Today’s LiveWire Spotlight evaluates two new reference documents addressing the actions expected of Compliance Enforcement Authority (CEA) staff to avoid uneven assessments of violations/penalties. The first precisely describes the monthly and annual intervals that auditors must use when assessing evidence of entity compliance to a recurring NERC requirement. The second outlines the data access controls that CEA staff should expect to see while evaluating a Responsible Entity’s cyber security procedures.
As of last month, both CMEP Practice Guides “took effect” across the U.S. and Canada. Clients should expect CEA staff to apply the guidance during an audit to verify activity intervals and to determine if BSCI access and data protective measures are sound.