on Physical Security and Supply Chain Management
    • Geomagnetic Disturbances
    • Distributed Energy Resources


SEPTEMBER 26, 2023

9:00 a.m. – 4:00 p.m. Central Time

Overview of NERC Reliability Standards and Requirements 

  • NERC as the ERO  
  • Important definitions used in Reliability Standards  
  • Overview of entity registration 
  • Standards background and drafting process 
  • Results-based standards  

NERC Compliance and Enforcement  

  • Lessons learned 
  • Technical rationale vs.  implementation guides 
  • Standards efficiency review 

Risk-based NERC Compliance Highlights  

  • Inherent risk assessment 
  • Internal controls evaluation 
  • Find, fix, track, and report 
  • Sanction guidelines 

NERC Compliance in practice 

  • Defining a culture of compliance and building, communicating, and demonstrating a culture of compliance 
  • Role of a culture of compliance in mitigation 
  • Preparing for an audit: what to do before, during, and after an on-site compliance audit 
  • Settlement process 
  • Managing documents and evidence 
  • Demonstrating a culture of compliance 


NERC Critical Infrastructure Protection (CIP)

September 27-28, 2023| Online :: Central Time

NERC has developed a set of mandatory and enforceable Critical Infrastructure Protection (CIP) standards to address these risks. These standards have evolved since their initial adoption and now cover all Bulk Electric System Assets and their related Cyber Assets, categorized by risk levels. This means that all registered entities and their assets are included in the program. 

In this course, you’ll gain a deep understanding of the NERC CIP standards, including their history, current state, and future developments. Each standard will be thoroughly explored, highlighting its purpose and requirements. 

Additionally, you’ll learn about NERC’s compliance and monitoring efforts for the CIP standards. This course aims to equip all staff members with the necessary knowledge to understand the complexities of NERC compliance, foster a culture of compliance and reliability, and prepare for upcoming CIP audits. Don’t miss this opportunity to enhance your understanding of NERC CIP and strengthen your organization’s security and compliance measures. 

Special discounted rates available for groups of five or more so register your whole team today! 

Learning Outcomes

  • Review the background for the NERC Critical Infrastructure Standards and discuss major recent revisions
  • Review the scope and purpose of the NERC Critical Infrastructure Protection (CIP) standards
  • Examine the NERC CIP requirements: Current version and upcoming revisions
  • Assess the confidentiality provisions of the CIP standards
  • Explain how violations are determined and identify which CIP standards are the most violated and why
  • Discuss the challenges faced by utilities in defining a compliance program across the corporate functions necessary for CIP compliance (operations, information technology, corporate security, human resources, etc.)
  • Define a culture of compliance and its importance in the compliance monitoring and enforcement process
  • Examine strategies to build an internal CIP compliance program in such a diverse environment
  • Analyze the audit process for CIP standards and demonstrate strategies for success before, during, and after an audit



1:00 – 4:00 p.m. Central Time

Short breaks will be taken throughout the sessions (15 minutes total)

History and Background of NERC CIP

  • Reliability standards

NERC CIP Version 5/7 – New Definitions

  • Review of the intent and purpose of each standard
  • Understanding each of the requirements
  • Departments involved in meeting the intent

NERC CIP Physical and Cyber Security – Part 1

  • Bulk electric system (BES) cyber system categorization
  • Security management controls
  • Personnel & training
  • Electronic security perimeters
  • How to build, communicate and demonstrate a “culture of compliance.”  
    • Culture of compliance in mitigation 


9:00 a.m. – 4:00 p.m. Central Time

Short breaks will be taken throughout the sessions (30 minutes total throughout the day)  

NERC CIP Physical and Cyber Security – Part 2

  • Audit process and preparation 
    • Preparing for an audit: what to do before, during, and after an on-site compliance audit: successful strategies and avoiding common pitfalls 
    • Discuss the settlement process after a violation has been found 
    • Recognize how NERC compliance fits with other enterprise compliance needs and risk management 
    • Managing documentation and evidence 
    • Demonstrating a culture of compliance with auditors 
  • System security management 
  • Physical security plan 
  • Incident reporting and response planning 
  • Recovery plans for BES cyber systems 
  • Organizing for compliance  
  • Configuration change management and vulnerability assessments 
  • Information Protection 
  • Managing documentation and evidence 

NERC CIP Tools and Resources

  • “Tools” and NERC CIP compliance
  • Active vulnerability assessment tools
  • Danger: Active scanning of ICS environments is risky business!
  • Emerging issues and new standards