Transcription
CIP Evidence Request Tool v2.0Michael Taube, CIP Compliance EngineerNovember 14, 2018
HistoryUpdatesAgendaEvidence Request and SamplingAgendausing the ToolMRO Evidence Request ToolPlansQuestions2
HistoryEvidence Request Tool (ERT) released December 2015Varied adoption across regionsFERC used the ERT during CIP auditsERO initiated an update in late 2017MRO moving to exclusively use ERT soon No longer default to MRO CIP RFI Details to follow3
ERT Update ObjectivesAnalyze RegionalApproachesIncorporate Feedback NERCFERCRegistered ical FeasibilityExceptions (TFE)4
User GuideSummarized for thispresentation, reviewGuide for details5
ERT Instructions Tab UpdateEliminated Level 3 Request and Evidence, Consolidated into Level 2Evidence Request Flow6
User GuidanceLevel 1 – initial evidenceneeded to begin the evidencesubmission process: Programs, processes,and procedures Populations for sampleselection which feed intoLevel 27
Level 1EvidenceRequests consolidated reducing redundancy8
Level 1Evidence Request: Process9
Level 1Sampling Populations Readability ImprovedBright Green Rows Indicate Tabs to be Completed10
Level 1Evidence Request: Population for Sample Selection11
Sampling PopulationsBES AssetsCALow CA(optional)ESPEAPPSPTCATCA Non-RERMBCSIPersonnelReuse DisposalCSISeveral tabs have been revised to consolidate and further supportevidence gathering workflows (i.e., requests, sampling, populations)12
User GuidanceDetailedinstructions foreach tab andeach column inUser Guide13
Sample Sets Example14
User GuidanceLevel 2 – detailedinformation aboutindividual items selectedby the audit teamSampling performed inalignment withCompliance Monitoringand EnforcementManual15
Sampling and Level 2 Example16
Sampling Dates17
EvidenceProvide in native formatUse of the tabs is not required, requestedinformation may be provided in other formatsconducive to samplingDo not submit CIP-014-2 evidence, it will be reviewedon-site R1 – R3 may be reviewed remotely during off-site testingvia registered entity hosted platform18
EvidenceRSAWs request similar information in some cases(e.g., processes, plans), no need to provide sameevidence for a given Standard and RequirementtwiceUser Guide Tip: It can be helpful to submitsupporting documents with brief explanations ofevidence files (i.e., README files or narratives)19
EvidenceUser Guide Tip: Referenced Documents within aProcess or Procedure: Referenced documents may need to be included to conveycomplete compliance picture Example: CIP-008-5 incident response plan references document containingspecific steps for system within CIP scope, referenced documentshould be included in the evidence submitted20
Available on NERC WebsiteNERC.com Initiatives CIP V5 Transition ProgramLocation “Key Resources” section on right,“CIP Version 5 Evidence Request and UserGuide Version e%20Request%20Tool%20Version%202.0.zip CIP Version 5 Evidence Request v2.0 (tool) CIP Version 5 (Revised) Evidence RequestUser Guide v2.0Tool and Guide contained in zip file21
FutureMRO CIP RFI retirementRegional variance to make an MRO custom versionis planned that will incorporate feedback provided by MRO registered entities MRO Performance Risk Oversight Subcommittee (PROS) ERO staffPreparation for alignment with upcoming CMEP tool22
FutureFeedback incorporation effort commencement 2018 Q4MRO transition to custom CIP ERT being sent withAudit Notification Packets 2019 Q(TBD) Additional information to be provided via future webinarand other means when plans are in place23
FutureAdditional feedback is welcome and can be sent toJess Syring: jess.syring@mro.netFeedback applicability will be considered for bothMRO variance version as well as ERO Enterprise(NERC website hosted) versionCustomizations planned Status and Due Date fields per Request ID MRO audit process alignment24
25
Nov 14, 2018 · CIP Version 5 Evidence Request v2.0 (tool) CIP Version 5 (Revised) Evidence Request User Guide v2.0 Tool and Guide contained in zip file. 21. Future. MRO CIP RFI retirement Regional variance to make an MRO custom version