RSCompleteSet PDF

3353 Peachtree Road NE
Suite 600, North Tower

Atlanta, GA 30326
404-446-2560 | www.nerc.com
Reliability Standards
for the Bulk Electric
Systems of North
America
Updated J uly 9, 2013
Standard BAL-001-0.1a Real Power Balancing Control Performance
Page 1 of 7

A. Introduction
1. Title: Real Power Balancing Control Performance
2. Number: BAL-001-0.1a
3. Purpose: To maintain Interconnection steady-state frequency within defined limits by
balancing real power demand and supply in real-time.
4. Applicability:
4.1. Balancing Authorities
5. Effective Date: May 13, 2009
B. Requirements
R1. Each Balancing Authority shall operate such that, on a rolling 12-month basis, the average of
the clock-minute averages of the Balancing Authoritys Area Control Error (ACE) divided by
10B (B is the clock-minute average of the Balancing Authority Areas Frequency Bias) times
the corresponding clock-minute averages of the Interconnections Frequency Error is less than
a specific limit. This limit
1
2
is a constant derived from a targeted frequency bound
(separately calculated for each Interconnection) that is reviewed and set as necessary by the
NERC Operating Committee.
The equation for ACE is:
ACE =(NI
A
NI
S
) 10B (F
A
F
S
) I
ME

where:
NI
A
is the algebraic sum of actual flows on all tie lines.
NI
S
is the algebraic sum of scheduled flows on all tie lines.
B is the Frequency Bias Setting (MW/0.1 Hz) for the Balancing Authority. The
constant factor 10 converts the frequency setting to MW/Hz.
F
A
is the actual frequency.
F
S
is the scheduled frequency. F
S
is normally 60 Hz but may be offset to effect
manual time error corrections.
I
ME
is the meter error correction factor typically estimated from the difference between
the integrated hourly average of the net tie line flows (NI
A
) and the hourly net
interchange demand measurement (megawatt-hour). This term should normally be
very small or zero.
R2. Each Balancing Authority shall operate such that its average ACE for at least 90% of clock-
ten-minute periods (6 non-overlapping periods per hour) during a calendar month is within a
specific limit, referred to as L
10
.

10 minute 10
) ( L ACE AVG
i

1
*
10
*
10
2
1
1
1 2
1 1
1
(
(
|
|
.
|
\
|
(
(
|
|
.
|
\
|
F
B
ACE
AVG
or F
B
ACE
AVG
i
i
Period
i
i
Period
Page 2 of 7

where:
L
10
= ) 10 )( 10 ( 65 . 1 10 s i B B
10
is a constant derived from the targeted frequency bound. It is the targeted root-mean-square
(RMS) value of ten-minute average Frequency Error based on frequency performance over a
given year. The bound,
10
, is the same for every Balancing Authority Area within an
Interconnection, and B
s
is the sum of the Frequency Bias Settings of the Balancing Authority
Areas in the respective Interconnection. For Balancing Authority Areas with variable bias, this
is equal to the sum of the minimum Frequency Bias Settings.
R3. Each Balancing Authority providing Overlap Regulation Service shall evaluate Requirement
R1 (i.e., Control Performance Standard 1 or CPS1) and Requirement R2 (i.e., Control
Performance Standard 2 or CPS2) using the characteristics of the combined ACE and
combined Frequency Bias Settings.
R4. Any Balancing Authority receiving Overlap Regulation Service shall not have its control
performance evaluated (i.e. from a control performance perspective, the Balancing Authority
has shifted all control requirements to the Balancing Authority providing Overlap Regulation
Service).
C. Measures
M1. Each Balancing Authority shall achieve, as a minimum, Requirement 1 (CPS1) compliance of
100%.
CPS1 is calculated by converting a compliance ratio to a compliance percentage as follows:
CPS1 =(2 - CF) * 100%
The frequency-related compliance factor, CF, is a ratio of all one-minute compliance
parameters accumulated over 12 months divided by the target frequency bound:
2
1
) (
month 12
=

CF
CF

where:
1
is defined in Requirement R1.

The rating index CF
12-month
is derived from 12 months of data. The basic unit of data comes
from one-minute averages of ACE, Frequency Error and Frequency Bias Settings.
A clock-minute average is the average of the reporting Balancing Authoritys valid measured
variable (i.e., for ACE and for Frequency Error) for each sampling cycle during a given clock-
minute.
10B - 10
minute - clock in cycles sampling
minute - clock
|
|
.
|
\
|
= |
.
|
\
|
n
ACE
B
ACE

minute - clock
n
F
F

=

The Balancing Authoritys clock-minutecompliance factor (CF) becomes:

Page 3 of 7

(
|
.
|
\
|
=
minute - clock
minute - clock
minute - clock
*
10
F
B
ACE
CF

Normally, sixty (60) clock-minute averages of the reporting Balancing Authoritys ACE and of
the respective Interconnections Frequency Error will be used to compute the respective hourly
average compliance parameter.
hour in samples minute - clock
minute - clock
hour - clock
n
CF
CF

=

The reporting Balancing Authority shall be able to recalculate and store each of the respective
clock-hour averages (CF clock-hour average-month) as well as the respective number of
samples for each of the twenty-four (24) hours (one for each clock-hour, i.e., hour-ending (HE)
0100, HE 0200, ..., HE 2400).
=
month in - days
hour - clock in samples minute - one
month - in - days
hour - clock in samples minute - one hour - clock
month - average hour - clock
] [
)] )( [(CF
CF
n
n

=
day in - hours
averages hour - clock in samples minute - one
day - in - hours
averages hour - clock in samples minute - one month - average hour - clock
month
] [
)] )( [(CF
CF
n
n

The 12-month compliance factor becomes:
( )
=
=

=
12
1 i
i - month) in samples minute - one (
12
1 i
i month in samples minute - one i - month
month - 12
] [
)] )( (
CF
n
n CF

In order to ensure that the average ACE and Frequency Deviation calculated for any one-
minute interval is representative of that one-minute interval, it is necessary that at least 50% of
both ACE and Frequency Deviation samples during that one-minute interval be present.
Should a sustained interruption in the recording of ACE or Frequency Deviation due to loss of
telemetering or computer unavailability result in a one-minute interval not containing at least
50% of samples of both ACE and Frequency Deviation, that one-minute interval shall be
excluded from the calculation of CPS1.
M2. Each Balancing Authority shall achieve, as a minimum, Requirement R2 (CPS2) compliance of
90%. CPS2 relates to a bound on the ten-minute average of ACE. A compliance percentage is
calculated as follows:
( )
100 *
Periods e Unavailabl Periods Total
Violations
1 2
month month
month
(
= CPS

The violations per month are a count of the number of periods that ACE clock-ten-minutes
exceeded L
10
. ACE clock-ten-minutes is the sum of valid ACE samples within a clock-ten-
minute period divided by the number of valid samples.
Page 4 of 7

Violation clock-ten-minutes
=0 if
10
minutes - 10 in samples
L
n
ACE

=1 if
10
L
n
ACE
>

Each Balancing Authority shall report the total number of violations and unavailable periods
for the month. L
10
Since CPS2 requires that ACE be averaged over a discrete time period, the same factors that
limit total periods per month will limit violations per month. The calculation of total periods
per month and violations per month, therefore, must be discussed jointly.
A condition may arise which may impact the normal calculation of total periods per month and
violations per month. This condition is a sustained interruption in the recording of ACE.
In order to ensure that the average ACE calculated for any ten-minute interval is representative
of that ten-minute interval, it is necessary that at least half the ACE data samples are present
for that interval. Should half or more of the ACE data be unavailable due to loss of
telemetering or computer unavailability, that ten-minute interval shall be omitted from the
calculation of CPS2.
D. Compliance
1. Compliance Monitoring Process
1.1. Compliance Monitoring Responsibility
Regional Reliability Organization.
1.2. Compliance Monitoring Period and Reset Timeframe
One calendar month.
1.3. Data Retention
The data that supports the calculation of CPS1 and CPS2 (Appendix 1-BAL-001-0) are to
be retained in electronic form for at least a one-year period. If the CPS1 and CPS2 data
for a Balancing Authority Area are undergoing a review to address a question that has
been raised regarding the data, the data are to be saved beyond the normal retention
period until the question is formally resolved. Each Balancing Authority shall retain for a
rolling 12-month period the values of: one-minute average ACE (ACE
i
), one-minute
average Frequency Error, and, if using variable bias, one-minute average Frequency Bias.
1.4. Additional Compliance Information
None.
2. Levels of Non-Compliance CPS1
2.1. Level 1: The Balancing Authority Areas value of CPS1 is less than 100% but
greater than or equal to 95%.
Page 5 of 7

2.4. Level 4: The Balancing Authority Areas value of CPS1 is less than 85%.
E. Regional Differences
1. The ERCOT Control Performance Standard 2 Waiver approved November 21, 2002.
F. Associated Documents
1. Appendix 2 Interpretation of Requirement R1 (October 23, 2007).
Version History
Version Date Action Change Tracking
0 February 8, 2005 BOT Approval New
0 April 1, 2005 Effective Implementation Date New
0 August 8, 2005 Removed Proposed from Effective Date Errata
0 J uly 24, 2007 Corrected R3 to reference M1 and M2
instead of R1 and R2
Errata
0a December 19, 2007 Added Appendix 2 Interpretation of R1
approved by BOT on October 23, 2007
Revised
0a J anuary 16, 2008 In Section A.2., Added a to end of standard
number
In Section F, corrected automatic numbering
from 2 to 1 and removed approved and
added parenthesis to (October 23, 2007)
Errata
0 J anuary 23, 2008 Reversed errata change from J uly 24, 2007 Errata
0.1a October 29, 2008 Board approved errata changes; updated
version number to 0.1a
Errata
0.1a May 13, 2009 Approved by FERC

Page 6 of 7

Appendix 1-BAL-001-0
CPS1 and CPS2 Data

CPS1 DATA Description Retention Requirements
1
A constant derived from the targeted frequency
bound. This number is the same for each
Balancing Authority Area in the
Interconnection.
Retain the value of
1
used in CPS1 calculation.
ACE
i
The clock-minute average of ACE. Retain the 1-minute average values of ACE
(525,600 values).
B
i
The Frequency Bias of the Balancing Authority
Area.
Retain the value(s) of B
i
used in the CPS1
calculation.
F
A
The actual measured frequency. Retain the 1-minute average frequency values
(525,600 values).
F
S
Scheduled frequency for the Interconnection. Retain the 1-minute average frequency values
(525,600 values).

V Number of incidents per hour in which the
absolute value of ACE clock-ten-minutes is
greater than L
10
.
Retain the values of V used in CPS2
calculation.
10
A constant derived from the frequency bound.
It is the same for each Balancing Authority
Area within an Interconnection.
Retain the value of
10
used in CPS2
calculation.
B
i
Area.
Retain the value of B
i
used in the CPS2
calculation.
B
s
The sum of Frequency Bias of the Balancing
Authority Areas in the respective
Interconnection. For systems with variable
bias, this is equal to the sum of the minimum
Frequency Bias Setting.
s
used in the CPS2
calculation. Retain the 1-minute minimum bias
value (525,600 values).
U Number of unavailable ten-minute periods per
hour used in calculating CPS2.
Retain the number of 10-minute unavailable
periods used in calculating CPS2 for the
reporting period.

Page 7 of 7

Appendix 2
Interpretation of Requirement 1
Request: Does the WECC Automatic Time Error Control Procedure (WATEC) violate
Requirement 1 of BAL-001-0?
Interpretation:
Requirement 1 of BAL-001 Real Power Balancing Control Performance, is the
definition of the area control error (ACE) equation and the limits established for Control
Performance Standard 1 (CPS1).

The WATEC procedural documents ask Balancing Authorities to maintain raw ACE for CPS
reporting and to control via WATEC-adjusted ACE.
As long as Balancing Authorities use raw (unadjusted for WATEC) ACE for CPS reporting
purposes, the use of WATEC for control is not in violation of BAL-001 Requirement 1.

BAL-001-0
the clock-minute averages of the Balancing Authoritys Area Control Error (ACE) divided by 10B
(B is the clock-minute average of the Balancing Authority Areas Frequency Bias) times the
corresponding clock-minute averages of the Interconnections Frequency Error is less than a
specific limit. This limit 12 is a constant derived from a targeted frequency bound (separately
calculated for each Interconnection) that is reviewed and set as necessary by the NERC
Operating Committee.
Standard BAL-001-1 Real Power Balancing Control Performance
Page 1 of 12

A. Introduction
1. Title: Real Power Balancing Control Performance
2. Number: BAL-001-1
3. Purpose: To maintain Interconnection steady-state frequency within defined limits by
balancing real power demand and supply in real-time.
4. Applicability:
5. Effective Date: The WECC Regional Variance to NERC Reliability Standard BAL-001-
1 is to be effective on the first day of the second quarter, after regulatory approval.
B. Requirements
the clock-minute averages of the Balancing Authoritys Area Control Error (ACE) divided by
10B (B is the clock-minute average of the Balancing Authority Areas Frequency Bias) times
the corresponding clock-minute averages of the Interconnections Frequency Error is less than
a specific limit. This limit c
1
2
is a constant derived from a targeted frequency bound
(separately calculated for each Interconnection) that is reviewed and set as necessary by the
NERC Operating Committee.
The equation for ACE is:
ACE = (NI
A
NI
S
) 10B (F
A
F
S
) I
ME

where:
- NI
A
- NI
S
- B is the Frequency Bias Setting (MW/0.1 Hz) for the Balancing Authority. The
- F
A
- F
S
S
- I
ME
is the meter error correction factor typically estimated from the difference between
the integrated hourly average of the net tie line flows (NI
A
) and the hourly net
interchange demand measurement (megawatt-hour). This term should normally be
very small or zero.
R2. Each Balancing Authority shall operate such that its average ACE for at least 90% of clock-
ten-minute periods (6 non-overlapping periods per hour) during a calendar month is within a
specific limit, referred to as L
10
.

10 minute 10
) ( L ACE AVG
i
s

1
*
10
*
10
2
1
1
1 2
1 1
1
s
e
(
(
A
|
|
.
|
\
|
se
(
(
A
|
|
.
|
\
|
F
B
ACE
AVG
or F
B
ACE
AVG
i
i
Period
i
i
Period
Page 2 of 12

where:
L
10
= ) 10 )( 10 ( 65 . 1 10 s i B B e
c
10
is a constant derived from the targeted frequency bound. It is the targeted root-mean-square
(RMS) value of ten-minute average Frequency Error based on frequency performance over a
given year. The bound, c
10
, is the same for every Balancing Authority Area within an
Interconnection, and B
s
is the sum of the Frequency Bias Settings of the Balancing Authority
Areas in the respective Interconnection. For Balancing Authority Areas with variable bias, this
is equal to the sum of the minimum Frequency Bias Settings.
R3. Each Balancing Authority providing Overlap Regulation Service shall evaluate Requirement
R1 (i.e., Control Performance Standard 1 or CPS1) and Requirement R2 (i.e., Control
Performance Standard 2 or CPS2) using the characteristics of the combined ACE and
combined Frequency Bias Settings.
R4. Any Balancing Authority receiving Overlap Regulation Service shall not have its control
performance evaluated (i.e. from a control performance perspective, the Balancing Authority
has shifted all control requirements to the Balancing Authority providing Overlap Regulation
Service).
C. Measures
M1. Each Balancing Authority shall achieve, as a minimum, Requirement 1 (CPS1) compliance of
100%.
CPS1 is calculated by converting a compliance ratio to a compliance percentage as follows:
CPS1 = (2 - CF) * 100%
2
1
) (
month 12
e
=

CF
CF

where: c
1

The rating index CF
12-month
is derived from 12 months of data. The basic unit of data comes
from one-minute averages of ACE, Frequency Error and Frequency Bias Settings.
A clock-minute average is the average of the reporting Balancing Authoritys valid measured
variable (i.e., for ACE and for Frequency Error) for each sampling cycle during a given clock-
minute.
10B - 10
minute - clock
|
|
.
|
\
|
=
|
.
|
\
|
n
ACE
B
ACE

minute - clock
n
F
F

A
= A

The Balancing Authoritys clock-minute compliance factor (CF) becomes:

Page 3 of 12

(
A
|
.
|
\
|
=
minute - clock
minute - clock
minute - clock
*
10
F
B
ACE
CF

Normally, sixty (60) clock-minute averages of the reporting Balancing Authoritys ACE and of
the respective Interconnections Frequency Error will be used to compute the respective hourly
average compliance parameter.
minute - clock
hour - clock
n
CF
CF

=

The reporting Balancing Authority shall be able to recalculate and store each of the respective
clock-hour averages (CF clock-hour average-month) as well as the respective number of
samples for each of the twenty-four (24) hours (one for each clock-hour, i.e., hour-ending (HE)
0100, HE 0200, ..., HE 2400).
=
month in - days
month - in - days
] [
)] )( [(CF
CF
n
n

=
day in - hours
day - in - hours
month
] [
)] )( [(CF
CF
n
n

( )
=
=

=
12
1 i
12
1 i
month - 12
] [
)] )( (
CF
n
n CF

minute interval is representative of that one-minute interval, it is necessary that at least 50% of
both ACE and Frequency Deviation samples during that one-minute interval be present.
Should a sustained interruption in the recording of ACE or Frequency Deviation due to loss of
telemetering or computer unavailability result in a one-minute interval not containing at least
50% of samples of both ACE and Frequency Deviation, that one-minute interval shall be
excluded from the calculation of CPS1.
M2. Each Balancing Authority shall achieve, as a minimum, Requirement R2 (CPS2) compliance of
90%. CPS2 relates to a bound on the ten-minute average of ACE. A compliance percentage is
calculated as follows:
( )
100 *
Periods e Unavailabl Periods Total
Violations
1 2
month month
month
(
= CPS

The violations per month are a count of the number of periods that ACE clock-ten-minutes
exceeded L
10
. ACE clock-ten-minutes is the sum of valid ACE samples within a clock-ten-
minute period divided by the number of valid samples.
Page 4 of 12

Violation clock-ten-minutes
= 0 if
10
L
n
ACE
s

= 1 if
10
L
n
ACE
>

Each Balancing Authority shall report the total number of violations and unavailable periods
for the month. L
10
Since CPS2 requires that ACE be averaged over a discrete time period, the same factors that
limit total periods per month will limit violations per month. The calculation of total periods
per month and violations per month, therefore, must be discussed jointly.
A condition may arise which may impact the normal calculation of total periods per month and
violations per month. This condition is a sustained interruption in the recording of ACE.
In order to ensure that the average ACE calculated for any ten-minute interval is representative
of that ten-minute interval, it is necessary that at least half the ACE data samples are present
for that interval. Should half or more of the ACE data be unavailable due to loss of
telemetering or computer unavailability, that ten-minute interval shall be omitted from the
calculation of CPS2.
D. Compliance
One calendar month.
1.3. Data Retention
The data that supports the calculation of CPS1 and CPS2 (Appendix 1-BAL-001-0) are to
be retained in electronic form for at least a one-year period. If the CPS1 and CPS2 data
for a Balancing Authority Area are undergoing a review to address a question that has
been raised regarding the data, the data are to be saved beyond the normal retention
period until the question is formally resolved. Each Balancing Authority shall retain for a
rolling 12-month period the values of: one-minute average ACE (ACE
i
), one-minute
average Frequency Error, and, if using variable bias, one-minute average Frequency Bias.
None.
Page 5 of 12

E.A. The ERCOT Control Performance Standard 2 Waiver approved November 21, 2002.
E.B. Regional Variance for the Western Electricity Coordinating Council
The following Interconnection-wide variance shall be applicable in the Western
Interconnection and replaces, in their entirety, Requirement R1 and Section D.2. (i.e.,
under Compliance replace Levels of Non-Compliance CPS1). Please note that the ACE
equation is replaced in its entirety with the following equation identified in Requirement
E.B.1.
Requirements and Measures
E.B.1. Each Balancing Authority shall operate such that, on a rolling 12-month basis, the
average of the clock-minute averages of the Balancing Authoritys Area Control Error
(ACE) divided by 10B (B is the clock-minute average of the Balancing Authority Areas
Frequency Bias) times the corresponding clock-minute averages of the Interconnections
Frequency Error is less than a specific limit. This limit c
1
2
is a constant derived from a
targeted frequency bound (separately calculated for each Interconnection) that is
reviewed and set as necessary by the NERC Operating Committee.

The equation for ACE in the Western Interconnection is:

( ) ( ) ATEC
ME S A S A
I I F F B NI NI ACE + = 10

where:
- NI
A
- NI
S
1
*
10
*
10
2
1
1
1 2
1 1
1
s
e
(
(
A
|
|
.
|
\
|
se
(
(
A
|
|
.
|
\
|
F
B
ACE
AVG
or F
B
ACE
AVG
i
i
Period
i
i
Period
Page 6 of 12

- B is the Frequency Bias Setting (MW/0.1 Hz) for the Balancing Authority. The
- F
A
- F
S
S
- I
ME
is the meter error correction factor typically estimated from the difference
between the integrated hourly average of the net tie line flows (NI
A
) and the hourly
net interchange demand measurement (megawatt-hour). This term should normally
be very small or zero.
( ) H Y
IATEC
* 1
PII
peak on/off
accum
= when operating in Automatic Time Error Correction control mode.

I
ATEC
shall be zero when operating in any other AGC mode.
- Y = B / B
S
.
- H = Number of Hours used to payback Primary Inadvertent Interchange energy. The
value of H is set to 3.
- B
S
= Frequency Bias for the Interconnection (MW / 0.1 Hz).
- Primary Inadvertent Interchange (PII
hourly
) is (1-Y) * (II
actual
- B * TE/6)
- II
actual
is the hourly Inadvertent Interchange for the last hour.
- TE is the hourly change in system Time Error as distributed by the Interconnection
Time Monitor. Where:
TE = TE
end hour
TE
begin hour
TD
adj
(t)*(TE
offset
)
- TD
adj
is the Reliability Coordinator adjustment for differences with Interconnection
Time Monitor control center clocks.
- t is the number of minutes of Manual Time Error Correction that occurred during the
hour.
- TE
offset
is 0.000 or +0.020 or -0.020.
- PII
accum
is the Balancing Authoritys accumulated PII
hourly
in MWh. An On-Peak and
Off-Peak accumulation accounting is required.
Where:
PII
peak on/off
accum
= last periods
PII
peak on/off
accum
+ PII
hourly

[Violation Risk Factor: Medium] [Time Horizon: Real-time Operations]
M.E.B.1. Each Balancing Authority shall achieve, as a minimum, Requirement E.B.1 (CPS1)
compliance of 100%.
CPS1 is calculated by converting a compliance ratio to a compliance percentage as
follows:
CPS1 = (2 - CF) * 100%
Page 7 of 12

2
1
) (
month 12
e
=

CF
CF

where: c
1
is defined in Requirement E.B.1.

The rating index CF
12-month
is derived from 12 months of data. The basic unit of data
comes from one-minute averages of ACE, Frequency Error and Frequency Bias Settings.
A clock-minute average is the average of the reporting Balancing Authoritys valid
measured variable (i.e., for ACE and for Frequency Error) for each sampling cycle during
a given clock-minute.
10B - 10
minute - clock
|
|
.
|
\
|
=
|
.
|
\
|
n
ACE
B
ACE

minute - clock
n
F
F

A
= A

The Balancing Authoritys clock-minute compliance factor (CF) becomes:

(
A
|
.
|
\
|
=
minute - clock
minute - clock
minute - clock
*
10
F
B
ACE
CF

Normally, sixty (60) clock-minute averages of the reporting Balancing Authoritys ACE
and of the respective Interconnections Frequency Error will be used to compute the
respective hourly average compliance parameter.
minute - clock
hour - clock
n
CF
CF

=

The reporting Balancing Authority shall be able to recalculate and store each of the
respective clock-hour averages (CF clock-hour average-month) as well as the respective
number of samples for each of the twenty-four (24) hours (one for each clock-hour, i.e.,
hour-ending (HE) 0100, HE 0200, ..., HE 2400).
=
month in - days
month - in - days
] [
)] )( [(CF
CF
n
n

=
day in - hours
day - in - hours
month
] [
)] )( [(CF
CF
n
n

Page 8 of 12

( )
=
=

=
12
1 i
12
1 i
month - 12
] [
)] )( (
CF
n
n CF

minute interval is representative of that one-minute interval, it is necessary that at least
50% of both ACE and Frequency Deviation samples during that one-minute interval be
present. Should a sustained interruption in the recording of ACE or Frequency Deviation
due to loss of telemetering or computer unavailability result in a one-minute interval not
containing at least 50% of samples of both ACE and Frequency Deviation, that one-
minute interval shall be excluded from the calculation of CPS1.
E.B.2. Each Balancing Authority shall limit the absolute value of I
ATEC
, the Automatic Time
Error Correction term as follows: [Violation Risk Factor: Medium] [Time Horizon: Real-
time Operations]
I
ATEC
L
max
.
M.E.B.2. Forms of acceptable evidence for Requirement E.B.2 may include, but are not limited to:
- Dated Energy Management System (EMS) displays,
- WECC Interchange Tool, EMS application code, or
- Other archived data that demonstrates compliance.
E.B.3. Each Balancing Authority shall set L
max
within the limits as follows:
0.20 * |B| L
max
L
10
.
[Violation Risk Factor: Medium] [Time Horizon: Operations Planning]
M.E.B.3. Forms of acceptable evidence for Requirement E.B.3 may include, but is not limited to:
- Dated Energy Management System (EMS) displays,
- WECC Interchange Tool, EMS application code, or
- Other archived data that demonstrates compliance.
E.B Compliance
1. Evidence Retention
The following evidence retention periods identify the period of time an entity is required
to retain specific evidence to demonstrate compliance. For instances where the evidence
retention period specified below is shorter than the time since the last audit, the
Compliance Enforcement Authority may ask an entity to provide other evidence to show
that it was compliant for the full time period since the last audit.
Each Balancing Authority in the Western Interconnection shall retain the values of I
ATEC

and L
max
for the preceding calendar year (January December), as well as the current
calendar year.
Page 9 of 12

Table of Compliance Elements
E # Time Horizon VRF Violation Severity Levels
Lower VSL Moderate VSL High VSL Severe VSL
E.B.1 Real-time
Operations
Medium The Balancing Authority
Areas value of CPS1
was less than 100% but
greater than or equal to
95%.
The Balancing Authority
Areas value of CPS1
90%.
Areas value of CPS1
85%.
Areas value of CPS1
was less than 85%.
E.B.2
Real-time
Operations
Medium N/A N/A N/A The Balancing Authority
Areas absolute value for
I
ATEC
was greater than
L
max
.
E.B.3 Operations
Planning
Medium N/A N/A N/A The Balancing Authority
did not set L
max
to within
the limits in E.B.3 (i.e.,
0.20 * |B| s L
max
s L
10
).

Page 10 of 12


Version History
0 February 8, 2005 BOT Approval New
0 April 1, 2005 Effective Implementation Date New
0 July 24, 2007 Corrected R3 to reference M1 and M2
instead of R1 and R2
Errata
Revised
0a January 16, 2008 In Section A.2., Added a to end of standard
number
In Section F, corrected automatic numbering
from 2 to 1 and removed approved and
added parenthesis to (October 23, 2007)
Errata
0 January 23, 2008 Reversed errata change from July 24, 2007 Errata
0.1a October 29, 2008 Board approved errata changes; updated
version number to 0.1a
Errata
0.1a May 13, 2009 Approved by FERC
1 December 19, 2012 Adopted by NERC Board of Trustees

Page 11 of 12

Appendix 1-BAL-001-1
CPS1 and CPS2 Data

c
1
A constant derived from the targeted frequency
bound. This number is the same for each
Balancing Authority Area in the
Interconnection.
Retain the value of c
1
used in CPS1 calculation.
ACE
i
The clock-minute average of ACE. Retain the 1-minute average values of ACE
(525,600 values).
B
i
Area.
Retain the value(s) of B
i
used in the CPS1
calculation.
F
A
The actual measured frequency. Retain the 1-minute average frequency values
(525,600 values).
F
S
Scheduled frequency for the Interconnection. Retain the 1-minute average frequency values
(525,600 values).

V Number of incidents per hour in which the
absolute value of ACE clock-ten-minutes is
greater than L
10
.
Retain the values of V used in CPS2
calculation.
c
10
A constant derived from the frequency bound.
It is the same for each Balancing Authority
Area within an Interconnection.
Retain the value of c
10
used in CPS2
calculation.
B
i
Area.
i
used in the CPS2
calculation.
B
s
The sum of Frequency Bias of the Balancing
Authority Areas in the respective
Interconnection. For systems with variable
bias, this is equal to the sum of the minimum
s
used in the CPS2
calculation. Retain the 1-minute minimum bias
value (525,600 values).
U Number of unavailable ten-minute periods per
hour used in calculating CPS2.
Retain the number of 10-minute unavailable
periods used in calculating CPS2 for the
reporting period.

Page 12 of 12

Guidance and Rationale

Rationale for E.B.1
Premise: When a Balancing Authority Area uses the ACE equation with an ATEC correction
component for both control and assessing performance, it provides a more accurate
measurement of the Control Performance methodology while at the same time achieving the
same reliability objective as the existing BAL-001-0.1a standard.
Justification: Adding the I
ATEC
term to the ACE equation reduces the number of manual time
error corrections and PII
accum
.
Goal: To establish an ACE equation that permits the implementation of Automatic Time Error
Correction.

Rationale for E.B.2
Premise: I
ATEC
greater than

L
max
may result in a risk to reliability caused by large ATEC
payback.
Justification: Balancing Authorities should not control their Balancing Authority Areas using an
approach that puts system reliability at risk.
Goal: The goal of Requirement E.B.2 is to limit I
ATEC
to L
max
in order to reduce potential
reliability risks to the interconnection caused by a large ATEC payback term.

Rationale for E.B.3
Premise: Operating within an L
max
less than 0.20 * |B| may not provide sufficient correction for
PII and operating with an L
max
greater than L
10
may result in potential reliability risks caused by
a large ATEC payback term.
Justification: L
max
should be limited to prevent Balancing Authorities from creating potential
reliability risks caused by a large ATEC payback term.
Goal: The goal of Requirement E.B.3 is to develop a range for L
max
where Balancing Authorities
reduce potential reliability risks by limiting I
ATEC
to L
max
.

Standard BAL-002-1 Disturbance Control Performance
Adopted by Board of Trustees: August 5, 2010 1
A. Introduction
1. Title: Disturbance Control Performance
3. Purpose: The purpose of the Disturbance Control Standard (DCS) is to ensure the
Balancing Authority is able to utilize its Contingency Reserve to balance resources and
demand and return Interconnection frequency within defined limits following a Reportable
Disturbance. Because generator failures are far more common than significant losses of load
and because Contingency Reserve activation does not typically apply to the loss of load, the
application of DCS is limited to the loss of supply and does not apply to the loss of load.
4. Applicability:
4.2. Reserve Sharing Groups (Balancing Authorities may meet the requirements of
Standard 002 through participation in a Reserve Sharing Group.)
4.3. Regional Reliability Organizations
5. (Proposed) Effective Date: The first day of the first calendar quarter, one year after
applicable regulatory approval; or in those jurisdictions where no regulatory approval is
required, the first day of the first calendar quarter one year after Board of Trustees adoption.
B. Requirements
R1. Each Balancing Authority shall have access to and/or operate Contingency Reserve to respond
to Disturbances. Contingency Reserve may be supplied from generation, controllable load
resources, or coordinated adjustments to Interchange Schedules.
R1.1. A Balancing Authority may elect to fulfill its Contingency Reserve obligations by
participating as a member of a Reserve Sharing Group. In such cases, the Reserve
Sharing Group shall have the same responsibilities and obligations as each Balancing
Authority with respect to monitoring and meeting the requirements of Standard BAL-
002.
R2. Each Regional Reliability Organization, sub-Regional Reliability Organization or Reserve
Sharing Group shall specify its Contingency Reserve policies, including:
R2.1. The minimum reserve requirement for the group.
R2.2. Its allocation among members.
R2.3. The permissible mix of Operating Reserve Spinning and Operating Reserve
Supplemental that may be included in Contingency Reserve.
R2.4. The procedure for applying Contingency Reserve in practice.
R2.5. The limitations, if any, upon the amount of interruptible load that may be included.
R2.6. The same portion of resource capacity (e.g. reserves from jointly owned generation)
shall not be counted more than once as Contingency Reserve by multiple Balancing
Authorities.
R3. Each Balancing Authority or Reserve Sharing Group shall activate sufficient Contingency
Reserve to comply with the DCS.
R3.1. As a minimum, the Balancing Authority or Reserve Sharing Group shall carry at least
enough Contingency Reserve to cover the most severe single contingency. All
Balancing Authorities and Reserve Sharing Groups shall review, no less frequently
than annually, their probable contingencies to determine their prospective most severe
single contingencies.
R4. A Balancing Authority or Reserve Sharing Group shall meet the Disturbance Recovery
Criterion within the Disturbance Recovery Period for 100% of Reportable Disturbances. The
Disturbance Recovery Criterion is:
R4.1. A Balancing Authority shall return its ACE to zero if its ACE just prior to the
Reportable Disturbance was positive or equal to zero. For negative initial ACE values
just prior to the Disturbance, the Balancing Authority shall return ACE to its pre-
Disturbance value.
R4.2. The default Disturbance Recovery Period is 15 minutes after the start of a Reportable
Disturbance.
R5. Each Reserve Sharing Group shall comply with the DCS. A Reserve Sharing Group shall be
considered in a Reportable Disturbance condition whenever a group member has experienced
a Reportable Disturbance and calls for the activation of Contingency Reserves from one or
more other group members. (If a group member has experienced a Reportable Disturbance
but does not call for reserve activation from other members of the Reserve Sharing Group,
then that member shall report as a single Balancing Authority.) Compliance may be
demonstrated by either of the following two methods:
R5.1. The Reserve Sharing Group reviews group ACE (or equivalent) and demonstrates
compliance to the DCS. To be in compliance, the group ACE (or its equivalent) must
meet the Disturbance Recovery Criterion after the schedule change(s) related to reserve
sharing have been fully implemented, and within the Disturbance Recovery Period.
or
R5.2. The Reserve Sharing Group reviews each members ACE in response to the activation
of reserves. To be in compliance, a members ACE (or its equivalent) must meet the
Disturbance Recovery Criterion after the schedule change(s) related to reserve sharing
have been fully implemented, and within the Disturbance Recovery Period.
R6. A Balancing Authority or Reserve Sharing Group shall fully restore its Contingency Reserves
within the Contingency Reserve Restoration Period for its Interconnection.
R6.1. The Contingency Reserve Restoration Period begins at the end of the Disturbance
Recovery Period.
R6.2. The default Contingency Reserve Restoration Period is 90 minutes.
C. Measures
M1. A Balancing Authority or Reserve Sharing Group shall calculate and report compliance with
the Disturbance Control Standard for all Disturbances greater than or equal to 80% of the
magnitude of the Balancing Authoritys or of the Reserve Sharing Groups most severe single
contingency loss. Regions may, at their discretion, require a lower reporting threshold.
Disturbance Control Standard is measured as the percentage recovery (R
i
).

For loss of generation:

if ACE
A
< 0
then

0 -10 -20 -30
0
ACE
-80
-40
% 100 *
) , 0 max(
Loss
M A Loss
i
MW
ACE ACE MW
R

=

if ACE
A
> 0
then
% 100 *
) , 0 max(
Loss
M Loss
i
MW
ACE MW
R

=

where:
MW
LOSS
is the MW size of the Disturbance as
measured at the beginning of the loss,
ACE
A
is the pre-disturbance ACE,
ACE
M
is the maximum algebraic value of ACE measured within the fifteen minutes
following the Disturbance. A Balancing Authority or Reserve Sharing Group may, at
its discretion, set ACE
M
= ACE
15

min
, and
The Balancing Authority or Reserve Sharing Group shall record the MW
LOSS
value as
measured at the site of the loss to the extent possible. The value should not be measured as a
change in ACE since governor response and AGC response may introduce error.
The Balancing Authority or Reserve Sharing Group shall base the value for ACE
A
on the
average ACE over the period just prior to the start of the Disturbance (10 and 60 seconds prior
and including at least 4 scans of ACE). In the illustration below, the horizontal line represents
an averaging of ACE for 15 seconds prior to the start of the Disturbance with a result of ACE
A

= - 25 MW.

The average percent recovery is the arithmetic average of all the calculated R
i
s for Reportable
Disturbances during a given quarter. Average percent recovery is similarly calculated for
excludable Disturbances.
D. Compliance
Compliance with the DCS shall be measured on a percentage basis as set forth in the measures
above.
Each Balancing Authority or Reserve Sharing Group shall submit one completed copy of DCS
Form, NERC Control Performance Standard Survey All Interconnections to its Resources
Subcommittee Survey Contact no later than the 10th day following the end of the calendar
quarter (i.e. April 10th, July 10th, October 10th, January 10th). The Regional Entity must
submit a summary document reporting compliance with DCS to NERC no later than the 20
th

day of the month following the end of the quarter.
1.1. Compliance Enforcement Authority
Regional Entity.
Compliance for DCS will be evaluated for each reporting period. Reset is one calendar
quarter without a violation.
1.3. Compliance Monitoring and Enforcement Processes:
Compliance Audits
Self-Certifications
Spot Checking
Compliance Violation Investigations
Self-Reporting
Complaints
1.4. Data Retention
The data that support the calculation of DCS are to be retained in electronic form for at
least a one-year period. If the DCS data for a Reserve Sharing Group and Balancing
Area are undergoing a review to address a question that has been raised regarding the
data, the data are to be saved beyond the normal retention period until the question is
formally resolved.
Reportable Disturbances Reportable Disturbances are contingencies that are greater
than or equal to 80% of the most severe single Contingency. A Regional Reliability
Organization, sub-Regional Reliability Organization or Reserve Sharing Group may
optionally reduce the 80% threshold, provided that normal operating characteristics are
not being considered or misrepresented as contingencies. Normal operating
characteristics are excluded because DCS only measures the recovery from sudden,
unanticipated losses of supply-side resources.
Simultaneous Contingencies Multiple Contingencies occurring within one minute
or less of each other shall be treated as a single Contingency. If the combined
magnitude of the multiple Contingencies exceeds the most severe single Contingency,
the loss shall be reported, but excluded from compliance evaluation.
Multiple Contingencies within the Reportable Disturbance Period Additional
Contingencies that occur after one minute of the start of a Reportable Disturbance but
before the end of the Disturbance Recovery Period can be excluded from evaluation.
The Balancing Authority or Reserve Sharing Group shall determine the DCS
compliance of the initial Reportable Disturbance by performing a reasonable
estimation of the response that would have occurred had the second and subsequent
contingencies not occurred.
Multiple Contingencies within the Contingency Reserve Restoration Period
Additional Reportable Disturbances that occur after the end of the Disturbance
Recovery Period but before the end of the Contingency Reserve Restoration Period
shall be reported and included in the compliance evaluation. However, the Balancing
Authority or Reserve Sharing Group can request a waiver from the Resources
Subcommittee for the event if the contingency reserves were rendered inadequate by
prior contingencies and a good faith effort to replace contingency reserve can be
shown.
2. Levels of Non-Compliance
Each Balancing Authority or Reserve Sharing Group not meeting the DCS during a given
calendar quarter shall increase its Contingency Reserve obligation for the calendar quarter
(offset by one month) following the evaluation by the NERC or Compliance Monitor [e.g. for
the first calendar quarter of the year, the penalty is applied for May, June, and July.] The
increase shall be directly proportional to the non-compliance with the DCS in the preceding
quarter. This adjustment is not compounded across quarters, and is an additional percentage
of reserve needed beyond the most severe single Contingency. A Reserve Sharing Group may
choose an allocation method for increasing its Contingency Reserve for the Reserve Sharing
Group provided that this increase is fully allocated.
A representative from each Balancing Authority or Reserve Sharing Group that was non-
compliant in the calendar quarter most recently completed shall provide written
documentation verifying that the Balancing Authority or Reserve Sharing Group will apply
the appropriate DCS performance adjustment beginning the first day of the succeeding month,
and will continue to apply it for three months. The written documentation shall accompany
the quarterly Disturbance Control Standard Report when a Balancing Authority or Reserve
Sharing Group is non-compliant.
3. Violation Severity Levels (no changes)
None identified.

Version History
0 April 1, 2005 Effective Date New
0 February 14,
2006
Revised graph on page 3, 10 min. to
Recovery time. Removed fourth bullet.
Errata
1 TBD Modified to address Order No. 693
Directives contained in paragraph 321.
Revised.

Standard BAL-002-1a Disturbance Control Performance
1
A. Introduction
1. Title: Disturbance Control Performance
2. Number: BAL-002-1a
3. Purpose: The purpose of the Disturbance Control Standard (DCS) is to ensure the
Balancing Authority is able to utilize its Contingency Reserve to balance resources and
demand and return Interconnection frequency within defined limits following a Reportable
Disturbance. Because generator failures are far more common than significant losses of load
and because Contingency Reserve activation does not typically apply to the loss of load, the
application of DCS is limited to the loss of supply and does not apply to the loss of load.
4. Applicability:
4.2. Reserve Sharing Groups (Balancing Authorities may meet the requirements of
Standard 002 through participation in a Reserve Sharing Group.)
4.3. Regional Reliability Organizations
B. Requirements
R1. Each Balancing Authority shall have access to and/or operate Contingency Reserve to respond
to Disturbances. Contingency Reserve may be supplied from generation, controllable load
resources, or coordinated adjustments to Interchange Schedules.
R1.1. A Balancing Authority may elect to fulfill its Contingency Reserve obligations by
participating as a member of a Reserve Sharing Group. In such cases, the Reserve
Sharing Group shall have the same responsibilities and obligations as each Balancing
Authority with respect to monitoring and meeting the requirements of Standard BAL-
002.
R2. Each Regional Reliability Organization, sub-Regional Reliability Organization or Reserve
Sharing Group shall specify its Contingency Reserve policies, including:
R2.1. The minimum reserve requirement for the group.
R2.2. Its allocation among members.
R2.3. The permissible mix of Operating Reserve Spinning and Operating Reserve
Supplemental that may be included in Contingency Reserve.
R2.4. The procedure for applying Contingency Reserve in practice.
R2.5. The limitations, if any, upon the amount of interruptible load that may be included.
R2.6. The same portion of resource capacity (e.g. reserves from jointly owned generation)
shall not be counted more than once as Contingency Reserve by multiple Balancing
Authorities.
R3. Each Balancing Authority or Reserve Sharing Group shall activate sufficient Contingency
Reserve to comply with the DCS.
R3.1. As a minimum, the Balancing Authority or Reserve Sharing Group shall carry at least
enough Contingency Reserve to cover the most severe single contingency. All
Balancing Authorities and Reserve Sharing Groups shall review, no less frequently
2
than annually, their probable contingencies to determine their prospective most severe
single contingencies.
Reportable Disturbance was positive or equal to zero. For negative initial ACE values
just prior to the Disturbance, the Balancing Authority shall return ACE to its pre-
Disturbance value.
R4.2. The default Disturbance Recovery Period is 15 minutes after the start of a Reportable
Disturbance.
R5. Each Reserve Sharing Group shall comply with the DCS. A Reserve Sharing Group shall be
considered in a Reportable Disturbance condition whenever a group member has experienced
a Reportable Disturbance and calls for the activation of Contingency Reserves from one or
more other group members. (If a group member has experienced a Reportable Disturbance
but does not call for reserve activation from other members of the Reserve Sharing Group,
then that member shall report as a single Balancing Authority.) Compliance may be
demonstrated by either of the following two methods:
R5.1. The Reserve Sharing Group reviews group ACE (or equivalent) and demonstrates
compliance to the DCS. To be in compliance, the group ACE (or its equivalent) must
meet the Disturbance Recovery Criterion after the schedule change(s) related to reserve
sharing have been fully implemented, and within the Disturbance Recovery Period.
or
R5.2. The Reserve Sharing Group reviews each members ACE in response to the activation
of reserves. To be in compliance, a members ACE (or its equivalent) must meet the
Disturbance Recovery Criterion after the schedule change(s) related to reserve sharing
R6. A Balancing Authority or Reserve Sharing Group shall fully restore its Contingency Reserves
within the Contingency Reserve Restoration Period for its Interconnection.
R6.1. The Contingency Reserve Restoration Period begins at the end of the Disturbance
Recovery Period.
R6.2. The default Contingency Reserve Restoration Period is 90 minutes.
C. Measures
M1. A Balancing Authority or Reserve Sharing Group shall calculate and report compliance with
the Disturbance Control Standard for all Disturbances greater than or equal to 80% of the
magnitude of the Balancing Authoritys or of the Reserve Sharing Groups most severe single
contingency loss. Regions may, at their discretion, require a lower reporting threshold.
Disturbance Control Standard is measured as the percentage recovery (R
i
).

For loss of generation:

if ACE
A
<0
then

3
0 -10 -20 -30
0
ACE
-80
-40
% 100 *
) , 0 max(
Loss
M A Loss
i
MW
ACE ACE MW
R

if ACE
A
>0
then
% 100 *
) , 0 max(
Loss
M Loss
i
MW
ACE MW
R

where:
MW
LOSS
is the MW size of the Disturbance as
measured at the beginning of the loss,
ACE
A
is the pre-disturbance ACE,
ACE
M
is the maximum algebraic value of ACE measured within the fifteen minutes
following the Disturbance. A Balancing Authority or Reserve Sharing Group may, at
its discretion, set ACE
M
=ACE
15

min
, and
The Balancing Authority or Reserve Sharing Group shall record the MW
LOSS
value as
measured at the site of the loss to the extent possible. The value should not be measured as a
change in ACE since governor response and AGC response may introduce error.
The Balancing Authority or Reserve Sharing Group shall base the value for ACE
A
on the
average ACE over the period just prior to the start of the Disturbance (10 and 60 seconds prior
and including at least 4 scans of ACE). In the illustration below, the horizontal line represents
an averaging of ACE for 15 seconds prior to the start of the Disturbance with a result of ACE
A

=- 25 MW.

The average percent recovery is the arithmetic average of all the calculated R
i
s for Reportable
Disturbances during a given quarter. Average percent recovery is similarly calculated for
excludable Disturbances.
D. Compliance
4
Compliance with the DCS shall be measured on a percentage basis as set forth in the measures
above.
Each Balancing Authority or Reserve Sharing Group shall submit one completed copy of DCS
Form, NERC Control Performance Standard Survey All Interconnections to its Resources
Subcommittee Survey Contact no later than the 10th day following the end of the calendar
quarter (i.e. April 10th, J uly 10th, October 10th, J anuary 10th). The Regional Entity must
submit a summary document reporting compliance with DCS to NERC no later than the 20
th

day of the month following the end of the quarter.
Regional Entity.
Compliance for DCS will be evaluated for each reporting period. Reset is one calendar
quarter without a violation.
Compliance Audits
Self-Certifications
Spot Checking
Self-Reporting
Complaints
1.4. Data Retention
The data that support the calculation of DCS are to be retained in electronic form for at
least a one-year period. If the DCS data for a Reserve Sharing Group and Balancing
Area are undergoing a review to address a question that has been raised regarding the
data, the data are to be saved beyond the normal retention period until the question is
formally resolved.
Reportable Disturbances Reportable Disturbances are contingencies that are greater
than or equal to 80% of the most severe single Contingency. A Regional Reliability
Organization, sub-Regional Reliability Organization or Reserve Sharing Group may
optionally reduce the 80% threshold, provided that normal operating characteristics are
not being considered or misrepresented as contingencies. Normal operating
characteristics are excluded because DCS only measures the recovery from sudden,
unanticipated losses of supply-side resources.
Simultaneous Contingencies Multiple Contingencies occurring within one minute
or less of each other shall be treated as a single Contingency. If the combined
magnitude of the multiple Contingencies exceeds the most severe single Contingency,
the loss shall be reported, but excluded from compliance evaluation.
Multiple Contingencies within the Reportable Disturbance Period Additional
Contingencies that occur after one minute of the start of a Reportable Disturbance but
before the end of the Disturbance Recovery Period can be excluded from evaluation.
The Balancing Authority or Reserve Sharing Group shall determine the DCS
compliance of the initial Reportable Disturbance by performing a reasonable
5
estimation of the response that would have occurred had the second and subsequent
contingencies not occurred.
Multiple Contingencies within the Contingency Reserve Restoration Period
Additional Reportable Disturbances that occur after the end of the Disturbance
Recovery Period but before the end of the Contingency Reserve Restoration Period
shall be reported and included in the compliance evaluation. However, the Balancing
Authority or Reserve Sharing Group can request a waiver from the Resources
Subcommittee for the event if the contingency reserves were rendered inadequate by
prior contingencies and a good faith effort to replace contingency reserve can be
shown.
Each Balancing Authority or Reserve Sharing Group not meeting the DCS during a given
calendar quarter shall increase its Contingency Reserve obligation for the calendar quarter
(offset by one month) following the evaluation by the NERC or Compliance Monitor [e.g. for
the first calendar quarter of the year, the penalty is applied for May, J une, and J uly.] The
increase shall be directly proportional to the non-compliance with the DCS in the preceding
quarter. This adjustment is not compounded across quarters, and is an additional percentage
of reserve needed beyond the most severe single Contingency. A Reserve Sharing Group may
choose an allocation method for increasing its Contingency Reserve for the Reserve Sharing
Group provided that this increase is fully allocated.
A representative from each Balancing Authority or Reserve Sharing Group that was non-
compliant in the calendar quarter most recently completed shall provide written
documentation verifying that the Balancing Authority or Reserve Sharing Group will apply
the appropriate DCS performance adjustment beginning the first day of the succeeding month,
and will continue to apply it for three months. The written documentation shall accompany
the quarterly Disturbance Control Standard Report when a Balancing Authority or Reserve
Sharing Group is non-compliant.
None identified.

Version History
0 February 14,
2006
Revised graph on page 3, 10 min. to
Recovery time. Removed fourth bullet.
Errata
1 August 5, 2010 Adopted by the NERC Board of Trustees Modified to address
Order No. 693 Directives
contained in paragraph
321.
1a November 7,
2012
Interpretation Adopted by the NERC Board
of Trustees

6
Appendix 1
Request for an Interpretation of a Reliability Standard
Date submitted: September 2, 2009
Date accepted: September 2, 2009
Contact information for person requesting the interpretation:
Name: Northwest Power Pool Reserve Sharing Group, in care of Jerry Rust, Agent
Organization: Northwest Power Pool Reserve Sharing Group
Telephone: 503-445-1074
E-mail: jerry.rust@nwpp.org
Identify the standard that needs clarification:
Standard Number (include version number): BAL-002-0
Standard Title: Disturbance Control Performance
Identify specifically what requirement needs clarification:
Requirement Number and Text of Requirement:
B. Requirements
***
Reportable Disturbance was positive or equal to zero. For negative initial ACE values just
prior to the Disturbance, the Balancing Authority shall return ACE to its pre-Disturbance
value.
R4.2. The default Disturbance Recovery Period is 15 minutes after the start of a
Reportable Disturbance. This period may be adjusted to better suit the needs of an
Interconnection based on analysis approved by the NERC Operating Committee.
***
R5. Each Reserve Sharing Group shall comply with the DCS. A Reserve Sharing Group shall
be considered in a Reportable Disturbance condition whenever a group member has
experienced a Reportable Disturbance and calls for the activation of Contingency Reserves
from one or more other group members. *** Compliance may be demonstrated by either
of the following two methods:
R.5.1 The Reserve Sharing Group reviews group ACE (or equivalent) and
demonstrates compliance to the DCS. To be in compliance, the group ACE (or its equivalent)
must meet the Disturbance Recovery Criterion after the schedule change(s) related to
7
reserve sharing have been fully implemented, and within the Disturbance Recovery Period.
or
R.5.2. The Reserve Sharing Group reviews each members ACE in response to the
activation of reserves. To be in compliance, a members ACE (or its equivalent) must meet
the Disturbance Recovery Criterion after the schedule change(s) related to reserve sharing
***
D. Compliance
***
1.4 Additional Compliance Information
***
Simultaneous Contingencies Multiple Contingencies occurring within one
minute or less of each other shall be treated as a single Contingency. If the
combined magnitude of the multiple Contingencies exceeds the most severe
single Contingency, the loss shall be reported, but excluded from compliance
evaluation.
Multiple Contingencies within the Reportable Disturbance Period
Additional Contingencies that occur after one minute of the start of a Reportable
Disturbance but before the end of the Disturbance Recovery Period can be
excluded from evaluation. The Balancing Authority or Reserve Sharing Group
shall determine the DCS compliance of the initial Reportable Disturbance by
performing a reasonable estimation of the response that would have occurred
had the second and subsequent contingencies not occurred.
Clarification needed:
The Northwest Power Pool Reserve Sharing Group respectfully requests clarification as to
whether:
(1) although a Disturbance
1
that exceeds the most severe single Contingency must be
reported by the Balancing Authority or Reserve Sharing Group (as applicable), the
Disturbance is excluded from compliance evaluation for the applicable Balancing
Authority or Reserve Sharing Group;
(2) with respect to either simultaneous Contingencies or non-simultaneous multiple
Contingencies affecting a Reserve Sharing Group, the exclusion from compliance
evaluation for Disturbances exceeding the most severe single Contingency applies
both when (a) all Contingencies occur within a single Balancing Authority member of
the Reserve Sharing Group and (b) different Balancing Authorities within the Reserve
Sharing Group experience separate Contingencies that occur simultaneously, or non-
simultaneously but before the end of the Disturbance Recovery Period following the
first Reportable Disturbance; and
(3) the meaning of the phrase excluded from compliance evaluation as used in
Section 1.4 (Additional Compliance Information) of Part D of BAL-002-0 and for
purposes of the preceding statements is that, with respect to Disturbances that
exceed the most severe single Contingency for a Balancing Authority or Reserve

1
Irrespective of cause, including a single event, simultaneous Contingencies, or non-simultaneous multiple
Contingencies.
8
Sharing Group (as applicable), a violation of BAL-002-0 does not occur even if ACE is
not recovered within the Disturbance Recovery Period (15 minutes unless adjusted
pursuant to BAL-002-0, R4.2).

Identify the material impact associated with this interpretation:

Clarification is needed to avoid applications of BAL-002-0 that would render the reserve
requirement specified in R3.1 of BAL-002-0 (which calls for enough Contingency Reserve to
cover the most severe single Contingency) meaningless. The intent of BAL-002-0 is that
all Contingencies greater than or equal to 80% of the most severe single Contingency
constitute Reportable Disturbances. See Section 1.4 of Part D of BAL-002-0 (where the
Additional Compliance Information includes a definition of Reportable Disturbance).
If a Balancing Authority were to experience a Contingency below the Reportable Disturbance
level, it would be expected to recover ACE within 15 minutes, even though the literal words
of R4 of BAL-002-0 do not say this. Conversely, if a Balancing Authority were to experience
a Disturbance five times greater than its most severe single Contingency, it would be
required to report this Disturbance, but would not be required to recover ACE within 15
minutes following a Disturbance of this magnitude.
Any other interpretation would result in treating BAL-002-0 as if it required Balancing
Authorities and Reserve Sharing Groups to recover ACE (to zero or pre-Disturbance levels,
as applicable) within the 15-minute Disturbance Recovery Period without regard to
Disturbance magnitude. This is inconsistent with (a) the reserve requirement specified in
R3.1 of BAL-002-0, (b) the text of Section 1.4 of Part D of BAL-002-0, and (c) the
documented history of the development of BAL-002-0 (see, e.g., Performance Standards
Document, Version 3 (as accepted by NERC Resources Subcommittee on October 23, 2007),
which provides in Section D, Disturbance Control Standard, DCS, that An excludable
disturbance is a disturbance whose magnitude was greater than the magnitude of the most
severe single contingency.)
Furthermore, lack of clarity on the interpretation of this standard potentially has significant
financial and operational impacts on all Balancing Authorities and Reserve Sharing Groups.
If the standard is interpreted to require that ACE be returned to zero even for a Disturbance
that exceeds the most severe single Contingency, a Balancing Authority could be required to
take drastic operational actions, even when other measures of system reliability (voltage
stability, normal frequency, operation within system operating limits, etc.) indicate
otherwise.
Response:
The Balancing Authority Controls Standard Drafting Team was originally assigned to provide
a response to the interpretation request. The original interpretation failed to achieve a two-
thirds approval from the industry. NERC appointed a new IDT to develop this interpretation.
On July 24, 2012, the team provided the following response to the questions raised:
Question 1: Although a Disturbance
2
that exceeds the most severe single
Contingency must be reported by the Balancing Authority or Reserve
Sharing Group (as applicable), is the Disturbance excluded from

2
Irrespective of cause, including a single event, simultaneous Contingencies, or non-simultaneous multiple
Contingencies.
9
compliance evaluation for the applicable Balancing Authority or
Reserve Sharing Group?
Response: The IDT agrees that the Disturbance would be excluded from
compliance. The BAL-002 Additional Compliance Information section clearly
states:
Simultaneous Contingencies Multiple contingencies occurring within one
combined magnitude of the multiple Contingencies exceeds the most severe
single Contingency, the loss shall be reported, but excluded from compliance
evaluation.
For clarity the IDT would like to explain the Teams basis concerning some of the
terminology used.
Most Severe Single Contingency (MSSC) this can be the loss of the BAs
or RSGs single largest operating generator, or it can be a known common
mode failure that causes more than one generator to fail when the contingency
occurs; or it can be a firm transaction. Although Requirement R3.1 mandates
an annual review that does not mean an annual value. Note that Requirement
R3.1 determines a prospective MSSC. MSSC is a variable that the BA knows
and operates to in real time. The largest operating generator is known and
monitored by a BA. The largest known common mode failure is predefined for
the BA; the largest single firm transaction is approved by the BA. Thus the BA
knows its MSSC which can vary from hour to hour and minute to minute.
To be clear a BA is responsible for the MSSC at all times (the MSSC value at
any given time may be more or less than the annually identified prospective
MSSC).
An undefined common mode failure can occur but it is exempted from R4s
requirement to meet the BAs or RSGs disturbance recovery criteria within the
Disturbance Recovery Period. An undefined common mode failure (i.e. a
disturbance that exceeds the MSSC) must be reported to allow the ERO to help
ensure that it is not a continuing condition.
BAL-002 has two categories (1) Compliance and reporting (for Reportable
Disturbances that must comply with the disturbance recovery criteria within the
Disturbance Recovery Period) and (2) Reporting only (for specified disturbances and
system conditions) events that are excluded from meeting Requirement R4
requirement.
The Compliance and reporting category is designed to be used to accumulate all
DCS events that are subject to compliance to BAL-002 Requirement R4 (i.e. recover
ACE within 15 minutes). These include all single assets as well as all pre-defined
common mode failures. The standard originally created R
i
(the average percent
recovery for a Reportable Disturbance) as a measure of the quarterly compliance for
Reportable Disturbances. Where all events greater than 80% were mandatory to
report and those less than 80% were permitted to be reported (thus encouraging
reporting smaller events).
The Reporting only category is designed to track multiple contingency events that
are not subject to Requirement R4. This category is designed to ensure that common
mode (single point of failures) events are not missed. Thus if two or more
contingencies repeatedly occur, the expectation was that the ERO would have the
information to alert the BA that the two contingencies must be considered as a single
10
event and thus considered as the MSSC.
The Performance Standard Reference document initially included with the DCS
standard does states Where RSGs exist, the Regional Reliability Council is to decide
either to report on a BA basis or an RSG basis. If an RSG has dynamic membership
then required to report on a BA basis.
Question 2: With respect to either simultaneous Contingencies or non-
simultaneous multiple Contingencies affecting a Reserve Sharing
Group, does the exclusion from compliance evaluation for
Disturbances exceeding the most severe single Contingency apply
both when (a) all Contingencies occur within a single Balancing
Authority member of the Reserve Sharing Group and (b) different
Balancing Authorities within the Reserve Sharing Group experience
separate Contingencies that occur simultaneously, or non-
simultaneously but before the end of the Disturbance Recovery Period
following the first Reportable Disturbance?
Response: Requirement R5 is directed to RSGs, where RSG is defined in the NERC
Glossary as:
A group whose members consist of two or more Balancing Authorities
that collectively maintain, allocate, and supply operating reserves
required for each Balancing Authoritys use in recovering from
contingencies within the group. Scheduling energy from an Adjacent
Balancing Authority to aid recovery need not constitute reserve sharing
provided the transaction is ramped in over a period the supplying party
could reasonably be expected to load generation in (e.g., ten minutes). If
the transaction is ramped in quicker (e.g., between zero and ten
minutes) then, for the purposes of Disturbance Control Performance, the
Areas become a Reserve Sharing Group.
The standard provides flexibility to BAs regarding the use or non-use of RSGs
(Requirement R1.1). Requirement R2 affords the members flexibility in how they
organize themselves.
Requirement R1.1 allows, at the option of a BA, or RSG to take on all or part of the
responsibilities that BAL-002 places on a BA. However, Requirement R5 allows a BA
to call for activation of reserves [aka dynamic allocation of membership] moreover,
there is no ad hoc recognition of such an RSGs multiple contingencies since a
contingency in one BA may or not be referred to the RSG, and the simultaneous
contingency in another BA is unknown.
The Technical Document does allow for a pre-acknowledged RSG to report on a
composite basis. It can be interpreted that such a pre-acknowledged RSG entity
assumes all of the obligations and rights afforded to a single BA and in that case
such an RSG would be afforded the same Exclusions as the Exclusions afforded a BA.
In summary, the interpretation is as follows:
The Standard was written to provide pre-acknowledged RSGs the same
considerations as a single BA for purposes of exclusions from DCS
compliance evaluation. Thus for a pre-acknowledged RSG the exclusion rules
would be used in the same manner as they would be used for a single BA.
This applies to both multiple contingencies occurring within one minute or
less of each other being treated as a single Contingency and to
Contingencies that occur after one minute of the start of a Reportable
11
Disturbance but before the end of the Disturbance Recovery Period.

The standard, while recognizing dynamically allocated RSGs, does NOT
provide the members of dynamically allocated RSGs exclusions from DCS
compliance evaluation on an RSG basis. For members of dynamically allocated
RSGs, the exclusions are provided only on a member BA by member BA basis.
Question 3: Clarify the meaning of the phrase excluded from compliance
evaluation as used in Section 1.4 (Additional Compliance
Information) of Part D of BAL-002-0 and for purposes of the
preceding statements, with respect to Disturbances that exceed the
most severe single Contingency for a Balancing Authority or Reserve
Sharing Group (as applicable), does BAL-002-0 require ACE to be
recovered within the Disturbance Recovery Period (15 minutes unless
adjusted pursuant to BAL-002-0, R4.2).
Response: The Additional Compliance Information section clearly states:
Simultaneous contingencies Multiple contingencies occurring within one
combined magnitude of the multiple Contingencies exceeds the Most Severe
Single Contingency, the loss shall be reported, but excluded from compliance
evaluation.
Although Requirement R3 does mandate that a BA or RSG activate sufficient
Contingency Reserves to comply with DCS for every Reportable Disturbance, there is
no requirement to comply with or even report disturbances that are below the
Reportable Disturbance level. The averaging obligation does incent calculation and
reporting of such lesser events.
If a Balancing Authority were to experience a Disturbance five times greater than its
most severe single Contingency, it would be required to report this Disturbance,
but would not be required to recover ACE within 15 minutes following a Disturbance
of this magnitude.
An excludable disturbance is a disturbance whose magnitude was greater than the
magnitude of the most severe single contingency. Any other interpretation would
result in treating BAL-002-0 as if it required Balancing Authorities and Reserve
Sharing Groups to recover ACE (to zero or pre-Disturbance levels, as applicable)
within the 15-minute Disturbance Recovery Period without regard to Disturbance
magnitude. This is inconsistent with (a) the reserve requirement specified in R3.1 of
BAL-002-0, (b) the text of Section 1.4 of Part D of BAL-002-0, and (c) the
documented history of the development of BAL-002-0 (see, e.g., Performance
Standards Document, Version 3 (as accepted by NERC Resources Subcommittee on
October 23, 2007), which provides in Section D, Disturbance Control Standard, DCS,
that An excludable disturbance is a disturbance whose magnitude was greater than
the magnitude of the most severe single contingency.)

WECC Standard BAL-002-WECC-2 Contingency Reserve
1

A. Introduction

1. Title: Contingency Reserve

2. Number: BAL-002-WECC-2

3. Purpose: To specify the quantity and types of Contingency Reserve required to
ensure reliability under normal and abnormal conditions.
4. Applicability:

4.1 Balancing Authority

4.1.1. The Balancing Authority is the responsible entity unless the Balancing
Authority is a member of a Reserve Sharing Group, in which case, the
Reserve Sharing Group becomes the responsible entity.

4.2 Reserve Sharing Group

4.2.1. The Reserve Sharing Group when comprised of a Source Balancing
Authority becomes the source Reserve Sharing Group.

4.2.2. The Reserve Sharing Group when comprised of a Sink Balancing
Authority becomes the sink Reserve Sharing Group.

5. Effective Date: On the first day of the third quarter following applicable regulatory
approval.

B. Requirements and Measures

R1. Each Balancing Authority and each Reserve Sharing Group shall maintain a
minimum amount of Contingency Reserve, except within the first sixty minutes
following an event requiring the activation of Contingency Reserve, that is: [Violation
Risk Factor: High] [Time Horizon: Real-time operations]

1.1 The greater of either:
The amount of Contingency Reserve equal to the loss of the most severe
single contingency;
The amount of Contingency Reserve equal to the sum of three percent of
hourly integrated Load plus three percent of hourly integrated generation.

1.2 Comprised of any combination of the reserve types specified below:
2

Operating Reserve Spinning
Operating Reserve - Supplemental
Interchange Transactions designated by the Source Balancing Authority as
Operating Reserve Supplemental
Reserve held by other entities by agreement that is deliverable on Firm
Transmission Service
A resource, other than generation or load, that can provide energy or
reduce energy consumption
Load, including demand response resources, Demand-Side Management
resources, Direct Control Load Management, Interruptible Load or
Interruptible Demand, or any other Load made available for curtailment by
the Balancing Authority or the Reserve Sharing Group via contract or
agreement.
All other load, not identified above, once the Reliability Coordinator has
declared an energy emergency alert signifying that firm load interruption is
imminent or in progress.

1.3 Based on real-time hourly load and generating energy values averaged over
each Clock Hour (excluding Qualifying Facilities covered in 18 C.F.R.
292.101, as addressed in FERC Order 464).

1.4 An amount of capacity from a resource that is deployable within ten minutes.

M1. Each Balancing Authority and each Reserve Sharing Group will have documentation
demonstrating its Contingency Reserve was maintained, except within the first sixty
minutes following an event requiring the activation of Contingency Reserve.

Part 1.1

Each Balancing Authority and each Reserve Sharing Group will have dated
documentation that demonstrates its Contingency Reserve was maintained in
accordance with the amounts identified in Requirement R1, Part 1.1, except within
the first sixty minutes following an event requiring the activation of Contingency
Reserve.

Attachment A is a practical illustration showing how the generation amount may be
calculated under Requirement R1.

Where Dynamic Schedules are used as part of the generation amount
upon which Contingency Reserve is predicated, additional evidence of
compliance with Requirement R1, Part 1.1 may include, but is not limited
3

to, documentation showing a reciprocal acknowledgement as to which
entity is carrying the reserves. This transfer may be all or some portion of
the physical generator and is not limited to the entire physical capability
of the generator.

Where Pseudo-Ties are used as part of the generation amount upon
which Contingency Reserve is predicated, additional evidence of
compliance with Requirement R1, Part 1.1, may include, but is not limited
to, documentation accounting for the transfers included in the Pseudo-
Ties.

Part 1.2

documentation that demonstrates compliance with Requirement R1, Part 1.2.
Evidence may include, but is not limited to, documentation that reserves were
comprised of the types listed in Requirement R1, Part 1.2 for purposes of meeting
the Contingency Reserve obligation of Requirement R1. Additionally, for purposes
of the last bullet of Requirement R1, Part 1.2, evidence of compliance may include,
but is not limited to, documentation that the reliability coordinator had issued an
energy emergency alert, indicating that firm Load interruption was imminent or was
in progress.

Part 1.3

documentation that demonstrates compliance with Requirement R1, Part 1.3.
Evidence of compliance with Requirement R1, Part 1.3 may include, but is not
limited to, documentation that Contingency Reserve amounts are based upon load
and generating data averaged over each Clock Hour and excludes Qualifying
Facilities covered in 18 C.F.R. 292.101, as addressed in FERC Order 464.

Part 1.4

Evidence of compliance with Requirement R1, Part 1.4 may include, but is not
limited to, documentation that the reserves maintained to comply with Requirement
R1, Part 1.4 are fully deployable within ten minutes.

R2. Each Balancing Authority and each Reserve Sharing Group shall maintain at least
half of its minimum amount of Contingency Reserve identified in Requirement R1, as
Operating Reserve Spinning that meets both of the following reserve
characteristics. [Violation Risk Factor: High] [Time Horizon: Real-time operations]

2.1 Reserve that is immediately and automatically responsive to frequency
deviations through the action of a governor or other control system;

4

2.2 Reserve that is capable of fully responding within ten minutes.

M2. Each Balancing Authority and each Reserve Sharing Group will have dated
documentation that demonstrates it maintained at least half of the Contingency
Reserve identified in Requirement R1 as Operating Reserve Spinning, averaged
over each Clock Hour, that met both of the reserve characteristics identified in
Requirement R2, Part 2.1 and Requirement R2, Part 2.2.

R3. Each Sink Balancing Authority and each sink Reserve Sharing Group shall maintain
an amount of Operating Reserve, in addition to the minimum Contingency Reserve
in Requirement R1, equal to the amount of Operating ReserveSupplemental for
any Interchange Transaction designated as part of the Source Balancing Authoritys
Operating ReserveSupplemental or source Reserve Sharing Groups Operating
ReserveSupplemental, except within the first sixty minutes following an event
requiring the activation of Contingency Reserve. [Violation Risk Factor: High] [Time
Horizon: Real-time operations]

M3. Each Sink Balancing Authority and each sink Reserve Sharing Group will have
dated documentation demonstrating it maintained an amount of Operating Reserve,
in addition to the Contingency Reserve identified in Requirement R1, equal to the
amount of Operating ReserveSupplemental for any Interchange Transaction
designated as part of the Source Balancing Authoritys Operating Reserve
Supplemental or source Reserve Sharing Groups Operating Reserve
Supplemental, for the entire period of the transaction, except within the first sixty
minutes following an event requiring the activation of Contingency Reserves, in
accordance with Requirement 3.

R4. Each Source Balancing Authority and each source Reserve Sharing Group shall
maintain an amount of Operating Reserve, in addition to the minimum Contingency
Reserve amounts identified in Requirement R1, equal to the amount and type of
Operating Reserves for any Operating Reserve transactions for which it is the
Source Balancing Authority or source Reserve Sharing Group. [Violation Risk
Factor: High] [Time Horizon: Real-time operations]

M4. Each Source Balancing Authority and each source Reserve Sharing Group will have
dated documentation that demonstrates it maintained an amount of additional
Operating Reserves identified in Requirement R1, greater than or equal to the
amount and type of that identified in Requirement 4, for the entire period of the
transaction.

C. Compliance


1.1 Compliance Enforcement Authority
5

For entities that do not work for the Regional Entity, the Regional Entity shall
serve as the Compliance Enforcement Authority.
For Reliability Coordinators and other functional entities that work for their
Regional Entity, the ERO or a Regional Entity approved by the ERO and FERC
or other applicable governmental authorities shall serve as the Compliance
Enforcement Authority.
For responsible entities that are also Regional Entities, the ERO or a Regional
Entity approved by the ERO and FERC or other applicable governmental
authorities shall serve as the Compliance Enforcement Authority.

1.2 Compliance Monitoring and Assessment Processes:

Compliance Audit
Self-Certification
Spot Checking
Compliance Investigation
Self-Reporting
Complaint

1.3 Evidence Retention

The following evidence retention periods identify the period of time an entity is
required to retain specific evidence to demonstrate compliance. For instances
where the evidence retention period specified below is shorter than the time
since the last audit, the Compliance Enforcement Authority may ask an entity to
provide other evidence to show that it was compliant for the full time period
since the last audit.

Each Balancing Authority and each Reserve Sharing Group shall keep
evidence for Requirement R1 through R4 for three years plus calendar current.

1.4.1. This Standard shall apply to each Balancing Authority and each Reserve
Sharing Group that has registered with WECC as provided in Part 1.4.2
of Section C.

Each Balancing Authority identified in the registration with WECC as
provided in Part 1.4.2 of Section C shall be responsible for compliance
with this Standard through its participation in the Reserve Sharing Group
and not on an individual basis.
6

1.4.2. A Reserve Sharing Group may register as the Responsible Entity for
purposes of compliance with this Standard by providing written notice to
the WECC: 1) indicating that the Reserve Sharing Group is registering
as the Responsible Entity for purposes of compliance with this Standard,
2) identifying each Balancing Authority that is a member of the Reserve
Sharing Group, and 3) identifying the person or organization that will
serve as agent on behalf of the Reserve Sharing Group for purposes of
communications and data submissions related to or required by this
Standard.

1.4.3. If an agent properly designated in accordance with Part 1.4.2 of Section
C identifies individual Balancing Authorities within the Reserve Sharing
Group responsible for noncompliance at the time of data submission,
together with the percentage of responsibility attributable to each
identified Balancing Authority, then, except as may otherwise be finally
determined through a duly conducted review or appeal of the initial
finding of noncompliance: 1) any penalties assessed for noncompliance
by the Reserve Sharing Group shall be allocated to the individual
Balancing Authorities identified in the applicable data submission in
proportion to their respective percentages of responsibility as specified in
the data submission, 2) each Balancing Authority shall be solely
responsible for all penalties allocated to it according to its percentage of
responsibility as provided in subsection 1) of this Part 1.4.3 of Section C,
and 3) neither the Reserve Sharing Group nor any member of the
Reserve Sharing Group shall be responsible for any portion of a penalty
assessed against another member of the Reserve Sharing Group in
accordance with subsection 1) of this Part 1.4.3 of Section C (even if the
member of Reserve Sharing Group against which the penalty is
assessed is not subject to or otherwise fails to pay its allocated share of
the penalty).

1.4.4. If an agent properly designated in accordance with Part 1.4.2 of Section
C fails to identify individual Balancing Authorities within the Reserve
Sharing Group responsible for noncompliance at the time of data
submission or fails to specify percentages of responsibility attributable to
each identified Balancing Authority, any penalties for noncompliance
shall be assessed against the agent on behalf of the Reserve Sharing
Group, and it shall be the responsibility of the members of the Reserve
Sharing Group to allocate responsibility for such noncompliance.

1.4.5. Any Balancing Authority that is a member of a Reserve Sharing Group
that has failed to register as provided in Part 1.4.2 of Section C shall be
subject to this Standard on an individual basis.
7


R Time
Horizon
VRF Violation Severity Levels
R1 Real-time
Operations
High The Balancing
Authority or the
Reserve Sharing
Group that incurs
one Clock Hour,
during a
calendar month,
in which
Contingency
Reserve is less
than 100% but
greater than or
equal to 90% of
the required
Contingency
Reserve amount,
with the
characteristics
specified in
Requirement R1.
The Balancing
Authority or the
Reserve
Sharing Group
that incurs one
Clock Hour,
during a
calendar month,
in which
Contingency
Reserve is less
than 90% but
greater than or
equal to 80% of
the required
Contingency
Reserve
amount, with the
characteristics
specified in
Requirement
R1.
The Balancing
Authority or the
Reserve Sharing
Group that
incurs one Clock
Hour, during a
calendar month,
in which
Contingency
Reserve is less
than 80% but
greater than or
equal to 70% of
the required
Contingency
Reserve
amount, with the
characteristics
specified in
Requirement
R1.
The Balancing
Authority or the
Reserve
Sharing Group
that incurs one
Clock Hour,
during a
calendar month,
in which
Contingency
Reserve is less
than 70% of the
required
Contingency
Reserve
amount, with
the
characteristics
specified in
Requirement
R1.
R2 Real-time
Operations
High The Balancing
Authority or the
Reserve Sharing
Group that
incurs one Clock
Hour, during a
calendar month,
in which
Contingency
Reserve
Operating
Reserve -
Spinning is less
than 100% but
greater than or
equal to 90% of
the required
The Balancing
Authority or the
Reserve
Sharing Group
that incurs one
Clock Hour,
during a
calendar month,
in which
Contingency
Reserve
Operating
Reserve -
Spinning is less
than 90% but
greater than or
equal to 80% of
The Balancing
Authority or the
Reserve
Sharing Group
that incurs one
Clock Hour,
during a
calendar
month, in which
Contingency
Reserve
Operating
Reserve -
Spinning is less
than 80% but
greater than or
equal to 70% of
The Balancing
Authority or the
Reserve
Sharing Group
that incurs one
Clock Hour,
during a
calendar month,
in which
Contingency
Reserve
Operating
Reserve -
Spinning is less
than 70% of the
required
Operating
8

R Time
Horizon
Operating
Reserve
Spinning amount
specified in
Requirement R2,
and both
characteristics
were met.
the required
Operating
Reserve
Spinning
amount
specified in
Requirement
R2, and both
characteristics
were met.
the required
Operating
Reserve
Spinning
amount
specified in
Requirement
R2, and both
characteristics
were met.
Reserve
Spinning
amount
specified in
Requirement
R2, and both
characteristics
were met.
R3 Real-time
Operations
High The Balancing
Authority or the
Reserve Sharing
Group that
incurs one hour,
during a
calendar month,
in which
Contingency
Reserve is less
than 100% but
greater than or
equal to 90% of
the required
Operating
Reserve amount
specified in
Requirement R3.
The Balancing
Authority or the
Reserve
Sharing Group
that incurs one
hour, during a
calendar month,
in which
Contingency
Reserve is less
than 90% but
greater than or
equal to 80% of
the required
Operating
Reserve
amount
specified in
Requirement
R3.
The Balancing
Authority or the
Reserve
Sharing Group
that incurs one
hour, during a
calendar
month, in which
Contingency
Reserve is less
than 80% but
greater than or
equal to 70% of
the required
Operating
Reserve
amount
specified in
Requirement
R3.
The Balancing
Authority or the
Reserve
Sharing Group
that incurs one
hour, during a
calendar month,
in which
Contingency
Reserve is less
than 70% of the
required
Operating
Reserve
amount
specified in
Requirement
R3.
R4 Real-time
Operations
High The Balancing
Authority or the
Reserve Sharing
Group that
incurs one hour,
during a
calendar month,
in which
Contingency
Reserve
Operating
The Balancing
Authority or the
Reserve
Sharing Group
that incurs one
hour, during a
calendar month,
in which
Contingency
Reserve
Operating
The Balancing
Authority or the
Reserve
Sharing Group
that incurs one
hour, during a
calendar
month, in which
Contingency
Reserve
Operating
The Balancing
Authority or the
Reserve
Sharing Group
that incurs one
hour, during a
calendar month,
in which
Contingency
Reserve
Operating
9

R Time
Horizon
Reserve is less
than 100% but
greater than or
equal to 90% of
the required
Operating
Reserve amount
specified in
Requirement R4.
Reserve is less
than 90% but
greater than or
equal to 80% of
the required
Operating
Reserve
amount
specified in
Requirement
R4.
Reserve is less
than 80% but
greater than or
equal to 70% of
the required
Operating
Reserve
amount
specified in
Requirement
R4.
Reserve is less
than 70% of the
required
Operating
Reserve
amount
specified in
Requirement
R4.

D. Regional Variances
None.

E. Interpretations
None.

None.

10

Attachment A

Attachment A is illustrative only; it is not a requirement. Requirement R1 calls for an amount
of Contingency Reserve to be maintained, predicated on an amount of generation and load
required in Requirement R1, Part 1.1., specifically:

1.1 The greater of either:

The amount of Contingency Reserve equal to the loss of the most
severe single contingency;
The amount of Contingency Reserve equal to the sum of three
percent of hourly integrated Load plus three percent of hourly
integrated generation.

Attachment A illustrates one possible way to account for and calculate the amount of
generation upon which the Contingency Reserve amount is predicated.

Below is a practical illustration showing how the generation amount may be calculated under
Requirement R1 for Balancing Authorities (BA) and Reserve Sharing Groups (RSG).

BA1 / RSG 1 Generation Part of Generator

Generator 1 300 MWs online Yes
Generator 3 (Pseudo-Tied out to BA2) 100 MWs online No
Generator 4 QF (has backup contract) 10 MWs online No
Generator 5 QF in EMS 10 MWs online Yes

Dynamic Schedule to BA2 from BA1
1

(50 MWs)
Generation 620 MWs (The sum of gen 1-6)
BA generation (EMS) 510 MWs (The sum of gen 1, 2, and 5)
Generation to use Under BAL-002-WECC-1 460 MWs** (The sum of gen 1, 2 and 5
minus Dynamic Schedule)

** Assumes BA1 and BA2 agree on Dynamic Schedule treatment. If no agreement, BA1
would maintain reserves based on 510 MWs Generation.

BA2 / RSG2 Generation Part of Generator

Generator 11 100 MWs Yes

1
Note: This Dynamic Schedule is not the same as the Generator 3 Pseudo-Tie.
11

Generator 12 100 MWs Yes
Generator 3 (Pseudo-Tied in from BA1) 100 MWs Yes

Dynamic Schedule from BA1 to BA2 50 MWs Yes

Generation 300 MWs (The sum of gen 11, 12 and 3.)
BA generation (EMS) 300 MWs (The sum of gen 11, 12 and 3)
Generation to use Under BAL-002-WECC-1 350 MWs** (The sum of gen 11, 12 and 3
plus Dynamic Schedule)

** Assumes BA1 and BA2 agree on Dynamic Schedule treatment. If no agreement, BA1
would have to maintain reserves based on 510MWs Generation and BA2 would determine its
generation to be 300 MWs.

12

Guideline and Technical Basis

A Guidance Document addressing implementation of this standard has been filed with this
standard.

Version History

Version

Date Action Change Tracking
1 October 29, 2008
Adopted by NERC Board of
Trustees

1 October 21, 2010
Order issued remanding
BAL-002-WECC-1

2 November 7, 2012
Adopted by NERC Board of
Trustees

Standard BAL-003-0.1b Frequency Response and Bias
Page 1 of 5
A. Introduction
1. Title: Frequency Response and Bias
2. Number: BAL-003-0.1b
3. Purpose: This standard provides a consistent method for calculating the Frequency Bias
component of ACE.
4. Applicability:
4.1. Balancing Authorities.
5. Effective Date: Immediately after approval of applicable regulatory authorities.
B. Requirements
R1. Each Balancing Authority shall review its Frequency Bias Settings by January 1 of each year
and recalculate its setting to reflect any change in the Frequency Response of the Balancing
Authority Area.
R1.1. The Balancing Authority may change its Frequency Bias Setting, and the method used
to determine the setting, whenever any of the factors used to determine the current bias
value change.
R1.2. Each Balancing Authority shall report its Frequency Bias Setting, and method for
determining that setting, to the NERC Operating Committee.
R2. Each Balancing Authority shall establish and maintain a Frequency Bias Setting that is as
close as practical to, or greater than, the Balancing Authoritys Frequency Response.
Frequency Bias may be calculated several ways:
R2.1. The Balancing Authority may use a fixed Frequency Bias value which is based on a
fixed, straight-line function of Tie Line deviation versus Frequency Deviation. The
Balancing Authority shall determine the fixed value by observing and averaging the
Frequency Response for several Disturbances during on-peak hours.
R2.2. The Balancing Authority may use a variable (linear or non-linear) bias value, which is
based on a variable function of Tie Line deviation to Frequency Deviation. The
Balancing Authority shall determine the variable frequency bias value by analyzing
Frequency Response as it varies with factors such as load, generation, governor
characteristics, and frequency.
R3. Each Balancing Authority shall operate its Automatic Generation Control (AGC) on Tie Line
Frequency Bias, unless such operation is adverse to system or Interconnection reliability.
R4. Balancing Authorities that use Dynamic Scheduling or Pseudo-ties for jointly owned units
shall reflect their respective share of the unit governor droop response in their respective
R4.1. Fixed schedules for Jointly Owned Units mandate that Balancing Authority (A) that
contains the Jointly Owned Unit must incorporate the respective share of the unit
governor droop response for any Balancing Authorities that have fixed schedules (B
and C). See the diagram below.
R4.2. The Balancing Authorities that have a fixed schedule (B and C) but do not contain the
Jointly Owned Unit shall not include their share of the governor droop response in
their Frequency Bias Setting.

Page 2 of 5

R5. Balancing Authorities that serve native load shall have a monthly average Frequency Bias
Setting that is at least 1% of the Balancing Authoritys estimated yearly peak demand per 0.1
Hz change.
R5.1. Balancing Authorities that do not serve native load shall have a monthly average
Frequency Bias Setting that is at least 1% of its estimated maximum generation level in
the coming year per 0.1 Hz change.
R6. A Balancing Authority that is performing Overlap Regulation Service shall increase its
Frequency Bias Setting to match the frequency response of the entire area being controlled. A
Balancing Authority shall not change its Frequency Bias Setting when performing
Supplemental Regulation Service.
C. Measures
M1. Each Balancing Authority shall perform Frequency Response surveys when called for by the
Operating Committee to determine the Balancing Authoritys response to Interconnection
Frequency Deviations.
D. Compliance
Not Specified.
None identified.
1. Appendix 1 Interpretation of Requirement R3 (October 23, 2007).
2. Appendix 2 Interpretation of Requirements R2, R2.2, R5, and R5.1 (February 12, 2008).
Version History
0 August 8, 2005 Removed "Proposed" from Effective Date Errata
0 March 16, 2007
FERC Approval Order 693
New
A
B C
J ointly Owned Unit
Page 3 of 5
Addition
0a July 21, 2008 FERC Approval of Interpretation of R3 Addition
0b February 12, 2008 Added Appendix 2 Interpretation of R2,
R2.2, R5, and R5.1 approved by BOT on
February 12, 2008
Addition
0.1b January 16, 2008 Section F: added 1.; changed hyphen to en
dash. Changed font style for Appendix 1 to
Arial; updated version number to 0.1b
Errata
0.1b October 29, 2008 BOT approved errata changes Errata
0.1a May 13, 2009 FERC Approved errata changes version
changed to 0.1a (Interpretation of R2, R2.2,
R5, and R5.1 not yet approved)
Errata
0.1b May 21, 2009 FERC Approved Interpretation of R2, R2.2,
R5, and R5.1
Addition

Page 4 of 5
Appendix 1
Interpretation of Requirement 3
Request: Does the WECC Automatic Time Error Control Procedure (WATEC) violate Requirement 3 of
BAL-003-0?
Interpretation:
Requirement 3 of BAL-003-0 Frequency Response and Bias deals with Balancing Authorities using
Tie-Line Frequency Bias as the normal mode of automatic generation control.

Tie-Line Frequency Bias is one of the three foundational control modes available in a Balancing
Authoritys energy management system. (The other two are flat-tie and flat-frequency.) Many Balancing
Authorities layer other control objectives on top of their basic control mode, such as automatic inadvertent
payback, CPS optimization, time control (in single BA Interconnections).
As long as Tie-Line Frequency Bias is the underlying control mode and CPS1 is measured and reported
on the associated ACE equation, there is no violation of BAL-003-0 Requirement 3:
ACE = (NI
A
NI
S
) 10B (F
A
F
S
) I
ME

BAL-003-0
R3. Each Balancing Authority shall operate its Automatic Generation Control (AGC) on Tie Line
Frequency Bias, unless such operation is adverse to system or Interconnection reliability.
Page 5 of 5
Appendix 2
Interpretation of Requirements R2, R2.2, R5, R5.1
Request: ERCOT specifically requests clarification that a Balancing Authority is entitled to use a
variable bias value as authorized by Requirement R2.2, even though Requirement 5 seems not to account
for the possibility of variable bias settings.
Interpretation:
The consensus of the Resources Subcommittee is that BAL-003-0 Frequency Response and Bias
Requirement R2 does not conflict with BAL-003-0 Requirement R5.
BAL-003-0 Frequency Response and Bias Requirement 2 requires a Balancing Authority to analyze
its response to frequency excursions as a first step in determining its frequency bias setting. The
Balancing Authority may then choose a fixed bias (constant through the year) per Requirement 2.1, or a
variable bias (varies with load, specific generators, etc.) per Requirement 2.2.

BAL-003-0 Frequency Response and Bias Requirement 5 sets a minimum contribution for all
Balancing Authorities toward stabilizing interconnection frequency. The 1% bias setting establishes a
minimum level of automatic generation control action to help stabilize frequency following a disturbance.
By setting a floor on bias, Requirement 5 also helps ensure a consistent measure of control performance
among all Balancing Authorities within a multi-Balancing Authority interconnection. However, ERCOT
is a single Balancing Authority interconnection. The bias settings ERCOT uses do produce, on average,
the best level of automatic generation control action to meet control performance metrics. The bias value
in a single Balancing Authority interconnection does not impact the measure of control performance.

BAL-003-0
R2. Each Balancing Authority shall establish and maintain a Frequency Bias Setting that is as close
as practical to, or greater than, the Balancing Authoritys Frequency Response. Frequency Bias
may be calculated several ways:
R2.1. The Balancing Authority may use a fixed Frequency Bias value which is based on a
fixed, straight-line function of Tie Line deviation versus Frequency Deviation. The
Balancing Authority shall determine the fixed value by observing and averaging the
Frequency Response for several Disturbances during on-peak hours.
R2.2. The Balancing Authority may use a variable (linear or non-linear) bias value, which is
based on a variable function of Tie Line deviation to Frequency Deviation. The
Balancing Authority shall determine the variable frequency bias value by analyzing
Frequency Response as it varies with factors such as load, generation, governor
characteristics, and frequency.
BAL-003-0
R5. Balancing Authorities that serve native load shall have a monthly average Frequency Bias
Setting that is at least 1% of the Balancing Authoritys estimated yearly peak demand per 0.1 Hz
change.
R5.1. Balancing Authorities that do not serve native load shall have a monthly average
Frequency Bias Setting that is at least 1% of its estimated maximum generation level in
the coming year per 0.1 Hz change.
Standard BAL-003-1 Frequency Response and Frequency Bias Setting

Page 1 of 12
A. Introduction
Title: Frequency Response and Frequency Bias Setting
Number: BAL-003-1
Purpose: To require sufficient Frequency Response from the Balancing Authority (BA) to
maintain Interconnection Frequency within predefined bounds by arresting frequency
deviations and supporting frequency until the frequency is restored to its scheduled
value. To provide consistent methods for measuring Frequency Response and
determining the Frequency Bias Setting.
Applicability:
1.1. Balancing Authority
1.1.1 The Balancing Authority is the responsible entity unless the Balancing
Authority is a member of a Frequency Response Sharing Group, in which
case, the Frequency Response Sharing Group becomes the responsible
entity.
1.2. Frequency Response Sharing Group
Effective Date:
1.3. In those jurisdictions where regulatory approval is required, Requirements R2, R3
and R4 of this standard shall become effective the first calendar day of the first
calendar quarter 12 months after applicable regulatory approval. In those
jurisdictions where no regulatory approval is required, Requirements R2, R3 and
R4 of this standard shall become effective the first calendar day of the first
calendar quarter 12 months after Board of Trustees adoption.
1.4. In those jurisdictions where regulatory approval is required, Requirements R1 of
this standard shall become effective the first calendar day of the first calendar
quarter 24 months after applicable regulatory approval. In those jurisdictions
where no regulatory approval is required, Requirements R1 of this standard shall
become effective the first calendar day of the first calendar quarter 24 months
after Board of Trustees adoption.

B. Requirements
R1. Each Frequency Response Sharing Group (FRSG) or Balancing Authority that is not a
member of a FRSG shall achieve an annual Frequency Response Measure (FRM) (as
calculated and reported in accordance with Attachment A) that is equal to or more
negative than its Frequency Response Obligation (FRO) to ensure that sufficient
Frequency Response is provided by each FRSG or BA that is not a member of a FRSG
to maintain Interconnection Frequency Response equal to or more negative than the
Interconnection Frequency Response Obligation. [Risk Factor: Medium ][Time
Horizon: Real-time Operations]


Page 2 of 12
R2. Each Balancing Authority that is a member of a multiple Balancing Authority
Interconnection and is not receiving Overlap Regulation Service and uses a fixed
Frequency Bias Setting shall implement the Frequency Bias Setting determined in
accordance with Attachment A, as validated by the ERO, into its Area Control Error
(ACE) calculation during the implementation period specified by the ERO and shall
use this Frequency Bias Setting until directed to change by the ERO. [Risk Factor:
Medium ][Time Horizon: Operations Planning]
R3. Each Balancing Authority that is a member of a multiple Balancing Authority
Interconnection and is not receiving Overlap Regulation Service and is utilizing a
variable Frequency Bias Setting shall maintain a Frequency Bias Setting that is: [Risk
Factor: Medium ][Time Horizon: Operations Planning]
1.1 Less than zero at all times, and
1.2 Equal to or more negative than its Frequency Response Obligation when
Frequency varies from 60 Hz by more than +/- 0.036 Hz.
R4. Each Balancing Authority that is performing Overlap Regulation Service shall modify
its Frequency Bias Setting in its ACE calculation, in order to represent the Frequency
Bias Setting for the combined Balancing Authority Area, to be equivalent to either:
[Risk Factor: Medium ][Time Horizon: Operations Planning]

The sum of the Frequency Bias Settings as shown on FRS Form 1 and FRS
Form 2 for the participating Balancing Authorities as validated by the ERO, or

The Frequency Bias Setting shown on FRS Form 1 and FRS Form 2 for the
entirety of the participating Balancing Authorities Areas.

C. Measures
M1. Each Frequency Response Sharing Group or Balancing Authority that is not a member
of a Frequency Response Sharing Group shall have evidence such as dated data plus
documented formula in either hardcopy or electronic format that it achieved an annual
FRM (in accordance with the methods specified by the ERO in Attachment A with data
from FRS Form 1 reported to the ERO as specified in Attachment A) that is equal to or
more negative than its FRO to demonstrate compliance with Requirement R1.
M2. The Balancing Authority that is a member of a multiple Balancing Authority
Interconnection and is not receiving Overlap Regulation Service shall have evidence
such as a dated document in hard copy or electronic format showing the ERO validated
Frequency Bias Setting was implemented into its ACE calculation within the
implementation period specified or other evidence to demonstrate compliance with
Requirement R2.
M3. The Balancing Authority that is a member of a multiple Balancing Authority
Interconnection, is not receiving Overlap Regulation Service and is utilizing variable
Frequency Bias shall have evidence such as a dated report in hard copy or electronic
format showing the average clock-minute average Frequency Bias Setting was less
than zero and during periods when the clock-minute average frequency was outside of

Page 3 of 12
the range 59.964 Hz to 60.036 Hz was equal to or more negative than its Frequency
Response Obligation to demonstrate compliance with Requirement R3.

M4. The Balancing Authority shall have evidence such as a dated operating log, database or
list in hard copy or electronic format showing thatwhenitperformedOverlap
RegulationService,itmodifieditsFrequencyBiasSettinginitsACEcalculationas
specifiedinRequirementR4 to demonstrate compliance with Requirement R4.

D. Compliance
The Regional Entity is the Compliance Enforcement Authority except where the
responsible entity works for the Regional Entity. Where the responsible entity
works for the Regional Entity, the Regional Entity will establish an agreement
with the ERO or another entity approved by the ERO and FERC (i.e. another
Regional Entity), to be responsible for compliance enforcement.
1.2. Compliance Monitoring and Assessment Processes:
Compliance Audits
Self-Certifications
Spot Checking
Self-Reporting
Complaints
1.3. Data Retention
where the evidence retention period specified below is shorter than the time since
the last audit, the Compliance Enforcement Authority may ask an entity to
provide other evidence to show that it was compliant for the full time period since
the last audit.
The Balancing Authority shall retain data or evidence to show compliance with
Requirements R1, R2, R3 and R4, Measures M1, M2, M3 and M4 for the current
year plus the previous three calendar years unless directed by its Compliance
Enforcement Authority to retain specific evidence for a longer period of time as
part of an investigation.
The Frequency Response Sharing Group shall retain data or evidence to show
compliance with Requirement R1 and Measure M1 for the current year plus the
previous three calendar years unless directed by its Compliance Enforcement

Page 4 of 12
Authority to retain specific evidence for a longer period of time as part of an
investigation.
If a Balancing Authority or Frequency Response Sharing Group is found non-
compliant, it shall keep information related to the non-compliance until found
compliant or for the time period specified above, whichever is longer.
The Compliance Enforcement Authority shall keep the last audit records and all
subsequent requested and submitted records.
For Interconnections that are also Balancing Authorities, Tie Line Bias control
and flat frequency control are equivalent and either is acceptable.

2.0 Violation Severity Levels
R# Lower VSL Medium VSL High VSL Severe VSL
R1 The summation of
the Balancing
Authorities FRM
within an
Interconnection was
equal to or more
negative than the
Interconnections
IFRO, and the
Balancing
Authoritys, or
Frequency Response
Sharing Groups,
FRM was less
negative than its
FRO by more than
1% but by at most
30% or 15 MW/0.1
Hz, whichever one
is the greater
deviation from its
FRO
The summation of
the Balancing
Authorities FRM
within an
Interconnection was
equal to or more
negative than the
Interconnections
IFRO, and the
Balancing
Authoritys, or
Frequency Response
Sharing Groups,
FRM was less
negative than its
FRO by more than
30% or by more
than 15 MW/0.1 Hz,
whichever is the
greater deviation
from its FRO

The summation of
the Balancing
Authorities FRM
within an
Interconnection did
not meet its IFRO,
and the Balancing
Authoritys, or
Frequency Response
Sharing Groups,
FRM was less
negative than its
FRO by more than
1% but by at most
30% or 15 MW/0.1
Hz, whichever one is
the greater deviation
from its FRO

The summation of
the Balancing
Authorities FRM
within an
Interconnection did
not meet its IFRO,
and the Balancing
Authoritys, or
Frequency Response
Sharing Groups,
FRM was less
negative than its
FRO by more than
30% or by more
than 15 MW/0.1 Hz,
whichever is the
greater deviation
from its FRO

R2 The Balancing
Authority in a
multiple Balancing
Authority
Interconnection and
not receiving
Overlap Regulation
The Balancing
Authority in a
multiple Balancing
Authority
Interconnection and
not receiving
Overlap Regulation
The Balancing
Authority in a
multiple Balancing
Authority
Interconnection and
not receiving
Overlap Regulation
The Balancing
Authority in a
multiple Balancing
Authority
Interconnection and
not receiving
Overlap Regulation

Page 5 of 12
Service and uses a
fixed Frequency
Bias Setting failed to
implement the
validated Frequency
Bias Setting value
into its ACE
calculation within
the implementation
period specified but
did so within 5
calendar days from
the implementation
period specified by
the ERO.
Service and uses a
fixed Frequency
Bias Setting
implemented the
validated Frequency
Bias Setting value
into its ACE
calculation in more
than 5 calendar days
but less than or
equal to 15 calendar
days from the
implementation
period specified by
the ERO.
Service and uses a
fixed Frequency
Bias Setting
implemented the
validated Frequency
Bias Setting value
into its ACE
calculation in more
than 15 calendar
days but less than or
days from the
implementation
period specified by
the ERO.
Service and uses a
fixed Frequency
Bias Setting did not
implement the
validated Frequency
Bias Setting value
into its ACE
calculation in more
than 25 calendar
days from the
implementation
period specified by
the ERO.
R3 The Balancing
Authority that is a
member of a
multiple Balancing
Authority
Interconnection and
is not receiving
Overlap Regulation
Service and uses a
variable Frequency
Bias Setting average
Frequency Bias
Setting during
periods when the
clock-minute
average frequency
was outside of the
range 59.964 Hz to
60.036 Hz was less
negative than its
Frequency Response
Obligation by more
than 1% but by at
most 10%.
The Balancing
Authority that is a
member of a
multiple Balancing
Authority
Interconnection and
not receiving
Overlap Regulation
Service and uses a
variable Frequency
Frequency Bias
Setting during
periods when the
clock-minute
average frequency
was outside of the
range 59.964 Hz to
60.036 Hz was less
negative than its
Frequency Response
Obligation by more
than 10% but by at
most 20%.
The Balancing
Authority that is a
member of a
multiple Balancing
Authority
Interconnection and
not receiving
Overlap Regulation
Service and uses a
variable Frequency
Frequency Bias
Setting during
periods when the
clock-minute
average frequency
was outside of the
range 59.964 Hz to
60.036 Hz was less
negative than its
Frequency Response
Obligation by more
than 20% but by at
most 30%.
The Balancing
Authority that is a
multiple Balancing
Authority
Interconnection and
not receiving
Overlap Regulation
Service and uses a
variable Frequency
Frequency Bias
Setting during
periods when the
clock-minute
average frequency
was outside of the
range 59.964 Hz to
60.036 Hz was less
negative than its
Frequency Response
obligation by more
than 30%..
R4 The Balancing
Authority
incorrectly changed
the Frequency Bias
Setting value used in
its ACE calculation
when providing
The Balancing
Authority
incorrectly changed
the Frequency Bias
its ACE calculation
when providing
The Balancing
Authority
incorrectly changed
the Frequency Bias
its ACE calculation
when providing
The Balancing
Authority
incorrectly changed
the Frequency Bias
its ACE calculation
when providing

Page 6 of 12
Overlap Regulation
Services with
combined footprint
setting-error less
than or equal to 10%
of the validated or
calculated value.
Overlap Regulation
Services with
combined footprint
setting-error more
than 10% but less
of the validated or
calculated value.
Overlap Regulation
Services with
combined footprint
setting-error more
than 20% but less
of the validated or
calculated value.
Overlap Regulation
Services with
combined footprint
setting-error more
than 30% of the
validated or
calculated value.
OR
The Balancing
Authority failed to
change the
Frequency Bias
its ACE calculation
when providing
Overlap Regulation
Services.

E. Regional Variance
None

Procedure for ERO Support of Frequency Response and Frequency Bias Setting Standard
FRS Form 1
FRS Form 2
Frequency Response Standard Background Document

G. Version History
0 August 8, 2005 Removed "Proposed" from
Effective Date
Errata
0 March 16, 2007
FERC Approval Order 693
New
0a December 19,
2007
Added Appendix 1
Interpretation of R3 approved
by BOT on October 23, 2007
Addition
0a J uly 21, 2008 FERC Approval of
Interpretation of R3
Addition

Page 7 of 12
0b February 12,
2008
Added Appendix 2
Interpretation of R2, R2.2, R5,
and R5.1 approved by BOT on
February 12, 2008
Addition
0.1b J anuary 16, 2008 Section F: added 1.;
changed hyphen to en dash.
Changed font style for
Appendix 1 to Arial;
updated version number to
0.1b
Errata
0.1b October 29,
2008
BOT approved errata changes Errata
0.1a May 13, 2009 FERC Approved errata
changes version changed to
0.1a (Interpretation of R2,
R2.2, R5, and R5.1 not yet
approved)
Errata
0.1b May 21, 2009 FERC Approved
Interpretation of R2, R2.2, R5,
and R5.1
Addition
1 February 7, 2013 Adopted by NERC Board of
Trustees
Complete Revision under
Project 2007-12


Page 8 of 12
Attachment A
BAL-003-1 Frequency Response & Frequency Bias Setting Standard
Supporting Document
Interconnection Frequency Response Obligation (I FRO)
TheERO,inconsultationwithregionalrepresentatives,hasestablishedatargetcontingencyprotection
criterionforeachInterconnectioncalledtheInterconnectionFrequencyResponseObligation(IFRO).
ThedefaultIFROlistedinTable1isbasedontheresourcecontingencycriteria(RCC),whichisthelargest
categoryC(N2)eventidentifiedexceptfortheEasternInterconnection,whichusesthelargesteventin
thelast10years.Amaximumdeltafrequency(MDF)iscalculatedbyadjustingastartingfrequencyfor
eachInterconnectionbythefollowing:
PrevailingUFLSfirststep
CC
Adj
whichistheadjustmentforthedifferencesbetween1secondandsubsecondPointC
observationsforfrequencyevents.ApositivevalueindicatesthatthesubsecondCdatais
lowerthanthe1seconddata
CB
R
whichisthestatisticallydeterminedratioofthePointCtoValueB
BC
Adj
whichisthestatisticallydeterminedadjustmentfortheeventnadirbeingbelowtheValue
B(EasternInterconnectiononly)duringprimaryfrequencyresponsewithdrawal.
TheIFROforeachInterconnectioninTable1isthencalculatedbydividingtheRCCMWsby10timesthe
MDF.IntheEasternInterconnectionthereisanadditionaladjustment(BC
Adj
)fortheeventnadirbeing
belowtheValueBduetoprimaryfrequencyresponsewithdrawal.ThisIFROincludesuncertainty
adjustmentsata95%confidencelevel.DetaileddescriptionsofthecalculationsusedinTable1below
aredefinedintheProcedureforEROSupportofFrequencyResponseandFrequencyBiasSetting
Standard.
Interconnection Eastern Western ERCOT HQ Units
StartingFrequency(F
Start
) 59.974 59.976 59.963 59.972 Hz
PrevailingUFLSFirstStep 59.5* 59.5 59.3 58.5 Hz
BaseDeltaFrequency(DF
Base
) 0.474 0.476 0.663 1.472 Hz
CC
ADJ
0.007 0.004 0.012 N/A Hz
DeltaFrequency(DF
CC
) 0.467 0.472 0.651 1.472 Hz
CB
R
1.000 1.625 1.377 1.550
DeltaFrequency(DF
CBR
) 0.467 0.291 0.473 0.949 Hz
BC
ADJ
0.018 N/A N/A N/A Hz
Max.DeltaFrequency(MDF) 0.449 0.291 0.473 0.949
ResourceContingencyCriteria
(RCC) 4,500 2,740 2,750 1,700 MW
CreditforLoadResources
(CLR) 300 1,400** MW
IFRO 1,002 840 286 179 MW/0.1Hz
Table1:InterconnectionFrequencyResponseObligations

Page 9 of 12
*TheEasternInterconnectionUFLSsetpointlistedisacompromisevaluesetmidwaybetween
thestablefrequencyminimumestablishedinPRC0061(59.3Hz)andthelocalprotectionUFLS
settingof59.7HzusedinFloridaandManitoba.
**IntheBaseObligationmeasureforERCOT,1400MW(LoadResourcestriggeredbyUnder
FrequencyRelaysat59.70Hz)wasreducedfromitsResourceContingencyCriterialevelof2750
MWtoget239MW/0.1Hz.Thiswasreducedtoaccuratelyaccountfordesignedresponsefrom
LoadResourceswithin30cycles.
AnInterconnectionmayproposealternateIFROprotectioncriteriatotheERObysubmittingaSARwith
supportingtechnicaldocumentation.
Balancing Authority Frequency Response Obligation (FRO) and Frequency Bias
Setting
TheEROwillmanagetheadministrativeprocedureforannuallyassigninganFROandimplementationof
theFrequencyBiasSettingforeachBalancingAuthority.Theannualtimelineforallactivitiesdescribed
inthissectionareshownbelow.
ForamultipleBalancingAuthorityinterconnection,theInterconnectionFrequencyResponseObligation
showninTable1isallocatedbasedontheBalancingAuthorityannualloadandannualgeneration.The
FROallocationwillbebasedonthefollowingmethod:
FRO
BA
IFRO
Annual Gen
BA
Annual Load
BA
Annual Gen
I
Annual Load
I
Where:
AnnualGen
BA
isthetotalannualOutputofGeneratingPlantswithintheBalancingAuthority
Area(BAA),onFERCForm714,columncofPartIISchedule3.
AnnualLoad
BA
istotalannualLoadwithintheBAA,onFERCForm714,columneofPartII
Schedule3.
AnnualGen
Int
isthesumofallAnnualGen
BA
valuesreportedinthatinterconnection.
AnnualLoad
Int
isthesumofallAnnualLoad
BA
valuesreportedinthatinterconnection.
ThedatausedforthiscalculationisfromthemostrecentlyfiledForm714.Asanexample,areportto
NERCinJanuary2013wouldusetheForm714datafiledin2012,whichutilizeddatafrom2011.
BalancingAuthoritiesthatarenotFERCjurisdictionalshouldusetheForm714Instructionstoassemble
andsubmitequivalentdatatotheEROforuseintheFROAllocationprocess.
BalancingAuthoritiesthatelecttoformaFRSGwillcalculateaFRSGFRObyaddingtogetherthe
individualBAFROs.
BalancingAuthoritiesthatelecttoformaFRSGasameanstojointlymeettheFROwillcalculatetheir
FRMperformanceoneoftwoways:
CalculateagroupNI
A
andmeasurethegroupresponsetoalleventsinthereportingyearona
singleFRSForm1,or
JointlysubmittheindividualBAsForm1s,withasummaryspreadsheetthatcontainsthesum
ofeachparticipantsindividualeventperformance.

Page 10 of 12
BalancingAuthoritiesthatmergeorthattransferloadorgenerationareencouragedtonotifytheEROof
thechangeinfootprintandcorrespondingchangesinallocationsuchthatthenetobligationtothe
InterconnectionremainsthesameandsothatCPSlimitscanbeadjusted.
EachBalancingAuthorityreportsitspreviousyearsFrequencyResponseMeasure(FRM),Frequency
BiasSettingandFrequencyBiastype(fixedorvariable)totheEROeachyeartoallowtheEROtovalidate
therevisedFrequencyBiasSettingsonFRSForm1.IftheEROpoststheofficiallistofeventsafterthe
datespecifiedinthetimelinebelow,BalancingAuthoritieswillbegiven30daysfromthedatetheERO
poststheofficiallistofeventstosubmittheirFRSForm1.
OncetheEROreviewsthedatasubmittedinFRSForm1andFRSForm2forallBalancingAuthorities,
theEROwilluseFRSForm1datatopostthefollowinginformationforeachBalancingAuthorityforthe
upcomingyear:
FrequencyBiasSetting
FrequencyResponseObligation(FRO)
Oncethedatalistedaboveisfullyposted,theEROwillannouncethethreedayimplementationperiod
forchangingtheFrequencyBiasSettingifitdiffersfromthatshowninthetimelinebelow.
ABAusingafixedFrequencyBiasSettingsetsitsFrequencyBiasSettingtothegreaterof(inabsolute
value):
AnynumbertheBAchoosesbetween100%and125%ofitsFrequencyResponseMeasureas
calculatedonFRSForm1
InterconnectionMinimumasdeterminedbytheERO
ForpurposesofcalculatingtheminimumFrequencyBiasSetting,aBalancingAuthorityparticipatingina
FrequencyResponseSharingGroupwillneedtocalculateitsstandaloneFrequencyResponseMeasure
usingFRSForm1andFRSForm2todetermineitsminimumFrequencyBiasSetting.
ABalancingAuthorityprovidingOverlapRegulationwillreportthehistoricpeakdemandandgeneration
ofitscombinedBAsareasonFRSForm1asdescribedinRequirementR4.
ThereareoccasionswhenchangesareneededtoBiasSettingsoutsideofthenormalschedule.
ExamplesarefootprintchangesbetweenBalancingAuthoritiesandmajorchangesinloadorgeneration
ortheformationofnewBalancingAuthorities.InsuchcasesthechangingBalancingAuthoritieswill
workwiththeirRegions,NERCandtheResourcesSubcommitteetoconfirmappropriatechangestoBias
Settings,FRO,CPSlimitsandInadvertentInterchangebalances.
IfthereisnonetchangetotheInterconnectiontotalBias,theBalancingAuthoritiesinvolvedwillagree
onadatetoimplementtheirrespectivechangeinBiasSettings.TheBalancingAuthoritiesandEROwill
alsoagreetotheallocationofFROsuchthatthesumremainsthesame.
IfthereisanetchangetotheInterconnectiontotalBias,thiswillcauseachangeinCPS2limitsandFRO
forotherBalancingAuthoritiesintheInterconnection.Inthiscase,theEROwillnotifytheimpacted
BalancingAuthoritiesoftheirrespectivechangesandprovideanimplementationwindowformaking
theBiasSettingchanges.
Frequency Response Measure (FRM)
TheBalancingAuthoritywillcalculateitsFRMfromSingleEventFrequencyResponseData(SEFRD),
definedas:thedatafromanindividualeventfromaBalancingAuthoritythatisusedtocalculateits

Page 11 of 12
FrequencyResponse,expressedinMW/0.1HzascalculatedonFRSForm2foreacheventshownonFRS
Form1.TheeventsinFRSForm1areselectedbytheEROusingtheProcedureforEROSupportof
FrequencyResponseandFrequencyBiasSettingStandard.TheSEFRDforatypicalBalancingAuthorityin
anInterconnectionwithmorethanoneBalancingAuthorityisbasicallythechangeinitsNetActual
InterchangeonitstielineswithitsadjacentBalancingAuthoritiesdividedbythechangein
Interconnectionfrequency.(SomeBalancingAuthoritiesmaychoosetoapplycorrectionstotheirNet
ActualInterchange(NA
I
)valuestoaccountforfactorssuchasnonconformingloads.FRSForm1and2
showsthetypesofadjustmentsthatareallowed.NotethatwiththeexceptionoftheContingentBA
column,anyadjustmentsmademustbemadeforalleventsinanevaluationyear.Asanexample,ifan
entityhasnonconformingloadsandmakesanadjustmentforoneevent,alleventsmustshowthenon
conformingload,evenifthenonconformingloaddoesnotimpactthecalculation.Thisensuresthatthe
reportsarenotutilizingtheadjustmentsonlywhentheyarefavorabletotheBA.)TheEROwillusea
standardizedsamplingintervalofapproximately16secondsbeforetheeventuptothetimeofthe
eventforthepreeventNA
I
,andfrequency(Avalues)andapproximately20to52secondsafterthe
eventfortheposteventNA
I
(Bvalues)inthecomputationofSEFRDvalues,dependentonthedatascan
rateoftheBalancingAuthoritysEnergyManagementSystem(EMS).
AlleventslistedonFRSForm1needtobeincludedintheannualsubmissionofFRSForms1and2.The
onlytimeaBalancingAuthorityshouldexcludeaneventisifitstielinedataoritsFrequencydatais
corruptoritsEMSwasunavailable.FRSForm2hasinstructionsonhowtocorrecttheBAsdataifthe
giveneventisinternaltotheBAorifotherauthorizedadjustmentsareused.
AssumingdataentryiscorrectFRSForm1willautomaticallycalculatetheBalancingAuthoritysFRMfor
thepast12monthsasthemedianoftheSEFRDvalues.ABalancingAuthorityelectingtoreportasan
FRSGoraproviderofOverlapRegulationServicewillprovideanFRSForm1fortheaggregateofits
participants.
ToallowBalancingauthoritiestoplanitsoperations,eventswithaPointCthatcausethe
InterconnectionFrequencytobelowerthanthatshowninTable1above(forexample,aneventinthe
EasternInterconnectionthatcausestheInterconnectionFrequencytogoto59.4Hz)orhigherthanan
equalchangeinfrequencygoingabove60Hzmaybeincludedinthelistofeventsforthat
interconnection.However,thecalculationoftheBAresponsetosuchaneventwillbeadjustedtoshow
afrequencychangeonlytotheTargetMinimumFrequencyshowninTable1above(intheprevious
examplethisadjustmentwouldcauseFrequencytobeshownas59.5Hzratherthan59.4HZ)orahigh
frequencyamountofanequalquantity.Shouldsuchaneventhappen,theEROwillprovideadditional
guidance.
Timeline for Balancing Authority Frequency Response and Frequency Bias Setting
Activities
DescribedbelowisthetimelinefortheexchangeofinformationbetweentheEROandBalancing
Authorities(BA)to:
FacilitatetheassignmentofBAFrequencyResponseObligations(FRO)
CalculateBAFrequencyResponseMeasures(FRM)
DetermineBAFrequencyBiasSettings(FBS)

Page 12 of 12
TargetDate Activity
April30 TheEROreviewscandidatefrequencyeventsandselectsfrequencyeventsforthe
firstquarter(DecembertoFebruary).
May10 Form1ispostedwithselectedeventsfromthefirstquarterforBAusagebythe
ERO.
May15 TheBAsreceivearequesttoprovideloadandgenerationdataasdescribedin
AttachmentAtosupportFROassignmentsanddeterminingminimumFBSfor
BAs.
July15 TheBAsprovideloadandgenerationdataasdescribedinAttachmentAtothe
ERO.
July30 TheEROreviewscandidatefrequencyeventsandselectsfrequencyeventsforthe
secondquarter(MarchtoMay).
August10 Form1ispostedwithselectedeventsfromthefirstandsecondquartersforBA
usagebytheERO.
October30 TheEROreviewscandidatefrequencyeventsandselectsfrequencyeventsforthe
thirdquarter(JunetoAugust)
November10 Form1ispostedwithselectedeventsfromthefirst,second,andthirdquartersfor
BAusagebytheERO.
November20 Ifnecessary,theEROprovidesanyupdatestothenecessaryFrequencyResponse.
November20 TheEROprovidesthefractionalresponsibilityofeachBAfortheInterconnections
FROandMinimumFBStotheBAs.
January30 TheEROreviewscandidatefrequencyeventsandselectsfrequencyeventsforthe
fourthquarter(SeptembertoNovember).
2
nd
businessdayin
February
Form1ispostedwithallselectedeventsfortheyearforBAusagebytheERO.
February10 TheEROassignsFROvaluestotheBAsfortheupcomingyear.
March7 BAscompletetheirfrequencyresponsesamplingforallfourquartersandtheir
FBScalculation,returningtheresultstotheERO.
March24 TheEROvalidatesFBSvalues,computesthesumofallFBSvaluesforeach
Interconnection,anddeterminesL10valuesfortheCPS2criterionforeachBAas
applicable.
Anytimeduring
first3business
daysofApril
(unlessspecified
otherwisebythe
ERO)
TheBAimplementsanychangestotheirFBSandL10value.

Standard BAL-004-0 Time Error Correction
Adopted by NERC Board of Trustees: February 8, 2005 1 of 1
Effective Date: April 1, 2005
A. Introduction
1. Title: Time Error Correction
3. Purpose: The purpose of this standard is to ensure that Time Error Corrections are conducted
in a manner that does not adversely affect the reliability of the Interconnection.
4. Applicability:
4.1. Reliability Coordinators
5. Effective Date: April 1, 2005
B. Requirements
R1. Only a Reliability Coordinator shall be eligible to act as Interconnection Time Monitor. A
single Reliability Coordinator in each Interconnection shall be designated by the NERC
Operating Committee to serve as Interconnection Time Monitor.
R2. The Interconnection Time Monitor shall monitor Time Error and shall initiate or terminate
corrective action orders in accordance with the NAESB Time Error Correction Procedure.
R3. Each Balancing Authority, when requested, shall participate in a Time Error Correction by one
of the following methods:
R3.1. The Balancing Authority shall offset its frequency schedule by 0.02 Hertz, leaving the
Frequency Bias Setting normal; or
R3.2. The Balancing Authority shall offset its Net Interchange Schedule (MW) by an amount
equal to the computed bias contribution during a 0.02 Hertz Frequency Deviation (i.e.
20% of the Frequency Bias Setting).
R4. Any Reliability Coordinator in an Interconnection shall have the authority to request the
Interconnection Time Monitor to terminate a Time Error Correction in progress, or a
scheduled Time Error Correction that has not begun, for reliability considerations.
R4.1. Balancing Authorities that have reliability concerns with the execution of a Time Error
Correction shall notify their Reliability Coordinator and request the termination of a
Time Error Correction in progress.
C. Measures
Not specified.
D. Compliance
Not specified.
None identified.
Version History
0 August 8, 2005 Removed "Proposed" from Effective Date Errata

Standard BAL-004-WECC-01 Automatic Time Error Correction

Adopted by Board of Trustees: March 26, 2008 1
A. Introduction
Title: Automatic Time Error Correction
Number: BAL-004-WECC-01
Purpose: To maintain Interconnection frequency within a predefined frequency profile under all
conditions (i.e. normal and abnormal), and to ensure that Time Error Corrections are effectively
conducted in a manner that does not adversely affect the reliability of the Interconnection.
Applicability:
1. Balancing Authorities (BA) that operate synchronously to the Western Interconnection.
Effective Date: On the first day of the first quarter, after applicable regulatory approval.
B. Requirements
R1. Each BA that operates synchronously to the Western Interconnection shall continuously
operate utilizing Automatic Time Error Correction (ATEC) in its Automatic Generation
Control (AGC) system. [Risk Factor: Lower]
( ) ( )
ME b S A i S A ATEC
I T F F B I N NI ACE + =
0
10
Where:
NI
A
= Net Interchange Actual (MW).
F
A
= Frequency Actual (Hz).
F
S
= Frequency Scheduled (Normally 60 Hz).
B
i
= Frequency Bias for the Balancing Authoritys Area (MW / 0.1 Hz).
T
0b
= Remaining Bilateral Payback for Inadvertent Interchange created prior to
implementing automatic payback (MW).
I
ME
= Meter Error Correction (MW).

( ) H * Y 1
II
NI I N
peak off / on
imary Pr
S S
=
NI
S
= Net Interchange Scheduled (MW).
Y = B
i
/ B
S.

H = Number of Hours used to payback Inadvertent Interchange Energy. The WECC
Performance Work Group has set the value of H to 3.
B
S
= Frequency Bias for the Interconnection (MW / 0.1 Hz).

II
peak on/off
primary
= is the Balancing Authoritys accumulated primary inadvertent interchange
in MWh. An On-Peak and Off-Peak accumulation accounting is required.
Where:
II
peak on/off
primary
= last periods
II
peak on/off
primary
+ (1-Y) * (II
actual
- B
i
* TE/6)
II
actual
is the hourly Inadvertent Interchange for the last hour.
TE is the hourly change in system Time Error as distributed by the Interconnection
Time Monitor.

Where:
TE = TE
end hour
TE
begin hour
TD
adj
(t)*(TE offset)
TD
adj
is any operator adjustment to the control center Time Error to correct for
differences with the time monitor.
t is the number of minutes of Manual Time Error Correction that occurred during the
hour.
TE offset is 0.000 or +0.020 or -0.020.
R1.1. The absolute value of the WECC Automatic Time Error Correction term is limited as
follows:
on/off peak
primary
max
(1-Y) H
II
L

Where L
max
is chosen by the Balancing Authority and is bounded as follows:
0.20 * |B
i
|
max
L L
10
L
10
is the Balancing Authority CPS2 limit in MW. If the WECC Automatic Time Error
Correction term is less than the upper limit, use the calculated WECC Automatic Time
Error Correction term.
R1.2. Large accumulations of primary inadvertent point to an invalid implementation of
ATEC, loose control, metering or accounting errors. A BA in such a situation should
identify the source of the error(s) and make the corrections, recalculate the primary
inadvertent from the time of the error, adjust the accumulated primary inadvertent
caused by the error(s), validate the implementation of ATEC, set L
max
equal to L
10
and
continue to operate with ATEC reducing the accumulation as system parameters allow.
R2. Each BA that is synchronously connected to the Western Interconnection and operates in any
AGC operating mode other than ATEC shall notify all other BAs of its operating mode
through the designated Interconnection communication system. Each BA while synchronously
connected to the Western Interconnection will be allowed to have ATEC out of service for a
maximum of 24 hours per calendar quarter, for reasons including maintenance and testing.
[Risk Factor: Lower]
R3. BAs in the Western Interconnection shall be able to change their AGC operating mode
between Flat Frequency (for blackout restoration); Flat Tie Line (for loss of frequency
telemetry); Tie Line Bias; Tie Line Bias plus Time Error control (used in ATEC mode). The
ACE used for NERC reports shall be the same ACE as the AGC operating mode in use. [Risk
Factor: Lower]
R4. Regardless of the AGC operating mode each BA in the Western Interconnection shall compute
its hourly Primary Inadvertent Interchange when hourly checkout is complete. If hourly
checkout is not complete by 50 minutes after the hour, compute Primary Inadvertent
Interchange with best available data. This hourly value shall be added to the appropriate
accumulated Primary Inadvertent Interchange balance for either On-Peak or Off-Peak periods.
[Risk Factor: Lower]
R4.1. Each BA in the Western Interconnection shall use the change in Time Error distributed
by the Interconnection Time Monitor.
R4.2. All corrections to any previous hour Primary Inadvertent Interchange shall be added to
the appropriate On- or Off-Peak accumulated Primary Inadvertent Interchange.

R4.3. Month end Inadvertent Adjustments are 100% Primary Inadvertent Interchange and
shall be added to the appropriate On- or Off-Peak accumulated Primary Inadvertent
Interchange, unless such adjustments can be pinpointed to specific hours in which case
R4.2 applies.
R4.4. Each BA in the Western Interconnection shall synchronize its Time Error to the nearest
0.001 seconds of the system Time Error by comparing its reading at the designated
time each day to the reading broadcast by the Interconnection Time Monitor. Any
difference shall be applied as an adjustment to its current Time Error.
C. Measures
M1. For Requirement R1, a BA shall provide upon request a document showing that it is correctly
calculating its hourly Primary Inadvertent Interchange number that is used to calculate its
accumulated Primary Inadvertent Interchange and how it is used in its ACE equation for
Automatic Time Error Correction.
M2. For Requirement R2, a BA shall record the date, time, reason, and notification [to other BAs
within the Western Interconnection] for any time it is not operating utilizing Automatic Time
Error Correction (ATEC) in its AGC system.
M3. For Requirement R3, a BA in the Western Interconnection must be able to demonstrate its
ability to change its AGC operating mode when requested or during compliance audits and
readiness reviews.
M4. For Requirement R4, a BA in the Western Interconnection must record its hourly Primary
Inadvertent Interchange and keep an accurate record of its accumulation of Primary
Inadvertent Interchange for both On-Peak and Off-Peak accounts. These records must be
available for review when requested or during compliance audits and readiness reviews.
D. Compliance
Regional Entity
Compliance Monitoring Period and Reset time Frame
The reporting period for ATEC is one calendar quarter, starting on the first second of the quarter
and ending on the final second of the quarter.
The Performance-reset Period is one calendar quarter.
1.2. Data Retention
Each Balancing Authority in the Western Interconnection shall retain its hourly calculation of
total and Primary Inadvertent Interchange calculated hourly, as well as the amount of Primary
Inadvertent paid back hourly for the preceding calendar year (January December) plus the
current year.
Each Balancing Authority in the Western Interconnection shall retain its total accumulated
Inadvertent and total Primary Inadvertent, updated hourly, for On- and Off-Peak for the
preceding calendar year (January December) plus the current year.

Each Balancing Authority in the Western Interconnection shall retain its record of the amount of
time it operated without ATEC and the notification to the Interconnection of these times for the
preceding calendar year (January December) plus the current year.
The Compliance Monitor shall retain audit data for three calendar years.
The Compliance Monitor shall use quarterly data to monitor compliance. The Compliance
Monitor may also use periodic audits (on site, per a schedule), with spot reviews and
investigations initiated in response to a complaint to assess performance.
The Balancing Authority in the Western Interconnection shall have the following documentation
available for its Compliance Monitor to inspect during a scheduled, on-site review or within five
business days of a request as part of a triggered investigation:
1.3.1. Source data for calculating Primary Inadvertent.
1.3.2. Data showing On- and Off-Peak Primary Inadvertent accumulations.
1.3.3. Data showing hourly payback of Primary Inadvertent.
1.3.4. Documentation on number of times not on ATEC and reasons for going off ATEC.
2. Violation Severity Levels
2.1. Lower: Time not in ATEC Mode greater than one day and less than or equal to three days, or if
a Balancing Authority in the Western Interconnection operates without ATEC and does not
notify other Balancing Authorities in the Western Interconnection 2 times in quarter.
2.2. Moderate: Time not in ATEC Mode greater than three days and less than or equal to five days,
or if a Balancing Authority in the Western Interconnection operates without ATEC and does not
2.3. High: Time not in ATEC Mode greater than five days and less than or equal to seven days, or if
a Balancing Authority in the Western Interconnection operates without ATEC and does not
2.4. Severe: Time not in ATEC Mode greater than seven days, or if a Balancing Authority in the
Western Interconnection operates without ATEC and does not notify other Balancing Authorities
in the Western Interconnection more than 4 times in quarter or Balancing Authority in the
Western Interconnection cannot change AGC operating mode or Balancing Authority in the
Western Interconnection incorrectly calculates Primary Inadvertent.


Version History
1 February 4, 2003 Effective Date. New
1 October 17, 2006 Created Standard from Procedure. Errata
1 February 6, 2007 Changed the Standard Version from 0 to 1
in the Version History Table.
Errata
1 February 6, 2007 The upper limit bounds to the amount of
Automatic Time Error Correction term was
inadvertently omitted during the Standard
Translation. The bound was added to the
requirement R1.4.
Errata
1 February 6, 2007 The statement The Time Monitor may
declare offsets in 0.001-second
increments was moved from TEoffset to
TDadj and offsets was corrected to
adjustments.
Errata
1 February 6, 2007 The reference to seconds was deleted from
the TE offset term.
Errata
1 June 19, 2007 The standard number BAL-STD-004-1
was changed to BAL-004-WECC-01 to be
consistent with the NERC Regional
Reliability Standard Numbering
Convention.
Errata

WECC Standard BAL-004-WECC-02 Automatic Time Error Correction
Page 1 of 12
A. Introduction
1. Title: Automatic Time Error Correction

2. Number: BAL-004-WECC-02

3. Purpose: To maintain Interconnection frequency and to ensure that Time Error
Corrections and Primary Inadvertent Interchange (PII) payback are effectively conducted
in a manner that does not adversely affect the reliability of the Interconnection.

4. Applicability
4.1. Functional Entities
4.1.1 Balancing Authorities that operate synchronously in the Western
Interconnection.
5. Effective Date: On the first day of the second quarter, after applicable regulatory
approval has been received (or the Reliability Standard otherwise becomes effective the
first day of the fourth quarter following NERC Board adoption where regulatory
approval is not required).
6. Background:
In February 2003, the WECC Automatic Time Error Correction (ATEC) Procedure
(Procedure) became effective for all Balancing Authorities in the Western
Interconnection. The original intent of the Procedure was to minimize the number of
Manual Time Error Corrections in the Western Interconnection. ATEC provides the
added benefit of a superior approach over the current NERC Reliability Standard BAL-
004-0 Time Error Correction for assigning costs and providing for the equitable
payback of Inadvertent Interchange. In October 2006, the Procedure became a WECC
Criterion. In May 2009, FERC issued Order No.723 that approved Regional Reliability
Standard BAL-004-WECC-1 - Automatic Time Error Correction, as submitted by NERC. In
addition, the Commission directed WECC to develop several clarifying modifications to
BAL-004-WECC-1 using the FERC-approved Process for Developing and Approving WECC
Standards. The Effective Date of the BAL-004-WECC-1 standard was July 1, 2009. BAL-
004-WECC-1 required Balancing Authorities within the Western Interconnection to
maintain Interconnection frequency within a predefined frequency profile and to ensure
that Time Error Corrections were effectively conducted in a manner that did not
adversely affect the reliability of the Interconnection. In September 2009, WECC
received WECC Standards/Regional Criterion Request Form (Request) WECC-0068,
which was a request for modification of BAL-004-WECC-1. In July 2010, the chair of the
WECC Operating Committee assigned the Request to the Performance Work Group
(PWG) for development.

Page 2 of 12

R1. Following the conclusion of each month each Balancing Authority shall verify that the
absolute value of its Accumulated Primary Inadvertent Interchange (PII
accum
) for both
the monthly On-Peak period and the monthly Off-Peak period are each individually less
than or equal to:

1.1. For load-serving Balancing Authorities, 150% of the previous calendar years
integrated hourly Peak Demand,

1.2. For generation-only Balancing Authorities, 150% of the previous calendar years
integrated hourly peak generation.

[Violation Risk Factor Medium:] [Time Horizon: Operations Assessment]

M1. Forms of acceptable evidence of compliance with Requirement R1include but are
not limited to any one of the following:
Data, screen shots from the WECC Interchange Tool (WIT),
Data, screen shots from the internal Balancing Authority tool, or
Production of data from any other databases, spreadsheets, displays.
R2. Each Balancing Authority shall, upon discovery of an error in the calculation of PII
hourly
,
recalculate within 90 days, the value of PII
hourly
and adjust the PII
accum
from the time of
the error. [Violation Risk Factor: Medium] [Time Horizon: Operations Assessment]

M2. Forms of acceptable evidence of compliance with Requirement R2 include but are
Data, screen shots from the WIT,
Data, screen shots from the internal Balancing Authority tool, or
Production of data from any other databases, spreadsheets, displays.

R3. Each Balancing Authority shall keep its Automatic Time Error Correction (ATEC) in
service, with an allowable exception period of less than or equal to an accumulated 24
hours per calendar quarter for ATEC to be out of service. [Violation Risk Factor:
Medium] [Time Horizon: Same-day Operations]

M3. Forms of acceptable evidence of compliance with Requirement R3 may include,
but are not limited to:

Dated archived files,

Historical data,
Page 3 of 12

Other data that demonstrates the ATEC was out of service for less than 24
hours per calendar quarter.

R4. Each Balancing Authority shall compute the following by 50 minutes after each hour:

4.1. PII
hourly
,
4.2. PII
accum
,
4.3. Automatic Time Error Correction term (I
ATEC
).
[Violation Risk Factor: Medium] [Time Horizon: Operations Assessment]

Data, screen shots from the WECC Interchange Tool that demonstrate
compliance,
Data, screen shots from internal Balancing Authority tool that demonstrate
compliance, or
Data from any other databases, spreadsheets, displays that demonstrate
compliance.

R5. Each Balancing Authority shall be able to change its Automatic Generation Control
operating mode between Flat Frequency (for blackout restoration); Flat Tie Line (for
loss of frequency telemetry); Tie Line Bias; and Tie Line Bias plus Time Error Control
(used in ATEC mode), to correspond to current operating conditions. [Violation Risk
Factor: Medium] [Time Horizon: Real-Time Operations]


Screen shots from Energy Management System,

Demonstration using an off-line system.

R6. Each Balancing Authority shall recalculate the PII
hourly
and PII
accum
for the On-Peak and
Off-Peak periods whenever adjustments are made to hourly Inadvertent Interchange or
TE. [Violation Risk Factor: Medium] [Time Horizon: Operations Assessment]

compliance,
Page 4 of 12
Data, screen shots from an internal Balancing Authority tool that
demonstrate compliance with, or
Data from any other databases, spreadsheets, displays that demonstrate
compliance.

R7. Each Balancing Authority shall make the same adjustment to the PII
accum
as it did for any
month-end meter reading adjustments to Inadvertent Interchange. [Violation Risk
Factor: Medium] [Time Horizon: Operations Assessment]

compliance,
Data, screen shots from an internal Balancing Authority tool that
demonstrate compliance,
Production of data from any other databases, spreadsheets, displays that
demonstrate compliance.

R8. Each Balancing Authority shall payback Inadvertent Interchange using ATEC rather than
bilateral and unilateral payback. [Violation Risk Factor: Medium] [Time Horizon:
Operations Assessment]

not limited to historical On-Peak and Off-Peak Inadvertent Interchange data, data
from the WECC Interchange Tool, and ACE data.

C. Compliance

The Regional Entity shall serve as the Compliance Enforcement Authority.
For entities that do not work for the Regional Entity, the Regional Entity shall serve
as the Compliance Enforcement Authority.
Regional Entity, the ERO or a Regional Entity approved by the ERO and FERC or
other applicable governmental authorities shall serve as the Compliance
Page 5 of 12
For responsible entities that are also Regional Entities, the ERO or a Regional Entity
approved by the ERO and FERC or other applicable governmental authorities shall
1.2 Compliance Monitoring and Assessment Processes:
Compliance Audits
Self-Certifications
Spot Checking
Compliance Investigations
Self-Reporting
Complaints
the last audit, the Compliance Enforcement Authority may ask an entity to provide
other evidence to show that it was compliant for the full time period since the last
audit.
Each Balancing Authority in the Western Interconnection shall retain the values of
PII
hourly
,

PII
accum
(On-Peak and Off-Peak), TE and any month-end adjustments for
the preceding calendar year (January December), as well as the current calendar
year.
Each Balancing Authority in the Western Interconnection shall retain the amount of
time the Balancing Authority operated without ATEC for the preceding calendar
year (January December), as well as the current calendar year.
None

Page 6 of 12
R # Time
Horizon
R1 Operations
Assessment
Medium Following the
conclusion of each
month each Balancing
Authoritys absolute
value of PII
accum
for
either the On-Peak
period or Off-Peak
period exceeded
150%, but was less
of the previous
calendar years Peak
Demand or peak
generation for
generation-only
Balancing Authorities.
Following the
conclusion of each
Authoritys absolute
value of PII
accum
for
either the On-Peak
period or Off-Peak
period exceeded
160%, but was less
of the previous
calendar years Peak
Demand or peak
generation for
generation-only
Following the
conclusion of each
Authoritys absolute
value of PII
accum
for
either the On-Peak
period or Off-Peak
period exceeded
170%, but was less
of the previous
calendar years Peak
Demand or peak
generation for
generation-only
Following the
conclusion of each
Authoritys absolute
value of PII
accum
for
either the On-Peak
period or Off-Peak
period exceeded 180%
of the previous
calendar years Peak
Demand or peak
generation for
generation-only
R2
Operations
Assessment
Medium The Balancing
Authority did not
recalculate PII
hourly

and adjust the PII
accum

within 90 days of the
discovery of the error;
but made the
required
recalculations and
adjustments within
120 days.
The Balancing
Authority did not
recalculate PII
hourly
and
adjust the PII
accum

but made the required
recalculations and
adjustments within
150 days.
The Balancing
Authority did not
recalculate PII
hourly
and
adjust the PII
accum

but made the required
recalculations and
adjustments within
180 days.
The Balancing
Authority did not
recalculate PII
hourly
and
adjust PII
accum
within
180 days of the
discovery of the error.
Page 7 of 12
R # Time
Horizon
R3 Real-Time
Operations
Authority operated
during a calendar
quarter without ATEC
in service for more
than an accumulated
24 hours, but less than
or equal to 72 hours.
The Balancing
Authority operated
during a calendar
in service for more
than an accumulated
72 hours, but less than
or equal to 120 hours.
The Balancing
Authority operated
during a calendar
in service for more
than an accumulated
120 hours, but less
than or equal to 168
hours
The Balancing
Authority operated
during a calendar
in service for more
than an accumulated
168 hours.
R4 Operations
Assessment
Authority did not
compute PII
hourly
,
PII
accum
, and I
ATEC

within 50 minutes, but
made the required
calculations in less
than or equal to two
hours.
The Balancing
Authority did not
compute PII
hourly
,
PII
accum
, and I
ATEC

within two hours, but
made the required
than or equal to four
hours.
The Balancing
Authority did not
compute PII
hourly
,
PII
accum
, and I
ATEC

within four hours, but
made the required
than or equal to six
hours.
The Balancing
Authority did not
compute PII
hourly
,
PII
accum
, and I
ATEC

within six hours.
R5 Real-Time
Operations
Medium N/A N/A N/A The Balancing
Authority is not able
to change its AGC
operating mode
between Flat
Frequency (for
blackout restoration;
Flat Tie Line (for loss
of frequency
Page 8 of 12
R # Time
Horizon
telemetry); Tie Line
Bias; or Tie Line Bias
plus Time Error
control (used in ATEC
mode).
R6 Operations
Assessment
Medium N/A N/A N/A When making
adjustments to hourly
Inadvertent
Interchange or TE,
the Balancing
Authority did not
recalculate the PII
hourly

and the PII
accum
for the
On-Peak and Off-Peak
periods.
R7 Operations
Assessment
Medium N/A N/A N/A When making any
month-end meter
reading adjustments
to Inadvertent
Interchange, the
Balancing Authority
did not make the
same adjustment to
the PII
accum
.
R8 Operations
Assessment
Medium N/A N/A N/A The Balancing
Authority paid back
Inadvertent
Page 9 of 12
R # Time
Horizon
Interchange using
bilateral and unilateral
payback rather than
using ATEC.
Page 10 of 12

Guidelines and Technical Basis
During development of this standard, text boxes were embedded within the standard to explain the
rationale for various parts of the standard. Upon BOT approval, the text from the rationale text boxes
was moved to this section.

Requirement R1:
Premise: Each Balancing Authority should ensure that the absolute value of its PII
accum
for both the On-
Peak period and the Off-Peak period each individually does not exceed 150% of the previous years
Peak Demand for load-serving Balancing Authorities and 150% of the previous years peak generation
for generation-only Balancing Authorities. The Balancing Authority is required to take action to keep
each PII
accum
period within the limit. For example, the Balancing Authorities actions may include:
Identifying and correcting the source of any metering or accounting error(s) and recalculating
the hourly Primary Inadvertent Interchange (PII
hourly
) and the PII
accum
from the time of the error;
Validating the implementation of ATEC; or
Setting L
max
equal to L
10.
until the PII
accum
is below the limit in Requirement R1.

Justification: PII
accum
may grow from month-end adjustments and metering errors, even with the
inclusion of I
ATEC
in the ACE equation.

Goal: To limit the amount of PII
accum
that a Balancing Authority can have at the end of each month.

Requirement R2:
Premise: When a Balancing Authority finds an error in the calculation of its PII, the Balancing Authority
needs time to correct the error and recalculate PII and PII
accum
.
Justification: The drafting team selected 90 days as a reasonable amount of time to correct an error
and recalculate PII and PII
accum,
since recalculation of PII and PII
accum
is not a real-time operations
reliability issue.
Goal: To promote the timely correction of errors in the calculation of PII and PII
accum
.

Requirement R3:
Premise: When a Balancing Authority is not participating in ATEC, payback of PII
accum
is delayed.
Justification: The limit of 24 hours per quarter discourages a Balancing Authority from withdrawing
ATEC participation, for example, for economic gain during selected hours. If the limits were increased
to 60 hours, a Balancing Authority could technically withdraw ATEC participation for one hour from
Monday to Friday.
Page 11 of 12
Goal: To promote fair and timely payback of PII
accum
balances.
Requirement R4:
Premise: PII
hourly
, PII
accum
, and I
ATEC
should be determined before the next scheduling hour begins.
Justification: To promote timely calculations 50 minutes was selected because it is before the next hour
ramp begins and permits time to collect the data and resolve interchange metering values.
Goal: To promote the timely calculation of PII
hourly
, PII
accum
, and I
ATEC
.
Requirement R5:
Premise: The ACE equation, and hence the AGC mode, will contain any number of parameters based
on system operating conditions. Various AGC modes are identified corresponding to those operating
conditions, as well as the specific sets of parameters included in the ACE equation.

Justification: Changing to the proper operating mode, corresponding to current operating conditions,
affords proper movement of generating units in response to those conditions. The addition of the ATEC
term results in an additional AGC mode and a different set of parameters. The inability to correctly
calculate the ATEC term would dictate that AGC not be operated in the ATEC mode.

Goal: To set the AGC mode and calculate ACE in a manner that corresponds to the system operating
conditions and to accommodate changes in those conditions.

Requirement R6:
Premise: Hourly adjustments to hourly Inadvertent Interchange (II) require a recalculation of the
corresponding hourly PII value, the corresponding PII
accum
, and all subsequent PII
accum
for every hour up
to the current hour.

Justification: As PII
hourly
is corrected, then PII
accum
should be recalculated.

Goal: To promote accurate, fair and timely payback of accumulated PII balances.

Requirement R7:
Premise: Month-end meter-reading adjustments are made, for example, when a Balancing Authority
performs monthly comparisons of recorded month-end Net Actual Interchange (NI
A
) values derived
from hourly Actual Interchange Telemetered Values against month-end Actual Interchange Register
Meter readings.

Justification: Month-end adjustments to II
accum
are applied as 100% PII
accum
. 100% was chosen for
simplicity to bilaterally assign PII
accum
to both Balancing Authorities, since the effect of this metering
error on system frequency is not easily determined over the course of a month.

Page 12 of 12
Goal: To provide a mechanism by which corresponding month-end II adjustments can be applied to
PII
accum
, when such adjustments cannot be attributed to any one particular hour or series of hours.

Requirement R8:
Premise: ATEC includes automatic unilateral payback of Primary Inadvertent Interchange and
Secondary Inadvertent Interchange.

Justification: Additional unilateral and bilateral exchanges disturb the balance and distribution
between Primary Inadvertent Interchange and Secondary Inadvertent Interchange throughout the
Interconnection; thereby stranding Secondary Inadvertent Interchange.

Goal: To not strand Secondary Inadvertent Interchange.

Version History

1 February 4, 2003 Effective Date. New
1 October 17, 2006 Created Standard from Procedure. Errata
1 February 6, 2007 Changed the Standard Version from
0 to 1 in the Version History Table.
Errata
1 February 6, 2007 The upper limit bounds to the
amount of Automatic Time Error
Correction term was inadvertently
omitted during the Standard
Translation. The bound was added
to the requirement R1.4.
Errata
1 February 6, 2007 The statement The Time Monitor
may declare offsets in 0.001-second
increments was moved from
TEoffset to TDadj and offsets was
corrected to adjustments.
Errata
1 February 6, 2007 The reference to seconds was
deleted from the TE offset term.
Errata
1 June 19, 2007 The standard number BAL-STD-004-
1 was changed to BAL-004-WECC-01
to be consistent with the NERC
Regional Reliability Standard
Numbering Convention.
Errata
2 December 19, 2012 Adopted by NERC Board of Trustees

Standard BAL-005-0.2b Automatic Generation Control
Page 1 of 6

A. Introduction
1. Title: Automatic Generation Control
2. Number: BAL-005-0.2b
3. Purpose: This standard establishes requirements for Balancing Authority Automatic
Generation Control (AGC) necessary to calculate Area Control Error (ACE) and to routinely
deploy the Regulating Reserve. The standard also ensures that all facilities and load
electrically synchronized to the Interconnection are included within the metered boundary of a
Balancing Area so that balancing of resources and demand can be achieved.
4. Applicability:
4.2. Generator Operators
4.3. Transmission Operators
4.4. Load Serving Entities
B. Requirements
R1. All generation, transmission, and load operating within an Interconnection must be included
within the metered boundaries of a Balancing Authority Area.
R1.1. Each Generator Operator with generation facilities operating in an Interconnection
shall ensure that those generation facilities are included within the metered boundaries
of a Balancing Authority Area.
R1.2. Each Transmission Operator with transmission facilities operating in an
Interconnection shall ensure that those transmission facilities are included within the
metered boundaries of a Balancing Authority Area.
R1.3. Each Load-Serving Entity with load operating in an Interconnection shall ensure that
those loads are included within the metered boundaries of a Balancing Authority Area.
R2. Each Balancing Authority shall maintain Regulating Reserve that can be controlled by AGC to
meet the Control Performance Standard. (Retirement approved by NERC BOT pending
applicable regulatory approval.)
R3. A Balancing Authority providing Regulation Service shall ensure that adequate metering,
communications, and control equipment are employed to prevent such service from becoming
a Burden on the Interconnection or other Balancing Authority Areas.
R4. A Balancing Authority providing Regulation Service shall notify the Host Balancing
Authority for whom it is controlling if it is unable to provide the service, as well as any
Intermediate Balancing Authorities.
R5. A Balancing Authority receiving Regulation Service shall ensure that backup plans are in
place to provide replacement Regulation Service should the supplying Balancing Authority no
longer be able to provide this service.
R6. The Balancing Authoritys AGC shall compare total Net Actual Interchange to total Net
Scheduled Interchange plus Frequency Bias obligation to determine the Balancing Authoritys
ACE. Single Balancing Authorities operating asynchronously may employ alternative ACE
calculations such as (but not limited to) flat frequency control. If a Balancing Authority is
unable to calculate ACE for more than 30 minutes it shall notify its Reliability Coordinator.
Page 2 of 6

R7. The Balancing Authority shall operate AGC continuously unless such operation adversely
impacts the reliability of the Interconnection. If AGC has become inoperative, the Balancing
Authority shall use manual control to adjust generation to maintain the Net Scheduled
Interchange.
R8. The Balancing Authority shall ensure that data acquisition for and calculation of ACE occur at
least every six seconds.
R8.1. Each Balancing Authority shall provide redundant and independent frequency metering
equipment that shall automatically activate upon detection of failure of the primary
source. This overall installation shall provide a minimum availability of 99.95%.
R9. The Balancing Authority shall include all Interchange Schedules with Adjacent Balancing
Authorities in the calculation of Net Scheduled Interchange for the ACE equation.
R9.1. Balancing Authorities with a high voltage direct current (HVDC) link to another
Balancing Authority connected asynchronously to their Interconnection may choose to
omit the Interchange Schedule related to the HVDC link from the ACE equation if it is
modeled as internal generation or load.
R10. The Balancing Authority shall include all Dynamic Schedules in the calculation of Net
Scheduled Interchange for the ACE equation.
R11. Balancing Authorities shall include the effect of ramp rates, which shall be identical and
agreed to between affected Balancing Authorities, in the Scheduled Interchange values to
calculate ACE.
R12. Each Balancing Authority shall include all Tie Line flows with Adjacent Balancing Authority
Areas in the ACE calculation.
R12.1. Balancing Authorities that share a tie shall ensure Tie Line MW metering is
telemetered to both control centers, and emanates from a common, agreed-upon source
using common primary metering equipment. Balancing Authorities shall ensure that
megawatt-hour data is telemetered or reported at the end of each hour.
R12.2. Balancing Authorities shall ensure the power flow and ACE signals that are utilized for
calculating Balancing Authority performance or that are transmitted for Regulation
Service are not filtered prior to transmission, except for the Anti-aliasing Filters of Tie
Lines.
R12.3. Balancing Authorities shall install common metering equipment where Dynamic
Schedules or Pseudo-Ties are implemented between two or more Balancing
Authorities to deliver the output of Jointly Owned Units or to serve remote load.
R13. Each Balancing Authority shall perform hourly error checks using Tie Line megawatt-hour
meters with common time synchronization to determine the accuracy of its control equipment.
The Balancing Authority shall adjust the component (e.g., Tie Line meter) of ACE that is in
error (if known) or use the interchange meter error (I
ME
) term of the ACE equation to
compensate for any equipment error until repairs can be made.
R14. The Balancing Authority shall provide its operating personnel with sufficient instrumentation
and data recording equipment to facilitate monitoring of control performance, generation
response, and after-the-fact analysis of area performance. As a minimum, the Balancing
Authority shall provide its operating personnel with real-time values for ACE, Interconnection
frequency and Net Actual Interchange with each Adjacent Balancing Authority Area.
R15. The Balancing Authority shall provide adequate and reliable backup power supplies and shall
periodically test these supplies at the Balancing Authoritys control center and other critical
Page 3 of 6

locations to ensure continuous operation of AGC and vital data recording equipment during
loss of the normal power supply.
R16. The Balancing Authority shall sample data at least at the same periodicity with which ACE is
calculated. The Balancing Authority shall flag missing or bad data for operator display and
archival purposes. The Balancing Authority shall collect coincident data to the greatest
practical extent, i.e., ACE, Interconnection frequency, Net Actual Interchange, and other data
shall all be sampled at the same time.
R17. Each Balancing Authority shall at least annually check and calibrate its time error and
frequency devices against a common reference. The Balancing Authority shall adhere to the
minimum values for measuring devices as listed below:
Device Accuracy
Digital frequency transducer 0.001 Hz
MW, MVAR, and voltage transducer 0.25 % of full scale
Remote terminal unit 0.25 % of full scale
Potential transformer 0.30 % of full scale
Current transformer 0.50 % of full scale
C. Measures
Not specified.
D. Compliance
Balancing Authorities shall be prepared to supply data to NERC in the format defined
below:
1.1.1. Within one week upon request, Balancing Authorities shall provide NERC or
the Regional Reliability Organization CPS source data in daily CSV files with
time stamped one minute averages of: 1) ACE and 2) Frequency Error.
1.1.2. Within one week upon request, Balancing Authorities shall provide NERC or
the Regional Reliability Organization DCS source data in CSV files with time
stamped scan rate values for: 1) ACE and 2) Frequency Error for a time
period of two minutes prior to thirty minutes after the identified Disturbance.
Not specified.
1.3. Data Retention
1.3.1. Each Balancing Authority shall retain its ACE, actual frequency, Scheduled
Frequency, Net Actual Interchange, Net Scheduled Interchange, Tie Line
meter error correction and Frequency Bias Setting data in digital format at the
same scan rate at which the data is collected for at least one year.
1.3.2. Each Balancing Authority or Reserve Sharing Group shall retain
documentation of the magnitude of each Reportable Disturbance as well as
the ACE charts and/or samples used to calculate Balancing Authority or
Page 4 of 6

Reserve Sharing Group disturbance recovery values. The data shall be
retained for one year following the reporting quarter for which the data was
recorded.
Not specified.
Not specified.
None identified.
1. Appendix 1 Interpretation of Requirement R17 (February 12, 2008).
Version History
0 February 8, 2005 Adopted by NERC Board of Trustees New
approved by BOT on May 2, 2007
Addition
0a January 16, 2008 Section F: added 1.; changed hyphen to en
dash. Changed font style for Appendix 1 to
Arial
Errata
0b February 12, 2008 Replaced Appendix 1 Interpretation of R17
approved by BOT on February 12, 2008 (BOT
approved retirement of Interpretation included in
BAL-005-0a)
Replacement
0.1b October 29, 2008 BOT approved errata changes; updated version
number to 0.1b
Errata
0.1b May 13, 2009 FERC approved Updated Effective Date Addition
0.2b March 8, 2012 Errata adopted by Standards Committee; (replaced
Appendix 1 with the FERC-approved revised
interpretation of R17 and corrected standard
version referenced in Interpretation by changing
from BAL-005-1 to BAL-005-0)
Errata
0.2b September 13, 2012 FERC approved Updated Effective Date Addition
0.2b February 7, 2013 R2 and associated elements approved by NERC
Board of Trustees for retirement as part of the
Paragraph 81 project (Project 2013-02) pending
applicable regulatory approval.

Page 5 of 6

Appendix 1
Effective Date: August 27, 2008 (U.S.)

Interpretation of BAL-005-0 Automatic Generation Control, R17
Request for Clarification received from PGE on July 31, 2007
PGE requests clarification regarding the measuring devices for which the requirement applies,
specifically clarification if the requirement applies to the following measuring devices:
Only equipment within the operations control room
Only equipment that provides values used to calculate AGC ACE
Only equipment that provides values to its SCADA system
Only equipment owned or operated by the BA
Only to new or replacement equipment
To all equipment that a BA owns or operates
BAL-005-0
R17. Each Balancing Authority shall at least annually check and calibrate its time error and frequency
devices against a common reference. The Balancing Authority shall adhere to the minimum values for
measuring devices as listed below:
Device Accuracy
Digital frequency transducer 0.001 Hz
MW, MVAR, and voltage transducer 0.25% of full scale
Remote terminal unit 0.25% of full scale
Potential transformer 0.30% of full scale
Current transformer 0.50% of full scale
Existing Interpretation Approved by Board of Trustees May 2, 2007
BAL-005-0, Requirement 17 requires that the Balancing Authority check and calibrate its control room
time error and frequency devices against a common reference at least annually. The requirement to
annually check and calibrate does not address any devices outside of the operations control room.
The table represents the design accuracy of the listed devices. There is no requirement within the standard
to annually check and calibrate the devices listed in the table, unless they are included in the control
center time error and frequency devices.
Interpretation provided by NERC Frequency Task Force on September 7, 2007 and Revised on
November 16, 2007
As noted in the existing interpretation, BAL-005-0 Requirement 17 applies only to the time error and
frequency devices that provide, or in the case of back-up equipment may provide, input into the reporting
or compliance ACE equation or provide real-time time error or frequency information to the system
operator. Frequency inputs from other sources that are for reference only are excluded. The time error and
frequency measurement devices may not necessarily be located in the system operations control room or
owned by the Balancing Authority; however the Balancing Authority has the responsibility for the
accuracy of the frequency and time error measurement devices. No other devices are included in R 17.
Page 6 of 6

The other devices listed in the table at the end of R17 are for reference only and do not have any
mandatory calibration or accuracy requirements.
New or replacement equipment that provides the same functions noted above requires the same
calibrations. Some devices used for time error and frequency measurement cannot be calibrated as such.
In this case, these devices should be cross-checked against other properly calibrated equipment and
replaced if the devices do not meet the required level of accuracy.

Standard BAL-006-2 Inadvertent Interchange
1
A. Introduction
1. Title: Inadvertent Interchange
3. Purpose:
This standard defines a process for monitoring Balancing Authorities to ensure that, over the
long term, Balancing Authority Areas do not excessively depend on other Balancing Authority
Areas in the Interconnection for meeting their demand or Interchange obligations.
4. Applicability:
5. Effective Date: First day of first calendar quarter after applicable regulatory approval,
or in those jurisdictions where no regulatory approval is required, first day of first calendar
quarter after Board of Trustees adoption.

B. Requirements
R1. Each Balancing Authority shall calculate and record hourly Inadvertent Interchange.
(Violation Risk Factor: Lower)
R2. Each Balancing Authority shall include all AC tie lines that connect to its Adjacent Balancing
Authority Areas in its Inadvertent Interchange account. The Balancing Authority shall take
into account interchange served by jointly owned generators. (Violation Risk Factor: Lower)
R3. Each Balancing Authority shall ensure all of its Balancing Authority Area interconnection
points are equipped with common megawatt-hour meters, with readings provided hourly to the
control centers of Adjacent Balancing Authorities. (Violation Risk Factor: Lower)
R4. Adjacent Balancing Authority Areas shall operate to a common Net Interchange Schedule and
Actual Net Interchange value and shall record these hourly quantities, with like values but
opposite sign. Each Balancing Authority shall compute its Inadvertent Interchange based on
the following: (Violation Risk Factor: Lower)
R4.1. Each Balancing Authority, by the end of the next business day, shall agree with its
Adjacent Balancing Authorities to: (Violation Risk Factor: Lower)
R4.1.1. The hourly values of Net Interchange Schedule. (Violation Risk Factor:
Lower)
R4.1.2. The hourly integrated megawatt-hour values of Net Actual Interchange.
R4.2. Each Balancing Authority shall use the agreed-to daily and monthly accounting data to
compile its monthly accumulated Inadvertent Interchange for the On-Peak and Off-
Peak hours of the month. (Violation Risk Factor: Lower)
R4.3. A Balancing Authority shall make after-the-fact corrections to the agreed-to daily and
monthly accounting data only as needed to reflect actual operating conditions (e.g. a
meter being used for control was sending bad data). Changes or corrections based on
non-reliability considerations shall not be reflected in the Balancing Authoritys
Inadvertent Interchange. After-the-fact corrections to scheduled or actual values will
not be accepted without agreement of the Adjacent Balancing Authority(ies).
R5. Adjacent Balancing Authorities that cannot mutually agree upon their respective Net Actual
Interchange or Net Scheduled Interchange quantities by the 15th calendar day of the following
2
month shall, for the purposes of dispute resolution, submit a report to their respective Regional
Reliability Organization Survey Contact. The report shall describe the nature and the cause of
the dispute as well as a process for correcting the discrepancy. (Violation Risk Factor: Lower)

C. Measures
None specified.

D. Compliance
1.1. Each Balancing Authority shall submit a monthly summary of Inadvertent Interchange.
These summaries shall not include any after-the-fact changes that were not agreed to
by the Source Balancing Authority, Sink Balancing Authority and all Intermediate
Balancing Authority(ies).
1.2. Inadvertent Interchange summaries shall include at least the previous accumulation, net
accumulation for the month, and final net accumulation, for both the On-Peak and Off-
Peak periods.
1.3. Each Balancing Authority shall submit its monthly summary report to its Regional
Reliability Organization Survey Contact by the 15th calendar day of the following
month.
1.4. Each Balancing Authority shall perform an Area Interchange Error (AIE) Survey as
requested by the NERC Operating Committee to determine the Balancing Authoritys
Interchange error(s) due to equipment failures or improper scheduling operations, or
improper AGC performance.
1.5. Each Regional Reliability Organization shall prepare a monthly Inadvertent
Interchange summary to monitor the Balancing Authorities monthly Inadvertent
Interchange and all-time accumulated Inadvertent Interchange. Each Regional
Reliability Organization shall submit a monthly accounting to NERC by the 22nd day
following the end of the month being summarized.
3
R# Lower VSL Moderate VSL High VSL Severe VSL
R1. N/A N/A N/A Each Balancing Authority failed to
calculate and record hourly
Inadvertent Interchange.
R2. N/A N/A The Balancing Authority failed to
include all AC tie lines that
connect to its Adjacent Balancing
Authority Areas in its Inadvertent
Interchange account.

OR

Failed to take into account
interchange served by jointly
owned generators.
The Balancing Authority failed to
include all AC tie lines that
connect to its Adjacent Balancing
Authority Areas in its Inadvertent
Interchange account.

AND

Failed to take into account
interchange served by jointly
owned generators.
R3. N/A N/A N/A The Balancing Authority failed to
ensure all of its Balancing
Authority Area interconnection
points are equipped with common
megawatt-hour meters, with
readings provided hourly to the
control centers of Adjacent
R4. The Balancing Authority failed to
record Actual Net Interchange
values that are equal but opposite
in sign to its Adjacent Balancing
Authorities.
compute Inadvertent Interchange.
operate to a common Net
Interchange Schedule that is equal
but opposite to its Adjacent
N/A
R4.1. N/A N/A N/A The Balancing Authority, by the
end of the next business day, failed
to agree with its Adjacent
Balancing Authorities to the hourly
values of Net Interchanged
4
Schedule.

AND

The hourly integrated megawatt-
hour values of Net Actual
Interchange.
R4.1.1. N/A N/A N/A The Balancing Authority, by the
values of Net Interchanged
Schedule.
R4.1.2. N/A N/A N/A The Balancing Authority, by the
integrated megawatt-hour values of
Net Actual Interchange.
R4.2. N/A N/A N/A The Balancing Authority failed to
use the agreed-to daily and
monthly accounting data to
compile its monthly accumulated
Inadvertent Interchange for the On-
Peak and Off-Peak hours of the
month.
R4.3. N/A N/A N/A The Balancing Authority failed to
make after-the-fact corrections to
the agreed-to daily and monthly
accounting data to reflect actual
operating conditions or changes or
corrections based on non-reliability
considerations were reflected in the
Balancing Authoritys Inadvertent
5
Interchange.
R5. Adjacent Balancing Authorities
that could not mutually agree upon
their respective Net Actual
Interchange or Net Scheduled
Interchange quantities, submitted a
report to their respective Regional
Reliability Organizations Survey
Contact describing the nature and
the cause of the dispute but failed
to provide a process for correcting
the discrepancy.
Adjacent Balancing Authorities
that could not mutually agree upon
their respective Net Actual
Interchange or Net Scheduled
Interchange quantities by the 15th
calendar day of the following
month, failed to submit a report to
their respective Regional
Reliability Organizations Survey
Contact describing the nature and
the cause of the dispute as well as a
process for correcting the
discrepancy.
N/A N/A

6
1. Inadvertent Interchange Accounting Waiver approved by the Operating Committee on March
25, 2004includes SPP effective May 1, 2006.

Version History
1 April 6, 2006 Added following to Effective Date: This
standard will expire for one year beyond the
effective date or when replaced by a new version
of BAL-006, whichever comes first.
Errata
2 November 5, 2009 Added approved VRFs and VSLs to document.
Removed MISO from list of entities with an
Inadvertent Interchange Accounting Waiver
(Project 2009-18).
Revision
2 November 5, 2009 Approved by the Board of Trustees
2 J anuary 6, 2011 Approved by FERC

Standard BAL-502-RFC-02
Page 1 of 8

A. Introduction
1. Title: Planning Resource Adequacy Analysis, Assessment and Documentation
2. Number: BAL-502-RFC-02
3. Purpose:
To establish common criteria, based on one day in ten year loss of Load expectation principles,
for the analysis, assessment and documentation of Resource Adequacy for Load in the
ReliabilityFirst Corporation (RFC) region

4. Applicability
4.1 Planning Coordinator

5. Effective Date:
5.1 Upon RFC Board approval

B. Requirements

R1 The Planning Coordinator shall perform and document a Resource Adequacy analysis
annually. The Resource Adequacy analysis shall [Violation Risk Factor: Medium]:

R1.1 Calculate a planning reserve margin that will result in the sum of the probabilities
for loss of Load for the integrated peak hour for all days of each planning year
1

analyzed (per R1.2) being equal to 0.1. (This is comparable to a one day in 10
year criterion).
R1.1.1 The utilization of Direct Control Load Management or curtailment of
Interruptible Demand shall not contribute to the loss of Load
probability.

R1.1.2 The planning reserve margin developed from R1.1 shall be expressed as
a percentage of the median
2

forecast peak Net Internal Demand
(planning reserve margin).
R1.2 Be performed or verified separately for each of the following planning years:

1
The annual period over which the LOLE is measured, and the resulting resource requirements are established (J une
1
st
through the following May 31
st
).
2
The median forecast is expected to have a 50% probability of being too high and 50% probability of being too low
(50:50).
Page 2 of 8

R1.2.1 Perform an analysis for Year One.

R1.2.2 Perform an analysis or verification at a minimum for one year in the 2
through 5 year period and at a minimum one year in the 6 though 10 year
period.

R1.2.2.1 If the analysis is verified, the verification must be
supported by current or past studies for the same
planning year.

R1.3 Include the following subject matter and documentation of its use:

R1.3.1 Load forecast characteristics:
Median (50:50) forecast peak Load.
Load forecast uncertainty (reflects variability in the Load forecast
due to weather and regional economic forecasts).
Load diversity.
Seasonal Load variations.
Daily demand modeling assumptions (firm, interruptible).
Contractual arrangements concerning curtailable/Interruptible
Demand.

R1.3.2 Resource characteristics:
Historic resource performance and any projected changes
Seasonal resource ratings
Modeling assumptions of firm capacity purchases from and sales to
entities outside the Planning Coordinator area.
Resource planned outage schedules, deratings, and retirements.
Modeling assumptions of intermittent and energy limited resource
such as wind and cogeneration.
Criteria for including planned resource additions in the analysis

R1.3.3 Transmission limitations that prevent the delivery of generation reserves

R1.3.3.1 Criteria for including planned Transmission Facility
additions in the analysis

Page 3 of 8

R1.3.4 Assistance from other interconnected systems including multi-area assessment
considering Transmission limitations into the study area.

R1.4 Consider the following resource availability characteristics and document how
and why they were included in the analysis or why they were not included:
Availability and deliverability of fuel.
Common mode outages that affect resource availability
Environmental or regulatory restrictions of resource availability.
Any other demand (Load) response programs not included in R1.3.1.
Sensitivity to resource outage rates.
Impacts of extreme weather/drought conditions that affect unit availability.
Modeling assumptions for emergency operation procedures used to make
reserves available.
Market resources not committed to serving Load (uncommitted resources)
within the Planning Coordinator area.

R1.5 Consider Transmission maintenance outage schedules and document how and
why they were included in the Resource Adequacy analysis or why they were not
included

R1.6 Document that capacity resources are appropriately accounted for in its Resource
Adequacy analysis

R1.7 Document that all Load in the Planning Coordinator area is accounted for in its
Resource Adequacy analysis

R2 The Planning Coordinator shall annually document the projected Load and resource capability,
for each area or Transmission constrained sub-area identified in the Resource Adequacy analysis
[Violation Risk Factor: Lower].

R2.1 This documentation shall cover each of the years in Year One through ten.

R2.2 This documentation shall include the planning reserve margin calculated per
requirement R1.1 for each of the three years in the analysis.

R2.3 The documentation as specified per requirement R2.1 and R2.2 shall be publicly posted
no later than 30 calendar days prior to the beginning of Year One.

Page 4 of 8

C. Measures

M1 Each Planning Coordinator shall possess the documentation that a valid Resource Adequacy
analysis was performed or verified in accordance with R1

M2 Each Planning Coordinator shall possess the documentation of its projected Load and resource
capability, for each area or Transmission constrained sub-area identified in the Resource
Adequacy analysis on an annual basis in accordance with R2.

D. Compliance
Compliance Monitor - ReliabilityFirst Corporation

One calendar year

1.3. Data Retention
The Planning Coordinator shall retain information from the most current and prior two
years.

The Compliance Monitor shall retain any audit data for five years.


Req.
Number
VIOLATION SEVERITY LEVEL
LOWER MODERATE HIGH SEVERE
R1 The Planning
Coordinator Resource
Adequacy analysis
failed to consider 1 or 2
of the Resource
availability
characteristics
subcomponents under
R1.4 and documentation
of how and why they
were included in the
analysis or why they
The Planning
Adequacy analysis
failed to express the
planning reserve margin
developed from R1.1 as
a percentage of the net
Median forecast peak
Load per R1.1.2

OR
The Planning
Adequacy analysis
failed to be performed
or verified separately
for individual years of
Year One through Year
Ten per R1.2

OR

The Planning
Coordinator failed to
perform and document a
Resource Adequacy
analysis annually per
R1.

OR

The Planning
Page 5 of 8

were not included

OR

The Planning
Adequacy analysis
failed to consider
Transmission
maintenance outage
schedules and document
how and why they were
included in the analysis
or why they were not
included per R1.5

The Planning
Adequacy analysis
failed to include 1 of the
Load forecast
Characteristics
subcomponents under
R1.3.1 and
documentation of its use

OR

The Planning
Adequacy analysis
failed to include 1 of the
Resource
Characteristics
subcomponents under
R1.3.2 and

Or

The Planning
Adequacy analysis
failed to document that
all Load in the Planning
Coordinator area is
accounted for in its
Resource Adequacy
analysis per R1.7

The Planning
perform an analysis or
verification for one year
in the 2 through 5 year
period or one year in the
6 though 10 year period
or both per R1.2.2

OR

The Planning
Adequacy analysis
failed to include 2 or
more of the Load
forecast Characteristics
subcomponents under
R1.3.1 and
documentation of their
use

OR

The Planning
Adequacy analysis
failed to include 2 or
more of the Resource
Characteristics
subcomponents under
R1.3.2 and
documentation of their
use

OR

The Planning
Adequacy analysis
failed to include
Transmission
limitations and
Adequacy analysis
failed to calculate a
Planning reserve margin
that will result in the
sum of the probabilities
for loss of Load for the
integrated peak hour for
all days of each
planning year analyzed
for each planning period
being equal to 0.1 per
R1.1

OR

The Planning
perform an analysis for
Year One per R1.2.1

Page 6 of 8

per R1.3.3

OR

The Planning
Adequacy analysis
failed to include
assistance from other
interconnected systems
and documentation of
its use per R1.3.4

OR

The Planning
Adequacy analysis
failed to consider 3 or
more Resource
availability
characteristics
subcomponents under
R1.4 and documentation
of how and why they
were included in the
analysis or why they
were not included

OR

The Planning
Adequacy analysis
failed to document that
capacity resources are
appropriately accounted
for in its Resource
Adequacy analysis per
R1.6
R2 The Planning
publicly post the
documents as specified
The Planning
document the projected
Load and resource
The Planning
Load and resource
The Planning
Load and resource
Page 7 of 8

per requirement R2.1
and R2.2 later than 30
calendar days prior to
the beginning of Year
One per R2.3

capability, for each area
or Transmission
constrained sub-area
identified in the
Resource Adequacy
analysis for one of the
years in the 2 through
10 year period per R2.1.

OR

The Planning
document the Planning
Reserve margin
calculated per
requirement R1.1 for
each of the three years
in the analysis per R2.2.

or Transmission
identified in the
Resource Adequacy
analysis for year 1 of
the 10 year period per
R2.1.

OR

The Planning
Load and resource
or Transmission
identified in the
Resource Adequacy
analysis for two or more
of the years in the 2
through 10 year period
per R2.1.
or Transmission
identified in the
Resource Adequacy
analysis per R2.

Definitions:
Resource Adequacy - the ability of supply-side and demand-side resources to meet the aggregate
electrical demand (including losses).

Net Internal Demand - Total of all end-use customer demand and electric system losses within
specified metered boundaries, less Direct Control Load Management and Interruptible Demand.

Peak Period - A period consisting of two (2) or more calendar months but less than seven (7)
calendar months, which includes the period during which the responsible entity's annual peak demand
is expected to occur

Year One - The planning year that begins with the upcoming annual Peak Period.

The following definitions were extracted from the February 12
th
, 2008 NERC Glossary of
Terms:

Page 8 of 8

Direct Control Load Management Demand-Side Management that is under the direct control of
the system operator. DCLM may control the electric supply to individual appliances or equipment on
customer premises. DCLM as defined here does not include Interruptible Demand.

Facility - A set of electrical equipment that operates as a single Bulk Electric System Element (e.g., a
line, a generator, a shunt compensator, transformer, etc.)

Interruptible Demand - Demand that the end-use customer makes available to its Load-Serving
Entity via contract or agreement for curtailment.

Load - An end-use device or customer that receives power from the electric system.
Transmission - An interconnected group of lines and associated equipment for the movement or
transfer of electric energy between points of supply and points at which it is transformed for delivery
to customers or is delivered to other electric systems.

Version History
BAL-502-RFC-02
1
st
Draft
06/24/08
Through
07/23/08
Posted for 1
st
Comment Period
BAL-502-RFC-02
2
nd
Draft
08/18/08
Through
09/16/08
Posted for 2
nd
Comment Period
BAL-502-RFC-02
3
rd
Draft
10/16/08
Through
10/30/08
Posted for 15-Day Category Ballot
BAL-502-RFC-02
3
rd
Draft
12/04/08 ReliabilityFirst Board Approved
BAL-502-RFC-02 06/08/09 Planning Reserve changed to planning
reserve in R2.2.
Errata
BAL-502-RFC-02 08/05/09 Approved by NERC Board of Trustees
BAL-502-RFC-02 03/17/11 Order issued by FERC approving BAL-502-
RFC-02 (approval effective 5/23/11)

1
WECC Standard BAL-STD-002-0 - Operating Reserves
A. Introduction
1. Title: Operating Reserves
2. Number: BAL-STD-002-0
3. Purpose: Regional Reliability Standard to address the Operating Reserve requirements
of the Western Interconnection.
4. Applicability
4.1.1 This criterion applies to each Responsible Entity that is (i) a Balancing Authority or a
member of a Reserve Sharing Group that does not designate its Reserve Sharing Group as its
agent, or (ii) a Reserve Sharing Group. A Responsible Entity that is a Balancing Authority
and a member of a Reserve Sharing Group is subject to this criterion only as described in
Section A.4.1.2. A Responsible Entity that is a member of a Reserve Sharing Group is not
subject to this criterion on an individual basis.
4.1.2 Responsible Entities that are members of a Reserve Sharing Group may designate in
writing to WECC a Responsible Entity to act as agent for purposes of this criterion for each
such Reserve Sharing Group. Such Reserve Sharing Group agents shall be responsible for
all data submission requirements under Section D of this Reliability Agreement. Unless a
Reserve Sharing Group agent identifies individual Responsible Entities responsible for
noncompliance at the time of data submission, sanctions for noncompliance shall be
assessed against the agent on behalf of the Reserve Sharing Group, and it shall be the
responsibility of the members of the Reserve Sharing Group to allocate responsibility for
such noncompliance. If a Responsible Entity that is a member of a Reserve Sharing Group
does not designate in writing to WECC a Responsible Entity to act as agent for purposes of
this criterion for each such Reserve Sharing Group, such Responsible Entity shall be subject
to this criterion on an individual basis.

5. Effective Date: This Western Electricity Coordinating Council Regional Reliability
Standard will be effective when approved by the Federal Energy Regulatory Commission under
Section 215 of the Federal Power Act. This Regional Reliability Standard shall be in effect for
one year from the date of Commission approval or until a North American Standard or a revised
Western Electricity Coordinating Council Regional Reliability Standard goes into place,
whichever occurs first. At no time shall this regional Standard be enforced in addition to a
similar North American Standard.

B. Requirements
WR1.

The reliable operation of the interconnected power system requires that adequate
generating capacity be available at all times to maintain scheduled frequency and avoid
loss of firm load following transmission or generation contingencies. This generating
capacity is necessary to:

supply requirements for load variations.

replace generating capacity and energy lost due to forced outages of generation
or transmission equipment.

meet on-demand obligations.

2
replace energy lost due to curtailment of interruptible imports.

a. Minimum Operating Reserve. Each Balancing Authority shall maintain minimum
Operating Reserve which is the sum of the following:

(i) Regulating reserve. Sufficient Spinning Reserve, immediately responsive to
Automatic Generation Control (AGC) to provide sufficient regulating margin to
allow the Balancing Authority to meet NERC's Control Performance Criteria (see
BAL-001-0).

(ii) Contingency reserve. An amount of Spinning Reserve and Nonspinning Reserve
(at least half of which must be Spinning Reserve), sufficient to meet the NERC
Disturbance Control Standard BAL-002-0, equal to the greater of:

(a) The loss of generating capacity due to forced outages of generation or
transmission equipment that would result from the most severe single
contingency; or

(b) The sum of five percent of the load responsibility served by hydro generation
and seven percent of the load responsibility served by thermal generation.

The combined unit ramp rate of each Balancing Authority's on-line, unloaded
generating capacity must be capable of responding to the Spinning Reserve
requirement of that Balancing Authority within ten minutes

Additional reserve for interruptible imports. An amount of reserve, which can
be made effective within ten minutes, equal to interruptible imports.

(iv) Additional reserve for on-demand obligations. An amount of reserve, which
can be made effective within ten minutes, equal to on-demand obligations to
other entities or Balancing Authorities.

b. Acceptable types of Nonspinning Reserve. The Nonspinning Reserve obligations
identified in subsections a(ii), a(iii), and a(iv), if any, can be met by use of the
following:

(i) interruptible load;

(ii) interruptible exports;

(iii) on-demand rights from other entities or Balancing Authorities;

(iv) Spinning Reserve in excess of requirements in subsections a(i) and a(ii); or

(v) off-line generation which qualifies as Nonspinning Reserve.

c. Knowledge of Operating Reserve. Operating Reserves shall be calculated such
that the amount available which can be fully activated in the next ten minutes
will be known at all times.

3
d. Restoration of Operating Reserve. After the occurrence of any event
necessitating the use of Operating Reserve, that reserve shall be restored as
promptly as practicable. The time taken to restore reserves shall not exceed 60
minutes (Source: WECC Criterion)

C. Measures
WM1.
Except within the first 60 minutes following an event requiring the activation of
Operating Reserves, a Responsible Entity identified in Section A.4 must maintain 100%
of required Operating Reserve levels based upon data averaged over each clock hour.
Following every event requiring the activation of Operating Reserves, a Responsible
Entity identified in Section A.4 must re-establish the required Operating Reserve levels
within 60 minutes. (Source: Compliance Standard)

D. Compliance
1.1 Compliance Monitoring Responsibility
Western Electricity Coordinating Council (WECC)
1.2 Compliance Monitoring Period
At Occurrence and Quarterly
By no later than 5:00 p.m. Mountain Time on the first Business Day following the
day on which an instance of non-compliance occurs (or such other date specified in
Form A.1(a)), the Responsible Entities identified in SectionA.4 shall submit to the
WECC office Operating Reserve data in Form A.1(a) (available on the WECC web
site) for each such instance of non-compliance. On or before the tenth day of each
calendar quarter (or such other date specified in Form A.1(b)), the Responsible
Entities identified in Section A.4 (including Responsible Entities with no reported
instances of non-compliance) shall submit to the WECC office a completed
Operating Reserve summary compliance Form A.1(b) (available on the WECC web
site) for the immediately preceding calendar quarter.
1.3 Data Retention
Data will be retained in electronic form for at least one year. The retention period
will be evaluated before expiration of one year to determine if a longer retention
period is necessary. If the data is being reviewed to address a question of
compliance, the data will be saved beyond the normal retention period until the
question is formally resolved. (Source: NERC Language)
For purposes of applying the sanctions specified in Sanction Table for violations of
this criterion, the "Sanction Measure" is Average Generation and the "Specified
Period" is the most recent calendar month.(Source: Sanctions)
2. Levels of Non-Compliance Sanction
Measure: Average Generation

4
2.1. Level 1: There shall be a Level 1 non-compliance if any of the following
conditions exist:
2.1.1 One instance during a calendar month in which the Balancing
Authority's or the Reserve Sharing Group's Operating Reserve is less than
100% but greater than or equal to 90% of the required Operating Reserve.

conditions exist:

conditions exist:

conditions exist:
2.4.1 One instance during a calendar month in which the Balancing Authority's
or the Reserve Sharing Group's Operating Reserve is less than 70% of
the required Operating Reserve.
Version History Shows Approval History and Summary of Changes in the Action Field
0 March 12, 2007 Adopted by Board of Trustees New
0 J une 8, 2007 FERC order issued approving BAL-
STD-002-0

5

Sanction Table
Sanctions for non-compliance with respect to each criterion in Section B Requirements
shall be assessed pursuant to the following table. All monetary sanctions shall also
include sending of Letter (B).
Number of Occurrences at a Given Level within Specified Period
Level of Non-

1 2 3 4 or more
Level 1 Letter (A) Letter (B) Higher of $1,000
or $1 per MW of
Sanction Measure
Higher of $2,000
or $2 per MW of
Sanction
Measure
Level 2 Letter (B) Higher of $1,000
or $1 per MW of
Sanction Measure
Higher of $2,000
or $2 per MW of
Sanction Measure
Higher of $4,000
or $4 per MW of
Sanction
Measure
Level 3 Higher of $1,000
or $1 per MW of
Sanction Measure
Higher of $2,000
or $2 per MW of
Sanction Measure
Higher of $4,000
or $4 per MW of
Sanction Measure
Higher of $6,000
or $6 per MW of
Sanction
Measure
Level 4 Higher of $2,000
or $2 per MW of
Sanction Measure
Higher of $4,000
or $4 per MW of
Sanction Measure
Higher of $6,000
or $6 per MW of
Sanction Measure
Higher of
$10,000 or $10
per MW of
Sanction
Measure
Letter (A): Letter to Responsible Entity's Chief Executive Officer informing the
Responsible Entity of noncompliance with copies to NERC, WECC Member
Representative, and WECC Operating Committee Representative 1.

Letter (B): Identical to Letter (A), with additional copies to (i) Chairman of the Board of
Responsible Entity (if different from Chief Executive Officer), and to (ii) state or
provincial regulatory agencies with jurisdiction over Responsible Entity, and, in the case
of U.S. entities, FERC, and Department of Energy, if such government entities request
such information.

The "Specified Period" and the "Sanction Measure" are as specified in Section D1.4 for
each criterion.

Sanctions shall be assessed for all instances of non-compliance within a Specified Period.
For example, if a Responsible Entity had two instances of Level 1 non-compliance and
1 Copies of Letter A and Letter B will be sent to WECC Member Representative and WECC Operating
Committee Representative when the Generator Operator is a WECC member.

6
one instance of Level 3 non-compliance for a specific criterion in the first Specified
Period, it would be assessed the sanction from Column 2 of the Level 1 row, and the
sanction from Column 1 of the Level 3 row.

If the Responsible Entity fails to comply with a given criterion for two or more
consecutive Specified Periods, the sanctions assessed at each level of noncompliance for
the most recent Specified Period shall be the sanction specified in the column immediately
to the right of the indicated sanction. For example, if a Responsible Entity fails to comply
with a given criterion for two consecutive Specified Periods, and in the second Specified
Period the Responsible Entity has one instance of Level 1 non-compliance and two
instances of Level 3 non-compliance, it would be assessed the sanction from Column 2 of
the Level 1 row, and the sanction from Column 3 of the Level 3 row. If the sanction
assessed at the highest level is the sanction in Column 4, no such modification of the
specified sanction shall occur.
DEFINITIONS
Unless the context requires otherwise, all capitalized terms shall have the meanings
assigned in this Standard and as set out below:

Area Control Error or ACE means the instantaneous difference between net actual and
scheduled interchange, taking into account the effects of Frequency Bias including
correction for meter error.

Automatic Generation Control or AGC means equipment that automatically adjusts a
Control Area's generation from a central location to maintain its interchange schedule
plus Frequency Bias.

Average Generation means the total MWh generated within the Balancing Authority
Operator's Balancing Authority Area during the prior year divided by 8760 hours (8784
hours if the prior year had 366 days).

Business Day means any day other than Saturday, Sunday, or a legal public holiday as
designated in section 6103 of title 5, U.S. Code.

Disturbance means (i) any perturbation to the electric system, or (ii) the unexpected
change in ACE that is caused by the sudden loss of generation or interruption of load.

Extraordinary Contingency shall have the meaning set out in Excuse of Performance,
section B.4.c.

7
Frequency Bias means a value, usually given in megawatts per 0.1 Hertz, associated with
a Control Area that relates the difference between scheduled and actual frequency to the
amount of generation required to correct the difference.

Nonspinning Reserve means that Operating Reserve not connected to the system but
capable of serving demand within a specified time, or interruptible load that can be
removed from the system in a specified time.

Operating Reserve means that capability above firm system demand required to provide
for regulation, load-forecasting error, equipment forced and scheduled outages and local
area protection. Operating Reserve consists of Spinning Reserve and Nonspinning Reserve.

Spinning Reserve means unloaded generation which is synchronized and ready to serve
additional demand. It consists of Regulating reserve and Contingency reserve (as each are
described in Sections B.a.i and ii).
EXCUSE OF PERFORMANCE
A. Excused Non-Compliance

Non-compliance with any of the reliability criteria contained in this
Standard shall be excused and no sanction applied if such non-compliance
results directly from one or more of the actions or events listed below.

B. Specific Excuses

1. Governmental Order

The Reliability Entity's compliance with or action under any
applicable law or regulation or other legal obligation related thereto
or any curtailment, order, regulation or restriction imposed by any
governmental authority (other than the Reliability Entity, if the
Reliability Entity is a municipal corporation or a federal, state, or
provincial governmental entity or subdivision thereof).

2. Order of Reliability Coordinator

The Reliability Entity's compliance or reasonable effort to comply
with any instruction, directive, order or suggested action ("Security
Order") by the WECC Reliability Coordinator for the WECC sub-
region within which the Reliability Entity is operating, provided that
the need for such Security Order was not due to the Reliability
Entity's non-compliance with (a) the WECC Reliability Criteria for
Transmission System Planning, (b) the WECC Power Supply

8
Design Criteria, (c) the WECC Minimum Operating Reliability
Criteria, or (d) any other WECC reliability criterion, policy or
procedure then in effect (collectively, "WECC Reliability
Standards"), and provided further that the Reliability Entity in
complying or attempting to comply with such Security Order has
taken all reasonable measures to minimize Reliability Entity's non-
compliance with the reliability criteria.
3. Protection of Facilities

Any action taken or not taken by the Reliability Entity which, in the
reasonable judgment of the Reliability Entity, was necessary to
protect the operation, performance, integrity, reliability or stability of
the Reliability Entity's computer system, electric system (including
transmission and generating facilities), or any electric system with
which the Reliability Entity's electric system is interconnected,
whether such action occurs automatically or manually; provided that
the need for such action or inaction was not due to Reliability
Entity's non-compliance with any WECC Reliability Standard and
provided further that Reliability Entity could not have avoided the
need for such action or inaction through reasonable efforts taken in
a timely manner. Reasonable efforts shall include shedding load,
disconnecting facilities, altering generation patterns or schedules on
the transmission system, or purchasing energy or capacity, except to
the extent that the Reliability Entity demonstrates to the WECC
Staff and/or the RCC that in the particular circumstances such
action would have been unreasonable.

4. Extraordinary Contingency

a. Any Extraordinary Contingency (as defined in subsection
c); provided that this provision shall apply only to the
extent and for the duration that the Extraordinary
Contingency actually and reasonably prevented the
Reliability Entity from complying with any applicable
reliability criteria; and provided further that Reliability
Entity took all reasonable efforts in a timely manner to
mitigate the effects of the Extraordinary Contingency and to
resume full compliance with all applicable reliability
criteria contained in this Reliability Agreement.
Reasonable efforts shall include shedding load, disconnecting
facilities, altering generation patterns or schedules on the
transmission system, or purchasing energy or capacity,
except to the extent that the Reliability Entity

9
demonstrates to the WECC Staff and/or the RCC that in the
particular circumstances such action would have been
unreasonable. Reasonable efforts shall not include the
settlement of any strike, lockout or labor dispute.

b. Any Reliability Entity whose compliance is prevented by an
Extraordinary Contingency shall immediately notify the
WECC of such contingency and shall report daily or at such
other interval prescribed by the WECC the efforts being
undertaken to mitigate the effects of such contingency and to
bring the Reliability Entity back into full compliance.

c. An Extraordinary Contingency means any act of God, actions
by a non-affiliated third party, labor disturbance, act of the
public enemy, war, insurrection, riot, fire, storm or flood,
earthquake, explosion, accident to or breakage, failure or
malfunction of machinery or equipment, or any other cause
beyond the Reliability Entity's reasonable control; provided
that prudent industry standards (ms., maintenance, design,
operation) have been employed; and provided further that no
act or cause shall be considered an Extraordinary
Contingency if such act or cause results in any contingency
contemplated in any WECC Reliability Standard (e.g., the
"Most Severe Single Contingency" as defined in the WECC
Reliability Criteria or any lesser contingency).

5. Participation in Field Testing

Any action taken or not taken by the Reliability Entity in conjunction
with the Reliability Entity's involvement in the field testing (as
approved by either the WECC Operating Committee or the WECC
Planning Coordination Committee) of a new reliability criterion or a
revision to an existing reliability criterion where such action or non-
action causes the Reliability Entity's non-compliance with the
reliability criterion to be replaced or revised by the criterion being
field tested; provided that Reliability Entity's noncompliance is the
result of Reliability Entity's reasonable efforts to participate in the
field testing.
Standard CIP-001-2a Sabotage Reporting
Page 1 of 6
A. Introduction
1. Title: Sabotage Reporting
2. Number: CIP-001-2a
3. Purpose: Disturbances or unusual occurrences, suspected or determined to be caused by
sabotage, shall be reported to the appropriate systems, governmental agencies, and regulatory
bodies.
4. Applicability
4.1. Reliability Coordinators.
4.3. Transmission Operators.
4.4. Generator Operators.
4.5. Load Serving Entities.
4.6. Transmission Owners (only in ERCOT Region).
4.7. Generator Owners (only in ERCOT Region).

5. Effective Date: ERCOT Regional Variance will be effective the first day of
the first calendar quarter after applicable regulatory approval.
B. Requirements
R1. Each Reliability Coordinator, Balancing Authority, Transmission Operator, Generator
Operator, and Load Serving Entity shall have procedures for the recognition of and for making
their operating personnel aware of sabotage events on its facilities and multi-site sabotage
affecting larger portions of the Interconnection.
Operator, and Load Serving Entity shall have procedures for the communication of information
concerning sabotage events to appropriate parties in the Interconnection.
Operator, and Load Serving Entity shall provide its operating personnel with sabotage response
guidelines, including personnel to contact, for reporting disturbances due to sabotage events.
Operator, and Load Serving Entity shall establish communications contacts, as applicable, with
local Federal Bureau of Investigation (FBI) or Royal Canadian Mounted Police (RCMP)
officials and develop reporting procedures as appropriate to their circumstances.
C. Measures
M1. Each Reliability Coordinator, Balancing Authority, Transmission Operator, Generator
Operator, and Load Serving Entity shall have and provide upon request a procedure (either
electronic or hard copy) as defined in Requirement 1
Operator, and Load Serving Entity shall have and provide upon request the procedures or
guidelines that will be used to confirm that it meets Requirements 2 and 3.
Page 2 of 6
Operator, and Load Serving Entity shall have and provide upon request evidence that could
include, but is not limited to procedures, policies, a letter of understanding, communication
records, or other equivalent evidence that will be used to confirm that it has established
communications contacts with the applicable, local FBI or RCMP officials to communicate
sabotage events (Requirement 4).
D. Compliance
Regional Reliability Organizations shall be responsible for compliance monitoring.
1.2. Compliance Monitoring and Reset Time Frame
One or more of the following methods will be used to verify compliance:
- Self-certification (Conducted annually with submission according to schedule.)
- Spot Check Audits (Conducted anytime with up to 30 days notice given to prepare.)
- Periodic Audit (Conducted once every three years according to schedule.)
- Triggered Investigations (Notification of an investigation must be made within 60
days of an event or complaint of noncompliance. The entity will have up to 30 days
to prepare for the investigation. An entity may request an extension of the
preparation period and the extension will be considered by the Compliance Monitor
on a case-by-case basis.)
The Performance-Reset Period shall be 12 months from the last finding of non-
compliance.
1.3. Data Retention
Each Reliability Coordinator, Transmission Operator, Generator Operator, Distribution
Provider, and Load Serving Entity shall have current, in-force documents available as
evidence of compliance as specified in each of the Measures.
If an entity is found non-compliant the entity shall keep information related to the non-
compliance until found compliant or for two years plus the current year, whichever is
longer.
Evidence used as part of a triggered investigation shall be retained by the entity being
investigated for one year from the date that the investigation is closed, as determined by
the Compliance Monitor,
The Compliance Monitor shall keep the last periodic audit report and all requested and
submitted subsequent compliance records.
None.
2. Levels of Non-Compliance:
2.1. Level 1: There shall be a separate Level 1 non-compliance, for every one of the
following requirements that is in violation:
2.1.1 Does not have procedures for the recognition of and for making its operating
personnel aware of sabotage events (R1).
Page 3 of 6
2.1.2 Does not have procedures or guidelines for the communication of information
concerning sabotage events to appropriate parties in the Interconnection (R2).
2.1.3 Has not established communications contacts, as specified in R4.
2.2. Level 2: Not applicable.
2.3. Level 3: Has not provided its operating personnel with sabotage response procedures or
guidelines (R3).
2.4. Level 4:.Not applicable.

E. ERCOT Interconnection-wide Regional Variance
Requirements
EA.1. Each Reliability Coordinator, Balancing Authority, Transmission Owner,
Transmission Operator, Generator Owner, Generator Operator, and Load Serving
Entity shall have procedures for the recognition of and for making their operating
personnel aware of sabotage events on its facilities and multi-site sabotage affecting
larger portions of the Interconnection.
Entity shall have procedures for the communication of information concerning
sabotage events to appropriate parties in the Interconnection.
Entity shall provide its operating personnel with sabotage response guidelines,
including personnel to contact, for reporting disturbances due to sabotage events.
Entity shall establish communications contacts with local Federal Bureau of
Investigation (FBI) officials and develop reporting procedures as appropriate to their
circumstances.
Measures
M.A.1. Each Reliability Coordinator, Balancing Authority, Transmission Owner,
Entity shall have and provide upon request a procedure (either electronic or hard
copy) as defined in Requirement EA1.
Entity shall have and provide upon request the procedures or guidelines that will be
used to confirm that it meets Requirements EA2 and EA3.
Entity shall have and provide upon request evidence that could include, but is not
limited to, procedures, policies, a letter of understanding, communication records,
Page 4 of 6
or other equivalent evidence that will be used to confirm that it has established
communications contacts with the local FBI officials to communicate sabotage
events (Requirement EA4).
Compliance
Regional Entity shall be responsible for compliance monitoring.
1.2. Data Retention
Each Reliability Coordinator, Balancing Authority, Transmission Owner,
Entity shall have current, in-force documents available as evidence of compliance
as specified in each of the Measures.
If an entity is found non-compliant the entity shall keep information related to the
non-compliance until found compliant or for two years plus the current year,
whichever is longer.
Evidence used as part of a triggered investigation shall be retained by the entity
being investigated for one year from the date that the investigation is closed, as
determined by the Compliance Monitor,
The Compliance Monitor shall keep the last periodic audit report and all requested
and submitted subsequent compliance records.

Version History
1 November 1, 2006 Adopted by Board of Trustees Amended
1 April 4, 2007 Regulatory Approval Effective Date New
1a February 16, 2010 Added Appendix 1 Interpretation of R2
approved by the NERC Board of Trustees
Addition
1a February 2, 2011 Interpretation of R2 approved by FERC on
February 2, 2011
Same addition
June 10, 2010 TRE regional ballot approved variance By Texas RE
August 24, 2010 Regional Variance Approved by Texas RE
Board of Directors

2a February 16, 2011 Approved by NERC Board of Trustees
Page 5 of 6
2a August 2, 2011 FERC Order issued approving Texas RE
Regional Variance

Page 6 of 6
Appendix 1
Requirement Number and Text of Requirement
CIP-001-1:
Operator, and Load Serving Entity shall have procedures for the communication of information
concerning sabotage events to appropriate parties in the Interconnection.
Question
Please clarify what is meant by the term, appropriate parties. Moreover, who within the Interconnection
hierarchy deems parties to be appropriate?
Response
The drafting team interprets the phrase appropriate parties in the Interconnection to refer collectively to
entities with whom the reporting party has responsibilities and/or obligations for the communication of
physical or cyber security event information. For example, reporting responsibilities result from NERC
standards IRO-001 Reliability Coordination Responsibilities and Authorities, COM-002-2
Communication and Coordination, and TOP-001 Reliability Responsibilities and Authorities, among
others. Obligations to report could also result from agreements, processes, or procedures with other
parties, such as may be found in operating agreements and interconnection agreements.
The drafting team asserts that those entities to which communicating sabotage events is appropriate would
be identified by the reporting entity and documented within the procedure required in CIP-001-1
Requirement R2.
Regarding who within the Interconnection hierarchy deems parties to be appropriate, the drafting team
knows of no interconnection authority that has such a role.

Standard CIP0023 Cyber Security Critical Cyber Asset Identification
Approved by Board of Trus tees : December 16, 2009 1
A. Introduction
1. Title: Cyber Security Critical Cyber Asset Identification
2. Number: CIP-002-3
3. Purpose: NERC Standards CIP-002-3 through CIP-009-3 provide a cyber security
framework for the identification and protection of Critical Cyber Assets to support reliable
operation of the Bulk Electric System.
These standards recognize the differing roles of each entity in the operation of the Bulk Electric
System, the criticality and vulnerability of the assets needed to manage Bulk Electric System
reliability, and the risks to which they are exposed.
Business and operational demands for managing and maintaining a reliable Bulk Electric
System increasingly rely on Cyber Assets supporting critical reliability functions and processes
to communicate with each other, across functions and organizations, for services and data. This
results in increased risks to these Cyber Assets.
Standard CIP-002-3 requires the identification and documentation of the Critical Cyber Assets
associated with the Critical Assets that support the reliable operation of the Bulk Electric
System. These Critical Assets are to be identified through the application of a risk-based
assessment.
4. Applicability:
4.1. Within the text of Standard CIP-002-3, Responsible Entity shall mean:
4.1.1 Reliability Coordinator.
4.1.2 Balancing Authority.
4.1.3 Interchange Authority.
4.1.4 Transmission Service Provider.
4.1.5 Transmission Owner.
4.1.6 Transmission Operator.
4.1.7 Generator Owner.
4.1.8 Generator Operator.
4.1.9 Load Serving Entity.
4.1.10 NERC.
4.1.11 Regional Entity.
4.2. The following are exempt from Standard CIP-002-3:
4.2.1 Facilities regulated by the U.S. Nuclear Regulatory Commission or the Canadian
Nuclear Safety Commission.
4.2.2 Cyber Assets associated with communication networks and data communication
links between discrete Electronic Security Perimeters.
5. Effective Date: The first day of the third calendar quarter after applicable regulatory approvals
have been received (or the Reliability Standard otherwise becomes effective the first day of the
third calendar quarter after BOT adoption in those jurisdictions where regulatory approval is
not required)
B. Requirements
R1. Critical Asset Identification Method The Responsible Entity shall identify and document a
risk-based assessment methodology to use to identify its Critical Assets.
R1.1. The Responsible Entity shall maintain documentation describing its risk-based
assessment methodology that includes procedures and evaluation criteria.
R1.2. The risk-based assessment shall consider the following assets:
R1.2.1. Control centers and backup control centers performing the functions of the
entities listed in the Applicability section of this standard.
R1.2.2. Transmission substations that support the reliable operation of the Bulk
Electric System.
R1.2.3. Generation resources that support the reliable operation of the Bulk Electric
System.
R1.2.4. Systems and facilities critical to system restoration, including blackstart
generators and substations in the electrical path of transmission lines used
for initial system restoration.
R1.2.5. Systems and facilities critical to automatic load shedding under a common
control system capable of shedding 300 MW or more.
R1.2.6. Special Protection Systems that support the reliable operation of the Bulk
Electric System.
R1.2.7. Any additional assets that support the reliable operation of the Bulk Electric
System that the Responsible Entity deems appropriate to include in its
assessment.
R2. Critical Asset Identification The Responsible Entity shall develop a list of its identified
Critical Assets determined through an annual application of the risk-based assessment
methodology required in R1. The Responsible Entity shall review this list at least annually,
and update it as necessary.
R3. Critical Cyber Asset Identification Using the list of Critical Assets developed pursuant to
Requirement R2, the Responsible Entity shall develop a list of associated Critical Cyber Assets
essential to the operation of the Critical Asset. Examples at control centers and backup control
centers include systems and facilities at master and remote sites that provide monitoring and
control, automatic generation control, real-time power system modeling, and real-time inter-
utility data exchange. The Responsible Entity shall review this list at least annually, and
update it as necessary. For the purpose of Standard CIP-002-3, Critical Cyber Assets are
further qualified to be those having at least one of the following characteristics:
R3.1. The Cyber Asset uses a routable protocol to communicate outside the Electronic
Security Perimeter; or,
R3.2. The Cyber Asset uses a routable protocol within a control center; or,
R3.3. The Cyber Asset is dial-up accessible.
R4. Annual Approval The senior manager or delegate(s) shall approve annually the risk-based
assessment methodology, the list of Critical Assets and the list of Critical Cyber Assets. Based
on Requirements R1, R2, and R3 the Responsible Entity may determine that it has no Critical
Assets or Critical Cyber Assets. The Responsible Entity shall keep a signed and dated record of
the senior manager or delegate(s)s approval of the risk-based assessment methodology, the list
of Critical Assets and the list of Critical Cyber Assets (even if such lists are null.)
C. Measures
M1. The Responsible Entity shall make available its current risk-based assessment methodology
documentation as specified in Requirement R1.
M2. The Responsible Entity shall make available its list of Critical Assets as specified in
Requirement R2.
M3. The Responsible Entity shall make available its list of Critical Cyber Assets as specified in
Requirement R3.
M4. The Responsible Entity shall make available its approval records of annual approvals as
specified in Requirement R4.
D. Compliance
1.1.1 Regional Entity for Responsible Entities that do not perform delegated tasks for
their Regional Entity.
1.1.2 ERO for Regional Entity.
1.1.3 Third-party monitor without vested interest in the outcome for NERC.
1.2. Compliance Monitoring Period and Reset Time Frame
Not applicable.
1.3. Compliance Monitoring and Enforcement Processes
Compliance Audits
Self-Certifications
Spot Checking
Self-Reporting
Complaints
1.4. Data Retention
1.4.1 The Responsible Entity shall keep documentation required by Standard CIP-002-
3 from the previous full calendar year unless directed by its Compliance
1.4.2 The Compliance Enforcement Authority in conjunction with the Registered
Entity shall keep the last audit records and all requested and submitted
subsequent audit records.
1.5.1 None.
2. Violation Severity Levels (To be developed later.)
E. Regional Variances
None identified.
Version History
1 January 16, 2006 R3.2 Change Control Center to control
center
Errata
2 Modifications to clarify the requirements and to
bring the compliance elements into conformance
with the latest guidelines for developing
compliance elements of standards.
Removal of reasonable business judgment.
Replaced the RRO with the RE as a responsible
entity.
Rewording of Effective Date.
Changed compliance monitor to Compliance

3 Updated version number from -2 to -3
3 December 16, 2009 Approved by the NERC Board of Trustees Update

Standard CIP0023b Cyber Security Critical Cyber Asset Identification
Page 1 of 10

A. Introduction
2. Number: CIP-002-3b
System. These Critical Assets are to be identified through the application of a risk-based
assessment.
4. Applicability:
4.1.10 NERC.
not required)
Page 2 of 10

B. Requirements
R1. Critical Asset Identification Method The Responsible Entity shall identify and
document a risk-based assessment methodology to use to identify its Critical Assets.
R1.1. The Responsible Entity shall maintain documentation describing its risk-based
assessment methodology that includes procedures and evaluation criteria.
R1.2.1. Control centers and backup control centers performing the functions
of the entities listed in the Applicability section of this standard.
R1.2.2. Transmission substations that support the reliable operation of the
Bulk Electric System.
R1.2.3. Generation resources that support the reliable operation of the Bulk
Electric System.
R1.2.4. Systems and facilities critical to system restoration, including
blackstart generators and substations in the electrical path of
transmission lines used for initial system restoration.
R1.2.5. Systems and facilities critical to automatic load shedding under a
common control system capable of shedding 300 MW or more.
R1.2.6. Special Protection Systems that support the reliable operation of the
Bulk Electric System.
R1.2.7. Any additional assets that support the reliable operation of the Bulk
Electric System that the Responsible Entity deems appropriate to
include in its assessment.
R2. Critical Asset Identification The Responsible Entity shall develop a list of its
identified Critical Assets determined through an annual application of the risk-based
assessment methodology required in R1. The Responsible Entity shall review this list
at least annually, and update it as necessary.
R3. Critical Cyber Asset Identification Using the list of Critical Assets developed
pursuant to Requirement R2, the Responsible Entity shall develop a list of associated
Critical Cyber Assets essential to the operation of the Critical Asset. Examples at
control centers and backup control centers include systems and facilities at master and
remote sites that provide monitoring and control, automatic generation control, real-
time power system modeling, and real-time inter-utility data exchange. The
Responsible Entity shall review this list at least annually, and update it as necessary.
For the purpose of Standard CIP-002-3, Critical Cyber Assets are further qualified to
be those having at least one of the following characteristics:
R3.1. The Cyber Asset uses a routable protocol to communicate outside the
Electronic Security Perimeter; or,
R3.2. The Cyber Asset uses a routable protocol within a control center; or,
R3.3. The Cyber Asset is dial-up accessible.
Page 3 of 10

R4. Annual Approval The senior manager or delegate(s) shall approve annually the risk-
based assessment methodology, the list of Critical Assets and the list of Critical Cyber
Assets. Based on Requirements R1, R2, and R3 the Responsible Entity may determine
that it has no Critical Assets or Critical Cyber Assets. The Responsible Entity shall
keep a signed and dated record of the senior manager or delegate(s)s approval of the
risk-based assessment methodology, the list of Critical Assets and the list of Critical
Cyber Assets (even if such lists are null.)
C. Measures
M1. The Responsible Entity shall make available its current risk-based assessment
methodology documentation as specified in Requirement R1.
Requirement R2.
M3. The Responsible Entity shall make available its list of Critical Cyber Assets as
M4. The Responsible Entity shall make available its approval records of annual approvals as
D. Compliance
Not applicable.
Compliance Audits
Self-Certifications
Spot Checking
Self-Reporting
Complaints
1.4. Data Retention
Page 4 of 10

1.5.1 None.
Page 5 of 10

Requirement VRF Lower VSL Moderate VSL High VSL Severe VSL
R1. MEDIUM N/A N/A N/A The responsible entity has not documented a
risk-based assessment methodology to use to
identify its Critical Assets as specified in R1.
R1.1. LOWER N/A The Responsible
Entity maintained
documentation
describing its risk-
based assessment
methodology which
includes evaluation
criteria, but does not
include procedures.
The Responsible Entity maintained
documentation describing its risk-based
assessment methodology that includes
procedures but does not include
evaluation criteria.
The Responsible Entity did not maintain
documentation describing its risk-based
assessment methodology that includes
procedures and evaluation criteria.
R1.2. MEDIUM N/A N/A N/A The Responsible Entity did not consider all
of the asset types listed in R1.2.1 through
R1.2.7 in its risk-based assessment.
R1.2.1. LOWER N/A N/A N/A N/A
Page 6 of 10

R2. HIGH N/A N/A The Responsible Entity has developed a
list of Critical Assets but the list has not
been reviewed and updated annually as
required.
The Responsible Entity did not develop a list
of its identified Critical Assets even if such
list is null.
R3. HIGH N/A N/A The Responsible Entity has developed a
list of associated Critical Cyber Assets
essential to the operation of the Critical
Asset list as per requirement R2 but the
list has not been reviewed and updated
annually as required.
The Responsible Entity did not develop a list
of associated Critical Cyber Assets essential
to the operation of the Critical Asset list as
per requirement R2 even if such list is null.
R3.1. LOWER N/A N/A N/A A Cyber Asset essential to the operation of
the Critical Asset was identified that met the
criteria in this requirement but was not
included in the Critical Cyber Asset List.
R4. LOWER N/A The Responsible
Entity does not have a
signed and dated
The Responsible Entity does not have a
signed and dated record of the senior
manager or delegate(s)s annual approval
The Responsible Entity does not have a
signed and dated record of the senior
manager or delegate(s) annual approval of 1)
Page 7 of 10

record of the senior
manager or
delegate(s)s annual
approval of the risk-
based assessment
methodology, the list
of Critical Assets or
the list of Critical
Cyber Assets (even if
such lists are null.)
of two of the following: the risk-based
assessment methodology, the list of
Critical Assets or the list of Critical
Cyber Assets (even if such lists are null.)
A risk based assessment methodology for
identification of Critical Assets, 2) a signed
and dated approval of the list of Critical
Assets, nor 3) a signed and dated approval of
the list of Critical Cyber Assets (even if such
lists are null.)

Page 8 of 10

None identified.

Version History
1 J anuary 16, 2006 R3.2 Change Control Center to control
center
Errata
entity.

3 December 16, 2009 Approved by the NERC Board of Trustees Update
3a May 9, 2012 Interpretation of R3 for Duke Energy adopted by
the NERC Board of Trustees

3b February 7, 2013 Interpretation of R1.2.5 for OGE adopted by the
NERC Board of Trustees

3b March 21, 2013 FERC Order issued remanding interpretation of R3
for Duke Energy; interpretation removed from
standard (previously Appendix 1)

Page 9 of 10

Appendix 1
Project 2012-INT-05: Response to Request for an Interpretation of NERC Standard CIP-002-3
for the OGE Energy Corporation
Date submitted: 2/24/11
The following interpretation of NERC Standard CIP-002-3 Cyber Security Critical Cyber Asset
Identification, Requirement R1.2.5, was developed by a project team from the CIP Interpretation Drafting
Team.

R1. Critical Asset Identification Method The Responsible Entity shall identify and document a risk-
based assessment methodology to use to identify its Critical Assets.


R1.2.5. Systems and facilities critical to automatic load shedding under a common control
system capable of shedding 300 MW or more.

Identify specifically what requirement needs clarification (as submitted):
CIP-002-3 R1.2.5 - Systems and facilities critical to automatic load shedding under a common control system
capable of shedding 300 MW or more.
Clarification needed: Based on the text above, an auditor could apply this standard to the Smart Grid
Advanced Meter Infrastructure (AMI) remote connect/disconnect functionality. While the AMI system is not
designed to perform automatic load shedding of 300 MW it could be repurposed to shed an aggregate load of
300 MW or more. However, it is important to note that the AMI remote disconnect function is not used for
under-voltage load shedding or under-frequency load shedding as a part of the regions load shedding
program.
The primary purpose of the AMI remote connect/disconnect function is to connect and disconnect individual
retail electric customers from a central location rather than at the meter itself to enable substantial efficiency
gains.
OGE would like NERC to clarify that a company's SmartGrid AMI functionality, which may be able to
disconnect 300+MW of load, is not considered a system or facility critical to automatic load shedding under
a common control system capable of shedding 300 mw and therefore it should not be included in the
Company's risk based methodology. OGE believes this clarification is appropriate because CIP-002-3 R1.2.5
was written to address under-voltage and under-frequency load shedding systems; SmartGrid AMI
disconnect functionality pertains to neither.

Page 10 of 10

Question Summary
OGE Energy Corporation seeks clarification on the meaning of CIP-002-3, Requirement R1.2.5 as it
relates to SmartGrid Advanced Meter Infrastructure (AMI) remote connect/disconnect functionality.
In its response, the Interpretation Drafting Team will answer whether a companys SmartGrid AMI
functionality, which may be able to disconnect more than 300 MW of load, is considered a system or
facility critical to automatic load shedding under a common control system capable of shedding 300 MW
or more under CIP-002-3, Requirement 1.2.5.
Response
In evaluating OGEs request, the Interpretation Drafting Team (IDT) clarifies the meaning of CIP-002-3,
Requirement R1.2.5 as it relates and applies to new technologies such as AMI. CIP-002-3, Requirement
R1.2.5, along with the context of the standard as a whole, informed development of this interpretation.
CIP-002-3, Requirement R1.2 specifies that the Responsible Entitys risk-based assessment methodology
(RBAM) shall consider the assets described in Requirement R1.2.5.

During the identification and documentation of the RBAM, a Responsible Entity shall consider Systems and
facilities critical to automatic load shedding under a common control system capable of shedding 300 MW or
more as specified in Requirement R1.2.5. Requirement R2 then requires the entity to apply this RBAM
annually to identify Critical Assets. If a system or facility does not meet the specifications of Requirement
R1.2.5, the RBAM is not required to consider that asset.

The Critical Asset identification method under CIP-002-3, Requirement R1 is based on a facts and
circumstance-driven analysis and is not dependent exclusively on specific technology or specific types of
systems or facilities. For instance, systems or facilities such as AMI may have the potential or capability to
be set up to automatically shed load, but having that potential or capability does not necessarily mean that the
system or facility performs the function as described in Requirement R1.2.5. Therefore, an AMI system
specifically built and configured to perform the Remote Disconnect function that does not automatically shed
load without human operator initiation would not meet the criteria found in CIP-002-3, Requirement R1.2.5.

Standard CIP0024 Cyber Security Critical Cyber As s et Identification
1
A. Introduction


System. These Critical Assets are to be identified through the application of the criteria in
Attachment 1.
4. Applicability:
4.1.10 NERC.
4.2.1 Facilities regulated by the Canadian Nuclear Safety Commission.
4.2.3 In nuclear plants, the systems, structures, and components that are regulated by
the Nuclear Regulatory Commission under a cyber security plan pursuant to 10
C.F. R. Section 73.54.
5. Effective Date: The first day of the eighth calendar quarter after applicable regulatory
approvals have been received (or the Reliability Standard otherwise becomes effective the first
day of the ninth calendar quarter after BOT adoption in those jurisdictions where regulatory
approval is not required)
2
B. Requirements
R1. Critical Asset Identification The Responsible Entity shall develop a list of its identified
Critical Assets determined through an annual application of the criteria contained in CIP-002-4
Attachment 1 Critical Asset Criteria. The Responsible Entity shall update this list as
necessary, and review it at least annually.
R2. Critical Cyber Asset Identification Using the list of Critical Assets developed pursuant to
Requirement R1, the Responsible Entity shall develop a list of associated Critical Cyber Assets
essential to the operation of the Critical Asset. The Responsible Entity shall update this list as
necessary, and review it at least annually.
For each group of generating units (including nuclear generation) at a single plant location
identified in Attachment 1, criterion 1.1, the only Cyber Assets that must be considered are
those shared Cyber Assets that could, within 15 minutes, adversely impact the reliable
operation of any combination of units that in aggregate equal or exceed Attachment 1, criterion
1.1.
For the purpose of Standard CIP-002-4, Critical Cyber Assets are further qualified to be those
having at least one of the following characteristics:
The Cyber Asset uses a routable protocol to communicate outside the Electronic Security
Perimeter; or,
The Cyber Asset uses a routable protocol within a control center; or,
The Cyber Asset is dial-up accessible.
R3. Annual Approval The senior manager or delegate(s) shall approve annually the list of
Critical Assets and the list of Critical Cyber Assets. Based on Requirements R1 and R2 the
Responsible Entity may determine that it has no Critical Assets or Critical Cyber Assets. The
Responsible Entity shall keep a signed and dated record of the senior manager or delegate(s)s
approval of the list of Critical Assets and the list of Critical Cyber Assets (even if such lists are
null.)
C. Measures
Requirement R1.
M2. The Responsible Entity shall make available its list of Critical Cyber Assets as specified in
Requirement R2.
M3. The Responsible Entity shall make available its records of approvals as specified in
Requirement R3.

3
D. Compliance
1.1.1 The Regional Entity shall serve as the Compliance Enforcement Authority with the following exceptions:
For entities that do not work for the Regional Entity, the Regional Entity shall serve as the Compliance Enforcement Authority.
For Reliability Coordinators and other functional entities that work for their Regional Entity, the ERO shall serve as the Compliance
For Responsible Entities that are also Regional Entities, the ERO or a Regional Entity approved by the ERO and FERC or other
applicable governmental authorities shall serve as the Compliance Enforcement Authority.
For the ERO, a third-party monitor without vested interest in the outcome for the ERO shall serve as the Compliance Enforcement
Authority.
Compliance Audits
Self-Certifications
Spot Checking
Self-Reporting
Complaints
1.3. Data Retention
1.3.1 The Responsible Entity shall keep documentation required by Standard CIP-002-4 from the previous full calendar year unless directed by
its Compliance Enforcement Authority to retain specific evidence for a longer period of time as part of an investigation.
1.3.2 The Compliance Enforcement Authority in conjunction with the Registered Entity shall keep the last audit records and all requested and
submitted subsequent audit records.
1.4.1 None.
4
R1 HIGH N/A N/A The Responsible Entity has developed a list of Critical
Assets but the list has not been reviewed and updated
annually as required.
The Responsible Entity did not develop a list of its identified
Critical Assets even if such list is null.
R2 HIGH N/A N/A The Responsible Entity has developed a list of associated
Critical Cyber Assets essential to the operation of the
Critical Asset list as per requirement R2 but the list has not
been reviewed and updated annually as required.
The Responsible Entity did not develop a list of associated
Critical Cyber Assets essential to the operation of the Critical
Asset list as per requirement R2 even if such list is null.
OR
A Cyber Asset essential to the operation of the Critical Asset
was identified that met at least one of the bulleted
characteristics in this requirement but was not included in the
Critical Cyber Asset List.
R3 LOWER N/A N/A The Responsible Entity does not have a signed and dated
record of the senior manager or delegate(s)s annual
approval of the list of Critical Assets.
OR
The Responsible Entity does not have a signed and dated
record of the senior manager or delegate(s)s annual
approval of the list of Critical Cyber Assets (even if such
lists are null.)
The Responsible Entity does not have a signed and dated
record of the senior manager or delegate(s)s annual approval
of both the list of Critical Assets and the list of Critical Cyber
Assets (even if such lists are null.)

None identified.

5
Version History
1 January 16, 2006 R3.2 Change Control Center to control
center
03/24/06
2 Modifications to clarify the requirements and
to bring the compliance elements into
conformance with the latest guidelines for
developing compliance elements of standards.
Replaced the RRO with the RE as a
responsible entity.

3 12/16/09 Approved by the NERC Board of Trustees Update
4 12/30/10 Modified to add specific criteria for Critical
Asset identification
Update
4 1/24/11 Approved by the NERC Board of Trustees
4 4/19/12 FERC Order issued approving CIP-002-4
(approval becomes effective June 25, 2012)

Added approved VRF/VSL table to section
D.2.

6
CIP-002-4 - Attachment 1
Critical Asset Criteria

The following are considered Critical Assets:
1.1. Each group of generating units (including nuclear generation) at a single plant location with
an aggregate highest rated net Real Power capability of the preceding 12 months equal to or
exceeding 1500 MW in a single Interconnection.
1.2. Each reactive resource or group of resources at a single location (excluding generation
Facilities) having aggregate net Reactive Power nameplate rating of 1000 MVAR or greater.
1.3. Each generation Facility that the Planning Coordinator or Transmission Planner designates
and informs the Generator Owner or Generator Operator as necessary to avoid BES Adverse
Reliability Impacts in the long-term planning horizon.
1.4. Each Blackstart Resource identified in the Transmission Operator's restoration plan.
1.5. The Facilities comprising the Cranking Paths and meeting the initial switching
requirements from the Blackstart Resource to the first interconnection point of the
generation unit(s) to be started, or up to the point on the Cranking Path where two or more
path options exist, as identified in the Transmission Operator's restoration plan.
1.6. Transmission Facilities operated at 500 kV or higher.
1.7. Transmission Facilities operated at 300 kV or higher at stations or substations interconnected
at 300 kV or higher with three or more other transmission stations or substations.
1.8. Transmission Facilities at a single station or substation location that are identified by the
Reliability Coordinator, Planning Authority or Transmission Planner as critical to the
derivation of Interconnection Reliability Operating Limits (IROLs) and their associated
contingencies.
1.9. Flexible AC Transmission Systems (FACTS), at a single station or substation location, that
are identified by the Reliability Coordinator, Planning Authority or Transmission Planner as
critical to the derivation of Interconnection Reliability Operating Limits (IROLs) and their
associated contingencies.
1.10. Transmission Facilities providing the generation interconnection required to connect
generator output to the transmission system that, if destroyed, degraded, misused, or
otherwise rendered unavailable, would result in the loss of the assets identified by any
Generator Owner as a result of its application of Attachment 1, criterion 1.1 or 1.3.
1.11. Transmission Facilities identified as essential to meeting Nuclear Plant Interface
Requirements.
1.12. Each Special Protection System (SPS), Remedial Action Scheme (RAS) or automated
switching system that operates BES Elements that, if destroyed, degraded, misused or
otherwise rendered unavailable, would cause one or more Interconnection Reliability
Operating Limits (IROLs) violations for failure to operate as designed.
1.13. Each system or Facility that performs automatic load shedding, without human operator
initiation, of 300 MW or more implementing Under Voltage Load Shedding (UVLS) or
Under Frequency Load Shedding (UFLS) as required by the regional load shedding program.
1.14. Each control center or backup control center used to perform the functional obligations of
the Reliability Coordinator.
7
1.15. Each control center or backup control center used to control generation at multiple plant
locations, for any generation Facility or group of generation Facilities identified in criteria
1.1, 1.3, or 1.4. Each control center or backup control center used to control generation equal
to or exceeding 1500 MW in a single Interconnection.
the Transmission Operator that includes control of at least one asset identified in criteria 1.2,
1.5, 1.6, 1.7, 1.8, 1.9, 1.10, 1.11 or 1.12.
the Balancing Authority that includes at least one asset identified in criteria 1.1, 1.3, 1.4, or
1.13. Each control center or backup control center used to perform the functional
obligations of the Balancing Authority for generation equal to or greater than an aggregate of
1500 MW in a single Interconnection.

CIP-002-5 Cyber Security BES Cyber System Categorization
Page 1 of 34
A. Introduction
1. Title: Cyber Security BES Cyber System Categorization
3. Purpose: To identify and categorize BES Cyber Systems and their associated BES
Cyber Assets for the application of cyber security requirements commensurate with
the adverse impact that loss, compromise, or misuse of those BES Cyber Systems
could have on the reliable operation of the BES. Identification and categorization of
BES Cyber Systems support appropriate protection against compromises that could
lead to misoperation or instability in the BES.
4. Applicability:
4.1. Functional Entities: For the purpose of the requirements contained herein, the
following list of functional entities will be collectively referred to as Responsible
Entities. For requirements in this standard where a specific functional entity or
subset of functional entities are the applicable entity or entities, the functional entity
or entities are specified explicitly.
4.1.1. Balancing Authority
4.1.2. Distribution Provider that owns one or more of the following Facilities, systems,
and equipment for the protection or restoration of the BES:
4.1.2.1. Each underfrequency load shedding (UFLS) or undervoltage load shedding
(UVLS) system that:
4.1.2.1.1. is part of a Load shedding program that is subject to one or more
requirements in a NERC or Regional Reliability Standard; and
4.1.2.1.2. performs automatic Load shedding under a common control system
owned by the Responsible Entity, without human operator initiation,
of 300 MW or more.
4.1.2.2. Each Special Protection System or Remedial Action Scheme where the
Special Protection System or Remedial Action Scheme is subject to one or
more requirements in a NERC or Regional Reliability Standard.
4.1.2.3. Each Protection System (excluding UFLS and UVLS) that applies to
Transmission where the Protection System is subject to one or more
requirements in a NERC or Regional Reliability Standard.
4.1.2.4. Each Cranking Path and group of Elements meeting the initial switching
requirements from a Blackstart Resource up to and including the first
interconnection point of the starting station service of the next generation
unit(s) to be started.
4.1.3. Generator Operator
4.1.4. Generator Owner
Page 2 of 34
4.1.5. Interchange Coordinator or Interchange Authority
4.1.6. Reliability Coordinator
4.1.7. Transmission Operator
4.1.8. Transmission Owner
4.2. Facilities: For the purpose of the requirements contained herein, the following
Facilities, systems, and equipment owned by each Responsible Entity in 4.1 above
are those to which these requirements are applicable. For requirements in this
standard where a specific type of Facilities, system, or equipment or subset of
Facilities, systems, and equipment are applicable, these are specified explicitly.
4.2.1. Distribution Provider: One or more of the following Facilities, systems and
equipment owned by the Distribution Provider for the protection or restoration
of the BES:
4.2.1.1. Each UFLS or UVLS System that:
4.2.1.1.1. is part of a Load shedding program that is subject to one or more
4.2.1.1.2. performs automatic Load shedding under a common control system
of 300 MW or more.
4.2.1.2. Each Special Protection System or Remedial Action Scheme where the
4.2.1.3. Each Protection System (excluding UFLS and UVLS) that applies to
4.2.1.4. Each Cranking Path and group of Elements meeting the initial switching
4.2.2. Responsible Entities listed in 4.1 other than Distribution Providers:
All BES Facilities.
4.2.3. Exemptions: The following are exempt from Standard CIP-002-5:
4.2.3.1. Cyber Assets at Facilities regulated by the Canadian Nuclear Safety
Commission.
4.2.3.2. Cyber Assets associated with communication networks and data
communication links between discrete Electronic Security Perimeters.
Page 3 of 34
4.2.3.3. The systems, structures, and components that are regulated by the Nuclear
Regulatory Commission under a cyber security plan pursuant to 10 C.F.R.
Section 73.54.
4.2.3.4. For Distribution Providers, the systems and equipment that are not included
in section 4.2.1 above.
5. Effective Dates:
1. 24 Months Minimum CIP-002-5 shall become effective on the later of July 1,
2015, or the first calendar day of the ninth calendar quarter after the effective
date of the order providing applicable regulatory approval.
2. In those jurisdictions where no regulatory approval is required CIP-002-5 shall
become effective on the first day of the ninth calendar quarter following Board
of Trustees approval, or as otherwise made effective pursuant to the laws
applicable to such ERO governmental authorities.
6. Background:
This standard provides bright-line criteria for applicable Responsible Entities to
categorize their BES Cyber Systems based on the impact of their associated Facilities,
systems, and equipment, which, if destroyed, degraded, misused, or otherwise
rendered unavailable, would affect the reliable operation of the Bulk Electric System.
Several concepts provide the basis for the approach to the standard.
Throughout the standards, unless otherwise stated, bulleted items in the
requirements are items that are linked with an or, and numbered items are items
that are linked with an and.
Many references in the Applicability section and the criteria in Attachment 1 of CIP-
002 use a threshold of 300 MW for UFLS and UVLS. This particular threshold of 300
MW for UVLS and UFLS was provided in Version 1 of the CIP Cyber Security
Standards. The threshold remains at 300 MW since it is specifically addressing UVLS
and UFLS, which are last ditch efforts to save the Bulk Electric System. A review of
UFLS tolerances defined within regional reliability standards for UFLS program
requirements to date indicates that the historical value of 300 MW represents an
adequate and reasonable threshold value for allowable UFLS operational tolerances.
BES Cyber Systems
One of the fundamental differences between Versions 4 and 5 of the CIP Cyber
Security Standards is the shift from identifying Critical Cyber Assets to identifying BES
Cyber Systems. This change results from the drafting teams review of the NIST Risk
Management Framework and the use of an analogous term information system as
the target for categorizing and applying security controls.
Page 4 of 34

In transitioning from Version 4 to Version 5, a BES Cyber System can be viewed simply
as a grouping of Critical Cyber Assets (as that term is used in Version 4). The CIP Cyber
Security Standards use the BES Cyber System term primarily to provide a higher level
for referencing the object of a requirement. For example, it becomes possible to
apply requirements dealing with recovery and malware protection to a grouping
rather than individual Cyber Assets, and it becomes clearer in the requirement that
malware protection applies to the system as a whole and may not be necessary for
every individual device to comply.
Another reason for using the term BES Cyber System is to provide a convenient level
at which a Responsible Entity can organize their documented implementation of the
requirements and compliance evidence. Responsible Entities can use the well-
developed concept of a security plan for each BES Cyber System to document the
programs, processes, and plans in place to comply with security requirements.
It is left up to the Responsible Entity to determine the level of granularity at which to
identify a BES Cyber System within the qualifications in the definition of BES Cyber
System. For example, the Responsible Entity might choose to view an entire plant
control system as a single BES Cyber System, or it might choose to view certain
components of the plant control system as distinct BES Cyber Systems. The
Responsible Entity should take into consideration the operational environment and
Page 5 of 34
scope of management when defining the BES Cyber System boundary in order to
maximize efficiency in secure operations. Defining the boundary too tightly may result
in redundant paperwork and authorizations, while defining the boundary too broadly
could make the secure operation of the BES Cyber System difficult to monitor and
assess.
Reliable Operation of the BES
The scope of the CIP Cyber Security Standards is restricted to BES Cyber Systems that
would impact the reliable operation of the BES. In order to identify BES Cyber
Systems, Responsible Entities determine whether the BES Cyber Systems perform or
support any BES reliability function according to those reliability tasks identified for
their reliability function and the corresponding functional entitys responsibilities as
defined in its relationships with other functional entities in the NERC Functional
Model. This ensures that the initial scope for consideration includes only those BES
Cyber Systems and their associated BES Cyber Assets that perform or support the
reliable operation of the BES. The definition of BES Cyber Asset provides the basis for
this scoping.
Real-time Operations
One characteristic of the BES Cyber Asset is a real-time scoping characteristic. The
time horizon that is significant for BES Cyber Systems and BES Cyber Assets subject to
the application of these Version 5 CIP Cyber Security Standards is defined as that
which is material to real-time operations for the reliable operation of the BES. To
provide a better defined time horizon than Real-time, BES Cyber Assets are those
Cyber Assets that, if rendered unavailable, degraded, or misused, would adversely
impact the reliable operation of the BES within 15 minutes of the activation or
exercise of the compromise. This time window must not include in its consideration
the activation of redundant BES Cyber Assets or BES Cyber Systems: from the cyber
security standpoint, redundancy does not mitigate cyber security vulnerabilities.
Categorization Criteria
The criteria defined in Attachment 1 are used to categorize BES Cyber Systems into
impact categories. Requirement 1 only requires the discrete identification of BES
Cyber Systems for those in the high impact and medium impact categories. All BES
Cyber Systems for Facilities not included in Attachment 1 Impact Rating Criteria,
Criteria 1.1 to 1.4 and Criteria 2.1 to 2.11 default to be low impact.
This general process of categorization of BES Cyber Systems based on impact on the
reliable operation of the BES is consistent with risk management approaches for the
purpose of application of cyber security requirements in the remainder of the Version
5 CIP Cyber Security Standards.
Electronic Access Control or Monitoring Systems, Physical Access Control Systems,
and Protected Cyber Assets that are associated with BES Cyber Systems
Page 6 of 34
BES Cyber Systems have associated Cyber Assets, which, if compromised, pose a
threat to the BES Cyber System by virtue of: (a) their location within the Electronic
Security Perimeter (Protected Cyber Assets), or (b) the security control function they
perform (Electronic Access Control or Monitoring Systems and Physical Access Control
Systems). These Cyber Assets include:
Electronic Access Control or Monitoring Systems (EACMS) Examples include:
Electronic Access Points, Intermediate Devices, authentication servers (e.g.,
RADIUS servers, Active Directory servers, Certificate Authorities), security event
monitoring systems, and intrusion detection systems.
Physical Access Control Systems (PACS) Examples include: authentication
servers, card systems, and badge control systems.
Protected Cyber Assets (PCA) Examples may include, to the extent they are
within the ESP: file servers, ftp servers, time servers, LAN switches, networked
printers, digital fault recorders, and emission monitoring systems.

R1. Each Responsible Entity shall implement a process that considers each of the
following assets for purposes of parts 1.1 through 1.3: [Violation Risk Factor:
High][Time Horizon: Operations Planning]
i.Control Centers and backup Control Centers;
ii.Transmission stations and substations;
iii.Generation resources;
iv.Systems and facilities critical to system restoration, including Blackstart
Resources and Cranking Paths and initial switching requirements;
v.Special Protection Systems that support the reliable operation of the Bulk
Electric System; and
vi.For Distribution Providers, Protection Systems specified in Applicability
section 4.2.1 above.
1.1. Identify each of the high impact BES Cyber Systems according to
Attachment 1, Section 1, if any, at each asset;
1.2. Identify each of the medium impact BES Cyber Systems according to
Attachment 1, Section 2, if any, at each asset; and
1.3. Identify each asset that contains a low impact BES Cyber System
according to Attachment 1, Section 3, if any (a discrete list of low impact
BES Cyber Systems is not required).

M1. Acceptable evidence includes, but is not limited to, dated electronic or physical lists
required by Requirement R1, and Parts 1.1 and 1.2.
Page 7 of 34
R2. The Responsible Entity shall: [Violation Risk Factor: Lower] [Time Horizon: Operations
Planning]
2.1 Review the identifications in Requirement R1 and its parts (and update
them if there are changes identified) at least once every 15 calendar
months, even if it has no identified items in Requirement R1, and
2.2 Have its CIP Senior Manager or delegate approve the identifications
required by Requirement R1 at least once every 15 calendar months,
even if it has no identified items in Requirement R1.
M2. Acceptable evidence includes, but is not limited to, electronic or physical dated
records to demonstrate that the Responsible Entity has reviewed and updated, where
necessary, the identifications required in Requirement R1 and its parts, and has had its
CIP Senior Manager or delegate approve the identifications required in Requirement
R1 and its parts at least once every 15 calendar months, even if it has none identified
in Requirement R1 and its parts, as required by Requirement R2.

C. Compliance
1. Compliance Monitoring Process:
1.1. Compliance Enforcement Authority:
The Regional Entity shall serve as the Compliance Enforcement Authority (CEA)
unless the applicable entity is owned, operated, or controlled by the Regional
Entity. In such cases the ERO or a Regional Entity approved by FERC or other
applicable governmental authority shall serve as the CEA.
1.2. Evidence Retention:
since the last audit, the CEA may ask an entity to provide other evidence to show
The Responsible Entity shall keep data or evidence to show compliance as
identified below unless directed by its CEA to retain specific evidence for a
longer period of time as part of an investigation:
Each Responsible Entity shall retain evidence of each requirement in this
standard for three calendar years.
If a Responsible Entity is found non-compliant, it shall keep information
related to the non-compliance until mitigation is complete and approved or
for the time specified above, whichever is longer.
Page 8 of 34
The CEA shall keep the last audit records and all requested and submitted
Compliance Audit
Self-Certification
Spot Checking
Self-Reporting
Complaint
None
Page 9 of 34
2. Table of Compliance Elements
R # Time
Horizon
VRF Violation Severity Levels (CIP-002-5)
R1 Operations
Planning
High
For Responsible
Entities with more
than a total of 40 BES
assets in Requirement
R1, five percent or
fewer BES assets have
not been considered
according to
Requirement R1;
OR
For Responsible
Entities with a total of
40 or fewer BES assets,
2 or fewer BES assets
in Requirement R1,
have not been
considered according
to Requirement R1;
OR
For Responsible
Entities with more
than a total of 100
high and medium
impact BES Cyber
For Responsible
Entities with more
R1, more than five
percent but less than
or equal to 10 percent
of BES assets have not
been considered,
according to
Requirement R1;
OR
For Responsible
more than two, but
fewer than or equal to
four BES assets in
Requirement R1, have
not been considered
according to
Requirement R1;
OR
For Responsible
For Responsible
Entities with more
R1, more than 10
of BES assets have not
been considered,
according to
Requirement R1;
OR
For Responsible
more than four, but
fewer than or equal to
six BES assets in
Requirement R1, have
not been considered
according to
Requirement R1;
OR
For Responsible
For Responsible
Entities with more
R1, more than 15
percent of BES assets
have not been
considered, according
to Requirement R1;
OR
For Responsible
more than six BES
R1, have not been
considered according
to Requirement R1;
OR
For Responsible
Entities with more
than a total of 100
high and medium
impact BES Cyber
Page 10 of 34
R # Time
Horizon
Systems, five percent
or fewer of identified
BES Cyber Systems
have not been
categorized or have
been incorrectly
categorized at a lower
category;
OR
For Responsible
100 or fewer high and
medium impact BES
Cyber Systems, five or
fewer identified BES
Cyber Systems have
not been categorized
or have been
incorrectly categorized
at a lower category.
OR
For Responsible
Entities with more
than a total of 100
high and medium
impact BES Cyber
Entities with more
than a total of 100
high and medium
impact BES Cyber
Systems, more than
five percent but less
than or equal to 10
percent of identified
BES Cyber Systems
have not been
categorized or have
been incorrectly
category;
OR
For Responsible
medium impact and
BES Cyber Systems,
more than five but less
than or equal to 10
identified BES Cyber
Systems have not been
categorized or have
been incorrectly
Entities with more
than a total of 100
high or medium
impact BES Cyber
Systems, more than 10
of identified BES Cyber
categorized or have
been incorrectly
category;
OR
For Responsible
100 or fewer high or
medium impact and
BES Cyber Assets,
more than 10 but less
than or equal to 15
identified BES Cyber
Assets have not been
categorized or have
been incorrectly
percent of identified
BES Cyber Systems
have not been
categorized or have
been incorrectly
category;
OR
For Responsible
medium impact BES
Cyber Systems, more
than 15 identified BES
Cyber Systems have
not been categorized
or have been
incorrectly categorized
at a lower category.
OR
For Responsible
Entities with more
than a total of 100
high and medium
impact BES Cyber
Page 11 of 34
R # Time
Horizon
Systems, five percent
or fewer high or
medium BES Cyber
identified;
OR
For Responsible
medium impact BES
Cyber Systems, five or
fewer high or medium
BES Cyber Systems
have not been
identified.
category.
OR
For Responsible
Entities with more
than a total of 100
high and medium
impact BES Cyber
Systems, more than
five percent but less
than or equal to 10
percent high or
medium BES Cyber
identified;
OR
For Responsible
medium impact BES
Cyber Systems, more
than five but less than
or equal to 10 high or
medium BES Cyber
identified.
category.
OR
For Responsible
Entities with more
than a total of 100
high and medium
impact BES Cyber
high or medium BES
Cyber Systems have
not been identified;
OR
For Responsible
medium impact BES
Cyber Systems, more
than 10 but less than
or equal to 15 high or
medium BES Cyber
identified.
percent of high or
medium impact BES
Cyber Systems have
not been identified;
OR
For Responsible
medium impact BES
Cyber Systems, more
than 15 high or
medium impact BES
Cyber Systems have
not been identified.
Page 12 of 34
R # Time
Horizon
R2 Operations
Planning
Lower The Responsible Entity
did not complete its
review and update for
the identification
required for R1 within
15 calendar months
but less than or equal
to 16 calendar months
of the previous review.
(R2.1)
OR
The Responsible Entity
approval of the
identifications
required by R1 by the
CIP Senior Manager or
delegate according to
Requirement R2 within
15 calendar months
of the previous
approval. (R2.2)
the identification
16 calendar months
(R2.1)
OR
failed to complete its
approval of the
identifications
16 calendar months
of the previous
approval. (R2.2)
the identification
17 calendar months
(R2.1)
OR
approval of the
identifications
17 calendar months
of the previous
approval. (R2.2)
the identification
18 calendar months of
the previous review.
(R2.1)
OR
approval of the
identifications
18 calendar months of
the previous approval.
(R2.2)

Page 13 of 34
None.
E. Interpretations
None.
None.

Page 14 of 34
CIP-002-5 - Attachment 1
Impact Rating Criteria
The criteria defined in Attachment 1 do not constitute stand-alone compliance requirements,
but are criteria characterizing the level of impact and are referenced by requirements.

1. High Impact Rating (H)
Each BES Cyber System used by and located at any of the following:

1.1. Each Control Center or backup Control Center used to perform the functional
obligations of the Reliability Coordinator.
obligations of the Balancing Authority: 1) for generation equal to or greater than an
aggregate of 3000 MW in a single Interconnection, or 2) for one or more of the assets
that meet criterion 2.3, 2.6, or 2.9.
obligations of the Transmission Operator for one or more of the assets that meet
criterion 2.2, 2.4, 2.5, 2.7, 2.8, 2.9, or 2.10.
1.4 Each Control Center or backup Control Center used to perform the functional
obligations of the Generator Operator for one or more of the assets that meet
criterion 2.1, 2.3, 2.6, or 2.9.

2. Medium Impact Rating (M)

Each BES Cyber System, not included in Section 1 above, associated with any of the following:

2.1. Commissioned generation, by each group of generating units at a single plant location,
with an aggregate highest rated net Real Power capability of the preceding 12
calendar months equal to or exceeding 1500 MW in a single Interconnection. For each
group of generating units, the only BES Cyber Systems that meet this criterion are
those shared BES Cyber Systems that could, within 15 minutes, adversely impact the
reliable operation of any combination of units that in aggregate equal or exceed 1500
MW in a single Interconnection.
2.2. Each BES reactive resource or group of resources at a single location (excluding
generation Facilities) with an aggregate maximum Reactive Power nameplate rating of
1000 MVAR or greater (excluding those at generation Facilities). The only BES Cyber
Systems that meet this criterion are those shared BES Cyber Systems that could,
within 15 minutes, adversely impact the reliable operation of any combination of
resources that in aggregate equal or exceed 1000 MVAR.
Page 15 of 34
2.3. Each generation Facility that its Planning Coordinator or Transmission Planner
designates, and informs the Generator Owner or Generator Operator, as necessary to
avoid an Adverse Reliability Impact in the planning horizon of more than one year.
2.4. Transmission Facilities operated at 500 kV or higher. For the purpose of this criterion,
the collector bus for a generation plant is not considered a Transmission Facility, but is
part of the generation interconnection Facility.
2.5. Transmission Facilities that are operating between 200 kV and 499 kV at a single
station or substation, where the station or substation is connected at 200 kV or higher
voltages to three or more other Transmission stations or substations and has an
"aggregate weighted value" exceeding 3000 according to the table below. The
"aggregate weighted value" for a single station or substation is determined by
summing the "weight value per line" shown in the table below for each incoming and
each outgoing BES Transmission Line that is connected to another Transmission
station or substation. For the purpose of this criterion, the collector bus for a
generation plant is not considered a Transmission Facility, but is part of the generation
interconnection Facility.

2.6. Generation at a single plant location or Transmission Facilities at a single station or
substation location that are identified by its Reliability Coordinator, Planning
Coordinator, or Transmission Planner as critical to the derivation of Interconnection
Reliability Operating Limits (IROLs) and their associated contingencies.
2.7. Transmission Facilities identified as essential to meeting Nuclear Plant Interface
Requirements.
2.8. Transmission Facilities, including generation interconnection Facilities, providing the
generation interconnection required to connect generator output to the Transmission
Systems that, if destroyed, degraded, misused, or otherwise rendered unavailable,
would result in the loss of the generation Facilities identified by any Generator Owner
as a result of its application of Attachment 1, criterion 2.1 or 2.3.
2.9. Each Special Protection System (SPS), Remedial Action Scheme (RAS), or automated
switching System that operates BES Elements, that, if destroyed, degraded, misused or
otherwise rendered unavailable, would cause one or more Interconnection Reliability
Operating Limits (IROLs) violations for failure to operate as designed or cause a
reduction in one or more IROLs if destroyed, degraded, misused, or otherwise
rendered unavailable.
Voltage Value of a Line Weight Value per Line
less than 200 kV (not applicable) (not applicable)
200 kV to 299 kV 700
300 kV to 499 kV 1300
500 kV and above 0
Page 16 of 34
2.10. Each system or group of Elements that performs automatic Load shedding under a
common control system, without human operator initiation, of 300 MW or more
implementing undervoltage load shedding (UVLS) or underfrequency load shedding
(UFLS) under a load shedding program that is subject to one or more requirements in
a NERC or regional reliability standard.
2.11. Each Control Center or backup Control Center, not already included in High Impact
Rating (H) above, used to perform the functional obligations of the Generator
Operator for an aggregate highest rated net Real Power capability of the preceding 12
calendar months equal to or exceeding 1500 MW in a single Interconnection.
obligations of the Transmission Operator not included in High Impact Rating (H),
above.
2.13. Each Control Center or backup Control Center, not already included in High Impact
Rating (H) above, used to perform the functional obligations of the Balancing
Authority for generation equal to or greater than an aggregate of 1500 MW in a single
Interconnection.

3. Low Impact Rating (L)

BES Cyber Systems not included in Sections 1 or 2 above that are associated with any of the
following assets and that meet the applicability qualifications in Section 4 - Applicability, part
4.2 Facilities, of this standard:

3.1. Control Centers and backup Control Centers.
3.2. Transmission stations and substations.
3.3. Generation resources.
3.4. Systems and facilities critical to system restoration, including Blackstart Resources and
Cranking Paths and initial switching requirements.
3.5. Special Protection Systems that support the reliable operation of the Bulk Electric
System.
3.6. For Distribution Providers, Protection Systems specified in Applicability section 4.2.1
above.

Page 17 of 34
Section 4 Scope of Applicability of the CIP Cyber Security Standards

Section 4. Applicability of the standards provides important information for Responsible
Entities to determine the scope of the applicability of the CIP Cyber Security Requirements.

Section 4.1. Functional Entities is a list of NERC functional entities to which the standard
applies. If the entity is registered as one or more of the functional entities listed in section 4.1,
then the NERC CIP Cyber Security Standards apply. Note that there is a qualification in section
4.1 that restricts the applicability in the case of Distribution Providers to only those that own
certain types of systems and equipment listed in 4.2.

Section 4.2. Facilities defines the scope of the Facilities, systems, and equipment owned by
the Responsible Entity, as qualified in section 4.1, that is subject to the requirements of the
standard. In addition to the set of BES Facilities, Control Centers, and other systems and
equipment, the list includes the qualified set of systems and equipment owned by Distribution
Providers. While the NERC Glossary term Facilities already includes the BES characteristic, the
additional use of the term BES here is meant to reinforce the scope of applicability of these
Facilities where it is used, especially in this applicability scoping section. This in effect sets the
scope of Facilities, systems, and equipment that is subject to the standards. This section is
especially significant in CIP-002-5 and represents the total scope of Facilities, systems, and
equipment to which the criteria in Attachment 1 apply. This is important because it determines
the balance of these Facilities, systems, and equipment that are Low Impact once those that
qualify under the High and Medium Impact categories are filtered out.

For the purpose of identifying groups of Facilities, systems, and equipment, whether by location
or otherwise, the Responsible Entity identifies assets as described in Requirement R1 of CIP-
002-5. This is a process familiar to Responsible Entities that have to comply with versions 1, 2,
3, and 4 of the CIP standards for Critical Assets. As in versions 1, 2, 3, and 4, Responsible Entities
may use substations, generation plants, and Control Centers at single site locations as
identifiers of these groups of Facilities, systems, and equipment.

CIP-002-5

CIP-002-5 requires that applicable Responsible Entities categorize their BES Cyber Systems and
associated BES Cyber Assets according to the criteria in Attachment 1. A BES Cyber Asset
includes in its definition, that if rendered unavailable, degraded, or misused would, within 15
minutes adversely impact the reliable operation of the BES.

The following provides guidance that a Responsible Entity may use to identify the BES Cyber
Systems that would be in scope. The concept of BES reliability operating service is useful in
providing Responsible Entities with the option of a defined process for scoping those BES Cyber
Page 18 of 34
Systems that would be subject to CIP-002-5. The concept includes a number of named BES
reliability operating services. These named services include:

Dynamic Response to BES conditions
Balancing Load and Generation
Controlling Frequency (Real Power)
Controlling Voltage (Reactive Power)
Managing Constraints
Monitoring & Control
Restoration of BES
Situational Awareness
Inter-Entity Real-Time Coordination and Communication
Responsibility for the reliable operation of the BES is spread across all Entity Registrations. Each
entity registration has its own special contribution to reliable operations and the following
discussion helps identify which entity registration, in the context of those functional entities to
which these CIP standards apply, performs which reliability operating service, as a process to
identify BES Cyber Systems that would be in scope. The following provides guidance for
Responsible Entities to determine applicable reliability operations services according to their
Function Registration type.
Entity Registration RC BA TOP TO DP GOP GO
Dynamic Response X X X X X X
Balancing Load &
Generation
X X X X X X X
Controlling Frequency X X X
Controlling Voltage X X X X
Managing Constraints X X X
Monitoring and Control X X
Restoration X X
Situation Awareness X X X X
Inter-Entity coordination X X X X X X
Dynamic Response
The Dynamic Response Operating Service includes those actions performed by BES Elements or
subsystems which are automatically triggered to initiate a response to a BES condition. These
actions are triggered by a single element or control device or a combination of these elements
or devices in concert to perform an action or cause a condition in reaction to the triggering
action or condition. The types of dynamic responses that may be considered as potentially
having an impact on the BES are:
Page 19 of 34
Spinning reserves (contingency reserves)
Providing actual reserve generation when called upon (GO,GOP)
Monitoring that reserves are sufficient (BA)
Governor Response
Control system used to actuate governor response (GO)
Protection Systems (transmission & generation)
Lines, buses, transformers, generators (DP, TO, TOP, GO, GOP)
Zone protection for breaker failure (DP, TO, TOP)
Breaker protection (DP, TO, TOP)
Current, frequency, speed, phase (TO,TOP, GO,GOP)
Special Protection Systems or Remedial Action Schemes
Sensors, relays, and breakers, possibly software (DP, TO, TOP)
Under and Over Frequency relay protection (includes automatic load shedding)
Sensors, relays & breakers (DP)
Under and Over Voltage relay protection (includes automatic load shedding)
Sensors, relays & breakers (DP)
Power System Stabilizers (GO)

Balancing Load and Generation
The Balancing Load and Generation Operations Service includes activities, actions and
conditions necessary for monitoring and controlling generation and load in the operations
planning horizon and in real-time. Aspects of the Balancing Load and Generation function
include, but are not limited to:
Calculation of Area Control Error (ACE)
Field data sources (real time tie flows, frequency sources, time error, etc) (TO, TOP)
Software used to perform calculation (BA)
Demand Response
Ability to identify load change need (BA)
Ability to implement load changes (TOP,DP)
Manually Initiated Load shedding
Ability to identify load change need (BA)
Ability to implement load changes (TOP, DP)
Page 20 of 34
Non-spinning reserve (contingency reserve)
Know generation status, capability, ramp rate, start time (GO, BA)
Start units and provide energy (GOP)

Controlling Frequency (Real Power)
The Controlling Frequency Operations Service includes activities, actions and conditions which
ensure, in real time, that frequency remains within bounds acceptable for the reliability or
operability of the BES. Aspects of the Controlling Frequency function include, but are limited
to:
Generation Control (such as AGC)
ACE, current generator output, ramp rate, unit characteristics (BA, GOP, GO)
Software to calculate unit adjustments (BA)
Transmit adjustments to individual units (GOP)
Unit controls implementing adjustments (GOP)
Regulation (regulating reserves)
Frequency source, schedule (BA)
Governor control system (GO)

Controlling Voltage (Reactive Power)
The Controlling Voltage Operations Service includes activities, actions and conditions which
ensure, in real time, that voltage remains within bounds acceptable for the reliability or
operability of the BES. Aspects of the Controlling Voltage function include, but are not limited
to:
Automatic Voltage Regulation (AVR)
Sensors, stator control system, feedback (GO)
Capacitive resources
Status, control (manual or auto), feedback (TOP, TO,DP)
Inductive resources (transformer tap changer, or inductors)
Status, control (manual or auto), feedback (TOP,TO,DP)
Static VAR Compensators (SVC)
Status, computations, control (manual or auto), feedback (TOP, TO,DP)

Page 21 of 34
Managing Constraints
Managing Constraints includes activities, actions and conditions that are necessary to ensure
that elements of the BES operate within design limits and constraints established for the
reliability and operability of the BES. Aspects of the Managing Constraints include, but are not
limited to:
Available Transfer Capability (ATC) (TOP)
Interchange schedules (TOP, RC)
Generation re-dispatch and unit commit (GOP)
Identify and monitor SOLs & IROLs (TOP, RC)
Identify and monitor Flow gates (TOP, RC)

Monitoring and Control
Monitoring and Control includes those activities, actions and conditions that provide
monitoring and control of BES Elements. An example aspect of the Control and Operation
function is:
All methods of operating breakers and switches
SCADA (TOP, GOP)
Substation automation (TOP)

Restoration of BES
The Restoration of BES Operations Service includes activities, actions and conditions necessary
to go from a shutdown condition to an operating condition delivering electric power without
external assistance. Aspects of the Restoration of BES function include, but are not limited to:
Restoration including planned cranking path
Through black start units (TOP, GOP)
Through tie lines (TOP, GOP)
Off-site power for nuclear facilities. (TOP, TO, BA, RC, DP, GO, GOP)
Coordination (TOP, TO, BA, RC, DP, GO, GOP)

Situational Awareness
The Situational Awareness function includes activities, actions and conditions established by
policy, directive or standard operating procedure necessary to assess the current condition of
the BES and anticipate effects of planned and unplanned changes to conditions. Aspects of the
Situation Awareness function include:
Page 22 of 34
Monitoring and alerting (such as EMS alarms) (TOP, GOP, RC,BA)
Change management (TOP,GOP,RC,BA)
Current Day and Next Day planning (TOP)
Contingency Analysis (RC)
Frequency monitoring (BA, RC)

Inter-Entity Coordination
The Inter-Entity coordination and communication function includes activities, actions, and
conditions established by policy, directive, or standard operating procedure necessary for the
coordination and communication between Responsible Entities to ensure the reliability and
operability of the BES. Aspects of the Inter-Entity Coordination and Communication function
include:
Scheduled interchange (BA,TOP,GOP,RC)
Facility operational data and status (TO, TOP, GO, GOP, RC, BA)
Operational directives (TOP, RC, BA)

Applicability to Distribution Providers
It is expected that only Distribution Providers that own or operate facilities that qualify in the
Applicability section will be subject to these Version 5 Cyber Security Standards. Distribution
Providers that do not own or operate any facility that qualifies are not subject to these
standards. The qualifications are based on the requirements for registration as a Distribution
Provider and on the requirements applicable to Distribution Providers in NERC Standard EOP-
005.

Requirement R1:
Requirement R1 implements the methodology for the categorization of BES Cyber Systems
according to their impact on the BES. Using the traditional risk assessment equation, it reduces
the measure of the risk to an impact (consequence) assessment, assuming the vulnerability
index of 1 (the Systems are assumed to be vulnerable) and a probability of threat of 1 (100
percent). The criteria in Attachment 1 provide a measure of the impact of the BES assets
supported by these BES Cyber Systems.
Responsible Entities are required to identify and categorize those BES Cyber Systems that have
high and medium impact. BES Cyber Systems for BES assets not specified in Attachment 1,
Criteria 1.1 1.4 and Criteria 2.1 2.11 default to low impact.

Page 23 of 34
Attachment 1
Overall Application
In the application of the criteria in Attachment 1, Responsible Entities should note that the
approach used is based on the impact of the BES Cyber System as measured by the bright-line
criteria defined in Attachment 1.
When the drafting team uses the term Facilities, there is some latitude to Responsible
Entities to determine included Facilities. The term Facility is defined in the NERC Glossary of
Terms as A set of electrical equipment that operates as a single Bulk Electric System
Element (e.g., a line, a generator, a shunt compensator, transformer, etc.). In most cases,
the criteria refer to a group of Facilities in a given location that supports the reliable
operation of the BES. For example, for Transmission assets, the substation may be
designated as the group of Facilities. However, in a substation that includes equipment that
supports BES operations along with equipment that only supports Distribution operations,
the Responsible Entity may be better served to consider only the group of Facilities that
supports BES operation. In that case, the Responsible Entity may designate the group of
Facilities by location, with qualifications on the group of Facilities that supports reliable
operation of the BES, as the Facilities that are subject to the criteria for categorization of
BES Cyber Systems. Generation Facilities are separately discussed in the Generation section
below. In CIP-002-5, these groups of Facilities, systems, and equipment are sometimes
designated as BES assets. For example, an identified BES asset may be a named substation,
generating plant, or Control Center. Responsible Entities have flexibility in how they group
Facilities, systems, and equipment at a location.
In certain cases, a BES Cyber System may be categorized by meeting multiple criteria. In
such cases, the Responsible Entity may choose to document all criteria that result in the
categorization. This will avoid inadvertent miscategorization when it no longer meets one
of the criteria, but still meets another.
It is recommended that each BES Cyber System should be listed by only one Responsible
Entity. Where there is joint ownership, it is advisable that the owning Responsible Entities
should formally agree on the designated Responsible Entity responsible for compliance with
the standards.

This category includes those BES Cyber Systems, used by and at Control Centers (and the
associated data centers included in the definition of Control Centers), that perform the
functional obligations of the Reliability Coordinator (RC), Balancing Authority (BA), Transmission
Operator (TOP), or Generator Operator (GOP), as defined under the Tasks heading of the
applicable Function and the Relationship with Other Entities heading of the functional entity in
the NERC Functional Model, and as scoped by the qualification in Attachment 1, Criteria 1.1,
1.2, 1.3 and 1.4. While those entities that have been registered as the above-named functional
entities are specifically referenced, it must be noted that there may be agreements where some
High Impact Rating (H)
Page 24 of 34
of the functional obligations of a Transmission Operator may be delegated to a Transmission
Owner (TO). In these cases, BES Cyber Systems at these TO Control Centers that perform these
functional obligations would be subject to categorization as high impact. The criteria notably
specifically emphasize functional obligations, not necessarily the RC, BA, TOP, or GOP facilities.
One must note that the definition of Control Center specifically refers to reliability tasks for RCs,
BAs, TOPs, and GOPs. A TO BES Cyber System in a TO facility that does not perform or does not
have an agreement with a TOP to perform any of these functional tasks does not meet the
definition of a Control Center. However, if that BES Cyber System operates any of the facilities
that meet criteria in the Medium Impact category, that BES Cyber System would be categorized
as a Medium Impact BES Cyber System.
The 3000 MW threshold defined in criterion 1.2 for BA Control Centers provides a sufficient
differentiation of the threshold defined for Medium Impact BA Control Centers. An analysis of
BA footprints shows that the majority of BAs with significant impact are covered under this
criterion.
Additional thresholds as specified in the criteria apply for this category.

Generation
Medium Impact Rating (M)
The criteria in Attachment 1s medium impact category that generally apply to Generation
Owner and Operator (GO/GOP) Registered Entities are criteria 2.1, 2.3, 2.6, 2.9, and 2.11.
Criterion 2.13 for BA Control Centers is also included here.
Criterion 2.1 designates as medium impact those BES Cyber Systems that impact generation
with a net Real Power capability exceeding 1500 MW. The 1500 MW criterion is sourced
partly from the Contingency Reserve requirements in NERC standard BAL-002, whose
purpose is to ensure the Balancing Authority is able to utilize its Contingency Reserve to
balance resources and demand and return Interconnection frequency within defined limits
following a Reportable Disturbance. In particular, it requires that as a minimum, the
Balancing Authority or Reserve Sharing Group shall carry at least enough Contingency
Reserve to cover the most severe single contingency. The drafting team used 1500 MW as
a number derived from the most significant Contingency Reserves operated in various BAs
in all regions.
In the use of net Real Power capability, the drafting team sought to use a value that could
be verified through existing requirements as proposed by NERC standard MOD-024 and
current development efforts in that area.
By using 1500 MW as a bright-line, the intent of the drafting team was to ensure that BES
Cyber Systems with common mode vulnerabilities that could result in the loss of 1500 MW
or more of generation at a single plant for a unit or group of units are adequately protected.
Page 25 of 34
The drafting team also used additional time and value parameters to ensure the bright-lines
and the values used to measure against them were relatively stable over the review period.
Hence, where multiple values of net Real Power capability could be used for the Facilities
qualification against these bright-lines, the highest value was used.
In Criterion 2.3, the drafting team sought to ensure that BES Cyber Systems for those
generation Facilities that have been designated by the Planning Coordinator or
Transmission Planner as necessary to avoid BES Adverse Reliability Impacts in the planning
horizon of one year or more are categorized as medium impact. In specifying a planning
horizon of one year or more, the intent is to ensure that those are units that are identified
as a result of a long term reliability planning, i.e that the plans are spanning an operating
period of at least 12 months: it does not mean that the operating day for the unit is
necessarily beyond one year, but that the period that is being planned for is more than 1
year: it is specifically intended to avoid designating generation that is required to be run to
remediate short term emergency reliability issues. These Facilities may be designated as
Reliability Must Run, and this designation is distinct from those generation Facilities
designated as must run for market stabilization purposes. Because the use of the term
must run creates some confusion in many areas, the drafting team chose to avoid using
this term and instead drafted the requirement in more generic reliability language. In
particular, the focus on preventing an Adverse Reliability Impact dictates that these units
are designated as must run for reliability purposes beyond the local area. Those units
designated as must run for voltage support in the local area would not generally be given
this designation. In cases where there is no designated Planning Coordinator, the
Transmission Planner is included as the Registered Entity that performs this designation.
If it is determined through System studies that a unit must run in order to preserve the
reliability of the BES, such as due to a Category C3 contingency as defined in TPL-003, then
BES Cyber Systems for that unit are categorized as medium impact.
The TPL standards require that, where the studies and plans indicate additional actions, that
these studies and plans be communicated by the Planning Coordinator or Transmission
Planner in writing to the Regional Entity/RRO. Actions necessary for the implementation of
these plans by affected parties (generation owners/operators and Reliability Coordinators
or other necessary party) are usually formalized in the form of an agreement and/or
contract.

Criterion 2.6 includes BES Cyber Systems for those Generation Facilities that have been
identified as critical to the derivation of IROLs and their associated contingencies, as
specified by FAC-014-2, Establish and Communicate System Operating Limits, R5.1.1 and
R5.1.3.
IROLs may be based on dynamic System phenomena such as instability or voltage collapse.
Derivation of these IROLs and their associated contingencies often considers the effect of
generation inertia and AVR response.

Page 26 of 34
Criterion 2.9 categorizes BES Cyber Systems for Special Protection Systems and Remedial
Action Schemes as medium impact. Special Protection Systems and Remedial Action
Schemes may be implemented to prevent disturbances that would result in exceeding IROLs
if they do not provide the function required at the time it is required or if it operates
outside of the parameters it was designed for. Generation Owners and Generator Operators
which own BES Cyber Systems for such Systems and schemes designate them as medium
impact.

Criterion 2.11 categorizes as medium impact BES Cyber Systems used by and at Control
Centers that perform the functional obligations of the Generator Operator for an aggregate
generation of 1500 MW or higher in a single interconnection, and that have not already
been included in Part 1. .

Criterion 2.13 categorizes as medium impact those BA Control Centers that control 1500
MW of generation or more in a single interconnection and that have not already been
included in Part 1. The 1500 MW threshold is consistent with the impact level and rationale
specified for Criterion 2.1.

Transmission

The SDT uses the phrases Transmission Facilities at a single station or substation and
Transmission stations or substations to recognize the existence of both stations and
substations. Many entities in industry consider a substation to be a location with physical
borders (i.e. fence, wall, etc.) that contains at least an autotransformer. Locations also exist
that do not contain autotransformers, and many entities in industry refer to those locations as
stations (or switchyards). Therefore, the SDT chose to use both station and substation to
refer to the locations where groups of Transmission Facilities exist.

Criteria 2.2, 2.4 through 2.10, and 2.12 in Attachment 1 are the criteria that are applicable
to Transmission Owners and Operators. In many of the criteria, the impact threshold is
defined as the capability of the failure or compromise of a System to result in exceeding one
or more Interconnection Reliability Operating Limits (IROLs). Criterion 2.2 includes BES
Cyber Systems for those Facilities in Transmission Systems that provide reactive resources
to enhance and preserve the reliability of the BES. The nameplate value is used here
because there is no NERC requirement to verify actual capability of these Facilities. The
value of 1000 MVARs used in this criterion is a value deemed reasonable for the purpose of
determining criticality.
Criterion 2.4 includes BES Cyber Systems for any Transmission Facility at a substation
operated at 500 kV or higher. While the drafting team felt that Facilities operated at 500 kV
or higher did not require any further qualification for their role as components of the
Page 27 of 34
backbone on the Interconnected BES, Facilities in the lower EHV range should have
additional qualifying criteria for inclusion in the medium impact category.
It must be noted that if the collector bus for a generation plant (i.e. the plant is smaller in
aggregate than the threshold set for generation in Criterion 2.1) is operated at 500kV, the
collector bus should be considered a Generation Interconnection Facility, and not a
Transmission Facility, according to the Final Report from the Ad Hoc Group for Generation
Requirements at the Transmission Interface. This collector bus would not be a facility for a
medium impact BES Cyber System because it does not significantly affect the 500kV
Transmission grid; it only affects a plant which is below the generation threshold.
Criterion 2.5 includes BES Cyber Systems for facilities at the lower end of BES Transmission
with qualifications for inclusion if they are deemed highly likely to have significant impact
on the BES. While the criterion has been specified as part of the rationale for requiring
protection for significant impact on the BES, the drafting team included, in this criterion,
additional qualifications that would ensure the required level of impact to the BES. The
drafting team:
Excluded radial facilities that would only provide support for single generation
facilities.
Specified interconnection to at least three transmission stations or substations to
ensure that the level of impact would be appropriate.
The total aggregated weighted value of 3,000 was derived from weighted values related to
three connected 345 kV lines and five connected 230 kV lines at a transmission station or
substation. The total aggregated weighted value is used to account for the true impact to
the BES, irrespective of line kV rating and mix of multiple kV rated lines.
Additionally, in NERCs document Integrated Risk Assessment Approach Refinement to
Severity Risk Index, Attachment 1, the report used an average MVA line loading based on
kV rating:
230 kV > 700 MVA
345 kV > 1,300 MVA
500 kV > 2,000 MVA
765 kV > 3,000 MVA
In the terms of applicable lines and connecting other Transmission stations or substations
determinations, the following should be considered:

For autotransformers in a station, Responsible Entities have flexibility in determining
whether the groups of Facilities are considered a single substation or station
location or multiple substations or stations. In most cases, Responsible Entities
Page 28 of 34
would probably consider them as Facilities at a single substation or station unless
geographically dispersed. In these cases of these transformers being within the
fence of the substation or station, autotransformers may not count as separate
connections to other stations. The use of common BES Cyber Systems may negate
any rationale for any consideration otherwise. In the case of autotransformers that
are geographically dispersed from a station location, the calculation would take into
account the connections in and out of each station or substation location.

Multiple-point (or multiple-tap) lines are considered to contribute a single weight
value per line and affect the number of connections to other stations. Therefore, a
single 230 kV multiple-point line between three Transmission stations or substations
would contribute an aggregated weighted value of 700 and connect Transmission
Facilities at a single station or substation to two other Transmission stations or
substations.
Multiple lines between two Transmission stations or substations are considered to
contribute multiple weight values per line, but these multiple lines between the two
stations only connect one station to one other station. Therefore, two 345 kV lines
between two Transmission stations or substations would contribute an aggregated
weighted value of 2600 and connect Transmission Facilities at a single station or
substation to one other Transmission station or substation.
Criterion 2.5s qualification for Transmission Facilities at a Transmission station or
substation is based on 2 distinct conditions.
1. The first condition is that Transmission Facilities at a single station or substation
where that station or substation connect, at voltage levels of 200 kV or higher
to three (3) other stations or substations, to three other stations or substations.
This qualification is meant to ensure that connections that operate at voltages
of 500 kV or higher are included in the count of connections to other stations or
substations as well.
2. The second qualification is that the aggregate value of all lines entering or
leaving the station or substation must exceed 3000. This qualification does not
include the consideration of lines operating at lower than 200 kV, or 500 kV or
higher, the latter already qualifying as medium impact under criterion 2.4. :
there is no value to be assigned to lines at voltages of less than 200 kV or 500 kV
or higher in the table of values for the contribution to the aggregate value of
3000.
The Transmission Facilities at the station or substation must meet both qualifications to be
considered as qualified under criterion 2.5.
Criterion 2.6 include BES Cyber Systems for those Transmission Facilities that have been
identified as critical to the derivation of IROLs and their associated contingencies, as
Page 29 of 34
specified by FAC-014-2, Establish and Communicate System Operating Limits, R5.1.1 and
R5.1.3.
Criterion 2.7 is sourced from the NUC-001 NERC standard, Requirement R9.2.2, for the
support of Nuclear Facilities. NUC-001 ensures that reliability of NPIRs are ensured through
adequate coordination between the Nuclear Generator Owner/Operator and its
Transmission provider for the purpose of ensuring nuclear plant safe operation and
shutdown. In particular, there are specific requirements to coordinate physical and cyber
security protection of these interfaces.
Criterion 2.8 designates as medium impact those BES Cyber Systems that impact
Transmission Facilities necessary to directly support generation that meet the criteria in
Criteria 2.1 (generation Facilities with output greater than 1500 MW) and 2.3 (generation
Facilities generally designated as must run for wide area reliability in the planning
horizon). The Responsible Entity can request a formal statement from the Generation
owner as to the qualification of generation Facilities connected to their Transmission
systems.
Criterion 2.9 designates as medium impact those BES Cyber Systems for those Special
Protection Systems (SPS), Remedial Action Schemes (RAS), or automated switching Systems
installed to ensure BES operation within IROLs. The degradation, compromise or
unavailability of these BES Cyber Systems would result in exceeding IROLs if they fail to
operate as designed. By the definition of IROL, the loss or compromise of any of these have
Wide Area impacts.
Criterion 2.10 designates as medium impact those BES Cyber Systems for Systems or
Elements that perform automatic Load shedding, without human operator initiation, of 300
MW or more. The SDT spent considerable time discussing the wording of Criterion 2.10,
and chose the term Each to represent that the criterion applied to a discrete System or
Facility. In the drafting of this criterion, the drafting team sought to include only those
Systems that did not require human operator initiation, and targeted in particular those
underfrequency load shedding (UFLS) Facilities and systems and undervoltage load
shedding (UVLS) systems and Elements that would be subject to a regional Load shedding
requirement to prevent Adverse Reliability Impact. These include automated UFLS systems
or UVLS systems that are capable of Load shedding 300 MW or more. It should be noted
that those qualifying systems which require a human operator to arm the system, but once
armed, trigger automatically, are still to be considered as not requiring human operator
initiation and should be designated as medium impact. The 300 MW threshold has been
defined as the aggregate of the highest MW Load value, as defined by the applicable
regional Load Shedding standards, for the preceding 12 months to account for seasonal
fluctuations.
This particular threshold (300 MW) was provided in CIP, Version 1. The SDT believes that
the threshold should be lower than the 1500MW generation requirement since it is
specifically addressing UVLS and UFLS, which are last ditch efforts to save the Bulk Electric
Page 30 of 34
System and hence requires a lower threshold. A review of UFLS tolerances defined within
regional reliability standards for UFLS program requirements to date indicates that the
historical value of 300 MW represents an adequate and reasonable threshold value for
allowable UFLS operational tolerances.
In ERCOT, the Load acting as a Resource (LaaR) Demand Response Program is not part of
the regional load shedding program, but an ancillary services market. In general, similar
demand response programs that are not part of the NERC or regional reliability Load
shedding programs, but are offered as components of an ancillary services market do not
qualify under this criterion.
The language used in section 4 for UVLS and UFLS and in criterion 2.10 of Attachment 1 is
designed to be consistent with requirements set in the PRC standards for UFLS and UVLS.
Criterion 2.12 categorizes as medium impact those BES Cyber Systems used by and at
Control Centers and associated data centers performing the functional obligations of a
Transmission Operator and that have not already been categorized as high impact.
Criterion 2.13 categorizes as Medium Impact those BA Control Centers that control 1500
MW of generation or more in a single Interconnection. The 1500 MW threshold is
consistent with the impact level and rationale specified for Criterion 2.1.

BES Cyber Systems not categorized in high impact or medium impact default to low impact.
Note that low impact BES Cyber Systems do not require discrete identification.
Low Impact Rating (L)
Restoration Facilities
Several discussions on the CIP Version 5 standards suggest entities owning Blackstart
Resources and Cranking Paths might elect to remove those services to avoid higher
compliance costs. For example, one Reliability Coordinator reported a 25% reduction of
Blackstart Resources as a result of the Version 1 language, and there could be more entities
that make this choice under Version 5.
In response, the CIP Version 5 drafting team sought informal input from NERCs Operating
and Planning Committees. The committees indicate there has already been a reduction in
Blackstart Resources because of increased CIP compliance costs, environmental rules, and
other risks; continued inclusion within Version 5 at a category that would very significantly
increase compliance costs can result in further reduction of a vulnerable pool.
The drafting team moved from the categorization of restoration assets such as Blackstart
Resources and Cranking Paths as medium impact (as was the case in earlier drafts) to
categorization of these assets as low impact as a result of these considerations. This will
not relieve asset owners of all responsibilities, as would have been the case in CIP-002,
Versions 1-4 (since only Cyber Assets with routable connectivity which are essential to
Page 31 of 34
restoration assets are included in those versions). Under the low impact categorization,
those assets will be protected in the areas of cyber security awareness, physical access
control, and electronic access control, and they will have obligations regarding incident
response. This represents a net gain to bulk power system reliability, however, since many
of those assets do not meet criteria for inclusion under Versions 1-4.
Weighing the risks to overall BES reliability, the drafting team determined that this re-
categorization represents the option that would be the least detrimental to restoration
function and, thus, overall BES reliability. Removing Blackstart Resources and Cranking
Paths from medium impact promotes overall reliability, as the likely alternative is fewer
Blackstart Resources supporting timely restoration when needed.
BES Cyber Systems for generation resources that have been designated as Blackstart
Resources in the Transmission Operators restoration plan default to low impact. NERC
Standard EOP-005-2 requires the Transmission Operator to have a Restoration Plan and to
list its Blackstart Resources in its plan, as well as requirements to test these Resources. This
criterion designates only those generation Blackstart Resources that have been designated
as such in the Transmission Operators restoration plan. The glossary term Blackstart
Capability Plan has been retired.
Regarding concerns of communication to BES Asset Owners and Operators of their role in
the Restoration Plan, Transmission Operators are required in NERC Standard EOP-005-2 to
provide the entities identified in its approved restoration plan with a description of any
changes to their roles and specific tasks prior to the implementation date of the plan.
BES Cyber Systems for Facilities and Elements comprising the Cranking Paths and meeting
the initial switching requirements from the Blackstart Resource to the first Interconnection
point of the generation unit(s) to be started, as identified in the Transmission Operator's
restoration plan, default to the category of low impact: however, these systems are
explicitly called out to ensure consideration for inclusion in the scope of the version 5 CIP
standards. This requirement for inclusion in the scope is sourced from requirements in
NERC standard EOP-005-2, which requires the Transmission Operator to include in its
Restoration Plan the Cranking Paths and initial switching requirements from the Blackstart
Resource and the unit(s) to be started.
Distribution Providers may note that they may have BES Cyber Systems that must be scoped
in if they have Elements listed in the Transmission Operators Restoration Plan that are
components of the Cranking Path.
Page 32 of 34

Use Case: CIP Process Flow
The following CIP use case process flow for a generator Operator/Owner was provided by a
participant in the development of the Version 5 standards and is provided here as an example
of a process used to identify and categorize BES Cyber Systems and BES Cyber Assets; review,
develop, and implement strategies to mitigate overall risks; and apply applicable security
controls.

Page 33 of 34
Rationale:
During development of this standard, text boxes were embedded within the standard to explain
the rationale for various parts of the standard. Upon BOT approval, the text from the rationale
text boxes was moved to this section.
Rationale for R1:
BES Cyber Systems at each site location have varying impact on the reliable operation of the
Bulk Electric System. Attachment 1 provides a set of bright-line criteria that the Responsible
Entity must use to identify these BES Cyber Systems in accordance with the impact on the BES.
BES Cyber Systems must be identified and categorized according to their impact so that the
appropriate measures can be applied, commensurate with their impact. These impact
categories will be the basis for the application of appropriate requirements in CIP-003-CIP-011.
Rationale for R2:
The lists required by Requirement R1 are reviewed on a periodic basis to ensure that all BES
Cyber Systems required to be categorized have been properly identified and categorized. The
miscategorization or non-categorization of a BES Cyber System can lead to the application of
inadequate or non-existent cyber security controls that can lead to compromise or misuse that
can affect the real-time operation of the BES. The CIP Senior Managers approval ensures
proper oversight of the process by the appropriate Responsible Entity personnel.

Version History

1 1/16/06
R3.2 Change Control Center to
control center.
3/24/06
2 9/30/09 Modifications to clarify the
requirements and to bring the
compliance elements into conformance
Removal of reasonable business
judgment.
Responsible Entity.
Changed compliance monitor to
Compliance Enforcement Authority.

3 12/16/09 Updated version number from -2 to -3. Update
Page 34 of 34
Approved by the NERC Board of
Trustees.
3 3/31/10 Approved by FERC.
4 12/30/10 Modified to add specific criteria for
Critical Asset identification.
Update
4 1/24/11 Approved by the NERC Board of
Trustees.
Update
5 11/26/12 Adopted by the NERC Board of
Trustees.
Modified to
coordinate with
other CIP
standards and to
revise format to
use RBS
Template.

Standard CIP0033 Cyber Security Security Management Controls
1
A. Introduction
1. Title: Cyber Security Security Management Controls
3. Purpose: Standard CIP-003-3 requires that Responsible Entities have minimum security
management controls in place to protect Critical Cyber Assets. Standard CIP-003-3 should be
read as part of a group of standards numbered Standards CIP-002-3 through CIP-009-3.
4. Applicability:
4.1.10 NERC.
4.2.3 Responsible Entities that, in compliance with Standard CIP-002-3, identify that
they have no Critical Cyber Assets shall only be required to comply with CIP-
003-3 Requirement R2.
not required).
B. Requirements
R1. Cyber Security Policy The Responsible Entity shall document and implement a cyber
security policy that represents managements commitment and ability to secure its Critical
Cyber Assets. The Responsible Entity shall, at minimum, ensure the following:
R1.1. The cyber security policy addresses the requirements in Standards CIP-002-3 through
CIP-009-3, including provision for emergency situations.
2
R1.2. The cyber security policy is readily available to all personnel who have access to, or are
responsible for, Critical Cyber Assets. (Retirement approved by NERC BOT pending
R1.3. Annual review and approval of the cyber security policy by the senior manager
assigned pursuant to R2.
R2. Leadership The Responsible Entity shall assign a single senior manager with overall
responsibility and authority for leading and managing the entitys implementation of, and
adherence to, Standards CIP-002-3 through CIP-009-3.
R2.1. The senior manager shall be identified by name, title, and date of designation.
R2.2. Changes to the senior manager must be documented within thirty calendar days of the
effective date.
R2.3. Where allowed by Standards CIP-002-3 through CIP-009-3, the senior manager may
delegate authority for specific actions to a named delegate or delegates. These
delegations shall be documented in the same manner as R2.1 and R2.2, and approved
by the senior manager.
R2.4. The senior manager or delegate(s), shall authorize and document any exception from
the requirements of the cyber security policy.
R3. Exceptions Instances where the Responsible Entity cannot conform to its cyber security
policy must be documented as exceptions and authorized by the senior manager or delegate(s).
(Retirement approved by NERC BOT pending applicable regulatory approval.)
R3.1. Exceptions to the Responsible Entitys cyber security policy must be documented
within thirty days of being approved by the senior manager or delegate(s).
R3.2. Documented exceptions to the cyber security policy must include an explanation as to
why the exception is necessary and any compensating measures. (Retirement
approved by NERC BOT pending applicable regulatory approval.)
R3.3. Authorized exceptions to the cyber security policy must be reviewed and approved
annually by the senior manager or delegate(s) to ensure the exceptions are still
required and valid. Such review and approval shall be documented. (Retirement
R4. Information Protection The Responsible Entity shall implement and document a program to
identify, classify, and protect information associated with Critical Cyber Assets.
R4.1. The Critical Cyber Asset information to be protected shall include, at a minimum and
regardless of media type, operational procedures, lists as required in Standard CIP-
002-3, network topology or similar diagrams, floor plans of computing centers that
contain Critical Cyber Assets, equipment layouts of Critical Cyber Assets, disaster
recovery plans, incident response plans, and security configuration information.
R4.2. The Responsible Entity shall classify information to be protected under this program
based on the sensitivity of the Critical Cyber Asset information. (Retirement
R4.3. The Responsible Entity shall, at least annually, assess adherence to its Critical Cyber
Asset information protection program, document the assessment results, and
implement an action plan to remediate deficiencies identified during the assessment.
3
R5. Access Control The Responsible Entity shall document and implement a program for
managing access to protected Critical Cyber Asset information.
R5.1. The Responsible Entity shall maintain a list of designated personnel who are
responsible for authorizing logical or physical access to protected information.
R5.1.1. Personnel shall be identified by name, title, and the information for which
they are responsible for authorizing access.
R5.1.2. The list of personnel responsible for authorizing access to protected
information shall be verified at least annually.
R5.2. The Responsible Entity shall review at least annually the access privileges to protected
information to confirm that access privileges are correct and that they correspond with
the Responsible Entitys needs and appropriate personnel roles and responsibilities.
R5.3. The Responsible Entity shall assess and document at least annually the processes for
controlling access privileges to protected information.
R6. Change Control and Configuration Management The Responsible Entity shall establish and
document a process of change control and configuration management for adding, modifying,
replacing, or removing Critical Cyber Asset hardware or software, and implement supporting
configuration management activities to identify, control and document all entity or vendor-
related changes to hardware and software components of Critical Cyber Assets pursuant to the
change control process.
C. Measures
M1. The Responsible Entity shall make available documentation of its cyber security policy as
specified in Requirement R1. Additionally, the Responsible Entity shall demonstrate that the
cyber security policy is available as specified in Requirement R1.2. (Retirement of R1.2
M2. The Responsible Entity shall make available documentation of the assignment of, and changes
to, its leadership as specified in Requirement R2.
M3. The Responsible Entity shall make available documentation of the exceptions, as specified in
Requirement R3. (Retirement approved by NERC BOT pending applicable regulatory
approval.)
M4. The Responsible Entity shall make available documentation of its information protection
program as specified in Requirement R4.
M5. The Responsible Entity shall make available its access control documentation as specified in
Requirement R5.
M6. The Responsible Entity shall make available its change control and configuration management
D. Compliance
4
Not applicable.
Compliance Audits
Self-Certifications
Spot Checking
Self-Reporting
Complaints
1.4. Data Retention
1.4.1 The Responsible Entity shall keep all documentation and records from the
previous full calendar year unless directed by its Compliance Enforcement
investigation.
1.5.1 None
None identified.
Version History
2 Modifications to clarify the requirements and to bring the
compliance elements into conformance with the latest
guidelines for developing compliance elements of
standards.
Replaced the RRO with the RE as a responsible entity.
Requirement R2 applies to all Responsible Entities,
including Responsible Entities which have no Critical
Cyber Assets.
Modified the personnel identification information
requirements in R5.1.1 to include name, title, and the
information for which they are responsible for
authorizing access (removed the business phone

5
information).
3 Update version number from -2 to -3
3 12/16/09 Adopted by the NERC Board of Trustees Update
3 3/31/10 Approved by FERC
3 2/7/13 R1.2, R3, R3.1, R3.2, R3.3, and R4.2 and associated
elements approved by NERC Board of Trustees for
retirement as part of the Paragraph 81 project (Project
2013-02) pending applicable regulatory approval.

1
A. Introduction
3. Purpose: Standard CIP-003-4 requires that Responsible Entities have minimum security
management controls in place to protect Critical Cyber Assets. Standard CIP-003-4 should be
4. Applicability:
4.1.10 NERC.
C.F. R. Section 73.54
they have no Critical Cyber Assets shall only be required to comply with CIP-
003-4 Requirement R2.
B. Requirements
R1. Cyber Security Policy The Responsible Entity shall document and implement a cyber
security policy that represents managements commitment and ability to secure its Critical
Cyber Assets. The Responsible Entity shall, at minimum, ensure the following:
2
R1.1. The cyber security policy addresses the requirements in Standards CIP-002-4 through
CIP-009-4, including provision for emergency situations.
R1.2. The cyber security policy is readily available to all personnel who have access to, or are
responsible for, Critical Cyber Assets. (Retirement approved by NERC BOT pending
R1.3. Annual review and approval of the cyber security policy by the senior manager
assigned pursuant to R2.
R2. Leadership The Responsible Entity shall assign a single senior manager with overall
responsibility and authority for leading and managing the entitys implementation of, and
adherence to, Standards CIP-002-4 through CIP-009-4.
R2.1. The senior manager shall be identified by name, title, and date of designation.
R2.2. Changes to the senior manager must be documented within thirty calendar days of the
effective date.
R2.3. Where allowed by Standards CIP-002-4 through CIP-009-4, the senior manager may
delegate authority for specific actions to a named delegate or delegates. These
delegations shall be documented in the same manner as R2.1 and R2.2, and approved
by the senior manager.
R2.4. The senior manager or delegate(s), shall authorize and document any exception from
the requirements of the cyber security policy.
R3. Exceptions Instances where the Responsible Entity cannot conform to its cyber security
policy must be documented as exceptions and authorized by the senior manager or delegate(s).
R3.1. Exceptions to the Responsible Entitys cyber security policy must be documented
within thirty days of being approved by the senior manager or delegate(s).
R3.2. Documented exceptions to the cyber security policy must include an explanation as to
why the exception is necessary and any compensating measures. (Retirement
R3.3. Authorized exceptions to the cyber security policy must be reviewed and approved
annually by the senior manager or delegate(s) to ensure the exceptions are still
required and valid. Such review and approval shall be documented. (Retirement
R4. Information Protection The Responsible Entity shall implement and document a program to
identify, classify, and protect information associated with Critical Cyber Assets.
R4.1. The Critical Cyber Asset information to be protected shall include, at a minimum and
regardless of media type, operational procedures, lists as required in Standard CIP-
002-4, network topology or similar diagrams, floor plans of computing centers that
contain Critical Cyber Assets, equipment layouts of Critical Cyber Assets, disaster
recovery plans, incident response plans, and security configuration information.
R4.2. The Responsible Entity shall classify information to be protected under this program
based on the sensitivity of the Critical Cyber Asset information. (Retirement
3
R4.3. The Responsible Entity shall, at least annually, assess adherence to its Critical Cyber
Asset information protection program, document the assessment results, and
implement an action plan to remediate deficiencies identified during the assessment.
R5. Access Control The Responsible Entity shall document and implement a program for
managing access to protected Critical Cyber Asset information.
R5.1. The Responsible Entity shall maintain a list of designated personnel who are
responsible for authorizing logical or physical access to protected information.
R5.1.1. Personnel shall be identified by name, title, and the information for which
they are responsible for authorizing access.
R5.1.2. The list of personnel responsible for authorizing access to protected
information shall be verified at least annually.
R5.2. The Responsible Entity shall review at least annually the access privileges to protected
information to confirm that access privileges are correct and that they correspond with
the Responsible Entitys needs and appropriate personnel roles and responsibilities.
R5.3. The Responsible Entity shall assess and document at least annually the processes for
controlling access privileges to protected information.
R6. Change Control and Configuration Management The Responsible Entity shall establish and
document a process of change control and configuration management for adding, modifying,
replacing, or removing Critical Cyber Asset hardware or software, and implement supporting
configuration management activities to identify, control and document all entity or vendor-
related changes to hardware and software components of Critical Cyber Assets pursuant to the
change control process.
C. Measures
M1. The Responsible Entity shall make available documentation of its cyber security policy as
specified in Requirement R1. Additionally, the Responsible Entity shall demonstrate that the
cyber security policy is available as specified in Requirement R1.2. (Retirement of R1.2
M2. The Responsible Entity shall make available documentation of the assignment of, and changes
to, its leadership as specified in Requirement R2.
M3. The Responsible Entity shall make available documentation of the exceptions, as specified in
Requirement R3. (Retirement approved by NERC BOT pending applicable regulatory
approval.)
M4. The Responsible Entity shall make available documentation of its information protection
program as specified in Requirement R4.
M5. The Responsible Entity shall make available its access control documentation as specified in
Requirement R5.
M6. The Responsible Entity shall make available its change control and configuration management

4
D. Compliance
1.2. The RE shall serve as the CEA with the following exceptions:
1.2.1 For entities that do not work for the Regional Entity, the Regional Entity shall
1.2.2 For Reliability Coordinators and other functional entities that work for their
Regional Entity, the ERO shall serve as the Compliance Enforcement Authority.
1.2.3 For Responsible Entities that are also Regional Entities, the ERO or a Regional
1.2.4 For the ERO, a third-party monitor without vested interest in the outcome for the
ERO shall serve as the Compliance Enforcement Authority.
Compliance Audits
Self-Certifications
Spot Checking
Self-Reporting
Complaints
1.4. Data Retention
investigation.
1.5.1 None
5

R1. MEDIUM N/A N/A The Responsible Entity has documented but not
implemented a cyber security policy.
The Responsible Entity has not documented nor implemented a
cyber security policy.
R1.1. LOWER N/A N/A N/A The Responsible Entity's cyber security policy does not address
all the requirements in Standards CIP-002-4 through CIP-009-4,
including provision for emergency situations.
R1.2.
(Retirement
approved by
NERC BOT
pending applicable
regulatory
approval.)
LOWER N/A N/A N/A The Responsible Entity's cyber security policy is not readily
available to all personnel who have access to, or are responsible
for, Critical Cyber Assets.
R1.3 LOWER N/A N/A The Responsible Entity's senior manager, assigned pursuant
to R2, annually reviewed but did not annually approve its
cyber security policy.
The Responsible Entity's senior manager, assigned pursuant to
R2, did not annually review nor approve its cyber security
policy.
R2. LOWER N/A N/A N/A The Responsible Entity has not assigned a single senior manager
with overall responsibility and
authority for leading and managing the entitys implementation
of, and adherence to, Standards CIP-002-4 through CIP-009-4.
R2.1. LOWER N/A N/A N/A The senior manager is not identified by name, title, and date of
designation.
R2.2. LOWER Changes to the senior
manager were
documented in greater
than 30 but less than 60
days of the effective
date.
Changes to the senior manager
were documented in 60 or more
but less than 90 days of the
effective date.
Changes to the senior manager were documented in 90 or
more but less than 120 days of the effective date.
Changes to the senior manager were documented in 120 or more
days of the effective date.
R2.3. LOWER N/A N/A The identification of a senior managers delegate does not
include at least one of the following; name, title, or date of
the designation,

OR

A senior managers delegate is not identified by name, title, and
date
of designation; the document delegating the authority does not
identify the authority being delegated; the document
delegating the authority is not approved by the senior manager;

6
The document is not approved by the senior manager,

OR

Changes to the delegated authority are not documented
within thirty calendar days of the effective date.
AND

changes to the delegated authority are not documented within
thirty calendar days of the effective date.
R2.4 LOWER N/A N/A N/A The senior manager or delegate(s) did not authorize and
document any exceptions fromthe requirements of the cyber
security policy as required.
R3.
(Retirement
approved by
NERC BOT
pending applicable
regulatory
approval.)
LOWER N/A N/A In Instances where the Responsible Entity cannot conformto
its cyber security policy (pertaining to CIP 002 through CIP
009), exceptions were documented, but were not authorized
by the senior manager or delegate(s).
In Instances where the Responsible Entity cannot conformto its
cyber security policy (pertaining to CIP 002 through CIP 009),
exceptions were not documented, and were not authorized by the
senior manager or delegate(s).
R3.1.
(Retirement
approved by
NERC BOT
pending applicable
regulatory
approval.)
LOWER Exceptions to the
Responsible Entitys
cyber security policy
were documented in
more than 30 but less
than 60 days of being
approved by the senior
manager or delegate(s).
Exceptions to the Responsible
Entitys cyber security policy
were documented in 60 or more
but less than 90 days of being
approved by the senior manager
or delegate(s).
Exceptions to the Responsible Entitys cyber security policy
were documented in 90 or more but less than 120 days of
being approved by the senior manager or delegate(s).
Exceptions to the Responsible Entitys cyber security policy
were documented in 120 or more days of being approved by the
senior manager or delegate(s).
R3.2.
(Retirement
approved by
NERC BOT
pending applicable
regulatory
approval.)
LOWER N/A N/A The Responsible Entity has a documented exception to the
cyber
security policy (pertaining to CIP 002-4 through CIP 009-4)
but did not include either:
1) an explanation as to why the exception is necessary, or
2) any compensating measures.
The Responsible Entity has a documented exception to the cyber
security policy (pertaining to CIP 002-4 through CIP 009-4) but
did not include both:
1) an explanation as to why the exception is necessary, and
2) any compensating measures.
R3.3.
(Retirement
approved by
NERC BOT
pending applicable
regulatory
approval.)
LOWER N/A N/A Exceptions to the cyber security policy (pertaining to CIP
002-4 through CIP 009-4) were reviewed but not approved
annually by the senior manager or delegate(s) to ensure the
exceptions are still required and valid.
Exceptions to the cyber security policy (pertaining to CIP 002-4
through CIP 009-4) were not reviewed nor approved annually by
the senior manager or delegate(s) to ensure the exceptions are
still required and valid.
7
R4. MEDIUM N/A The Responsible Entity
implemented but did not
document a programto identify,
classify, and protect information
associated with Critical Cyber
Assets.
The Responsible Entity documented but did not implement a
programto identify, classify, and protect information
associated with Critical Cyber Assets.
The Responsible Entity did not implement nor document a
programto identify, classify, and protect information associated
with Critical Cyber Assets.
R4.1. MEDIUM N/A N/A The information protection programdoes not include one of
the minimuminformation types to be protected as detailed in
R4.1.
The information protection programdoes not include two or
more of the minimuminformation types to be protected as
detailed in R4.1.
R4.2.
(Retirement
approved by
NERC BOT
pending applicable
regulatory
approval.)
LOWER N/A N/A N/A The Responsible Entity did not classify the information to be
protected under this programbased on the sensitivity of the
Critical Cyber Asset information.
R4.3. LOWER N/A The Responsible Entity annually
assessed adherence to its Critical
Cyber Asset information
protection program, documented
the assessment results, which
included deficiencies identified
during the assessment but did
not implement a remediation
plan.
The Responsible Entity annually assessed adherence to its
Critical Cyber Asset information protection program, did not
document the assessment results, and did not implement a
remediation plan.
The Responsible Entity did not annually, assess adherence to its
Critical Cyber Asset information protection program, document
the assessment results, nor implement an action plan to
remediate deficiencies identified during the assessment.
R5. LOWER N/A The Responsible Entity
document a programfor
managing access to protected
Critical Cyber Asset
information.
The Responsible Entity documented but did not implement a
programfor managing access to protected Critical Cyber
Asset information.
The Responsible Entity did not implement nor document a
programfor managing access to protected Critical Cyber Asset
information.
R5.1. LOWER N/A N/A The Responsible Entity maintained a list of designated
personnel for authorizing either logical or physical access
but not both.
The Responsible Entity did not maintain a list of designated
personnel who are responsible for authorizing logical or physical
access to protected information.
R5.1.1. LOWER N/A N/A The Responsible Entity did identify the personnel by name
and title but did not identify the information for which they
are responsible for authorizing access.
The Responsible Entity did not identify the personnel by name
and title nor the information for which they are responsible for
authorizing access.
8
R5.1.2. LOWER N/A N/A N/A The Responsible Entity did not verify at least annually the list of
personnel responsible for authorizing access to protected
information.
R5.2. LOWER N/A N/A N/A The Responsible Entity did not review at least annually the
access privileges to protected information to confirmthat access
privileges are correct and that they correspond with the
Responsible Entitys needs and appropriate personnel roles and
responsibilities.
R5.3. LOWER N/A N/A N/A The Responsible Entity did not assess and document at least
annually the processes for controlling access privileges to
protected information.
R6. LOWER The Responsible Entity
has established but not
documented a change
control process
OR
has established but not
documented a
configuration
management process.
The Responsible Entity has
established but not documented
both a change control process
and configuration management
process.
The Responsible Entity has not established and documented
a change control process
OR
The Responsible Entity has not established and documented
a configuration management process.
The Responsible Entity has not established and documented a
change control process
AND
The Responsible Entity has not established and documented a
configuration management process.

None identified.
9
Version History

Version Date Action Change
Tracking
entity.
Requirement R2 applies to all Responsible Entities,
including Responsible Entities which have no
Critical Cyber Assets.
Modified the personnel identification information
requirements in R5.1.1 to include name, title, and
the information for which they are responsible for
authorizing access (removed the business phone
information).

4 Board approved
01/24/2011
Update version number from 3 to 4 Update to conform
to changes to CIP-
002-4 (Project
2008-06)
4 4/19/12 FERC Order issued approving CIP-003-4 (approval
becomes effective J une 25, 2012)

Added approved VRF/VSL table to section D.2.

3, 4 2/7/13 R1.2, R3, R3.1, R3.2, R3.3, and R4.2 and
associated elements approved by NERC Board of
Trustees for retirement as part of the Paragraph 81
project (Project 2013-02) pending applicable
regulatory approval.

CIP-003-5 Cyber Security Security Management Controls
Page 1 of 22
A. Introduction
3. Purpose: To specify consistent and sustainable security management controls that
establish responsibility and accountability to protect BES Cyber Systems against
compromise that could lead to misoperation or instability in the BES.
4. Applicability:
4.1. Functional Entities: For the purpose of the requirements contained herein, the
following list of functional entities will be collectively referred to as Responsible
Entities. For requirements in this standard where a specific functional entity or
subset of functional entities are the applicable entity or entities, the functional entity
or entities are specified explicitly.
4.1.1 Balancing Authority
4.1.2 Distribution Provider that owns one or more of the following Facilities, systems,
and equipment for the protection or restoration of the BES:
4.1.2.1 Each underfrequency Load shedding (UFLS) or undervoltage Load shedding
(UVLS) system that:
4.1.2.1.1 is part of a Load shedding program that is subject to one or more
4.1.2.1.2 performs automatic Load shedding under a common control system
of 300 MW or more.
4.1.2.2 Each Special Protection System or Remedial Action Scheme where the
4.1.2.3 Each Protection System (excluding UFLS and UVLS) that applies to
4.1.2.4 Each Cranking Path and group of Elements meeting the initial switching
4.1.3 Generator Operator
4.1.4 Generator Owner
4.1.5 Interchange Coordinator or Interchange Authority
4.1.6 Reliability Coordinator
Page 2 of 22
4.1.7 Transmission Operator
4.1.8 Transmission Owner
4.2. Facilities: For the purpose of the requirements contained herein, the following
Facilities, systems, and equipment owned by each Responsible Entity in 4.1 above
are those to which these requirements are applicable. For requirements in this
standard where a specific type of Facilities, system, or equipment or subset of
Facilities, systems, and equipment are applicable, these are specified explicitly.
4.2.1 Distribution Provider: One or more of the following Facilities, systems and
equipment owned by the Distribution Provider for the protection or restoration
of the BES:
4.2.1.1 Each UFLS or UVLS System that:
4.2.1.1.1 is part of a Load shedding program that is subject to one or more
4.2.1.1.2 performs automatic Load shedding under a common control system
of 300 MW or more.
4.2.1.2 Each Special Protection System or Remedial Action Scheme where the
4.2.1.3 Each Protection System (excluding UFLS and UVLS) that applies to
4.2.1.4 Each Cranking Path and group of Elements meeting the initial switching
4.2.2 Responsible Entities listed in 4.1 other than Distribution Providers:
All BES Facilities.
4.2.3 Exemptions: The following are exempt from Standard CIP-003-5:
4.2.3.1 Cyber Assets at Facilities regulated by the Canadian Nuclear Safety
Commission.
4.2.3.2 Cyber Assets associated with communication networks and data
communication links between discrete Electronic Security Perimeters.
4.2.3.3 The systems, structures, and components that are regulated by the Nuclear
Regulatory Commission under a cyber security plan pursuant to 10 C.F.R.
Section 73.54.
Page 3 of 22
4.2.3.4 For Distribution Providers, the systems and equipment that are not included
in section 4.2.1 above.
5. Effective Dates:
1. 24 Months Minimum CIP-003-5, except for CIP-003-5, Requirement R2, shall
become effective on the later of July 1, 2015, or the first calendar day of the
ninth calendar quarter after the effective date of the order providing applicable
regulatory approval. CIP-003-5, Requirement R2 shall become effective on the
later of July 1, 2016, or the first calendar day of the 13th calendar quarter after
the effective date of the order providing applicable regulatory approval.
2. In those jurisdictions where no regulatory approval is required, CIP-003-5, except
for CIP-003-5, Requirement R2, shall become effective on the first day of the
ninth calendar quarter following Board of Trustees approval, and CIP-003-5,
Requirement R2 shall become effective on the first day of the 13th calendar
quarter following Board of Trustees approval, or as otherwise made effective
pursuant to the laws applicable to such ERO governmental authorities.
6. Background:
Standard CIP-003-5 exists as part of a suite of CIP Standards related to cyber security.
CIP-002-5 requires the initial identification and categorization of BES Cyber Systems.
CIP-003-5, CIP-004-5, CIP-005-5, CIP-006-5, CIP-007-5, CIP-008-5, CIP-009-5, CIP-010-
1, and CIP-011-1 require a minimum level of organizational, operational, and
procedural controls to mitigate risk to BES Cyber Systems. This suite of CIP Standards
is referred to as the Version 5 CIP Cyber Security Standards.
The SDT has incorporated within this standard a recognition that certain
requirements should not focus on individual instances of failure as a sole basis for
violating the standard. In particular, the SDT has incorporated an approach to
empower and enable the industry to identify, assess, and correct deficiencies in the
implementation of certain requirements. The intent is to change the basis of a
violation in those requirements so that they are not focused on whether there is a
deficiency, but on identifying, assessing, and correcting deficiencies. It is presented
in those requirements by modifying implement as follows:
Each Responsible Entity shall implement, in a manner that identifies, assesses,
and corrects deficiencies, . . .
The term documented processes refers to a set of required instructions specific to the
Responsible Entity and to achieve a specific outcome. This term does not imply any
naming or approval structure beyond what is stated in the requirements. An entity
should include as much as it believes necessary in their documented processes, but
they must address the applicable requirements. The documented processes
themselves are not required to include the . . . identifies, assesses, and corrects
deficiencies, . . ." elements described in the preceding paragraph, as those aspects
Page 4 of 22
are related to the manner of implementation of the documented processes and could
be accomplished through other controls or compliance management activities.
The terms program and plan are sometimes used in place of documented processes
where it makes sense and is commonly understood. For example, documented
processes describing a response are typically referred to as plans (i.e., incident
response plans and recovery plans). Likewise, a security plan can describe an
approach involving multiple procedures to address a broad subject matter.
Similarly, the term program may refer to the organizations overall implementation of
its policies, plans and procedures involving a subject matter. Examples in the
standards include the personnel risk assessment program and the personnel training
program. The full implementation of the CIP Cyber Security Standards could also be
referred to as a program. However, the terms program and plan do not imply any
additional requirements beyond what is stated in the standards.
Responsible Entities can implement common controls that meet requirements for
multiple high and medium impact BES Cyber Systems. For example, a single training
program could meet the requirements for training personnel across multiple BES
Cyber Systems.
Measures provide examples of evidence to show documentation and implementation
of the requirement. These measures serve to provide guidance to entities in
acceptable records of compliance and should not be viewed as an all-inclusive list.
Throughout the standards, unless otherwise stated, bulleted items in the
requirements and measures are items that are linked with an or, and numbered
items are items that are linked with an and.
Many references in the Applicability section use a threshold of 300 MW for UFLS and
UVLS. This particular threshold of 300 MW for UVLS and UFLS was provided in
Version 1 of the CIP Cyber Security Standards. The threshold remains at 300 MW
since it is specifically addressing UVLS and UFLS, which are last ditch efforts to save
the Bulk Electric System. A review of UFLS tolerances defined within regional
reliability standards for UFLS program requirements to date indicates that the
historical value of 300 MW represents an adequate and reasonable threshold value
for allowable UFLS operational tolerances.

Page 5 of 22

R1. Each Responsible Entity, for its high impact and medium impact BES Cyber Systems,
shall review and obtain CIP Senior Manager approval at least once every 15 calendar
months for one or more documented cyber security policies that collectively address
the following topics: [Violation Risk Factor: Medium] [Time Horizon: Operations
Planning]
1.1 Personnel & training (CIP-004);
1.2 Electronic Security Perimeters (CIP-005) including Interactive Remote Access;
1.3 Physical security of BES Cyber Systems (CIP-006);
1.4 System security management (CIP-007);
1.5 Incident reporting and response planning (CIP-008);
1.6 Recovery plans for BES Cyber Systems (CIP-009);
1.7 Configuration change management and vulnerability assessments (CIP-010);
1.8 Information protection (CIP-011); and
1.9 Declaring and responding to CIP Exceptional Circumstances.
M1. Examples of evidence may include, but are not limited to, policy documents; revision
history, records of review, or workflow evidence from a document management
system that indicate review of each cyber security policy at least once every 15
calendar months; and documented approval by the CIP Senior Manager for each cyber
security policy.
R2. Each Responsible Entity for its assets identified in CIP-002-5, Requirement R1, Part
R1.3, shall implement, in a manner that identifies, assesses, and corrects deficiencies,
one or more documented cyber security policies that collectively address the following
topics, and review and obtain CIP Senior Manager approval for those policies at least
once every 15 calendar months: [Violation Risk Factor: Lower] [Time Horizon:
Operations Planning]
2.1 Cyber security awareness;
2.2 Physical security controls;
2.3 Electronic access controls for external routable protocol connections and Dial-up
Connectivity; and
2.4 Incident response to a Cyber Security Incident.
An inventory, list, or discrete identification of low impact BES Cyber Systems or their
BES Cyber Assets is not required.

Page 6 of 22
M2. Examples of evidence may include, but are not limited to, one or more documented
cyber security policies and evidence of processes, procedures, or plans that
demonstrate the implementation of the required topics; revision history, records of
review, or workflow evidence from a document management system that indicate
review of each cyber security policy at least once every 15 calendar months; and
documented approval by the CIP Senior Manager for each cyber security policy.
R3. Each Responsible Entity shall identify a CIP Senior Manager by name and document
any change within 30 calendar days of the change. [Violation Risk Factor: Medium]
[Time Horizon: Operations Planning]
M3. An example of evidence may include, but is not limited to, a dated and approved
document from a high level official designating the name of the individual identified
as the CIP Senior Manager.
R4. The Responsible Entity shall implement, in a manner that identifies, assesses, and
corrects deficiencies, a documented process to delegate authority, unless no
delegations are used. Where allowed by the CIP Standards, the CIP Senior Manager
may delegate authority for specific actions to a delegate or delegates. These
delegations shall be documented, including the name or title of the delegate, the
specific actions delegated, and the date of the delegation; approved by the CIP Senior
Manager; and updated within 30 days of any change to the delegation. Delegation
changes do not need to be reinstated with a change to the delegator. [Violation Risk
Factor: Lower] [Time Horizon: Operations Planning]
M4. An example of evidence may include, but is not limited to, a dated document,
approved by the CIP Senior Manager, listing individuals (by name or title) who are
delegated the authority to approve or authorize specifically identified items.

C. Compliance
1.1. Compliance Enforcement Authority:
since the last audit, the CEA may ask an entity to provide other evidence to show
Page 7 of 22
identified below unless directed by its CEA to retain specific evidence for a
Each Responsible Entity shall retain evidence of each requirement in this
standard for three calendar years.
If a Responsible Entity is found non-compliant, it shall keep information
related to the non-compliance until mitigation is complete and approved or
for the time specified above, whichever is longer.
The CEA shall keep the last audit records and all requested and submitted
Compliance Audit
Self-Certification
Spot Checking
Self-Reporting
Complaint
1.4. Additional Compliance Information:
None
Page 8 of 22
2. Table of Compliance Elements
R # Time
Horizon
R1 Operations
Planning
Medium The Responsible
Entity documented
and implemented
one or more cyber
security policies for
its high impact and
medium impact BES
Cyber Systems, but
did not address one
of the nine topics
required by R1. (R1)
OR
The Responsible
Entity did not
complete its review
of the one or more
documented cyber
its high impact and
medium impact BES
Cyber Systems as
required by R1
within 15 calendar
months but did
complete this review
The Responsible
Entity documented
and implemented
one or more cyber
its high impact and
medium impact BES
Cyber Systems, but
did not address two
of the nine topics
OR
The Responsible
Entity did not
complete its review
of the one or more
documented cyber
its high impact and
medium impact BES
Cyber Systems as
required by R1
within 16 calendar
months but did
documented and
implemented one or
more cyber security
policies for its high
impact and medium
impact BES Cyber
Systems, but did not
address three of the nine
topics required by R1.
(R1)
OR
review of the one or
more documented cyber
security policies for its
high impact and medium
impact BES Cyber
Systems as required by
R1 within 17 calendar
months but did
complete this review in
less than or equal to 18
calendar months of the
The Responsible
Entity documented
and implemented
one or more cyber
its high impact and
medium impact BES
Cyber Systems, but
did not address four
or more of the nine
topics required by
R1. (R1)
OR
The Responsible
Entity did not have
any documented
cyber security
impact and medium
impact BES Cyber
Systems as required
by R1. (R1)
OR
The Responsible
Page 9 of 22
R # Time
Horizon
in less than or equal
to 16 calendar
months of the
previous review. (R1)
OR
The Responsible
Entity did not
complete its
approval of the one
or more documented
cyber security
impact and medium
impact BES Cyber
Systems as required
by R1 by the CIP
Senior Manager or
delegate according
to Requirement R1
within 15 calendar
months but did
complete this
approval in less than
or equal to 16
calendar months of
the previous
to 17 calendar
months of the
OR
The Responsible
Entity did not
complete its
approval of the one
or more
documented cyber
its high impact and
medium impact BES
Cyber Systems as
required by R1 by
the CIP Senior
Manager or delegate
according to
Requirement R1
within 16 calendar
months but did
complete this
or equal to 17
calendar months of
the previous
OR
approval of the one or
security policies for its
high impact and medium
impact BES Cyber
Systems as required by
R1 by the CIP Senior
Manager or delegate
according to
17 calendar months but
did complete this
approval in less than or
months of the previous
approval. (R1)
Entity did not
complete its review
of the one or more
documented cyber
security policies as
required by R1
within 18 calendar
months of the
OR
The Responsible
Entity did not
complete its
approval of the one
or more
documented cyber
its high impact and
medium impact BES
Cyber Systems as
required by R1 by
the CIP Senior
Manager or delegate
according to
Requirement R1
within 18 calendar
months of the
Page 10 of 22
R # Time
Horizon
approval. (R1) approval. (R1) previous approval.
(R1)
R2 Operations
Planning
Lower The Responsible
Entity documented
and implemented
one or more cyber
assets with a low
impact rating that
address only three of
the topics as
required by R2 and
has identified
deficiencies but did
not assess or correct
the deficiencies. (R2)
OR
The Responsible
Entity documented
and implemented
one or more cyber
assets with a low
impact rating that
address only three of
the topics as
The Responsible
Entity documented
and implemented
one or more cyber
assets with a low
impact rating that
address only two of
the topics as
required by R2 and
has identified
deficiencies but did
not assess or correct
the deficiencies. (R2)
OR
The Responsible
Entity documented
and implemented
one or more cyber
assets with a low
impact rating that
address only two of
the topics as
documented and
implemented one or
more cyber security
policies for assets with a
low impact rating that
address only one of the
topics as required by R2
and has identified
deficiencies but did not
assess or correct the
deficiencies. (R2)
OR
documented and
implemented one or
more cyber security
policies for assets with a
low impact rating that
address only one of the
topics as required by R2
but did not identify,
assess, or correct the
deficiencies.
The Responsible
Entity did not
document or
implement any cyber
assets with a low
impact rating that
address the topics as
OR
The Responsible
Entity did not
complete its review
of the one or more
documented cyber
assets with a low
impact rating as
required by R2
within 18 calendar
months of the
OR
The Responsible
Page 11 of 22
R # Time
Horizon
required by R2 but
did not identify,
deficiencies.
OR
The Responsible
Entity did not
complete its review
of the one or more
documented cyber
assets with a low
impact rating as
required by R2
within 15 calendar
months but did
to 16 calendar
months of the
OR
The Responsible
Entity did not
complete its
approval of the one
required by R2 but
did not identify,
deficiencies.
OR
The Responsible
Entity did not
complete its review
of the one or more
documented cyber
assets with a low
impact rating as
required by R2
within 16 calendar
months but did
to 17 calendar
months of the
OR
The Responsible
Entity did not
complete its
approval of the one
OR
review of the one or
assets with a low impact
rating as required by R2
within 17 calendar
months but did
complete this review in
calendar months of the
OR
approval of the one or
assets with a low impact
rating as required by R2
by the CIP Senior
Manager according to
17 calendar months but
Entity did not
complete its
approval of the one
or more
documented cyber
assets with a low
impact rating as
required by R2 by
the CIP Senior
Manager according
to Requirement R2
within 18 calendar
months of the
previous approval.
(R2)
Page 12 of 22
R # Time
Horizon
or more documented
cyber security
policies for assets
with a low impact
rating as required by
R2 by the CIP Senior
Manager according
to Requirement R2
within 15 calendar
months but did
complete this
or equal to 16
calendar months of
the previous
approval. (R2)
or more
documented cyber
assets with a low
impact rating as
required by R2 by
the CIP Senior
Manager according
to Requirement R2
within 16 calendar
months but did
complete this
or equal to 17
calendar months of
the previous
approval. (R2)
did complete this
approval in less than or
approval. (R2)
R3 Operations
Planning
Medium The Responsible
Entity has identified
by name a CIP Senior
Manager, but did not
document changes
to the CIP Senior
Manager within 30
calendar days but did
document this
change in less than
The Responsible
Manager, but did
not document
changes to the CIP
Senior Manager
within 40 calendar
days but did
document this
has identified by name a
CIP Senior Manager, but
did not document
changes to the CIP
Senior Manager within
50 calendar days but did
document this change in
less than 60 calendar
The Responsible
Entity has not
identified, by name,
a CIP Senior
Manager.
OR
The Responsible
Page 13 of 22
R # Time
Horizon
40 calendar days of
the change. (R3)
change in less than
50 calendar days of
the change. (R3)
days of the change. (R3) Manager, but did
not document
changes to the CIP
Senior Manager
within 60 calendar
days of the change.
(R3)
R4 Operations
Planning
Lower The Responsible
a delegate by name,
title, date of
delegation, and
specific actions
delegated, but did
not document
changes to the
delegate within 30
calendar days but did
document this
change in less than
40 calendar days of
the change. (R4)
The Responsible
a delegate by name,
title, date of
delegation, and
specific actions
delegated, but did
not document
changes to the
delegate within 40
calendar days but
did document this
change in less than
50 calendar days of
the change. (R4)
has used delegated
authority for actions
where allowed by the
CIP Standards, has a
process to delegate
actions from the CIP
Senior Manager, and has
Identified deficiencies
but did not assess or
correct the
deficiencies.(R4)
OR
has used delegated
authority for actions
where allowed by the
CIP Standards, has a
process to delegate
The Responsible
Entity has used
delegated authority
for actions where
allowed by the CIP
Standards, but does
not have a process
to delegate actions
from the CIP Senior
Manager. (R4)
OR
The Responsible
a delegate by name,
title, date of
delegation, and
specific actions
delegated, but did
not document
Page 14 of 22
R # Time
Horizon
actions from the CIP
Senior Manager, but did
not identify, assess, or
correct the
deficiencies.(R4)
OR
has identified a delegate
by name, title, date of
delegation, and specific
actions delegated, but
did not document
changes to the delegate
within 50 calendar days
but did document this
change in less than 60
calendar days of the
change. (R4)
changes to the
delegate within 60
change. (R4)

Page 15 of 22

None.
E. Interpretations
None.
None.
Page 16 of 22
Section 4 Scope of Applicability of the CIP Cyber Security Standards

Section 4. Applicability of the standards provides important information for Responsible
Entities to determine the scope of the applicability of the CIP Cyber Security Requirements.

Section 4.1. Functional Entities is a list of NERC functional entities to which the standard
applies. If the entity is registered as one or more of the functional entities listed in Section 4.1,
then the NERC CIP Cyber Security Standards apply. Note that there is a qualification in Section
4.1 that restricts the applicability in the case of Distribution Providers to only those that own
certain types of systems and equipment listed in 4.2.

Section 4.2. Facilities defines the scope of the Facilities, systems, and equipment owned by
the Responsible Entity, as qualified in Section 4.1, that is subject to the requirements of the
standard. In addition to the set of BES Facilities, Control Centers, and other systems and
equipment, the list includes the set of systems and equipment owned by Distribution Providers.
While the NERC Glossary term Facilities already includes the BES characteristic, the additional
use of the term BES here is meant to reinforce the scope of applicability of these Facilities
where it is used, especially in this applicability scoping section. This in effect sets the scope of
Facilities, systems, and equipment that is subject to the standards.

Requirement R1:
The number of policies and their specific language are guided by a Responsible Entity's
management structure and operating conditions. Policies might be included as part of a
general information security program for the entire organization, or as components of specific
programs. The cyber security policy must cover in sufficient detail the nine topical areas
required by CIP-003-5, Requirement R1. The Responsible Entity has the flexibility to develop a
single comprehensive cyber security policy covering these topics, or it may choose to develop a
single high-level umbrella policy and provide additional policy detail in lower level documents in
its documentation hierarchy. In the case of a high-level umbrella policy, the Responsible Entity
would be expected to provide the high-level policy as well as the additional documentation in
order to demonstrate compliance with CIP-003-5, Requirement R1. Implementation of the
cyber security policy is not specifically included in CIP-003-5, Requirement R1 as it is envisioned
that the implementation of this policy is evidenced through successful implementation of CIP-
004 through CIP-011. However, Responsible Entities are encouraged not to limit the scope of
their cyber security policies to only those requirements from CIP-004 through CIP-011, but
rather to put together a holistic cyber security policy appropriate to its organization. The
assessment through the Compliance Monitoring and Enforcement Program of policy items that
extend beyond the scope of CIP-004 through CIP-011 should not be considered candidates for
potential violations. The Responsible Entity should consider the following for each of the
required topics in its cyber security policy:
1.1 Personnel & training (CIP-004)
Page 17 of 22
Organization position on acceptable background investigations
Identification of possible disciplinary action for violating this policy
Account management
1.2 Electronic Security Perimeters (CIP-005) including Interactive Remote Access
Organization stance on use of wireless networks
Identification of acceptable authentication methods
Identification of trusted and untrusted resources
Monitoring and logging of ingress and egress at Electronic Access Points
Maintaining up-to-date anti-malware software before initiating Interactive Remote
Access
Maintaining up-to-date patch levels for operating systems and applications used to
initiate Interactive Remote Access
Disabling VPN split-tunneling or dual-homed workstations before initiating
Interactive Remote Access
For vendors, contractors, or consultants: include language in contracts that requires
adherence to the Responsible Entitys Interactive Remote Access controls
1.3 Physical security of BES Cyber Systems (CIP-006)
Strategy for protecting Cyber Assets from unauthorized physical access
Acceptable physical access control methods
Monitoring and logging of physical ingress
1.4 System security management (CIP-007)
Strategies for system hardening
Acceptable methods of authentication and access control
Password policies including length, complexity, enforcement, prevention of brute force
attempts
Monitoring and logging of BES Cyber Systems
1.5 Incident reporting and response planning (CIP-008)
Recognition of Cyber Security Incidents
Appropriate notifications upon discovery of an incident
Obligations to report Cyber Security Incidents
1.6 Recovery plans for BES Cyber Systems (CIP-009)
Availability of spare components
Page 18 of 22
Availability of system backups
1.7 Configuration change management and vulnerability assessments (CIP-010)
Initiation of change requests
Approval of changes
Break-fix processes
1.8 Information protection (CIP-011)
Information access control methods
Notification of unauthorized information disclosure
Information access on a need-to-know basis
1.9 Declaring and responding to CIP Exceptional Circumstances
Processes to invoke special procedures in the event of a CIP Exceptional Circumstance
Processes to allow for exceptions to policy that do not violate CIP requirements
The Standard Drafting Team (SDT) has removed requirements relating to exceptions to a
Responsible Entitys security policies since it is a general management issue that is not within
the scope of a reliability requirement. The SDT considers it to be an internal policy requirement
and not a reliability requirement. However, the SDT encourages Responsible Entities to
continue this practice as a component of its cyber security policy.
In this and all subsequent required approvals in the NERC CIP Standards, the Responsible Entity
may elect to use hardcopy or electronic approvals to the extent that there is sufficient evidence
to ensure the authenticity of the approving party.
Requirement R2:
As with Requirement R1, the number of policies and their specific language would be guided by
a Responsible Entity's management structure and operating conditions. Policies might be
included as part of a general information security program for the entire organization or as
components of specific programs. The cyber security policy must cover in sufficient detail the
four topical areas required by CIP-003-5, Requirement R2. The Responsible Entity has flexibility
to develop a single comprehensive cyber security policy covering these topics, or it may choose
to develop a single high-level umbrella policy and provide additional policy detail in lower level
documents in its documentation hierarchy. In the case of a high-level umbrella policy, the
Responsible Entity would be expected to provide the high-level policy as well as the additional
documentation in order to demonstrate compliance with CIP-003-5, Requirement R2. The
intent of the requirement is to outline a set of basic protections that all low impact BES Cyber
Systems should receive without requiring a significant administrative and compliance overhead.
The SDT intends that demonstration of this requirement can be reasonably accomplished
through providing evidence of related processes, procedures, or plans. While the audit staff
may choose to review an example low impact BES Cyber System, the SDT believes strongly that
the current method (as of this writing) of reviewing a statistical sample of systems is not
Page 19 of 22
necessary. The SDT also notes that in topic 2.3, the SDT uses the term electronic access
control in the general sense, i.e., to control access, and not in the specific technical sense
requiring authentication, authorization, and auditing.
Requirement R3:
The intent of CIP-003-5, Requirement R3 is effectively unchanged since prior versions of the
standard. The specific description of the CIP Senior Manager has now been included as a
defined term rather than clarified in the Standard itself to prevent any unnecessary cross-
reference to this standard. It is expected that this CIP Senior Manager play a key role in
ensuring proper strategic planning, executive/board-level awareness, and overall program
governance.
Requirement R4:
As indicated in the rationale for CIP-003-5, Requirement R4, this requirement is intended to
demonstrate a clear line of authority and ownership for security matters. The intent of the SDT
was not to impose any particular organizational structure, but, rather, the Responsible Entity
should have significant flexibility to adapt this requirement to their existing organizational
structure. A Responsible Entity may satisfy this requirement through a single delegation
document or through multiple delegation documents. The Responsible Entity can make use of
the delegation of the delegation authority itself to increase the flexibility in how this applies to
its organization. In such a case, delegations may exist in numerous documentation records as
long as the collection of these documentation records provides a clear line of authority back to
the CIP Senior Manager. In addition, the CIP Senior Manager could also choose not to delegate
any authority and meet this requirement without such delegation documentation.
The Responsible Entity must keep its documentation of the CIP Senior Manager and any
delegations up to date. This is to ensure that individuals do not assume any undocumented
authority. However, delegations do not have to be re-instated if the individual who delegated
the task changes roles or is replaced. For instance, assume that John Doe is named the CIP
Senior Manager and he delegates a specific task to the Substation Maintenance Manager. If
John Doe is replaced as the CIP Senior Manager, the CIP Senior Manager documentation must
be updated within the specified timeframe, but the existing delegation to the Substation
Maintenance Manager remains in effect as approved by the previous CIP Senior Manager, John
Doe.

Page 20 of 22
Rationale:

Rationale for R1:
One or more security policies enable effective implementation of the standard's requirements.
The purpose of policies is to provide a management and governance foundation for all
requirements that apply to personnel who have authorized electronic access and/or authorized
unescorted physical access to its BES Cyber Systems. The Responsible Entity can demonstrate
through its policies that its management supports the accountability and responsibility
necessary for effective implementation of the standard's requirements.
Annual review and approval of the cyber security policy ensures that the policy is kept up-to-
date and periodically reaffirms managements commitment to the protection of its BES Cyber
Systems.

Rationale for R2:
One or more security policies enable effective implementation of the standard's requirements.
The purpose of policies is to provide a management and governance foundation for all
requirements that apply to personnel who have authorized electronic access and/or authorized
unescorted physical access to its BES Cyber Systems. The Responsible Entity can demonstrate
through its policies that its management supports the accountability and responsibility
necessary for effective implementation of the standard's requirements.
The language in Requirement R2, Part 2.3 . . . for external routable protocol connections and
Dial-up Connectivity . . . was included to acknowledge the support given in FERC Order 761,
paragraph 87, for electronic security perimeter protections of some form to be applied to all
BES Cyber Systems, regardless of impact. Part 2.3 uses the phrase external routable protocol
connections instead of the defined term External Routable Connectivity, because the latter
term has very specific connotations relating to Electronic Security Perimeters and high and
medium impact BES Cyber Systems. Using the glossary term External Routable Connectivity
in the context of Requirement R2 would not be appropriate because Requirement R2 is limited
in scope to low impact BES Cyber Systems.
Review and approval of the cyber security policy at least every 15 calendar months ensures that
the policy is kept up-to-date and periodically reaffirms managements commitment to the
protection of its BES Cyber Systems.

Page 21 of 22
Rationale for R3:
The identification and documentation of the single CIP Senior Manager ensures that there is
clear authority and ownership for the CIP program within an organization, as called for in
Blackout Report Recommendation 43. The language that identifies CIP Senior Manager
responsibilities is included in the Glossary of Terms used in NERC Reliability Standards so that it
may be used across the body of CIP standards without an explicit cross-reference.
FERC Order No. 706, Paragraph 296, requests consideration of whether the single senior
manager should be a corporate officer or equivalent. As implicated through the defined term,
the senior manager has the overall authority and responsibility for leading and managing
implementation of the requirements within this set of standards which ensures that the senior
manager is of sufficient position in the Responsible Entity to ensure that cyber security receives
the prominence that is necessary. In addition, given the range of business models for
responsible entities, from municipal, cooperative, federal agencies, investor owned utilities,
privately owned utilities, and everything in between, the SDT believes that requiring the senior
manager to be a corporate officer or equivalent would be extremely difficult to interpret and
enforce on a consistent basis.

Rationale for R4:
The intent of the requirement is to ensure clear accountability within an organization for
certain security matters. It also ensures that delegations are kept up-to-date and that
individuals do not assume undocumented authority.
In FERC Order No. 706, Paragraphs 379 and 381, the Commission notes that Recommendation
43 of the 2003 Blackout Report calls for clear lines of authority and ownership for security
matters. With this in mind, the Standard Drafting Team has sought to provide clarity in the
requirement for delegations so that this line of authority is clear and apparent from the
documented delegations.

Page 22 of 22
Version History

1 1/16/06
R3.2 Change Control Center to
control center.
3/24/06
2 9/30/09 Modifications to clarify the
requirements and to bring the
compliance elements into conformance
Removal of reasonable business
judgment.
responsible entity.

3 12/16/09 Updated version number from -2 to -3
Approved by the NERC Board of
Trustees.

3 3/31/10 Approved by FERC.
4 1/24/11 Approved by the NERC Board of
Trustees.
Update to
conform to
changes to CIP-
002-4 (Project
2008-06)
5 11/26/12 Adopted by the NERC Board of
Trustees.

Modified to
coordinate with
other CIP
standards and to
revise format to
use RBS
Template.

Standard CIP0043a Cyber Security Pers onnel and Training
Page 1 of 7

A. Introduction
1. Title: Cyber Security Personnel & Training
3. Purpose: Standard CIP-004-3 requires that personnel having authorized cyber or
authorized unescorted physical access to Critical Cyber Assets, including contractors and
service vendors, have an appropriate level of personnel risk assessment, training, and security
awareness. Standard CIP-004-3 should be read as part of a group of standards numbered
Standards CIP-002-3 through CIP-009-3.
4. Applicability:
4.1.10 NERC.
they have no Critical Cyber Assets.
not required).
B. Requirements
R1. Awareness The Responsible Entity shall establish, document, implement, and maintain a
security awareness program to ensure personnel having authorized cyber or authorized
unescorted physical access to Critical Cyber Assets receive on-going reinforcement in sound
security practices. The program shall include security awareness reinforcement on at least a
quarterly basis using mechanisms such as:
Direct communications (e.g., emails, memos, computer based training, etc.);
Page 2 of 7

Indirect communications (e.g., posters, intranet, brochures, etc.);
Management support and reinforcement (e.g., presentations, meetings, etc.).
R2. Training The Responsible Entity shall establish, document, implement, and maintain an
annual cyber security training program for personnel having authorized cyber or authorized
unescorted physical access to Critical Cyber Assets. The cyber security training program shall
be reviewed annually, at a minimum, and shall be updated whenever necessary.
R2.1. This program will ensure that all personnel having such access to Critical Cyber Assets,
including contractors and service vendors, are trained prior to their being granted such
access except in specified circumstances such as an emergency.
R2.2. Training shall cover the policies, access controls, and procedures as developed for the
Critical Cyber Assets covered by CIP-004-3, and include, at a minimum, the following
required items appropriate to personnel roles and responsibilities:
R2.2.1. The proper use of Critical Cyber Assets;
R2.2.2. Physical and electronic access controls to Critical Cyber Assets;
R2.2.3. The proper handling of Critical Cyber Asset information; and,
R2.2.4. Action plans and procedures to recover or re-establish Critical Cyber Assets
and access thereto following a Cyber Security Incident.
R2.3. The Responsible Entity shall maintain documentation that training is conducted at least
annually, including the date the training was completed and attendance records.
R3. Personnel Risk Assessment The Responsible Entity shall have a documented personnel risk
assessment program, in accordance with federal, state, provincial, and local laws, and subject to
existing collective bargaining unit agreements, for personnel having authorized cyber or
authorized unescorted physical access to Critical Cyber Assets. A personnel risk assessment
shall be conducted pursuant to that program prior to such personnel being granted such access
except in specified circumstances such as an emergency.
The personnel risk assessment program shall at a minimum include:
R3.1. The Responsible Entity shall ensure that each assessment conducted include, at least,
identity verification (e.g., Social Security Number verification in the U.S.) and seven-
year criminal check. The Responsible Entity may conduct more detailed reviews, as
permitted by law and subject to existing collective bargaining unit agreements,
depending upon the criticality of the position.
R3.2. The Responsible Entity shall update each personnel risk assessment at least every seven
years after the initial personnel risk assessment or for cause.
R3.3. The Responsible Entity shall document the results of personnel risk assessments of its
personnel having authorized cyber or authorized unescorted physical access to Critical
Cyber Assets, and that personnel risk assessments of contractor and service vendor
personnel with such access are conducted pursuant to Standard CIP-004-3.
R4. Access The Responsible Entity shall maintain list(s) of personnel with authorized cyber or
authorized unescorted physical access to Critical Cyber Assets, including their specific
electronic and physical access rights to Critical Cyber Assets.
R4.1. The Responsible Entity shall review the list(s) of its personnel who have such access to
Critical Cyber Assets quarterly, and update the list(s) within seven calendar days of any
change of personnel with such access to Critical Cyber Assets, or any change in the
Page 3 of 7

access rights of such personnel. The Responsible Entity shall ensure access list(s) for
contractors and service vendors are properly maintained.
R4.2. The Responsible Entity shall revoke such access to Critical Cyber Assets within 24
hours for personnel terminated for cause and within seven calendar days for personnel
who no longer require such access to Critical Cyber Assets.
C. Measures
M1. The Responsible Entity shall make available documentation of its security awareness and
reinforcement program as specified in Requirement R1.
M2. The Responsible Entity shall make available documentation of its cyber security training
program, review, and records as specified in Requirement R2.
M3. The Responsible Entity shall make available documentation of the personnel risk assessment
program and that personnel risk assessments have been applied to all personnel who have
authorized cyber or authorized unescorted physical access to Critical Cyber Assets, as specified
in Requirement R3.
M4. The Responsible Entity shall make available documentation of the list(s), list review and
update, and access revocation as needed as specified in Requirement R4.
D. Compliance
Not Applicable.
Compliance Audits
Self-Certifications
Spot Checking
Self-Reporting
Complaints
1.4. Data Retention
1.4.1 The Responsible Entity shall keep personnel risk assessment documents in
accordance with federal, state, provincial, and local laws.
1.4.2 The Responsible Entity shall keep all other documentation required by Standard
CIP-004-3 from the previous full calendar year unless directed by its Compliance
Page 4 of 7

None identified.
Version History
1 01/16/06 D.2.2.4 Insert the phrase for cause as
intended. One instance of personnel termination
for cause
03/24/06
1 06/01/06 D.2.1.4 Change access control rights to
access rights.
06/05/06
entity.
Reference to emergency situations.
Modification to R1 for the Responsible Entity to
establish, document, implement, and maintain the
awareness program.
training program; also stating the requirements for
the cyber security training program.
Modification to R3 Personnel Risk Assessment to
clarify that it pertains to personnel having
authorized cyber or authorized unescorted physical
access to Critical Cyber Assets.
Removal of 90 day window to complete training
and 30 day window to complete personnel risk
assessments.

3 12/16/09 Approved by NERC Board of Trustees Update
Page 5 of 7

3a 5/24/12 Interpretation of R2, R3, and R4 adopted by NERC
Board of Trustees

3a 12/13/12 Interpretation of R2, R3, and R4 approved by
FERC in a Letter Order issued December 12, 2012

Page 6 of 7

Appendix 1

R2. Training The Responsible Entity shall establish, maintain, and document an annual cyber
security training program for personnel having authorized cyber or authorized unescorted physical
access to Critical Cyber Assets, and review the program annually and update as necessary.
including contractors and service vendors, are trained within ninety calendar days of such
authorization.
existing collective bargaining unit agreements, for personnel having authorized cyber or authorized
unescorted physical access. A personnel risk assessment shall be conducted pursuant to that program
within thirty days of such personnel being granted such access. Such program shall at a minimum
include:
authorized unescorted physical access to Critical Cyber Assets, including their specific electronic and
physical access rights to Critical Cyber Assets.
Question 1
The WECC RC seeks clarification on the definition of authorized access as applied to temporary
support from vendors.
Do the training, risk assessment and access requirements specified in R2, R3, and R4 apply to vendors
who are supervised? Assuming that a supervised vendor is exempt from CIP-004-1, Requirements R2,
R3 and R4, would temporary, indirect and monitored access such as that provided through remote
terminal sessions (WebEx, etc.) or escorted physical access be considered supervision?
Response to Question 1
WECC asks three questions, which are listed below. The answer to each question follows the question.

1. WECC seeks clarification on the definition of authorized access as applied to temporary

Answer: While the Glossary of Terms used in NERC Reliability Standards does not have a definition
of authorized access, CIP-004-1, Requirement R4 requires that an entity shall maintain list(s) of
personnel with authorized cyber or authorized unescorted physical access to Critical Cyber Assets,
including their specific electronic and physical access rights to Critical Cyber Assets. For purposes
of CIP-004-1, an individual has authorized access if he or she is on that list, and, as a result, is
subject to Requirements R2, R3, and R4.

2. Do the training, risk assessment, and access requirements specified in R2, R3, and R4 apply to
vendors who are supervised?

Page 7 of 7

Answer: As written, all cyber access to Critical Cyber Assets must be authorized, and all authorized
access must comply with Requirements R2, R3, and R4.
1

Through the use of the qualifier
unescorted with regard to physical access, CIP-004-1, Requirement R2, implies the concept of
supervision for physical access when an individual is not authorized, and CIP-006 R1.6 also allows
for escorted unauthorized physical access via a visitor program. There is no similar qualifier or
reference in the requirement that mentions escorted or otherwise implies supervision for cyber
access within CIP-004. Furthermore, there is no mention of any escorted unauthorized cyber access
within CIP-007 similar to the visitor program in CIP-006 R1.6. Compared to physical access, the
concept or any words relating to escorting or supervision in the requirement language is absent
relative to cyber access.
3. Assuming that a supervised vendor is exempt from CIP-004-1, Requirements R2, R3, and R4,
would temporary, indirect and monitored access such as that provided through remote terminal
sessions (WebEx, etc.) or escorted physical access be considered supervision?

Answer: To the extent a vendor is escorted to physically access a Critical Cyber Asset for purposes
other than direct cyber access (e.g., replacing parts on the Critical Cyber Asset), supervision is
acceptable (within the context of escorted physical access). If the escorted physical access includes
bringing a vendor or other individual to the Critical Cyber Asset to direct someone with authorized
access in performing cyber access, such supervision is also acceptable within the language of the
requirement, since the vendor or other individual is merely present while an authorized individual
conducts the actual cyber access. However, the requirement language does not support the notion of
physically escorting a vendor or other individual to a Critical Cyber Asset for the vendor or other
individual to perform cyber access, even if supervised. Even if it is possible to provide supervised
cyber access to Critical Cyber Assets, there is no basis or contemplation of escorted cyber access
whatsoever in CIP-004, whether remotely or in person.

1
The drafting team also notes that the FAQ referenced in the request for interpretation is not the same as an
approved Reliability Standard and is not mandatory and enforceable. The FAQ was not developed or approved
through the same standards development process, and cannot be used to substitute for the language in the standard
itself. The drafting team also notes that the concept of unsupervised trusted access in the FAQ applies only to
Version 1which contained a 30 and 90 day provision for training and personnel risk assessments for personnel
with authorized cyber access and authorized unescorted physical accessand it was not modified to conform to the
changes made in subsequent versions.
Page 1 of 11

A. Introduction
1. Title: Cyber Security Personnel & Training
3. Purpose: Standard CIP-004-4 requires that personnel having authorized cyber or
authorized unescorted physical access to Critical Cyber Assets, including contractors and
service vendors, have an appropriate level of personnel risk assessment, training, and security
awareness. Standard CIP-004-4 should be read as part of a group of standards numbered
4. Applicability:
4.1.10 NERC.
B. Requirements
R1. Awareness The Responsible Entity shall establish, document, implement, and maintain a
security awareness program to ensure personnel having authorized cyber or authorized
unescorted physical access to Critical Cyber Assets receive on-going reinforcement in sound
Page 2 of 11

security practices. The program shall include security awareness reinforcement on at least a
quarterly basis using mechanisms such as:
Direct communications (e.g., emails, memos, computer based training, etc.);
Indirect communications (e.g., posters, intranet, brochures, etc.);
Management support and reinforcement (e.g., presentations, meetings, etc.).
R2. Training The Responsible Entity shall establish, document, implement, and maintain an
annual cyber security training program for personnel having authorized cyber or authorized
unescorted physical access to Critical Cyber Assets. The cyber security training program shall
be reviewed annually, at a minimum, and shall be updated whenever necessary.
including contractors and service vendors, are trained prior to their being granted such
R2.2. Training shall cover the policies, access controls, and procedures as developed for the
Critical Cyber Assets covered by CIP-004-4, and include, at a minimum, the following
required items appropriate to personnel roles and responsibilities:
R2.2.1. The proper use of Critical Cyber Assets;
R2.2.2. Physical and electronic access controls to Critical Cyber Assets;
R2.2.3. The proper handling of Critical Cyber Asset information; and,
R2.2.4. Action plans and procedures to recover or re-establish Critical Cyber Assets
and access thereto following a Cyber Security Incident.
R2.3. The Responsible Entity shall maintain documentation that training is conducted at least
annually, including the date the training was completed and attendance records.
existing collective bargaining unit agreements, for personnel having authorized cyber or
authorized unescorted physical access to Critical Cyber Assets. A personnel risk assessment
shall be conducted pursuant to that program prior to such personnel being granted such access
The personnel risk assessment program shall at a minimum include:
R3.1. The Responsible Entity shall ensure that each assessment conducted include, at least,
identity verification (e.g., Social Security Number verification in the U.S.) and seven-
year criminal check. The Responsible Entity may conduct more detailed reviews, as
permitted by law and subject to existing collective bargaining unit agreements,
depending upon the criticality of the position.
R3.2. The Responsible Entity shall update each personnel risk assessment at least every seven
years after the initial personnel risk assessment or for cause.
R3.3. The Responsible Entity shall document the results of personnel risk assessments of its
personnel having authorized cyber or authorized unescorted physical access to Critical
Cyber Assets, and that personnel risk assessments of contractor and service vendor
personnel with such access are conducted pursuant to Standard CIP-004-4.
authorized unescorted physical access to Critical Cyber Assets, including their specific
electronic and physical access rights to Critical Cyber Assets.
Page 3 of 11

R4.1. The Responsible Entity shall review the list(s) of its personnel who have such access to
Critical Cyber Assets quarterly, and update the list(s) within seven calendar days of any
change of personnel with such access to Critical Cyber Assets, or any change in the
access rights of such personnel. The Responsible Entity shall ensure access list(s) for
contractors and service vendors are properly maintained.
R4.2. The Responsible Entity shall revoke such access to Critical Cyber Assets within 24
hours for personnel terminated for cause and within seven calendar days for personnel
who no longer require such access to Critical Cyber Assets.
C. Measures
M1. The Responsible Entity shall make available documentation of its security awareness and
reinforcement program as specified in Requirement R1.
M2. The Responsible Entity shall make available documentation of its cyber security training
program, review, and records as specified in Requirement R2.
M3. The Responsible Entity shall make available documentation of the personnel risk assessment
program and that personnel risk assessments have been applied to all personnel who have
authorized cyber or authorized unescorted physical access to Critical Cyber Assets, as
M4. The Responsible Entity shall make available documentation of the list(s), list review and
update, and access revocation as needed as specified in Requirement R4.

Page 4 of 11

D. Compliance
Compliance Audits
Self-Certifications
Spot Checking
Self-Reporting
Complaints
1.4. Data Retention
1.4.1 The Responsible Entity shall keep personnel risk assessment documents in
accordance with federal, state, provincial, and local laws.
1.4.2 The Responsible Entity shall keep all other documentation required by Standard
CIP-004-4 from the previous full calendar year unless directed by its Compliance
Page 5 of 11

R1. LOWER
established,
implemented, and
maintained but did not
document a security
awareness program to
ensure personnel having
authorized cyber or
authorized unescorted
physical access to
Critical Cyber Assets
receive ongoing
reinforcement in sound
security practices.
The Responsibility Entity did
not provide security awareness
reinforcement on at least a
quarterly basis.
The Responsible Entity did document but did not establish,
implement, nor maintain a security awareness program to
ensure personnel having authorized cyber or authorized
unescorted physical access to Critical Cyber Assets receive
on-going reinforcement in sound security practices.
The Responsible Entity did not establish, implement, maintain,
nor document a security awareness program to ensure personnel
having authorized cyber or authorized unescorted physical access
to Critical Cyber Assets receive on-going reinforcement in sound
security practices.
R2. LOWER
established,
implemented, and
maintained but did not
document an annual
cyber security training
program for personnel
having authorized cyber
or authorized unescorted
physical access to
The Responsibility Entity did
not review the training program
on an annual basis.
The Responsible Entity did document but did not establish,
implement, nor maintain an annual cyber security training
program for personnel having authorized cyber or authorized
unescorted physical access to Critical Cyber Assets.
The Responsible Entity did not establish, document, implement,
nor maintain an annual cyber security training program for
personnel having authorized cyber or authorized unescorted
physical access to Critical Cyber Assets.
R2.1. MEDIUM
At least one individual
but less than 5% of
personnel having
authorized cyber or
unescorted physical
access to Critical Cyber
Assets, including
contractors and service
vendors, were not
trained prior to their
being granted such
access except in
specified circumstances
such as an emergency.
At least 5% but less than 10% of
all personnel having authorized
cyber or unescorted physical
access to Critical Cyber Assets,
including contractors and service
vendors, were not trained prior
to their being granted such
access except in specified
circumstances such as an
emergency.
At least 10% but less than 15% of all personnel having
authorized cyber or unescorted physical access to Critical
Cyber Assets, including contractors and service vendors,
were not trained prior to their being granted such access
15% or more of all personnel having authorized cyber or
unescorted physical access to Critical Cyber Assets, including
contractors and service vendors, were not trained prior to their
being granted such access except in specified circumstances such
as an emergency.
Page 6 of 11

R2.2. MEDIUM
N/A The training does not include
one of the minimum topics as
detailed in R2.2.1, R2.2.2,
R2.2.3, R2.2.4.
The training does not include two of the minimum topics as
detailed in R2.2.1, R2.2.2, R2.2.3, R2.2.4.
The training does not include three or more of the minimum
topics as detailed in R2.2.1, R2.2.2, R2.2.3, R2.2.4.
R2.2.1. LOWER
N/A N/A N/A N/A
R2.2.2. LOWER
N/A N/A N/A N/A
R2.2.3. LOWER
N/A N/A N/A N/A
R2.2.4. LOWER
N/A N/A N/A N/A
R2.3. LOWER
N/A N/A The Responsible Entity did maintain documentation that
training is conducted at least annually, but did not include
either the date the training was completed or attendance
records.
The Responsible Entity did not maintain documentation that
training is conducted at least annually, including the date the
training was completed or attendance records.
R3. MEDIUM
N/A The Responsible Entity has a
personnel risk assessment
program, in accordance with
federal, state, provincial, and
local laws, and subject to
existing collective bargaining
unit agreements, for personnel
having authorized cyber or
authorized unescorted physical
access, but the program is not
documented.
The Responsible Entity has a personnel risk assessment
program as stated in R3, but conducted the personnel risk
assessment pursuant to that program after such personnel
were granted such access except in specified circumstances
such as an emergency.
The Responsible Entity does not have a documented personnel
risk assessment program, in accordance with federal, state,
provincial, and local laws, and subject to existing collective
bargaining unit agreements, for personnel having authorized
cyber or authorized unescorted physical access.

OR

The Responsible Entity did not conduct the personnel risk
assessment pursuant to that program for personnel granted such
R3.1. LOWER
N/A N/A The Responsible Entity did not ensure that an assessment
conducted included an identity verification (e.g., Social
Security Number verification in the U.S.) or a seven-year
criminal check.
The Responsible Entity did not ensure that each assessment
conducted include, at least, identity verification (e.g., Social
Security Number verification in the U.S.) and seven-year
criminal check.
Page 7 of 11

R3.2. LOWER
N/A The Responsible Entity did not
update each personnel risk
assessment at least every seven
years after the initial personnel
risk assessment but did update it
for cause when applicable.
The Responsible Entity did not update each personnel risk
assessment for cause (when applicable) but did at least
updated it every seven years after the initial personnel risk
assessment.
The Responsible Entity did not update each personnel risk
assessment at least every seven years after the initial personnel
risk assessment nor was it updated for cause when applicable.
R3.3. LOWER
did not document the
results of personnel risk
assessments for at least
one individual but less
than 5% of all personnel
with authorized cyber or
physical access to
Critical Cyber Assets,
pursuant to Standard
CIP-004-4.
The Responsible Entity did not
document the results of
personnel risk assessments for
5% or more but less than 10% of
all personnel with authorized
cyber or authorized unescorted
physical access to Critical Cyber
Assets, pursuant to Standard
CIP-004-4.
The Responsible Entity did not document the results of
personnel risk assessments for 10% or more but less than
15% of all personnel with authorized cyber or authorized
unescorted physical access to Critical Cyber Assets, pursuant
to Standard CIP-004-4.
The Responsible Entity did not document the results of personnel
risk assessments for 15% or more of all personnel with
authorized cyber or authorized unescorted physical access to
Critical Cyber Assets, pursuant to Standard CIP-004-4.
R4. LOWER
did not maintain
complete list(s) of
personnel with
authorized cyber or
physical access to
Critical Cyber Assets,
including their specific
electronic and physical
access rights to Critical
Cyber Assets, missing at
least one individual but
less than 5% of the
authorized personnel.
maintain complete list(s) of
personnel with authorized cyber
or authorized unescorted
physical access to Critical Cyber
Assets, including their specific
electronic and physical access
rights to Critical Cyber Assets,
missing 5% or more but less
than 10% of the authorized
personnel.
The Responsible Entity did not maintain complete list(s) of
personnel with authorized cyber or authorized unescorted
physical access to Critical Cyber Assets, including their
specific electronic and physical access rights to Critical
Cyber Assets, missing 10% or more but less than 15%of the
authorized personnel.
The Responsible Entity did not maintain complete list(s) of
personnel with authorized cyber or authorized unescorted
physical access to Critical Cyber Assets, including their specific
electronic and physical access rights to Critical Cyber Assets,
missing 15% or more of the authorized personnel.
R4.1. LOWER
review the list(s) of its personnel
who have access to Critical
Cyber Assets quarterly.
The Responsible Entity did not update the list(s) within
seven calendar days of any change of personnel with such
access to Critical Cyber Assets, nor any change in the access
rights of such personnel.
The Responsible Entity did not review the list(s) of all personnel
who have access to Critical Cyber Assets quarterly, nor update
the list(s) within seven calendar days of any change of personnel
with such access to Critical Cyber Assets, nor any change in the
access rights of such personnel.
R4.2. MEDIUM
revoke access within seven
calendar days for personnel who
no longer require such access to
The Responsible Entity did not revoke access to Critical
Cyber Assets within 24 hours for personnel terminated for
cause.
The Responsible Entity did not revoke access to Critical Cyber
Assets within 24 hours for personnel terminated for cause nor
within seven calendar days for personnel who no longer require
such access to Critical Cyber Assets.
Page 8 of 11

None identified.
Version History
1 01/16/06 D.2.2.4 Insert the phrase for cause as
intended. One instance of personnel termination
for cause
03/24/06
1 06/01/06 D.2.1.4 Change access control rights to
access rights.
06/05/06
entity.
Reference to emergency situations.
awareness program.
training program; also stating the requirements for
the cyber security training program.
Modification to R3 Personnel Risk Assessment to
clarify that it pertains to personnel having
authorized cyber or authorized unescorted physical
access to Critical Cyber Assets.
Removal of 90 day window to complete training
and 30 day window to complete personnel risk
assessments.

4 Board
approved
01/24/2011
Update version number from 3 to 4 Update to conform to
changes to CIP-002-4
(Project 2008-06)
becomes effective June 25, 2012)


Page 9 of 11

3a/4a 5/24/12 Interpretation of R2, R3, and R4 adopted by NERC
Board of Trustees

3a/4a 12/13/12 Interpretation of R2, R3, and R4 approved by
FERC in a Letter Order issued December 12, 2012

Page 10 of 11

Appendix 1

R2. Training The Responsible Entity shall establish, maintain, and document an annual cyber
security training program for personnel having authorized cyber or authorized unescorted physical
access to Critical Cyber Assets, and review the program annually and update as necessary.
including contractors and service vendors, are trained within ninety calendar days of such
authorization.
existing collective bargaining unit agreements, for personnel having authorized cyber or authorized
unescorted physical access. A personnel risk assessment shall be conducted pursuant to that program
within thirty days of such personnel being granted such access. Such program shall at a minimum
include:
authorized unescorted physical access to Critical Cyber Assets, including their specific electronic and
physical access rights to Critical Cyber Assets.
Question 1
The WECC RC seeks clarification on the definition of authorized access as applied to temporary
Do the training, risk assessment and access requirements specified in R2, R3, and R4 apply to vendors
who are supervised? Assuming that a supervised vendor is exempt from CIP-004-1, Requirements R2,
R3 and R4, would temporary, indirect and monitored access such as that provided through remote
terminal sessions (WebEx, etc.) or escorted physical access be considered supervision?
WECC asks three questions, which are listed below. The answer to each question follows the question.

1. WECC seeks clarification on the definition of authorized access as applied to temporary

Answer: While the Glossary of Terms used in NERC Reliability Standards does not have a definition
of authorized access, CIP-004-1, Requirement R4 requires that an entity shall maintain list(s) of
personnel with authorized cyber or authorized unescorted physical access to Critical Cyber Assets,
including their specific electronic and physical access rights to Critical Cyber Assets. For purposes
of CIP-004-1, an individual has authorized access if he or she is on that list, and, as a result, is
subject to Requirements R2, R3, and R4.

2. Do the training, risk assessment, and access requirements specified in R2, R3, and R4 apply to
vendors who are supervised?

Page 11 of 11

Answer: As written, all cyber access to Critical Cyber Assets must be authorized, and all authorized
access must comply with Requirements R2, R3, and R4.
1

Through the use of the qualifier
unescorted with regard to physical access, CIP-004-1, Requirement R2, implies the concept of
supervision for physical access when an individual is not authorized, and CIP-006 R1.6 also allows
for escorted unauthorized physical access via a visitor program. There is no similar qualifier or
reference in the requirement that mentions escorted or otherwise implies supervision for cyber
access within CIP-004. Furthermore, there is no mention of any escorted unauthorized cyber access
within CIP-007 similar to the visitor program in CIP-006 R1.6. Compared to physical access, the
concept or any words relating to escorting or supervision in the requirement language is absent
relative to cyber access.
3. Assuming that a supervised vendor is exempt from CIP-004-1, Requirements R2, R3, and R4,
would temporary, indirect and monitored access such as that provided through remote terminal
sessions (WebEx, etc.) or escorted physical access be considered supervision?

Answer: To the extent a vendor is escorted to physically access a Critical Cyber Asset for purposes
other than direct cyber access (e.g., replacing parts on the Critical Cyber Asset), supervision is
acceptable (within the context of escorted physical access). If the escorted physical access includes
bringing a vendor or other individual to the Critical Cyber Asset to direct someone with authorized
access in performing cyber access, such supervision is also acceptable within the language of the
requirement, since the vendor or other individual is merely present while an authorized individual
conducts the actual cyber access. However, the requirement language does not support the notion of
physically escorting a vendor or other individual to a Critical Cyber Asset for the vendor or other
individual to perform cyber access, even if supervised. Even if it is possible to provide supervised
cyber access to Critical Cyber Assets, there is no basis or contemplation of escorted cyber access
whatsoever in CIP-004, whether remotely or in person.

1
The drafting team also notes that the FAQ referenced in the request for interpretation is not the same as an
approved Reliability Standard and is not mandatory and enforceable. The FAQ was not developed or approved
through the same standards development process, and cannot be used to substitute for the language in the standard
itself. The drafting team also notes that the concept of unsupervised trusted access in the FAQ applies only to
Version 1which contained a 30 and 90 day provision for training and personnel risk assessments for personnel
with authorized cyber access and authorized unescorted physical accessand it was not modified to conform to the
changes made in subsequent versions.
CIP0045CyberSecurityPersonnel&Training
Page1of52
A. I ntroduction
1. Title: CyberSecurityPersonnel&Training
2. Number: CIP0045
3. Purpose: Tominimizetheriskagainstcompromisethatcouldleadtomisoperationor
instabilityintheBESfromindividualsaccessingBESCyberSystemsbyrequiringanappropriate
levelofpersonnelriskassessment,training,andsecurityawarenessinsupportofprotecting
BESCyberSystems.
4. Applicability:
4.1. FunctionalEntities:Forthepurposeoftherequirementscontainedherein,thefollowing
listoffunctionalentitieswillbecollectivelyreferredtoasResponsibleEntities.For
requirementsinthisstandardwhereaspecificfunctionalentityorsubsetoffunctional
entitiesaretheapplicableentityorentities,thefunctionalentityorentitiesarespecified
explicitly.
4.1.1. BalancingAuthority
4.1.2. DistributionProviderthatownsoneormoreofthefollowingFacilities,systems,and
equipmentfortheprotectionorrestorationoftheBES:
4.1.2.1. EachunderfrequencyLoadshedding(UFLS)orundervoltageLoadshedding
(UVLS)systemthat:
4.1.2.1.1. ispartofaLoadsheddingprogramthatissubjecttooneormore
requirementsinaNERCorRegionalReliabilityStandard;and
4.1.2.1.2. performsautomaticLoadsheddingunderacommoncontrolsystem
ownedbytheResponsibleEntity,withouthumanoperatorinitiation,of
300MWormore.
4.1.2.2. EachSpecialProtectionSystemorRemedialActionSchemewheretheSpecial
ProtectionSystemorRemedialActionSchemeissubjecttooneormore
requirementsinaNERCorRegionalReliabilityStandard.
4.1.2.3. EachProtectionSystem(excludingUFLSandUVLS)thatappliestoTransmission
wheretheProtectionSystemissubjecttooneormorerequirementsinaNERC
orRegionalReliabilityStandard.
4.1.2.4. EachCrankingPathandgroupofElementsmeetingtheinitialswitching
requirementsfromaBlackstartResourceuptoandincludingthefirst
interconnectionpointofthestartingstationserviceofthenextgeneration
unit(s)tobestarted.
4.1.3. GeneratorOperator
4.1.4. GeneratorOwner
4.1.5. InterchangeCoordinatororInterchangeAuthority
Page2of52
4.1.6. ReliabilityCoordinator
4.1.7. TransmissionOperator
4.1.8. TransmissionOwner
4.2. Facilities:Forthepurposeoftherequirementscontainedherein,thefollowing
Facilities,systems,andequipmentownedbyeachResponsibleEntityin4.1aboveare
thosetowhichtheserequirementsareapplicable.Forrequirementsinthisstandard
whereaspecifictypeofFacilities,system,orequipmentorsubsetofFacilities,systems,
andequipmentareapplicable,thesearespecifiedexplicitly.
4.2.1. DistributionProvider:OneormoreofthefollowingFacilities,systemsand
equipmentownedbytheDistributionProviderfortheprotectionorrestorationof
theBES:
4.2.1.1. EachUFLSorUVLSSystemthat:
4.2.1.1.1. ispartofaLoadsheddingprogramthatissubjecttooneormore
4.2.1.1.2. performsautomaticLoadsheddingunderacommoncontrolsystem
ownedbytheResponsibleEntity,withouthumanoperatorinitiation,of
300MWormore.
4.2.1.2. EachSpecialProtectionSystemorRemedialActionSchemewheretheSpecial
ProtectionSystemorRemedialActionSchemeissubjecttooneormore
4.2.1.3. EachProtectionSystem(excludingUFLSandUVLS)thatappliestoTransmission
wheretheProtectionSystemissubjecttooneormorerequirementsinaNERC
orRegionalReliabilityStandard.
4.2.1.4. EachCrankingPathandgroupofElementsmeetingtheinitialswitching
unit(s)tobestarted.
4.2.2. ResponsibleEntitieslistedin4.1otherthanDistributionProviders:
AllBESFacilities.
4.2.3. Exemptions:ThefollowingareexemptfromStandardCIP0045:
4.2.3.1. CyberAssetsatFacilitiesregulatedbytheCanadianNuclearSafetyCommission.
4.2.3.2. CyberAssetsassociatedwithcommunicationnetworksanddata
communicationlinksbetweendiscreteElectronicSecurityPerimeters.
4.2.3.3. Thesystems,structures,andcomponentsthatareregulatedbytheNuclear
RegulatoryCommissionunderacybersecurityplanpursuantto10C.F.R.
Section73.54.
Page3of52
4.2.3.4. ForDistributionProviders,thesystemsandequipmentthatarenotincludedin
section4.2.1above.
4.2.3.5. ResponsibleEntitiesthatidentifythattheyhavenoBESCyberSystems
categorizedashighimpactormediumimpactaccordingtotheCIP0025
identificationandcategorizationprocesses.
5.EffectiveDates:
1. 24MonthsMinimumCIP0045shallbecomeeffectiveonthelaterofJuly1,2015,orthe
firstcalendardayoftheninthcalendarquarteraftertheeffectivedateoftheorder
providingapplicableregulatoryapproval.
2. Inthosejurisdictionswherenoregulatoryapprovalisrequired,CIP0045shallbecome
effectiveonthefirstdayoftheninthcalendarquarterfollowingBoardofTrustees
approval,orasotherwisemadeeffectivepursuanttothelawsapplicabletosuchERO
governmentalauthorities.
6.Background:
StandardCIP0045existsaspartofasuiteofCIPStandardsrelatedtocybersecurity.CIP0025
requirestheinitialidentificationandcategorizationofBESCyberSystems.CIP0035,CIP004
5,CIP0055,CIP0065,CIP0075,CIP0085,CIP0095,CIP0101andCIP0111requirea
minimumleveloforganizational,operationalandproceduralcontrolstomitigaterisktoBES
CyberSystems.ThissuiteofCIPStandardsisreferredtoastheVersion5CIPCyberSecurity
Standards.
Mostrequirementsopenwith,EachResponsibleEntityshallimplementoneormore
documented[processes,plan,etc]thatincludetheapplicableitemsin[TableReference].The
referencedtablerequirestheapplicableitemsintheproceduresfortherequirementscommon
subjectmatter.
TheSDThasincorporatedwithinthisstandardarecognitionthatcertainrequirementsshould
notfocusonindividualinstancesoffailureasasolebasisforviolatingthestandard.In
particular,theSDThasincorporatedanapproachtoempowerandenabletheindustryto
identify,assess,andcorrectdeficienciesintheimplementationofcertainrequirements.The
intentistochangethebasisofaviolationinthoserequirementssothattheyarenotfocused
onwhetherthereisadeficiency,butonidentifying,assessing,andcorrectingdeficiencies.Itis
presentedinthoserequirementsbymodifyingimplementasfollows:
EachResponsibleEntityshallimplement,inamannerthatidentifies,assesses,and
correctsdeficiencies,...
Thetermdocumentedprocessesreferstoasetofrequiredinstructionsspecifictothe
ResponsibleEntityandtoachieveaspecificoutcome.Thistermdoesnotimplyanyparticular
namingorapprovalstructurebeyondwhatisstatedintherequirements.Anentityshould
includeasmuchasitbelievesnecessaryintheirdocumentedprocesses,buttheymustaddress
theapplicablerequirementsinthetable.Thedocumentedprocessesthemselvesarenot
requiredtoincludethe...identifies,assesses,andcorrectsdeficiencies,..."elements
describedintheprecedingparagraph,asthoseaspectsarerelatedtothemannerof
Page4of52
implementationofthedocumentedprocessesandcouldbeaccomplishedthroughother
controlsorcompliancemanagementactivities.
Thetermsprogramandplanaresometimesusedinplaceofdocumentedprocesseswhereit
makessenseandiscommonlyunderstood.Forexample,documentedprocessesdescribinga
responsearetypicallyreferredtoasplans(i.e.,incidentresponseplansandrecoveryplans).
Likewise,asecurityplancandescribeanapproachinvolvingmultipleprocedurestoaddressa
broadsubjectmatter.
Similarly,thetermprogrammayrefertotheorganizationsoverallimplementationofits
policies,plansandproceduresinvolvingasubjectmatter.Examplesinthestandardsinclude
thepersonnelriskassessmentprogramandthepersonneltrainingprogram.Thefull
implementationoftheCIPCyberSecurityStandardscouldalsobereferredtoasaprogram.
However,thetermsprogramandplandonotimplyanyadditionalrequirementsbeyondwhat
isstatedinthestandards.
ResponsibleEntitiescanimplementcommoncontrolsthatmeetrequirementsformultiplehigh
andmediumimpactBESCyberSystems.Forexample,asingletrainingprogramcouldmeetthe
requirementsfortrainingpersonnelacrossmultipleBESCyberSystems.
Measuresfortheinitialrequirementaresimplythedocumentedprocessesthemselves.
Measuresinthetablerowsprovideexamplesofevidencetoshowdocumentationand
implementationofapplicableitemsinthedocumentedprocesses.Thesemeasuresserveto
provideguidancetoentitiesinacceptablerecordsofcomplianceandshouldnotbeviewedas
anallinclusivelist.
Throughoutthestandards,unlessotherwisestated,bulleteditemsintherequirementsand
measuresareitemsthatarelinkedwithanor,andnumbereditemsareitemsthatarelinked
withanand.
ManyreferencesintheApplicabilitysectionuseathresholdof300MWforUFLSandUVLS.
Thisparticularthresholdof300MWforUVLSandUFLSwasprovidedinVersion1oftheCIP
CyberSecurityStandards.Thethresholdremainsat300MWsinceitisspecificallyaddressing
UVLSandUFLS,whicharelastditcheffortstosavetheBulkElectricSystem.AreviewofUFLS
tolerancesdefinedwithinregionalreliabilitystandardsforUFLSprogramrequirementstodate
indicatesthatthehistoricalvalueof300MWrepresentsanadequateandreasonablethreshold
valueforallowableUFLSoperationaltolerances.
ApplicableSystemsColumnsinTables:
EachtablehasanApplicableSystemscolumntofurtherdefinethescopeofsystemstowhich
aspecificrequirementrowapplies.TheCSO706SDTadaptedthisconceptfromtheNational
InstituteofStandardsandTechnology(NIST)RiskManagementFrameworkasawayof
applyingrequirementsmoreappropriatelybasedonimpactandconnectivitycharacteristics.
ThefollowingconventionsareusedintheApplicableSystemscolumnasdescribed.
HighImpactBESCyberSystemsAppliestoBESCyberSystemscategorizedashighimpact
accordingtotheCIP0025identificationandcategorizationprocesses.
Page5of52
MediumImpactBESCyberSystemsAppliestoBESCyberSystemscategorizedasmedium
impactaccordingtotheCIP0025identificationandcategorizationprocesses.
MediumImpactBESCyberSystemswithExternalRoutableConnectivityOnlyappliesto
mediumimpactBESCyberSystemswithExternalRoutableConnectivity.Thisalsoexcludes
CyberAssetsintheBESCyberSystemthatcannotbedirectlyaccessedthroughExternal
RoutableConnectivity.
ElectronicAccessControlorMonitoringSystems(EACMS)AppliestoeachElectronic
AccessControlorMonitoringSystemassociatedwithareferencedhighimpactBESCyber
SystemormediumimpactBESCyberSystem.Examplesmayinclude,butarenotlimitedto,
firewalls,authenticationservers,andlogmonitoringandalertingsystems.
PhysicalAccessControlSystems(PACS)AppliestoeachPhysicalAccessControlSystem
associatedwithareferencedhighimpactBESCyberSystemormediumimpactBESCyber
SystemwithExternalRoutableConnectivity.
Page6of52
R1. EachResponsibleEntityshallimplementoneormoredocumentedprocessesthatcollectivelyincludeeachofthe
applicablerequirementpartsinCIP0045TableR1SecurityAwarenessProgram.[ViolationRiskFactor:Lower][Time
Horizon:OperationsPlanning]
M1. Evidencemustincludeeachoftheapplicabledocumentedprocessesthatcollectivelyincludeeachoftheapplicable
requirementpartsinCIP0045TableR1SecurityAwarenessProgramandadditionalevidencetodemonstrate
implementationasdescribedintheMeasurescolumnofthetable.

CIP0045TableR1SecurityAwarenessProgram
Part ApplicableSystems Requirements Measures
1.1 HighImpactBESCyberSystems
MediumImpactBESCyberSystems
Securityawarenessthat,atleastonce
eachcalendarquarter,reinforcescyber
securitypractices(whichmayinclude
associatedphysicalsecuritypractices)
fortheResponsibleEntityspersonnel
whohaveauthorizedelectronicor
authorizedunescortedphysicalaccess
toBESCyberSystems.
Anexampleofevidencemayinclude,
butisnotlimitedto,documentation
thatthequarterlyreinforcementhas
beenprovided.Examplesofevidence
ofreinforcementmayinclude,butare
notlimitedto,datedcopiesof
informationusedtoreinforcesecurity
awareness,aswellasevidenceof
distribution,suchas:
directcommunications(for
example,emails,memos,
computerbasedtraining);or
indirectcommunications(for
example,posters,intranet,or
brochures);or
managementsupportand
reinforcement(forexample,
presentationsormeetings).

Page7of52

R2. EachResponsibleEntityshallimplement,inamannerthatidentifies,assesses,andcorrectsdeficiencies,acybersecurity
trainingprogram(s)appropriatetoindividualroles,functions,orresponsibilitiesthatcollectivelyincludeseachofthe
applicablerequirementpartsinCIP0045TableR2CyberSecurityTrainingProgram.[ViolationRiskFactor:Lower][Time
Horizon:OperationsPlanning]
M2.EvidencemustincludethetrainingprogramthatincludeseachoftheapplicablerequirementpartsinCIP0045TableR2
CyberSecurityTrainingProgramandadditionalevidencetodemonstrateimplementationoftheprogram(s).
Page8of52
CIP0045TableR2CyberSecurityTrainingProgram
2.1 HighImpactBESCyberSystemsand
theirassociated:
1. EACMS;and
2. PACS
withExternalRoutableConnectivity
andtheirassociated:
1. EACMS;and
2. PACS
Trainingcontenton:
2.1.1. Cybersecuritypolicies;
2.1.2. Physicalaccesscontrols;
2.1.3. Electronicaccesscontrols;
2.1.4. Thevisitorcontrolprogram;
2.1.5. HandlingofBESCyberSystem
Informationanditsstorage;
2.1.6. IdentificationofaCyber
SecurityIncidentandinitial
notificationsinaccordance
withtheentitysincident
responseplan;
2.1.7. RecoveryplansforBESCyber
Systems;
2.1.8. ResponsetoCyberSecurity
Incidents;and
2.1.9. Cybersecurityrisksassociated
withaBESCyberSystems
electronicinterconnectivity
andinteroperabilitywith
otherCyberAssets.
Examplesofevidencemayinclude,
butarenotlimitedto,training
materialsuchaspowerpoint
presentations,instructornotes,
studentnotes,handouts,orother
trainingmaterials.
Page9of52
CIP0045TableR2CyberSecurityTrainingProgram
theirassociated:
1. EACMS;and
2. PACS
andtheirassociated:
1. EACMS;and
2. PACS
Requirecompletionofthetraining
specifiedinPart2.1priortogranting
authorizedelectronicaccessand
toapplicableCyberAssets,except
duringCIPExceptionalCircumstances.
butarenotlimitedto,training
recordsanddocumentationofwhen
CIPExceptionalCircumstanceswere
invoked.
theirassociated:
1. EACMS;and
2. PACS
andtheirassociated:
1. EACMS;and
2. PACS
Requirecompletionofthetraining
specifiedinPart2.1atleastonce
every15calendarmonths.
butarenotlimitedto,dated
individualtrainingrecords.
R3. EachResponsibleEntityshallimplement,inamannerthatidentifies,assesses,andcorrectsdeficiencies,oneormore
documentedpersonnelriskassessmentprogramstoattainandretainauthorizedelectronicorauthorizedunescorted
physicalaccesstoBESCyberSystemsthatcollectivelyincludeeachoftheapplicablerequirementpartsinCIP0045Table
R3PersonnelRiskAssessmentProgram.[ViolationRiskFactor:Medium][TimeHorizon:OperationsPlanning].
Page10of52
M3. Evidencemustincludethedocumentedpersonnelriskassessmentprogramsthatcollectivelyincludeeachoftheapplicable
requirementpartsinCIP0045TableR3PersonnelRiskAssessmentProgramandadditionalevidencetodemonstrate
implementationoftheprogram(s).

CIP0045TableR3PersonnelRiskAssessmentProgram
3.1 HighImpactBESCyberSystemsandtheir
associated:
1. EACMS;and
2. PACS
MediumImpactBESCyberSystemswith
ExternalRoutableConnectivityandtheir
associated:
1. EACMS;and
2. PACS

Processtoconfirmidentity. Anexampleofevidencemay
include,butisnotlimitedto,
documentationoftheResponsible
Entitysprocesstoconfirmidentity.
Page11of52

theirassociated:
1. EACMS;and
2. PACS
andtheirassociated:
1. EACMS;and
2. PACS
Processtoperformasevenyear
criminalhistoryrecordscheckaspartof
eachpersonnelriskassessmentthat
includes:
3.2.1.currentresidence,regardlessof
duration;and
3.2.2.otherlocationswhere,during
thesevenyearsimmediatelypriorto
thedateofthecriminalhistory
recordscheck,thesubjecthasresided
forsixconsecutivemonthsormore.
Ifitisnotpossibletoperformafull
sevenyearcriminalhistoryrecords
check,conductasmuchoftheseven
yearcriminalhistoryrecordscheckas
possibleanddocumentthereasonthe
fullsevenyearcriminalhistoryrecords
checkcouldnotbeperformed.
butisnotlimitedto,documentationof
theResponsibleEntitysprocessto
performasevenyearcriminalhistory
recordscheck.
Page12of52

associated:
1. EACMS;and
2. PACS
associated:
1. EACMS;and
2. PACS
Criteriaorprocesstoevaluatecriminal
historyrecordschecksforauthorizing
access.
Anexampleofevidencemay
documentationofthe
ResponsibleEntitysprocessto
evaluatecriminalhistoryrecords
checks.
associated:
1. EACMS;and
2. PACS
associated:
1. EACMS;and
2. PACS
Criteriaorprocessforverifyingthat
personnelriskassessmentsperformedfor
contractorsorservicevendorsare
conductedaccordingtoParts3.1through
3.3.
documentationofthe
ResponsibleEntityscriteriaor
processforverifyingcontractors
orservicevendorspersonnelrisk
assessments.
Page13of52

documentedaccessmanagementprogramsthatcollectivelyincludeeachoftheapplicablerequirementpartsinCIP0045
TableR4AccessManagementProgram.[ViolationRiskFactor:Lower][TimeHorizon:OperationsPlanningandSameDay
Operations].
M4. EvidencemustincludethedocumentedprocessesthatcollectivelyincludeeachoftheapplicablerequirementpartsinCIP
0045TableR4AccessManagementProgramandadditionalevidencetodemonstratethattheaccessmanagement
programwasimplementedasdescribedintheMeasurescolumnofthetable.
associated:
1. EACMS;and
2. PACS
associated:
1. EACMS;and
2. PACS
Processtoensurethatindividualswith
authorizedelectronicorauthorized
unescortedphysicalaccesshavehada
personnelriskassessmentcompleted
accordingtoParts3.1to3.4withinthelast
sevenyears.
documentationofthe
ResponsibleEntitysprocessfor
ensuringthatindividualswith
authorizedelectronicor
authorizedunescortedphysical
accesshavehadapersonnelrisk
assessmentcompletedwithinthe
lastsevenyears.
Page14of52
CIP0045TableR4AccessManagementProgram
associated:
1. EACMS;and
2. PACS
associated:
1. EACMS;and
2. PACS
Processtoauthorizebasedonneed,as
determinedbytheResponsibleEntity,
exceptforCIPExceptional
Circumstances:
4.1.1. Electronicaccess;
4.1.2. Unescortedphysicalaccessintoa
PhysicalSecurityPerimeter;and
4.1.3. Accesstodesignatedstorage
locations,whetherphysicalor
electronic,forBESCyberSystem
Information.
include,butisnotlimitedto,dated
documentationoftheprocessto
authorizeelectronicaccess,
unescortedphysicalaccessina
PhysicalSecurityPerimeter,and
accesstodesignatedstorage
locations,whetherphysicalor
electronic,forBESCyberSystem
Information.
Page15of52

associated:
1. EACMS;and
2. PACS
associated:
1. EACMS;and
2. PACS
Verifyatleastonceeachcalendar
quarterthatindividualswithactive
electronicaccessorunescortedphysical
accesshaveauthorizationrecords.
butarenotlimitedto:
Dateddocumentationofthe
verificationbetweenthesystem
generatedlistofindividualswho
havebeenauthorizedforaccess
(i.e.,workflowdatabase)anda
systemgeneratedlistof
personnelwhohaveaccess(i.e.,
useraccountlisting),or
Dateddocumentationofthe
verificationbetweenalistof
individualswhohavebeen
authorizedforaccess(i.e.,
authorizationforms)andalist
ofindividualsprovisionedfor
access(i.e.,provisioningforms
orsharedaccountlisting).
Page16of52

associated:
1. EACMS;and
2. PACS
associated:
1. EACMS;and
2. PACS
Forelectronicaccess,verifyatleastonce
every15calendarmonthsthatalluser
accounts,useraccountgroups,oruser
rolecategories,andtheirspecific,
associatedprivilegesarecorrectandare
thosethattheResponsibleEntity
determinesarenecessary.
documentationofthereviewthat
includesallofthefollowing:
1. Adatedlistingofall
accounts/accountgroupsor
roleswithinthesystem;
2. Asummarydescriptionof
privilegesassociatedwith
eachgrouporrole;
3. Accountsassignedtothe
grouporrole;and
4. Datedevidenceshowing
verificationoftheprivileges
forthegroupareauthorized
andappropriatetothework
functionperformedby
peopleassignedtoeach
account.
Page17of52

associated:
1. EACMS;and
2. PACS
associated:
1. EACMS;and
2. PACS
Verifyatleastonceevery15calendar
monthsthataccesstothedesignated
storagelocationsforBESCyberSystem
Information,whetherphysicalor
electronic,arecorrectandarethosethat
theResponsibleEntitydeterminesare
necessaryforperformingassignedwork
functions.
include,butisnotlimitedto,the
documentationofthereviewthat
includesallofthefollowing:
1. Adatedlistingof
authorizationsforBESCyber
Systeminformation;
2. Anyprivilegesassociated
withtheauthorizations;and
3. Datedevidenceshowinga
verificationofthe
authorizationsandany
privilegeswereconfirmed
correctandtheminimum
necessaryforperforming
assignedworkfunctions.
Page18of52

documentedaccessrevocationprogramsthatcollectivelyincludeeachoftheapplicablerequirementpartsinCIP0045
TableR5AccessRevocation.[ViolationRiskFactor:Medium][TimeHorizon:SameDayOperationsandOperations
Planning].
M5. Evidencemustincludeeachoftheapplicabledocumentedprogramsthatcollectivelyincludeeachoftheapplicable
requirementpartsinCIP0045TableR5AccessRevocationandadditionalevidencetodemonstrateimplementationas
describedintheMeasurescolumnofthetable.

CIP0045TableR5AccessRevocation
theirassociated:
1. EACMS;and
2. PACS
andtheirassociated:
1. EACMS;and
2. PACS
Aprocesstoinitiateremovalofan
individualsabilityforunescorted
physicalaccessandInteractiveRemote
Accessuponaterminationaction,and
completetheremovalswithin24hours
oftheterminationaction(Removalof
theabilityforaccessmaybedifferent
thandeletion,disabling,revocation,or
removalofallaccessrights).
allofthefollowing:
1. Datedworkfloworsignoffform
verifyingaccessremoval
associatedwiththetermination
action;and
2. Logsorotherdemonstration
showingsuchpersonsnolonger
haveaccess.

Page19of52
theirassociated:
1. EACMS;and
2. PACS
andtheirassociated:
1. EACMS;and
2. PACS
Forreassignmentsortransfers,revoke
theindividualsauthorizedelectronic
accesstoindividualaccountsand
thattheResponsibleEntitydetermines
arenotnecessarybytheendofthe
nextcalendardayfollowingthedate
thattheindividualnolongerrequires
retentionofthataccess.
allofthefollowing:
1. Datedworkfloworsignoffform
showingareviewoflogicaland
physicalaccess;and
2. Logsorotherdemonstration
showingsuchpersonsnolonger
haveaccessthatthe
ResponsibleEntitydetermines
isnotnecessary.

Page20of52
theirassociated:
1. EACMS;and
2. PACS
andtheirassociated:
1. EACMS;and
2. PACS
Forterminationactions,revokethe
individualsaccesstothedesignated
storagelocationsforBESCyberSystem
Information,whetherphysicalor
electronic(unlessalreadyrevoked
accordingtoRequirementR5.1),bythe
endofthenextcalendardayfollowing
theeffectivedateofthetermination
action.
butisnotlimitedto,workfloworsign
offformverifyingaccessremovalto
designatedphysicalareasorcyber
systemscontainingBESCyberSystem
Informationassociatedwiththe
terminationsanddatedwithinthenext
calendardayoftheterminationaction.

Page21of52
theirassociated:
EACMS
Forterminationactions,revokethe
individualsnonshareduseraccounts
(unlessalreadyrevokedaccordingto
Parts5.1or5.3)within30calendar
daysoftheeffectivedateofthe
terminationaction.
butisnotlimitedto,workfloworsign
offformshowingaccessremovalfor
anyindividualBESCyberAssetsand
softwareapplicationsasdetermined
necessarytocompletingtherevocation
ofaccessanddatedwithinthirty
calendardaysofthetermination
actions.

Page22of52
theirassociated:
EACMS
Forterminationactions,change
passwordsforsharedaccount(s)known
totheuserwithin30calendardaysof
theterminationaction.For
reassignmentsortransfers,change
passwordsforsharedaccount(s)known
totheuserwithin30calendardays
followingthedatethattheResponsible
Entitydeterminesthattheindividualno
longerrequiresretentionofthat
access.
IftheResponsibleEntitydetermines
anddocumentsthatextenuating
operatingcircumstancesrequirea
longertimeperiod,changethe
password(s)within10calendardays
followingtheendoftheoperating
circumstances.
Examplesofevidencemayinclude,but
arenotlimitedto:
Workfloworsignoffform
showingpasswordresetwithin
30calendardaysofthe
termination;
Workfloworsignoffform
showingpasswordresetwithin
30calendardaysofthe
reassignmentsortransfers;or
Documentationofthe
extenuatingoperating
circumstanceandworkflowor
signoffformshowingpassword
resetwithin10calendardays
followingtheendofthe
operatingcircumstance.

Page23of52
C. Compliance
1. ComplianceMonitoringProcess:
1.1. ComplianceEnforcementAuthority:
TheRegionalEntityshallserveastheComplianceEnforcementAuthority(CEA)
unlesstheapplicableentityisowned,operated,orcontrolledbytheRegional
Entity.InsuchcasestheEROoraRegionalEntityapprovedbyFERCorother
applicablegovernmentalauthorityshallserveastheCEA.
1.2. EvidenceRetention:
Thefollowingevidenceretentionperiodsidentifytheperiodoftimeanentityis
requiredtoretainspecificevidencetodemonstratecompliance.Forinstances
wheretheevidenceretentionperiodspecifiedbelowisshorterthanthetime
sincethelastaudit,theCEAmayaskanentitytoprovideotherevidencetoshow
thatitwascompliantforthefulltimeperiodsincethelastaudit.
TheResponsibleEntityshallkeepdataorevidencetoshowcomplianceas
identifiedbelowunlessdirectedbyitsCEAtoretainspecificevidencefora
longerperiodoftimeaspartofaninvestigation:
EachResponsibleEntityshallretainevidenceofeachrequirementinthis
standardforthreecalendaryears.
IfaResponsibleEntityisfoundnoncompliant,itshallkeepinformation
relatedtothenoncomplianceuntilmitigationiscompleteandapprovedor
forthetimespecifiedabove,whicheverislonger.
TheCEAshallkeepthelastauditrecordsandallrequestedandsubmitted
subsequentauditrecords.
1.3. ComplianceMonitoringandAssessmentProcesses:
ComplianceAudit
SelfCertification
SpotChecking
ComplianceInvestigation
SelfReporting
Complaint
1.4. AdditionalComplianceInformation:
None
Page24of52
2.TableofComplianceElements
R# Time
Horizon
VRF ViolationSeverityLevels(CIP0045)
LowerVSL ModerateVSL HighVSL SevereVSL
R1 Operations
Planning
Lower The
Responsible
Entitydidnot
reinforcecyber
security
practices
duringa
calendar
quarterbutdid
solessthan10
calendardays
afterthestart
ofa
subsequent
calendar
quarter.(1.1)
TheResponsibleEntity
didnotreinforcecyber
securitypracticesduring
acalendarquarterbut
didsobetween10and
30calendardaysafter
thestartofa
subsequentcalendar
quarter.(1.1)
securitypracticesduring
acalendarquarterbut
didsowithinthe
subsequentquarterbut
beyond30calendar
daysafterthestartof
thatcalendarquarter.
(1.1)
didnotdocumentor
implementanysecurity
awarenessprocess(es)
toreinforcecyber
securitypractices.(R1)
OR
securitypracticesand
associatedphysical
securitypracticesforat
leasttwoconsecutive
calendarquarters.(1.1)
R2 Operations
Planning
Lower The
Responsible
Entity
implementeda
cybersecurity
training
programbut
failedto
includeoneof
thetraining
implementedacyber
securitytraining
programbutfailedto
includetwoofthe
trainingcontenttopics
inRequirementParts
2.1.1through2.1.9,and
didnotidentify,assess
andcorrectthe
implementedacyber
securitytraining
programbutfailedto
includethreeofthe
trainingcontenttopics
inRequirementParts
2.1.1through2.1.9,and
andcorrectthe
didnotimplementa
cybersecuritytraining
programappropriateto
individualroles,
functions,or
responsibilities.(R2)
OR
Page25of52
R# Time
Horizon
contenttopics
inRequirement
Parts2.1.1
through2.1.9,
anddidnot
identify,assess
andcorrectthe
deficiencies.
(2.1)
OR
The
Responsible
Entity
implementeda
cybersecurity
training
programbut
failedtotrain
oneindividual
(withthe
exceptionof
CIPExceptional
Circumstances)
priortotheir
beinggranted
authorized
electronicand
authorized
deficiencies.(2.1)
OR
implementedacyber
securitytraining
programbutfailedto
traintwoindividuals
(withtheexceptionof
CIPExceptional
Circumstances)priorto
theirbeinggranted
authorizedelectronic
andauthorized
unescortedphysical
access,anddidnot
identify,assessand
correctthedeficiencies.
(2.2)
OR
implementedacyber
securitytraining
programbutfailedto
traintwoindividuals
withauthorized
electronicorauthorized
unescortedphysical
deficiencies.(2.1)
OR
implementedacyber
securitytraining
programbutfailedto
trainthreeindividuals
(withtheexceptionof
CIPExceptional
theirbeinggranted
andauthorized
unescortedphysical
access,anddidnot
identify,assessand
(2.2)
OR
implementedacyber
securitytraining
programbutfailedto
trainthreeindividuals
withauthorized
unescortedphysical
implementedacyber
securitytraining
programbutfailedto
includefourormoreof
thetrainingcontent
topicsinRequirement
Parts2.1.1through
2.1.9,anddidnot
identify,assessand
(2.1)
OR
implementedacyber
securitytraining
programbutfailedto
trainfourormore
individuals(withthe
exceptionofCIP
Exceptional
theirbeinggranted
andauthorized
unescortedphysical
access,anddidnot
identify,assessand
Page26of52
R# Time
Horizon
unescorted
physicalaccess,
anddidnot
identify,assess
andcorrectthe
deficiencies.
(2.2)
OR
The
Responsible
Entity
implementeda
cybersecurity
training
programbut
failedtotrain
oneindividual
withauthorized
electronicor
authorized
unescorted
physicalaccess
within15
calendar
monthsofthe
previous
training
completion
accesswithin15
calendarmonthsofthe
previoustraining
completiondate,and
andcorrectthe
deficiencies.(2.3)
accesswithin15
calendarmonthsofthe
previoustraining
completiondate,and
andcorrectthe
deficiencies.(2.3)
(2.2)
OR
implementedacyber
securitytraining
programbutfailedto
trainfourormore
individualswith
authorizedunescorted
physicalaccesswithin
15calendarmonthsof
theprevioustraining
completiondate,and
andcorrectthe
deficiencies.(2.3)
Page27of52
R# Time
Horizon
date,anddid
notidentify,
assessand
correctthe
deficiencies.
(2.3)
R3 Operations
Planning
Medium The
Responsible
Entityhasa
programfor
conducting
PersonnelRisk
Assessments
(PRAs)for
individuals,
including
contractorsand
service
vendors,but
didnotconduct
thePRAasa
conditionof
granting
authorized
electronicor
authorized
unescorted
physicalaccess
hasaprogramfor
conductingPersonnel
RiskAssessments(PRAs)
forindividuals,including
contractorsandservice
vendors,butdidnot
conductthePRAasa
conditionofgranting
physicalaccessfortwo
individuals,anddidnot
identify,assess,and
(R3)
OR
didconductPersonnel
hasaprogramfor
conductingPersonnel
vendors,butdidnot
conductthePRAasa
conditionofgranting
physicalaccessforthree
identify,assess,and
(R3)
OR
didconductPersonnel
didnothaveallofthe
requiredelementsas
describedby3.1
through3.4included
withindocumented
program(s)for
implementingPersonnel
RiskAssessments
(PRAs),forindividuals,
includingcontractors
andservicevendors,for
obtainingandretaining
authorizedcyberor
physicalaccess.(R3)
OR
hasaprogramfor
conductingPersonnel
Page28of52
R# Time
Horizon
forone
individual,and
didnot
identify,assess,
andcorrectthe
deficiencies.
(R3)
OR
The
Responsible
Entitydid
conduct
PersonnelRisk
Assessments
(PRAs)for
individuals,
including
contractorsand
service
vendors,with
authorized
electronicor
authorized
unescorted
physicalaccess
butdidnot
confirm
identityforone
vendors,with
physicalaccessbutdid
notconfirmidentityfor
twoindividuals,anddid
notidentify,assess,and
(3.1&3.4)
OR
hasaprocessto
performsevenyear
criminalhistoryrecord
checksforindividuals,
andservicevendors,
withauthorized
unescortedphysical
accessbutdidnot
includetherequired
checksdescribedin
3.2.1and3.2.2fortwo
identify,assess,and
vendors,with
threeindividuals,and
didnotidentify,assess,
andcorrectthe
deficiencies.(3.1&3.4)
OR
hasaprocessto
performsevenyear
andservicevendors,
withauthorized
unescortedphysical
accessbutdidnot
includetherequired
checksdescribedin
3.2.1and3.2.2forthree
identify,assess,and
vendors,butdidnot
conductthePRAasa
conditionofgranting
physicalaccessforfour
ormoreindividuals,and
andcorrectthe
deficiencies.(R3)
OR
didconductPersonnel
vendors,with
fourormoreindividuals,
anddidnotidentify,
assess,andcorrectthe
Page29of52
R# Time
Horizon
individual,and
didnot
identify,assess,
andcorrectthe
deficiencies.
(3.1&3.4)
OR
The
Responsible
Entityhasa
processto
performseven
yearcriminal
historyrecord
checksfor
individuals,
including
contractorsand
service
vendors,with
authorized
electronicor
authorized
unescorted
physicalaccess
butdidnot
includethe
required
(3.2&3.4)
OR
didconductPersonnel
vendors,with
notevaluatecriminal
historyrecordscheck
foraccessauthorization
fortwoindividuals,and
andcorrectthe
OR
didnotconduct
PersonnelRisk
Assessments(PRAs)for
twoindividualswith
physicalaccesswithin7
(3.2&3.4)
OR
didconductPersonnel
vendors,with
notevaluatecriminal
historyrecordscheck
forthreeindividuals,
anddidnotidentify,
OR
didnotconduct
PersonnelRisk
threeindividualswith
physicalaccesswithin7
OR
hasaprocessto
performsevenyear
andservicevendors,
withauthorized
unescortedphysical
accessbutdidnot
includetherequired
checksdescribedin
3.2.1and3.2.2forfour
ormoreindividuals,and
andcorrectthe
OR
didconductPersonnel
vendors,with
Page30of52
R# Time
Horizon
checks
describedin
3.2.1and3.2.2
forone
individual,and
didnot
identify,assess,
andcorrectthe
deficiencies.
(3.2&3.4)
OR
The
Responsible
Entitydid
conduct
PersonnelRisk
Assessments
(PRAs)for
individuals,
including
contractorsand
service
vendors,with
authorized
electronicor
authorized
unescorted
physicalaccess
calendaryearsofthe
previousPRA
completiondate,and
andcorrectthe
deficiencies.(3.5)
calendaryearsofthe
previousPRA
completiondate,and
andcorrectthe
deficiencies.(3.5)
notevaluatecriminal
historyrecordscheck
forfourormore
identify,assess,and
(3.3&3.4)
OR
didnotconduct
PersonnelRisk
fourormoreindividuals
withauthorized
unescortedphysical
accesswithin7calendar
yearsoftheprevious
PRAcompletiondate
andhasidentified
deficiencies,anddidnot
identify,assess,and
(3.5)
Page31of52
R# Time
Horizon
butdidnot
evaluate
criminalhistory
recordscheck
foraccess
authorization
forone
individual,and
didnot
identify,assess,
andcorrectthe
deficiencies.
(3.3&3.4)
OR
The
Responsible
Entitydidnot
conduct
PersonnelRisk
Assessments
(PRAs)forone
individualwith
authorized
electronicor
authorized
unescorted
physicalaccess
within7
Page32of52
R# Time
Horizon
calendaryears
oftheprevious
PRA
completion
date,anddid
notidentify,
assess,and
correctthe
deficiencies.
(3.5)
R4 Operations
Planning
andSame
Day
Operations
Lower
The
Responsible
Entitydidnot
verifythat
individualswith
active
electronicor
active
unescorted
physicalaccess
have
authorization
recordsduring
acalendar
quarterbutdid
solessthan10
calendardays
afterthestart
didnotverifythat
individualswithactive
electronicoractive
unescortedphysical
accesshave
authorizationrecords
duringacalendar
quarterbutdidso
between10and30
calendardaysafterthe
startofasubsequent
calendarquarter,and
andcorrectthe
deficiencies.(4.2)
OR
didnotverifythat
electronicoractive
unescortedphysical
accesshave
duringacalendar
quarterbutdidso
between10and30
calendardaysafterthe
startofasubsequent
calendarquarter,and
andcorrectthe
deficiencies.(4.2)
OR
didnotimplementany
documentedprogram(s)
foraccessmanagement.
(R4)
OR
hasimplementedoneor
moredocumented
program(s)foraccess
managementthat
includesaprocessto
authorizeelectronic
access,unescorted
physicalaccess,or
accesstothedesignated
storagelocationswhere
Page33of52
R# Time
Horizon
ofa
subsequent
calendar
quarter,and
didnot
identify,assess
andcorrectthe
deficiencies.
(4.2)
OR
The
Responsible
Entityhas
implemented
processesto
verifythatuser
accounts,user
account
groups,oruser
rolecategories,
andtheir
specific,
associated
privilegesare
correctand
necessary
within15
hasimplemented
processestoverifythat
useraccounts,user
accountgroups,oruser
rolecategories,and
theirspecific,associated
privilegesarecorrect
andnecessarywithin15
calendarmonthsofthe
previousverificationbut
fortwoBESCyber
Systems,privilegeswere
incorrector
unnecessary,anddid
(4.3)
OR
hasimplemented
storagelocationsfor
BESCyberSystem
Informationiscorrect
hasimplemented
useraccounts,user
rolecategories,and
calendarmonthsofthe
forthreeBESCyber
Systems,privilegeswere
incorrector
unnecessary,anddid
(4.3)
OR
hasimplemented
storagelocationsfor
BESCyberSystem
BESCyberSystem
Informationislocated,
anddidnotidentify,
deficiencies.(4.1)
OR
didnotverifythat
electronicoractive
unescortedphysical
accesshave
foratleasttwo
consecutivecalendar
quarters,anddidnot
identify,assess,and
(4.2)
OR
hasimplemented
useraccounts,user
rolecategories,and
Page34of52
R# Time
Horizon
calendar
monthsofthe
previous
verificationbut
foroneBES
CyberSystem,
privilegeswere
incorrector
unnecessary,
anddidnot
identify,assess
andcorrectthe
deficiencies.
(4.3)
OR
The
Responsible
Entityhas
implemented
processesto
verifythat
accesstothe
designated
storage
locationsfor
BESCyber
System
Informationis
calendarmonthsofthe
fortwoBESCyber
SystemInformation
storagelocations,
privilegeswere
incorrector
unnecessary,anddid
(4.4)
calendarmonthsofthe
forthreeBESCyber
SystemInformation
storagelocations,
privilegeswere
incorrector
unnecessary,anddid
(4.4)
calendarmonthsofthe
forfourormoreBES
CyberSystems,
privilegeswere
incorrector
unnecessary,anddid
(4.3)
OR
hasimplemented
storagelocationsfor
BESCyberSystem
calendarmonthsofthe
forfourormoreBES
CyberSystem
Informationstorage
locations,privileges
Page35of52
R# Time
Horizon
correctand
necessary
within15
calendar
monthsofthe
previous
verificationbut
foroneBES
CyberSystem
Information
storage
location,
privilegeswere
incorrector
unnecessary,
anddidnot
identify,assess
andcorrectthe
deficiencies.
(4.4)
wereincorrector
unnecessary,anddid
(4.4)
R5 SameDay
Operations
and
Operations
Planning
Medium
The
Responsible
Entityhas
implemented
oneormore
process(es)to
revokethe
individuals
hasimplementedoneor
moreprocess(es)to
removetheabilityfor
unescortedphysical
accessandInteractive
RemoteAccessupona
terminationactionor
hasimplementedoneor
moreprocess(es)to
removetheabilityfor
unescortedphysical
RemoteAccessupona
terminationactionor
hasnotimplemented
anydocumented
program(s)foraccess
revocationforelectronic
access,unescorted
physicalaccess,orBES
CyberSystem
Page36of52
R# Time
Horizon
accesstothe
designated
storage
locationsfor
BESCyber
System
Information
but,forone
individual,did
notdosoby
theendofthe
nextcalendar
dayfollowing
theeffective
dateandtime
ofthe
termination
action,anddid
notidentify,
assess,and
correctthe
deficiencies.
(5.3)
OR
The
Responsible
Entityhas
implemented
completetheremoval
within24hoursofthe
terminationactionbut
didnotinitiatethose
removalsforone
individual,anddidnot
identify,assess,and
(5.1)
OR
hasimplementedoneor
moreprocess(es)to
determinethatan
individualnolonger
requiresretentionof
accessfollowing
reassignmentsor
transfersbut,forone
individual,didnot
revoketheauthorized
electronicaccessto
individualaccountsand
physicalaccessbythe
endofthenextcalendar
completetheremoval
within24hoursofthe
didnotinitiatethose
removalsfortwo
identify,assess,and
(5.1)
OR
hasimplementedoneor
moreprocess(es)to
determinethatan
individualnolonger
requiresretentionof
accessfollowing
reassignmentsor
transfersbut,fortwo
individuals,didnot
revoketheauthorized
electronicaccessto
individualaccountsand
physicalaccessbythe
endofthenextcalendar
Informationstorage
locations.(R5)
OR
hasimplementedoneor
moreprocess(es)to
removetheabilityfor
unescortedphysical
RemoteAccessupona
terminationactionor
completetheremoval
within24hoursofthe
didnotinitiatethose
removalsforthreeor
moreindividuals,and
andcorrectthe
deficiencies.(5.1)
OR
hasimplementedoneor
moreprocess(es)to
determinethatan
individualnolonger
Page37of52
R# Time
Horizon
oneormore
process(es)to
revokethe
individuals
useraccounts
upon
termination
actionbutdid
notdosofor
within30
calendardays
ofthedateof
termination
actionforone
ormore
individuals,and
didnot
identify,assess,
andcorrectthe
deficiencies.
(5.4)
OR
The
Responsible
Entityhas
implemented
oneormore
process(es)to
dayfollowingthe
predetermineddate,
anddidnotidentify,
deficiencies.(5.2)
OR
hasimplementedoneor
moreprocess(es)to
revoketheindividuals
storagelocationsfor
BESCyberSystem
Informationbut,fortwo
individuals,didnotdo
sobytheendofthe
nextcalendarday
followingtheeffective
dateandtimeofthe
terminationaction,and
andcorrectthe
deficiencies.(5.3)
dayfollowingthe
predetermineddate,
anddidnotidentify,
deficiencies.(5.2)
OR
hasimplementedoneor
moreprocess(es)to
revoketheindividuals
storagelocationsfor
BESCyberSystem
Informationbut,for
threeormore
individuals,didnotdo
sobytheendofthe
nextcalendarday
followingtheeffective
dateandtimeofthe
terminationaction,and
andcorrectthe
deficiencies.(5.3)
requiresretentionof
accessfollowing
reassignmentsor
transfersbut,forthree
ormoreindividuals,did
notrevokethe
accesstoindividual
accountsandauthorized
unescortedphysical
accessbytheendofthe
nextcalendarday
followingthe
predetermineddate,
anddidnotidentify,
deficiencies.(5.2)
Page38of52
R# Time
Horizon
change
passwordsfor
shared
accounts
knowntothe
userupon
termination
action,
reassignment,
ortransfer,but
didnotdoso
forwithin30
calendardays
ofthedateof
termination
action,
reassignment,
ortransferfor
oneormore
individuals,and
didnot
identify,assess,
andcorrectthe
deficiencies.
(5.5)
OR
The
Responsible
Page39of52
R# Time
Horizon
Entityhas
implemented
oneormore
process(es)to
determineand
document
extenuating
operating
circumstances
followinga
termination
action,
reassignment,
ortransfer,but
didnotchange
oneormore
passwordsfor
shared
accounts
knowntothe
userwithin10
calendardays
followingthe
endofthe
extenuating
operating
circumstances,
anddidnot
Page40of52
R# Time
Horizon
identify,assess,
andcorrectthe
deficiencies.
(5.5)
GuidelinesandTechnicalBasis
Page41of52
None.
E. I nterpretations
None.
None.

Section4ScopeofApplicabilityoftheCIPCyberSecurityStandards
Section4.ApplicabilityofthestandardsprovidesimportantinformationforResponsible
EntitiestodeterminethescopeoftheapplicabilityoftheCIPCyberSecurityRequirements.
Section4.1.FunctionalEntitiesisalistofNERCfunctionalentitiestowhichthestandard
applies.IftheentityisregisteredasoneormoreofthefunctionalentitieslistedinSection4.1,
thentheNERCCIPCyberSecurityStandardsapply.NotethatthereisaqualificationinSection
4.1thatrestrictstheapplicabilityinthecaseofDistributionProviderstoonlythosethatown
certaintypesofsystemsandequipmentlistedin4.2.Furthermore,
Section4.2.FacilitiesdefinesthescopeoftheFacilities,systems,andequipmentownedby
theResponsibleEntity,asqualifiedinSection4.1,thatissubjecttotherequirementsofthe
standard.Asspecifiedintheexemptionsection4.2.3.5,thisstandarddoesnotapplyto
ResponsibleEntitiesthatdonothaveHighImpactorMediumImpactBESCyberSystemsunder
CIP0025scategorization.InadditiontothesetofBESFacilities,ControlCenters,andother
systemsandequipment,thelistincludesthesetofsystemsandequipmentownedby
DistributionProviders.WhiletheNERCGlossarytermFacilitiesalreadyincludestheBES
characteristic,theadditionaluseofthetermBEShereismeanttoreinforcethescopeof
applicabilityoftheseFacilitieswhereitisused,especiallyinthisapplicabilityscopingsection.
ThisineffectsetsthescopeofFacilities,systems,andequipmentthatissubjecttothe
standards.
RequirementR1:
Thesecurityawarenessprogramisintendedtobeaninformationalprogram,notaformal
trainingprogram.Itshouldreinforcesecuritypracticestoensurethatpersonnelmaintain
awarenessofbestpracticesforbothphysicalandelectronicsecuritytoprotectitsBESCyber
Systems.TheResponsibleEntityisnotrequiredtoproviderecordsthatshowthateach
individualreceivedorunderstoodtheinformation,buttheymustmaintaindocumentationof
theprogrammaterialsutilizedintheformofposters,memos,and/orpresentations.
Examplesofpossiblemechanismsandevidence,whendated,whichcanbeusedare:
Page42of52
Directcommunications(e.g.,emails,memos,computerbasedtraining,etc.);
Indirectcommunications(e.g.,posters,intranet,brochures,etc.);
Managementsupportandreinforcement(e.g.,presentations,meetings,etc.).
RequirementR2:
Trainingshallcoverthepolicies,accesscontrols,andproceduresasdevelopedfortheBES
CyberSystemsandinclude,ataminimum,therequireditemsappropriatetopersonnelroles
andresponsibilitiesfromTableR2.TheResponsibleEntityhastheflexibilitytodefinethe
trainingprogramanditmayconsistofmultiplemodulesandmultipledeliverymechanisms,but
asingletrainingprogramforallindividualsneedingtobetrainedisacceptable.Thetraining
canfocusonfunctions,rolesorresponsibilitiesatthediscretionoftheResponsibleEntity.
Onenewelementinthetrainingcontentisintendedtoencompassnetworkinghardwareand
softwareandotherissuesofelectronicinterconnectivitysupportingtheoperationandcontrol
ofBESCyberSystemsasperFERCOrderNo.706,Paragraph434.Thisisnotintendedto
providetechnicaltrainingtoindividualssupportingnetworkinghardwareandsoftware,but
educatingsystemusersofthecybersecurityrisksassociatedwiththeinterconnectednessof
thesesystems.Theusers,basedontheirfunction,roleorresponsibility,shouldhaveabasic
understandingofwhichsystemscanbeaccessedfromothersystemsandhowtheactionsthey
takecanaffectcybersecurity.
EachResponsibleEntityshallensureallpersonnelwhoaregrantedauthorizedelectronicaccess
and/orauthorizedunescortedphysicalaccesstoitsBESCyberSystems,includingcontractors
andservicevendors,completecybersecuritytrainingpriortotheirbeinggrantedauthorized
access,exceptforCIPExceptionalCircumstances.Toretaintheauthorizedaccesses,individuals
mustcompletethetrainingatleastoneevery15months.
RequirementR3:
EachResponsibleEntityshallensureapersonnelriskassessmentisperformedforallpersonnel
whoaregrantedauthorizedelectronicaccessand/orauthorizedunescortedphysicalaccessto
itsBESCyberSystems,includingcontractorsandservicevendors,priortotheirbeinggranted
authorizedaccess,exceptforprogramspecifiedexceptionalcircumstancesthatareapproved
bythesingleseniormanagementofficialortheirdelegateandimpactthereliabilityoftheBES
oremergencyresponse.Identityshouldbeconfirmedinaccordancewithfederal,state,
provincial,andlocallaws,andsubjecttoexistingcollectivebargainingunitagreements.
Identityonlyneedstobeconfirmedpriortoinitiallygrantingaccessandonlyrequiresperiodic
confirmationaccordingtotheentitysprocessduringthetenureofemployment,whichmayor
maynotbethesameastheinitialverificationaction.
Asevenyearcriminalhistorycheckshouldbeperformedforthoselocationswherethe
individualhasresidedforatleastsixconsecutivemonths.Thischeckshouldalsobeperformed
inaccordancewithfederal,state,provincial,andlocallaws,andsubjecttoexistingcollective
bargainingunitagreements.Whenitisnotpossibletoperformafullsevenyearcriminal
historycheck,documentationmustbemadeofwhatcriminalhistorycheckwasperformed,and
thereasonsafullsevenyearcheckcouldnotbeperformed.Examplesofthiscouldinclude
Page43of52
individualsundertheageof25whereajuvenilecriminalhistorymaybeprotectedbylaw,
individualswhomayhaveresidedinlocationsfromwhereitisnotpossibletoobtainacriminal
historyrecordscheck,violatesthelaworisnotallowedundertheexistingcollectivebargaining
agreement.TheResponsibleEntityshouldconsidertheabsenceofinformationforthefull
sevenyearswhenassessingtheriskofgrantingaccessduringtheprocesstoevaluatethe
criminalhistorycheck.Thereneedstobeapersonnelriskassessmentthathasbeencompleted
withinthelastsevenyearsforeachindividualwithaccess.Anewcriminalhistoryrecordscheck
mustbeperformedaspartofthenewPRA.Individualswhohavebeengrantedaccessundera
previousversionofthesestandardsneedanewPRAwithinsevenyearsofthedateoftheirlast
PRA.Theclarificationsaroundthesevenyearcriminalhistorycheckinthisversiondonot
requireanewPRAbeperformedbytheimplementationdate.
RequirementR4:
AuthorizationforelectronicandunescortedphysicalaccessandaccesstoBESCyberSystem
Informationmustbeonthebasisofnecessityintheindividualperformingaworkfunction.
Documentationshowingtheauthorizationshouldhavesomejustificationofthebusinessneed
included.Toensurepropersegregationofduties,accessauthorizationandprovisioningshould
notbeperformedbythesamepersonwherepossible.
Thisrequirementspecifiesbothquarterlyreviewsandreviewsatleastonceevery15calendar
months.Quarterlyreviewsaretoperformavalidationthatonlyauthorizedusershavebeen
grantedaccesstoBESCyberSystems.Thisisachievedbycomparingindividualsactually
provisionedtoaBESCyberSystemagainstrecordsofindividualsauthorizedtotheBESCyber
System.Thefocusofthisrequirementisontheintegrityofprovisioningaccessratherthan
individualaccountsonallBESCyberAssets.Thelistofprovisionedindividualscanbean
automaticallygeneratedaccountlisting.However,inaBESCyberSystemwithseveralaccount
databases,thelistofprovisionedindividualsmaycomefromotherrecordssuchasprovisioning
workfloworauseraccountdatabasewhereprovisioningtypicallyinitiates.
Theprivilegereviewatleastonceevery15calendarmonthsismoredetailedtoensurean
individualsassociatedprivilegesaretheminimumnecessarytoperformtheirworkfunction
(i.e.,leastprivilege).Entitiescanmoreefficientlyperformthisreviewbyimplementingrole
basedaccess.Thisinvolvesdeterminingthespecificrolesonthesystem(e.g.,systemoperator,
technician,reportviewer,administrator,etc.)thengroupingaccessprivilegestotheroleand
assigninguserstotherole.Rolebasedaccessdoesnotassumeanyspecificsoftwareandcan
beimplementedbydefiningspecificprovisioningprocessesforeachrolewhereaccessgroup
Page44of52
assignmentscannotbeperformed.Rolebasedaccesspermissionseliminatetheneedto
performtheprivilegereviewonindividualaccounts.Anexampletimelineofallthereviewsin
RequirementR4isincludedbelow.
SeparationofdutiesshouldbeconsideredwhenperformingthereviewsinRequirementR4.
Thepersonreviewingshouldbedifferentthanthepersonprovisioningaccess.
Iftheresultsofquarterlyoratleastonceevery15calendarmonthsaccountreviewsindicatean
administrativeorclericalerrorinwhichaccesswasnotactuallyprovisioned,thentheSDT
intendsthatthiserrorshouldnotbeconsideredaviolationofthisrequirement.
ForBESCyberSystemsthatdonothaveuseraccountsdefined,thecontrolslistedin
RequirementR4arenotapplicable.However,theResponsibleEntityshoulddocumentsuch
configurations.
RequirementR5:
Therequirementtorevokeaccessatthetimeoftheterminationactionincludesprocedures
showingrevocationofaccessconcurrentwiththeterminationaction.Thisrequirement
recognizesthatthetimingoftheterminationactionmayvarydependingonthecircumstance.
Somecommonscenariosandpossibleprocessesonwhentheterminationactionoccursare
providedinthefollowingtable.Thesescenariosarenotanexhaustivelistofallscenarios,but
arerepresentativeofseveralroutinebusinesspractices.
Scenario PossibleProcess
Immediateinvoluntary
termination
Humanresourcesorcorporatesecurityescortstheindividual
offsiteandthesupervisororhumanresourcespersonnel
notifytheappropriatepersonneltobegintherevocation
process.
Scheduledinvoluntary
termination
Humanresourcespersonnelarenotifiedofthetermination
andworkwithappropriatepersonneltoschedulethe
revocationofaccessatthetimeoftermination.
Voluntarytermination Humanresourcespersonnelarenotifiedofthetermination
andworkwithappropriatepersonneltoschedulethe
revocationofaccessatthetimeoftermination.
Retirementwherethelast
workingdayisseveralweeks
priortotheterminationdate
Humanresourcespersonnelcoordinatewithmanagerto
determinethefinaldateaccessisnolongerneededand
scheduletherevocationofaccessonthedeterminedday.
Death Humanresourcespersonnelarenotifiedofthedeathand
workwithappropriatepersonneltobegintherevocation
process.

Page45of52
Revocationofelectronicaccessshouldbeunderstoodtomeanaprocesswiththeendresult
thatelectronicaccesstoBESCyberSystemsisnolongerpossibleusingcredentialsassignedto
orknownbytheindividual(s)whoseaccessprivilegesarebeingrevoked.Stepstakento
accomplishthisoutcomemayincludedeletionordeactivationofaccountsusedbythe
individual(s),butnospecificactionsareprescribed.Entitiesshouldconsidertheramifications
ofdeletinganaccountmayincludeincompleteeventlogentriesduetoanunrecognized
accountorsystemservicesusingtheaccounttologon.
TheinitialrevocationrequiredinRequirementR5.1includesunescortedphysicalaccessand
InteractiveRemoteAccess.Thesetwoactionsshouldpreventanyfurtheraccessbythe
individualaftertermination.Ifanindividualstillhaslocalaccessaccounts(i.e.,accountsonthe
CyberAssetitself)onBESCyberAssets,thentheResponsibleEntityhas30daystocompletethe
revocationprocessforthoseaccounts.However,nothingpreventsaResponsibleEntityfrom
performingalloftheaccessrevocationatthetimeoftermination.
Fortransferredorreassignedindividuals,areviewofaccessprivilegesshouldbeperformed.
Thisreviewcouldentailasimplelistingofallauthorizationsforanindividualandworkingwith
therespectivemanagerstodeterminewhichaccesswillstillbeneededinthenewposition.For
instancesinwhichtheindividualstillneedstoretainaccessaspartofatransitoryperiod,the
entityshouldscheduleatimetoreviewtheseaccessprivilegesorincludetheprivilegesinthe
quarterlyaccountrevieworannualprivilegereview.
Revocationofaccesstosharedaccountsiscalledoutseparatelytopreventthesituationwhere
passwordsonsubstationandgenerationdevicesareconstantlychangedduetostaffturnover.
Requirement5.5specifiedthatpasswordsforsharedaccountaretothechangedwithin30
calendardaysoftheterminationactionorwhentheResponsibleEntitydeterminesan
individualnolongerrequiresaccesstotheaccountasaresultofareassignmentortransfer.
The30daysappliesundernormaloperatingconditions.However,circumstancesmayoccur
wherethisisnotpossible.Somesystemsmayrequireanoutageorrebootofthesystemin
ordertocompletethepasswordchange.Inperiodsofextremeheatorcold,manyResponsible
EntitiesmayprohibitsystemoutagesandrebootsinordertomaintainreliabilityoftheBES.
Whenthesecircumstancesoccur,theResponsibleEntitymustdocumentthesecircumstances
andpreparetochangethepasswordwithin10calendardaysfollowingtheendoftheoperating
circumstances.RecordsofactivitiesmustberetainedtoshowthattheResponsibleEntity
followedtheplantheycreated.
Page46of52
Rationale:
Duringthedevelopmentofthisstandard,referencestopriorversionsoftheCIPstandardsand
rationalefortherequirementsandtheirpartswereembeddedwithinthestandard.UponBOT
approval,thatinformationwasmovedtothissection.
RationaleforR1:
EnsuresthatResponsibleEntitieswithpersonnelwhohaveauthorizedelectronicorauthorized
unescortedphysicalaccesstoBESCyberAssetstakeactionsothatthosepersonnelwithsuch
authorizedelectronicorauthorizedunescortedphysicalaccessmaintainawarenessofthe
ResponsibleEntityssecuritypractices.
SummaryofChanges:Reformattedintotablestructure.
Referencetopriorversion:(Part1.1)CIP0044,R1
ChangeRationale:(Part1.1)
Changedtoremovetheneedtoensureorproveeveryonewithauthorizedelectronicor
authorizedunescortedphysicalaccessreceivedongoingreinforcementtostatethatsecurity
awarenesshasbeenreinforced.
Movedexamplemechanismstoguidance.
RationaleforR2:
ToensurethattheResponsibleEntitystrainingprogramforpersonnelwhoneedauthorized
electronicaccessand/orauthorizedunescortedphysicalaccesstoBESCyberSystemscovers
theproperpolicies,accesscontrols,andprocedurestoprotectBESCyberSystemsandare
trainedbeforeaccessisauthorized.
Basedontheirrole,somepersonnelmaynotrequiretrainingonalltopics.
SummaryofChanges:
1.Additionofspecificroletrainingfor:
Thevisitorcontrolprogram
ElectronicinterconnectivitysupportingtheoperationandcontrolofBESCyber
Systems
StoragemediaaspartofthehandlingofBESCyberSystemsinformation
2.ChangereferencesfromCriticalCyberAssetstoBESCyberSystems.
Referencetopriorversion:(Part2.1)CIP0044,R2.2.1
RemovedproperuseofCriticalCyberAssetsconceptfrompreviousversionstofocusthe
requirementoncybersecurityissues,notthebusinessfunction.Thepreviousversionwas
Page47of52
focusedmoreonthebusinessorfunctionaluseoftheBESCyberSystemandisoutsidethescope
ofcybersecurity.Personnelwhowilladministerthevisitorcontrolprocessorserveasescorts
forvisitorsneedtrainingontheprogram.CoretrainingonthehandlingofBESCyberSystem
(notCriticalCyberAssets)Information,withtheadditionofstorage;FERCOrderNo.706,
paragraph413andparagraphs632634,688,732734;DHS2.4.16.Coretrainingonthe
identificationandreportingofaCyberSecurityIncident;FERCOrderNo.706,Paragraph413;
RelatedtoCIP0085&DHSIncidentReportingrequirementsforthosewithrolesinincident
reporting.CoretrainingontheactionplansandprocedurestorecoverorreestablishBESCyber
Systemsforpersonnelhavingaroleintherecovery;FERCOrderNo.706,Paragraph413.Core
trainingprogramsareintendedtoencompassnetworkinghardwareandsoftwareandother
issuesofelectronicinterconnectivitysupportingtheoperationandcontrolofBESCyberSystems;
FERCOrderNo.706,Paragraph434.
Referencetopriorversion:(Part2.2)CIP0044,R2.1
AdditionofexceptionalcircumstancesparametersasdirectedinFERCOrderNo.706,Paragraph
431isdetailedinCIP0035.
Updatedtoreplaceannuallywithonceevery15calendarmonths.
RationaleforR3:
Toensurethatindividualswhoneedauthorizedelectronicorauthorizedunescortedphysical
accesstoBESCyberSystemshavebeenassessedforrisk.Whetherinitialaccessormaintaining
access,thosewithaccessmusthavehadapersonnelriskassessmentcompletedwithinthelast
7years.
SummaryofChanges:Specifythatthesevenyearcriminalhistorycheckcoversalllocations
wheretheindividualhasresidedforsixconsecutivemonthsormore,includingcurrent
residenceregardlessofduration.
Addressedinterpretationrequestinguidance.Specifiedthatprocessforidentityconfirmationis
required.Theimplementationplanclarifiesthatadocumentedidentityverificationconducted
underanearlierversionoftheCIPstandardsissufficient.
Specifythatthesevenyearcriminalhistorycheckcoversalllocationswheretheindividualhas
residedforsixmonthsormore,includingcurrentresidenceregardlessofduration.Added
Page48of52
additionalwordingbasedoninterpretationrequest.Provisionismadeforwhenafullseven
yearcheckcannotbeperformed.
Referencetopriorversion:(Part3.3)New
Thereshouldbedocumentedcriteriaoraprocessusedtoevaluatecriminalhistoryrecords
checksforauthorizingaccess.
Separatedintoitsowntableitem.
Referencetopriorversion:(Part3.5)CIP0043,R3,R3.3
Whetherforinitialaccessormaintainingaccess,establishesthatthosewithaccessmusthave
hadPRAcompletedwithin7years.Thiscoversbothinitialandrenewal.Theimplementation
planspecifiesthatinitialperformanceofthisrequirementis7yearsafterthelastpersonnelrisk
assessmentthatwasperformedpursuanttoapreviousversionoftheCIPCyberSecurity
Standardsforapersonnelriskassessment.CIP0043,R3,R3.3
RationaleforR4:
ToensurethatindividualswithaccesstoBESCyberSystemsandthephysicalandelectronic
locationswhereBESCyberSystemInformationisstoredbytheResponsibleEntityhavebeen
properlyauthorizedforsuchaccess.Authorizationshouldbeconsideredtobeagrantof
permissionbyapersonorpersonsempoweredbytheResponsibleEntitytoperformsuch
grantsandincludedinthedelegationsreferencedinCIP0035.Provisioningshouldbe
consideredtheactionstoprovideaccesstoanindividual.
Accessisphysical,logical,andremotepermissionsgrantedtoCyberAssetscomposingtheBES
CyberSystemorallowingaccesstotheBESCyberSystem.Whengranting,reviewing,or
revokingaccess,theResponsibleEntitymustaddresstheCyberAssetspecificallyaswellasthe
systemsusedtoenablesuchaccess(i.e.,physicalaccesscontrolsystem,remoteaccesssystem,
directoryservices).
CIPExceptionalCircumstancesaredefinedinaResponsibleEntityspolicyfromCIP0035and
allowanexceptiontotherequirementforauthorizationtoBESCyberSystemsandBESCyber
SystemInformation.
QuarterlyreviewsinPart4.5aretoperformavalidationthatonlyauthorizedusershavebeen
grantedaccesstoBESCyberSystems.Thisisachievedbycomparingindividualsactually
provisionedtoaBESCyberSystemagainstrecordsofindividualsauthorizedtoaccesstheBES
CyberSystem.Thefocusofthisrequirementisontheintegrityofprovisioningaccessrather
thanindividualaccountsonallBESCyberAssets.Thelistofprovisionedindividualscanbean
automaticallygeneratedaccountlisting.However,inaBESCyberSystemwithseveralaccount
Page49of52
databases,thelistofprovisionedindividualsmaycomefromotherrecordssuchasprovisioning
workfloworauseraccountdatabasewhereprovisioningtypicallyinitiates.
Iftheresultsofquarterlyorannualaccountreviewsindicateanadministrativeorclericalerror
inwhichaccesswasnotactuallyprovisioned,thentheSDTintendsthattheerrorshouldnotbe
consideredaviolationofthisrequirement.
ForBESCyberSystemsthatdonothaveuseraccountsdefined,thecontrolslistedin
RequirementR4arenotapplicable.However,theResponsibleEntityshoulddocumentsuch
configurations.
SummaryofChanges:Theprimarychangewasinpullingtheaccessmanagementrequirements
fromCIP0034,CIP0044,andCIP0074intoasinglerequirement.Therequirementsfrom
Version4remainlargelyunchangedexcepttoclarifysometerminology.Thepurposefor
combiningtheserequirementsistoremovetheperceivedredundancyinauthorizationand
review.TherequirementinCIP0044R4tomaintainalistofauthorizedpersonnelhasbeen
removedbecausethelistrepresentsonlyoneformofevidencetodemonstratecompliance
thatonlyauthorizedpersonshaveaccess.
Referencetopriorversion:(Part4.1)CIP0034,R5.1andR5.2;CIP0064,R1.5andR4;CIP007
4,R5.1andR5.1.1
CombinedrequirementsfromCIP0034,CIP0074,andCIP0064tomaketheauthorization
processclearandconsistent.CIP0034,CIP0044,CIP0064,andCIP0074allreference
authorizationofaccessinsomeform,andCIP0034andCIP0074requireauthorizationona
needtoknowbasisorwithrespecttoworkfunctionsperformed.Thesewereconsolidatedto
ensureconsistencyintherequirementlanguage.
Feedbackamongteammembers,observers,andregionalCIPauditorsindicatestherehasbeen
confusioninimplementationaroundwhatthetermreviewentailedinCIP0044,Requirement
R4.1.Thisrequirementclarifiesthereviewshouldoccurbetweentheprovisionedaccessand
authorizedaccess.
Movedrequirementstoensureconsistencyandeliminatethecrossreferencingofrequirements.
Clarifiedwhatwasnecessaryinperformingverificationbystatingtheobjectivewastoconfirm
thataccessprivilegesarecorrectandtheminimumnecessary.
Movedrequirementtoensureconsistencyamongaccessreviews.Clarifiedprecisemeaningof
annual.Clarifiedwhatwasnecessaryinperformingaverificationbystatingtheobjectivewasto
Page50of52
confirmaccessprivilegesarecorrectandtheminimumnecessaryforperformingassignedwork
functions.
RationaleforR5:
ThetimelyrevocationofelectronicaccesstoBESCyberSystemsisanessentialelementofan
accessmanagementregime.WhenanindividualnolongerrequiresaccesstoaBESCyber
Systemtoperformhisorherassignedfunctions,thataccessshouldberevoked.Thisisof
particularimportanceinsituationswhereachangeofassignmentoremploymentis
involuntary,asthereisarisktheindividual(s)involvedwillreactinahostileordestructive
manner.
InconsideringhowtoaddressdirectivesinFERCOrderNo.706directingimmediate
revocationofaccessforinvoluntaryseparation,theSDTchosenottospecifyhourlytime
parametersintherequirement(e.g.,revokingaccesswithin1hour).Thepointintimeatwhich
anorganizationterminatesapersoncannotgenerallybedetermineddowntothehour.
However,mostorganizationshaveformalterminationprocesses,andthetimeliestrevocation
ofaccessoccursinconcurrencewiththeinitialprocessesoftermination.
Accessisphysical,logical,andremotepermissionsgrantedtoCyberAssetscomposingtheBES
CyberSystemorallowingaccesstotheBESCyberSystem.Whengranting,reviewing,or
revokingaccess,theResponsibleEntitymustaddresstheCyberAssetspecificallyaswellasthe
systemsusedtoenablesuchaccess(e.g.,physicalaccesscontrolsystem,remoteaccesssystem,
directoryservices).
SummaryofChanges:FERCOrderNo.706,Paragraphs460and461,statethefollowing:The
CommissionadoptstheCIPNOPRproposaltodirecttheEROtodevelopmodificationstoCIP
0041torequireimmediaterevocationofaccessprivilegeswhenanemployee,contractoror
vendornolongerperformsafunctionthatrequiresphysicalorelectronicaccesstoaCritical
CyberAssetforanyreason(includingdisciplinaryaction,transfer,retirement,ortermination).
Asageneralmatter,theCommissionbelievesthatrevokingaccesswhenanemployeeno
longerneedsit,eitherbecauseofachangeinjobortheendofemployment,mustbe
immediate.
TheFERCOrderNo.706,Paragraphs460and461,directsmodificationstotheStandardsto
requireimmediaterevocationforanypersonnolongerneedingaccess.Toaddressthis
directive,thisrequirementspecifiesrevocationconcurrentwiththeterminationinsteadof
within24hours.
Page51of52
FERCOrderNo.706,Paragraph460and461,directmodificationstotheStandardstorequire
immediaterevocationforanypersonnolongerneedingaccess,includingtransferred
employees.Inreviewinghowtomodifythisrequirement,theSDTdeterminedthedateaperson
nolongerneedsaccessafteratransferwasproblematicbecausetheneedmaychangeover
time.Asaresult,theSDTadaptedthisrequirementfromNIST80053Version3toreviewaccess
authorizationsonthedateofthetransfer.TheSDTfeltthiswasamoreeffectivecontrolin
accomplishingtheobjectivetopreventapersonfromaccumulatingunnecessaryauthorizations
throughtransfers.
FERCOrderNo.706,Paragraph386,directsmodificationstothestandardstorequireprompt
revocationofaccesstoprotectedinformation.Toaddressthisdirective,ResponsibleEntitiesare
requiredtorevokeaccesstoareasdesignatedforBESCyberSystemInformation.Thiscould
includerecordsclosets,substationcontrolhouses,recordsmanagementsystems,filesharesor
otherphysicalandlogicalareasundertheResponsibleEntityscontrol.
FERCOrderNo.706,Paragraph460and461,directmodificationstotheStandardstorequire
immediaterevocationforanypersonnolongerneedingaccess.Inordertomeettheimmediate
timeframe,ResponsibleEntitieswilllikelyhaveinitialrevocationprocedurestopreventremote
andphysicalaccesstotheBESCyberSystem.Somecasesmaytakemoretimetocoordinate
accessrevocationonindividualCyberAssetsandapplicationswithoutaffectingreliability.This
requirementprovidestheadditionaltimetoreviewandcompletetherevocationprocess.
Althoughtheinitialactionsalreadypreventfurtheraccess,thisstepprovidesadditional
assuranceintheaccessrevocationprocess.
Toprovideclarificationofexpectedactionsinmanagingthepasswords.
Page52of52
Version History

Version Date Action ChangeTracking
1 1/16/06 R3.2ChangeControlCenterto
controlcenter.
3/24/06
2 9/30/09
Modificationstoclarifythe
requirementsandtobringthe
complianceelementsintoconformance
withthelatestguidelinesfordeveloping
complianceelementsofstandards.
Removalofreasonablebusiness
judgment.
ReplacedtheRROwiththeREasa
responsibleentity.
RewordingofEffectiveDate.
Changedcompliancemonitorto
ComplianceEnforcementAuthority.
3 12/16/09 Updatedversionnumberfrom2to3
ApprovedbytheNERCBoardof
Trustees.
3 3/31/10 ApprovedbyFERC.
4 12/30/10 Modifiedtoaddspecificcriteriafor
CriticalAssetidentification.
Update
4 1/24/11 ApprovedbytheNERCBoardof
Trustees.
Update
5 11/26/12 AdoptedbytheNERCBoardof
Trustees.
Modifiedto
coordinatewith
otherCIP
standardsandto
reviseformatto
useRBS
Template.

Standard CIP0053a Cyber Security Electronic Security Perimeter(s)

1
A. Introduction
1. Title: Cyber Security Electronic Security Perimeter(s)
3. Purpose: Standard CIP-005-3 requires the identification and protection of the Electronic
Security Perimeter(s) inside which all Critical Cyber Assets reside, as well as all access points
on the perimeter. Standard CIP-005-3 should be read as part of a group of standards numbered
4. Applicability
4.1.10 NERC.
4.1.11 Regional Entity
have been received (or the Reliability Standard otherwise becomes effective in those
jurisdictions where regulatory approval is not required).
B. Requirements
R1. Electronic Security Perimeter The Responsible Entity shall ensure that every Critical Cyber
Asset resides within an Electronic Security Perimeter. The Responsible Entity shall identify and
document the Electronic Security Perimeter(s) and all access points to the perimeter(s).
R1.1. Access points to the Electronic Security Perimeter(s) shall include any externally
connected communication end point (for example, dial-up modems) terminating at any
device within the Electronic Security Perimeter(s).
R1.2. For a dial-up accessible Critical Cyber Asset that uses a non-routable protocol, the
Responsible Entity shall define an Electronic Security Perimeter for that single access
point at the dial-up device.
2
R1.3. Communication links connecting discrete Electronic Security Perimeters shall not be
considered part of the Electronic Security Perimeter. However, end points of these
communication links within the Electronic Security Perimeter(s) shall be considered
access points to the Electronic Security Perimeter(s).
R1.4. Any non-critical Cyber Asset within a defined Electronic Security Perimeter shall be
identified and protected pursuant to the requirements of Standard CIP-005-3.
R1.5. Cyber Assets used in the access control and/or monitoring of the Electronic Security
Perimeter(s) shall be afforded the protective measures as a specified in Standard CIP-
003-3; Standard CIP-004-3 Requirement R3; Standard CIP-005-3 Requirements R2
and R3; Standard CIP-006-3 Requirement R3; Standard CIP-007-3 Requirements R1
and R3 through R9; Standard CIP-008-3; and Standard CIP-009-3.
R1.6. The Responsible Entity shall maintain documentation of Electronic Security
Perimeter(s), all interconnected Critical and non-critical Cyber Assets within the
Electronic Security Perimeter(s), all electronic access points to the Electronic Security
Perimeter(s) and the Cyber Assets deployed for the access control and monitoring of
these access points.
R2. Electronic Access Controls The Responsible Entity shall implement and document the
organizational processes and technical and procedural mechanisms for control of electronic
access at all electronic access points to the Electronic Security Perimeter(s).
R2.1. These processes and mechanisms shall use an access control model that denies access
by default, such that explicit access permissions must be specified.
R2.2. At all access points to the Electronic Security Perimeter(s), the Responsible Entity shall
enable only ports and services required for operations and for monitoring Cyber Assets
within the Electronic Security Perimeter, and shall document, individually or by
specified grouping, the configuration of those ports and services.
R2.3. The Responsible Entity shall implement and maintain a procedure for securing dial-up
access to the Electronic Security Perimeter(s).
R2.4. Where external interactive access into the Electronic Security Perimeter has been
enabled, the Responsible Entity shall implement strong procedural or technical controls
at the access points to ensure authenticity of the accessing party, where technically
feasible.
R2.5. The required documentation shall, at least, identify and describe:
R2.5.1. The processes for access request and authorization.
R2.5.2. The authentication methods.
R2.5.3. The review process for authorization rights, in accordance with Standard
CIP-004-3 Requirement R4.
R2.5.4. The controls used to secure dial-up accessible connections.
R2.6. Appropriate Use Banner Where technically feasible, electronic access control
devices shall display an appropriate use banner on the user screen upon all interactive
access attempts. The Responsible Entity shall maintain a document identifying the
content of the banner. (Retirement approved by NERC BOT pending applicable
regulatory approval.)
R3. Monitoring Electronic Access The Responsible Entity shall implement and document an
electronic or manual process(es) for monitoring and logging access at access points to the
Electronic Security Perimeter(s) twenty-four hours a day, seven days a week.
3
R3.1. For dial-up accessible Critical Cyber Assets that use non-routable protocols, the
Responsible Entity shall implement and document monitoring process(es) at each
access point to the dial-up device, where technically feasible.
R3.2. Where technically feasible, the security monitoring process(es) shall detect and alert for
attempts at or actual unauthorized accesses. These alerts shall provide for appropriate
notification to designated response personnel. Where alerting is not technically
feasible, the Responsible Entity shall review or otherwise assess access logs for
attempts at or actual unauthorized accesses at least every ninety calendar days.
R4. Cyber Vulnerability Assessment The Responsible Entity shall perform a cyber vulnerability
assessment of the electronic access points to the Electronic Security Perimeter(s) at least
annually. The vulnerability assessment shall include, at a minimum, the following:
R4.1. A document identifying the vulnerability assessment process;
R4.2. A review to verify that only ports and services required for operations at these access
points are enabled;
R4.3. The discovery of all access points to the Electronic Security Perimeter;
R4.4. A review of controls for default accounts, passwords, and network management
community strings;
R4.5. Documentation of the results of the assessment, the action plan to remediate or mitigate
vulnerabilities identified in the assessment, and the execution status of that action plan.
R5. Documentation Review and Maintenance The Responsible Entity shall review, update, and
maintain all documentation to support compliance with the requirements of Standard CIP-005-
3.
R5.1. The Responsible Entity shall ensure that all documentation required by Standard CIP-
005-3 reflect current configurations and processes and shall review the documents and
procedures referenced in Standard CIP-005-3 at least annually.
R5.2. The Responsible Entity shall update the documentation to reflect the modification of
the network or controls within ninety calendar days of the change.
R5.3. The Responsible Entity shall retain electronic access logs for at least ninety calendar
days. Logs related to reportable incidents shall be kept in accordance with the
requirements of Standard CIP-008-3.
C. Measures
M1. The Responsible Entity shall make available documentation about the Electronic Security
Perimeter as specified in Requirement R1.
M2. The Responsible Entity shall make available documentation of the electronic access controls to
the Electronic Security Perimeter(s), as specified in Requirement R2.
M3. The Responsible Entity shall make available documentation of controls implemented to log and
monitor access to the Electronic Security Perimeter(s) as specified in Requirement R3.
M4. The Responsible Entity shall make available documentation of its annual vulnerability
assessment as specified in Requirement R4.
M5. The Responsible Entity shall make available access logs and documentation of review, changes,
and log retention as specified in Requirement R5.
D. Compliance
4
Not applicable.
Compliance Audits
Self-Certifications
Spot Checking
Self-Reporting
Complaints
1.4. Data Retention
1.4.1 The Responsible Entity shall keep logs for a minimum of ninety calendar days,
unless: a) longer retention is required pursuant to Standard CIP-008-3,
Requirement R2; b) directed by its Compliance Enforcement Authority to retain
specific evidence for a longer period of time as part of an investigation.
1.4.2 The Responsible Entity shall keep other documents and records required by
Standard CIP-005-3 from the previous full calendar year.
None identified.

5
Version History
1 01/16/06 D.2.3.1 Change Critical Assets, to Critical Cyber Assets
as intended.
03/24/06
2 Modifications to clarify the requirements and to bring the
compliance elements into conformance with the latest guidelines
for developing compliance elements of standards.
Replaced the RRO with the RE as a responsible entity.
Revised the wording of the Electronic Access Controls
requirement stated in R2.3 to clarify that the Responsible Entity
shall implement and maintain a procedure for securing dial-up
Changed compliance monitor to Compliance Enforcement
Authority.

3 Update version from -2 to -3
3a 02/16/10 Added Appendix 1 Interpretation of R1.3 approved by BOT
on February 16, 2010
Interpretation
3a 02/02/11 Approved by FERC
3a 2/7/13 R2.6 and associated elements approved by NERC Board of
Trustees for retirement as part of the Paragraph 81 project
(Project 2013-02) pending applicable regulatory approval.

6
Appendix 1
Section 4.2.2 Cyber Assets associated with communication networks and data communication links
between discrete Electronic Security Perimeters.
Requirement R1.3 Communication links connecting discrete Electronic Security Perimeters shall not
be considered part of the Electronic Security Perimeter. However, end points of these communication
links within the Electronic Security Perimeter(s) shall be considered access points to the Electronic
Security Perimeter(s).
Question 1 (Section 4.2.2)
What kind of cyber assets are referenced in 4.2.2 as "associated"? What else could be meant except the
devices forming the communication link?
In the context of applicability, associated Cyber Assets refer to any communications devices external
to the Electronic Security Perimeter, i.e., beyond the point at which access to the Electronic Security
Perimeter is controlled. Devices controlling access into the Electronic Security Perimeter are not
exempt.
Is the communication link physical or logical? Where does it begin and terminate?
The drafting team interprets the data communication link to be physical or logical, and its termination
points depend upon the design and architecture of the communication link.
Question 3 (Requirement R1.3)
Please clarify what is meant by an endpoint? Is it physical termination? Logical termination of OSI
layer 2, layer 3, or above?
The drafting team interprets the endpoint to mean the device at which a physical or logical
communication link terminates. The endpoint is the Electronic Security Perimeter access point if
access into the Electronic Security Perimeter is controlled at the endpoint, irrespective of which Open
Systems Interconnection (OSI) layer is managing the communication.
If endpoint is defined as logical and refers to layer 3 and above, please clarify if the termination
points of an encrypted tunnel (layer 3) must be treated as an access point? If two control centers are
owned and managed by the same entity, connected via an encrypted link by properly applied Federal
7
Information Processing Standards, with tunnel termination points that are within the control center
ESPs and PSPs and do not terminate on the firewall but on a separate internal device, and the
encrypted traffic already passes through a firewall access point at each ESP boundary where
port/protocol restrictions are applied, must these encrypted communication tunnel termination points
be treated as "access points" in addition to the firewalls through which the encrypted traffic has already
passed?
In the case where the endpoint is defined as logical and is >=layer 3, the termination points of an
encrypted tunnel must be treated as an access point. The encrypted communication tunnel
termination points referred to above are access points.

1

A. Introduction
1. Title: Cyber Security Electronic Security Perimeter(s)
3. Purpose: Standard CIP-005-4a requires the identification and protection of the Electronic
Security Perimeter(s) inside which all Critical Cyber Assets reside, as well as all access points
on the perimeter. Standard CIP-005-4a should be read as part of a group of standards numbered
4. Applicability
4.1. Within the text of Standard CIP-005-4a, Responsible Entity shall mean:
4.1.10 NERC.
4.2. The following are exempt from Standard CIP-005-4a:
C.F. R. Section 73.54.
approvals have been received (or the Reliability Standard otherwise becomes effective the
first day of the ninth calendar quarter after BOT adoption in those jurisdictions where
regulatory approval is not required).
B. Requirements
R1. Electronic Security Perimeter The Responsible Entity shall ensure that every Critical Cyber
Asset resides within an Electronic Security Perimeter. The Responsible Entity shall identify and
document the Electronic Security Perimeter(s) and all access points to the perimeter(s).
R1.1. Access points to the Electronic Security Perimeter(s) shall include any externally
connected communication end point (for example, dial-up modems) terminating at any
device within the Electronic Security Perimeter(s).
2

R1.2. For a dial-up accessible Critical Cyber Asset that uses a non-routable protocol, the
Responsible Entity shall define an Electronic Security Perimeter for that single access
R1.3. Communication links connecting discrete Electronic Security Perimeters shall not be
considered part of the Electronic Security Perimeter. However, end points of these
communication links within the Electronic Security Perimeter(s) shall be considered
R1.4. Any non-critical Cyber Asset within a defined Electronic Security Perimeter shall be
identified and protected pursuant to the requirements of Standard CIP-005-4a.
R1.5. Cyber Assets used in the access control and/or monitoring of the Electronic Security
Perimeter(s) shall be afforded the protective measures as a specified in Standard CIP-
003-4; Standard CIP-004-4 Requirement R3; Standard CIP-005-4a Requirements R2
and R3; Standard CIP-006-4c Requirement R3; Standard CIP-007-4 Requirements R1
and R3 through R9; Standard CIP-008-4; and Standard CIP-009-4.
R1.6. The Responsible Entity shall maintain documentation of Electronic Security
Perimeter(s), all interconnected Critical and non-critical Cyber Assets within the
Electronic Security Perimeter(s), all electronic access points to the Electronic Security
Perimeter(s) and the Cyber Assets deployed for the access control and monitoring of
these access points.
R2. Electronic Access Controls The Responsible Entity shall implement and document the
organizational processes and technical and procedural mechanisms for control of electronic
access at all electronic access points to the Electronic Security Perimeter(s).
R2.1. These processes and mechanisms shall use an access control model that denies access
by default, such that explicit access permissions must be specified.
R2.2. At all access points to the Electronic Security Perimeter(s), the Responsible Entity shall
enable only ports and services required for operations and for monitoring Cyber Assets
within the Electronic Security Perimeter, and shall document, individually or by
specified grouping, the configuration of those ports and services.
R2.3. The Responsible Entity shall implement and maintain a procedure for securing dial-up
R2.4. Where external interactive access into the Electronic Security Perimeter has been
enabled, the Responsible Entity shall implement strong procedural or technical controls
at the access points to ensure authenticity of the accessing party, where technically
feasible.
R2.5. The required documentation shall, at least, identify and describe:
R2.5.1. The processes for access request and authorization.
R2.5.2. The authentication methods.
R2.5.3. The review process for authorization rights, in accordance with Standard
CIP-004-4 Requirement R4.
R2.5.4. The controls used to secure dial-up accessible connections.
R2.6. Appropriate Use Banner Where technically feasible, electronic access control
devices shall display an appropriate use banner on the user screen upon all interactive
access attempts. The Responsible Entity shall maintain a document identifying the
content of the banner. (Retirement approved by NERC BOT pending applicable
3

R3. Monitoring Electronic Access The Responsible Entity shall implement and document an
electronic or manual process(es) for monitoring and logging access at access points to the
Electronic Security Perimeter(s) twenty-four hours a day, seven days a week.
R3.1. For dial-up accessible Critical Cyber Assets that use non-routable protocols, the
Responsible Entity shall implement and document monitoring process(es) at each
access point to the dial-up device, where technically feasible.
R3.2. Where technically feasible, the security monitoring process(es) shall detect and alert for
attempts at or actual unauthorized accesses. These alerts shall provide for appropriate
notification to designated response personnel. Where alerting is not technically
feasible, the Responsible Entity shall review or otherwise assess access logs for
attempts at or actual unauthorized accesses at least every ninety calendar days.
assessment of the electronic access points to the Electronic Security Perimeter(s) at least
annually. The vulnerability assessment shall include, at a minimum, the following:
R4.2. A review to verify that only ports and services required for operations at these access
points are enabled;
R4.3. The discovery of all access points to the Electronic Security Perimeter;
R4.4. A review of controls for default accounts, passwords, and network management
community strings;
R4.5. Documentation of the results of the assessment, the action plan to remediate or mitigate
vulnerabilities identified in the assessment, and the execution status of that action plan.
R5. Documentation Review and Maintenance The Responsible Entity shall review, update, and
maintain all documentation to support compliance with the requirements of Standard CIP-005-
4a.
R5.1. The Responsible Entity shall ensure that all documentation required by Standard CIP-
005-4a reflect current configurations and processes and shall review the documents and
procedures referenced in Standard CIP-005-4a at least annually.
R5.2. The Responsible Entity shall update the documentation to reflect the modification of
the network or controls within ninety calendar days of the change.
R5.3. The Responsible Entity shall retain electronic access logs for at least ninety calendar
days. Logs related to reportable incidents shall be kept in accordance with the
C. Measures
M1. The Responsible Entity shall make available documentation about the Electronic Security
Perimeter as specified in Requirement R1.
M2. The Responsible Entity shall make available documentation of the electronic access controls to
the Electronic Security Perimeter(s), as specified in Requirement R2.
M3. The Responsible Entity shall make available documentation of controls implemented to log and
monitor access to the Electronic Security Perimeter(s) as specified in Requirement R3.
M4. The Responsible Entity shall make available documentation of its annual vulnerability
assessment as specified in Requirement R4.
M5. The Responsible Entity shall make available access logs and documentation of review, changes,
and log retention as specified in Requirement R5.
4

D. Compliance
Compliance Audits
Self-Certifications
Spot Checking
Self-Reporting
Complaints
1.4. Data Retention
1.4.1 The Responsible Entity shall keep logs for a minimum of ninety calendar days,
unless: a) longer retention is required pursuant to Standard CIP-008-4,
Requirement R2; b) directed by its Compliance Enforcement Authority to retain
specific evidence for a longer period of time as part of an investigation.
1.4.2 The Responsible Entity shall keep other documents and records required by
Standard CIP-005-4a from the previous full calendar year.
5

R1. MEDIUM The Responsible Entity
did not document one
or more access points
to the Electronic
identified but did not document
one or more Electronic Security
Perimeter(s).
The Responsible Entity did not ensure that one or more of
the Critical Cyber Assets resides within an Electronic
Security Perimeter.
OR
The Responsible Entity did not identify nor document one
or more Electronic Security Perimeter(s).
The Responsible Entity did not ensure that one or more Critical
Cyber Assets resides within an Electronic Security Perimeter,
and the Responsible Entity did not identify and document the
Electronic Security Perimeter(s) and all access points to the
perimeter(s) for all Critical Cyber Assets.
R1.1. MEDIUM N/A N/A N/A Access points to the Electronic Security Perimeter(s) do not
include all externally connected communication end point (for
example, dial-up modems) terminating at any device within the
Electronic Security Perimeter(s).
R1.2. MEDIUM N/A N/A N/A For one or more dial-up accessible Critical Cyber Assets that
use a non-routable protocol, the Responsible Entity did not
define an Electronic Security Perimeter for that single access
R1.3. MEDIUM N/A N/A N/A At least one end point of a communication link within the
Electronic Security Perimeter(s) connecting discrete Electronic
Security Perimeters was not considered an access point to the
Electronic Security Perimeter.
R1.4. MEDIUM N/A One or more non-critical Cyber
Asset within a defined
Electronic Security Perimeter is
not identified but is protected
pursuant to the requirements of
Standard CIP-005.
One or more non-critical Cyber Asset within a defined
Electronic Security Perimeter is identified but not
protected pursuant to the requirements of Standard CIP-
005.
One or more non-critical Cyber Asset within a defined
Electronic Security Perimeter is not identified and is not
protected pursuant to the requirements of Standard CIP-005.
R1.5. MEDIUM A Cyber Asset used in
the access
control and/or
monitoring of the
Electronic Security
Perimeter(s) is
provided with all but
one (1) of
the protective measures
as
specified in Standard
CIP-003-4;
Standard CIP-004-4
Requirement
A Cyber Asset used in the
access
control and/or monitoring of
the
Electronic Security
Perimeter(s) is
provided with all but two (2) of
the protective measures as
specified in Standard CIP-003-
4;
Standard CIP-004-4
Requirement
R3; Standard CIP-005-4
Requirements R2 and R3;
A Cyber Asset used in the access
control and/or monitoring of the
Electronic Security Perimeter(s) is
provided with all but three (3) of
the protective measures as
specified in Standard CIP-003-4;
Standard CIP-004-4 Requirement
Standard CIP-006-4
Requirement R3; Standard CIP-007-4 Requirements R1
and R3
through R9; Standard CIP-008-4;
A Cyber Asset used in the access
control and/or monitoring of the
Electronic Security Perimeter(s) is
provided without four (4) or
more of the protective measures as
specified in Standard CIP-003-4;
Standard CIP-004-4 Requirement
Standard CIP-006-4
Requirement R3; Standard CIP-007-4 Requirements R1 and
R3
through R9; Standard CIP-008-4;
6

R3; Standard CIP-005-
4
Requirements R2 and
R3;
Standard CIP-006-4
Requirement R3;
Standard CIP-007-4
Requirements R1 and
R3
through R9; Standard
CIP-008-4;
and Standard CIP-009-
4.
Standard CIP-006-4
Requirement R3; Standard CIP-
007-4 Requirements R1 and R3
through R9; Standard CIP-008-
4;
and Standard CIP-009-4.
and Standard CIP-009-4. and Standard CIP-009-4.
R1.6. LOWER N/A N/A The Responsible Entity did not maintain documentation of
one of the following: Electronic Security Perimeter(s),
interconnected Critical and non-critical Cyber Assets
within the Electronic Security Perimeter(s), electronic
access point to the Electronic Security Perimeter(s) or
Cyber Asset deployed for the access control and
monitoring of these access points.
The Responsible Entity did not maintain documentation of two
or more of the following: Electronic Security Perimeter(s),
interconnected Critical and non-critical Cyber Assets within
the Electronic Security Perimeter(s), electronic access points to
the Electronic Security Perimeter(s) and Cyber Assets
deployed for the access control and monitoring of these access
points.
R2. MEDIUM N/A The Responsible Entity
document the organizational
processes and technical and
procedural mechanisms for
control of electronic access at
all electronic access points to
the Electronic Security
Perimeter(s).
The Responsible Entity documented but did not implement
the organizational processes and technical and procedural
mechanisms for control of electronic access at all
electronic access points to the Electronic Security
Perimeter(s).
The Responsible Entity did not implement nor document the
organizational processes and technical and procedural
mechanisms for control of electronic access at all electronic
R2.1. MEDIUM N/A N/A N/A The processes and mechanisms did not use an access control
model that denies access by default, such that explicit access
permissions must be specified.
R2.2. MEDIUM N/A At one or more access points to
Perimeter(s), the Responsible
Entity did not document,
individually or by specified
grouping, the configuration of
those ports and services
required for operation and for
monitoring Cyber Assets within
At one or more access points to the Electronic Security
Perimeter(s), the Responsible Entity enabled ports and
services not required for operations and for monitoring
Cyber Assets within the Electronic Security Perimeter but
did document, individually or by specified grouping, the
configuration of those ports and services.
At one or more access points to the Electronic Security
Perimeter(s), the Responsible Entity enabled ports and services
not required for operations and for monitoring Cyber Assets
within the Electronic Security Perimeter, and did not
document, individually or by specified grouping, the
configuration of those ports and services.
7

Perimeter.
R2.3. MEDIUM N/A N/A The Responsible Entity did
implement but did not maintain a
procedure for securing dial-up
access to the Electronic Security
Perimeter(s) where applicable.
implement nor maintain a
procedure for securing dial-up
access to the Electronic Security
Perimeter(s) where applicable.
R2.4. MEDIUM N/A N/A N/A Where external interactive access into the Electronic Security
Perimeter has been enabled the Responsible Entity did not
implement strong procedural or technical controls at the access
points to ensure authenticity of the accessing party, where
technically feasible.
R2.5. LOWER The required
documentation for R2
did not include one of
the elements described
in R2.5.1 through
R2.5.4
The required documentation for
R2 did not include two of the
elements described in R2.5.1
through R2.5.4
The required documentation for R2 did not include three of
the elements described in R2.5.1 through R2.5.4
The required documentation for R2 did not include any of the
elements described in R2.5.1 through R2.5.4
R2.6.
(Retirement
approved by
NERC BOT
pending
applicable
LOWER The Responsible Entity
did not maintain a
document identifying
the content of the
banner.
OR
Where technically feasible 5%
but less than 10% of electronic
access control devices did not
display an appropriate use
banner on the user screen upon
all interactive access attempts.
Where technically feasible 10% but less than 15% of
electronic access control devices did not display an
appropriate use banner on the user screen upon all
interactive access attempts.
Where technically feasible, 15% or more electronic access
control devices did not display an appropriate use banner on
the user screen upon all interactive access attempts.
8

regulatory
approval.)
Where technically
feasible less than 5%
electronic access
control devices did not
display an appropriate
use banner on the user
screen upon all
interactive access
attempts.

electronic or manual
processes for
monitoring and logging
access to access points.
OR
did not implement
processes monitoring
and logging at less than
5% of the access
points.
implement electronic or manual
processes monitoring and
logging at 5% or more but less
than 10% of the access points.
The Responsible Entity did not implement electronic or
manual processes monitoring and logging at 10% or more
but less than 15 % of the access points.
The Responsible Entity did not implement electronic or
manual processes monitoring and logging at 15% or more of
the access points.
R3.1. MEDIUM The Responsible Entity
processes for
monitoring access
points to dial-up
devices.
OR
Where technically
feasible, the
Responsible Entity did
not implement
processes for
monitoring at less than
5% of the access points
to dial-up devices.
Where technically feasible, the
Responsible Entity did not
implement electronic or manual
processes for monitoring at 5%
or more but less than 10% of
the access points to dial-up
devices.
Where technically feasible, the Responsible Entity did not
implement electronic or manual processes for monitoring
at 10% or more but less than 15% of the access points to
dial-up devices.
implement electronic or manual processes for monitoring at
15% or more of the access points to dial-up devices.
R3.2. MEDIUM N/A N/A Where technically feasible, the Responsible Entity
implemented security monitoring process(es) to detect and
alert for attempts at or actual unauthorized accesses,
however the alerts do not provide for appropriate
implement security monitoring process(es) to detect and alert
for attempts at or actual unauthorized accesses.
OR
9

notification to designated response personnel. Where alerting is not technically feasible, the Responsible
Entity did not review or otherwise assess access logs for
attempts at or actual unauthorized accesses at least every
ninety calendar days
did not performa
Vulnerability
Assessment at least
annually for less than
5% of access points to
Perimeter(s).
performa Vulnerability
Assessment at least annually
for 5% or more but less than
10% of access points to the
Electronic Security
Perimeter(s).
The Responsible Entity did not performa Vulnerability
Assessment at least annually for 10% or more but less than
15% of access points to the Electronic Security
Perimeter(s).
The Responsible Entity did not performa Vulnerability
Assessment at least annually for 15% or more of access points
to the Electronic Security Perimeter(s).
OR
The vulnerability assessment did not include one (1) or more
of the subrequirements R 4.1, R4.2, R4.3, R4.4, R4.5.
R4.1. LOWER N/A N/A N/A N/A
R4.2. MEDIUM N/A N/A N/A N/A
R5. LOWER The Responsible Entity
did not review, update,
and maintain at least
one but less than or
equal to 5% of the
documentation to
support compliance
with the requirements
of Standard CIP-005-4.
review, update, and maintain
greater than 5% but less than or
equal to 10% of the
documentation to support
compliance with the
requirements of Standard CIP-
005-4.
The Responsible Entity did not review, update, and
maintain greater than 10% but less than or equal to 15% of
the documentation to support compliance with the
The Responsible Entity did not review, update, and maintain
greater than 15% of the documentation to support compliance
with the requirements of Standard CIP-005-4.
10

R5.1. LOWER N/A The Responsible Entity did not
provide evidence of an annual
review of the documents and
procedures referenced in
Standard CIP-005-4.
The Responsible Entity did not document current
configurations and processes referenced in Standard CIP-
005-4.
The Responsible Entity did not document current
configurations and processes and did not review the documents
and procedures referenced in Standard CIP-005-4 at least
annually.
R5.2. LOWER For less than 5% of the
applicable changes, the
Responsible Entity did
not update the
documentation to
reflect the modification
of the network or
controls within ninety
change.
For 5% or more but less than
10% of the applicable changes,
the Responsible Entity did not
update the documentation to
reflect the modification of the
network or controls within
ninety calendar days of the
change.
For 10% or more but less than 15% of the applicable
changes, the Responsible Entity did not update the
documentation to reflect the modification of the network or
controls within ninety calendar days of the change.
For 15% or more of the applicable changes, the Responsible
Entity did not update the documentation to reflect the
modification of the network or controls within ninety calendar
days of the change.
R5.3. LOWER The Responsible Entity
retained electronic
access logs for 75 or
more calendar days, but
for less than 90
calendar days.
The Responsible Entity retained
electronic access logs for 60 or
more calendar days, but for less
than 75 calendar days.
The Responsible Entity retained electronic access logs for
45 or more calendar days , but for less than 60 calendar
days.
The Responsible Entity retained electronic access logs for less

None identified.

11

Version History
1 01/16/06 D.2.3.1 Change Critical Assets, to
Critical Cyber Assets as intended.
03/24/06
2 Approved by
NERC Board of
Trustees 5/6/09
Modifications to clarify the requirements
and to bring the compliance elements into
developing compliance elements of
standards.
responsible entity.
Revised the wording of the Electronic
Access Controls requirement stated in R2.3
to clarify that the Responsible Entity shall
implement and maintain a procedure for
securing dial-up access to the Electronic
Revised.
3 12/16/09 Changed CIP-005-2 to CIP-005-3.
Changed all references to CIP Version 2
standards to CIP Version 3 standards.
For Violation Severity Levels, changed, To
be developed later to Developed
separately.
Conforming revisions for
FERC Order on CIP V2
Standards (9/30/2009)
2a 02/16/10 Added Appendix 1 Interpretation of R1.3
approved by BOT on February 16, 2010
Addition
4a 01/24/11 Adopted by the NERC Board of Trustees Update to conform to
(Project 2008-06)

Update version number
from 3 to 4a
4a 4/19/12 FERC Order issued approving CIP-005-4a
(approval becomes effective J une 25, 2012)

D.2.

3a, 4a 2/7/13 R2.6 and associated elements approved by
NERC Board of Trustees for retirement as
part of the Paragraph 81 project (Project
2013-02) pending applicable regulatory
approval.

12

Appendix 1
Section 4.2.2 Cyber Assets associated with communication networks and data communication links
between discrete Electronic Security Perimeters.
Requirement R1.3 Communication links connecting discrete Electronic Security Perimeters shall not
be considered part of the Electronic Security Perimeter. However, end points of these communication
links within the Electronic Security Perimeter(s) shall be considered access points to the Electronic
What kind of cyber assets are referenced in 4.2.2 as "associated"? What else could be meant except the
devices forming the communication link?
In the context of applicability, associated Cyber Assets refer to any communications devices external
to the Electronic Security Perimeter, i.e., beyond the point at which access to the Electronic Security
Perimeter is controlled. Devices controlling access into the Electronic Security Perimeter are not
exempt.
Is the communication link physical or logical? Where does it begin and terminate?
The drafting team interprets the data communication link to be physical or logical, and its termination
points depend upon the design and architecture of the communication link.
Please clarify what is meant by an endpoint? Is it physical termination? Logical termination of OSI
layer 2, layer 3, or above?
The drafting team interprets the endpoint to mean the device at which a physical or logical
communication link terminates. The endpoint is the Electronic Security Perimeter access point if
access into the Electronic Security Perimeter is controlled at the endpoint, irrespective of which Open
Systems Interconnection (OSI) layer is managing the communication.
If endpoint is defined as logical and refers to layer 3 and above, please clarify if the termination
points of an encrypted tunnel (layer 3) must be treated as an access point? If two control centers are
13

owned and managed by the same entity, connected via an encrypted link by properly applied Federal
Information Processing Standards, with tunnel termination points that are within the control center
ESPs and PSPs and do not terminate on the firewall but on a separate internal device, and the
encrypted traffic already passes through a firewall access point at each ESP boundary where
port/protocol restrictions are applied, must these encrypted communication tunnel termination points
be treated as "access points" in addition to the firewalls through which the encrypted traffic has already
passed?
In the case where the endpoint is defined as logical and is >=layer 3, the termination points of an
encrypted tunnel must be treated as an access point. The encrypted communication tunnel
termination points referred to above are access points.

CIP0055CyberSecurityElectronicSecurityPerimeter(s)
Page1of19
A. I ntroduction
1. Title: CyberSecurityElectronicSecurityPerimeter(s)
2. Number: CIP0055
3. Purpose: TomanageelectronicaccesstoBESCyberSystemsbyspecifyinga
controlledElectronicSecurityPerimeterinsupportofprotectingBESCyberSystems
againstcompromisethatcouldleadtomisoperationorinstabilityintheBES.
4. Applicability:
4.1. FunctionalEntities:Forthepurposeoftherequirementscontainedherein,the
followinglistoffunctionalentitieswillbecollectivelyreferredtoasResponsible
Entities.Forrequirementsinthisstandardwhereaspecificfunctionalentityor
subsetoffunctionalentitiesaretheapplicableentityorentities,thefunctionalentity
orentitiesarespecifiedexplicitly.
4.1.1 BalancingAuthority
4.1.2 DistributionProviderthatownsoneormoreofthefollowingFacilities,systems,
andequipmentfortheprotectionorrestorationoftheBES:
4.1.2.1 EachunderfrequencyLoadshedding(UFLS)orundervoltageLoadshedding
(UVLS)systemthat:
4.1.2.1.1 ispartofaLoadsheddingprogramthatissubjecttooneormore
4.1.2.1.2 performsautomaticLoadsheddingunderacommoncontrolsystem
ownedbytheResponsibleEntity,withouthumanoperatorinitiation,
of300MWormore.
4.1.2.2 EachSpecialProtectionSystemorRemedialActionSchemewherethe
SpecialProtectionSystemorRemedialActionSchemeissubjecttooneor
morerequirementsinaNERCorRegionalReliabilityStandard.
4.1.2.3 EachProtectionSystem(excludingUFLSandUVLS)thatappliesto
TransmissionwheretheProtectionSystemissubjecttooneormore
4.1.2.4 EachCrankingPathandgroupofElementsmeetingtheinitialswitching
unit(s)tobestarted.
4.1.3 GeneratorOperator
4.1.4 GeneratorOwner
4.1.5 InterchangeCoordinatororInterchangeAuthority
4.1.6 ReliabilityCoordinator
4.1.7 TransmissionOperator
Page2of19
4.1.8 TransmissionOwner
Facilities,systems,andequipmentownedbyeachResponsibleEntityin4.1above
arethosetowhichtheserequirementsareapplicable.Forrequirementsinthis
standardwhereaspecifictypeofFacilities,system,orequipmentorsubsetof
Facilities,systems,andequipmentareapplicable,thesearespecifiedexplicitly.
4.2.1 DistributionProvider:OneormoreofthefollowingFacilities,systemsand
equipmentownedbytheDistributionProviderfortheprotectionorrestoration
oftheBES:
4.2.1.1 EachUFLSorUVLSSystemthat:
of300MWormore.
unit(s)tobestarted.
4.2.2 ResponsibleEntitieslistedin4.1otherthanDistributionProviders:
AllBESFacilities.
4.2.3 Exemptions:ThefollowingareexemptfromStandardCIP0055:
4.2.3.1 CyberAssetsatFacilitiesregulatedbytheCanadianNuclearSafety
Commission.
4.2.3.2 CyberAssetsassociatedwithcommunicationnetworksanddata
4.2.3.3 Thesystems,structures,andcomponentsthatareregulatedbytheNuclear
Section73.54.
4.2.3.4 ForDistributionProviders,thesystemsandequipmentthatarenotincluded
insection4.2.1above.
Page3of19
4.2.3.5 ResponsibleEntitiesthatidentifythattheyhavenoBESCyberSystems
5.EffectiveDates:
1.24MonthsMinimumCIP0055shallbecomeeffectiveonthelaterofJuly1,
2015,orthefirstcalendardayoftheninthcalendarquarteraftertheeffective
dateoftheorderprovidingapplicableregulatoryapproval.
2.Inthosejurisdictionswherenoregulatoryapprovalisrequired,CIP0055shall
becomeeffectiveonthefirstdayoftheninthcalendarquarterfollowingBoardof
Trusteesapproval,orasotherwisemadeeffectivepursuanttothelaws
applicabletosuchEROgovernmentalauthorities.
6.Background:
StandardCIP0055existsaspartofasuiteofCIPStandardsrelatedtocybersecurity.
CIP0025requirestheinitialidentificationandcategorizationofBESCyberSystems.
CIP0035,CIP0045,CIP0055,CIP0065,CIP0075,CIP0085,CIP0095,CIP0101,
andCIP0111requireaminimumleveloforganizational,operationalandprocedural
controlstomitigaterisktoBESCyberSystems.ThissuiteofCIPStandardsisreferred
toastheVersion5CIPCyberSecurityStandards.
documented[processes,plan,etc]thatincludetheapplicableitemsin[Table
Reference].Thereferencedtablerequirestheapplicableitemsintheproceduresfor
therequirementscommonsubjectmatter.
ResponsibleEntityandtoachieveaspecificoutcome.Thistermdoesnotimplyany
particularnamingorapprovalstructurebeyondwhatisstatedintherequirements.
Anentityshouldincludeasmuchasitbelievesnecessaryintheirdocumented
processes,buttheymustaddresstheapplicablerequirementsinthetable.
Thetermsprogramandplanaresometimesusedinplaceofdocumentedprocesses
whereitmakessenseandiscommonlyunderstood.Forexample,documented
processesdescribingaresponsearetypicallyreferredtoasplans(i.e.,incident
responseplansandrecoveryplans).Likewise,asecurityplancandescribean
approachinvolvingmultipleprocedurestoaddressabroadsubjectmatter.
Similarly,thetermprogrammayrefertotheorganizationsoverallimplementationof
itspolicies,plansandproceduresinvolvingasubjectmatter.Examplesinthe
standardsincludethepersonnelriskassessmentprogramandthepersonneltraining
program.ThefullimplementationoftheCIPCyberSecurityStandardscouldalsobe
referredtoasaprogram.However,thetermsprogramandplandonotimplyany
additionalrequirementsbeyondwhatisstatedinthestandards.
ResponsibleEntitiescanimplementcommoncontrolsthatmeetrequirementsfor
multiplehighandmediumimpactBESCyberSystems.Forexample,asingletraining
Page4of19
programcouldmeettherequirementsfortrainingpersonnelacrossmultipleBES
CyberSystems.
Measuresfortheinitialrequirementaresimplythedocumentedprocesses
themselves.Measuresinthetablerowsprovideexamplesofevidencetoshow
documentationandimplementationofapplicableitemsinthedocumentedprocesses.
Thesemeasuresservetoprovideguidancetoentitiesinacceptablerecordsof
complianceandshouldnotbeviewedasanallinclusivelist.
Throughoutthestandards,unlessotherwisestated,bulleteditemsinthe
requirementsandmeasuresareitemsthatarelinkedwithanor,andnumbered
itemsareitemsthatarelinkedwithanand.
ManyreferencesintheApplicabilitysectionuseathresholdof300MWforUFLSand
UVLS.Thisparticularthresholdof300MWforUVLSandUFLSwasprovidedinVersion
1oftheCIPCyberSecurityStandards.Thethresholdremainsat300MWsinceitis
specificallyaddressingUVLSandUFLS,whicharelastditcheffortstosavetheBulk
ElectricSystem.AreviewofUFLStolerancesdefinedwithinregionalreliability
standardsforUFLSprogramrequirementstodateindicatesthatthehistoricalvalueof
300MWrepresentsanadequateandreasonablethresholdvalueforallowableUFLS
operationaltolerances.
EachtablehasanApplicableSystemscolumntofurtherdefinethescopeofsystems
towhichaspecificrequirementrowapplies.TheCSO706SDTadaptedthisconcept
fromtheNationalInstituteofStandardsandTechnology(NIST)RiskManagement
Frameworkasawayofapplyingrequirementsmoreappropriatelybasedonimpact
andconnectivitycharacteristics.Thefollowingconventionsareusedinthe
ApplicableSystemscolumnasdescribed.
HighImpactBESCyberSystemsAppliestoBESCyberSystemscategorizedas
highimpactaccordingtotheCIP0025identificationandcategorization
processes.
HighImpactBESCyberSystemswithDialupConnectivityOnlyappliestohigh
impactBESCyberSystemswithDialupConnectivity.
HighImpactBESCyberSystemswithExternalRoutableConnectivityOnly
appliestohighimpactBESCyberSystemswithExternalRoutableConnectivity.
ThisalsoexcludesCyberAssetsintheBESCyberSystemthatcannotbedirectly
accessedthroughExternalRoutableConnectivity.
MediumImpactBESCyberSystemsAppliestoeachBESCyberSystems
categorizedasmediumimpactaccordingtotheCIP0025identificationand
categorizationprocesses.
MediumImpactBESCyberSystemsatControlCentersOnlyappliestomedium
impactBESCyberSystemslocatedataControlCenter.
Page5of19
MediumImpactBESCyberSystemswithDialupConnectivityOnlyappliesto
mediumimpactBESCyberSystemswithDialupConnectivity.
MediumImpactBESCyberSystemswithExternalRoutableConnectivityOnly
appliestomediumimpactBESCyberSystemswithExternalRoutableConnectivity.
ProtectedCyberAssets(PCA)AppliestoeachProtectedCyberAssetassociated
withareferencedhighimpactBESCyberSystemormediumimpactBESCyber
System.
ElectronicAccessPoints(EAP)AppliesatElectronicAccessPointsassociated
System.
Page6of19
R1. EachResponsibleEntityshallimplementoneormoredocumentedprocessesthatcollectivelyincludeeachofthe
applicablerequirementpartsinCIP0055TableR1ElectronicSecurityPerimeter.[ViolationRiskFactor:Medium][Time
Horizon:OperationsPlanningandSameDayOperations].
requirementpartsinCIP0055TableR1ElectronicSecurityPerimeterandadditionalevidencetodemonstrate
CIP0055TableR1ElectronicSecurityPerimeter
theirassociated:
PCA
andtheirassociated:
PCA
AllapplicableCyberAssetsconnected
toanetworkviaaroutableprotocol
shallresidewithinadefinedESP.
butisnotlimitedto,alistofallESPs
withalluniquelyidentifiable
applicableCyberAssetsconnected
viaaroutableprotocolwithineach
ESP.
Page7of19
1.2 HighImpactBESCyberSystemswith
ExternalRoutableConnectivityand
theirassociated:
PCA
andtheirassociated:
PCA
AllExternalRoutableConnectivity
mustbethroughanidentified
ElectronicAccessPoint(EAP).
butisnotlimitedto,network
diagramsshowingallexternal
routablecommunicationpathsand
theidentifiedEAPs.

Page8of19
1.3 ElectronicAccessPointsforHigh
ImpactBESCyberSystems
ElectronicAccessPointsforMedium
Requireinboundandoutbound
accesspermissions,includingthe
reasonforgrantingaccess,anddeny
allotheraccessbydefault.
butisnotlimitedto,alistofrules
(firewall,accesscontrollists,etc.)
thatdemonstratethatonlypermitted
accessisallowedandthateach
accessrulehasadocumented
reason.
1.4 HighImpactBESCyberSystemswith
DialupConnectivityandtheir
associated:
PCA
withDialupConnectivityandtheir
associated:
PCA
Wheretechnicallyfeasible,perform
authenticationwhenestablishing
DialupConnectivitywithapplicable
CyberAssets.
butisnotlimitedto,adocumented
processthatdescribeshowthe
ResponsibleEntityisproviding
authenticatedaccessthrougheach
dialupconnection.

Page9of19
1.5 ElectronicAccessPointsforHigh
ElectronicAccessPointsforMedium
ImpactBESCyberSystemsatControl
Centers
Haveoneormoremethodsfor
detectingknownorsuspected
maliciouscommunicationsforboth
inboundandoutbound
communications.
thatmaliciouscommunications
detectionmethods(e.g.intrusion
detectionsystem,applicationlayer
firewall,etc.)areimplemented.

R2. EachResponsibleEntityallowingInteractiveRemoteAccesstoBESCyberSystemsshallimplementoneormore
documentedprocessesthatcollectivelyincludetheapplicablerequirementparts,wheretechnicallyfeasible,inCIP0055
TableR2InteractiveRemoteAccessManagement.[ViolationRiskFactor:Medium][TimeHorizon:OperationsPlanning
andSameDayOperations].
M2. EvidencemustincludethedocumentedprocessesthatcollectivelyaddresseachoftheapplicablerequirementpartsinCIP
0055TableR2InteractiveRemoteAccessManagementandadditionalevidencetodemonstrateimplementationas

Page10of19
CIP0055TableR2InteractiveRemoteAccessManagement
theirassociated:
PCA
andtheirassociated:
PCA
UtilizeanIntermediateSystemsuch
thattheCyberAssetinitiating
InteractiveRemoteAccessdoesnot
directlyaccessanapplicableCyber
Asset.
arenotlimitedto,networkdiagramsor
architecturedocuments.
theirassociated:
PCA
andtheirassociated:
PCA
ForallInteractiveRemoteAccess
sessions,utilizeencryptionthat
terminatesatanIntermediateSystem.
butisnotlimitedto,architecture
documentsdetailingwhereencryption
initiatesandterminates.
Page11of19
CIP0055TableR2InteractiveRemoteAccessManagement
theirassociated:
PCA
andtheirassociated:
PCA
Requiremultifactorauthenticationfor
allInteractiveRemoteAccesssessions.
butisnotlimitedto,architecture
documentsdetailingtheauthentication
factorsused.
Examplesofauthenticatorsmay
include,butarenotlimitedto,
Somethingtheindividualknows
suchaspasswordsorPINs.This
doesnotincludeUserID;
Somethingtheindividualhas
suchastokens,digital
certificates,orsmartcards;or
Somethingtheindividualissuch
asfingerprints,irisscans,or
otherbiometriccharacteristics.
Page12of19
C. Compliance
ComplianceAudit
SelfCertification
SpotChecking
SelfReporting
Complaint
None
Page13of19
None.
E. Interpretations
None.
None.


standards.
RequirementR1:
CIP0055,RequirementR1requiressegmentingofBESCyberSystemsfromothersystemsof
differingtrustlevelsbyrequiringcontrolledElectronicAccessPointsbetweenthedifferenttrust
zones.ElectronicSecurityPerimetersarealsousedasaprimarydefenselayerforsomeBES
CyberSystemsthatmaynotinherentlyhavesufficientcybersecurityfunctionality,suchas
devicesthatlackauthenticationcapability.
Page14of19
AllapplicableBESCyberSystemsthatareconnectedtoanetworkviaaroutableprotocolmust
haveadefinedElectronicSecurityPerimeter(ESP).Evenstandalonenetworksthathaveno
externalconnectivitytoothernetworksmusthaveadefinedESP.TheESPdefinesazoneof
protectionaroundtheBESCyberSystem,anditalsoprovidesclarityforentitiestodetermine
whatsystemsorCyberAssetsareinscopeandwhatrequirementstheymustmeet.TheESPis
usedin:
DefiningthescopeofAssociatedProtectedCyberAssetsthatmustalsomeetcertain
CIPrequirements.
DefiningtheboundaryinwhichalloftheCyberAssetsmustmeettherequirementsof
thehighestimpactBESCyberSystemthatisinthezone(thehighwatermark).
TheCIPCyberSecurityStandardsdonotrequirenetworksegmentationofBESCyberSystems
byimpactclassification.ManydifferentimpactclassificationscanbemixedwithinanESP.
However,alloftheCyberAssetsandBESCyberSystemswithintheESPmustbeprotectedat
thelevelofthehighestimpactBESCyberSystempresentintheESP(i.e.,thehighwater
mark)wherethetermProtectedCyberAssetsisused.TheCIPCyberSecurityStandards
accomplishthehighwatermarkbyassociatingallotherCyberAssetswithintheESP,even
otherBESCyberSystemsoflesserimpact,asProtectedCyberAssetsofthehighestimpact
systemintheESP.
Forexample,ifanESPcontainsbothahighimpactBESCyberSystemandalowimpactBES
CyberSystem,eachCyberAssetofthelowimpactBESCyberSystemisanAssociated
ProtectedCyberAssetofthehighimpactBESCyberSystemandmustmeetallrequirements
withthatdesignationintheapplicabilitycolumnsoftherequirementtables.
IfthereisroutableconnectivityacrosstheESPintoanyCyberAsset,thenanElectronicAccess
Point(EAP)mustcontroltrafficintoandoutoftheESP.ResponsibleEntitiesshouldknowwhat
trafficneedstocrossanEAPanddocumentthosereasonstoensuretheEAPslimitthetrafficto
onlythoseknowncommunicationneeds.Theseinclude,butarenotlimitedto,
communicationsneededfornormaloperations,emergencyoperations,support,maintenance,
andtroubleshooting.
TheEAPshouldcontrolbothinboundandoutboundtraffic.Thestandardaddedoutbound
trafficcontrol,asitisaprimeindicatorofcompromiseandafirstlevelofdefenseagainstzero
dayvulnerabilitybasedattacks.IfCyberAssetswithintheESPbecomecompromisedand
attempttocommunicatetounknownhostsoutsidetheESP(usuallycommandandcontrol
hostsontheInternet,orcompromisedjumphostswithintheResponsibleEntitysother
networksactingasintermediaries),theEAPsshouldfunctionasafirstlevelofdefensein
stoppingtheexploit.ThisdoesnotlimittheResponsibleEntityfromcontrollingoutbound
trafficatthelevelofgranularitythatitdeemsappropriate,andlargerangesofinternal
addressesmaybeallowed.TheSDTsintentisthattheResponsibleEntityknowswhatother
CyberAssetsorrangesofaddressesaBESCyberSystemneedstocommunicatewithandlimits
thecommunicationstothatknownrange.Forexample,mostBESCyberSystemswithina
ResponsibleEntityshouldnothavetheabilitytocommunicatethroughanEAPtoanynetwork
addressintheworld,butshouldprobablybeatleastlimitedtotheaddressspaceofthe
Page15of19
ResponsibleEntity,andpreferablytoindividualsubnetrangesorindividualhostswithinthe
ResponsibleEntitysaddressspace. TheSDTsintentisnotforResponsibleEntitiestodocument
theinnerworkingsofstatefulfirewalls,whereconnectionsinitiatedinonedirectionare
allowedareturnpath.Theintentistoknowanddocumentwhatsystemscantalktowhat
othersystemsorrangesofsystemsontheothersideoftheEAP,suchthatrogueconnections
canbedetectedandblocked.
Thisrequirementappliesonlytocommunicationsforwhichaccesslistsanddenybydefault
typerequirementscanbeuniversallyapplied,whichtodayarethosethatemployroutable
protocols.Directserial,nonroutableconnectionsarenotincludedasthereisnoperimeteror
firewalltypesecuritythatshouldbeuniversallymandatedacrossallentitiesandallserial
communicationsituations.ThereisnofirewallorperimetercapabilityforanRS232cablerun
betweentwoCyberAssets.Withoutaclearperimetertypesecuritycontrolthatcanbe
appliedinpracticallyeverycircumstance,sucharequirementwouldmostlygeneratetechnical
feasibilityexceptions(TFEs)ratherthanincreasedsecurity.
Asfordialupconnectivity,theStandardDraftingTeamsintentofthisrequirementisto
preventsituationswhereonlyaphonenumbercanestablishdirectconnectivitytotheBES
CyberAsset.Ifadialupmodemisimplementedinsuchawaythatitsimplyanswersthephone
andconnectsthelinetotheBESCyberAssetwithnoauthenticationofthecallingparty,itisa
vulnerabilitytotheBESCyberSystem.Therequirementcallsforsomeformofauthentication
ofthecallingpartybeforecompletingtheconnectiontotheBESCyberSystem.Someexamples
ofacceptablemethodsincludedialbackmodems,modemsthatmustberemotelyenabledor
poweredup,andmodemsthatareonlypoweredonbyonsitepersonnelwhenneededalong
withpolicythatstatestheyaredisabledafteruse.Ifthedialupconnectivityisusedfor
InteractiveRemoteAccess,thenRequirementR2alsoapplies.
ThestandardaddsarequirementtodetectmaliciouscommunicationsforControlCenters.This
isinresponsetoFERCOrderNo.706,Paragraphs496503,whereESPsarerequiredtohavetwo
distinctsecuritymeasuressuchthattheBESCyberSystemsdonotloseallperimeterprotection
ifonemeasurefailsorismisconfigured.TheOrdermakesclearthatthisisnotsimply
redundancyoffirewalls,thustheSDThasdecidedtoaddthesecuritymeasureofmalicious
trafficinspectionasarequirementfortheseESPs.Technologiesmeetingthisrequirement
includeIntrusionDetectionorIntrusionPreventionSystems(IDS/IPS)orotherformsofdeep
packetinspection.Thesetechnologiesgobeyondsource/destination/portrulesetsandthus
provideanotherdistinctsecuritymeasureattheESP.
RequirementR2:
SeeSecureRemoteAccessReferenceDocument(seeremoteaccessalert).
Page16of19
Rationale:
RationaleforR1:
TheElectronicSecurityPerimeter(ESP)servestocontroltrafficattheexternalelectronic
boundaryoftheBESCyberSystem.Itprovidesafirstlayerofdefensefornetworkbased
attacksasitlimitsreconnaissanceoftargets,restrictsandprohibitstraffictoaspecifiedrule
set,andassistsincontaininganysuccessfulattacks.
SummaryofChanges:CIP005,RequirementR1hastakenmoreofafocusonthediscrete
ElectronicAccessPoints,ratherthanthelogicalperimeter.
CIP005(V1throughV4),RequirementR1.2hasbeendeletedfromV5.Thisrequirementwas
definitionalinnatureandusedtobringdialupmodemsusingnonroutableprotocolsintothe
scopeofCIP005.ThenonroutableprotocolexclusionnolongerexistsasablanketCIP002
filterforapplicabilityinV5,thereforethereisnoneedforthisrequirement.
CIP005(V1throughV4),RequirementR1.1andR1.3werealsodefinitionalinnatureandhave
beendeletedfromV5asseparaterequirementsbuttheconceptswereintegratedintothe
definitionsofESPandElectronicAccessPoint(EAP).
ExplicitlyclarifiesthatBESCyberAssetsconnectedviaroutableprotocolmustbeinanElectronic
SecurityPerimeter.
ChangedtorefertothedefinedtermElectronicAccessPointandBESCyberSystem.
ChangedtorefertothedefinedtermElectronicAccessPointandtofocusontheentityknowing
andhavingareasonforwhatitallowsthroughtheEAPinbothinboundandoutbound
directions.
AddedclarificationthatdialupconnectivityshouldperformauthenticationsothattheBES
CyberSystemisnotdirectlyaccessiblewithaphonenumberonly.
Page17of19
PerFERCOrderNo.706,Paragraphs496503,ESPsneedtwodistinctsecuritymeasuressuch
thattheCyberAssetsdonotloseallperimeterprotectionifonemeasurefailsoris
misconfigured.TheOrdermakesclearthisisnotsimpleredundancyoffirewalls,thustheSDT
hasdecidedtoaddthesecuritymeasureofmalicioustrafficinspectionasarequirementfor
theseESPs.
RationaleforR2:
RegisteredEntitiesuseInteractiveRemoteAccesstoaccessCyberAssetstosupportand
maintaincontrolsystemsnetworks.Discoveryandannouncementofvulnerabilitiesforremote
accessmethodsandtechnologies,thatwerepreviouslythoughtsecureandinusebyanumber
ofelectricsectorentities,necessitatechangestoindustrysecuritycontrolstandards.Currently,
norequirementsareineffectformanagementofsecureremoteaccesstoCyberAssetstobe
affordedtheNERCCIPprotectivemeasures.Inadequatesafeguardsforremoteaccesscan
allowunauthorizedaccesstotheorganizationsnetwork,withpotentiallyserious
consequences.AdditionalinformationisprovidedinGuidanceforSecureInteractiveRemote
AccesspublishedbyNERCinJuly2011.
Remoteaccesscontrolproceduresmustprovideadequatesafeguardsthroughrobust
identification,authenticationandencryptiontechniques.Remoteaccesstotheorganizations
networkandresourceswillonlybepermittedprovidingthatauthorizedusersare
authenticated,dataisencryptedacrossthenetwork,andprivilegesarerestricted.
TheIntermediateSystemservesasaproxyfortheremoteuser.Ratherthanallowingallthe
protocolstheusermightneedtoaccessCyberAssetsinsidetheElectronicSecurityPerimeterto
traversefromtheElectronicSecurityPerimetertotheremotecomputer,onlytheprotocol
requiredforremotelycontrollingthejumphostisrequired.Thisallowsthefirewallrulestobe
muchmorerestrictivethaniftheremotecomputerwasallowedtoconnecttoCyberAssets
withintheElectronicSecurityPerimeterdirectly.TheuseofanIntermediateSystemalso
protectstheCyberAssetfromvulnerabilitiesontheremotecomputer.
Theuseofmultifactorauthenticationprovidesanaddedlayerofsecurity.Passwordscanbe
guessed,stolen,hijacked,found,orgivenaway.Theyaresubjecttoautomatedattacks
includingbruteforceattacks,inwhichpossiblepasswordsaretrieduntilthepasswordisfound,
ordictionaryattacks,wherewordsandwordcombinationsaretestedaspossiblepasswords.
ButifapasswordorPINmustbesuppliedalongwithaonetimepasswordsuppliedbyatoken,
afingerprint,orsomeotherfactor,thepasswordisofnovalueunlesstheotherfactor(s)used
forauthenticationareacquiredalongwithit.
Page18of19
Encryptionisusedtoprotectthedatathatissentbetweentheremotecomputerandthe
IntermediateSystem.Dataencryptionisimportantforanyonewhowantsorneedssecuredata
transfer.Encryptionisneededwhenthereisariskofunauthorizedinterceptionof
transmissionsonthecommunicationslink.ThisisespeciallyimportantwhenusingtheInternet
asthecommunicationmeans.
SummaryofChanges:ThisisanewrequirementtocontinuetheeffortsoftheUrgentAction
teamforProject201015:ExpeditedRevisionstoCIP0053.
ThisisanewrequirementtocontinuetheeffortsoftheUrgentActionteamforProject201015:
ExpeditedRevisionstoCIP0053.
ExpeditedRevisionstoCIP0053.Thepurposeofthispartistoprotecttheconfidentialityand
integrityofeachInteractiveRemoteAccesssession.
ExpeditedRevisionstoCIP0053.Themultifactorauthenticationmethodsarealsothesameas
thoseidentifiedintheHomelandSecurityPresidentialDirective12(HSPD12),issuedAugust12,
2007.
Page19of19
Version History

1 1/16/06
R3.2ChangeControlCenterto
controlcenter.
3/24/06
2 9/30/09 Modificationstoclarifythe
judgment.
responsibleentity.
Trustees.
Update
Trustees.
Update
Trustees.
Modifiedto
coordinatewith
otherCIP
standardsandto
reviseformatto
useRBS
Template.

Standard CIP-006-3c Cyber Security Physical Security

1

A. Introduction
1. Title: Cyber Security Physical Security of Critical Cyber Assets
2. Number: CIP-006-3c
3. Purpose: Standard CIP-006-3 is intended to ensure the implementation of a physical
security program for the protection of Critical Cyber Assets. Standard CIP-006-3 should be
4. Applicability:
4.1.3 Interchange Authority
4.1.4 Transmission Service Provider
4.1.9 Load Serving Entity
4.1.10 NERC
they have no Critical Cyber Assets
5. Effective Date: The first day of the third calendar quarter after applicable regulatory
day of the third calendar quarter after BOT adoption in those jurisdictions where regulatory
B. Requirements
R1. Physical Security Plan The Responsible Entity shall document, implement, and maintain a
physical security plan, approved by the senior manager or delegate(s) that shall address, at a
minimum, the following:
R1.1. All Cyber Assets within an Electronic Security Perimeter shall reside within an
identified Physical Security Perimeter. Where a completely enclosed (six-wall)
border cannot be established, the Responsible Entity shall deploy and document
alternative measures to control physical access to such Cyber Assets.
2

R1.2. Identification of all physical access points through each Physical Security Perimeter
and measures to control entry at those access points.
R1.3. Processes, tools, and procedures to monitor physical access to the perimeter(s).
R1.4. Appropriate use of physical access controls as described in Requirement R4
including visitor pass management, response to loss, and prohibition of inappropriate
use of physical access controls.
R1.5. Review of access authorization requests and revocation of access authorization, in
accordance with CIP-004-3 Requirement R4.
R1.6. A visitor control program for visitors (personnel without authorized unescorted
access to a Physical Security Perimeter), containing at a minimum the following:
R1.6.1. Logs (manual or automated) to document the entry and exit of visitors,
including the date and time, to and from Physical Security Perimeters.
R1.6.2. Continuous escorted access of visitors within the Physical Security
Perimeter.
R1.7. Update of the physical security plan within thirty calendar days of the completion of
any physical security system redesign or reconfiguration, including, but not limited
to, addition or removal of access points through the Physical Security Perimeter,
physical access controls, monitoring controls, or logging controls.
R1.8. Annual review of the physical security plan.
R2. Protection of Physical Access Control Systems Cyber Assets that authorize and/or log
access to the Physical Security Perimeter(s), exclusive of hardware at the Physical Security
Perimeter access point such as electronic lock control mechanisms and badge readers, shall:
R2.1. Be protected from unauthorized physical access.
R2.2. Be afforded the protective measures specified in Standard CIP-003-3; Standard CIP-
004-3 Requirement R3; Standard CIP-005-3 Requirements R2 and R3; Standard CIP-
006-3 Requirements R4 and R5; Standard CIP-007-3; Standard CIP-008-3; and
Standard CIP-009-3.
R3. Protection of Electronic Access Control Systems Cyber Assets used in the access control
and/or monitoring of the Electronic Security Perimeter(s) shall reside within an identified
Physical Security Perimeter.
R4. Physical Access Controls The Responsible Entity shall document and implement the
operational and procedural controls to manage physical access at all access points to the
Physical Security Perimeter(s) twenty-four hours a day, seven days a week. The Responsible
Entity shall implement one or more of the following physical access methods:
Card Key: A means of electronic access where the access rights of the card holder are
predefined in a computer database. Access rights may differ from one perimeter to
another.
Special Locks: These include, but are not limited to, locks with restricted key systems,
magnetic locks that can be operated remotely, and man-trap systems.
Security Personnel: Personnel responsible for controlling physical access who may reside
on-site or at a monitoring station.
Other Authentication Devices: Biometric, keypad, token, or other equivalent devices that
control physical access to the Critical Cyber Assets.
3

R5. Monitoring Physical Access The Responsible Entity shall document and implement the
technical and procedural controls for monitoring physical access at all access points to the
Physical Security Perimeter(s) twenty-four hours a day, seven days a week. Unauthorized
access attempts shall be reviewed immediately and handled in accordance with the procedures
specified in Requirement CIP-008-3. One or more of the following monitoring methods shall
be used:
Alarm Systems: Systems that alarm to indicate a door, gate or window has been opened
without authorization. These alarms must provide for immediate notification to personnel
responsible for response.
Human Observation of Access Points: Monitoring of physical access points by authorized
personnel as specified in Requirement R4.
R6. Logging Physical Access Logging shall record sufficient information to uniquely identify
individuals and the time of access twenty-four hours a day, seven days a week. The
Responsible Entity shall implement and document the technical and procedural mechanisms
for logging physical entry at all access points to the Physical Security Perimeter(s) using one or
more of the following logging methods or their equivalent:
Computerized Logging: Electronic logs produced by the Responsible Entitys selected
access control and monitoring method.
Video Recording: Electronic capture of video images of sufficient quality to determine
identity.
Manual Logging: A log book or sign-in sheet, or other record of physical access
maintained by security or other personnel authorized to control and monitor physical
access as specified in Requirement R4.
R7. Access Log Retention The Responsible Entity shall retain physical access logs for at least
ninety calendar days. Logs related to reportable incidents shall be kept in accordance with the
R8. Maintenance and Testing The Responsible Entity shall implement a maintenance and testing
program to ensure that all physical security systems under Requirements R4, R5, and R6
function properly. The program must include, at a minimum, the following:
R8.1. Testing and maintenance of all physical security mechanisms on a cycle no longer
than three years.
R8.2. Retention of testing and maintenance records for the cycle determined by the
Responsible Entity in Requirement R8.1.
R8.3. Retention of outage records regarding access controls, logging, and monitoring for a
minimum of one calendar year.
C. Measures
M1. The Responsible Entity shall make available the physical security plan as specified in
Requirement R1 and documentation of the implementation, review and updating of the plan.
M2. The Responsible Entity shall make available documentation that the physical access control
systems are protected as specified in Requirement R2.
M3. The Responsible Entity shall make available documentation that the electronic access control
systems are located within an identified Physical Security Perimeter as specified in
Requirement R3.
4

M4. The Responsible Entity shall make available documentation identifying the methods for
controlling physical access to each access point of a Physical Security Perimeter as specified in
Requirement R4.
monitoring physical access as specified in Requirement R5.
logging physical access as specified in Requirement R6.
M7. The Responsible Entity shall make available documentation to show retention of access logs as
M8. The Responsible Entity shall make available documentation to show its implementation of a
physical security system maintenance and testing program as specified in Requirement R8.
D. Compliance
1.1.2 ERO for Regional Entities.
Not applicable.
Compliance Audits
Self-Certifications
Spot Checking
Self-Reporting
Complaints
1.4. Data Retention
1.4.1 The Responsible Entity shall keep documents other than those specified in
Requirements R7 and R8.2 from the previous full calendar year unless directed
by its Compliance Enforcement Authority to retain specific evidence for a longer
period of time as part of an investigation.
1.5.1 The Responsible Entity may not make exceptions in its cyber security policy to
the creation, documentation, or maintenance of a physical security plan.
5

1.5.2 For dial-up accessible Critical Cyber Assets that use non-routable protocols, the
Responsible Entity shall not be required to comply with Standard CIP-006-3 for
that single access point at the dial-up device.
2. Violation Severity Levels (Under development by the CIP VSL Drafting Team)
None identified.
Version History
1 May 2, 2006 Adopted by NERC Board of Trustees
1 J anuary 18,
2008
FERC Order issued approving CIP-006-1
February 12,
2008
Interpretation of R1 and Additional Compliance Information
Section 1.4.4 adopted by NERC Board of Trustees
Project 2007-27

Modifications to remove extraneous information from the
requirements, improve readability, and to bring the compliance
elements into conformance with the latest guidelines for
developing compliance elements of standards.
Project 2008-06
August 5,
2009
Interpretation of R4 adopted by NERC Board of Trustees Project 2008-15
2 September
30, 2009
3 November
18, 2009
Updated version number from -2 to -3

Revised Requirement 1.6 to add a Visitor Control program
component to the Physical Security Plan, in response to FERC
order issued September 30, 2009. In Requirement R7, the term
Responsible Entity was capitalized. Updated Requirements
R1.6.1 and R1.6.2 to be responsive to FERC Order RD09-7
Project 2009-21
3 December
16, 2009
Adopted by NERC Board of Trustees
February 16,
2010
Interpretation of R1 and R1.1 adopted by NERC Board of
Trustees
Project 2009-13
3 March 31,
2010
2a/3a J uly 15, 2010 FERC Order issued approving the Interpretation of R1 and
R1.1.

6

Updated version numbers from -2/-3 to -2a/-3a.
4 J anuary 24,
2011
3c/4c May 19,
2011
FERC Order issued approving two interpretations: 1)
Interpretation of R1 and Additional Compliance Information
Section 1.4.4; and 2) Interpretation of R4.

Updated version number from -3/-4 to -3c/-4c.

7

Appendix 1
R1. Physical Security Plan The Responsible Entity shall create and maintain a physical security
plan, approved by a senior manager or delegate(s) that shall address, at a minimum, the following:
R1.1. Processes to ensure and document that all Cyber Assets within an Electronic Security
Perimeter also reside within an identified Physical Security Perimeter. Where a completely
enclosed (six-wall) border cannot be established, the Responsible Entity shall deploy and
document alternative measures to control physical access to the Critical Cyber Assets.
Question
If a completely enclosed border cannot be created, what does the phrase, to control physical access"
require? Must the alternative measure be physical in nature? If so, must the physical barrier literally
prevent physical access e.g. using concrete encased fiber, or can the alternative measure effectively
mitigate the risks associated with physical access through cameras, motions sensors, or encryption?

Does this requirement preclude the application of logical controls as an alternative measure in
mitigating the risks of physical access to Critical Cyber Assets?
Response
For Electronic Security Perimeter wiring external to a Physical Security Perimeter, the drafting team
interprets the Requirement R1.1 as not limited to measures that are physical in nature. The
alternative measures may be physical or logical, on the condition that they provide security equivalent
or better to a completely enclosed (six-wall) border. Alternative physical control measures may
include, but are not limited to, multiple physical access control layers within a non-public, controlled
space. Alternative logical control measures may include, but are not limited to, data encryption and/or
circuit monitoring to detect unauthorized access or physical tampering.

8

Appendix 2
Interpretation of Requirement R1.1.
Request: Are dial-up RTUs that use non-routable protocols and have dial-up access required to have a six-wall
perimeters or are they exempted from CIP-006-1 and required to have only electronic security perimeters? This has
a direct impact on how any identified RTUs will be physically secured.
Interpretation:
Dial-up assets are Critical Cyber Assets, assuming they meet the criteria in CIP-002-1, and they must
reside within an Electronic Security Perimeter. However, physical security control over a critical cyber
asset is not required if that asset does not have a routable protocol. Since there is minimal risk of
compromising other critical cyber assets dial-up devices such as Remote Terminals Units that do not use
routable protocols are not required to be enclosed within a six-wall border.
CIP-006-1 Requirement 1.1 requires a Responsible Entity to have a physical security plan that
stipulate cyber assets that are within the Electronic Security Perimeter also be within a Physical Security
Perimeter.

CIP-006-1 Additional Compliance Information 1.4.4 identifies dial-up accessible assets that use
non-routable protocols as a special class of cyber assets that are not subject to the Physical Security
Perimeter requirement of this standard.

R1. Physical Security Plan The Responsible Entity shall create and maintain a physical
security plan, approved by a senior manager or delegate(s) that shall address, at a
R1.1. Processes to ensure and document that all Cyber Assets within an Electronic
Security Perimeter also reside within an identified Physical Security Perimeter.
Where a completely enclosed (six-wall) border cannot be established, the
Responsible Entity shall deploy and document alternative measures to control
physical access to the Critical Cyber Assets.
Responsible Entity shall not be required to comply with Standard CIP-006 for that
single access point at the dial-up device.
9

Appendix 3

The following interpretation of CIP-006-1a Cyber Security Physical Security of Critical Cyber
Assets, Requirement R4 was developed by the standard drafting team assigned to Project 2008-14 (Cyber
Security Violation Severity Levels) on October 23, 2008.
Request:
1. For physical access control to cyber assets, does this include monitoring when an individual
leaves the controlled access cyber area?
2. Does the term, time of access mean logging when the person entered the facility or does it
mean logging the entry/exit time and length of time the person had access to the critical asset?
Interpretation:
No, monitoring and logging of access are only required for ingress at this time. The term time of access
refers to the time an authorized individual enters the physical security perimeter.


R4. Logging Physical Access Logging shall record sufficient information to uniquely
identify individuals and the time of access twenty-four hours a day, seven days a week.
The Responsible Entity shall implement and document the technical and procedural
mechanisms for logging physical entry at all access points to the Physical Security
Perimeter(s) using one or more of the following logging methods or their equivalent:
R4.1. Computerized Logging: Electronic logs produced by the Responsible Entitys
selected access control and monitoring method.
R4.2. Video Recording: Electronic capture of video images of sufficient quality to
determine identity.
R4.3. Manual Logging: A log book or sign-in sheet, or other record of physical access
maintained by security or other personnel authorized to control and monitor
physical access as specified in Requirement R2.3.
1

A. Introduction
1. Title: Cyber Security Physical Security of Critical Cyber Assets
2. Number: CIP-006-4c
3. Purpose: Standard CIP-006-4c is intended to ensure the implementation of a physical
security program for the protection of Critical Cyber Assets. Standard CIP-006-4c should be
4. Applicability:
4.1. Within the text of Standard CIP-006-4c, Responsible Entity shall mean:
4.1.10 NERC
4.2. The following are exempt from Standard CIP-006-4c:
they have no Critical Cyber Assets
B. Requirements
R1. Physical Security Plan The Responsible Entity shall document, implement, and maintain a
physical security plan, approved by the senior manager or delegate(s) that shall address, at a
R1.1. All Cyber Assets within an Electronic Security Perimeter shall reside within an
identified Physical Security Perimeter. Where a completely enclosed (six-wall)
border cannot be established, the Responsible Entity shall deploy and document
alternative measures to control physical access to such Cyber Assets.
2

R1.2. Identification of all physical access points through each Physical Security Perimeter
and measures to control entry at those access points.
R1.3. Processes, tools, and procedures to monitor physical access to the perimeter(s).
R1.4. Appropriate use of physical access controls as described in Requirement R4
including visitor pass management, response to loss, and prohibition of inappropriate
use of physical access controls.
R1.5. Review of access authorization requests and revocation of access authorization, in
accordance with CIP-004-4 Requirement R4.
R1.6. A visitor control program for visitors (personnel without authorized unescorted
access to a Physical Security Perimeter), containing at a minimum the following:
R1.6.1. Logs (manual or automated) to document the entry and exit of visitors,
including the date and time, to and from Physical Security Perimeters.
R1.6.2. Continuous escorted access of visitors within the Physical Security
Perimeter.
R1.7. Update of the physical security plan within thirty calendar days of the completion of
any physical security system redesign or reconfiguration, including, but not limited
to, addition or removal of access points through the Physical Security Perimeter,
physical access controls, monitoring controls, or logging controls.
R1.8. Annual review of the physical security plan.
R2. Protection of Physical Access Control Systems Cyber Assets that authorize and/or log
access to the Physical Security Perimeter(s), exclusive of hardware at the Physical Security
Perimeter access point such as electronic lock control mechanisms and badge readers, shall:
R2.1. Be protected from unauthorized physical access.
R2.2. Be afforded the protective measures specified in Standard CIP-003-4; Standard CIP-
004-4 Requirement R3; Standard CIP-005-4a Requirements R2 and R3; Standard CIP-
006-4c Requirements R4 and R5; Standard CIP-007-4; Standard CIP-008-4; and
Standard CIP-009-4.
R3. Protection of Electronic Access Control Systems Cyber Assets used in the access control
and/or monitoring of the Electronic Security Perimeter(s) shall reside within an identified
R4. Physical Access Controls The Responsible Entity shall document and implement the
operational and procedural controls to manage physical access at all access points to the
Physical Security Perimeter(s) twenty-four hours a day, seven days a week. The Responsible
Entity shall implement one or more of the following physical access methods:
Card Key: A means of electronic access where the access rights of the card holder are
predefined in a computer database. Access rights may differ from one perimeter to
another.
Special Locks: These include, but are not limited to, locks with restricted key systems,
magnetic locks that can be operated remotely, and man-trap systems.
Security Personnel: Personnel responsible for controlling physical access who may reside
on-site or at a monitoring station.
Other Authentication Devices: Biometric, keypad, token, or other equivalent devices that
control physical access to the Critical Cyber Assets.
3

R5. Monitoring Physical Access The Responsible Entity shall document and implement the
technical and procedural controls for monitoring physical access at all access points to the
Physical Security Perimeter(s) twenty-four hours a day, seven days a week. Unauthorized
access attempts shall be reviewed immediately and handled in accordance with the procedures
specified in Requirement CIP-008-4. One or more of the following monitoring methods shall
be used:
Alarm Systems: Systems that alarm to indicate a door, gate or window has been opened
without authorization. These alarms must provide for immediate notification to personnel
responsible for response.
Human Observation of Access Points: Monitoring of physical access points by authorized
personnel as specified in Requirement R4.
R6. Logging Physical Access Logging shall record sufficient information to uniquely identify
individuals and the time of access twenty-four hours a day, seven days a week. The
Responsible Entity shall implement and document the technical and procedural mechanisms
for logging physical entry at all access points to the Physical Security Perimeter(s) using one or
more of the following logging methods or their equivalent:
Computerized Logging: Electronic logs produced by the Responsible Entitys selected
access control and monitoring method.
Video Recording: Electronic capture of video images of sufficient quality to determine
identity.
Manual Logging: A log book or sign-in sheet, or other record of physical access
maintained by security or other personnel authorized to control and monitor physical
access as specified in Requirement R4.
R7. Access Log Retention The Responsible Entity shall retain physical access logs for at least
ninety calendar days. Logs related to reportable incidents shall be kept in accordance with the
R8. Maintenance and Testing The Responsible Entity shall implement a maintenance and testing
program to ensure that all physical security systems under Requirements R4, R5, and R6
function properly. The program must include, at a minimum, the following:
R8.1. Testing and maintenance of all physical security mechanisms on a cycle no longer
than three years.
R8.2. Retention of testing and maintenance records for the cycle determined by the
Responsible Entity in Requirement R8.1.
R8.3. Retention of outage records regarding access controls, logging, and monitoring for a
minimum of one calendar year.
C. Measures
M1. The Responsible Entity shall make available the physical security plan as specified in
Requirement R1 and documentation of the implementation, review and updating of the plan.
M2. The Responsible Entity shall make available documentation that the physical access control
systems are protected as specified in Requirement R2.
M3. The Responsible Entity shall make available documentation that the electronic access control
systems are located within an identified Physical Security Perimeter as specified in
Requirement R3.
4

controlling physical access to each access point of a Physical Security Perimeter as specified in
Requirement R4.
monitoring physical access as specified in Requirement R5.
logging physical access as specified in Requirement R6.
M7. The Responsible Entity shall make available documentation to show retention of access logs as
M8. The Responsible Entity shall make available documentation to show its implementation of a
physical security system maintenance and testing program as specified in Requirement R8.

5

D. Compliance
1.2.1 For entities that do not work for the Regional Entity, the Regional Entity shall serve as the Compliance Enforcement Authority.
1.2.2 For Reliability Coordinators and other functional entities that work for their Regional Entity, the ERO shall serve as the Compliance
1.2.3 For Responsible Entities that are also Regional Entities, the ERO or a Regional Entity approved by the ERO and FERC or other applicable
governmental authorities shall serve as the Compliance Enforcement Authority.
1.2.4 For the ERO, a third-party monitor without vested interest in the outcome for the ERO shall serve as the Compliance Enforcement
Authority.
Compliance Audits
Self-Certifications
Spot Checking
Self-Reporting
Complaints
1.4. Data Retention
1.4.1 The Responsible Entity shall keep documents other than those specified in Requirements R7 and R8.2 fromthe previous full calendar year
unless directed by its Compliance Enforcement Authority to retain specific evidence for a longer period of time as part of an investigation.
1.5.1 The Responsible Entity may not make exceptions in its cyber security policy to the creation, documentation, or maintenance of a physical
security plan.
6

1.5.2 For dial-up accessible Critical Cyber Assets that use non-routable protocols, the Responsible Entity shall not be required to comply with
Standard CIP-006-4c for that single access point at the dial-up device.

R1. MEDIUM N/A N/A
TheResponsibleEntity created aphysical security plan but
did not gain approval by asenior manager or delegate(s).

OR

TheResponsibleEntity created and implemented but did not
maintain aphysical security plan.
TheResponsibleEntity did not document, implement, and
maintain aphysical security plan.
R1.1. MEDIUM N/A
Whereacompletely enclosed
(six-wall) border cannot be
established, theResponsible
Entity has deployed but not
documented alternative
measures to control physical
access to such Cyber Assets
within theElectronic Security
Perimeter.
Whereacompletely enclosed (six-wall) border cannot be
established, theResponsibleEntity has not deployed
alternativemeasures to control physical access to such
Cyber Assets within theElectronic Security Perimeter.
TheResponsibleEntity's physical security plan does not include
processes to ensureand document that all Cyber Assets within
an Electronic Security Perimeter also residewithin an identified

OR

Whereacompletely enclosed (six-wall) border cannot be
established, theResponsibleEntity has not deployed and
documented alternativemeasures to control physical to such
Cyber Assets within theElectronic Security Perimeter.
R1.2. MEDIUM N/A
TheResponsibleEntity's
physical security plan includes
measures to control entry at
access points but does not
identify all access points through
each Physical Security
Perimeter.
TheResponsibleEntity's physical security identifies all
access points through each Physical Security Perimeter but
does not identify measures to control entry at thoseaccess
points.
TheResponsibleEntity's physical security plan does not identify
all access points through each Physical Security Perimeter nor
measures to control entry at thoseaccess points.
R1.3 MEDIUM N/A N/A N/A TheResponsibleEntity's physical security plan does not include
processes, tools, and procedures to monitor physical access to
theperimeter(s).
7

R1.4 MEDIUM N/A N/A N/A
TheResponsibleEntity's physical security plan does not address
theappropriateuseof physical access controls as described in
Requirement R4.
R1.5 MEDIUM N/A N/A
TheResponsibleEntity's physical security plan does not
address either theprocess for reviewing access authorization
requests or theprocess for revocation of access
authorization, in accordancewith CIP-004-4 Requirement
R4.
theprocess for reviewing access authorization requests and the
process for revocation of access authorization, in accordance
with CIP-004-4 Requirement R4.
R1.6 MEDIUM
TheresponsibleEntity
included avisitor control
programin its physical
security plan, but either
did not log thevisitor
entranceor did not log
thevisitor exit fromthe
Physical Security
Perimeter.
TheresponsibleEntity included
avisitor control programin its
physical security plan, but either
did not log thevisitor or did not
log theescort.
TheresponsibleEntity included avisitor control programin
its physical security plan, but it does not meet the
requirements of continuous escort.
TheResponsibleEntity did not includeor implement avisitor
control programin its physical security plan.
R1.6.1 MEDIUM N/A N/A N/A N/A
R1.6.2 MEDIUM N/A N/A N/A N/A
R1.7 LOWER N/A N/A
TheResponsibleEntity's physical security plan addresses a
process for updating thephysical security plan within thirty
calendar days of thecompletion of any physical security
systemredesign or reconfiguration but theplan was not
updated within thirty calendar days of thecompletion of a
physical security systemredesign or reconfiguration.
aprocess for updating thephysical security plan within thirty
calendar days of thecompletion of aphysical security system
redesign or reconfiguration.
R1.8 LOWER N/A N/A N/A
TheResponsibleEntity's physical Security plan does not address
aprocess for ensuring that thephysical security plan is reviewed
at least annually.
R2 MEDIUM
A Cyber Asset that
authorizes and/or logs
access to thePhysical
Security Perimeter(s),
exclusiveof hardwareat
thePhysical Security
Perimeter access point
such as electronic lock
control mechanisms and
badgereaders was
provided with all but one
A Cyber Asset that authorizes
and/or logs access to the
Physical Security Perimeter(s),
exclusiveof hardwareat the
Physical Security Perimeter
access point such as electronic
lock control mechanisms and
badgereaders was provided with
all but two (2) of theprotective
measures specified in Standard
CIP-003-4; Standard CIP-004-4
A Cyber Asset that authorizes and/or logs access to the
Physical Security Perimeter(s), exclusiveof hardwareat the
Physical Security Perimeter access point such as electronic
lock control mechanisms and badgereaders was provided
with all but three(3) of theprotectivemeasures specified in
Standard CIP-003-4; Standard CIP-004-4 Requirement R3;
Standard CIP-005-4 Requirements R2 and R3; Standard
CIP-006-4 Requirements R4 and R5; Standard CIP-007-4;
Standard CIP-008-4; and Standard CIP-009-4.
A Cyber Asset that authorizes and/or logs access to thePhysical
Security Perimeter(s), exclusiveof hardwareat thePhysical
Security Perimeter access point such as electronic lock control
mechanisms and badgereaders, was not protected from
unauthorized physical access.

OR

8

(1) of theprotective
measures specified in
Standard CIP-003-4;
Standard CIP-004-4
Requirement R3;
Standard CIP-005-4
Standard CIP-006-4
Standard CIP-007-4;
Standard CIP-008-4; and
Standard CIP- 009-4.
Requirement R3; Standard CIP-
005-4 Requirements R2 and R3;
Standard CIP-006-4
Standard CIP-007-4; Standard
CIP-008-4; and Standard CIP-
009-4.
A Cyber Asset that authorizes and/or logs access to thePhysical
Security Perimeter(s), exclusiveof hardwareat thePhysical
Security Perimeter access point such as electronic lock control
mechanisms and badgereaders was provided without four (4) or
moreof theprotectivemeasures specified in Standard CIP-003-
4; Standard CIP-004-4 Requirement R3; Standard CIP-005-4
Requirements R2 and R3; Standard CIP-006-4 Requirements R4
and R5; Standard CIP-007-4; Standard CIP-008-4; and Standard
CIP-009-4.
R3 MEDIUM N/A N/A N/A
A Cyber Assets used in theaccess control and/or monitoring of
theElectronic Security Perimeter(s) did not residewithin an
identified Physical Security Perimeter.
R4 MEDIUM N/A
TheResponsibleEntity has
implemented but not
documented theoperational and
procedural controls to manage
physical access at all access
points to thePhysical Security
Perimeter(s) twenty-four hours a
day, seven days aweek using
oneor moreof thefollowing
physical access methods:
Card Key: A means of
electronic access wherethe
access rights of thecard holder
arepredefined in acomputer
database. Access rights may
differ fromoneperimeter to
another.
Special Locks: Theseinclude,
but arenot limited to, locks with
restricted key systems,
magnetic locks that can be
operated remotely, and man-
trap systems.
TheResponsibleEntity has documented but not
implemented theoperational and procedural controls to
managephysical access at all access points to thePhysical
Security Perimeter(s) twenty-four hours aday, seven days a
week using oneor moreof thefollowing physical access
methods:
Card Key: A means of electronic access wheretheaccess
rights of thecard holder arepredefined in acomputer
database. Access rights may differ fromoneperimeter to
another.
Special Locks: Theseinclude, but arenot limited to, locks
with restricted key systems, magnetic locks that can be
operated remotely, and man-trap systems.
Security Personnel: Personnel responsiblefor controlling
physical access who may resideon-siteor at amonitoring
station. Other Authentication Devices:
Biometric, keypad, token, or other equivalent devices that
control physical access to theCritical Cyber Assets.
TheResponsibleEntity has not documented nor implemented
theoperational and procedural controls to managephysical
access at all access points to thePhysical Security Perimeter(s)
twenty-four hours aday, seven days aweek using oneor moreof
thefollowing physical access methods:
Card Key: A means of electronic access wheretheaccess rights
of thecard holder arepredefined in acomputer database. Access
rights may differ fromoneperimeter to another.
Special Locks: Theseinclude, but arenot limited to, locks with
restricted key systems, magnetic locks that can beoperated
remotely, and man-trap systems.
Security Personnel: Personnel responsiblefor controlling
physical access who may resideon-siteor at amonitoring
station.
Other Authentication Devices:
Biometric, keypad, token, or other equivalent devices that
control physical access to theCritical Cyber Assets..
9

Security Personnel: Personnel
responsiblefor controlling
physical access who may reside
on-siteor at amonitoring
station. Other Authentication
Devices:
Biometric, keypad, token, or
other equivalent devices that
control physical access to the
R5 MEDIUM N/A
implemented but not
documentedthetechnical and
procedural controls for
monitoring physical access at all
access points to thePhysical
Security Perimeter(s) twenty-
four hours aday, seven days a
week using oneor moreof the
following monitoring methods:
AlarmSystems: Systems that
alarmto indicateadoor, gateor
window has been opened
without authorization. These
alarms must providefor
immediatenotification to
personnel responsiblefor
response.
Human Observation of Access
Points: Monitoring of physical
access points by authorized
personnel as specified in
Requirement R4.
implementedthetechnical and procedural controls for
monitoring physical access at all access points to the
Physical Security Perimeter(s) twenty-four hours aday,
seven days aweek using oneor moreof thefollowing
monitoring methods:
AlarmSystems: Systems that alarmto indicateadoor, gate
or window has been opened without authorization. These
alarms must providefor immediatenotification to personnel
responsiblefor response.
Human Observation of Access Points: Monitoring of
physical access points by authorized personnel as specified
in Requirement R4.
TheResponsibleEntity has not documented nor implemented
thetechnical and procedural controls for monitoring physical
access at all access points to thePhysical Security Perimeter(s)
twenty-four hours aday, seven days aweek using oneor moreof
thefollowing monitoring methods:
AlarmSystems: Systems that alarmto indicateadoor, gateor
window has been opened without authorization. Thesealarms
must providefor immediatenotification to personnel responsible
for response.
Human Observation of Access Points: Monitoring of physical
access points by authorized personnel as specified in
Requirement R4.

OR

An unauthorized access attempt was not reviewed immediately
and handled in accordancewith CIP-008-4.
R6 LOWER
has implemented but not
documented thetechnical
and procedural
mechanisms for logging
physical entry at all
access points to the
Physical Security
Perimeter(s) using oneor
moreof thefollowing
logging methods or their
equivalent:
Computerized Logging:
implemented thetechnical and
logging physical entry at all
access points to thePhysical
Security Perimeter(s) using one
or moreof thefollowing logging
methods or their equivalent:
Computerized Logging:
Electronic logs produced by the
ResponsibleEntitys selected
access control and monitoring
method,
implementedthetechnical and procedural mechanisms for
logging physical entry at all access points to thePhysical
Security Perimeter(s) using oneor moreof thefollowing
logging methods or their equivalent:
Computerized Logging: Electronic logs produced by the
ResponsibleEntitys selected access control and monitoring
method,
Video Recording: Electronic captureof video images of
sufficient quality to determineidentity, or
Manual Logging: A log book or sign-in sheet, or other
record of physical access maintained by security or other
TheResponsibleEntity has not implemented nor documented
thetechnical and procedural mechanisms for logging physical
entry at all access points to thePhysical Security Perimeter(s)
using oneor moreof thefollowing logging methods or their
equivalent:
Computerized Logging: Electronic logs produced by the
ResponsibleEntitys selected access control and monitoring
method,
Video Recording: Electronic captureof video images of
sufficient quality to determineidentity, or
Manual Logging: A log book or sign-in sheet, or other record
of physical access maintained by security or other personnel
10

Electronic logs produced
by theResponsible
Entitys selected access
control and monitoring
method,
Video Recording:
Electronic captureof
video images of sufficient
quality to determine
identity, or
Manual Logging: A log
book or sign-in sheet, or
other record of physical
access maintained by
security or other
personnel authorized to
control and monitor
physical access as
specified in Requirement
R4, and has provided
logging that records
sufficient information to
uniquely identify
individuals and thetime
of access twenty-four
hours aday, seven days a
week.
Video Recording: Electronic
captureof video images of
sufficient quality to determine
identity, or
Manual Logging: A log book
or sign-in sheet, or other record
of physical access maintained by
security or other personnel
authorized to control and
monitor physical access as
specified in Requirement R4,
but has not provided logging
that records sufficient
information to uniquely identify
individuals and thetimeof
access twenty-four hours aday,
seven days aweek..
personnel authorized to control and monitor physical access
as specified in Requirement R4.
authorized to control and monitor physical access as specified in
Requirement R4.
R7 LOWER
retained physical access
logs for 75 or more
calendar days, but for less
TheResponsibleEntity retained
physical access logs for 60 or
morecalendar days, but for less
TheResponsibleEntity retained physical access logs for 45
or morecalendar days, but for less than 60 calendar days.
TheResponsibleEntity retained physical access logs for less
R8 MEDIUM
has implemented a
maintenanceand testing
programto ensurethat all
physical security systems
under Requirements R4,
R5, and R6 function
properly but theprogram
does not includeoneof
theRequirements R8.1,
R8.2, and R8.3.
implemented amaintenanceand
testing programto ensurethat all
physical security systems under
Requirements R4, R5, and R6
function properly but the
programdoes not includetwo of
theRequirements R8.1, R8.2,
and R8.3.
TheResponsibleEntity has implemented amaintenanceand
testing programto ensurethat all physical security systems
under Requirements R4, R5, and R6 function properly but
theprogramdoes not includeany of theRequirements R8.1,
R8.2, and R8.3.
TheResponsibleEntity has not implemented amaintenanceand
testing programto ensurethat all physical security systems under
Requirements R4, R5, and R6 function properly.
R8.1 MEDIUM N/A N/A N/A N/A
11

None identified.
R8.2 LOWER N/A N/A N/A N/A
R8.3 LOWER N/A N/A N/A N/A
12

Version History
1 J anuary 18,
2008
February 12,
2008
Interpretation of R1 and Additional Compliance
Information Section 1.4.4 adopted by NERC Board of
Trustees
Project 2007-27

Modifications to remove extraneous information from the
requirements, improve readability, and to bring the
compliance elements into conformance with the latest
guidelines for developing compliance elements of
standards.
Project 2008-06
August 5,
2009
Interpretation of R4 adopted by NERC Board of Trustees Project 2008-15
2 September
30, 2009
3 November
18, 2009
Updated version number from -2 to -3

Revised Requirement 1.6 to add a Visitor Control program
component to the Physical Security Plan, in response to
FERC order issued September 30, 2009. In Requirement
R7, the term Responsible Entity was capitalized.
Updated Requirements R1.6.1 and R1.6.2 to be responsive
to FERC Order RD09-7
Project 2009-21
3 December
16, 2009
February 16,
2010
Interpretation of R1 and R1.1 adopted by NERC Board of
Trustees
Project 2009-13
3 March 31,
2010
2a/3a J uly 15, 2010 FERC Order issued approving the Interpretation of R1 and
R1.1.

Updated version numbers from -2/-3 to -2a/-3a.

4 J anuary 24,
2011
3c/4c May 19,
2011
FERC Order issued approving two interpretations: 1)
Interpretation of R1 and Additional Compliance

13

Information Section 1.4.4; and 2) Interpretation of R4.

Updated version number from -3/-4 to -3c/-4c.
4c 4/19/12 FERC Order issued approving CIP-006-4c (approval


14

Appendix 1
R1. Physical Security Plan The Responsible Entity shall create and maintain a physical security
plan, approved by a senior manager or delegate(s) that shall address, at a minimum, the following:
R1.1. Processes to ensure and document that all Cyber Assets within an Electronic Security
Perimeter also reside within an identified Physical Security Perimeter. Where a completely
enclosed (six-wall) border cannot be established, the Responsible Entity shall deploy and
document alternative measures to control physical access to the Critical Cyber Assets.
Question
If a completely enclosed border cannot be created, what does the phrase, to control physical access"
require? Must the alternative measure be physical in nature? If so, must the physical barrier literally
prevent physical access e.g. using concrete encased fiber, or can the alternative measure effectively
mitigate the risks associated with physical access through cameras, motions sensors, or encryption?

Does this requirement preclude the application of logical controls as an alternative measure in
mitigating the risks of physical access to Critical Cyber Assets?
Response
For Electronic Security Perimeter wiring external to a Physical Security Perimeter, the drafting team
interprets the Requirement R1.1 as not limited to measures that are physical in nature. The
alternative measures may be physical or logical, on the condition that they provide security equivalent
or better to a completely enclosed (six-wall) border. Alternative physical control measures may
include, but are not limited to, multiple physical access control layers within a non-public, controlled
space. Alternative logical control measures may include, but are not limited to, data encryption and/or
circuit monitoring to detect unauthorized access or physical tampering.

15

Appendix 2
Interpretation of Requirement R1.1.
Request: Are dial-up RTUs that use non-routable protocols and have dial-up access required to have a six-wall
perimeters or are they exempted from CIP-006-1 and required to have only electronic security perimeters? This has
a direct impact on how any identified RTUs will be physically secured.
Interpretation:
Dial-up assets are Critical Cyber Assets, assuming they meet the criteria in CIP-002-1, and they must
reside within an Electronic Security Perimeter. However, physical security control over a critical cyber
asset is not required if that asset does not have a routable protocol. Since there is minimal risk of
compromising other critical cyber assets dial-up devices such as Remote Terminals Units that do not use
routable protocols are not required to be enclosed within a six-wall border.
CIP-006-1 Requirement 1.1 requires a Responsible Entity to have a physical security plan that
stipulate cyber assets that are within the Electronic Security Perimeter also be within a Physical Security
Perimeter.

CIP-006-1 Additional Compliance Information 1.4.4 identifies dial-up accessible assets that use
non-routable protocols as a special class of cyber assets that are not subject to the Physical Security
Perimeter requirement of this standard.

R1. Physical Security Plan The Responsible Entity shall create and maintain a physical
security plan, approved by a senior manager or delegate(s) that shall address, at a
R1.1. Processes to ensure and document that all Cyber Assets within an Electronic
Security Perimeter also reside within an identified Physical Security Perimeter.
Where a completely enclosed (six-wall) border cannot be established, the
Responsible Entity shall deploy and document alternative measures to control
physical access to the Critical Cyber Assets.
Responsible Entity shall not be required to comply with Standard CIP-006 for that
single access point at the dial-up device.
16

Appendix 3

The following interpretation of CIP-006-1a Cyber Security Physical Security of Critical Cyber
Assets, Requirement R4 was developed by the standard drafting team assigned to Project 2008-14 (Cyber
Security Violation Severity Levels) on October 23, 2008.
Request:
1. For physical access control to cyber assets, does this include monitoring when an individual
leaves the controlled access cyber area?
2. Does the term, time of access mean logging when the person entered the facility or does it
mean logging the entry/exit time and length of time the person had access to the critical asset?
Interpretation:
No, monitoring and logging of access are only required for ingress at this time. The term time of access
refers to the time an authorized individual enters the physical security perimeter.


R4. Logging Physical Access Logging shall record sufficient information to uniquely
identify individuals and the time of access twenty-four hours a day, seven days a week.
The Responsible Entity shall implement and document the technical and procedural
mechanisms for logging physical entry at all access points to the Physical Security
Perimeter(s) using one or more of the following logging methods or their equivalent:
R4.1. Computerized Logging: Electronic logs produced by the Responsible Entitys
selected access control and monitoring method.
R4.2. Video Recording: Electronic capture of video images of sufficient quality to
determine identity.
R4.3. Manual Logging: A log book or sign-in sheet, or other record of physical access
maintained by security or other personnel authorized to control and monitor
physical access as specified in Requirement R2.3.
CIP0065CyberSecurityPhysicalSecurityofBESCyberSystems
Page1of24
A. I ntroduction
1. Title: CyberSecurityPhysicalSecurityofBESCyberSystems
2. Number: CIP0065
3. Purpose: TomanagephysicalaccesstoBESCyberSystemsbyspecifyingaphysical
securityplaninsupportofprotectingBESCyberSystemsagainst
compromisethatcouldleadtomisoperationorinstabilityintheBES.
4. Applicability:
(UVLS)systemthat:
of300MWormore.
unit(s)tobestarted.
Page2of24
oftheBES:
of300MWormore.
unit(s)tobestarted.
AllBESFacilities.
Commission.
Section73.54.
Page3of24
5.EffectiveDates:
Trusteesapproval,orasotherwisemadeeffectivepursuanttothelawsapplicable
tosuchEROgovernmentalauthorities.
6.Background:
CIP0035,CIP0045,CIP0055,CIP0065,CIP0075,CIP0085,CIP0095,CIP010
1,andCIP0111requireaminimumleveloforganizational,operationaland
proceduralcontrolstomitigaterisktoBESCyberSystems.ThissuiteofCIPStandards
isreferredtoastheVersion5CIPCyberSecurityStandards.
TheSDThasincorporatedwithinthisstandardarecognitionthatcertainrequirements
shouldnotfocusonindividualinstancesoffailureasasolebasisforviolatingthe
standard.Inparticular,theSDThasincorporatedanapproachtoempowerand
enabletheindustrytoidentify,assess,andcorrectdeficienciesintheimplementation
ofcertainrequirements.Theintentistochangethebasisofaviolationinthose
requirementssothattheyarenotfocusedonwhetherthereisadeficiency,buton
identifying,assessing,andcorrectingdeficiencies.Itispresentedinthose
requirementsbymodifyingimplementasfollows:
EachResponsibleEntityshallimplement,inamannerthatidentifies,assesses,
andcorrectsdeficiencies,...
processes,buttheymustaddresstheapplicablerequirementsinthetable.The
Page4of24
documentedprocessesthemselvesarenotrequiredtoincludethe...identifies,
assesses,andcorrectsdeficiencies,..."elementsdescribedinthepreceding
paragraph,asthoseaspectsarerelatedtothemannerofimplementationofthe
documentedprocessesandcouldbeaccomplishedthroughothercontrolsor
compliancemanagementactivities.
CyberSystems.
documentationandimplementationofapplicableitemsinthedocumented
processes.Thesemeasuresservetoprovideguidancetoentitiesinacceptablerecords
ofcomplianceandshouldnotbeviewedasanallinclusivelist.
Page5of24
processes.
MediumImpactBESCyberSystemsAppliestoBESCyberSystemscategorizedas
mediumimpactaccordingtotheCIP0025identificationandcategorization
processes.
MediumImpactBESCyberSystemswithoutExternalRoutableConnectivity
OnlyappliestomediumimpactBESCyberSystemswithoutExternalRoutable
Connectivity.
ElectronicAccessControlorMonitoringSystems(EACMS)Appliestoeach
ElectronicAccessControlorMonitoringSystemassociatedwithareferencedhigh
impactBESCyberSystemormediumimpactBESCyberSystem.Examplesmay
include,butarenotlimitedto,firewalls,authenticationservers,andlog
monitoringandalertingsystems.
PhysicalAccessControlSystems(PACS)AppliestoeachPhysicalAccessControl
SystemassociatedwithareferencedhighimpactBESCyberSystemormedium
impactBESCyberSystem.
System.
LocallymountedhardwareordevicesatthePhysicalSecurityPerimeter
Appliestothelocallymountedhardwareordevices(e.g.suchasmotionsensors,
electroniclockcontrolmechanisms,andbadgereaders)ataPhysicalSecurity
PerimeterassociatedwithareferencedhighimpactBESCyberSystemormedium
impactBESCyberSystemwithExternalRoutableConnectivity,andthatdoesnot
containorstoreaccesscontrolinformationorindependentlyperformaccess
authentication.Thesehardwareanddevicesareexcludedinthedefinitionof
PhysicalAccessControlSystems.
Page6of24
documentedphysicalsecurityplansthatcollectivelyincludealloftheapplicablerequirementpartsinCIP0065TableR1
PhysicalSecurityPlan.[ViolationRiskFactor:Medium][TimeHorizon:LongTermPlanningandSameDayOperations].
M1. Evidencemustincludeeachofthedocumentedphysicalsecurityplansthatcollectivelyincludealloftheapplicable
requirementpartsinCIP0065TableR1PhysicalSecurityPlanandadditionalevidencetodemonstrateimplementation
oftheplanorplansasdescribedintheMeasurescolumnofthetable.
CIP0065TableR1PhysicalSecurityPlan
1.1 MediumImpactBESCyberSystems
withoutExternalRoutableConnectivity
PhysicalAccessControlSystems(PACS)
associatedwith:
HighImpactBESCyberSystems,
or
MediumImpactBESCyber
SystemswithExternalRoutable
Connectivity
Defineoperationalorprocedural
controlstorestrictphysicalaccess.
thatoperationalorproceduralcontrols
exist.
Page7of24
1.2 MediumImpactBESCyberSystems
andtheirassociated:
1. EACMS;and
2. PCA
Utilizeatleastonephysicalaccess
controltoallowunescortedphysical
accessintoeachapplicablePhysical
SecurityPerimetertoonlythose
individualswhohaveauthorized
unescortedphysicalaccess.
butisnotlimitedto,languageinthe
physicalsecurityplanthatdescribes
eachPhysicalSecurityPerimeterand
howunescortedphysicalaccessis
controlledbyoneormoredifferent
methodsandproofthatunescorted
physicalaccessisrestrictedtoonly
authorizedindividuals,suchasalistof
authorizedindividualsaccompaniedby
accesslogs.

Page8of24
theirassociated:
1. EACMS;and
2. PCA
Wheretechnicallyfeasible,utilizetwo
ormoredifferentphysicalaccess
controls(thisdoesnotrequiretwo
completelyindependentphysical
accesscontrolsystems)tocollectively
allowunescortedphysicalaccessinto
PhysicalSecurityPerimeterstoonly
thoseindividualswhohaveauthorized
unescortedphysicalaccess.
thePhysicalSecurityPerimetersand
howunescortedphysicalaccessis
controlledbytwoormoredifferent
methodsandproofthatunescorted
physicalaccessisrestrictedtoonly
authorizedindividuals,suchasalistof
authorizedindividualsaccompaniedby
accesslogs.

Page9of24
theirassociated:
1. EACMS;and
2. PCA
andtheirassociated:
1. EACMS;and
2. PCA
Monitorforunauthorizedaccess
throughaphysicalaccesspointintoa
PhysicalSecurityPerimeter.
controlsthatmonitorforunauthorized
accessthroughaphysicalaccesspoint
intoaPhysicalSecurityPerimeter.
Page10of24
theirassociated:
1. EACMS;and
2. PCA
andtheirassociated:
1. EACMS;and
2. PCA
Issueanalarmoralertinresponseto
detectedunauthorizedaccessthrough
aphysicalaccesspointintoaPhysical
SecurityPerimetertothepersonnel
identifiedintheBESCyberSecurity
Incidentresponseplanwithin15
minutesofdetection.
theissuanceofanalarmoralertin
responsetounauthorizedaccess
throughaphysicalaccesscontrolinto
aPhysicalSecurityPerimeterand
additionalevidencethatthealarmor
alertwasissuedandcommunicatedas
identifiedintheBESCyberSecurity
IncidentResponsePlan,suchas
manualorelectronicalarmoralert
logs,cellphoneorpagerlogs,orother
evidencethatdocumentsthatthe
alarmoralertwasgeneratedand
communicated.
1.6 PhysicalAccessControlSystems(PACS)
associatedwith:
HighImpactBESCyber
Systems,or
Connectivity
MonitoreachPhysicalAccessControl
Systemforunauthorizedphysical
accesstoaPhysicalAccessControl
System.
controlsthatmonitorforunauthorized
physicalaccesstoaPACS.
Page11of24
associatedwith:
HighImpactBESCyber
Systems,or
Connectivity
Issueanalarmoralertinresponseto
detectedunauthorizedphysicalaccess
toaPhysicalAccessControlSystemto
thepersonnelidentifiedintheBES
CyberSecurityIncidentresponseplan
within15minutesofthedetection.
theissuanceofanalarmoralertin
responsetounauthorizedphysical
accesstoPhysicalAccessControl
Systemsandadditionalevidencethat
thealarmoralertswasissuedand
communicatedasidentifiedintheBES
CyberSecurityIncidentResponsePlan,
suchasalarmoralertlogs,cellphone
orpagerlogs,orotherevidencethat
thealarmoralertwasgeneratedand
communicated.

Page12of24
theirassociated:
1. EACMS;and
2. PCA
andtheirassociated:
1. EACMS;and
2. PCA
Log(throughautomatedmeansorby
personnelwhocontrolentry)entryof
eachindividualwithauthorized
unescortedphysicalaccessintoeach
PhysicalSecurityPerimeter,with
informationtoidentifytheindividual
anddateandtimeofentry.
loggingandrecordingofphysicalentry
intoeachPhysicalSecurityPerimeter
andadditionalevidenceto
demonstratethatthislogginghas
beenimplemented,suchaslogsof
physicalaccessintoPhysicalSecurity
Perimetersthatshowtheindividual
andthedateandtimeofentryinto
PhysicalSecurityPerimeter.

Page13of24
theirassociated:
1. EACMS;and
2. PCA
andtheirassociated:
1. EACMS;and
2. PCA
Retainphysicalaccesslogsofentryof
individualswithauthorizedunescorted
physicalaccessintoeachPhysical
SecurityPerimeterforatleastninety
calendardays.
butisnotlimitedto,dated
documentationsuchaslogsofphysical
accessintoPhysicalSecurity
Perimetersthatshowthedateand
timeofentryintoPhysicalSecurity
Perimeter.

documentedvisitorcontrolprogramsthatincludeeachoftheapplicablerequirementpartsinCIP0065TableR2Visitor
ControlProgram.[ViolationRiskFactor:Medium][TimeHorizon:SameDayOperations.]
M2. Evidencemustincludeoneormoredocumentedvisitorcontrolprogramsthatcollectivelyincludeeachoftheapplicable
requirementpartsinCIP0065TableR2VisitorControlProgramandadditionalevidencetodemonstrateimplementationas
Page14of24
CIP0065TableR2VisitorControlProgram
Part
ApplicableSystems Requirements Measures
2.1
HighImpactBESCyberSystemsand
theirassociated:
1. EACMS;and
2. PCA
andtheirassociated:
1. EACMS;and
2. PCA
Requirecontinuousescortedaccessof
visitors(individualswhoareprovided
accessbutarenotauthorizedfor
unescortedphysicalaccess)within
eachPhysicalSecurityPerimeter,
exceptduringCIPExceptional
Circumstances.
butisnotlimitedto,languageina
visitorcontrolprogramthatrequires
continuousescortedaccessofvisitors
withinPhysicalSecurityPerimetersand
additionalevidencetodemonstrate
thattheprocesswasimplemented,
suchasvisitorlogs.

Page15of24
CIP-006-5 Table R2 Visitor Control Program
Part
ApplicableSystems
Requirements Measures
theirassociated:
1. EACMS;and
2. PCA
andtheirassociated:
1. EACMS;and
2. PCA
Requiremanualorautomatedlogging
ofvisitorentryintoandexitfromthe
PhysicalSecurityPerimeterthat
includesdateandtimeoftheinitial
entryandlastexit,thevisitorsname,
andthenameofanindividualpointof
contactresponsibleforthevisitor,
exceptduringCIPExceptional
Circumstances.
butisnotlimitedto,languageina
visitorcontrolprogramthatrequires
continuousescortedaccessofvisitors
withinPhysicalSecurityPerimetersand
additionalevidencetodemonstrate
thattheprocesswasimplemented,
suchasdatedvisitorlogsthatinclude
therequiredinformation.
theirassociated:
1. EACMS;and
2. PCA
andtheirassociated:
1. EACMS;and
2. PCA
Retainvisitorlogsforatleastninety
calendardays.
showinglogshavebeenretainedforat
leastninetycalendardays.

Page16of24

R3. EachResponsibleEntityshallimplementoneormoredocumentedPhysicalAccessControlSystemmaintenanceandtesting
programsthatcollectivelyincludeeachoftheapplicablerequirementpartsinCIP0065TableR3MaintenanceandTesting
Program.[ViolationRiskFactor:Lower][TimeHorizon:LongTermPlanning].
M3. EvidencemustincludeeachofthedocumentedPhysicalAccessControlSystemmaintenanceandtestingprogramsthat
collectivelyincludeeachoftheapplicablerequirementpartsinCIP0065TableR3MaintenanceandTestingProgramand
additionalevidencetodemonstrateimplementationasdescribedintheMeasurescolumnofthetable.

CIP0065TableR3PhysicalAccessControlSystemMaintenanceandTestingProgram
Part ApplicableSystems Requirement Measures
associatedwith:
HighImpactBESCyberSystems,or
Locallymountedhardwareordevices
atthePhysicalSecurityPerimeter
associatedwith:
HighImpactBESCyberSystems,or
Maintenanceandtestingofeach
PhysicalAccessControlSystemand
locallymountedhardwareordevicesat
thePhysicalSecurityPerimeteratleast
onceevery24calendarmonthsto
ensuretheyfunctionproperly.
butisnotlimitedto,amaintenance
andtestingprogramthatprovidesfor
testingeachPhysicalAccessControl
Systemandlocallymountedhardware
ordevicesassociatedwitheach
applicablePhysicalSecurityPerimeter
atleastonceevery24calendarmonths
andadditionalevidenceto
demonstratethatthistestingwas
done,suchasdatedmaintenance
records,orotherdocumentation
showingtestingandmaintenancehas
beenperformedoneachapplicable
deviceorsystematleastonceevery24
calendarmonths.

Page17of24
C. Compliance
ComplianceAudit
SelfCertification
SpotChecking
SelfReporting
Complaint
None
Page18of24
None.
E. Interpretations
None.
None.

Page19of24
standards.
General:
Whilethefocusisshiftedfromthedefinitionandmanagementofacompletelyenclosedsix
wallboundary,itisexpectedinmanyinstancesthiswillremainaprimarymechanismfor
controlling,alerting,andloggingaccesstoBESCyberSystems.Takentogether,thesecontrols
willeffectivelyconstitutethephysicalsecurityplantomanagephysicalaccesstoBESCyber
Systems.
RequirementR1:
Methodsofphysicalaccesscontrolinclude:
CardKey:Ameansofelectronicaccesswheretheaccessrightsofthecardholderare
predefinedinacomputerdatabase.Accessrightsmaydifferfromoneperimeterto
another.
SpecialLocks:Theseinclude,butarenotlimitedto,lockswithrestrictedkeysystems,
magneticlocksthatcanbeoperatedremotely,andmantrapsystems.
SecurityPersonnel:Personnelresponsibleforcontrollingphysicalaccesswhomayreside
onsiteoratamonitoringstation.
Page20of24
OtherAuthenticationDevices:Biometric,keypad,token,orotherequivalentdevicesthat
controlphysicalaccessintothePhysicalSecurityPerimeter.
Methodstomonitorphysicalaccessinclude:
AlarmSystems:Systemsthatalarmtoindicateinteriormotionorwhenadoor,gate,or
windowhasbeenopenedwithoutauthorization.Thesealarmsmustprovidefor
notificationwithin15minutestoindividualsresponsibleforresponse.
HumanObservationofAccessPoints:Monitoringofphysicalaccesspointsbysecurity
personnelwhoarealsocontrollingphysicalaccess.
Methodstologphysicalaccessinclude:
ComputerizedLogging:ElectroniclogsproducedbytheResponsibleEntitysselectedaccess
controlandalertingmethod.
VideoRecording:Electroniccaptureofvideoimagesofsufficientqualitytodetermine
identity.
ManualLogging:Alogbookorsigninsheet,orotherrecordofphysicalaccessmaintained
bysecurityorotherpersonnelauthorizedtocontrolandmonitorphysicalaccess.
TheFERCOrderNo.706,Paragraph572,directivediscussedutilizingtwoormoredifferentand
complementaryphysicalaccesscontrolstoprovidedefenseindepth.Itdoesnotrequiretwoor
morePhysicalSecurityPerimeters,nordoesitexcludetheuseoflayeredperimeters.Useof
twofactorauthenticationwouldbeacceptableatthesameentrypointsforanonlayered
singleperimeter.Forexample,asoleperimeterscontrolscouldincludeeitheracombination
ofcardkeyandpincode(somethingyouknowandsomethingyouhave),oracardkeyand
biometricscanner(somethingyouhaveandsomethingyouare),oraphysicalkeyin
combinationwithaguardmonitoredremotecameraanddoorrelease,wheretheguardhas
adequateinformationtoauthenticatethepersontheyareobservingortalkingtopriorto
permittingaccess(somethingyouhaveandsomethingyouare).Thetwofactorauthentication
couldbeimplementedusingasinglePhysicalAccessControlSystembutmorethanone
authenticationmethodmustbeutilized.Forphysicallylayeredprotection,alockedgatein
combinationwithalockedcontrolbuildingcouldbeacceptable,providednosingle
authenticator(e.g.,keyorcardkey)wouldprovideaccessthroughboth.
EntitiesmaychooseforcertainPACStoresideinaPSPcontrollingaccesstoapplicableBES
CyberSystems.ForthesePACS,thereisnoadditionalobligationtocomplywithRequirement
Parts1.1,1.7and1.8beyondwhatisalreadyrequiredforthePSP.
RequirementR2:
Theloggingofvisitorsshouldcaptureeachvisitoftheindividualanddoesnotneedtocapture
eachentryorexitduringthatvisit.Thisismeanttoallowavisitortotemporarilyexitthe
PhysicalSecurityPerimetertoobtainsomethingtheyleftintheirvehicleoroutsidethearea
withoutrequiringanewlogentryforeachandeveryentryduringthevisit.
Page21of24
TheSDTalsodeterminedthatapointofcontactshouldbedocumentedwhocanprovide
additionaldetailsaboutthevisitifquestionsariseinthefuture.Thepointofcontactcouldbe
theescort,butthereisnoneedtodocumenteveryonethatactedasanescortforthevisitor.
RequirementR3:
Thisincludesthetestingoflocallymountedhardwareordevicesusedincontrolling,alertingor
loggingaccesstothePhysicalSecurityPerimeter.Thisincludesmotionsensors,electroniclock
controlmechanisms,andbadgereaderswhicharenotdeemedtobepartofthePhysicalAccess
ControlSystembutarerequiredfortheprotectionoftheBESCyberSystems.
Rationale:
RationaleforR1:
EachResponsibleEntityshallensurethatphysicalaccesstoallBESCyberSystemsisrestricted
andappropriatelymanaged.EntitiesmaychooseforcertainPACStoresideinaPSPcontrolling
accesstoapplicableBESCyberSystems.ForthesePACS,thereisnoadditionalobligationto
complywithRequirementParts1.1,1.7and1.8beyondwhatisalreadyrequiredforthePSP.
SummaryofChanges:TheentirecontentofCIP0065isintendedtoconstituteaphysical
securityprogram.Thisrepresentsachangefrompreviousversions,sincetherewasnospecific
requirementtohaveaphysicalsecurityprograminpreviousversionsofthestandards,only
requirementsforphysicalsecurityplans.
AddeddetailstoaddressFERCOrderNo.706,Paragraph572,directivesforphysicalsecurity
defenseindepth.
Additionalguidanceonphysicalsecuritydefenseindepthprovidedtoaddressthedirectivein
FERCOrderNo.706,Paragraph575.
Referencetopriorversion:(Part1.1)CIP0064c,R2.1forPhysicalAccessControlSystems
NewRequirementforMediumImpactBESCyberSystemsnothavingExternalRoutable
Connectivity
Toallowforprogrammaticprotectioncontrolsasabaseline(whichalsoincludeshowtheentity
planstoprotectMediumImpactBESCyberSystemsthatdonothaveExternalRoutable
ConnectivitynototherwisecoveredunderPart1.2,anditdoesnotrequireadetailedlistof
individualswithaccess).PhysicalAccessControlSystemsdonotthemselvesneedtobe
protectedatthesamelevelasrequiredinParts1.2through1.5.
Referencetopriorversion:(Part1.2)CIP0064c,R3&R4
Page22of24
Thisrequirementhasbeenmademoregeneraltoallowforalternatemeasuresofrestricting
physicalaccess.SpecificexamplesofmethodsaResponsibleEntitycantaketorestrictingaccess
toBESCyberSystemshasbeenmovedtotheGuidelinesandTechnicalBasissection.
Referencetopriorversion:(Part1.3)CIP0064c,R3&R4
ThespecificexamplesthatspecifymethodsaResponsibleEntitycantaketorestrictingaccessto
BESCyberSystemshasbeenmovedtotheGuidelinesandTechnicalBasissection.This
requirementhasbeenmademoregeneraltoallowforalternatemeasuresofcontrolling
physicalaccess.
AddedtoaddressFERCOrderNo.706,Paragraph572,relateddirectivesforphysicalsecurity
defenseindepth.
FERCOrderNo.706,Paragraph575,directivesaddressedbyprovidingtheexamplesinthe
guidancedocumentofphysicalsecuritydefenseindepthviamultifactorauthenticationor
layeredPhysicalSecurityPerimeter(s).
Referencetopriorversion:(Part1.4)CIP0064c,R5
ExamplesofmonitoringmethodshavebeenmovedtotheGuidelinesandTechnicalBasis
section.
ExamplesofmonitoringmethodshavebeenmovedtotheGuidelinesandTechnicalBasis
section.
AddressesthepriorCIP0064c,RequirementR5requirementforPhysicalAccessControl
Systems.
AddressesthepriorCIP0064c,RequirementR5requirementforPhysicalAccessControl
Systems.
Page23of24
CIP0064c,RequirementR6wasspecifictotheloggingofaccessatidentifiedaccesspoints.
ThisrequirementmoregenerallyrequiresloggingofauthorizedphysicalaccessintothePhysical
SecurityPerimeter.
ExamplesofloggingmethodshavebeenmovedtotheGuidelinesandTechnicalBasissection.
Nochange.
RationaleforR2:
Tocontrolwhenpersonnelwithoutauthorizedunescortedphysicalaccesscanbeinany
PhysicalSecurityPerimetersprotectingBESCyberSystemsorElectronicAccessControlor
MonitoringSystems,asapplicableinTableR2.
SummaryofChanges:Reformattedintotablestructure.OriginallyaddedinVersion3perFERC
OrderissuedSeptember30,2009.
Referencetopriorversion:(Part2.1)CIP0064c,R1.6.2
AddedtheabilitytonotdothisduringCIPExceptionalCircumstances.
Referencetopriorversion:(Part2.2)CIP0064cR1.6.1
AddedtheabilitytonotdothisduringCIPExceptionalCircumstances,addressedmultientry
scenariosofthesamepersoninaday(logfirstentryandlastexit),andnameofthepersonwho
isresponsibleorsponsorforthevisitor.Thereisnorequirementtodocumenttheescortor
handoffsbetweenescorts.
Nochange
RationaleforR3:
ToensureallPhysicalAccessControlSystemsanddevicescontinuetofunctionproperly.
SummaryofChanges:Reformattedintotablestructure.
AddeddetailstoaddressFERCOrderNo.706,Paragraph581,directivestotestmorefrequently
thaneverythreeyears.
Page24of24
Referencetopriorversion:(Part3.1)CIP0064c,R8.1andR8.2
AddeddetailstoaddressFERCOrderNo.706,Paragraph581directivestotestmorefrequently
thaneverythreeyears.TheSDTdeterminedthatannualtestingwastoooftenandagreedon
twoyears.
Version History
1 1/16/06
controlcenter.
3/24/06
2 9/30/09 Modificationstoclarifytherequirements
andtobringthecomplianceelements
intoconformancewiththelatest
guidelinesfordevelopingcompliance
elementsofstandards.
judgment.
responsibleentity.
3 12/16/09 UpdatedVersionNumberfrom2to3
InRequirement1.6,deletedthesentence
pertainingtoremovingcomponentor
systemfromserviceinordertoperform
testing,inresponsetoFERCorderissued
September30,2009.
3 12/16/09 ApprovedbytheNERCBoardofTrustees.
5 11/26/12 AdoptedbytheNERCBoardofTrustees. Modifiedto
coordinatewith
otherCIP
standardsandto
reviseformatto
useRBSTemplate.
Standard CIP0073a Cyber Security Sys tems Security Management

1
A. Introduction
1. Title: Cyber Security Systems Security Management
3. Purpose: Standard CIP-007-3 requires Responsible Entities to define methods, processes,
and procedures for securing those systems determined to be Critical Cyber Assets, as well as
the other (non-critical) Cyber Assets within the Electronic Security Perimeter(s). Standard
CIP-007-3 should be read as part of a group of standards numbered Standards CIP-002-3
through CIP-009-3.
4. Applicability:
4.1.10 NERC.
not required).
B. Requirements
R1. Test Procedures The Responsible Entity shall ensure that new Cyber Assets and significant
changes to existing Cyber Assets within the Electronic Security Perimeter do not adversely
affect existing cyber security controls. For purposes of Standard CIP-007-3, a significant
change shall, at a minimum, include implementation of security patches, cumulative service
packs, vendor releases, and version upgrades of operating systems, applications, database
platforms, or other third-party software or firmware.
R1.1. The Responsible Entity shall create, implement, and maintain cyber security test
procedures in a manner that minimizes adverse effects on the production system or its
operation.
2
R1.2. The Responsible Entity shall document that testing is performed in a manner that
reflects the production environment.
R1.3. The Responsible Entity shall document test results.
R2. Ports and Services The Responsible Entity shall establish, document and implement a
process to ensure that only those ports and services required for normal and emergency
operations are enabled.
R2.1. The Responsible Entity shall enable only those ports and services required for normal
and emergency operations.
R2.2. The Responsible Entity shall disable other ports and services, including those used for
testing purposes, prior to production use of all Cyber Assets inside the Electronic
R2.3. In the case where unused ports and services cannot be disabled due to technical
limitations, the Responsible Entity shall document compensating measure(s) applied
to mitigate risk exposure.
R3. Security Patch Management The Responsible Entity, either separately or as a component of
the documented configuration management process specified in CIP-003-3 Requirement R6,
shall establish, document and implement a security patch management program for tracking,
evaluating, testing, and installing applicable cyber security software patches for all Cyber
Assets within the Electronic Security Perimeter(s).
R3.1. The Responsible Entity shall document the assessment of security patches and
security upgrades for applicability within thirty calendar days of availability of the
patches or upgrades.
R3.2. The Responsible Entity shall document the implementation of security patches. In
any case where the patch is not installed, the Responsible Entity shall document
compensating measure(s) applied to mitigate risk exposure.
R4. Malicious Software Prevention The Responsible Entity shall use anti-virus software and
other malicious software (malware) prevention tools, where technically feasible, to detect,
prevent, deter, and mitigate the introduction, exposure, and propagation of malware on all
Cyber Assets within the Electronic Security Perimeter(s).
R4.1. The Responsible Entity shall document and implement anti-virus and malware
prevention tools. In the case where anti-virus software and malware prevention tools
are not installed, the Responsible Entity shall document compensating measure(s)
applied to mitigate risk exposure.
R4.2. The Responsible Entity shall document and implement a process for the update of
anti-virus and malware prevention signatures. The process must address testing and
installing the signatures.
R5. Account Management The Responsible Entity shall establish, implement, and document
technical and procedural controls that enforce access authentication of, and accountability for,
all user activity, and that minimize the risk of unauthorized system access.
R5.1. The Responsible Entity shall ensure that individual and shared system accounts and
authorized access permissions are consistent with the concept of need to know with
respect to work functions performed.
R5.1.1. The Responsible Entity shall ensure that user accounts are implemented as
approved by designated personnel. Refer to Standard CIP-003-3
Requirement R5.
3
R5.1.2. The Responsible Entity shall establish methods, processes, and procedures
that generate logs of sufficient detail to create historical audit trails of
individual user account access activity for a minimum of ninety days.
R5.1.3. The Responsible Entity shall review, at least annually, user accounts to
verify access privileges are in accordance with Standard CIP-003-3
Requirement R5 and Standard CIP-004-3 Requirement R4.
R5.2. The Responsible Entity shall implement a policy to minimize and manage the scope
and acceptable use of administrator, shared, and other generic account privileges
including factory default accounts.
R5.2.1. The policy shall include the removal, disabling, or renaming of such
accounts where possible. For such accounts that must remain enabled,
passwords shall be changed prior to putting any system into service.
R5.2.2. The Responsible Entity shall identify those individuals with access to shared
accounts.
R5.2.3. Where such accounts must be shared, the Responsible Entity shall have a
policy for managing the use of such accounts that limits access to only those
with authorization, an audit trail of the account use (automated or manual),
and steps for securing the account in the event of personnel changes (for
example, change in assignment or termination).
R5.3. At a minimum, the Responsible Entity shall require and use passwords, subject to the
following, as technically feasible:
R5.3.1. Each password shall be a minimum of six characters.
R5.3.2. Each password shall consist of a combination of alpha, numeric, and
special characters.
R5.3.3. Each password shall be changed at least annually, or more frequently based
on risk.
R6. Security Status Monitoring The Responsible Entity shall ensure that all Cyber Assets within
the Electronic Security Perimeter, as technically feasible, implement automated tools or
organizational process controls to monitor system events that are related to cyber security.
R6.1. The Responsible Entity shall implement and document the organizational processes
and technical and procedural mechanisms for monitoring for security events on all
Cyber Assets within the Electronic Security Perimeter.
R6.2. The security monitoring controls shall issue automated or manual alerts for detected
Cyber Security Incidents.
R6.3. The Responsible Entity shall maintain logs of system events related to cyber security,
where technically feasible, to support incident response as required in Standard CIP-
008-3.
R6.4. The Responsible Entity shall retain all logs specified in Requirement R6 for ninety
calendar days.
R6.5. The Responsible Entity shall review logs of system events related to cyber security
and maintain records documenting review of logs.
R7. Disposal or Redeployment The Responsible Entity shall establish and implement formal
methods, processes, and procedures for disposal or redeployment of Cyber Assets within the
Electronic Security Perimeter(s) as identified and documented in Standard CIP-005-3.
4
R7.1. Prior to the disposal of such assets, the Responsible Entity shall destroy or erase the
data storage media to prevent unauthorized retrieval of sensitive cyber security or
reliability data.
R7.2. Prior to redeployment of such assets, the Responsible Entity shall, at a minimum,
erase the data storage media to prevent unauthorized retrieval of sensitive cyber
security or reliability data.
R7.3. The Responsible Entity shall maintain records that such assets were disposed of or
redeployed in accordance with documented procedures.
assessment of all Cyber Assets within the Electronic Security Perimeter at least annually. The
vulnerability assessment shall include, at a minimum, the following:
R8.2. A review to verify that only ports and services required for operation of the Cyber
Assets within the Electronic Security Perimeter are enabled;
R8.3. A review of controls for default accounts; and,
R8.4. Documentation of the results of the assessment, the action plan to remediate or
mitigate vulnerabilities identified in the assessment, and the execution status of that
action plan.
R9. Documentation Review and Maintenance The Responsible Entity shall review and update
the documentation specified in Standard CIP-007-3 at least annually. Changes resulting from
modifications to the systems or controls shall be documented within thirty calendar days of the
change being completed.
C. Measures
M1. The Responsible Entity shall make available documentation of its security test procedures as
M2. The Responsible Entity shall make available documentation as specified in Requirement R2.
M3. The Responsible Entity shall make available documentation and records of its security patch
management program, as specified in Requirement R3.
M4. The Responsible Entity shall make available documentation and records of its malicious
software prevention program as specified in Requirement R4.
M5. The Responsible Entity shall make available documentation and records of its account
management program as specified in Requirement R5.
M6. The Responsible Entity shall make available documentation and records of its security status
monitoring program as specified in Requirement R6.
M7. The Responsible Entity shall make available documentation and records of its program for the
disposal or redeployment of Cyber Assets as specified in Requirement R7.
M8. The Responsible Entity shall make available documentation and records of its annual
vulnerability assessment of all Cyber Assets within the Electronic Security Perimeters(s) as
M9. The Responsible Entity shall make available documentation and records demonstrating the
review and update as specified in Requirement R9.
D. Compliance
5
Not applicable.
Compliance Audits
Self-Certifications
Spot Checking
Self-Reporting
Complaints
1.4. Data Retention
investigation.
1.4.2 The Responsible Entity shall retain securityrelated system event logs for ninety
calendar days, unless longer retention is required pursuant to Standard CIP-008-3
Requirement R2.
1.5. Additional Compliance Information.
None identified.
Version History
with the latest guidelines for developing compliance
elements of standards.
Removal of reasonable business judgment and
acceptance of risk.
Revised the Purpose of this standard to clarify that
Standard CIP-007-2 requires Responsible Entities to
define methods, processes, and procedures for
securing Cyber Assets and other (non-Critical)

6
Assets within an Electronic Security Perimeter.
entity.
R9 changed ninety (90) days to thirty (30) days
2 05/06/09 Adopted by NERC Board of Trustees Revised
2a 11/05/09 Added Appendix 1 Interpretation of R2 approved
by BOT on November 5, 2009
Interpretation
2a 03/18/10 Interpretation of CIP-007-1 Requirement R2
FERC Approved, per footnote 11 of Order to be
appended to CIP-007-2, Effective Date April 1, 2010
Interpretation
3 Updated version numbers from -2 to -3
3 12/16/09 Adopted by the NERC Board of Trustees
3 2/07/13 R7.3 and associated elements approved by NERC

3a 5/13/13 Added FERC approved interpretation of R2 (should
have been appended to CIP-007-3 when the
interpretation was approved by FERC)
Interpretation

7
Appendix 1

R2. The Responsible Entity shall establish and document a process to ensure that only those
ports and services required for normal and emergency operations are enabled.
Question
Does the term "port" mean a physical (hardware) or a logical (software) connection to a
computer?
Response
The drafting team interprets the term ports used as part of the phrase ports and services to
refer to logical ports, e.g., Transmission Control Protocol (TCP) ports, where interface with
communication services occurs.

Standard CIP0074a Cyber Security Systems Security Management
1
A. Introduction
1. Title: Cyber Security Systems Security Management
3. Purpose: Standard CIP-007-4 requires Responsible Entities to define methods, processes,
and procedures for securing those systems determined to be Critical Cyber Assets, as well as
the other (non-critical) Cyber Assets within the Electronic Security Perimeter(s). Standard
CIP-007-4 should be read as part of a group of standards numbered Standards CIP-002-4
through CIP-009-4.
4. Applicability:
4.1.10 NERC.
B. Requirements
R1. Test Procedures The Responsible Entity shall ensure that new Cyber Assets and significant
changes to existing Cyber Assets within the Electronic Security Perimeter do not adversely
affect existing cyber security controls. For purposes of Standard CIP-007-4, a significant
change shall, at a minimum, include implementation of security patches, cumulative service
packs, vendor releases, and version upgrades of operating systems, applications, database
platforms, or other third-party software or firmware.
2
R1.1. The Responsible Entity shall create, implement, and maintain cyber security test
procedures in a manner that minimizes adverse effects on the production system or its
operation.
R1.2. The Responsible Entity shall document that testing is performed in a manner that
reflects the production environment.
R1.3. The Responsible Entity shall document test results.
R2. Ports and Services The Responsible Entity shall establish, document and implement a
process to ensure that only those ports and services required for normal and emergency
operations are enabled.
R2.1. The Responsible Entity shall enable only those ports and services required for normal
and emergency operations.
R2.2. The Responsible Entity shall disable other ports and services, including those used for
testing purposes, prior to production use of all Cyber Assets inside the Electronic
R2.3. In the case where unused ports and services cannot be disabled due to technical
limitations, the Responsible Entity shall document compensating measure(s) applied
to mitigate risk exposure.
R3. Security Patch Management The Responsible Entity, either separately or as a component of
the documented configuration management process specified in CIP-003-4 Requirement R6,
shall establish, document and implement a security patch management program for tracking,
evaluating, testing, and installing applicable cyber security software patches for all Cyber
Assets within the Electronic Security Perimeter(s).
R3.1. The Responsible Entity shall document the assessment of security patches and
security upgrades for applicability within thirty calendar days of availability of the
patches or upgrades.
R3.2. The Responsible Entity shall document the implementation of security patches. In
any case where the patch is not installed, the Responsible Entity shall document
compensating measure(s) applied to mitigate risk exposure.
R4. Malicious Software Prevention The Responsible Entity shall use anti-virus software and
other malicious software (malware) prevention tools, where technically feasible, to detect,
prevent, deter, and mitigate the introduction, exposure, and propagation of malware on all
Cyber Assets within the Electronic Security Perimeter(s).
R4.1. The Responsible Entity shall document and implement anti-virus and malware
prevention tools. In the case where anti-virus software and malware prevention tools
are not installed, the Responsible Entity shall document compensating measure(s)
applied to mitigate risk exposure.
R4.2. The Responsible Entity shall document and implement a process for the update of
anti-virus and malware prevention signatures. The process must address testing and
installing the signatures.
R5. Account Management The Responsible Entity shall establish, implement, and document
technical and procedural controls that enforce access authentication of, and accountability for,
all user activity, and that minimize the risk of unauthorized system access.
R5.1. The Responsible Entity shall ensure that individual and shared system accounts and
authorized access permissions are consistent with the concept of need to know with
respect to work functions performed.
3
R5.1.1. The Responsible Entity shall ensure that user accounts are implemented as
approved by designated personnel. Refer to Standard CIP-003-4
Requirement R5.
R5.1.2. The Responsible Entity shall establish methods, processes, and procedures
that generate logs of sufficient detail to create historical audit trails of
individual user account access activity for a minimum of ninety days.
R5.1.3. The Responsible Entity shall review, at least annually, user accounts to
verify access privileges are in accordance with Standard CIP-003-4
Requirement R5 and Standard CIP-004-4 Requirement R4.
R5.2. The Responsible Entity shall implement a policy to minimize and manage the scope
and acceptable use of administrator, shared, and other generic account privileges
including factory default accounts.
R5.2.1. The policy shall include the removal, disabling, or renaming of such
accounts where possible. For such accounts that must remain enabled,
passwords shall be changed prior to putting any system into service.
R5.2.2. The Responsible Entity shall identify those individuals with access to shared
accounts.
R5.2.3. Where such accounts must be shared, the Responsible Entity shall have a
policy for managing the use of such accounts that limits access to only those
with authorization, an audit trail of the account use (automated or manual),
and steps for securing the account in the event of personnel changes (for
example, change in assignment or termination).
R5.3. At a minimum, the Responsible Entity shall require and use passwords, subject to the
following, as technically feasible:
R5.3.1. Each password shall be a minimum of six characters.
R5.3.2. Each password shall consist of a combination of alpha, numeric, and
special characters.
R5.3.3. Each password shall be changed at least annually, or more frequently based
on risk.
R6. Security Status Monitoring The Responsible Entity shall ensure that all Cyber Assets within
the Electronic Security Perimeter, as technically feasible, implement automated tools or
organizational process controls to monitor system events that are related to cyber security.
R6.1. The Responsible Entity shall implement and document the organizational processes
and technical and procedural mechanisms for monitoring for security events on all
Cyber Assets within the Electronic Security Perimeter.
R6.2. The security monitoring controls shall issue automated or manual alerts for detected
Cyber Security Incidents.
R6.3. The Responsible Entity shall maintain logs of system events related to cyber security,
where technically feasible, to support incident response as required in Standard CIP-
008-4.
R6.4. The Responsible Entity shall retain all logs specified in Requirement R6 for ninety
calendar days.
R6.5. The Responsible Entity shall review logs of system events related to cyber security
and maintain records documenting review of logs.
4
R7. Disposal or Redeployment The Responsible Entity shall establish and implement formal
methods, processes, and procedures for disposal or redeployment of Cyber Assets within the
Electronic Security Perimeter(s) as identified and documented in Standard CIP-005-4.
R7.1. Prior to the disposal of such assets, the Responsible Entity shall destroy or erase the
data storage media to prevent unauthorized retrieval of sensitive cyber security or
reliability data.
R7.2. Prior to redeployment of such assets, the Responsible Entity shall, at a minimum,
erase the data storage media to prevent unauthorized retrieval of sensitive cyber
security or reliability data.
R7.3. The Responsible Entity shall maintain records that such assets were disposed of or
redeployed in accordance with documented procedures. (Retirement approved by
NERC BOT pending applicable regulatory approval.)
assessment of all Cyber Assets within the Electronic Security Perimeter at least annually. The
vulnerability assessment shall include, at a minimum, the following:
R8.2. A review to verify that only ports and services required for operation of the Cyber
Assets within the Electronic Security Perimeter are enabled;
R8.3. A review of controls for default accounts; and,
R8.4. Documentation of the results of the assessment, the action plan to remediate or
mitigate vulnerabilities identified in the assessment, and the execution status of that
action plan.
R9. Documentation Review and Maintenance The Responsible Entity shall review and update
the documentation specified in Standard CIP-007-4 at least annually. Changes resulting from
modifications to the systems or controls shall be documented within thirty calendar days of the
change being completed.
C. Measures
M1. The Responsible Entity shall make available documentation of its security test procedures as
M2. The Responsible Entity shall make available documentation as specified in Requirement R2.
M3. The Responsible Entity shall make available documentation and records of its security patch
management program, as specified in Requirement R3.
M4. The Responsible Entity shall make available documentation and records of its malicious
software prevention program as specified in Requirement R4.
M5. The Responsible Entity shall make available documentation and records of its account
management program as specified in Requirement R5.
M6. The Responsible Entity shall make available documentation and records of its security status
monitoring program as specified in Requirement R6.
M7. The Responsible Entity shall make available documentation and records of its program for the
disposal or redeployment of Cyber Assets as specified in Requirement R7.
M8. The Responsible Entity shall make available documentation and records of its annual
vulnerability assessment of all Cyber Assets within the Electronic Security Perimeters(s) as
M9. The Responsible Entity shall make available documentation and records demonstrating the
review and update as specified in Requirement R9.
5
D. Compliance
Compliance Audits
Self-Certifications
Spot Checking
Self-Reporting
Complaints
1.4. Data Retention
investigation.
1.4.2 The Responsible Entity shall retain securityrelated system event logs for ninety
calendar days, unless longer retention is required pursuant to Standard CIP-008-4
Requirement R2.
1.5. Additional Compliance Information.
6

R1. MEDIUM N/A TheResponsibleEntity did
create, implement and maintain
thetest procedures as required in
R1.1, but did not document
that testing is performed as
required in R1.2.
OR
TheResponsibleEntity did not
document thetest results as
required in R1.3.
TheResponsibleEntity did not create, implement and
maintain thetest procedures as required in R1.1.
TheResponsibleEntity did not create, implement and maintain
thetest procedures as required in R1.1,
AND
TheResponsibleEntity did not document that testing was
performed as required in R1.2
AND
TheResponsibleEntity did not document thetest results as
required in R1.3.
R2. MEDIUM N/A
established (implemented) but
did not document aprocess to
ensurethat only thoseports and
services required for normal and
emergency operations are
enabled.
TheResponsibleEntity documented but did not establish
(implement) aprocess to ensurethat only thoseports and
services required for normal and emergency operations are
enabled.
TheResponsibleEntity did not establish (implement) nor
document aprocess to ensurethat only thoseports and services
required for normal and emergency operations areenabled.
R2.1. MEDIUM TheResponsibleEntity
enabled ports and
services not required for
normal and emergency
operations on at least
onebut less than 5% of
theCyber Assets inside
theElectronic Security
Perimeter(s).
TheResponsibleEntity enabled
ports and services not required
for normal and emergency
operations on 5% or morebut
less than 10% of theCyber
Assets insidetheElectronic
TheResponsibleEntity enabled ports and services not
required for normal and emergency operations on 10% or
morebut less than 15% of theCyber Assets insidethe
TheResponsibleEntity enabled ports and services not required
for normal and emergency operations on 15% or moreof the
Cyber Assets insidetheElectronic Security Perimeter(s).
7
R2.2. MEDIUM TheResponsibleEntity
did not disableother
ports and services,
including thoseused for
testing purposes, prior
to production usefor at
least onebut less than
5% of theCyber Assets
insidetheElectronic
TheResponsibleEntity did not
disableother ports and services,
including thoseused for testing
purposes, prior to production use
for 5% or morebut less than
10% of theCyber Assets inside
Perimeter(s).
TheResponsibleEntity did not disableother ports and
services, including thoseused for testing purposes, prior to
production usefor 10% or morebut less than 15% of the
Cyber Assets insidetheElectronic Security Perimeter(s).
TheResponsibleEntity did not disableother ports and services,
including thoseused for testing purposes, prior to production use
for 15% or moreof theCyber Assets insidetheElectronic
R2.3. MEDIUM N/A N/A N/A For cases whereunused ports and services cannot bedisabled
dueto technical limitations, theResponsibleEntity did not
document compensating measure(s) applied to mitigaterisk
exposure.
R3. LOWER
established
(implemented) and
documented, either
separately or as a
component of the
documented
configuration
management process
specified in CIP-003-4
Requirement R6, a
security patch
management program
but did not includeone
or moreof the
following:
tracking, evaluating,
testing, and installing
applicablecyber
security software
patches for all Cyber
Assets within the
Electronic Security
Perimeter(s).
established (implemented) but
did not document, either
separately or as acomponent of
thedocumented configuration
management process specified in
CIP-003-4 Requirement R6, a
security patch management
programfor tracking, evaluating,
testing, and installing applicable
cyber security softwarepatches
for all Cyber Assets within the
TheResponsibleEntity documented but did not establish
(implement), either separately or as acomponent of the
documented configuration management process specified in
CIP-003-4 Requirement R6, asecurity patch management
programfor tracking, evaluating, testing, and installing
applicablecyber security softwarepatches for all Cyber
Assets within theElectronic Security Perimeter(s).
TheResponsibleEntity did not establish (implement) nor
document, either separately or as acomponent of the
documented configuration management process specified in CIP-
003-4 Requirement R6, asecurity patch management program
for tracking, evaluating, testing, and installing applicablecyber
security softwarepatches for all Cyber Assets within the
R3.1. LOWER TheResponsibleEntity
documented the
assessment of security
patches and security
upgrades for
applicability as required
in Requirement R3 in
morethan 30 but less
documented theassessment of
security patches and security
upgrades for applicability as
required in Requirement R3 in
60 or morebut less than 90
calendar days after the
availability of thepatches and
upgrades.
TheResponsibleEntity documented theassessment of
security patches and security upgrades for applicability as
required in Requirement R3 in 90 or morebut less than 120
calendar days after theavailability of thepatches and
upgrades.
TheResponsibleEntity documented theassessment of security
patches and security upgrades for applicability as required in
Requirement R3 in 120 calendar days or moreafter the
availability of thepatches and upgrades.
8
after theavailability of
thepatches and
upgrades.
R3.2. LOWER N/A N/A N/A TheResponsibleEntity did not document theimplementation of
applicablesecurity patches as required in R3.
OR
Wherean applicablepatch was not installed, theResponsible
Entity did not document thecompensating measure(s) applied to
mitigaterisk exposure.
R4. MEDIUM TheResponsibleEntity,
as technically feasible,
did not useanti-virus
softwareand other
malicious software
(malware) prevention
tools, nor implemented
compensating measures,
on at least onebut less
than 5% of Cyber
Assets within the
Electronic Security
Perimeter(s).
TheResponsibleEntity, as
technically feasible, did not use
anti-virus softwareand other
malicious software(malware)
prevention tools, nor
implemented compensating
measures, on at least 5% but less
than 10% of Cyber Assets within
Perimeter(s).
TheResponsibleEntity, as technically feasible, did not use
anti-virus softwareand other malicious software
(malware) prevention tools, nor implemented
compensating measures, on at least 10% but less than 15%
of Cyber Assets within theElectronic Security Perimeter(s).
TheResponsibleEntity, as technically feasible, did not useanti-
virus softwareand other malicious software(malware)
prevention tools, nor implemented compensating measures, on
15% or moreCyber Assets within theElectronic Security
Perimeter(s).
R4.1. MEDIUM N/A N/A N/A
TheResponsibleEntity did not document theimplementation of
antivirus and malwareprevention tools for cyber assets within
theelectronic security perimeter.
OR
TheResponsibleEntity did not document theimplementation of
compensating measure(s) applied to mitigaterisk exposure
whereantivirus and malwareprevention tools arenot installed.
R4.2. MEDIUM TheResponsibleEntity,
documented and
implemented aprocess
for theupdateof anti-
virus and malware
prevention
signatures., but the
process did not address
testing and installation
of thesignatures.
technically feasible, did not
document but implemented a
process, including addressing
testing and installing the
signatures, for theupdateof anti-
virus and malwareprevention
signatures.
TheResponsibleEntity, as technically feasible, documented
but did not implement aprocess, including addressing testing
and installing thesignatures, for theupdateof anti-virus and
malwareprevention signatures.
TheResponsibleEntity, as technically feasible, did not
document nor implement aprocess including addressing testing
and installing thesignatures for theupdateof anti-virus and
malwareprevention signatures.
R5. LOWER N/A TheResponsibleEntity
document technical and
procedural controls that enforce
TheResponsibleEntity documented but did not implement
technical and procedural controls that enforceaccess
authentication of, and accountability for, all user activity.
TheResponsibleEntity did not document nor implement
technical and procedural controls that enforceaccess
authentication of, and accountability for, all user activity.
9
access authentication of, and
accountability for, all user
activity.
R5.1. MEDIUM N/A N/A N/A TheResponsibleEntity did not ensurethat individual and shared
systemaccounts and authorized access permissions are
consistent with theconcept of need to know with respect to
work functions performed.
R5.1.1. LOWER At least oneuser
account but less than
1% of user accounts
implemented by the
ResponsibleEntity,
werenot approved by
designated personnel.
One(1) % or moreof user
accounts but less than 3% of
user accounts implemented by
theResponsibleEntity werenot
approved by designated
personnel.
Three(3) % or moreof user accounts but less than 5% of
user accounts implemented by theResponsibleEntity were
not approved by designated personnel.
Five(5) % or moreof user accounts implemented by the
ResponsibleEntity werenot approved by designated personnel.
R5.1.2. LOWER N/A TheResponsibleEntity
generated logs with sufficient
detail to createhistorical audit
trails of individual user account
access activity, however thelogs
do not contain activity for a
minimumof 90 days.
TheResponsibleEntity generated logs with insufficient
detail to createhistorical audit trails of individual user
account access activity.
TheResponsibleEntity did not generatelogs of individual user
account access activity.
R5.1.3. MEDIUM N/A N/A N/A
TheResponsibleEntity did not review, at least annually, user
accounts to verify access privileges arein accordancewith
Standard CIP-003-4 Requirement R5 and Standard CIP-004-4
Requirement R4.
R5.2. LOWER N/A N/A N/A TheResponsibleEntity did not implement apolicy to minimize
and managethescopeand acceptableuseof administrator,
shared, and other generic account privileges including factory
default accounts.
R5.2.1. MEDIUM N/A N/A TheResponsibleEntity's policy did not includetheremoval,
disabling, or renaming of such accounts wherepossible,
however for accounts that must remain enabled, passwords
werechanged prior to putting any systeminto service.
For accounts that must remain enabled, theResponsibleEntity
did not changepasswords prior to putting any systeminto
service.
R5.2.2. LOWER N/A N/A N/A TheResponsibleEntity did not identify all individuals with
access to shared accounts.
R5.2.3. MEDIUM N/A Wheresuch accounts must be
shared, theResponsibleEntity
has apolicy for managing the
useof such accounts, but is
missing 1 of thefollowing 3
items:
a) limits access to only those
Wheresuch accounts must beshared, theResponsibleEntity
has apolicy for managing theuseof such accounts, but is
missing 2of thefollowing 3 items:
a) limits access to only thosewith authorization,
b) has an audit trail of theaccount use(automated or
manual),
Wheresuch accounts must beshared, theResponsibleEntity
does not haveapolicy for managing theuseof such accounts
that limits access to only thosewith authorization, an audit trail
of theaccount use(automated or manual), and steps for securing
theaccount in theevent of personnel changes (for example,
changein assignment or termination).
10
with authorization,
b) has an audit trail of the
account use(automated or
manual),
c) has specified steps for
securing theaccount in theevent
of personnel changes (for
example, changein assignment
or termination).
c) has specified steps for securing theaccount in theevent of
personnel changes (for example, changein assignment or
termination).
requires and uses
passwords as technically
feasible, but only
addresses 2 of the
requirements in R5.3.1,
R5.3.2., R5.3.3.
TheResponsibleEntity requires
and uses passwords as
technically feasiblebut only
addresses 1 of therequirements
in R5.3.1, R5.3.2., R5.3.3.
TheResponsibleEntity requires but does not usepasswords
as required in R5.3.1, R5.3.2., R5.3.3 and did not
demonstratewhy it is not technically feasible.
TheResponsibleEntity does not requirenor usepasswords as
required in R5.3.1, R5.3.2., R5.3.3 and did not demonstratewhy
it is not technically feasible.
R5.3.3. MEDIUM N/A N/A N/A N/A
R6. LOWER TheResponsibleEntity,
did not implement
automated tools or
organizational process
controls to monitor
systemevents that are
related to cyber security
for at least onebut less
than 5% of Cyber
Assets insidethe
Electronic Security
Perimeter(s).
technically feasible, did not
implement automated tools or
organizational process controls
to monitor systemevents that are
related to cyber security for 5%
or morebut less than 10% of
Cyber Assets insidethe
TheResponsibleEntity did not implement automated tools
or organizational process controls, as technically feasible, to
monitor systemevents that arerelated to cyber security for
10% or morebut less than 15% of Cyber Assets insidethe
TheResponsibleEntity did not implement automated tools or
organizational process controls, as technically feasible, to
monitor systemevents that arerelated to cyber security for 15%
or moreof Cyber Assets insidetheElectronic Security
Perimeter(s).
R6.1. MEDIUM N/A TheResponsibleEntity
document theorganizational
processes and technical and
monitoring for security events
TheResponsibleEntity documented but did not implement
theorganizational processes and technical and procedural
mechanisms for monitoring for security events on all Cyber
Assets within theElectronic Security Perimeter.
TheResponsibleEntity did not implement nor document the
organizational processes and technical and procedural
mechanisms for monitoring for security events on all Cyber
Assets within theElectronic Security Perimeter.
11
on all Cyber Assets within the
Electronic Security Perimeter.
R6.2. MEDIUM N/A N/A N/A TheResponsibleentity's security monitoring controls do not
issueautomated or manual alerts for detected Cyber Security
Incidents.
R6.3. MEDIUM N/A N/A N/A TheResponsibleEntity did not maintain logs of systemevents
related to cyber security, wheretechnically feasible, to support
incident responseas required in Standard CIP-008-4.
retained thelogs
specified in
Requirement R6, for at
least 60 days, but less
than 90 days.
TheResponsibleEntity retained
thelogs specified in
Requirement R6, for at least 30
days, but less than 60 days.
TheResponsibleEntity retained thelogs specified in
Requirement R6, for at least oneday, but less than 30 days.
TheResponsibleEntity did not retain any logs specified in
Requirement R6.
R6.5. LOWER N/A N/A N/A TheResponsibleEntity did not review logs of systemevents
related to cyber security nor maintain records documenting
review of logs.
R7. LOWER
established and
implemented formal
methods, processes, and
procedures for disposal
and redeployment of
Cyber Assets within the
Electronic Security
Perimeter(s) as
identified and
documented in Standard
CIP- 005-4 but did not
maintain records as
specified in R7.3.

(Retirement approved
by NERC BOT pending
applicableregulatory
approval.)
established and implemented
formal methods, processes, and
procedures for disposal of Cyber
Assets within theElectronic
Security Perimeter(s) as
identified and documented in
Standard CIP-005-4 but did not
address redeployment as
specified in R7.2.
TheResponsibleEntity established and implemented formal
methods, processes, and procedures for redeployment of
Cyber Assets within theElectronic Security Perimeter(s) as
identified and documented in Standard CIP-005-4 but did
not address disposal as specified in R7.1.
TheResponsibleEntity did not establish or implement formal
methods, processes, and procedures for disposal or redeployment
of Cyber Assets within theElectronic Security Perimeter(s) as
identified and documented in Standard CIP-005-4.
12
R7.3.
(Retirement
approved by
NERC BOT
pending applicable
regulatory
approval.)
LOWER N/A N/A N/A N/A
R8 LOWER TheResponsibleEntity
performed at least
annually aVulnerability
Assessment that
included 95% or more
but less than 100% of
Cyber Assets within the
Electronic Security
Perimeter.
performed at least annually a
Vulnerability Assessment that
included 90% or morebut less
than 95% of Cyber Assets within
Perimeter.
TheResponsibleEntity performed at least annually a
Vulnerability Assessment that included morethan 85% but
less than 90% of Cyber Assets within theElectronic Security
Perimeter.
TheResponsibleEntity performed at least annually a
Vulnerability Assessment for 85% or less of Cyber Assets within
theElectronic Security Perimeter.
OR
Thevulnerability assessment did not includeone(1) or moreof
thesubrequirements 8.1, 8.2, 8.3, 8.4.
R9 LOWER N/A N/A
TheResponsibleEntity did not review and updatethe
documentation specified in Standard CIP-007-4 at least
annually.
OR
TheResponsibleEntity did not document changes resulting
frommodifications to thesystems or controls within thirty
calendar days of thechangebeing completed.
TheResponsibleEntity did not review and updatethe
documentation specified in Standard CIP-007-4 at least annually
nor werechanges resulting frommodifications to thesystems or
controls documented within thirty calendar days of thechange
being completed.
13

None identified.
Version History
with the latest guidelines for developing compliance
elements of standards.
Removal of reasonable business judgment and
acceptance of risk.
Revised the Purpose of this standard to clarify that
Standard CIP-007-2 requires Responsible Entities to
define methods, processes, and procedures for
securing Cyber Assets and other (non-Critical)
Assets within an Electronic Security Perimeter.
entity.
R9 changed ninety (90) days to thirty (30) days

2 05/06/09 Adopted by NERC Board of Trustees Revised
2a 11/05/09 Added Appendix 1 Interpretation of R2 approved
by BOT on November 5, 2009
Interpretation
2a 03/18/10 Interpretation of CIP-007-1 Requirement R2
FERC Approved, per footnote 11 of Order to be
appended to CIP-007-2, Effective Date April 1, 2010
Interpretation
3 12/16/09 Approved by the NERC Board of Trustees
3 2/7/13 R7.3 and associated elements approved by NERC

Interpretation

4 Board
approved
01/24/2011
(Project 2008-06)


14
3, 4 2/7/13 R7.3 and associated elements approved by NERC

Interpretation

15

Appendix 1

R2. The Responsible Entity shall establish and document a process to ensure that only those
ports and services required for normal and emergency operations are enabled.
Question
Does the term "port" mean a physical (hardware) or a logical (software) connection to a
computer?
Response
The drafting team interprets the term ports used as part of the phrase ports and services to
refer to logical ports, e.g., Transmission Control Protocol (TCP) ports, where interface with
communication services occurs.

CIP0075CyberSecuritySystemsSecurityManagement
Page1of42
A. I ntroduction
1. Title: CyberSecuritySystemSecurityManagement
2. Number: CIP0075
3. Purpose: Tomanagesystemsecuritybyspecifyingselecttechnical,operational,
andproceduralrequirementsinsupportofprotectingBESCyberSystemsagainst
compromisethatcouldleadtomisoperationorinstabilityintheBES.
4. Applicability:
(UVLS)systemthat:
of300MWormore.
unit(s)tobestarted.
Page2of42
oftheBES:
of300MWormore.
unit(s)tobestarted.
AllBESFacilities.
Commission.
Section73.54.
Page3of42
5.EffectiveDates:
1. 24MonthsMinimumCIP0075shallbecomeeffectiveonthelaterofJuly1,
2. Inthosejurisdictionswherenoregulatoryapprovalisrequired,CIP0075shall
6.Background:
Page4of42
CyberSystems.
Page5of42
processes.
processes.
MediumImpactBESCyberSystemsatControlCentersOnlyappliestomedium
impactBESCyberSystemslocatedataControlCenter.
impactBESCyberSystemormediumimpactBESCyberSystemintheapplicability
column.Examplesmayinclude,butarenotlimitedto,firewalls,authentication
servers,andlogmonitoringandalertingsystems.
impactBESCyberSystem.
System.
Page6of42
documentedprocessesthatcollectivelyincludeeachoftheapplicablerequirementpartsinCIP0075TableR1Portsand
Services.[ViolationRiskFactor:Medium][TimeHorizon:SameDayOperations.]
M1. EvidencemustincludethedocumentedprocessesthatcollectivelyincludeeachoftheapplicablerequirementpartsinCIP
0075TableR1PortsandServicesandadditionalevidencetodemonstrateimplementationasdescribedintheMeasures
columnofthetable.

CIP0075TableR1PortsandServices
theirassociated:
1. EACMS;
2. PACS;and
3. PCA
andtheirassociated:
1. EACMS;
2. PACS;and
3. PCA
Wheretechnicallyfeasible,enableonly
logicalnetworkaccessibleportsthat
havebeendeterminedtobeneededby
theResponsibleEntity,includingport
rangesorserviceswhereneededto
handledynamicports.Ifadevicehas
noprovisionfordisablingorrestricting
logicalportsonthedevicethenthose
portsthatareopenaredeemed
needed.
arenotlimitedto:
Documentationoftheneedfor
allenabledportsonall
applicableCyberAssetsand
ElectronicAccessPoints,
individuallyorbygroup.
Listingsofthelisteningportson
theCyberAssets,individuallyor
bygroup,fromeitherthedevice
configurationfiles,command
output(suchasnetstat),or
networkscansofopenports;or
Configurationfilesofhost
basedfirewallsorotherdevice
levelmechanismsthatonly
allowneededportsanddenyall
others.
Page7of42
CIP0075TableR1PortsandServices
MediumImpactBESCyberSystemsat
ControlCenters
Protectagainsttheuseofunnecessary
physicalinput/outputportsusedfor
networkconnectivity,console
commands,orremovablemedia.
showingtypesofprotectionofphysical
input/outputports,eitherlogically
throughsystemconfigurationor
physicallyusingaportlockorsignage.

documentedprocessesthatcollectivelyincludeeachoftheapplicablerequirementpartsinCIP0075TableR2Security
PatchManagement.[ViolationRiskFactor:Medium][TimeHorizon:OperationsPlanning].
requirementpartsinCIP0075TableR2SecurityPatchManagementandadditionalevidencetodemonstrate

Page8of42
CIP0075TableR2SecurityPatchManagement
theirassociated:
1. EACMS;
2. PACS;and
3. PCA
andtheirassociated:
1. EACMS;
2. PACS;and
3. PCA
Apatchmanagementprocessfor
tracking,evaluating,andinstalling
cybersecuritypatchesforapplicable
CyberAssets.Thetrackingportion
shallincludetheidentificationofa
sourceorsourcesthatthe
ResponsibleEntitytracksforthe
releaseofcybersecuritypatchesfor
applicableCyberAssetsthatare
updateableandforwhichapatching
sourceexists.
ofapatchmanagementprocessand
documentationorlistsofsourcesthat
aremonitored,whetheronan
individualBESCyberSystemorCyber
Assetbasis.
Page9of42
theirassociated:
1. EACMS;
2. PACS;and
3. PCA
andtheirassociated:
1. EACMS;
2. PACS;and
3. PCA
Atleastonceevery35calendardays,
evaluatesecuritypatchesfor
applicabilitythathavebeenreleased
sincethelastevaluationfromthe
sourceorsourcesidentifiedinPart
2.1.
butisnotlimitedto,anevaluation
conductedby,referencedby,oron
behalfofaResponsibleEntityof
securityrelatedpatchesreleasedby
thedocumentedsourcesatleastonce
every35calendardays.
Page10of42
theirassociated:
1. EACMS;
2. PACS;and
3. PCA
andtheirassociated:
1. EACMS;
2. PACS;and
3. PCA
Forapplicablepatchesidentifiedin
Part2.2,within35calendardaysof
theevaluationcompletion,takeone
ofthefollowingactions:
Applytheapplicablepatches;or
Createadatedmitigationplan;
or
Reviseanexistingmitigation
plan.
Mitigationplansshallincludethe
ResponsibleEntitysplannedactions
tomitigatethevulnerabilities
addressedbyeachsecuritypatchand
atimeframetocompletethese
mitigations.
butarenotlimitedto:
Recordsoftheinstallationof
thepatch(e.g.,exportsfrom
automatedpatch
managementtoolsthat
provideinstallationdate,
verificationofBESCyber
SystemComponentsoftware
revision,orregistryexports
thatshowsoftwarehasbeen
installed);or
Adatedplanshowingwhen
andhowthevulnerabilitywill
beaddressed,toinclude
documentationoftheactions
tobetakenbytheResponsible
Entitytomitigatethe
vulnerabilitiesaddressedby
thesecuritypatchanda
timeframeforthecompletion
ofthesemitigations.
Page11of42
theirassociated:
1. EACMS;
2. PACS;and
3. PCA
andtheirassociated:
1. EACMS;
2. PACS;and
3. PCA
Foreachmitigationplancreatedor
revisedinPart2.3,implementthe
planwithinthetimeframespecifiedin
theplan,unlessarevisiontotheplan
oranextensiontothetimeframe
specifiedinPart2.3isapprovedby
theCIPSeniorManagerordelegate.
butisnotlimitedto,recordsof
implementationofmitigations.

documentedprocessesthatcollectivelyincludeeachoftheapplicablerequirementpartsinCIP0075TableR3Malicious
CodePrevention.[ViolationRiskFactor:Medium][TimeHorizon:SameDayOperations].
M3. Evidencemustincludeeachofthedocumentedprocessesthatcollectivelyincludeeachoftheapplicablerequirement
partsinCIP0075TableR3MaliciousCodePreventionandadditionalevidencetodemonstrateimplementationas
Page12of42
CIP0075TableR3MaliciousCodePrevention
theirassociated:
1. EACMS;
2. PACS;and
3. PCA
andtheirassociated:
1. EACMS;
2. PACS;and
3. PCA
Deploymethod(s)todeter,detect,or
preventmaliciouscode.
butisnotlimitedto,recordsofthe
ResponsibleEntitysperformanceof
theseprocesses(e.g.,through
traditionalantivirus,system
hardening,policies,etc.).
Page13of42
CIP0075TableR3MaliciousCodePrevention
theirassociated:
1. EACMS;
2. PACS;and
3. PCA
andtheirassociated:
1. EACMS;
2. PACS;and
3. PCA
Mitigatethethreatofdetected
maliciouscode.
butarenotlimitedto:
Recordsofresponseprocesses
formaliciouscodedetection
Recordsoftheperformanceof
theseprocesseswhenmalicious
codeisdetected.
theirassociated:
1. EACMS;
2. PACS;and
3. PCA
andtheirassociated:
1. EACMS;
2. PACS;and
3. PCA
ForthosemethodsidentifiedinPart
3.1thatusesignaturesorpatterns,
haveaprocessfortheupdateofthe
signaturesorpatterns.Theprocess
mustaddresstestingandinstallingthe
signaturesorpatterns.
showingtheprocessusedforthe
updateofsignaturesorpatterns.

Page14of42

documentedprocessesthatcollectivelyincludeeachoftheapplicablerequirementpartsinCIP0075TableR4Security
EventMonitoring.[ViolationRiskFactor:Medium][TimeHorizon:SameDayOperationsandOperationsAssessment.]
M4. Evidencemustincludeeachofthedocumentedprocessesthatcollectivelyincludeeachoftheapplicablerequirement
partsinCIP0075TableR4SecurityEventMonitoringandadditionalevidencetodemonstrateimplementationas

CIP0075TableR4SecurityEventMonitoring
theirassociated:
1. EACMS;
2. PACS;and
3. PCA
andtheirassociated:
1. EACMS;
2. PACS;and
3. PCA
LogeventsattheBESCyberSystem
level(perBESCyberSystemcapability)
orattheCyberAssetlevel(perCyber
Assetcapability)foridentificationof,
andafterthefactinvestigationsof,
CyberSecurityIncidentsthatincludes,
asaminimum,eachofthefollowing
typesofevents:
4.1.1. Detectedsuccessfullogin
attempts;
4.1.2. Detectedfailedaccess
attemptsandfailedlogin
attempts;
4.1.3. Detectedmaliciouscode.
arenotlimitedto,apaperorsystem
generatedlistingofeventtypesfor
whichtheBESCyberSystemiscapable
ofdetectingand,forgenerated
events,isconfiguredtolog.Thislisting
mustincludetherequiredtypesof
events.
Page15of42
theirassociated:
1. EACMS;
2. PACS;and
3. PCA
andtheirassociated:
1. EACMS;
2. PACS;and
3. PCA
Generatealertsforsecurityevents
thattheResponsibleEntity
determinesnecessitatesanalert,that
includes,asaminimum,eachofthe
followingtypesofevents(perCyber
AssetorBESCyberSystemcapability):
4.2.1. Detectedmaliciouscodefrom
Part4.1;and
4.2.2. DetectedfailureofPart4.1
eventlogging.
arenotlimitedto,paperorsystem
generatedlistingofsecurityevents
thattheResponsibleEntity
determinednecessitatealerts,
includingpaperorsystemgenerated
listshowinghowalertsareconfigured.
Page16of42
theirassociated:
1. EACMS;
2. PACS;and
3. PCA
ControlCentersandtheirassociated:
1. EACMS;
2. PACS;and
3. PCA
Wheretechnicallyfeasible,retain
applicableeventlogsidentifiedinPart
4.1foratleastthelast90consecutive
calendardaysexceptunderCIP
ExceptionalCircumstances.
arenotlimitedto,documentationof
theeventlogretentionprocessand
paperorsystemgeneratedreports
showinglogretentionconfiguration
setat90daysorgreater.
theirassociated:
1. EACMS;and
2. PCA
Reviewasummarizationorsampling
ofloggedeventsasdeterminedbythe
ResponsibleEntityatintervalsno
greaterthan15calendardaysto
identifyundetectedCyberSecurity
Incidents.
arenotlimitedto,documentation
describingthereview,anyfindings
fromthereview(ifany),anddated
documentationshowingthereview
occurred.

documentedprocessesthatcollectivelyincludeeachoftheapplicablerequirementpartsinCIP0075TableR5System
AccessControls.[ViolationRiskFactor:Medium][TimeHorizon:OperationsPlanning].
requirementpartsinCIP0075Table5SystemAccessControlsandadditionalevidencetodemonstrateimplementation
asdescribedintheMeasurescolumnofthetable.

Page17of42
CIP0075TableR5SystemAccessControl
theirassociated:
1. EACMS;
2. PACS;and
3. PCA
1. EACMS;
2. PACS;and
3. PCA
andtheirassociated:
1. EACMS;
2. PACS;and
3. PCA
Haveamethod(s)toenforce
authenticationofinteractiveuseraccess,
wheretechnicallyfeasible.
describinghowaccessis
authenticated.

Page18of42

theirassociated:
1. EACMS;
2. PACS;and
3. PCA
andtheirassociated:
1. EACMS;
2. PACS;and
3. PCA
Identifyandinventoryallknownenabled
defaultorothergenericaccounttypes,
eitherbysystem,bygroupsofsystems,by
location,orbysystemtype(s).
butisnotlimitedto,alistingof
accountsbyaccounttypesshowing
theenabledorgenericaccounttypes
inusefortheBESCyberSystem.
Page19of42

theirassociated:
1. EACMS;
2. PACS;and
3. PCA
andtheirassociated:
1. EACMS;
2. PACS;and
3. PCA
Identifyindividualswhohaveauthorized
accesstosharedaccounts.
butisnotlimitedto,listingofshared
accountsandtheindividualswhohave
authorizedaccesstoeachshared
account.
Page20of42

5.4
HighImpactBESCyberSystemsand
theirassociated:
1. EACMS;
2. PACS;and
3. PCA
andtheirassociated:
1. EACMS;
2. PACS;and
3. PCA
Changeknowndefaultpasswords,per
CyberAssetcapability
arenotlimitedto:
Recordsofaprocedurethat
passwordsarechangedwhennew
devicesareinproduction;or
Documentationinsystemmanuals
orothervendordocuments
showingdefaultvendor
passwordsweregenerated
pseudorandomlyandarethereby
uniquetothedevice.
Page21of42

theirassociated:
1. EACMS;
2. PACS;and
3. PCA
andtheirassociated:
1. EACMS;
2. PACS;and
3. PCA
Forpasswordonlyauthenticationfor
interactiveuseraccess,eithertechnically
orprocedurallyenforcethefollowing
passwordparameters:
5.5.1. Passwordlengththatis,atleast,
thelesserofeightcharactersor
themaximumlengthsupportedby
theCyberAsset;and
5.5.2. Minimumpasswordcomplexity
thatisthelesserofthreeormore
differenttypesofcharacters(e.g.,
uppercasealphabetic,lowercase
alphabetic,numeric,non
alphanumeric)orthemaximum
complexitysupportedbytheCyber
Asset.
arenotlimitedto:
Systemgeneratedreportsor
screenshotsofthesystem
enforcedpasswordparameters,
includinglengthandcomplexity;
or
Attestationsthatincludea
referencetothedocumented
proceduresthatwerefollowed.
Page22of42

theirassociated:
1. EACMS;
2. PACS;and
3. PCA
andtheirassociated:
1. EACMS;
2. PACS;and
3. PCA
Wheretechnicallyfeasible,for
passwordonlyauthenticationfor
interactiveuseraccess,either
technicallyorprocedurallyenforce
passwordchangesoranobligationto
changethepasswordatleastonce
every15calendarmonths.
butarenotlimitedto:
Systemgeneratedreportsor
screenshotsofthesystem
enforcedperiodicityofchanging
passwords;or
Attestationsthatincludea
referencetothedocumented
proceduresthatwerefollowed.
Page23of42
theirassociated:
1. EACMS;
2. PACS;and
3. PCA
atControlCentersandtheir
associated:
1. EACMS;
2. PACS;and
3. PCA
Wheretechnicallyfeasible,either:
Limitthenumberof
unsuccessfulauthentication
attempts;or
Generatealertsaftera
thresholdofunsuccessful
authenticationattempts.
butarenotlimitedto:
Documentationoftheaccount
lockoutparameters;or
Rulesinthealertingconfiguration
showinghowthesystemnotified
individualsafteradetermined
numberofunsuccessfullogin
attempts.
Page24of42
C. Compliance
TheRegionalEntityshallserveastheComplianceEnforcementAuthority(CEA)unlessthe
applicableentityisowned,operated,orcontrolledbytheRegionalEntity.Insuchcasesthe
EROoraRegionalEntityapprovedbyFERCorotherapplicablegovernmentalauthorityshall
serveastheCEA.
Thefollowingevidenceretentionperiodsidentifytheperiodoftimeanentityisrequiredto
retainspecificevidencetodemonstratecompliance.Forinstanceswheretheevidence
retentionperiodspecifiedbelowisshorterthanthetimesincethelastaudit,theCEAmayask
anentitytoprovideotherevidencetoshowthatitwascompliantforthefulltimeperiodsince
thelastaudit.
TheResponsibleEntityshallkeepdataorevidencetoshowcomplianceasidentifiedbelow
unlessdirectedbyitsCEAtoretainspecificevidenceforalongerperiodoftimeaspartofan
investigation:
EachResponsibleEntityshallretainevidenceofeachrequirementinthisstandardforthree
calendaryears.
IfaResponsibleEntityisfoundnoncompliant,itshallkeepinformationrelatedtothenon
complianceuntilmitigationiscompleteandapprovedorforthetimespecifiedabove,
whicheverislonger.
TheCEAshallkeepthelastauditrecordsandallrequestedandsubmittedsubsequentaudit
records.
ComplianceAudit
SelfCertification
SpotChecking
SelfReporting
Complaint
None
Page25of42
None.
E. Interpretations
None.
None.
Page26of42
standards.
RequirementR1:
RequirementR1existstoreducetheattacksurfaceofCyberAssetsbyrequiringentitiesto
disableknownunnecessaryports.TheSDTintendsfortheentitytoknowwhatnetwork
accessible(listening)portsandassociatedservicesareaccessibleontheirassetsandsystems,
whethertheyareneededforthatCyberAssetsfunction,anddisableorrestrictaccesstoall
otherports.
1.1. Thisrequirementismostoftenaccomplishedbydisablingthecorrespondingserviceor
programthatislisteningontheportorconfigurationsettingswithintheCyberAsset.Itcan
alsobeaccomplishedthroughusinghostbasedfirewalls,TCP_Wrappers,orothermeanson
theCyberAssettorestrictaccess.NotethattherequirementisapplicableattheCyberAsset
level.TheCyberAssetsarethosewhichcomprisetheapplicableBESCyberSystemsandtheir
associatedCyberAssets.Thiscontrolisanotherlayerinthedefenseagainstnetworkbased
attacks,thereforetheSDTintendsthatthecontrolbeonthedeviceitself,orpositionedinline
inanonbypassablemanner.BlockingportsattheESPborderdoesnotsubstituteforthis
devicelevelrequirement.Ifadevicehasnoprovisionfordisablingorrestrictinglogicalports
onthedevice(examplepurposebuiltdevicesthatrunfromfirmwarewithnoport
configurationavailable)thenthoseportsthatareopenaredeemedneeded.
1.2. ExamplesofphysicalI/Oportsincludenetwork,serialandUSBportsexternaltothe
devicecasing.BESCyberSystemsshouldexistwithinaPhysicalSecurityPerimeterinwhich
Page27of42
casethephysicalI/Oportshaveprotectionfromunauthorizedaccess,butitmaystillbe
possibleforaccidentalusesuchasconnectingamodem,connectinganetworkcablethat
bridgesnetworks,orinsertingaUSBdrive.Portsusedforconsolecommandsprimarilymeans
serialportsonCyberAssetsthatprovideanadministrativeinterface.
Theprotectionoftheseportscanbeaccomplishedinseveralwaysincluding,butnotlimitedto:
DisablingallunneededphysicalportswithintheCyberAssetsconfiguration
Prominentsignage,tampertape,orothermeansofconveyingthattheports
shouldnotbeusedwithoutproperauthorization
Physicalportobstructionthroughremovablelocks
Thisisadefenseindepthtypecontrolanditisacknowledgedthatthereareotherlayersof
control(thePSPforone)thatpreventunauthorizedpersonnelfromgainingphysicalaccessto
theseports.Evenwithphysicalaccess,ithasbeenpointedoutthereareotherwaysto
circumventthecontrol.Thiscontrol,withitsinclusionofmeanssuchassignage,isnotmeant
tobeapreventativecontrolagainstintruders.Signageisindeedadirectivecontrol,nota
preventativeone.However,withadefenseindepthposture,differentlayersandtypesof
controlsarerequiredthroughoutthestandardwiththisprovidinganotherlayerfordepthin
ControlCenterenvironments.Oncephysicalaccesshasbeenachievedthroughtheother
preventativeanddetectivemeasuresbyauthorizedpersonnel,adirectivecontrolthatoutlines
properbehaviorasalastlineofdefenseareappropriateinthesehighestriskareas.Inessence,
signagewouldbeusedtoremindauthorizeduserstothinkbeforeyoupluganythingintoone
ofthesesystemswhichistheintent.Thiscontrolisnotdesignedprimarilyforintruders,but
forexampletheauthorizedemployeewhointendstoplughispossiblyinfectedsmartphone
intoanoperatorconsoleUSBporttochargethebattery.
RequirementR2:
TheSDTsintentofRequirementR2istorequireentitiestoknow,track,andmitigatethe
knownsoftwarevulnerabilitiesassociatedwiththeirBESCyberAssets.Itisnotstrictlyan
installeverysecuritypatchrequirement;themainintentionistobeawareofinatimely
mannerandmanageallknownvulnerabilitiesrequirement.
PatchmanagementisrequiredforBESCyberSystemsthatareaccessibleremotelyaswellas
standalonesystems.Standalonesystemsarevulnerabletointentionalorunintentional
introductionofmaliciouscode.Asounddefenseindepthsecuritystrategyemploysadditional
measuressuchasphysicalsecurity,malwarepreventionsoftware,andsoftwarepatch
managementtoreducetheintroductionofmaliciouscodeortheexploitofknown
vulnerabilities.
Oneormultipleprocessescouldbeutilized.Anoverallassessmentprocessmayexistinatop
tierdocumentwithlowertierdocumentsestablishingthemoredetailedprocessfollowedfor
individualsystems.LowertierdocumentscouldbeusedtocoverBESCyberSystemnuances
thatmayoccuratthesystemlevel.
2.1. TheResponsibleEntityistohaveapatchmanagementprogramthatcoverstracking,
evaluating,andinstallingcybersecuritypatches.Therequirementappliestopatchesonly,
Page28of42
whicharefixesreleasedtohandleaspecificvulnerabilityinahardwareorsoftwareproduct.
Therequirementcoversonlypatchesthatinvolvecybersecurityfixesanddoesnotcover
patchesthatarepurelyfunctionalityrelatedwithnocybersecurityimpact.Trackinginvolves
processesfornotificationoftheavailabilityofnewcybersecuritypatchesfortheCyberAssets.
Documentingthepatchsourceinthetrackingportionoftheprocessisrequiredtodetermine
whentheassessmenttimeframeclockstarts.Thisrequirementhandlesthesituationwhere
securitypatchescancomefromanoriginalsource(suchasanoperatingsystemvendor),but
mustbeapprovedorcertifiedbyanothersource(suchasacontrolsystemvendor)beforethey
canbeassessedandappliedinordertonotjeopardizetheavailabilityorintegrityofthecontrol
system.Thesourcecantakemanyforms.TheNationalVulnerabilityDatabase,Operating
Systemvendors,orControlSystemvendorscouldallbesourcestomonitorforreleaseof
securityrelatedpatches,hotfixes,and/orupdates.ApatchsourceisnotrequiredforCyber
Assetsthathavenoupdateablesoftwareorfirmware(thereisnouseraccessiblewaytoupdate
theinternalsoftwareorfirmwareexecutingontheCyberAsset),orthoseCyberAssetsthat
havenoexistingsourceofpatchessuchasvendorsthatnolongerexist.Theidentificationof
thesesourcesisintendedtobeperformedonceunlesssoftwareischangedoraddedtothe
CyberAssetsbaseline.
2.2. ResponsibleEntitiesaretoperformanassessmentofsecurityrelatedpatcheswithin35
daysofreleasefromtheirmonitoredsource.Anassessmentshouldconsistofdeterminationof
theapplicabilityofeachpatchtotheentitysspecificenvironmentandsystems.Applicability
determinationisbasedprimarilyonwhetherthepatchappliestoaspecificsoftwareor
hardwarecomponentthattheentitydoeshaveinstalledinanapplicableCyberAsset.Apatch
thatappliestoaserviceorcomponentthatisnotinstalledintheentitysenvironmentisnot
applicable.Ifthepatchisdeterminedtobenonapplicable,thatisdocumentedwiththe
reasonswhyandtheentityiscompliant.Ifthepatchisapplicable,theassessmentcaninclude
adeterminationoftheriskinvolved,howthevulnerabilitycanberemediated,theurgencyand
timeframeoftheremediation,andthestepstheentityhaspreviouslytakenorwilltake.
Considerablecaremustbetakeninapplyingsecurityrelatedpatches,hotfixes,and/orupdates
orapplyingcompensatingmeasurestoBESCyberSystemorBESCyberAssetsthatarenolonger
supportedbyvendors.Itispossiblesecuritypatches,hotfixes,andupdatesmayreducethe
reliabilityofthesystem,andentitiesshouldtakethisintoaccountwhendeterminingthetype
ofmitigationtoapply.TheResponsibleEntitiescanusetheinformationprovidedinthe
DepartmentofHomelandSecurityQuarterlyReportonCyberVulnerabilitiesofPotentialRisk
toControlSystemsasasource.TheDHSdocumentRecommendedPracticeforPatch
ManagementofControlSystemsprovidesguidanceonanevaluativeprocess.Itusesseverity
levelsdeterminedusingtheCommonVulnerabilityScoringSystemVersion2.Determination
thatasecurityrelatedpatch,hotfix,and/orupdateposestoogreatarisktoinstallonasystem
orisnotapplicableduetothesystemconfigurationshouldnotrequireaTFE.
Whendocumentingtheremediationplanmeasuresitmaynotbenecessarytodocumentthem
onaonetoonebasis.Theremediationplanmeasuresmaybecumulative.Ameasureto
addressasoftwarevulnerabilitymayinvolvedisablingaparticularservice.Thatsameservice
maybeexploitedthroughothersoftwarevulnerabilities.Thereforedisablingthesingleservice
hasaddressedmultiplepatchedvulnerabilities.
Page29of42
2.3. Therequirementhandlesthesituationswhereitismoreofareliabilityrisktopatcha
runningsystemthanthevulnerabilitypresents.Inallcases,theentityeitherinstallsthepatch
ordocuments(eitherthroughthecreationofaneworupdateofanexistingmitigationplan)
whattheyaregoingtodotomitigatethevulnerabilityandwhentheyaregoingtodoso.There
aretimeswhenitisinthebestinterestofreliabilitytonotinstallapatch,andtheentitycan
documentwhattheyhavedonetomitigatethevulnerability.Forthosesecurityrelated
patchesthataredeterminedtobeapplicable,theResponsibleEntitymustwithin35dayseither
installthepatch,createadatedmitigationplanwhichwilloutlinetheactionstobetakenor
thosethathavealreadybeentakenbytheResponsibleEntitytomitigatethevulnerabilities
addressedbythesecuritypatch,orreviseanexistingmitigationplan.Timeframesdonothave
tobedesignatedasaparticularcalendardaybutcanhaveeventdesignationssuchasatnext
scheduledoutageofatleasttwodaysduration.Mitigationplansinthestandardrefersto
internaldocumentsandarenottobeconfusedwithplansthataresubmittedtoRegional
Entitiesinresponsetoviolations.
2.4. Theentityhasbeennotifiedof,hasassessed,andhasdevelopedaplantoremediate
theknownriskandthatplanmustbeimplemented.Remediationplansthatonlyincludesteps
thathavebeenpreviouslytakenareconsideredimplementeduponcompletionofthe
documentation.Remediationplansthathavestepstobetakentoremediatethevulnerability
mustbeimplementedbythetimeframetheentitydocumentedintheirplan.Thereisno
maximumtimeframeinthisrequirementaspatchingandothersystemchangescarriesitsown
risktotheavailabilityandintegrityofthesystemsandmayrequirewaitinguntilaplanned
outage.Inperiodsofhighdemandorthreateningweather,changestosystemsmaybe
curtailedordeniedduetotherisktoreliability.
RequirementR3:
3.1. DuetothewiderangeofequipmentcomprisingtheBESCyberSystemsandthewide
varietyofvulnerabilityandcapabilityofthatequipmenttomalwareaswellastheconstantly
evolvingthreatandresultanttoolsandcontrols,itisnotpracticalwithinthestandardto
prescribehowmalwareistobeaddressedoneachCyberAsset.Rather,theResponsibleEntity
determinesonaBESCyberSystembasiswhichCyberAssetshavesusceptibilitytomalware
intrusionsanddocumentstheirplansandprocessesforaddressingthoserisksandprovides
evidencethattheyfollowthoseplansandprocesses.Therearenumerousoptionsavailable
includingtraditionalantivirussolutionsforcommonoperatingsystems,whitelistingsolutions,
networkisolationtechniques,portablestoragemediapolicies,IntrusionDetection/Prevention
(IDS/IPS)solutions,etc.IfanentityhasnumerousBESCyberSystemsorCyberAssetsthatare
ofidenticalarchitecture,theymayprovideoneprocessthatdescribeshowallthelikeCyber
Assetsarecovered.IfaspecificCyberAssethasnoupdateablesoftwareanditsexecutingcode
cannotbealtered,thenthatCyberAssetisconsideredtohaveitsowninternalmethodof
deterringmaliciouscode.
3.2. WhenmaliciouscodeisdetectedonaCyberAssetwithintheapplicabilityofthis
requirement,thethreatposedbythatcodemustbemitigated.Insituationswheretraditional
antivirusproductsareused,theymaybeconfiguredtoautomaticallyremoveorquarantinethe
maliciouscode.Inwhitelistingsituations,thewhitelistingtoolitselfcanmitigatethethreatas
Page30of42
itwillnotallowthecodetoexecute,howeverstepsshouldstillbetakentoremovethe
maliciouscodefromtheCyberAsset.Insomeinstances,itmaybeinthebestinterestof
reliabilitytonotimmediatelyremoveorquarantinethemaliciouscode,suchaswhen
availabilityofthesystemmaybejeopardizedbyremovalwhileoperatingandarebuildofthe
systemneedstobescheduled.Inthatcase,monitoringmaybeincreasedandstepstakento
insurethemaliciouscodecannotcommunicatewithothersystems.Insomeinstancesthe
entitymaybeworkingwithlawenforcementorothergovernmentalentitiestocloselymonitor
thecodeandtracktheperpetrator(s).Forthesereasons,thereisnomaximumtimeframeor
methodprescribedfortheremovalofthemaliciouscode,buttherequirementistomitigate
thethreatposedbythenowidentifiedmaliciouscode.
3.3. Ininstanceswheremalwaredetectiontechnologiesdependonsignaturesorpatternsof
knownattacks,theeffectivenessofthesetoolsagainstevolvingthreatsistiedtotheabilityto
keepthesesignaturesandpatternsupdatedinatimelymanner.Theentityistohavea
documentedprocessthatincludesthetestingandinstallationofsignatureorpatternupdates.
InaBESCyberSystem,theremaybesomeCyberAssetsthatwouldbenefitfromthemore
timelyinstallationoftheupdateswhereavailabilityofthatCyberAssetwouldnotjeopardize
theavailabilityoftheBESCyberSystemsabilitytoperformitsfunction.Forexample,some
HMIworkstationswhereportablemediaisutilizedmaybenefitfromhavingtheverylatest
updatesatalltimeswithminimaltesting.OtherCyberAssetsshouldhaveanyupdates
thoroughlytestedbeforeimplementationwheretheresultofafalsepositivecouldharmthe
availabilityoftheBESCyberSystem.Thetestingshouldnotnegativelyimpactthereliabilityof
theBES.Thetestingshouldbefocusedontheupdateitselfandifitwillhaveanadverseimpact
ontheBESCyberSystem.Testinginnowayimpliesthattheentityistestingtoensurethat
malwareisindeeddetectedbyintroducingmalwareintotheenvironment.Itisstrictlyfocused
onensuringthattheupdatedoesnotnegativelyimpacttheBESCyberSystembeforethose
updatesareplacedintoproduction.
RequirementR4:
RefertoNIST80092and800137foradditionalguidanceinsecurityeventmonitoring.
4.1. Inacomplexcomputingenvironmentandfacedwithdynamicthreatsand
vulnerabilities,itisnotpracticalwithinthestandardtoenumerateallsecurityrelatedevents
necessarytosupporttheactivitiesforalertingandincidentresponse.Rather,theResponsible
Entitydetermineswhichcomputergeneratedeventsarenecessarytolog,providealertsand
monitorfortheirparticularBESCyberSystemenvironment.
SpecificsecurityeventsalreadyrequiredinVersion4oftheCIPStandardscarryforwardinthis
version.ThisincludesaccessattemptsattheElectronicAccessPoints,ifanyhavebeen
identifiedforaBESCyberSystems.Examplesofaccessattemptsinclude:(i)blockednetwork
accessattempts,(ii)successfulandunsuccessfulremoteuseraccessattempts,(iii)blocked
networkaccessattemptsfromaremoteVPN,and(iv)successfulnetworkaccessattemptsor
networkflowinformation.
UseraccessandactivityeventsincludethoseeventsgeneratedbyCyberAssetswithinthe
ElectronicSecurityPerimeterthathaveaccesscontrolcapability.Thesetypesofeventsinclude:
Page31of42
(i)successfulandunsuccessfulauthentication,(ii)accountmanagement,(iii)objectaccess,and
(iv)processesstartedandstopped.
ItisnottheintentoftheSDTthatifadevicecannotlogaparticulareventthataTFEmustbe
generated.TheSDTsintentisthatifanyoftheitemsinthebulletedlist(forexample,user
logouts)canbeloggedbythedevicethentheentitymustlogthatitem.Ifthedevicedoesnot
havethecapabilityofloggingthatevent,theentityremainscompliant.
4.2. Realtimealertingallowsthecybersystemtoautomaticallycommunicateeventsof
significancetodesignatedresponders.Thisinvolvesconfigurationofacommunication
mechanismandloganalysisrules.Alertscanbeconfiguredintheformofanemail,text
message,orsystemdisplayandalarming.Theloganalysisrulescanexistaspartofthe
operatingsystem,specificapplicationoracentralizedsecurityeventmonitoringsystem.On
oneend,arealtimealertcouldconsistofasetpointonanRTUforaloginfailure,andonthe
otherend,asecurityeventmonitoringsystemcouldprovidemultiplealertingcommunications
optionstriggeredonanynumberofcomplexlogcorrelationrules.
Theeventstriggeringarealtimealertmaychangefromdaytodayassystemadministrators
andincidentrespondersbetterunderstandthetypesofeventsthatmightbeindicationsofa
cybersecurityincident.Configurationofalertsalsomustbalancetheneedforrespondersto
knowaneventoccurredwiththepotentialinundationofinsignificantalerts.Thefollowinglist
includesexamplesofeventsaResponsibleEntityshouldconsiderinconfiguringrealtimealerts:
Detectedknownorpotentialmalwareormaliciousactivity
Failureofsecurityeventloggingmechanisms
Loginfailuresforcriticalaccounts
Interactiveloginofsystemaccounts
Enablingofaccounts
Newlyprovisionedaccounts
Systemadministrationorchangetasksbyanunauthorizeduser
Authenticationattemptsoncertainaccountsduringnonbusinesshours
Unauthorizedconfigurationchanges
Insertionofremovablemediainviolationofapolicy
4.3 LogsthatarecreatedunderPart4.1aretoberetainedontheapplicableCyberAssetsor
BESCyberSystemsforatleast90days.Thisisdifferentthantheevidenceretentionperiod
calledforintheCIPstandardsusedtoprovehistoricalcompliance.Forsuchauditpurposes,
theentityshouldmaintainevidencethatshowsthat90dayswerekepthistorically.One
examplewouldberecordsofdispositionofeventlogsbeyond90daysuptotheevidence
retentionperiod.
4.4. Reviewinglogsatleastevery15days(approximatelyeverytwoweeks)canconsistof
analyzingasummarizationorsamplingofloggedevents.NISTSP80092providesalotof
guidanceinperiodicloganalysis.Ifacentralizedsecurityeventmonitoringsystemisused,log
analysiscanbeperformedtopdownstartingwithareviewoftrendsfromsummaryreports.
Page32of42
Thelogreviewcanalsobeanextensionoftheexerciseinidentifyingthoseeventsneedingreal
timealertsbyanalyzingeventsthatarenotfullyunderstoodorcouldpossiblyinundatethe
realtimealerting.
RequirementR5:
Accounttypesreferencedinthisguidancetypicallyinclude:
Shareduseraccount:Anaccountusedbymultipleusersfornormalbusinessfunctions
byemployeesorcontractors.UsuallyonadevicethatdoesnotsupportIndividualUser
Accounts.
Individualuseraccount:Anaccountusedbyasingleuser.
Administrativeaccount:Anaccountwithelevatedprivilegesforperforming
administrativeorotherspecializedfunctions.Thesecanbeindividualorshared
accounts.
Systemaccount:Accountsusedtorunservicesonasystem(web,DNS,mailetc).No
usershaveaccesstotheseaccounts.
Applicationaccount:Aspecificsystemaccount,withrightsgrantedattheapplication
leveloftenusedforaccessintoaDatabase.
Guestaccount:Anindividualuseraccountnottypicallyusedfornormalbusiness
functionsbyemployeesorcontractorsandnotassociatedwithaspecificuser.Mayor
maynotbesharedbymultipleusers.
Remoteaccessaccount:AnindividualuseraccountonlyusedforobtainingInteractive
RemoteAccesstotheBESCyberSystem.
Genericaccount:Agroupaccountsetupbytheoperatingsystemorapplicationto
performspecificoperations.Thisdiffersfromashareduseraccountinthatindividual
usersdonotreceiveauthorizationforaccesstothisaccounttype.
5.1 ReferencetheRequirementsrationale.
5.2 Wherepossible,defaultandothergenericaccountsprovidedbyavendorshouldbe
removed,renamed,ordisabledpriortoproductionuseoftheCyberAssetorBESCyberSystem.
Ifthisisnotpossible,thepasswordsmustbechangedfromthedefaultprovidedbythevendor.
Defaultandothergenericaccountsremainingenabledmustbedocumented.Forcommon
configurations,thisdocumentationcanbeperformedataBESCyberSystemormoregeneral
level.
5.3 Entitiesmaychoosetoidentifyindividualswithaccesstosharedaccountsthroughthe
accessauthorizationandprovisioningprocess,inwhichcasetheindividualauthorization
recordssufficetomeetthisRequirementPart.Alternatively,entitiesmaychoosetomaintaina
separatelistingforsharedaccounts.Eitherformofevidenceachievestheendresultof
maintainingcontrolofsharedaccounts.
5.4. Defaultpasswordscanbecommonlypublishedinvendordocumentationthatisreadily
availabletoallcustomersusingthattypeofequipmentandpossiblypublishedonline.
Page33of42
TherequirementoptiontohaveuniquepasswordaddressescaseswheretheCyberAsset
generatesorhasassignedpseudorandomdefaultpasswordsatthetimeofproductionor
installation.Inthesecases,thedefaultpassworddoesnothavetochangebecausethesystem
ormanufacturercreateditspecifictotheCyberAsset.
5.5. Interactiveuseraccessdoesnotincludereadonlyinformationaccessinwhichthe
configurationoftheCyberAssetcannotchange(e.g.frontpaneldisplays,webbasedreports,
etc.).Fordevicesthatcannottechnicallyorforoperationalreasonsperformauthentication,an
entitymaydemonstrateallinteractiveuseraccesspaths,bothremoteandlocal,areconfigured
forauthentication.Physicalsecuritysufficesforlocalaccessconfigurationifthephysical
securitycanrecordwhoisinthePhysicalSecurityPerimeterandatwhattime.
Technicalorproceduralenforcementofpasswordparametersarerequiredwherepasswords
aretheonlycredentialusedtoauthenticateindividuals.Technicalenforcementofthepassword
parametersmeansaCyberAssetverifiesanindividuallyselectedpasswordmeetstherequired
parametersbeforeallowingtheaccounttoauthenticatewiththeselectedpassword.Technical
enforcementshouldbeusedinmostcaseswhentheauthenticatingCyberAssetsupports
enforcingpasswordparameters.Likewise,proceduralenforcementmeansrequiringthe
passwordparametersthroughprocedures.Individualschoosingthepasswordshavethe
obligationofensuringthepasswordmeetstherequiredparameters.
PasswordcomplexityreferstothepolicysetbyaCyberAssettorequirepasswordstohaveone
ormoreofthefollowingtypesofcharacters:(1)lowercasealphabetic,(2)uppercase
alphabetic,(3)numeric,and(4)nonalphanumericorspecialcharacters(e.g.#,$,@,&),in
variouscombinations.
5.6 Technicalorproceduralenforcementofpasswordchangeobligationsarerequired
wherepasswordsaretheonlycredentialusedtoauthenticateindividuals.Technical
enforcementofpasswordchangeobligationsmeanstheCyberAssetrequiresapassword
changeafteraspecifiedtimeframepriortoallowingaccess.Inthiscase,thepasswordisnot
requiredtochangebythespecifiedtimeaslongastheCyberAssetenforcesthepassword
changeafterthenextsuccessfulauthenticationoftheaccount.Proceduralenforcementmeans
manuallychangingpasswordsusedforinteractiveuseraccessafteraspecifiedtimeframe.
5.7 Configuringanaccountlockoutpolicyoralertingafteracertainnumberoffailed
authenticationattemptsservestopreventunauthorizedaccessthroughanonlinepassword
guessingattack.Thethresholdoffailedauthenticationattemptsshouldbesethighenoughto
avoidfalsepositivesfromauthorizedusersfailingtoauthenticate.Itshouldalsobesetlow
enoughtoaccountforonlinepasswordattacksoccurringoveranextendedperiodoftime.This
thresholdmaybetailoredtotheoperatingenvironmentovertimetoavoidunnecessary
accountlockouts.
Entitiesshouldtakecautionwhenconfiguringaccountlockouttoavoidlockingoutaccounts
necessaryfortheBESCyberSystemtoperformaBESreliabilitytask.Insuchcases,entities
shouldconfigureauthenticationfailurealerting.
Page34of42
Rationale:
RationaleforR1:
TherequirementisintendedtominimizetheattacksurfaceofBESCyberSystemsthrough
disablingorlimitingaccesstounnecessarynetworkaccessiblelogicalportsandservicesand
physicalI/Oports.
SummaryofChanges:Changedtheneededfornormaloremergencyoperationstothose
portsthatareneeded.PhysicalI/OportswereaddedinresponsetoaFERCorder.The
unneededphysicalportsinControlCenters(whicharethehighestrisk,mostimpactfulareas)
shouldbeprotectedaswell.
Referencetopriorversion:(Part1.1)CIP0074,R2.1andR2.2
Therequirementfocusesontheentityknowingandonlyallowingthoseportsthatare
necessary.Theadditionalclassificationofnormaloremergencyaddednovalueandhasbeen
removed.
OnMarch18,2010,FERCissuedanordertoapproveNERCsinterpretationofRequirementR2
ofCIP0072.Inthisorder,FERCagreedthetermportsinportsandservicesreferstological
communication(e.g.TCP/IP)ports,buttheyalsoencouragedthedraftingteamtoaddress
unusedphysicalports.
RationaleforR2:
Securitypatchmanagementisaproactivewayofmonitoringandaddressingknownsecurity
vulnerabilitiesinsoftwarebeforethosevulnerabilitiescanbeexploitedinamaliciousmanner
togaincontroloforrenderaBESCyberAssetorBESCyberSysteminoperable.
TheremediationplancanbeupdatedasnecessarytomaintainthereliabilityoftheBES,
includinganexplanationofanyreschedulingoftheremediationactions.
SummaryofChanges:TheexistingwordingsofCIP007,RequirementsR3,R3.1,andR3.2,were
separatedintoindividuallineitemstoprovidemoregranularity.Thedocumentationofa
source(s)tomonitorforreleaseofsecurityrelatedpatches,hotfixes,and/orupdatesforBES
CyberSystemorBESCyberAssetswasaddedtoprovidecontextastowhenthereleasedate
was.Thecurrentwordingstateddocumenttheassessmentofsecuritypatchesandsecurity
Page35of42
upgradesforapplicabilitywithinthirtycalendardaysofavailabilityofthepatchesorupgrades
andtherehasbeenconfusionastowhatconstitutestheavailabilitydate.Duetoissuesthat
mayoccurregardingControlSystemvendorlicenseandserviceagreements,flexibilitymustbe
giventoResponsibleEntitiestodefinewhatsourcesarebeingmonitoredforBESCyberAssets.
TherequirementisbroughtforwardfrompreviousCIPversionswiththeadditionofdefiningthe
source(s)thataResponsibleEntitymonitorsforthereleaseofsecurityrelatedpatches.
Documentingthesourceisusedtodeterminewhentheassessmenttimeframeclockstarts.This
requirementalsohandlesthesituationwheresecuritypatchescancomefromanoriginalsource
(suchasanoperatingsystemvendor),butmustbeapprovedorcertifiedbyanothersource(such
asacontrolsystemvendor)beforetheycanbeassessedandappliedinordertonotjeopardize
theavailabilityorintegrityofthecontrolsystem.
Similartothecurrentwordingbutaddedfromthesourceorsourcesidentifiedin2.1toclarify
the35daytimeframe.
Therequirementhasbeenchangedtohandlethesituationswhereitismoreofareliabilityrisk
topatcharunningsystemthanthevulnerabilitypresents.Inallcases,theentitydocuments
(eitherthroughthecreationofaneworupdateofanexistingmitigationplan)whattheyare
goingtodotomitigatethevulnerabilityandwhentheyaregoingtodoso.Themitigationplan
may,andinmanycaseswill,consistofinstallingthepatch.However,therearetimeswhenitis
inthebestinterestofreliabilitytonotinstallapatch,andtheentitycandocumentwhatthey
havedonetomitigatethevulnerability.
Similartothecurrentwordingbutaddedthattheplanmustbeimplementedwithinthe
timeframespecifiedintheplan,orinarevisedplanasapprovedbytheCIPSeniorManageror
delegate.
RationaleforR3:
Maliciouscodepreventionhasthepurposeoflimitinganddetectingtheadditionofmalicious
codeontotheapplicableCyberAssetsofaBESCyberSystem.Maliciouscode(viruses,worms,
botnets,targetedcodesuchasStuxnet,etc.)maycompromisetheavailabilityorintegrityofthe
BESCyberSystem.
SummaryofChanges:Inpriorversions,thisrequirementhasarguablybeenthesinglegreatest
generatorofTFEsasitprescribedaparticulartechnologytobeusedoneveryCCAregardlessof
Page36of42
thatassetssusceptibilityorcapabilitytousethattechnology.AsthescopeofCyberAssetsin
scopeofthesestandardsexpandstomorefieldassets,thisissuewillgrowexponentially.The
draftingteamistakingtheapproachofmakingthisrequirementacompetencybased
requirementwheretheentitymustdocumenthowthemalwareriskishandledforeachBES
CyberSystem,butitdoesnotprescribeaparticulartechnicalmethodnordoesitprescribethat
itmustbeusedoneveryCyberAsset.TheBESCyberSystemistheobjectofprotection.
BeginninginParagraphs619622ofFERCOrderNo.706,andinparticularParagraph621,FERC
agreesthatthestandarddoesnotneedtoprescribeasinglemethodHowever,howa
responsibleentitydoesthisshouldbedetailedinitscybersecuritypolicysothatitcanbe
auditedforcompliance
InParagraph622,FERCdirectsthattherequirementbemodifiedtoincludesafeguardsagainst
personnelintroducing,eithermaliciouslyorunintentionally,virusesormalicioussoftware
throughremoteaccess,electronicmedia,orothermeans.Thedraftingteambelievesthat
addressingthisissueholisticallyattheBESCyberSystemlevelandregardlessoftechnology,
alongwiththeenhancedchangemanagementrequirements,meetsthisdirective.
Referencetopriorversion:(Part3.1)CIP0074,R4;CIP0074,R4.1
SeetheSummaryofChanges.FERCOrderNo.706,Paragraph621,statesthestandards
developmentprocessshoulddecidetowhatdegreetoprotectBESCyberSystemsfrom
personnelintroducingmalicioussoftware.
SeetheSummaryofChanges.
Requirementessentiallyunchangedfrompreviousversions;updatedtorefertopreviouspartsof
therequirementtable.
RationaleforR4:
RationaleforR4:Securityeventmonitoringhasthepurposeofdetectingunauthorizedaccess,
reconnaissanceandothermaliciousactivityonBESCyberSystems,andcomprisesofthe
activitiesinvolvedwiththecollection,processing,alertingandretentionofsecurityrelated
computerlogs.Theselogscanprovideboth(1)thedetectionofanincidentand(2)useful
evidenceintheinvestigationofanincident.Theretentionofsecurityrelatedlogsisintended
tosupportposteventdataanalysis.
Auditprocessingfailuresarenotpenalizedinthisrequirement.Instead,therequirement
specifiesprocesseswhichmustbeinplacetomonitorforandnotifypersonnelofaudit
processingfailures.
Page37of42
SummaryofChanges:BeginninginParagraph525andalsoParagraph628oftheFERCOrder
No.706,theCommissiondirectsamanualreviewofsecurityeventlogsonamoreperiodic
basis.ThisrequirementcombinesCIP0054,R5andCIP0074,R6andaddressesboth
directivesfromasystemwideperspective.Theprimaryfeedbackreceivedonthisrequirement
fromtheinformalcommentperiodwasthevaguenessoftermssecurityeventandmonitor.
Thetermsecurityeventoreventsrelatedtocybersecurityisproblematicbecauseitdoes
notapplyconsistentlyacrossallplatformsandapplications.Toresolvethisterm,the
requirementtakesanapproachsimilartoNIST80053andrequirestheentitytodefinethe
securityeventsrelevanttotheSystem.ThereareafeweventsexplicitlylistedthatifaCyber
AssetorBESCyberSystemcanlog,thenitmustlog.
Inaddition,thisrequirementsetsupparametersforthemonitoringandreviewingofprocesses.
Itisrarelyfeasibleorproductivetolookateverysecuritylogonthesystem.Paragraph629of
theFERCOrderNo.706acknowledgesthisrealitywhendirectingamanuallogreview.Asa
result,thisrequirementallowsthemanualreviewtoconsistofasamplingorsummarizationof
securityeventsoccurringsincethelastreview.
Referencetopriorversion:(Part4.1)CIP0054,R3;CIP0074,R5,R5.1.2,R6.1,andR6.3
ThisrequirementisderivedfromNIST80053version3AU2,whichrequiresorganizationsto
determinesystemeventstoauditforincidentresponsepurposes.Theindustryexpressed
confusioninthetermsystemeventsrelatedtocybersecurityfrominformalcomments
receivedonCIP011.AccesslogsfromtheESPasrequiredinCIP0054RequirementR3and
useraccessandactivitylogsasrequiredinCIP0075RequirementR5arealsoincludedhere.
Referencetopriorversion:(Part4.2)CIP0054,R3.2;CIP0074,R6.2
ThisrequirementisderivedfromalertingrequirementsinCIP0054,RequirementR3.2andCIP
0074,RequirementR6.2inadditiontoNIST80053version3AU6.PreviousCIPStandards
requiredalertingonunauthorizedaccessattemptsanddetectedCyberSecurityIncidents,which
canbevastanddifficulttodeterminefromdaytoday.Changestothisrequirementallowthe
entitytodetermineeventsthatnecessitatearesponse.
Nosubstantivechange.
BeginninginParagraph525andalso628oftheFERCOrderNo.706,theCommissiondirectsa
manualreviewofsecurityeventlogsonamoreperiodicbasisandsuggestsaweeklyreview.
TheOrderacknowledgesitisrarelyfeasibletoreviewallsystemlogs.Indeed,logreviewisa
dynamicprocessthatshouldimproveovertimeandwithadditionalthreatinformation.
Page38of42
Changestothisrequirementallowforanapproximatelybiweeklysummaryorsamplingreview
oflogs.
RationaleforR5:
TohelpensurethatnoauthorizedindividualcangainelectronicaccesstoaBESCyberSystem
untiltheindividualhasbeenauthenticated,i.e.,untiltheindividual'slogoncredentialshave
beenvalidated.RequirementR5alsoseekstoreducetheriskthatstaticpasswords,where
usedasauthenticators,maybecompromised.
RequirementPart5.1ensurestheBESCyberSystemorCyberAssetauthenticatesindividuals
thatcanmodifyconfigurationinformation.Thisrequirementaddressestheconfigurationof
authentication.TheauthorizationofindividualsisaddressedelsewhereintheCIPCyber
SecurityStandards.Interactiveuseraccessdoesnotincludereadonlyinformationaccessin
whichtheconfigurationoftheCyberAssetcannotchange(e.g.frontpaneldisplays,webbased
reports,etc.).Fordevicesthatcannottechnicallyorforoperationalreasonsperform
authentication,anentitymaydemonstrateallinteractiveuseraccesspaths,bothremoteand
local,areconfiguredforauthentication.Physicalsecuritysufficesforlocalaccessconfiguration
ifthephysicalsecuritycanrecordwhoisinthePhysicalSecurityPerimeterandatwhattime.
RequirementPart5.2addressesdefaultandothergenericaccounttypes.Identifyingtheuseof
defaultorgenericaccounttypesthatcouldintroducevulnerabilitieshasthebenefitensuring
entitiesunderstandthepossiblerisktheseaccountsposetotheBESCyberSystem.The
RequirementPartavoidsprescribinganactiontoaddresstheseaccountsbecausethemost
effectivesolutionissituationspecific,andinsomecases,removingordisablingtheaccount
couldhavereliabilityconsequences.
RequirementPart5.3addressesidentificationofindividualswithaccesstosharedaccounts.
ThisRequirementParthastheobjectiveofmitigatingtheriskofunauthorizedaccessthrough
sharedaccounts.ThisdiffersfromotherCIPCyberSecurityStandardsRequirementsto
authorizeaccess.Anentitycanauthorizeaccessandstillnotknowwhohasaccesstoashared
account.Failuretoidentifyindividualswithaccesstosharedaccountswouldmakeitdifficultto
revokeaccesswhenitisnolongerneeded.Thetermauthorizedisusedintherequirementto
makeclearthatindividualsstoring,losing,orinappropriatelysharingapasswordisnota
violationofthisrequirement.
Requirement5.4addressesdefaultpasswords.Changingdefaultpasswordsclosesaneasily
exploitablevulnerabilityinmanysystemsandapplications.Pseudorandomlysystemgenerated
passwordsarenotconsidereddefaultpasswords.
Forpasswordbaseduserauthentication,usingstrongpasswordsandchangingthem
periodicallyhelpsmitigatetheriskofsuccessfulpasswordcrackingattacksandtheriskof
accidentalpassworddisclosuretounauthorizedindividuals.Intheserequirements,thedrafting
teamconsideredmultipleapproachestoensuringthisrequirementwasbotheffectiveand
flexibleenoughtoallowResponsibleEntitiestomakegoodsecuritydecisions.Oneofthe
approachesconsideredinvolvedrequiringminimumpasswordentropy,butthecalculationfor
Page39of42
trueinformationentropyismorehighlycomplexandmakesseveralassumptionsinthe
passwordsuserschoose.Userscanpickpoorpasswordswellbelowthecalculatedminimum
entropy.
Thedraftingteamalsochosetonotrequiretechnicalfeasibilityexceptionsfordevicesthat
cannotmeetthelengthandcomplexityrequirementsinpasswordparameters.Theobjective
ofthisrequirementistoapplyameasurablepasswordpolicytodeterpasswordcracking
attempts,andreplacingdevicestoachieveaspecifiedpasswordpolicydoesnotmeetthis
objective.Atthesametime,thisrequirementhasbeenstrengthenedtorequireaccount
lockoutoralertingforfailedloginattempts,whichinmanyinstancesbettermeetsthe
requirementobjective.
Therequirementtochangepasswordsexiststoaddresspasswordcrackingattemptsifan
encryptedpasswordweresomehowattainedandalsotorefreshpasswordswhichmayhave
beenaccidentallydisclosedovertime.Therequirementpermitstheentitytospecifythe
periodicityofchangetoaccomplishthisobjective.Specifically,thedraftingteamfelt
determiningtheappropriateperiodicitybasedonanumberoffactorsismoreeffectivethan
specifyingtheperiodforeveryBESCyberSystemintheStandard.Ingeneral,passwordsfor
userauthenticationshouldbechangedatleastannually.Theperiodicitymayincreaseinsome
cases.Forexample,applicationpasswordsthatarelongandpseudorandomlygeneratedcould
haveaverylongperiodicity.Also,passwordsusedonlyasaweakformofapplication
authentication,suchasaccessingtheconfigurationofarelaymayonlyneedtobechangedas
partofregularlyscheduledmaintenance.
TheCyberAssetshouldautomaticallyenforcethepasswordpolicyforindividualuseraccounts.
However,forsharedaccountsinwhichnomechanismexiststoenforcepasswordpolicies,the
ResponsibleEntitycanenforcethepasswordpolicyprocedurallyandthroughinternal
assessmentandaudit.
RequirementPart5.7assistsinpreventingonlinepasswordattacksbylimitingthenumberof
guessesanattackercanmake.Thisrequirementallowseitherlimitingthenumberoffailed
authenticationattemptsoralertingafteradefinednumberoffailedauthenticationattempts.
Entitiesshouldtakecautioninchoosingtolimitthenumberoffailedauthenticationattempts
forallaccountsbecausethiswouldallowthepossibilityforadenialofserviceattackontheBES
CyberSystem.
SummaryofChanges(FromR5):
CIP0074,RequirementR5.3requirestheuseofpasswordsandspecifiesaspecificpolicyofsix
charactersormorewithacombinationofalphanumericandspecialcharacters.Thelevelof
detailintheserequirementscanrestrictmoreeffectivesecuritymeasures.Forexample,many
haveinterpretedthepasswordfortokensorbiometricsmustsatisfythispolicyandinsome
casespreventstheuseofthisstrongerauthentication.Also,longerpasswordsmaypreclude
theuseofstrictcomplexityrequirements.Thepasswordrequirementshavebeenchangedto
allowtheentitytospecifythemosteffectivepasswordparametersbasedontheimpactofthe
BESCyberSystem,thewaypasswordsareused,andthesignificanceofpasswordsinrestricting
accesstothesystem.TheSDTbelievesthesechangesstrengthentheauthentication
Page40of42
mechanismbyrequiringentitiestolookatthemosteffectiveuseofpasswordsintheir
environment.Otherwise,prescribingastrictpasswordpolicyhasthepotentialtolimitthe
effectivenessofsecuritymechanismsandprecludebettermechanismsinthefuture.
Therequirementtoenforceauthenticationforalluseraccessisincludedhere.Therequirement
toestablish,implement,anddocumentcontrolsisincludedinthisintroductoryrequirement.
Therequirementtohavetechnicalandproceduralcontrolswasremovedbecausetechnical
controlssufficewhenproceduraldocumentationisalreadyrequired.Thephrasethatminimize
theriskofunauthorizedaccesswasremovedandmoreappropriatelycapturedintherationale
statement.
Referencetopriorversion:(Part5.2)CIP0074,R5.2andR5.2.1
CIP0074requiresentitiestominimizeandmanagethescopeandacceptableuseofaccount
privileges.Therequirementtominimizeaccountprivilegeshasbeenremovedbecausethe
implementationofsuchapolicyisdifficulttomeasureatbest.
Nosignificantchanges.Addedauthorizedaccesstomakeclearthatindividualsstoring,losing
orinappropriatelysharingapasswordisnotaviolationofthisrequirement.
Therequirementfortheremoval,disablingorrenamingofsuchaccountswherepossiblehas
beenremovedandincorporatedintoguidanceforacceptableuseofaccounttypes.Thiswas
removedbecausethoseactionsarenotappropriateonallaccounttypes.Addedtheoptionof
havinguniquedefaultpasswordstopermitcaseswhereasystemmayhavegeneratedadefault
passwordorahardcodeduniquelygenerateddefaultpasswordwasmanufacturedwiththeBES
CyberSystem.
CIP0074,RequirementR5.3requirestheuseofpasswordsandspecifiesaspecificpolicyofsix
charactersormorewithacombinationofalphanumericandspecialcharacters.Thelevelof
detailintheserequirementscanrestrictmoreeffectivesecuritymeasures.Thepassword
requirementshavebeenchangedtopermitthemaximumallowedbythedeviceincaseswhere
thepasswordparameterscouldotherwisenotachieveastricterpolicy.Thischangestill
achievestherequirementobjectivetominimizetheriskofunauthorizeddisclosureofpassword
Page41of42
credentialswhilerecognizingpasswordparametersalonedonotachievethis.Thedrafting
teamfeltallowingtheResponsibleEntitytheflexibilityofapplyingthestrictestpasswordpolicy
allowedbyadeviceoutweighedtheneedtotrackarelativelyminimallyeffectivecontrol
throughtheTFEprocess.
*ThiswasoriginallyRequirementR5.5.3,butmovedtoaddexternalroutableconnectivityto
mediumimpactinresponsetocomments.Thisrequirementislimitedinscopebecausetherisk
toperforminganonlinepasswordattackislessenedbyitslackofexternalroutableconnectivity.
Frequentlychangingpasswordsatfieldassetscanentailsignificanteffortwithminimalrisk
reduction.
Referencetopriorversion:(Part5.7)NewRequirement
Minimizingthenumberofunsuccessfulloginattemptssignificantlyreducestheriskoflive
passwordcrackingattempts.Thisisamoreeffectivecontrolinlivepasswordattacksthan
passwordparameters.
Version History

1 1/16/06
controlcenter.
3/24/06
judgment.
responsibleentity.
Trustees.
Page42of42
Update
Trustees.
Update
Trustees.
Modifiedto
coordinatewith
otherCIP
standardsandto
reviseformatto
useRBS
Template.

Standard CIP0083 Cyber Security Incident Reporting and Response Planning
Approved by Board of Trustees: December 16, 2009 1
A. Introduction
1. Title: Cyber Security Incident Reporting and Response Planning
3. Purpose: Standard CIP-008-3 ensures the identification, classification, response, and
reporting of Cyber Security Incidents related to Critical Cyber Assets. Standard CIP-008-23
should be read as part of a group of standards numbered Standards CIP-002-3 through CIP-
009-3.
4. Applicability
4.1.10 NERC.
not required).
B. Requirements
R1. Cyber Security Incident Response Plan The Responsible Entity shall develop and maintain a
Cyber Security Incident response plan and implement the plan in response to Cyber Security
Incidents. The Cyber Security Incident response plan shall address, at a minimum, the
following:
R1.1. Procedures to characterize and classify events as reportable Cyber Security Incidents.
R1.2. Response actions, including roles and responsibilities of Cyber Security Incident
response teams, Cyber Security Incident handling procedures, and communication
plans.
R1.3. Process for reporting Cyber Security Incidents to the Electricity Sector Information
Sharing and Analysis Center (ES-ISAC). The Responsible Entity must ensure that all
reportable Cyber Security Incidents are reported to the ES-ISAC either directly or
through an intermediary.
R1.4. Process for updating the Cyber Security Incident response plan within thirty calendar
days of any changes.
R1.5. Process for ensuring that the Cyber Security Incident response plan is reviewed at
least annually.
R1.6. Process for ensuring the Cyber Security Incident response plan is tested at least
annually. A test of the Cyber Security Incident response plan can range from a paper
drill, to a full operational exercise, to the response to an actual incident.
R2. Cyber Security Incident Documentation The Responsible Entity shall keep relevant
documentation related to Cyber Security Incidents reportable per Requirement R1.1 for three
calendar years.
C. Measures
M1. The Responsible Entity shall make available its Cyber Security Incident response plan as
indicated in Requirement R1 and documentation of the review, updating, and testing of the
plan.
M2. The Responsible Entity shall make available all documentation as specified in Requirement
R2.
D. Compliance
Not applicable.
Compliance Audits
Self-Certifications
Spot Checking
Self-Reporting
Complaints
1.4. Data Retention
1.4.1 The Responsible Entity shall keep documentation other than that required for
reportable Cyber Security Incidents as specified in Standard CIP-008-3 for the
investigation.
1.5.1 The Responsible Entity may not take exception in its cyber security policies to
the creation of a Cyber Security Incident response plan.
1.5.2 The Responsible Entity may not take exception in its cyber security policies to
reporting Cyber Security Incidents to the ES ISAC.
None identified.
Version History
2 Modifications to clarify the requirements
standards.
responsible entity.

3 Updated Version number from -2 to -3
In Requirement 1.6, deleted the sentence
pertaining to removing component or
system from service in order to perform
testing, in response to FERC order issued
September 30, 2009.


Standard CIP0084 Cyber Security Incident Reporting and Res pons e Planning
1
A. Introduction
1. Title: Cyber Security Incident Reporting and Response Planning
3. Purpose: Standard CIP-008-4 ensures the identification, classification, response, and
reporting of Cyber Security Incidents related to Critical Cyber Assets. Standard CIP-008-4
should be read as part of a group of standards numbered Standards CIP-002-4 through CIP-
009-4.
4. Applicability
4.1.10 NERC.
B. Requirements
R1. Cyber Security Incident Response Plan The Responsible Entity shall develop and maintain a
Cyber Security Incident response plan and implement the plan in response to Cyber Security
Incidents. The Cyber Security Incident response plan shall address, at a minimum, the
following:
R1.1. Procedures to characterize and classify events as reportable Cyber Security Incidents.
2
R1.2. Response actions, including roles and responsibilities of Cyber Security Incident
response teams, Cyber Security Incident handling procedures, and communication
plans.
R1.3. Process for reporting Cyber Security Incidents to the Electricity Sector Information
Sharing and Analysis Center (ES-ISAC). The Responsible Entity must ensure that all
reportable Cyber Security Incidents are reported to the ES-ISAC either directly or
through an intermediary.
R1.4. Process for updating the Cyber Security Incident response plan within thirty calendar
days of any changes.
R1.5. Process for ensuring that the Cyber Security Incident response plan is reviewed at
least annually.
R1.6. Process for ensuring the Cyber Security Incident response plan is tested at least
annually. A test of the Cyber Security Incident response plan can range from a paper
drill, to a full operational exercise, to the response to an actual incident.
R2. Cyber Security Incident Documentation The Responsible Entity shall keep relevant
documentation related to Cyber Security Incidents reportable per Requirement R1.1 for three
calendar years.
C. Measures
M1. The Responsible Entity shall make available its Cyber Security Incident response plan as
indicated in Requirement R1 and documentation of the review, updating, and testing of the
plan.
M2. The Responsible Entity shall make available all documentation as specified in Requirement
R2.

3
D. Compliance
1.2.3 For Responsible Entities that are also Regional Entities, the ERO or a Regional Entity approved by the ERO and FERC or other
applicable governmental authorities shall serve as the Compliance Enforcement Authority.
Authority.
Compliance Audits
Self-Certifications
Spot Checking
Self-Reporting
Complaints
1.4. Data Retention
1.4.1 The Responsible Entity shall keep documentation other than that required for reportable Cyber Security Incidents as specified in
Standard CIP-008-4 for the previous full calendar year unless directed by its Compliance Enforcement Authority to retain specific
evidence for a longer period of time as part of an investigation.
1.4.2 The Compliance Enforcement Authority in conjunction with the Registered Entity shall keep the last audit records and all requested
and submitted subsequent audit records.
1.5.1 The Responsible Entity may not take exception in its cyber security policies to the creation of a Cyber Security Incident response
plan.
4
1.5.2 The Responsible Entity may not take exception in its cyber security policies to reporting Cyber Security Incidents to the ES ISAC.
R1. LOWER N/A
The Responsible Entity has
developed but not maintained a
Cyber Security Incident
response plan.
The Responsible Entity has developed a Cyber Security
Incident response plan but the plan does not address one or
more of the subrequirements R1.1 through
R1.6.
The Responsible Entity has not developed a Cyber Security
Incident response plan or has not implemented the plan in
response to a Cyber Security Incident.
R2 LOWER The Responsible Entity
has kept relevant
documentation related to
Cyber Security Incidents
reportable per
Requirement R1.1 for
two but less than three
calendar years.
The Responsible Entity has kept
relevant documentation related
to Cyber Security Incidents
reportable per Requirement R1.1
for less than two calendar years.
The Responsible Entity has kept relevant documentation
related to Cyber Security Incidents reportable per
Requirement R1.1 for less than one calendar year.
The Responsible Entity has not kept relevant documentation
related to Cyber Security Incidents reportable per Requirement
R1.1.
5
None identified.
Version History
standards.
responsible entity.

3 Updated Version number from -2 to -3
In Requirement 1.6, deleted the sentence
pertaining to removing component or
system from service in order to perform
testing, in response to FERC order issued
September 30, 2009.

4 Board approved
01/24/2011
(Project 2008-06)

D.2.

CIP0085CyberSecurityIncidentReportingandResponsePlanning
Page1of24
A. I ntroduction
1. Title: CyberSecurityIncidentReportingandResponsePlanning
2. Number: CIP0085
3. Purpose: TomitigatetherisktothereliableoperationoftheBESastheresultofa
CyberSecurityIncidentbyspecifyingincidentresponserequirements.
4. Applicability:
(UVLS)systemthat:
of300MWormore.
unit(s)tobestarted.
Page2of24
oftheBES:
of300MWormore.
unit(s)tobestarted.
AllBESFacilities.
Commission.
Section73.54.
Page3of24
5.EffectiveDates:
6.Background:
andCIP0111requireaminimumleveloforganizational,operational,andprocedural
processes,buttheymustaddresstheapplicablerequirementsinthetable.
Page4of24
CyberSystems.
processes.
processes.

Page5of24

R1. EachResponsibleEntityshalldocumentoneormoreCyberSecurityIncidentresponseplan(s)thatcollectivelyincludeeach
oftheapplicablerequirementpartsinCIP0085TableR1CyberSecurityIncidentResponsePlanSpecifications.[Violation
RiskFactor:Lower][TimeHorizon:LongTermPlanning].
M1. Evidencemustincludeeachofthedocumentedplan(s)thatcollectivelyincludeeachoftheapplicablerequirementpartsin
CIP0085TableR1CyberSecurityIncidentResponsePlanSpecifications.

CIP0085TableR1CyberSecurityIncidentResponsePlanSpecifications
Oneormoreprocessestoidentify,
classify,andrespondtoCyber
SecurityIncidents.
documentationofCyberSecurity
Incidentresponseplan(s)thatinclude
theprocesstoidentify,classify,and
respondtoCyberSecurityIncidents.
Oneormoreprocessestodetermine
ifanidentifiedCyberSecurityIncident
isaReportableCyberSecurity
IncidentandnotifytheElectricity
SectorInformationSharingand
AnalysisCenter(ESISAC),unless
prohibitedbylaw.Initialnotification
totheESISAC,whichmaybeonlya
preliminarynotice,shallnotexceed
onehourfromthedeterminationofa
ReportableCyberSecurityIncident.
butarenotlimitedto,dated
documentationofCyberSecurity
Incidentresponseplan(s)thatprovide
guidanceorthresholdsfor
determiningwhichCyberSecurity
IncidentsarealsoReportableCyber
SecurityIncidentsanddocumentation
ofinitialnoticestotheElectricity
SectorInformationSharingand
AnalysisCenter(ESISAC).
Page6of24
CIP0085TableR1CyberSecurityIncidentResponsePlanSpecifications
TherolesandresponsibilitiesofCyber
SecurityIncidentresponsegroupsor
individuals.
butisnotlimitedto,datedCyber
SecurityIncidentresponseprocess(es)
orprocedure(s)thatdefinerolesand
responsibilities(e.g.,monitoring,
reporting,initiating,documenting,
etc.)ofCyberSecurityIncident
responsegroupsorindividuals.
Incidenthandlingproceduresfor
CyberSecurityIncidents.
butisnotlimitedto,datedCyber
SecurityIncidentresponseprocess(es)
orprocedure(s)thataddressincident
handling(e.g.,containment,
eradication,recovery/incident
resolution).

Page7of24

R2. EachResponsibleEntityshallimplementeachofitsdocumentedCyberSecurityIncidentresponseplanstocollectively
includeeachoftheapplicablerequirementpartsinCIP0085TableR2CyberSecurityIncidentResponsePlan
ImplementationandTesting.[ViolationRiskFactor:Lower][TimeHorizon:OperationsPlanningandRealTime
Operations].
M2. Evidencemustinclude,butisnotlimitedto,documentationthatcollectivelydemonstratesimplementationofeachof
theapplicablerequirementpartsinCIP0085TableR2CyberSecurityIncidentResponsePlanImplementationand
Testing.

CIP0085TableR2CyberSecurityIncidentResponsePlanImplementationandTesting
TesteachCyberSecurityIncident
responseplan(s)atleastonceevery
15calendarmonths:
Byrespondingtoanactual
ReportableCyberSecurity
Incident;
Withapaperdrillortabletop
exerciseofaReportableCyber
SecurityIncident;or
Withanoperationalexerciseofa
ReportableCyberSecurity
Incident.
butarenotlimitedto,datedevidence
ofalessonslearnedreportthat
includesasummaryofthetestora
compilationofnotes,logs,and
communicationresultingfromthe
test.Typesofexercisesmayinclude
discussionoroperationsbased
exercises.
Page8of24
CIP0085TableR2CyberSecurityIncidentResponsePlanImplementationandTesting
UsetheCyberSecurityIncident
responseplan(s)underRequirement
R1whenrespondingtoaReportable
CyberSecurityIncidentorperforming
anexerciseofaReportableCyber
SecurityIncident.Document
deviationsfromtheplan(s)taken
duringtheresponsetotheincidentor
exercise.
butarenotlimitedto,incident
reports,logs,andnotesthatwere
keptduringtheincidentresponse
process,andfollowup
documentationthatdescribes
deviationstakenfromtheplanduring
theincidentorexercise.
RetainrecordsrelatedtoReportable
documentation,suchassecuritylogs,
policereports,emails,responseforms
orchecklists,forensicanalysisresults,
restorationrecords,andpostincident
reviewnotesrelatedtoReportable

Page9of24
R3. EachResponsibleEntityshallmaintaineachofitsCyberSecurityIncidentresponseplansaccordingtoeachofthe
applicablerequirementpartsinCIP0085TableR3CyberSecurityIncidentResponsePlanReview,Update,and
Communication.[ViolationRiskFactor:Lower][TimeHorizon:OperationsAssessment].
M3. Evidencemustinclude,butisnotlimitedto,documentationthatcollectivelydemonstratesmaintenanceofeachCyber
SecurityIncidentresponseplanaccordingtotheapplicablerequirementpartsinCIP0085TableR3CyberSecurity
Incident.

Page10of24
CIP0085TableR3CyberSecurityIncidentResponsePlan
Review,Update,andCommunication
Nolaterthan90calendardaysafter
completionofaCyberSecurityIncident
responseplan(s)testoractual
ReportableCyberSecurityIncident
response:
3.1.1. Documentanylessonslearned
ordocumenttheabsenceof
anylessonslearned;
3.1.2. UpdatetheCyberSecurity
Incidentresponseplanbased
onanydocumentedlessons
learnedassociatedwiththe
plan;and
3.1.3. Notifyeachpersonorgroup
withadefinedroleintheCyber
SecurityIncidentresponseplan
oftheupdatestotheCyber
basedonanydocumented
lessonslearned.
butisnotlimitedto,allofthe
following:
1. Dateddocumentationofpost
incident(s)reviewmeetingnotes
orfollowupreportshowing
lessonslearnedassociatedwith
theCyberSecurityIncident
responseplan(s)testoractual
ReportableCyberSecurityIncident
responseordateddocumentation
statingtherewerenolessons
learned;
2. DatedandrevisedCyberSecurity
Incidentresponseplanshowing
anychangesbasedonthelessons
learned;and
3. Evidenceofplanupdate
distributionincluding,butnot
limitedto:
Emails;
USPSorothermailservice;
Electronicdistributionsystem;
or
Trainingsigninsheets.
Page11of24
CIP0085TableR3CyberSecurityIncidentResponsePlan
Review,Update,andCommunication
Nolaterthan60calendardaysaftera
changetotherolesorresponsibilities,
CyberSecurityIncidentresponse
groupsorindividuals,ortechnology
wouldimpacttheabilitytoexecutethe
plan:
3.2.1. UpdatetheCyberSecurity
Incidentresponseplan(s);and
withadefinedroleintheCyber
oftheupdates.

butisnotlimitedto:
1. DatedandrevisedCyber
withchangestotherolesor
responsibilities,respondersor
technology;and
limitedto:
Emails;
Electronicdistribution
system;or
Page12of24
C. Compliance
applicableentityisowned,operated,orcontrolledbytheRegionalEntity.InsuchcasestheERO
oraRegionalEntityapprovedbyFERCorotherapplicablegovernmentalauthorityshallserveas
theCEA.
thelastaudit.
investigation:
calendaryears.
whicheverislonger.
records.
ComplianceAudit
SelfCertification
SpotChecking
SelfReporting
Complaint
None

Page13of24
R# Time
Horizon
R1 LongTerm
Planning
Lower
N/A N/A TheResponsibleEntity

hasdevelopedthe
CyberSecurity
Incidentresponse
plan(s),buttheplan
doesnotincludethe
rolesand
responsibilitiesof
CyberSecurity
Incidentresponse
groupsorindividuals.
(1.3)
OR
hasdevelopedthe
CyberSecurity
Incidentresponse
plan(s),buttheplan
doesnotinclude
incidenthandling
proceduresforCyber
SecurityIncidents.
(1.4)
hasnotdevelopeda
CyberSecurity
Incidentresponseplan
withoneormore
processestoidentify,
classify,andrespond
toCyberSecurity
Incidents.(1.1)
OR
hasdevelopedaCyber
SecurityIncident
responseplan,butthe
plandoesnotinclude
oneormore
processestoidentify
ReportableCyber
SecurityIncidents.
(1.2)
OR
hasdevelopedaCyber
SecurityIncident
responseplan,butdid
Page14of24
R# Time
Horizon
notprovideatleast
preliminary
notificationtoESISAC
withinonehourfrom
identificationofa
ReportableCyber
SecurityIncident.(1.2)
R2 Operations
Planning
Realtime
Operations
Lower TheResponsibleEntity
hasnottestedthe
CyberSecurity
Incidentresponse
plan(s)within15
calendarmonths,not
exceeding16calendar
monthsbetweentests
oftheplan.(2.1)
hasnottestedthe
CyberSecurity
Incidentresponse
plan(s)within16
calendarmonths,not
exceeding17calendar
monthsbetweentests
oftheplan.(2.1)
hasnottestedthe
CyberSecurity
Incidentresponse
plan(s)within17
calendarmonths,not
exceeding18calendar
monthsbetweentests
oftheplan.(2.1)
OR
didnotdocument
deviations,ifany,
fromtheplanduringa
testorwhena
ReportableCyber
SecurityIncident
occurs.(2.2)
hasnottestedthe
CyberSecurity
Incidentresponse
plan(s)within19
calendarmonths
betweentestsofthe
plan.(2.1)
OR
didnotretainrelevant
recordsrelatedto
ReportableCyber
SecurityIncidents.
(2.3)
R3 Operations
Assessment
Lower
hasnotnotifiedeach
personorgroupwith
hasnotupdatedthe
hasneither
hasneither
Page15of24
R# Time
Horizon
adefinedroleinthe
CyberSecurity
Incidentresponse
planofupdatestothe
CyberSecurity
Incidentresponse
planwithingreater
than90butlessthan
120calendardaysofa
testoractualincident
responsetoa
ReportableCyber
SecurityIncident.
(3.1.3)
CyberSecurity
basedonany
documentedlessons
learnedwithin90and
lessthan120calendar
daysofatestoractual
incidentresponsetoa
ReportableCyber
SecurityIncident.
(3.1.2)
OR
hasnotnotifiedeach
personorgroupwitha
definedroleinthe
CyberSecurity
ofupdatestothe
CyberSecurity
within120calendar
daysofatestoractual
incidentresponsetoa
ReportableCyber
SecurityIncident.
(3.1.3)
OR
documentedlessons
learnednor
documentedthe
absenceofanylessons
learnedwithin90and
lessthan120calendar
daysofatestoractual
incidentresponsetoa
ReportableCyber
SecurityIncident.
(3.1.1)
OR
hasnotupdatedthe
CyberSecurity
basedonany
documentedlessons
learnedwithin120
calendardaysofatest
oractualincident
responsetoa
ReportableCyber
SecurityIncident.
(3.1.2)
OR
hasnotupdatedthe
documentedlessons
learnednor
documentedthe
absenceofany
lessonslearnedwithin
120calendardaysofa
testoractualincident
responsetoa
ReportableCyber
SecurityIncident.
(3.1.1)
Page16of24
R# Time
Horizon
hasnotupdatedthe
CyberSecurity
Incidentresponse
plan(s)ornotified
eachpersonorgroup
withadefinedrole
within60andless
than90calendardays
ofanyofthefollowing
changesthatthe
responsibleentity
determineswould
impacttheabilityto
executetheplan:(3.2)
Rolesor
responsibilities,or
CyberSecurity
Incidentresponse
groupsorindividuals,
or
Technology
changes.
CyberSecurity
Incidentresponse
plan(s)ornotified
eachpersonorgroup
withadefinedrole
within90calendar
daysofanyofthe
followingchangesthat
theresponsibleentity
determineswould
impacttheabilityto
executetheplan:(3.2)
Rolesor
responsibilities,or
CyberSecurity
Incidentresponse
groupsorindividuals,
or
Technology
changes.
Page17of24
None.
E. Interpretations
None.
None.
Page18of24
standards.
RequirementR1:
Thefollowingguidelinesareavailabletoassistinaddressingtherequiredcomponentsofa
CyberSecurityIncidentresponseplan:
DepartmentofHomelandSecurity,ControlSystemsSecurityProgram,Developingan
IndustrialControlSystemsCyberSecurityIncidentResponseCapability,2009,onlineat
http://www.uscert.gov/control_systems/practices/documents/final
RP_ics_cybersecurity_incident_response_100609.pdf
NationalInstituteofStandardsandTechnology,ComputerSecurityIncidentHandling
Guide,SpecialPublication80061revision1,March2008,onlineat
http://csrc.nist.gov/publications/nistpubs/80061rev1/SP80061rev1.pdf
ForPart1.2,aReportableCyberSecurityIncidentisaCyberSecurityIncidentthathas
compromisedordisruptedoneormorereliabilitytasksofafunctionalentity.Itishelpfulto
distinguishReportableCyberSecurityIncidentsasoneresultinginanecessaryresponseaction.
Aresponseactioncanfallintooneoftwocategories:Necessaryorelective.Thedistinguishing
characteristiciswhetherornotactionwastakeninresponsetoanevent.Precautionary
measuresthatarenotinresponsetoanypersistentdamageoreffectsmaybedesignatedas
elective.Allotherresponseactionstoavoidanypersistentdamageoradverseeffects,which
includetheactivationofredundantsystems,shouldbedesignatedasnecessary.
Page19of24
ThereportingobligationsforReportableCyberSecurityIncidentsrequireatleastapreliminary
noticetotheESISACwithinonehourafterdeterminingthataCyberSecurityIncidentis
reportable(notwithinonehouroftheCyberSecurityIncident,animportantdistinction).This
additionisinresponsetothedirectiveaddressingthisissueinFERCOrderNo.706,paragraphs
673and676,toreportwithinonehour(atleastpreliminarily).Thisstandarddoesnotrequire
acompletereportwithinanhourofdeterminingthataCyberSecurityIncidentisreportable,
butatleastpreliminarynotice,whichmaybeaphonecall,anemail,orsendingaWebbased
notice.Thestandarddoesnotrequireaspecifictimeframeforcompletingthefullreport.
RequirementR2:
RequirementR2ensuresentitiesperiodicallytesttheCyberSecurityIncidentresponseplan.
ThisincludestherequirementinPart2.2toensuretheplanisactuallyusedwhentesting.The
testingrequirementsarespecificallyforReportableCyberSecurityIncidents.
EntitiesmayuseanactualresponsetoaReportableCyberSecurityIncidentasasubstitutefor
exercisingtheplanannually.Otherwise,entitiesmustexercisetheplanwithapaperdrill,
tabletopexercise,orfulloperationalexercise.Formorespecifictypesofexercises,refertothe
FEMAHomelandSecurityExerciseandEvaluationProgram(HSEEP).Itliststhefollowingfour
typesofdiscussionbasedexercises:seminar,workshop,tabletop,andgames.Inparticular,it
definesthat,Atabletopexerciseinvolveskeypersonneldiscussingsimulatedscenariosinan
informalsetting.Tabletopexercises(TTX)canbeusedtoassessplans,policies,and
procedures.
TheHSEEPliststhefollowingthreetypesofoperationsbasedexercises:Drill,functional
exercise,andfullscaleexercise.Itdefinesthat,[A]fullscaleexerciseisamultiagency,multi
jurisdictional,multidisciplineexerciseinvolvingfunctional(e.g.,jointfieldoffice,Emergency
operationcenters,etc.)andbootsonthegroundresponse(e.g.,firefightersdecontaminating
mockvictims).
Inadditiontotherequirementstoimplementtheresponseplan,Part2.3specifiesentitiesmust
retainrelevantrecordsforReportableCyberSecurityIncidents.Thereareseveralexamplesof
specifictypesofevidencelistedinthemeasure.Entitiesshouldrefertotheirhandling
procedurestodeterminethetypesofevidencetoretainandhowtotransportandstorethe
evidence.Forfurtherinformationinretainingincidentrecords,refertotheNISTGuideto
IntegratingForensicTechniquesintoIncidentResponse(SP80086).TheNISTguidelineincludes
asection(Section3.1.2)onacquiringdatawhenperformingforensics.
RequirementR3:
ThisrequirementensuresentitiesmaintainCyberSecurityIncidentresponseplans.Thereare
tworequirementpartsthattriggerplanupdates:(1)lessonslearnedfromPart3.1and(2)
organizationalortechnologychangesfromPart3.2.
ThedocumentationoflessonslearnedfromPart3.1isassociatedwitheachReportableCyber
SecurityIncidentandinvolvestheactivitiesasillustratedinFigure1,below.Thedeadlineto
documentlessonslearnedstartsafterthecompletionoftheincidentinrecognitionthat
complexincidentsoncomplexsystemscantakeafewdaysorweekstocompleteresponse
Page20of24
activities.Theprocessofconductinglessonslearnedcaninvolvetheresponseteamdiscussing
theincidenttodeterminegapsorareasofimprovementwithintheplan.Anydocumented
deviationsfromtheplanfromPart2.2canserveasinputtothelessonslearned.Itispossible
tohaveaReportableCyberSecurityIncidentwithoutanydocumentedlessonslearned.Insuch
cases,theentitymustretaindocumentationoftheabsenceofanylessonslearnedassociated
withtheReportableCyberSecurityIncident.

Figure 1: CIP-008-5 R3 Timeline for Reportable Cyber Security Incidents
Theactivitiesnecessarytocompletethelessonslearnedincludeupdatingtheplanand
distributingthoseupdates.Entitiesshouldconsidermeetingwithalloftheindividualsinvolved
intheincidentanddocumentingthelessonslearnedassoonaftertheincidentaspossible.This
allowsmoretimeformakingeffectiveupdatestotheplan,obtaininganynecessaryapprovals,
anddistributingthoseupdatestotheincidentresponseteam.
TheplanchangerequirementinPart3.2isassociatedwithorganizationandtechnology
changesreferencedintheplanandinvolvestheactivitiesillustratedinFigure2,below.
Organizationalchangesincludechangestotherolesandresponsibilitiespeoplehaveintheplan
orchangestotheresponsegroupsorindividuals.Thismayincludechangestothenamesor
contactinformationlistedintheplan.Technologychangesaffectingtheplanmayinclude
referencedinformationsources,communicationsystemsorticketingsystems.

Figure 2: Timeline for Plan Changes in 3.2
Page21of24
Rationale:
RationaleforR1:
TheimplementationofaneffectiveCyberSecurityIncidentresponseplanmitigatestheriskto
thereliableoperationoftheBEScausedastheresultofaCyberSecurityIncidentandprovides
feedbacktoResponsibleEntitiesforimprovingthesecuritycontrolsapplyingtoBESCyber
Systems.Preventativeactivitiescanlowerthenumberofincidents,butnotallincidentscanbe
prevented.Apreplannedincidentresponsecapabilityisthereforenecessaryforrapidly
detectingincidents,minimizinglossanddestruction,mitigatingtheweaknessesthatwere
exploited,andrestoringcomputingservices.Anenterpriseorsingleincidentresponseplanfor
allBESCyberSystemsmaybeusedtomeettheRequirement.Anorganizationmayhavea
commonplanformultipleregisteredentitiesitowns.
SummaryofChanges:Wordingchangeshavebeenincorporatedbasedprimarilyonindustry
feedbacktomorespecificallydescriberequiredactions.
ChangeDescriptionandJustification:(Part1.1)
Characterizehasbeenchangedtoidentifyforclarity.Responseactionshasbeenchanged
torespondtoforclarity.
AddressesthereportingrequirementsfrompreviousversionsofCIP008.Thisrequirementpart
onlyobligatesentitiestohaveaprocessfordeterminingReportableCyberSecurityIncidents.
AlsoaddressesthedirectiveinFERCOrderNo.706,paragraphs673and676toreportwithin
onehour(atleastpreliminarily).
Replacedincidentresponseteamswithincidentresponsegroupsorindividualstoavoidthe
interpretationthatrolesandresponsibilitiessectionsmustreferencespecificteams.
ConformingchangetoreferencenewdefinedtermCyberSecurityIncidents.

Page22of24
RationaleforR2:
TheimplementationofaneffectiveCyberSecurityIncidentresponseplanmitigatestheriskto
thereliableoperationoftheBEScausedastheresultofaCyberSecurityIncidentandprovides
feedbacktoResponsibleEntitiesforimprovingthesecuritycontrolsapplyingtoBESCyber
Systems.Thisrequirementensuresimplementationoftheresponseplans.RequirementPart
2.3ensurestheretentionofincidentdocumentationforposteventanalysis.
ThisrequirementobligatesentitiestofollowtheCyberSecurityIncidentresponseplanwhenan
incidentoccursorwhentesting,butdoesnotrestrictentitiesfromtakingneededdeviations
fromtheplan.Itensurestheplanrepresentstheactualresponseanddoesnotexistfor
documentationonly.Ifaplaniswrittenatahighenoughlevel,theneveryactionduringthe
responseshouldnotbesubjecttoscrutiny.Theplanwilllikelyallowfortheappropriate
varianceintacticaldecisionsmadebyincidentresponders.Deviationsfromtheplancanbe
documentedduringtheincidentresponseorafterwardaspartofthereview.
SummaryofChanges:AddedtestingrequirementstoverifytheResponsibleEntitysresponse
planseffectivenessandconsistentapplicationinrespondingtoaCyberSecurityIncident(s)
impactingaBESCyberSystem.
Minorwordingchanges;essentiallyunchanged.
Allowsdeviationfromplan(s)duringactualeventsortestingifdeviationsarerecordedfor
review.
RemovedreferencestotheretentionperiodbecausetheStandardaddressesdataretentionin
theComplianceSection.

RationaleforR3:
Conductsufficientreviews,updatesandcommunicationstoverifytheResponsibleEntitys
responseplanseffectivenessandconsistentapplicationinrespondingtoaCyberSecurity
Incident(s)impactingaBESCyberSystem.Aseparateplanisnotrequiredforthoserequirement
partsofthetableapplicabletoHighorMediumImpactBESCyberSystems.Ifanentityhasa
singleCyberSecurityIncidentresponseplanandHighorMediumImpactBESCyberSystems,
thentheadditionalrequirementswouldapplytothesingleplan.
SummaryofChanges:ChangeshereaddresstheFERCOrder706,Paragraph686,which
includesadirectivetoperformafteractionreviewfortestsoractualincidentsandupdatethe
Page23of24
planbasedonlessonslearned.Additionalchangesincludespecificationofwhatitmeansto
reviewtheplanandspecificationofchangesthatwouldrequireanupdatetotheplan.
AddressesFERCOrder706,Paragraph686todocumenttestoractualincidentsandlessons
learned.
Specifiestheactivitiesrequiredtomaintaintheplan.Thepreviousversionrequiredentitiesto
updatetheplaninresponsetoanychanges.Themodificationsmakeclearthechangesthat
wouldrequireanupdate.
Version History

1 1/16/06
controlcenter.
3/24/06
judgment.
ResponsibleEntity.
3 Updatedversionnumberfrom2to3
InRequirement1.6,deletedthe
sentencepertainingtoremoving
componentorsystemfromservicein
ordertoperformtesting,inresponseto
FERCorderissuedSeptember30,2009.
Trustees.
Update
Page24of24
Update
Trustees.
Update
Trustees.
Modifiedto
coordinatewith
otherCIP
standardsandto
reviseformatto
useRBS
Template.

Standard CIP0093 Cyber Security Recovery Plans for Critical Cyber Assets
A. Introduction
1. Title: Cyber Security Recovery Plans for Critical Cyber Assets
3. Purpose: Standard CIP-009-3 ensures that recovery plan(s) are put in place for Critical
Cyber Assets and that these plans follow established business continuity and disaster recovery
techniques and practices. Standard CIP-009-3 should be read as part of a group of standards
numbered Standards CIP-002-3 through CIP-009-3.
4. Applicability:
4.1.10 NERC
not required).
B. Requirements
R1. Recovery Plans The Responsible Entity shall create and annually review recovery plan(s)
for Critical Cyber Assets. The recovery plan(s) shall address at a minimum the following:
R1.1. Specify the required actions in response to events or conditions of varying duration
and severity that would activate the recovery plan(s).
R1.2. Define the roles and responsibilities of responders.
R2. Exercises The recovery plan(s) shall be exercised at least annually. An exercise of the
recovery plan(s) can range from a paper drill, to a full operational exercise, to recovery from an
actual incident.
R3. Change Control Recovery plan(s) shall be updated to reflect any changes or lessons learned
as a result of an exercise or the recovery from an actual incident. Updates shall be
communicated to personnel responsible for the activation and implementation of the recovery
plan(s) within thirty calendar days of the change being completed.
R4. Backup and Restore The recovery plan(s) shall include processes and procedures for the
backup and storage of information required to successfully restore Critical Cyber Assets. For
example, backups may include spare electronic components or equipment, written
documentation of configuration settings, tape backup, etc.
R5. Testing Backup Media Information essential to recovery that is stored on backup media shall
be tested at least annually to ensure that the information is available. Testing can be completed
off site.
C. Measures
M1. The Responsible Entity shall make available its recovery plan(s) as specified in Requirement
R1.
M2. The Responsible Entity shall make available its records documenting required exercises as
M3. The Responsible Entity shall make available its documentation of changes to the recovery
plan(s), and documentation of all communications, as specified in Requirement R3.
M4. The Responsible Entity shall make available its documentation regarding backup and storage
of information as specified in Requirement R4.
M5. The Responsible Entity shall make available its documentation of testing of backup media as
D. Compliance
1.1.2 ERO for Regional Entities.
Not applicable.
Compliance Audits
Self-Certifications
Spot Checking
Self-Reporting
Complaints
1.4. Data Retention
None identified.
Version History
standards.
responsible entity.
Communication of revisions to the recovery
plan changed from 90 days to 30 days.


Standard CIP0094 Cyber Security Recovery Plans for Critical Cyber As s ets
1
A. Introduction
1. Title: Cyber Security Recovery Plans for Critical Cyber Assets
3. Purpose: Standard CIP-009-4 ensures that recovery plan(s) are put in place for Critical
Cyber Assets and that these plans follow established business continuity and disaster recovery
techniques and practices. Standard CIP-009-4 should be read as part of a group of standards
numbered Standards CIP-002-4 through CIP-009-4.
4. Applicability:
4.1.10 NERC
B. Requirements
R1. Recovery Plans The Responsible Entity shall create and annually review recovery plan(s)
for Critical Cyber Assets. The recovery plan(s) shall address at a minimum the following:
R1.1. Specify the required actions in response to events or conditions of varying duration
and severity that would activate the recovery plan(s).
R1.2. Define the roles and responsibilities of responders.
2
R2. Exercises The recovery plan(s) shall be exercised at least annually. An exercise of the
recovery plan(s) can range from a paper drill, to a full operational exercise, to recovery from an
actual incident.
R3. Change Control Recovery plan(s) shall be updated to reflect any changes or lessons learned
as a result of an exercise or the recovery from an actual incident. Updates shall be
communicated to personnel responsible for the activation and implementation of the recovery
plan(s) within thirty calendar days of the change being completed.
R4. Backup and Restore The recovery plan(s) shall include processes and procedures for the
backup and storage of information required to successfully restore Critical Cyber Assets. For
example, backups may include spare electronic components or equipment, written
documentation of configuration settings, tape backup, etc.
R5. Testing Backup Media Information essential to recovery that is stored on backup media shall
be tested at least annually to ensure that the information is available. Testing can be completed
off site.
C. Measures
M1. The Responsible Entity shall make available its recovery plan(s) as specified in Requirement
R1.
M2. The Responsible Entity shall make available its records documenting required exercises as
M3. The Responsible Entity shall make available its documentation of changes to the recovery
plan(s), and documentation of all communications, as specified in Requirement R3.
M4. The Responsible Entity shall make available its documentation regarding backup and storage
of information as specified in Requirement R4.
M5. The Responsible Entity shall make available its documentation of testing of backup media as

3
D. Compliance
1.2.3 For Responsible Entities that are also Regional Entities, the ERO or a Regional Entity approved by the ERO and FERC or other applicable
governmental authorities shall serve as the Compliance Enforcement Authority.
Authority.
Compliance Audits
Self-Certifications
Spot Checking
Self-Reporting
Complaints
1.4. Data Retention
1.4.1 The Responsible Entity shall keep documentation required by Standard CIP-009-4 from the previous full calendar year unless directed by
its Compliance Enforcement Authority to retain specific evidence for a longer period of time as part of an investigation.

4

R1 MEDIUM N/A The Responsible Entity has not
annually reviewed recovery
plan(s) for Critical Cyber
Assets.
The Responsible Entity has created recovery plan(s) for
Critical Cyber Assets but did not address one of the
requirements CIP-009-4 R1.1 or R1.2.
The Responsible Entity has not created recovery plan(s) for
Critical Cyber Assets that address at a minimum both
requirements CIP-009-4 R1.1 and R1.2.
R2 LOWER N/A N/A N/A The Responsible Entity's recovery plan(s) have not been
exercised at least annually.
R3 LOWER
The Responsible Entity's
recovery plan(s) have
been updated to reflect
any changes or lessons
learned as a result of an
exercise or the recovery
from an actual incident
but the updates were
communicated to
personnel responsible for
the activation and
implementation of the
recovery plan(s) in more
than 30 but less than or
days of the change.
The Responsible Entity's
recovery plan(s) have been
updated to reflect any changes
or lessons learned as a result of
an exercise or the recovery from
an actual incident but the
updates were communicated to
personnel responsible for the
activation and implementation
of the recovery plan(s) in more
than 120 but less than or equal
to 150 calendar days of the
change.
The Responsible Entity's recovery plan(s) have been
updated to reflect any changes or lessons learned as a result
of an exercise or the recovery from an actual incident but the
updates were communicated to personnel responsible for the
activation and implementation of the recovery plan(s) in
more than 150 but less than or equal to 180 calendar days of
the change.
The Responsible Entity's recovery plan(s) have not been updated
to reflect any changes or lessons learned as a result of an
exercise or the recovery from an actual incident.

OR

The Responsible Entity's recovery plan(s) have been updated to
reflect any changes or lessons learned as a result of an exercise
or the recovery from an actual incident but the updates were
communicated to personnel responsible for the activation and
implementation of the recovery plan(s) in more than 180
calendar days of the change.
R4 LOWER N/A N/A N/A The Responsible Entity's recovery plan(s) do not include
processes and procedures for the backup and storage of
information required to successfully restore Critical Cyber
Assets.
R5 LOWER N/A N/A N/A The Responsible Entity's information essential to recovery that is
stored on backup media has not been tested at least annually to
ensure that the information is available.
5
None identified.

Version History
standards.
responsible entity.
Communication of revisions to the recovery
plan changed from 90 days to 30 days.

4 Board approved
01/24/2011
(Project 2008-06)

D.2.

CIP0095CyberSecurityRecoveryPlansforBESCyberSystems
Page1of28
A. I ntroduction
1. Title: CyberSecurityRecoveryPlansforBESCyberSystems
2. Number: CIP0095
3. Purpose: TorecoverreliabilityfunctionsperformedbyBESCyberSystemsby
specifyingrecoveryplanrequirementsinsupportofthecontinued
stability,operability,andreliabilityoftheBES.
4. Applicability:
(UVLS)systemthat:
of300MWormore.
unit(s)tobestarted.
Page2of28
oftheBES:
of300MWormore.
unit(s)tobestarted.
AllBESFacilities.
Commission.
Section73.54.
Page3of28
5.EffectiveDates:
6.Background:
Page4of28
CyberSystems.
Page5of28
highimpactaccordingtotheCIP0025identificationandcategorizationprocesses.
processes.
MediumImpactBESCyberSystemsatControlCentersOnlyappliestoBESCyber
SystemslocatedataControlCenterandcategorizedasmediumimpactaccording
totheCIP0025identificationandcategorizationprocesses.
impactBESCyberSystemormediumimpactBESCyberSystem.Examplesinclude,
butarenotlimitedtofirewalls,authenticationservers,andlogmonitoringand
alertingsystems.
impactBESCyberSystemwithExternalRoutableConnectivity.
Page6of28
R1. EachResponsibleEntityshallhaveoneormoredocumentedrecoveryplansthatcollectivelyincludeeachoftheapplicable
requirementpartsinCIP0095TableR1RecoveryPlanSpecifications.[ViolationRiskFactor:Medium][TimeHorizon:
LongTermPlanning].
M1. Evidencemustincludethedocumentedrecoveryplan(s)thatcollectivelyincludetheapplicablerequirementpartsinCIP
0095TableR1RecoveryPlanSpecifications.
CIP0095TableR1RecoveryPlanSpecifications
theirassociated:
1. EACMS;and
2. PACS
andtheirassociated:
1. EACMS;and
2. PACS
Conditionsforactivationofthe
recoveryplan(s).
butisnotlimitedto,oneormore
plansthatincludelanguageidentifying
conditionsforactivationofthe
recoveryplan(s).
theirassociated:
1. EACMS;and
2. PACS
andtheirassociated:
1. EACMS;and
2. PACS
Rolesandresponsibilitiesof
responders.
butisnotlimitedto,oneormore
recoveryplansthatincludelanguage
identifyingtherolesand
responsibilitiesofresponders.
Page7of28
theirassociated:
1. EACMS;and
2. PACS
andtheirassociated:
1. EACMS;and
2. PACS
Oneormoreprocessesforthebackup
andstorageofinformationrequired
torecoverBESCyberSystem
functionality.
ofspecificprocessesforthebackup
andstorageofinformationrequiredto
recoverBESCyberSystem
functionality.

Page8of28
theirassociated:
1. EACMS;and
2. PACS
1. EACMS;and
2. PACS
Oneormoreprocessestoverifythe
successfulcompletionofthebackup
processesinPart1.3andtoaddress
anybackupfailures.
butisnotlimitedto,logs,workflowor
otherdocumentationconfirmingthat
thebackupprocesscompleted
successfullyandbackupfailures,if
any,wereaddressed.
theirassociated:
1. EACMS;and
2. PACS
andtheirassociated:
1. EACMS;and
2. PACS
Oneormoreprocessestopreserve
data,perCyberAssetcapability,for
determiningthecauseofaCyber
SecurityIncidentthattriggers
activationoftherecoveryplan(s).
Datapreservationshouldnotimpede
orrestrictrecovery.
butisnotlimitedto,proceduresto
preservedata,suchaspreservinga
corrupteddriveormakingadata
mirrorofthesystembefore
proceedingwithrecovery.

Page9of28

R2. EachResponsibleEntityshallimplement,inamannerthatidentifies,assesses,andcorrectsdeficiencies,itsdocumented
recoveryplan(s)tocollectivelyincludeeachoftheapplicablerequirementpartsinCIP0095TableR2RecoveryPlan
ImplementationandTesting.[ViolationRiskFactor:Lower][TimeHorizon:OperationsPlanningandRealtimeOperations.]
M2. Evidencemustinclude,butisnotlimitedto,documentationthatcollectivelydemonstratesimplementationofeachofthe
applicablerequirementpartsinCIP0095TableR2RecoveryPlanImplementationandTesting.

CIP0095TableR2RecoveryPlanImplementationandTesting
theirassociated:
1. EACMS;and
2. PACS
1. EACMS;and
2. PACS
Testeachoftherecoveryplans
referencedinRequirementR1atleast
onceevery15calendarmonths:
Byrecoveringfromanactual
incident;
Withapaperdrillortabletop
exercise;or
Withanoperationalexercise.
butisnotlimitedto,datedevidenceof
atest(byrecoveringfromanactual
incident,withapaperdrillortabletop
exercise,orwithanoperational
exercise)oftherecoveryplanatleast
onceevery15calendarmonths.For
thepaperdrillorfulloperational
exercise,evidencemayinclude
meetingnotices,minutes,orother
recordsofexercisefindings.
Page10of28
CIP0095TableR2RecoveryPlanImplementationandTesting
theirassociated:
1. EACMS;and
2. PACS
1. EACMS;and
2. PACS
Testarepresentativesampleof
informationusedtorecoverBESCyber
Systemfunctionalityatleastonce
every15calendarmonthstoensure
thattheinformationisuseableandis
compatiblewithcurrent
configurations.

Anactualrecoverythatincorporates
theinformationusedtorecoverBES
CyberSystemfunctionalitysubstitutes
forthistest.
butisnotlimitedto,operationallogs
ortestresultswithcriteriafortesting
theusability(e.g.sampletapeload,
browsingtapecontents)and
compatibilitywithcurrentsystem
configurations(e.g.manualor
automatedcomparisoncheckpoints
betweenbackupmediacontentsand
currentconfiguration).
Testeachoftherecoveryplans
referencedinRequirementR1atleast
onceevery36calendarmonths
throughanoperationalexerciseofthe
recoveryplansinanenvironment
representativeoftheproduction
environment.
Anactualrecoveryresponsemay
substituteforanoperationalexercise.
arenotlimitedto,dated
documentationof:
Anoperationalexerciseatleast
onceevery36calendarmonths
betweenexercises,that
demonstratesrecoveryina
representativeenvironment;or
Anactualrecoveryresponsethat
occurredwithinthe36calendar
monthtimeframethatexercised
therecoveryplans.

Page11of28

R3. EachResponsibleEntityshallmaintaineachofitsrecoveryplansinaccordancewitheachoftheapplicablerequirementparts
inCIP0095TableR3RecoveryPlanReview,UpdateandCommunication.[ViolationRiskFactor:Lower][TimeHorizon:
OperationsAssessment].
M3. Acceptableevidenceincludes,butisnotlimitedto,eachoftheapplicablerequirementpartsinCIP0095TableR3Recovery
PlanReview,UpdateandCommunication.
CIP0095TableR3RecoveryPlanReview,UpdateandCommunication
theirassociated:
1. EACMS;and
2. PACS
1. EACMS;and
2. PACS
Nolaterthan90calendardaysafter
completionofarecoveryplantestor
actualrecovery:
3.1.1. Documentanylessonslearned
associatedwitharecoveryplan
testoractualrecoveryor
documenttheabsenceofany
lessonslearned;
3.1.2. Updatetherecoveryplanbased
onanydocumentedlessons
learnedassociatedwiththe
plan;and
withadefinedroleinthe
recoveryplanoftheupdatesto
therecoveryplanbasedonany
documentedlessonslearned.
following:
1. Dateddocumentationof
identifieddeficienciesorlessons
learnedforeachrecoveryplan
testoractualincidentrecovery
ordateddocumentationstating
therewerenolessonslearned;
2. Datedandrevisedrecoveryplan
showinganychangesbasedon
thelessonslearned;and
limitedto:
Emails;
system;or
Page12of28
CIP0095TableR3RecoveryPlanReview,UpdateandCommunication
theirassociated:
1. EACMS;and
2. PACS
1. EACMS;and
2. PACS
Nolaterthan60calendardaysaftera
changetotherolesorresponsibilities,
responders,ortechnologythatthe
ResponsibleEntitydetermineswould
impacttheabilitytoexecutethe
recoveryplan:
3.2.1. Updatetherecoveryplan;and
withadefinedroleinthe
recoveryplanoftheupdates.

following:
1. Datedandrevisedrecovery
planwithchangestotheroles
orresponsibilities,
responders,ortechnology;
and
limitedto:
Emails;
system;or
Page13of28
C. Compliance
serveastheCEA.
thelastaudit.
investigation:
calendaryears.
whicheverislonger.
records.
ComplianceAudit
SelfCertification
SpotChecking
SelfReporting
Complaint
None

Page14of28
R# Time
Horizon
R1 Long
term
Planning
Medium N/A TheResponsible
Entityhasdeveloped
recoveryplan(s),but
theplan(s)donot
addressoneofthe
requirements
includedinParts1.2
through1.5.
TheResponsible
Entityhasdeveloped
recoveryplan(s),but
theplan(s)donot
addresstwoofthe
requirements
includedinParts1.2
through1.5.
TheResponsible
Entityhasnotcreated
recoveryplan(s)for
BESCyberSystems.
OR
TheResponsible
Entityhascreated
recoveryplan(s)for
BESCyberSystems,
buttheplan(s)does
notaddressthe
conditionsfor
activationinPart1.1.
OR
TheResponsible
Entityhascreated
recoveryplan(s)for
BESCyberSystems,
buttheplan(s)does
notaddressthreeor
moreofthe
requirementsinParts
1.2through1.5.
R2 Operations Lower TheResponsible TheResponsible TheResponsible TheResponsible
Page15of28
R# Time
Horizon
Planning
Realtime
Operations
Entityhasnottested
therecoveryplan(s)
accordingtoR2Part
2.1within15
calendarmonths,not
exceeding16
calendarmonths
betweentestsofthe
plan,andwhen
tested,any
deficiencieswere
identified,assessed,
andcorrected.(2.1)
OR
TheResponsible
Entityhasnottested
arepresentative
sampleofthe
informationusedin
therecoveryofBES
CyberSystem
functionality
accordingtoR2Part
2.2within15
calendarmonths,not
exceeding16
calendarmonths
betweentests,and
whentested,any
Entityhasnottested
therecoveryplan(s)
within16calendar
months,not
exceeding17
calendarmonths
betweentestsofthe
plan,andwhen
tested,any
deficiencieswere
andcorrected.(2.1)
OR
TheResponsible
Entityhasnottested
arepresentative
sampleofthe
informationusedin
therecoveryofBES
CyberSystem
functionality
accordingtoR2Part
2.2within16
calendarmonths,not
exceeding17
calendarmonths
betweentests,and
whentested,any
deficiencieswere
Entityhasnottested
therecoveryplan(s)
accordingtoR2Part
2.1within17calendar
months,not
exceeding18calendar
monthsbetweentests
oftheplan,andwhen
tested,any
deficiencieswere
andcorrected.(2.1)
OR
TheResponsible
Entityhasnottested
arepresentative
sampleofthe
informationusedin
therecoveryofBES
CyberSystem
functionality
accordingtoR2Part
2.2within17
calendarmonths,not
exceeding18
calendarmonths
betweentests,and
whentested,any
deficiencieswere
Entityhasnottested
therecoveryplan(s)
accordingtoR2Part
2.1within18
calendarmonths
betweentestsofthe
plan.(2.1)
OR
TheResponsible
Entityhastestedthe
recoveryplan(s)
accordingtoR2Part
2.1andidentified
deficiencies,butdid
notassessorcorrect
thedeficiencies.(2.1)
OR
TheResponsible
Entityhastestedthe
recoveryplan(s)
accordingtoR2Part
2.1butdidnot
identify,assess,or
correctthe
deficiencies.(2.1)
OR
TheResponsible
Page16of28
R# Time
Horizon
deficiencieswere
andcorrected.(2.2)
OR
TheResponsible
Entityhasnottested
therecoveryplan
accordingtoR2Part
2.3within36
calendarmonths,not
exceeding37
calendarmonths
betweentests,and
whentested,any
deficiencieswere
andcorrected.(2.3)
andcorrected.(2.2)
OR
TheResponsible
Entityhasnottested
therecoveryplan
accordingtoR2Part
2.3within37
calendarmonths,not
exceeding38
calendarmonths
betweentests,and
whentested,any
deficiencieswere
andcorrected.(2.3)
andcorrected.(2.2)
OR
TheResponsible
Entityhasnottested
therecoveryplan
accordingtoR2Part
2.3within38
calendarmonths,not
exceeding39
calendarmonths
betweentests,and
whentested,any
deficiencieswere
andcorrected.(2.3)
Entityhasnottested
arepresentative
sampleofthe
informationusedin
therecoveryofBES
CyberSystem
functionality
accordingtoR2Part
2.2within18
calendarmonths
betweentests.(2.2)
OR
TheResponsible
Entityhastesteda
representative
sampleofthe
informationusedin
therecoveryofBES
CyberSystem
functionality
accordingtoR2Part
2.2andidentified
deficiencies,butdid
notassessorcorrect
OR
TheResponsible
Entityhastesteda
Page17of28
R# Time
Horizon
representative
sampleofthe
informationusedin
therecoveryofBES
CyberSystem
functionality
accordingtoR2Part
2.2butdidnot
identify,assess,or
correctthe
deficiencies.(2.2)
OR
TheResponsible
Entityhasnottested
therecoveryplan(s)
accordingtoR2Part
2.3within39
calendarmonths
betweentestsofthe
plan.(2.3)
OR
TheResponsible
Entityhastestedthe
recoveryplan(s)
accordingtoR2Part
2.3andidentified
deficiencies,butdid
notassessorcorrect
Page18of28
R# Time
Horizon
OR
TheResponsible
Entityhastestedthe
recoveryplan(s)
accordingtoR2Part
2.3butdidnot
identify,assess,or
correctthe
deficiencies.(2.3)
R3 Operations
Assessment
Lower TheResponsible
Entityhasnot
notifiedeachperson
orgroupwitha
definedroleinthe
recoveryplan(s)of
updateswithin90
andlessthan210
calendardaysofthe
updatebeing
completed.(3.1.3)
TheResponsible
Entityhasnot
updatedtherecovery
plan(s)basedonany
documentedlessons
learnedwithin90and
lessthan210calendar
daysofeachrecovery
plantestoractual
recovery.(3.1.2)
OR
TheResponsible
Entityhasnotnotified
eachpersonorgroup
withadefinedrolein
therecoveryplan(s)
ofupdateswithin120
TheResponsible
Entityhasneither
documentedlessons
learnednor
documentedthe
absenceofany
lessonslearnedwithin
90andlessthan210
calendardaysofeach
recoveryplantestor
actualrecovery.
(3.1.1)
OR
TheResponsible
Entityhasnot
updatedtherecovery
plan(s)basedonany
TheResponsible
Entityhasneither
documentedlessons
learnednor
documentedthe
absenceofany
lessonslearned
within210calendar
daysofeachrecovery
plantestoractual
recovery.(3.1.1)
Page19of28
R# Time
Horizon
calendardaysofthe
updatebeing
completed.(3.1.3)
OR
TheResponsible
Entityhasnot
updatedtherecovery
plan(s)ornotified
eachpersonorgroup
withadefinedrole
within60andless
than90calendardays
ofanyofthe
followingchanges
thattheresponsible
entitydetermines
wouldimpactthe
abilitytoexecutethe
plan:(3.2)
Rolesor
responsibilities,or
Responders,or
Technology
changes.
documentedlessons
learnedwithin120
calendardaysofeach
recoveryplantestor
actualrecovery.
(3.1.2)
OR
TheResponsible
Entityhasnot
updatedtherecovery
plan(s)ornotified
eachpersonorgroup
withadefinedrole
within90calendar
daysofanyofthe
followingchanges
thattheresponsible
entitydetermines
wouldimpactthe
abilitytoexecutethe
plan:(3.2)
Rolesor
responsibilities,or
Responders,or
Technologychanges.
Page20of28
None.
E. Interpretations
None.
None.
Page21of28
standards.
RequirementR1:
Thefollowingguidelinesareavailabletoassistinaddressingtherequiredcomponentsofa
recoveryplan:
NERC,SecurityGuidelinefortheElectricitySector:ContinuityofBusinessProcessesand
OperationsOperationalFunctions,September2011,onlineat
http://www.nerc.com/docs/cip/sgwg/Continuity%20of%20Business%20and%20Operation
al%20Functions%20FINAL%20102511.pdf
NationalInstituteofStandardsandTechnology,ContingencyPlanningGuideforFederal
InformationSystems,SpecialPublication80034revision1,May2010,onlineat
http://csrc.nist.gov/publications/nistpubs/80034rev1/sp80034rev1_errataNov11
2010.pdf
ThetermrecoveryplanisusedthroughoutthisStandardtorefertoadocumentedsetof
instructionsandresourcesneededtorecoverreliabilityfunctionsperformedbyBESCyber
Systems.Therecoveryplanmayexistaspartofalargerbusinesscontinuityordisasterrecovery
plan,butthetermdoesnotimplyanyadditionalobligationsassociatedwiththosedisciplines
outsideoftheRequirements.
AdocumentedrecoveryplanmaynotbenecessaryforeachapplicableBESCyberSystem.For
example,theshorttermrecoveryplanforaBESCyberSysteminaspecificsubstationmaybe
Page22of28
managedonadailybasisbyadvancedpowersystemapplicationssuchasstateestimation,
contingencyandremedialaction,andoutagescheduling.OnerecoveryplanforBESCyber
Systemsshouldsufficeforseveralsimilarfacilitiessuchasthosefoundinsubstationsorpower
plantsfacilities.
ForPart1.1,theconditionsforactivationoftherecoveryplanshouldconsiderviablethreatsto
theBESCyberSystemsuchasnaturaldisasters,computingequipmentfailures,computing
environmentfailures,andCyberSecurityIncidents.AbusinessimpactanalysisfortheBESCyber
Systemmaybeusefulindeterminingtheseconditions.
ForPart1.2,entitiesshouldidentifytheindividualsrequiredforrespondingtoarecovery
operationoftheapplicableBESCyberSystem.
ForPart1.3,entitiesshouldconsiderthefollowingtypesofinformationtorecoverBESCyber
Systemfunctionality:
1. Installationfilesandmedia;
2. Currentbackuptapesandanyadditionaldocumentedconfigurationsettings;
3. Documentedbuildorrestorationprocedures;and
4. Crosssitereplicationstorage.
ForPart1.4,theprocessestoverifythesuccessfulcompletionofbackupprocessesshould
includecheckingfor:(1)usabilityofbackupmedia,(2)logsorinspectionshowingthat
informationfromcurrent,productionsystemcouldberead,and(3)logsorinspectionshowing
thatinformationwaswrittentothebackupmedia.Testrestorationsarenotrequiredforthis
RequirementPart.Thefollowingbackupscenariosprovideexamplesofeffectiveprocessesto
verifysuccessfulcompletionanddetectanybackupfailures:
Periodic(e.g.dailyorweekly)backupprocessReviewgeneratedlogsorjobstatus
reportsandsetupnotificationsforbackupfailures.
NonperiodicbackupprocessIfasinglebackupisprovidedduringthecommissioningof
thesystem,thenonlytheinitialandperiodic(every15months)testingmustbedone.
Additionaltestingshouldbedoneasnecessaryandcanbeapartoftheconfiguration
changemanagementprogram.
DatamirroringConfigurealertsonthefailureofdatatransferforanamountoftime
specifiedbytheentity(e.g.15minutes)inwhichtheinformationonthemirroreddisk
maynolongerbeusefulforrecovery.
ManualconfigurationinformationInspecttheinformationusedforrecoverypriorto
storinginitiallyandperiodically(every15months).Additionalinspectionshouldbedone
asnecessaryandcanbeapartoftheconfigurationchangemanagementprogram.
Theplanmustalsoincludeprocessestoaddressbackupfailures.Theseprocessesshouldspecify
theresponsetofailurenotificationsorotherformsofidentification.
ForPart1.5,therecoveryplanmustincludeconsiderationsforpreservationofdatato
determinethecauseofaCyberSecurityIncident.Becauseitisnotalwayspossibletoinitially
Page23of28
knowifaCyberSecurityIncidentcausedtherecoveryactivation,thedatapreservation
proceduresshouldbefolloweduntilsuchpointaCyberSecurityIncidentcanberuledout.CIP
008addressestheretentionofdataassociatedwithaCyberSecurityIncident.
RequirementR2:
AResponsibleEntitymustexerciseeachBESCyberSystemrecoveryplanevery15months.
However,thisdoesnotnecessarilymeanthattheentitymusttesteachplanindividually.BES
CyberSystemsthatarenumerousanddistributed,suchasthosefoundatsubstations,maynot
requireanindividualrecoveryplanandtheassociatedredundantfacilitiessincereengineering
andreconstructionmaybethegenericresponsetoasevereevent.Conversely,thereistypically
onecontrolcenterperbulktransmissionserviceareathatrequiresaredundantorbackup
facility.Becauseofthesedifferences,therecoveryplansassociatedwithcontrolcentersdiffera
greatdealfromthoseassociatedwithpowerplantsandsubstations.
Arecoveryplantestdoesnotnecessarilycoverallaspectsofarecoveryplanandfailure
scenarios,butthetestshouldbesufficienttoensuretheplanisuptodateandatleastone
restorationprocessoftheapplicablecybersystemsiscovered.
Entitiesmayuseanactualrecoveryasasubstituteforexercisingtheplanevery15months.
Otherwise,entitiesmustexercisetheplanwithapaperdrill,tabletopexercise,oroperational
exercise.Formorespecifictypesofexercises,refertotheFEMAHomelandSecurityExercise
andEvaluationProgram(HSEEP).Itliststhefollowingfourtypesofdiscussionbasedexercises:
seminar,workshop,tabletop,andgames.Inparticular,itdefinesthat,Atabletopexercise
involveskeypersonneldiscussingsimulatedscenariosinaninformalsetting.[Tabletop
exercises(TTX)]canbeusedtoassessplans,policies,andprocedures.
TheHSEEPliststhefollowingthreetypesofoperationsbasedexercises:Drill,functional
exercise,andfullscaleexercise.Itdefinesthat,[A]fullscaleexerciseisamultiagency,multi
jurisdictional,multidisciplineexerciseinvolvingfunctional(e.g.,jointfieldoffice,Emergency
operationcenters,etc.)andbootsonthegroundresponse(e.g.,firefightersdecontaminating
mockvictims).
ForPart2.2,entitiesshouldrefertothebackupandstorageofinformationrequiredtorecover
BESCyberSystemfunctionalityinRequirementPart1.3.Thisprovidesadditionalassurancethat
theinformationwillactuallyrecovertheBESCyberSystemasnecessary.Formostcomplex
computingequipment,afulltestoftheinformationisnotfeasible.Entitiesshoulddetermine
therepresentativesampleofinformationthatprovidesassuranceintheprocessesfor
RequirementPart1.3.Thetestmustincludestepsforensuringtheinformationisuseableand
current.Forbackupmedia,thiscanincludetestingarepresentativesampletomakesurethe
informationcanbeloaded,andcheckingthecontenttomakesuretheinformationreflectsthe
currentconfigurationoftheapplicableCyberAssets.
RequirementR3:
Thisrequirementensuresentitiesmaintainrecoveryplans.Therearetworequirementparts
thattriggerplanupdates:(1)lessonslearnedand(2)organizationalortechnologychanges.
Page24of28
Thedocumentationoflessonslearnedisassociatedwitheachrecoveryactivation,andit
involvestheactivitiesasillustratedinFigure1,below.Thedeadlinetodocumentlessons
learnedstartsafterthecompletionoftherecoveryoperationinrecognitionthatcomplex
recoveryactivitiescantakeafewdaysorweekstocomplete.Theprocessofconducting
lessonslearnedcaninvolvetherecoveryteamdiscussingtheincidenttodeterminegapsor
areasofimprovementwithintheplan.Itispossibletohavearecoveryactivationwithoutany
documentedlessonslearned.Insuchcases,theentitymustretaindocumentationofthe
absenceofanylessonslearnedassociatedwiththerecoveryactivation.

Figure 1: CIP-009-5 R3 Timeline
Theactivitiesnecessarytocompletethelessonslearnedincludeupdatingtheplanand
distributingthoseupdates.Entitiesshouldconsidermeetingwithalloftheindividualsinvolved
intherecoveryanddocumentingthelessonslearnedassoonaftertherecoveryactivationas
possible.Thisallowsmoretimeformakingeffectiveupdatestotheplan,obtainingany
necessaryapprovals,anddistributingthoseupdatestotherecoveryteam.
Theplanchangerequirementisassociatedwithorganizationandtechnologychanges
referencedintheplanandinvolvestheactivitiesillustratedinFigure2,below.Organizational
changesincludechangestotherolesandresponsibilitiespeoplehaveintheplanorchangesto
theresponsegroupsorindividuals.Thismayincludechangestothenamesorcontact
informationlistedintheplan.Technologychangesaffectingtheplanmayincludereferenced
informationsources,communicationsystems,orticketingsystems.
Page25of28

Figure 2: Timeline for Plan Changes in 3.2
Whennotifyingindividualsofresponseplanchanges,entitiesshouldkeepinmindthatrecovery
plansmaybeconsideredBESCyberSystemInformation,andtheyshouldtaketheappropriate
measurestopreventunauthorizeddisclosureofrecoveryplaninformation.Forexample,the
recoveryplanitself,orothersensitiveinformationabouttherecoveryplan,shouldberedacted
fromEmailorotherunencryptedtransmission.
Rationale:
RationaleforR1:
Preventativeactivitiescanlowerthenumberofincidents,butnotallincidentscanbe
prevented.Apreplannedrecoverycapabilityis,therefore,necessaryforrapidlyrecovering
fromincidents,minimizinglossanddestruction,mitigatingtheweaknessesthatwereexploited,
andrestoringcomputingservicessothatplannedandconsistentrecoveryactiontorestoreBES
CyberSystemfunctionalityoccurs.
SummaryofChanges:Addedprovisionstoprotectdatathatwouldbeusefulinthe
investigationofaneventthatresultsintheneedforaCyberSystemrecoveryplantobe
utilized.
Page26of28
AddressesFERCOrderParagraph739and748.Themodifiedwordingwasabstractedfrom
Paragraph744.
AddressesFERCOrderSection739and748.
AddedrequirementtoaddressFERCOrderNo.706,Paragraph706.
RationaleforR2:
Theimplementationofaneffectiverecoveryplanmitigatestherisktothereliableoperationof
theBESbyreducingthetimetorecoverfromvarioushazardsaffectingBESCyberSystems.This
requirementensurescontinuedimplementationoftheresponseplans.
RequirementPart2.2providesfurtherassuranceintheinformation(e.g.backuptapes,
mirroredhotsites,etc.)necessarytorecoverBESCyberSystems.Afulltestisnotfeasiblein
mostinstancesduetotheamountofrecoveryinformation,andtheResponsibleEntitymust
determineasamplingthatprovidesassuranceintheusabilityoftheinformation.
SummaryofChanges.AddedoperationaltestingforrecoveryofBESCyberSystems.
Minorwordingchange;essentiallyunchanged.
Specifieswhattotestandmakesclearthetestcanbearepresentativesampling.These
changes,alongwithRequirementPart1.4addresstheFERCOrderNo.706,Paragraphs739and
748relatedtotestingofbackupsbyprovidinghighconfidencetheinformationwillactually
recoverthesystemasnecessary.
AddressesFERCOrderNo.706,Paragraph725toaddtherequirementthattherecoveryplan
testbeafulloperationaltestonceevery3years.
Page27of28
RationaleforR3:
ToimprovetheeffectivenessofBESCyberSystemrecoveryplan(s)followingatest,andto
ensurethemaintenanceanddistributionoftherecoveryplan(s).ResponsibleEntitiesachieve
thisby(i)performingalessonslearnedreviewin3.1and(ii)revisingtheplanin3.2basedon
specificchangesintheorganizationortechnologythatwouldimpactplanexecution.Inboth
instanceswhentheplanneedstochange,theResponsibleEntityupdatesanddistributesthe
plan.
SummaryofChanges:Makesclearwhentoperformlessonslearnedreviewoftheplanand
specifiesthetimeframeforupdatingtherecoveryplan.
Referencetopriorversion:(Part3.1)CIP009,R1andR3
Addedthetimeframesforperforminglessonslearnedandcompletingtheplanupdates.This
requirementcombinesallthreeactivitiesinoneplace.Wherepreviousversionsspecified30
calendardaysforperforminglessonslearned,followedbyadditionaltimeforupdatingrecovery
plansandnotification,thisrequirementcombinesthoseactivitiesintoasingletimeframe.
Specifiestheactivitiesrequiredtomaintaintheplan.Thepreviousversionrequiredentitiesto
updatetheplaninresponsetoanychanges.Themodificationsmakeclearthespecificchanges
thatwouldrequireanupdate.
Version History

1 1/16/06
controlcenter
3/24/06
2 9/30/09 Modificationstoclarifytherequirements
andtobringthecomplianceelementsinto
conformancewiththelatestguidelinesfor
developingcomplianceelementsof
standards.
Removalofreasonablebusinessjudgment.
ResponsibleEntity.
Page28of28
3 Updatedversionnumberfrom2to3
InRequirement1.6,deletedthesentence
pertainingtoremovingcomponentor
systemfromserviceinordertoperform
testing,inresponsetoFERCorderissued
September30,2009.
3 12/16/09 ApprovedbytheNERCBoardofTrustees. Update

4 12/30/10 ModifiedtoaddspecificcriteriaforCritical
Assetidentification.
Update
5 11/26/12 AdoptedbytheNERCBoardofTrustees. Modifiedto

coordinatewith
otherCIP
standardsandto
reviseformatto
useRBS
Template.

CIP0101CyberSecurityConfigurationChangeManagementandVulnerability
Assessments
Page1of34
A. I ntroduction
1. Title: Cyber Security Configuration Change Management and Vulnerability
Assessments
2. Number: CIP0101
3. Purpose: TopreventanddetectunauthorizedchangestoBESCyberSystemsby
specifyingconfigurationchangemanagementandvulnerabilityassessment
requirementsinsupportofprotectingBESCyberSystemsfromcompromisethatcould
leadtomisoperationorinstabilityintheBES.
4. Applicability:
(UVLS)systemthat:
of300MWormore.
unit(s)tobestarted.
Assessments
Page2of34
oftheBES:
of300MWormore.
unit(s)tobestarted.
AllBESFacilities.
Commission.
Section73.54.
Assessments
Page3of34
5.EffectiveDates:
becomeeffectiveonthefirstdayoftheninthcalendarquarterfollowingBoard
ofTrusteesapproval,orasotherwisemadeeffectivepursuanttothelaws
6.Background:
Assessments
Page4of34
CyberSystems.
EachtablehasanApplicableSystemscolumntofurtherdefinethescopeof
systemstowhichaspecificrequirementrowapplies.TheCSO706SDTadaptedthis
conceptfromtheNationalInstituteofStandardsandTechnology(NIST)Risk
ManagementFrameworkasawayofapplyingrequirementsmoreappropriately
Assessments
Page5of34
basedonimpactandconnectivitycharacteristics.Thefollowingconventionsareused
intheapplicabilitycolumnasdescribed.
processes.
MediumImpactBESCyberSystemsAppliestoBESCyberSystemscategorized
asmediumimpactaccordingtotheCIP0025identificationandcategorization
processes.
ElectronicAccessControlorMonitoringSystemassociatedwithareferenced
highimpactBESCyberSystemormediumimpactBESCyberSystem.Examples
mayinclude,butarenotlimitedto,firewalls,authenticationservers,andlog
impactBESCyberSystemwithExternalRoutableConnectivity.
ProtectedCyberAssets(PCA)AppliestoeachProtectedCyberAsset
associatedwithareferencedhighimpactBESCyberSystemormediumimpact
BESCyberSystem
CIP0101CyberSecurityConfigurationChangeManagementandVulnerabilityAssessments
Page6of34
documentedprocessesthatcollectivelyincludeeachoftheapplicablerequirementpartsinCIP0101TableR1
ConfigurationChangeManagement.[ViolationRiskFactor:Medium][TimeHorizon:OperationsPlanning].
requirementpartsinCIP0101TableR1ConfigurationChangeManagementandadditionalevidencetodemonstrate
CIP0101TableR1ConfigurationChangeManagement
theirassociated:
1. EACMS;
2. PACS;and
3. PCA
andtheirassociated:
1. EACMS;
2. PACS;and
3. PCA
Developabaselineconfiguration,
individuallyorbygroup,whichshall
includethefollowingitems:
1.1.1. Operatingsystem(s)(including
version)orfirmwarewhereno
independentoperatingsystem
exists;
1.1.2. Anycommerciallyavailableor
opensourceapplication
software(includingversion)
intentionallyinstalled;
1.1.3. Anycustomsoftwareinstalled;
1.1.4. Anylogicalnetworkaccessible
ports;and
1.1.5. Anysecuritypatchesapplied.
arenotlimitedto:
Aspreadsheetidentifyingthe
requireditemsofthebaseline
configurationforeachCyberAsset,
individuallyorbygroup;or
Arecordinanassetmanagement
systemthatidentifiestherequired
itemsofthebaselineconfiguration
foreachCyberAsset,individuallyor
bygroup.
Page7of34
theirassociated:
1. EACMS;
2. PACS;and
3. PCA
andtheirassociated:
1. EACMS;
2. PACS;and
3. PCA
Authorizeanddocumentchangesthat
deviatefromtheexistingbaseline
configuration.
arenotlimitedto:
Achangerequestrecordand
associatedelectronicauthorization
(performedbytheindividualor
groupwiththeauthorityto
authorizethechange)inachange
managementsystemforeach
change;or
Documentationthatthechange
wasperformedinaccordancewith
therequirement.
Page8of34
theirassociated:
1. EACMS;
2. PACS;and
3. PCA
andtheirassociated:
1. EACMS;
2. PACS;and
3. PCA
Forachangethatdeviatesfromthe
existingbaselineconfiguration,update
thebaselineconfigurationasnecessary
within30calendardaysofcompleting
thechange.
butisnotlimitedto,updatedbaseline
documentationwithadatethatis
within30calendardaysofthedateof
thecompletionofthechange.
theirassociated:
1. EACMS;
2. PACS;and
3. PCA
andtheirassociated:
1. EACMS;
2. PACS;and
3. PCA
Forachangethatdeviatesfromthe
existingbaselineconfiguration:
1.4.1. Priortothechange,determine
requiredcybersecuritycontrols
inCIP005andCIP007thatcould
beimpactedbythechange;
1.4.2. Followingthechange,verifythat
determinedin1.4.1arenot
adverselyaffected;and
1.4.3. Documenttheresultsofthe
verification.
butisnotlimitedto,alistofcyber
securitycontrolsverifiedortested
alongwiththedatedtestresults.
Page9of34
Wheretechnicallyfeasible,foreach
changethatdeviatesfromtheexisting
baselineconfiguration:
1.5.1. Priortoimplementingany
changeintheproduction
environment,testthechanges
inatestenvironmentortestthe
changesinaproduction
environmentwherethetestis
performedinamannerthat
minimizesadverseeffects,that
modelsthebaseline
configurationtoensurethat
inCIP005andCIP007arenot
adverselyaffected;and
1.5.2. Documenttheresultsofthe
testingand,ifatest
environmentwasused,the
differencesbetweenthetest
environmentandtheproduction
environment,includinga
descriptionofthemeasures
usedtoaccountforany
differencesinoperation
betweenthetestand
productionenvironments.
butisnotlimitedto,alistofcyber
securitycontrolstestedalongwith
successfultestresultsandalistof
differencesbetweentheproduction
andtestenvironmentswith
descriptionsofhowanydifferences
wereaccountedfor,includingofthe
dateofthetest.

Page10of34
documentedprocessesthatcollectivelyincludeeachoftheapplicablerequirementpartsinCIP0101TableR2Configuration
Monitoring.[ViolationRiskFactor:Medium][TimeHorizon:OperationsPlanning].
requirementpartsinCIP0101TableR2ConfigurationMonitoringandadditionalevidencetodemonstrateimplementation

CIP0101TableR2ConfigurationMonitoring
theirassociated:
1. EACMS;and
2. PCA
Monitoratleastonceevery35calendar
daysforchangestothebaseline
configuration(asdescribedin
RequirementR1,Part1.1).Document
andinvestigatedetectedunauthorized
changes.
butisnotlimitedto,logsfroma
systemthatismonitoringthe
configurationalongwithrecordsof
investigationforanyunauthorized
changesthatweredetected.

R3. EachResponsibleEntityshallimplementoneormoredocumentedprocessesthatcollectivelyincludeeachoftheapplicable
requirementpartsinCIP0101TableR3VulnerabilityAssessments.[ViolationRiskFactor:Medium][TimeHorizon:Longterm
PlanningandOperationsPlanning]
M3.Evidencemustincludeeachoftheapplicabledocumentedprocessesthatcollectivelyincludeeachoftheapplicable
requirementpartsinCIP0101TableR3VulnerabilityAssessmentsandadditionalevidencetodemonstrateimplementation
Page11of34
CIP0101TableR3VulnerabilityAssessments
theirassociated:
1. EACMS;
2. PACS;and
3. PCA
andtheirassociated:
1. EACMS;
2. PACS;and
3. PCA
Atleastonceevery15calendar
months,conductapaperoractive
vulnerabilityassessment.
arenotlimitedto:
Adocumentlistingthedateofthe
assessment(performedatleast
onceevery15calendarmonths),
thecontrolsassessedforeachBES
CyberSystemalongwiththe
methodofassessment,;or
Adocumentlistingthedateofthe
assessmentandtheoutputofany
toolsusedtoperformthe
assessment.
Page12of34
Wheretechnicallyfeasible,atleast
onceevery36calendarmonths:
3.2.1 Performanactivevulnerability
assessmentinatest
environment,orperforman
activevulnerabilityassessment
inaproductionenvironment
wherethetestisperformedin
amannerthatminimizes
adverseeffects,thatmodels
thebaselineconfigurationof
theBESCyberSystemina
productionenvironment;and
3.2.2 Documenttheresultsofthe
testingand,ifatest
environmentwasused,the
differencesbetweenthetest
environmentandthe
productionenvironment,
includingadescriptionofthe
measuresusedtoaccountfor
anydifferencesinoperation
betweenthetestand
productionenvironments.
butisnotlimitedto,adocument
listingthedateoftheassessment
(performedatleastonceevery36
calendarmonths),theoutputofthe
toolsusedtoperformtheassessment,
andalistofdifferencesbetweenthe
productionandtestenvironments
withdescriptionsofhowany
differenceswereaccountedforin
conductingtheassessment.
Page13of34
theirassociated:
1. EACMS;
2. PCA
PriortoaddinganewapplicableCyber
Assettoaproductionenvironment,
performanactivevulnerability
assessmentofthenewCyberAsset,
exceptforCIPExceptional
Circumstancesandlikereplacements
ofthesametypeofCyberAssetwitha
baselineconfigurationthatmodelsan
existingbaselineconfigurationofthe
previousorotherexistingCyberAsset.
listingthedateoftheassessment
(performedpriortothe
commissioningofthenewCyber
Asset)andtheoutputofanytools
usedtoperformtheassessment.
theirassociated:
1. EACMS;
2. PACS;and
3. PCA
andtheirassociated:
1. EACMS;
2. PACS;and
3. PCA
Documenttheresultsofthe
assessmentsconductedaccordingto
Parts3.1,3.2,and3.3andtheaction
plantoremediateormitigate
vulnerabilitiesidentifiedinthe
assessmentsincludingtheplanned
dateofcompletingtheactionplanand
theexecutionstatusofany
remediationormitigationaction
items.
listingtheresultsorthereviewor
assessment,alistofactionitems,
documentedproposeddatesof
completionfortheactionplan,and
recordsofthestatusoftheaction
items(suchasminutesofastatus
meeting,updatesinaworkorder
system,oraspreadsheettrackingthe
actionitems).
Assessments
Page14of34

C. Compliance
ComplianceAudit
SelfCertification
SpotChecking
SelfReporting
Complaint
None

Page15of34
R# Time
Horizon
R1 Operations
Planning
Medium TheResponsible
Entityhas
documentedand
implementeda
configuration
change
management
process(es)that
includesonlyfourof
therequired
baselineitemslisted
in1.1.1through
1.1.5.(1.1)
OR
TheResponsible
Entityhas
documentedand
implementeda
configuration
change
management
process(es)that
includesallofthe
requiredbaseline
TheResponsible
Entityhas
documentedand
implementeda
configurationchange
management
process(es)that
includesonlythree
oftherequired
baselineitemslisted
in1.1.1through
1.1.5.(1.1)
OR
TheResponsible
Entityhas
documentedand
implementeda
configurationchange
management
process(es)that
includesfourofthe
requiredbaseline
itemslistedin1.1.1
through1.1.5and
TheResponsible
Entityhas
documentedand
implementeda
configurationchange
management
process(es)that
includesonlytwoof
therequiredbaseline
itemslistedin1.1.1
through1.1.5.(1.1)
OR
TheResponsible
Entityhas
documentedand
implementeda
configurationchange
management
process(es)that
includesthreeofthe
requiredbaseline
itemslistedin1.1.1
through1.1.5and
identified
TheResponsible
Entityhasnot
documentedor
implementedany
configurationchange
management
process(es).(R1)
OR
TheResponsible
Entityhas
documentedand
implementeda
configurationchange
management
process(es)that
includesonlyoneof
therequiredbaseline
itemslistedin1.1.1
through1.1.5.(1.1)
OR
TheResponsible
Entityhas
documentedand
Page16of34
R# Time
Horizon
itemslistedin1.1.1
through1.1.5and
identified
deficienciesbutdid
notassessand
correctthe
deficiencies.(1.1)
OR
TheResponsible
Entityhas
documentedand
implementeda
configuration
change
management
process(es)that
includesallofthe
requiredbaseline
itemslistedin1.1.1
through1.1.5but
didnotidentify,
assess,andcorrect
thedeficiencies.
(1.1)
OR
TheResponsible
identified
deficienciesbutdid
notassessand
correctthe
deficiencies.(1.1)
OR
TheResponsible
Entityhas
documentedand
implementeda
configurationchange
management
process(es)that
includesfourofthe
requiredbaseline
itemslistedin1.1.1
through1.1.5but
didnotidentify,
assess,andcorrect
thedeficiencies.
(1.1)
OR
TheResponsible
Entityhasa
process(es)to
determinerequired
deficienciesbutdid
notassessand
correctthe
deficiencies.(1.1)
OR
TheResponsible
Entityhas
documentedand
implementeda
configurationchange
management
process(es)that
includesthreeofthe
requiredbaseline
itemslistedin1.1.1
through1.1.5butdid
notidentify,assess,
andcorrectthe
deficiencies.(1.1)
OR
TheResponsible
Entityhasa
process(es)that
requires
authorizationand
documentationfor
implementeda
configurationchange
management
process(es)that
includestwoorfewer
oftherequired
baselineitemslisted
in1.1.1through1.1.5
andidentified
deficienciesbutdid
notassessand
correctthe
deficiencies.(1.1)
OR
TheResponsible
Entityhas
documentedand
implementeda
configurationchange
management
process(es)that
includestwoorfewer
oftherequired
baselineitemslisted
in1.1.1through1.1.5
butdidnotidentify,
assess,andcorrect
Page17of34
R# Time
Horizon
Entityhasa
process(es)to
performstepsin
1.4.1and1.4.2fora
change(s)that
deviatesfromthe
existingbaseline
configurationand
identified
deficienciesinthe
verification
documentationbut
didnotassessor
correctthe
deficiencies.(1.4.3)
OR
TheResponsible
Entityhasa
process(es)to
performstepsin
1.4.1and1.4.2fora
change(s)that
deviatesfromthe
existingbaseline
configurationbut
didnotidentify,
assess,orcorrect
securitycontrolsin
CIP005andCIP007
thatcouldbe
impactedbya
change(s)that
deviatesfromthe
existingbaseline
configurationand
identified
deficienciesinthe
determinationof
affectedsecurity
controls,butdidnot
assess,orcorrectthe
OR
TheResponsible
Entityhasa
process(es)to
determinerequired
securitycontrolsin
CIP005andCIP007
thatcouldbe
impactedbya
change(s)that
deviatesfromthe
existingbaseline
changesthatdeviate
fromtheexisting
baseline
configurationand
identified
deficienciesbutdid
notassessorcorrect
OR
TheResponsible
Entityhasa
process(es)that
requires
authorizationand
documentationfor
changesthatdeviate
fromtheexisting
baseline
configurationbutdid
notidentify,assess,
orcorrectthe
deficiencies.(1.2)
OR
TheResponsible
Entityhasa
process(es)toupdate
OR
TheResponsible
Entitydoesnothave
aprocess(es)that
requires
authorizationand
documentationof
changesthatdeviate
fromtheexisting
baseline
configuration.(1.2)
OR
TheResponsible
Entitydoesnothave
aprocess(es)to
updatebaseline
configurationswithin
30calendardaysof
completinga
change(s)that
deviatesfromthe
existingbaseline
configuration.(1.3)
OR
Page18of34
R# Time
Horizon
thedeficienciesin
theverification
documentation.
(1.4.3)
configurationbutdid
notidentify,assess,
orcorrectthe
deficienciesinthe
determinationof
affectedsecurity
controls.(1.4.1)
baseline
30calendardaysof
completinga
change(s)that
deviatesfromthe
existingbaseline
configurationand
identified
deficienciesbutdid
notassessorcorrect
OR
TheResponsible
Entityhasa
process(es)toupdate
baseline
30calendardaysof
completinga
change(s)that
deviatesfromthe
existingbaseline
configurationbutdid
notidentify,assess,
orcorrectthe
TheResponsible
Entitydoesnothave
aprocess(es)to
determinerequired
securitycontrolsin
CIP005andCIP007
thatcouldbe
impactedbya
change(s)that
deviatesfromthe
existingbaseline
configuration.(1.4.1)
OR
TheResponsible
Entityhasa
process(es)to
determinerequired
securitycontrolsin
CIP005andCIP007
thatcouldbe
impactedbya
change(s)that
deviatesfromthe
existingbaseline
configurationbutdid
notverifyand
documentthatthe
Page19of34
R# Time
Horizon
deficiencies.(1.3)
OR
TheResponsible
Entityhasa
process(es)toverify
thatrequired
securitycontrolsin
CIP005andCIP007
arenotadversely
affectedbya
change(s)that
deviatesfromthe
existingbaseline
configurationand
identified
deficienciesin
requiredcontrols,
butdidnotassess,or
correctthe
OR
TheResponsible
Entityhasa
process(es)toverify
thatrequired
securitycontrolsin
requiredcontrols
werenotadversely
affectedfollowingthe
change.(1.4.2&
1.4.3)
OR
TheResponsible
Entitydoesnothave
aprocessfortesting
changesinan
environmentthat
modelsthebaseline
configurationpriorto
implementinga
changethatdeviates
frombaseline
configuration.(1.5.1)
OR
TheResponsible
Entitydoesnothave
aprocessto
documentthetest
resultsand,ifusinga
testenvironment,
documentthe
differencesbetween
Page20of34
R# Time
Horizon
CIP005andCIP007
arenotadversely
affectedbya
change(s)that
deviatesfromthe
existingbaseline
configurationbutdid
notidentify,assess,
orcorrectthe
deficienciesinthe
requiredcontrols.
(1.4.2)
OR
TheResponsible
Entityhasaprocess
fortestingchangesin
anenvironmentthat
modelsthebaseline
implementinga
changethatdeviates
frombaseline
configuration,and
identified
deficienciesbutdid
notassessorcorrect
thedeficiencies.
thetestand
production
environments.(1.5.2)
Page21of34
R# Time
Horizon
(1.5.1)
OR
TheResponsible
Entityhasaprocess
fortestingchangesin
anenvironmentthat
modelsthebaseline
implementinga
changethatdeviates
frombaseline
configurationbutdid
notidentify,assess,
orcorrectthe
OR
TheResponsible
Entityhasaprocess
todocumentthetest
resultsand,ifusinga
testenvironment,
documentthe
differencesbetween
thetestand
production
environmentsand
Page22of34
R# Time
Horizon
identified
deficienciesbutdid
notassessorcorrect
thedeficiencies.
(1.5.2)
OR
TheResponsible
Entityhasaprocess
todocumentthetest
resultsand,ifusinga
testenvironment,
documentthe
differencesbetween
thetestand
production
environments,but
didnotidentify,
assess,orcorrectthe
R2 Operations
Planning
Medium N/A N/A N/A TheResponsible
Entityhasnot
documentedor
implementeda
process(es)to
monitorfor,
investigate,and
Page23of34
R# Time
Horizon
documentdetected
unauthorizedchanges
tothebaselineat
leastonceevery35
calendardays.(2.1)
OR
TheResponsible
Entityhas
documentedand
implementeda
process(es)to
monitorfor,
investigate,and
documentdetected
unauthorizedchanges
tothebaselineat
leastonceevery35
calendardaysand
identifieddeficiencies
butdidnotassessor
correctthe
deficiencies.(2.1)
OR
TheResponsible
Entityhas
documentedand
Page24of34
R# Time
Horizon
implementeda
process(es)to
monitorfor,
investigate,and
documentdetected
unauthorizedchanges
tothebaselineat
leastonceevery35
calendardaysbutdid
notidentify,assess,
orcorrectthe
deficiencies.(2.1)
R3 Longterm
Planning
and
Operations
Planning
Medium TheResponsible
Entityhas
implementedone
ormore
documented
vulnerability
assessment
processesforeach
ofitsapplicableBES
CyberSystems,but
hasperformeda
vulnerability
assessmentmore
than15months,
butlessthan18
TheResponsible
Entityhas
implementedoneor
moredocumented
vulnerability
assessment
processesforeachof
itsapplicableBES
CyberSystems,but
hasperformeda
vulnerability
assessmentmore
than18months,but
lessthan21,months
sincethelast
TheResponsible
Entityhas
implementedoneor
moredocumented
vulnerability
assessment
processesforeachof
itsapplicableBES
CyberSystems,but
hasperformeda
vulnerability
assessmentmore
than21months,but
lessthan24months,
sincethelast
TheResponsible
Entityhasnot
implementedany
vulnerability
assessmentprocesses
foroneofits
applicableBESCyber
Systems.(R3)
OR
TheResponsible
Entityhas
implementedoneor
moredocumented
vulnerability
Page25of34
R# Time
Horizon
months,sincethe
lastassessmenton
oneofitsapplicable
BESCyberSystems.
(3.1)
OR
TheResponsible
Entityhas
implementedone
ormore
documentedactive
vulnerability
assessment
processesfor
ApplicableSystems,
buthasperformed
anactive
vulnerability
assessmentmore
than36months,
butlessthan39
months,sincethe
lastactive
assessmentonone
ofitsapplicableBES
CyberSystems.
assessmentonone
ofitsapplicableBES
CyberSystems.(3.1)
OR
TheResponsible
Entityhas
implementedoneor
moredocumented
activevulnerability
assessment
processesfor
ApplicableSystems,
buthasperformed
anactive
vulnerability
assessmentmore
than39months,but
lessthan42months,
sincethelastactive
assessmentonone
ofitsapplicableBES
CyberSystems.(3.2)
assessmentononeof
itsapplicableBES
CyberSystems.(3.1)
OR
TheResponsible
Entityhas
implementedoneor
moredocumented
activevulnerability
assessment
processesfor
ApplicableSystems,
buthasperformed
anactive
vulnerability
assessmentmore
than42months,but
lessthan45months,
sincethelastactive
assessmentononeof
itsapplicableBES
CyberSystems.(3.2)
assessmentprocesses
foreachofits
applicableBESCyber
Systems,buthas
performeda
vulnerability
assessmentmore
than24monthssince
thelastassessment
ononeofits
applicableBESCyber
Systems.(3.1)
OR
TheResponsible
Entityhas
implementedoneor
moredocumented
activevulnerability
assessmentprocesses
forApplicable
Systems,buthas
performedanactive
vulnerability
assessmentmore
than45monthssince
thelastactive
assessmentononeof
Page26of34
R# Time
Horizon
(3.2)
itsapplicableBES
CyberSystems.(3.2)
OR
TheResponsible
Entityhas
implementedand
documentedoneor
morevulnerability
assessmentprocesses
foreachofits
applicableBESCyber
Systems,butdidnot
performtheactive
vulnerability
assessmentina
mannerthatmodels
anexistingbaseline
configurationofits
applicableBESCyber
Systems.(3.3)
OR
TheResponsible
Entityhas
implementedoneor
moredocumented
vulnerability
Page27of34
R# Time
Horizon
assessmentprocesses
foreachofits
applicableBESCyber
Systems,buthasnot
documentedthe
resultsofthe
vulnerability
assessments,the
actionplansto
remediateormitigate
vulnerabilities
identifiedinthe
assessments,the
planneddateof
completionofthe
actionplan,andthe
executionstatusof
themitigationplans.
(3.4)
Page28of34

None.
E. Interpretations
None.
None.

Page29of34

standards.
RequirementR1:
BaselineConfiguration
TheconceptofestablishingaCyberAssetsbaselineconfigurationismeanttoprovideclarityon
requirementlanguagefoundinpreviousCIPstandardversions.Modificationofanyitemwithin
anapplicableCyberAssetsbaselineconfigurationprovidesthetriggeringmechanismforwhen
entitiesmustapplychangemanagementprocesses.
BaselineconfigurationsinCIP010consistoffivedifferentitems:Operatingsystem/firmware,
commerciallyavailablesoftwareoropensourceapplicationsoftware,customsoftware,logical
networkaccessibleportidentification,andsecuritypatches.Operatingsysteminformation
identifiesthesoftwareandversionthatisinuseontheCyberAsset.Incaseswherean
independentoperatingsystemdoesnotexist(suchasforaprotectiverelay),thenfirmware
informationshouldbeidentified.Commerciallyavailableoropensourceapplicationsoftware
identifiesapplicationsthatwereintentionallyinstalledonthecyberasset.Theuseoftheterm
intentionalwasmeanttoensurethatonlysoftwareapplicationsthatweredeterminedtobe
necessaryforCyberAssetuseshouldbeincludedinthebaselineconfiguration.TheSDTdoes
notintendfornotepad,calculator,DLL,devicedrivers,orotherapplicationsincludedinan
operatingsystempackageascommerciallyavailableoropensourceapplicationsoftwaretobe
Page30of34
included.Customsoftwareinstalledmayincludescriptsdevelopedforlocalentityfunctionsor
othercustomsoftwaredevelopedforaspecifictaskorfunctionfortheentitysuse.If
additionalsoftwarewasintentionallyinstalledandisnotcommerciallyavailableoropen
source,thenthissoftwarecouldbeconsideredcustomsoftware.Ifaspecificdeviceneedsto
communicatewithanotherdeviceoutsidethenetwork,communicationsneedtobelimitedto
onlythedevicesthatneedtocommunicatepertherequirementinCIP0075.Thoseports
whichareaccessibleneedtobeincludedinthebaseline.Securitypatchesappliedwould
includeallhistoricalandcurrentpatchesthathavebeenappliedonthecyberasset.WhileCIP
0075R2.1requiresentitiestotrack,evaluate,andinstallsecuritypatches,CIP010R1.1.5
requiresentitiestolistallappliedhistoricalandcurrentpatches.
Furtherguidancecanbeunderstoodwiththefollowingexamplethatdetailsthebaseline
configurationforaserialonlymicroprocessorrelay:
Asset#051028atSubstationAlpha
R1.1.1Firmware:[MANUFACTURER][MODEL]XYZ1234567890ABC
R1.1.2NotApplicable
R1.1.3NotApplicable
R1.1.4NotApplicable
R1.1.5Patch12345,Patch67890,Patch34567,Patch437823
Also,foratypicalITsystem,thebaselineconfigurationcouldreferenceanITstandardthat
includesconfigurationdetails.AnentitywouldbeexpectedtoprovidethatITstandardaspart
oftheircomplianceevidence.
CyberSecurityControls
Theuseofcybersecuritycontrolsrefersspecificallytocontrolsreferencedandapplied
accordingtoCIP005andCIP007.Theconceptpresentedintherelevantrequirementsub
partsinCIP010R1isthatanentityistoidentify/verifycontrolsfromCIP005andCIP007that
couldbeimpactedforachangethatdeviatesfromtheexistingbaselineconfiguration.TheSDT
doesnotintendforResponsibleEntitiestoidentify/verifyallcontrolslocatedwithinCIP005
andCIP007foreachchange.TheResponsibleEntityisonlytoidentify/verifythosecontrol(s)
thatcouldbeaffectedbythebaselineconfigurationchange.Forexample,changesthataffect
logicalnetworkportswouldonlyinvolveCIP007R1(PortsandServices),whilechangesthat
affectsecuritypatcheswouldonlyinvolveCIP007R2(SecurityPatchManagement).TheSDT
chosenottoidentifythespecificrequirementsfromCIP005andCIP007inCIP010languageas
theintentoftherelatedrequirementsistobeabletoidentify/verifyanyofthecontrolsin
thosestandardsthatareaffectedasaresultofachangetothebaselineconfiguration.TheSDT
believesitpossiblethatallrequirementsfromCIP005andCIP007maybeidentifiedfora
Page31of34
majorchangetothebaselineconfiguration,andtherefore,CIP005andCIP007wascitedatthe
standardlevelversustherequirementlevel.
TestEnvironment
TheControlCentertestenvironment(orproductionenvironmentwherethetestisperformed
inamannerthatminimizesadverseeffects)shouldmodelthebaselineconfiguration,butmay
haveadifferentsetofcomponents.Forinstance,anentitymayhaveaBESCyberSystemthat
runsadatabaseononecomponentandawebserveronanothercomponent.Thetest
environmentmayhavethesameoperatingsystem,securitypatches,networkaccessibleports,
andsoftware,buthaveboththedatabaseandwebserverrunningonasinglecomponent
insteadofmultiplecomponents.
Additionally,theResponsibleEntityshouldnotethatwhereveratestenvironment(or
productionenvironmentwherethetestisperformedinamannerthatminimizesadverse
effects)ismentioned,therequirementistomodelthebaselineconfigurationandnot
duplicateitexactly.Thislanguagewaschosendeliberatelyinordertoallowforindividual
elementsofaBESCyberSystemataControlCentertobemodeledthatmaynototherwisebe
abletobereplicatedorduplicatedexactly;suchas,butnotlimitedto,alegacymapboard
controllerorthenumerousdatacommunicationlinksfromthefieldortootherControlCenters
(suchasbyICCP).
RequirementR2:
TheSDTsintentofR2istorequireautomatedmonitoringoftheBESCyberSystem.However,
theSDTunderstandsthattheremaybesomeCyberAssetswhereautomatedmonitoringmay
notbepossible(suchasaGPStimeclock).Forthatreason,automatedtechnicalmonitoring
wasnotexplicitlyrequired,andaResponsibleEntitymaychoosetoaccomplishthis
requirementthroughmanualproceduralcontrols.
RequirementR3:
TheResponsibleEntityshouldnotethattherequirementprovidesadistinctionbetweenpaper
andactivevulnerabilityassessments.Thejustificationforthisdistinctioniswelldocumentedin
FERCOrderNo.706anditsassociatedNoticeofProposedRulemaking.Indevelopingtheir
vulnerabilityassessmentprocesses,ResponsibleEntitiesarestronglyencouragedtoincludeat
leastthefollowingelements,severalofwhicharereferencedinCIP005andCIP007:
PaperVulnerabilityAssessment:
1. NetworkDiscoveryAreviewofnetworkconnectivitytoidentifyallElectronicAccess
PointstotheElectronicSecurityPerimeter.
2. NetworkPortandServiceIdentificationAreviewtoverifythatallenabledportsand
serviceshaveanappropriatebusinessjustification.
Page32of34
3. VulnerabilityReviewAreviewofsecurityrulesetsandconfigurationsincluding
controlsfordefaultaccounts,passwords,andnetworkmanagementcommunitystrings.
4. WirelessReviewIdentificationofcommontypesofwirelessnetworks(suchas
802.11a/b/g/n)andareviewoftheircontrolsiftheyareinanywayusedforBESCyber
Systemcommunications.
ActiveVulnerabilityAssessment:
1. NetworkDiscoveryUseofactivediscoverytoolstodiscoveractivedevicesandidentify
communicationpathsinordertoverifythatthediscoverednetworkarchitecture
matchesthedocumentedarchitecture.
2. NetworkPortandServiceIdentificationUseofactivediscoverytools(suchasNmap)
todiscoveropenportsandservices.
3. VulnerabilityScanningUseofavulnerabilityscanningtooltoidentifynetwork
accessibleportsandservicesalongwiththeidentificationofknownvulnerabilities
associatedwithservicesrunningonthoseports.
4. WirelessScanningUseofawirelessscanningtooltodiscoverwirelesssignalsand
networksinthephysicalperimeterofaBESCyberSystem.Servestoidentify
unauthorizedwirelessdeviceswithintherangeofthewirelessscanningtool.
Inaddition,ResponsibleEntitiesarestronglyencouragedtoreviewNISTSP800115for
additionalguidanceonhowtoconductavulnerabilityassessment.

Rationale:
RationaleforR1:
Theconfigurationchangemanagementprocessesareintendedtopreventunauthorized
modificationstoBESCyberSystems.
ThebaselineconfigurationrequirementwasincorporatedfromtheDHSCatalogforControl
SystemsSecurity.Thebaselinerequirementisalsointendedtoclarifypreciselywhenachange
managementprocessmustbeinvokedandwhichelementsoftheconfigurationmustbe
examined.
Referencetopriorversion:(Part1.2)CIP0073,R9;CIP0033,R6
Page33of34
TheSDTaddedrequirementtoexplicitlyauthorizechanges.Thisrequirementwaspreviously
impliedbyCIP0033,RequirementR6.
DocumentmaintenancerequirementduetoaBESCyberSystemchangeisequivalenttothe
requirementsinthepreviousversionsofthestandard.
TheSDTattemptedtoprovideclarityonwhentestingmustoccurandremovedrequirementfor
specifictestproceduresbecauseitisimplicitintheperformanceoftherequirement.
Thisrequirementprovidesclarityonwhentestingmustoccurandrequiresadditionaltestingto
ensurethataccidentalconsequencesofplannedchangesareappropriatelymanaged.
ThischangeaddressesFERCOrderNo.706,Paragraphs397,609,610,and611.
RationaleforR2:
Theconfigurationmonitoringprocessesareintendedtodetectunauthorizedmodificationsto
BESCyberSystems.
ThemonitoringoftheconfigurationoftheBESCyberSystemprovidesanexpress
acknowledgementoftheneedtoconsidermaliciousactionsalongwithintentionalchanges.
ThisrequirementwasaddedafterreviewoftheDHSCatalogofControlSystemSecurityandto
addressFERCOrderNo.706,Paragraph397.
ThirtyfiveCalendardaysallowsforaonceamonthfrequencywithslightflexibilitytoaccount
formonthswith31daysorforbeginningorendingsofmonthsonweekends.
RationaleforR3:
Thevulnerabilityassessmentprocessesareintendedtoactasacomponentinanoverall
programtoperiodicallyensuretheproperimplementationofcybersecuritycontrolsaswellas
tocontinuallyimprovethesecuritypostureofBESCyberSystems.
Page34of34
Thevulnerabilityassessmentperformedforthisrequirementmaybeacomponentof
deficiencyidentification,assessment,andcorrection.
AssuggestedinFERCOrderNo.706,Paragraph644,thedetailsforwhatshouldbeincludedin
theassessmentarelefttoguidance.
FERCOrderNo.706,Paragraphs541,542,543,544,545,and547.
AssuggestedinFERCOrderNo.706,Paragraph644,thedetailsforwhatshouldbeincludedin
theassessmentarelefttoguidance.
FERCOrderNo.706,Paragraphs541,542,543,544,545,and547.
AddedarequirementforanentityplanneddateofcompletionasperthedirectiveinFERCOrder
No.706,Paragraph643.
Version History

Trustees.
Developedto
definethe
configuration
change
managementand
vulnerability
assessment
requirementsin
coordinationwith
otherCIP
standardsandto
addressthe
balanceofthe
FERCdirectivesin
itsOrder706.
CIP0111CyberSecurityInformationProtection
Page1of21
A. I ntroduction
1. Title: CyberSecurityInformationProtection
2. Number: CIP0111
3. Purpose: TopreventunauthorizedaccesstoBESCyberSystemInformationby
specifyinginformationprotectionrequirementsinsupportofprotecting
BESCyberSystemsagainstcompromisethatcouldleadtomisoperation
orinstabilityintheBES.
4. Applicability:
(UVLS)systemthat:
of300MWormore.
unit(s)tobestarted.
Page2of21
oftheBES:
of300MWormore.
unit(s)tobestarted.
AllBESFacilities.
Commission.
Section73.54.
Page3of21
5.EffectiveDates:
2015,orthefirstcalendardayoftheninthcalendarquarteraftertheeffectivedateof
theorderprovidingapplicableregulatoryapproval.
Trusteesapproval,orasotherwisemadeeffectivepursuanttothelawsapplicableto
suchEROgovernmentalauthorities.
6.Background:
Page4of21
CyberSystems.
Page5of21
processes.
MediumImpactBESCyberSystemsAppliestoBESCyberSystemscategorized
asmediumimpactaccordingtotheCIP0025identificationandcategorization
processes.
ElectronicAccessControlorMonitoringSystemassociatedwithareferenced
highimpactBESCyberSystemormediumimpactBESCyberSystem.Examples
mayinclude,butarenotlimitedto,firewalls,authenticationservers,andlog
PhysicalAccessControlSystems(PACS)AppliestoeachPhysicalAccess
ControlSystemassociatedwithareferencedhighimpactBESCyberSystemor
mediumimpactBESCyberSystemwithExternalRoutableConnectivity.
System
Page6of21
documentedinformationprotectionprogram(s)thatcollectivelyincludeseachoftheapplicablerequirementpartsinCIP
0111TableR1InformationProtection.[ViolationRiskFactor:Medium][TimeHorizon:OperationsPlanning].
M1.EvidencefortheinformationprotectionprogrammustincludetheapplicablerequirementpartsinCIP0111TableR1
InformationProtectionandadditionalevidencetodemonstrateimplementationasdescribedintheMeasurescolumnof
thetable.

Page7of21
CIP0111TableR1InformationProtection
theirassociated:
1. EACMS;and
2. PACS
andtheirassociated:
1. EACMS;and
2. PACS
Method(s)toidentifyinformationthat
meetsthedefinitionofBESCyber
SystemInformation.
Examplesofacceptableevidence
include,butarenotlimitedto:
Documentedmethodtoidentify
BESCyberSystemInformation
fromentitysinformation
protectionprogram;or
Indicationsoninformation(e.g.,
labelsorclassification)thatidentify
BESCyberSystemInformationas
designatedintheentitys
informationprotectionprogram;or
Trainingmaterialsthatprovide
personnelwithsufficient
knowledgetorecognizeBESCyber
SystemInformation;or
Repositoryorelectronicand
physicallocationdesignatedfor
housingBESCyberSystem
Informationintheentitys
informationprotectionprogram.

Page8of21
CIP0111TableR1InformationProtection
Part ApplicableSystems Requirement Measure
theirassociated:
1. EACMS;and
2. PACS
andtheirassociated:
1. EACMS;and
2. PACS
Procedure(s)forprotectingand
securelyhandlingBESCyberSystem
Information,includingstorage,transit,
anduse.
Proceduresforprotectingand
securelyhandling,whichinclude
topicssuchasstorage,security
duringtransit,anduseofBES
CyberSystemInformation;or
RecordsindicatingthatBESCyber
SystemInformationishandledina
mannerconsistentwiththeentitys
documentedprocedure(s).

Page9of21

R2. EachResponsibleEntityshallimplementoneormoredocumentedprocessesthatcollectivelyincludetheapplicable
requirementpartsinCIP0111TableR2BESCyberAssetReuseandDisposal.[ViolationRiskFactor:Lower][TimeHorizon:
OperationsPlanning].
requirementpartsinCIP0111TableR2BESCyberAssetReuseandDisposalandadditionalevidencetodemonstrate

CIP0111TableR2BESCyberAssetReuseandDisposal
theirassociated:
1. EACMS;
2. PACS;and
3. PCA
andtheirassociated:
1. EACMS;
2. PACS;and
3. PCA
Priortothereleaseforreuseof
applicableCyberAssetsthatcontain
(exceptforreusewithinother
systemsidentifiedintheApplicable
Systemscolumn),theResponsible
Entityshalltakeactiontopreventthe
unauthorizedretrievalofBESCyber
SystemInformationfromtheCyber
Assetdatastoragemedia.
Recordstrackingsanitization
actionstakentoprevent
unauthorizedretrievalofBES
CyberSystemInformationsuchas
clearing,purging,ordestroying;
or
Recordstrackingactionssuchas
encrypting,retaininginthe
PhysicalSecurityPerimeteror
othermethodsusedtoprevent
unauthorizedretrievalofBES
CyberSystemInformation.

Page10of21
CIP0111TableR2BESCyberAssetReuseandDisposal
theirassociated:
1. EACMS;
2. PACS;and
3. PCA
andtheirassociated:
1. EACMS;
2. PACS;and
3. PCA
Priortothedisposalofapplicable
CyberAssetsthatcontainBESCyber
SystemInformation,theResponsible
Entityshalltakeactiontopreventthe
unauthorizedretrievalofBESCyber
SystemInformationfromtheCyber
Assetordestroythedatastorage
media.
Recordsthatindicatethatdata
storagemediawasdestroyed
priortothedisposalofan
applicableCyberAsset;or
Recordsofactionstakento
preventunauthorizedretrievalof
priortothedisposalofan
applicableCyberAsset.

Page11of21
C. Compliance
serveastheCEA.
thelastaudit.
investigation:
calendaryears.
whicheverislonger.
records.
ComplianceAudit
SelfCertification
SpotChecking
SelfReporting
Complaint
None

Page12of21
R# Time
Horizon
R1 Operations
Planning
Medium N/A

hasimplementeda
BESCyberSystem
Information
protectionprogram
whichincludesoneor
moremethodsto
identifyBESCyber
SystemInformation
andhasidentified
deficienciesbutdid
notassessorcorrect
OR
hasimplementeda
BESCyberSystem
Information
protectionprogram
whichincludesoneor
moremethodsto
identifyBESCyber
SystemInformation
butdidnotidentify,
assess,orcorrectthe
TheResponsible
Entityhasnot
documentedor
implementedaBES
CyberSystem
Information
protectionprogram
(R1).
Page13of21
R# Time
Horizon
deficiencies.(1.1)
OR
hasimplementeda
BESCyberSystem
Information
protectionprogram
whichincludesoneor
moreproceduresfor
protectionandsecure
handlingBESCyber
SystemInformation
andhasidentified
deficienciesbutdid
notassessorcorrect
OR
hasimplementeda
BESCyberSystem
Information
protectionprogram
whichincludesoneor
moreproceduresfor
protectionandsecure
handlingBESCyber
SystemInformation
butdidnotidentify,
Page14of21
R# Time
Horizon
assess,orcorrectthe
deficiencies.(1.2)
R2 Operations
Planning
Lower N/A TheResponsibleEntity
implementedoneormore
documentedprocessesbut
didnotincludeprocesses
forreuseastopreventthe
unauthorizedretrievalof
BESCyberSystem
InformationfromtheBES
CyberAsset.(2.1)
implementedoneor
moredocumented
processesbutdidnot
includedisposalor
mediadestruction
processestoprevent
theunauthorized
retrievalofBESCyber
SystemInformation
fromtheBESCyber
Asset.(2.2)
TheResponsible
Entityhasnot
documentedor
implementedany
processesfor
applicable
requirementparts
inCIP0111Table
R2BESCyber
AssetReuseand
Disposal.(R2)
Page15of21
None.
E. Interpretations
None.
None.
Page16of21
standards.
RequirementR1:
ResponsibleEntitiesarefreetoutilizeexistingchangemanagementandassetmanagement
systems.However,theinformationcontainedwithinthosesystemsmustbeevaluated,asthe
informationprotectionrequirementsstillapply.
ThejustificationforthisrequirementispreexistingfrompreviousversionsofCIPandisalso
documentedinFERCOrderNo.706anditsassociatedNoticeofProposedRulemaking.
ThisrequirementmandatesthatBESCyberSystemInformationbeidentified.TheResponsible
Entityhasflexibilityindetermininghowtoimplementtherequirement.TheResponsibleEntity
shouldexplainthemethodforidentifyingtheBESCyberSystemInformationintheir
informationprotectionprogram.Forexample,theResponsibleEntitymaydecidetomarkor
labelthedocuments.IdentifyingseparateclassificationsofBESCyberSystemInformationis
notspecificallyrequired.However,aResponsibleEntitymaintainstheflexibilitytodosoifthey
desire.AslongastheResponsibleEntitysinformationprotectionprogramincludesall
applicableitems,additionalclassificationlevels(e.g.,confidential,public,internaluseonly,etc.)
canbecreatedthatgoaboveandbeyondtherequirements.Iftheentitychoosestouse
classifications,thenthetypesofclassificationsusedbytheentityandanyassociatedlabeling
shouldbedocumentedintheentitysBESCyberSystemInformationProgram.
Page17of21
TheResponsibleEntitymaystorealloftheinformationaboutBESCyberSystemsinaseparate
repositoryorlocation(physicaland/orelectronic)withaccesscontrolimplemented.For
example,theResponsibleEntitysprogramcoulddocumentthatallinformationstoredinan
identifiedrepositoryisconsideredBESCyberSystemInformation,theprogrammaystatethat
allinformationcontainedinanidentifiedsectionofaspecificrepositoryisconsideredBES
CyberSystemInformation,ortheprogrammaydocumentthatallhardcopiesofinformation
arestoredinasecuredareaofthebuilding.Additionalmethodsforimplementingthe
requirementaresuggestedinthemeasuressection.However,themethodslistedinmeasures
arenotmeanttobeanexhaustivelistofmethodsthattheentitymaychoosetoutilizeforthe
identificationofBESCyberSystemInformation.
TheSDTdoesnotintendthatthisrequirementcoverpubliclyavailableinformation,suchas
vendormanualsthatareavailableviapublicwebsitesorinformationthatisdeemedtobe
publiclyreleasable.
Informationprotectionpertainstobothdigitalandhardcopyinformation.R1.2requiresoneor
moreproceduresfortheprotectionandsecurehandlingBESCyberSystemInformation,
includingstorage,transit,anduse.
TheentityswrittenInformationProtectionProgramshouldexplainhowtheentityhandles
aspectsofinformationprotectionincludingspecifyinghowBESCyberSystemInformationisto
besecurelyhandledduringtransitinordertoprotectagainstunauthorizedaccess,misuse,or
corruptionandtoprotectconfidentialityofthecommunicatedBESCyberSystemInformation.
Forexample,theuseofathirdpartycommunicationserviceproviderinsteadoforganization
ownedinfrastructuremaywarranttheuseofencryptiontopreventunauthorizeddisclosureof
informationduringtransmission.Theentitymaychoosetoestablishatrustedcommunications
pathfortransitofBESCyberSystemInformation.Thetrustedcommunicationspathwould
utilizealogonorothersecuritymeasurestoprovidesecurehandlingduringtransit.Theentity
mayemployalternativephysicalprotectivemeasures,suchastheuseofacourierorlocked
containerfortransmissionofinformation.Itisnottheintentofthisstandardtomandatethe
useofoneparticularformatforsecurehandlingduringtransit.
AgoodInformationProtectionProgramwilldocumentthecircumstancesunderwhichBES
CyberSystemInformationcanbesharedwithorusedbythirdparties.Theorganizationshould
distributeorshareinformationonaneedtoknowbasis.Forexample,theentitymayspecify
thataconfidentialityagreement,nondisclosurearrangement,contract,orwrittenagreement
ofsomekindconcerningthehandlingofinformationmustbeinplacebetweentheentityand
thethirdparty.TheentitysInformationProtectionProgramshouldspecifycircumstancesfor
sharingofBESCyberSystemInformationwithandusebythirdparties,forexample,useofa
nondisclosureagreement.Theentityshouldthenfollowtheirdocumentedprogram.These
requirementsdonotmandateonespecifictypeofarrangement.
RequirementR2:
ThisrequirementallowsforBESCyberSystemstoberemovedfromserviceandanalyzedwith
theirmediaintact,asthatshouldnotconstituteareleaseforreuse.However,followingthe
Page18of21
analysis,ifthemediaistobereusedoutsideofaBESCyberSystemordisposedof,theentity
musttakeactiontopreventtheunauthorizedretrievalofBESCyberSystemInformationfrom
themedia.
ThejustificationforthisrequirementispreexistingfrompreviousversionsofCIPandisalso
documentedinFERCOrderNo.706anditsassociatedNoticeofProposedRulemaking.
IfanapplicableCyberAssetisremovedfromthePhysicalSecurityPerimeterpriortoaction
takentopreventtheunauthorizedretrievalofBESCyberSystemInformationordestroyingthe
datastoragemedia,theresponsibleentityshouldmaintaindocumentationthatidentifiesthe
custodianforthedatastoragemediawhilethedatastoragemediaisoutsideofthePhysical
SecurityPerimeterpriortoactionstakenbytheentityasrequiredinR2.
Mediasanitizationistheprocessusedtoremoveinformationfromsystemmediasuchthat
reasonableassuranceexiststhattheinformationcannotberetrievedorreconstructed.Media
sanitizationisgenerallyclassifiedintofourcategories:Disposal,clearing,purging,and
destroying.Forthepurposesofthisrequirement,disposalbyitself,withtheexceptionof
certainspecialcircumstances,suchastheuseofstrongencryptiononadriveusedinaSANor
othermedia,shouldneverbeconsideredacceptable.Theuseofclearingtechniquesmay
provideasuitablemethodofsanitizationformediathatistobereused,whereaspurging
techniquesmaybemoreappropriateformediathatisreadyfordisposal.
ThefollowinginformationfromNISTSP80088providesadditionalguidanceconcerningthe
typesofactionsthatanentitymighttaketopreventtheunauthorizedretrievalofBESCyber
SystemInformationfromtheCyberAssetdatastoragemedia:
Clear:Onemethodtosanitizemediaistousesoftwareorhardwareproductsto
overwritestoragespaceonthemediawithnonsensitivedata.Thisprocessmayinclude
overwritingnotonlythelogicalstoragelocationofafile(s)(e.g.,fileallocationtable)but
alsomayincludealladdressablelocations.Thesecuritygoaloftheoverwritingprocess
istoreplacewrittendatawithrandomdata.Overwritingcannotbeusedformediathat
aredamagedornotrewriteable.Themediatypeandsizemayalsoinfluencewhether
overwritingisasuitablesanitizationmethod[SP80036].
Purge:DegaussingandexecutingthefirmwareSecureErasecommand(forATAdrives
only)areacceptablemethodsforpurging.Degaussingisexposingthemagneticmediato
astrongmagneticfieldinordertodisrupttherecordedmagneticdomains.Adegausser
isadevicethatgeneratesamagneticfieldusedtosanitizemagneticmedia.Degaussers
areratedbasedonthetype(i.e.,lowenergyorhighenergy)ofmagneticmediatheycan
purge.Degaussersoperateusingeitherastrongpermanentmagnetoran
electromagneticcoil.Degaussingcanbeaneffectivemethodforpurgingdamagedor
inoperativemedia,forpurgingmediawithexceptionallylargestoragecapacities,orfor
quicklypurgingdiskettes.[SP80036]ExecutingthefirmwareSecureErasecommand
(forATAdrivesonly)anddegaussingareexamplesofacceptablemethodsforpurging.
Page19of21
Degaussingofanyharddriveassemblyusuallydestroysthedriveasthefirmwarethat
managesthedeviceisalsodestroyed.
Destroy:Therearemanydifferenttypes,techniques,andproceduresformedia
destruction.Disintegration,Pulverization,Melting,andIncinerationaresanitization
methodsdesignedtocompletelydestroythemedia.Theyaretypicallycarriedoutatan
outsourcedmetaldestructionorlicensedincinerationfacilitywiththespecific
capabilitiestoperformtheseactivitieseffectively,securely,andsafely.Opticalmass
storagemedia,includingcompactdisks(CD,CDRW,CDR,CDROM),opticaldisks
(DVD),andMOdisks,mustbedestroyedbypulverizing,crosscutshreddingorburning.
Insomecasessuchasnetworkingequipment,itmaybenecessarytocontactthe
manufacturerforpropersanitizationprocedure.
Itiscriticalthatanorganizationmaintainarecordofitssanitizationactionstoprevent
unauthorizedretrievalofBESCyberSystemInformation.Entitiesarestronglyencouragedto
reviewNISTSP80088forguidanceonhowtodevelopacceptablemediasanitizationprocesses.
Rationale:
RationaleforR1:
TheSDTsintentoftheinformationprotectionprogramistopreventunauthorizedaccessto
BESCyberSystemInformation.
SummaryofChanges:CIP0034R4,R4.2,andR4.3havebeenmovedtoCIP011R1.CIP0034,
RequirementR4.1wasmovedtothedefinitionofBESCyberSystemInformation.
TheSDTremovedtheexplicitrequirementforclassificationastherewasnorequirementtohave
multiplelevelsofprotection(e.g.,confidential,public,internaluseonly,etc.)Thismodification
doesnotpreventhavingmultiplelevelsofclassification,allowingmoreflexibilityforentitiesto
incorporatetheCIPinformationprotectionprogramintotheirnormalbusiness.
TheSDTchangedthelanguagefromprotectinformationtoProceduresforprotectingand
securelyhandlingtoclarifytheprotectionthatisrequired.
Page20of21
RationaleforR2:
TheintentoftheBESCyberAssetreuseanddisposalprocessistopreventtheunauthorized
disseminationofBESCyberSystemInformationuponreuseordisposal.
ConsistentwithFERCOrderNo.706,Paragraph631,theSDTclarifiedthatthegoalwasto
preventtheunauthorizedretrievalofinformationfromthemedia,removingtheworderase
since,dependingonthemediaitself,erasuremaynotbesufficienttomeetthisgoal.
ConsistentwithFERCOrderNo.706,Paragraph631,theSDTclarifiedthatthegoalwasto
preventtheunauthorizedretrievalofinformationfromthemedia,removingtheworderase
since,dependingonthemediaitself,erasuremaynotbesufficienttomeetthisgoal.
TheSDTalsoremovedtherequirementexplicitlyrequiringrecordsofdestruction/redeployment
asthiswasseenasdemonstrationoftheexistingrequirementandnotarequirementinandof
itself.
Page21of21
Version History

Trustees.
Developedto
definethe
information
protection
requirementsin
coordinationwith
otherCIP
standardsandto
addressthe
balanceofthe
FERCdirectivesin
itsOrder706.

Standard COM-001-1.1 Telecommunications

Page 1 of 6
A. Introduction
1. Title: Telecommunications
2. Number: COM-001-1.1
3. Purpose: Each Reliability Coordinator, Transmission Operator and Balancing Authority
needs adequate and reliable telecommunications facilities internally and with others for the
exchange of Interconnection and operating information necessary to maintain reliability.
4. Applicability
4.4. NERCNet User Organizations.
B. Requirements
R1. Each Reliability Coordinator, Transmission Operator and Balancing Authority shall provide
adequate and reliable telecommunications facilities for the exchange of Interconnection and
operating information:
R1.1. Internally.
R1.2. Between the Reliability Coordinator and its Transmission Operators and Balancing
Authorities.
R1.3. With other Reliability Coordinators, Transmission Operators, and Balancing
Authorities as necessary to maintain reliability.
R1.4. Where applicable, these facilities shall be redundant and diversely routed.
R2. Each Reliability Coordinator, Transmission Operator, and Balancing Authority shall manage,
alarm, test and/or actively monitor vital telecommunications facilities. Special attention shall
be given to emergency telecommunications facilities and equipment not used for routine
communications.
R3. Each Reliability Coordinator, Transmission Operator and Balancing Authority shall provide a
means to coordinate telecommunications among their respective areas. This coordination shall
include the ability to investigate and recommend solutions to telecommunications problems
within the area and with other areas.
R4. Unless agreed to otherwise, each Reliability Coordinator, Transmission Operator, and
Balancing Authority shall use English as the language for all communications between and
among operating personnel responsible for the real-time generation control and operation of the
interconnected Bulk Electric System. Transmission Operators and Balancing Authorities may
use an alternate language for internal operations.
R5. Each Reliability Coordinator, Transmission Operator, and Balancing Authority shall have
written operating instructions and procedures to enable continued operation of the system
during the loss of telecommunications facilities.
R6. Each NERCNet User Organization shall adhere to the requirements in Attachment 1-COM-
001, NERCNet Security Policy.


Page 2 of 6
C. Measures
M1. Each Reliability Coordinator, Transmission Operator and Balancing Authority shall have and
provide upon request evidence that could include, but is not limited to communication facility
test-procedure documents, records of testing, and maintenance records for communication
facilities or equivalent that will be used to confirm that it manages, alarms, tests and/or actively
monitors vital telecommunications facilities. (Requirement 2 part 1)
M2. The Reliability Coordinator, Transmission Operator or Balancing Authority shall have and
provide upon request evidence that could include, but is not limited to operator logs, voice
recordings or transcripts of voice recordings, electronic communications, or equivalent, that
will be used to determine compliance to Requirement 4.
provide upon request its current operating instructions and procedures, either electronic or hard
copy that will be used to confirm that it meets Requirement 5.
M4. The NERCnet User Organization shall have and provide upon request evidence that could
include, but is not limited to documented procedures, operator logs, voice recordings or
transcripts of voice recordings, electronic communications, etc that will be used to determine if
it adhered to the (User Accountability and Compliance) requirements in Attachment 1-COM-
001. (Requirement 6)
D. Compliance
NERC shall be responsible for compliance monitoring of the Regional Reliability Organizations
Regional Reliability Organizations shall be responsible for compliance monitoring of all
other entities
One or more of the following methods will be used to assess compliance:
days of an event or complaint of noncompliance. The entity will have up to 30
calendar days to prepare for the investigation. An entity may request an extension of
the preparation period and the extension will be considered by the Compliance
Monitor on a case-by-case basis.)
The Performance-Reset Period shall be 12 months from the last finding of non-compliance.
1.3. Data Retention
For Measure 1 each Reliability Coordinator, Transmission Operator, Balancing Authority
shall keep evidence of compliance for the previous two calendar years plus the current year.
For Measure 2 each Reliability Coordinator, Transmission Operator, and Balancing
Authority shall keep 90 days of historical data (evidence).

Page 3 of 6
For Measure 3, each Reliability Coordinator, Transmission Operator, Balancing
Authority shall have its current operating instructions and procedures to confirm that it
meets Requirement 5.
For Measure 4, each Reliability Coordinator, Transmission Operator, Balancing Authority
and NERCnet User Organization shall keep 90 days of historical data (evidence).
If an entity is found non-compliant the entity shall keep information related to the noncompliance
until found compliant or for two years plus the current year, whichever is longer.
the Compliance Monitor.
Attachment 1 COM-001 NERCnet Security Policy
2. Levels of Non-Compliance for Transmission Operator, Balancing Authority or Reliability
Coordinator
2.3.1 The Transmission Operator, Balancing Authority or Reliability Coordinator used
a language other then English without agreement as specified in R4.
2.3.2 There are no written operating instructions and procedures to enable continued
operation of the system during the loss of telecommunication facilities as
specified in R5.
2.4. Level 4: Telecommunication systems are not actively monitored, tested, managed or
alarmed as specified in R2.
3. Levels of Non-Compliance NERCnet User Organization
3.4. Level 4: Did not adhere to the requirements in Attachment 1-COM-001, NERCnet
Security Policy.
None Identified.
Version History

Page 4 of 6
1 November 1, 2006 Adopted by Board of Trustees Revised
1 April 6, 2007 Requirement 1, added the word for
between facilities and the exchange.
Errata
1.1 October 29, 2008 BOT adopted errata changes; updated
version number to 1.1
Errata

Page 5 of 6
Attachment 1 COM-001 NERCnet Security Policy
Policy Statement
The purpose of this NERCnet Security Policy is to establish responsibilities and minimum requirements
for the protection of information assets, computer systems and facilities of NERC and other users of the
NERC frame relay network known as NERCnet. The goal of this policy is to prevent misuse and loss
of assets.
For the purpose of this document, information assets shall be defined as processed or unprocessed data
using the NERCnet Telecommunications Facilities including network documentation. This policy shall
also apply as appropriate to employees and agents of other corporations or organizations that may be
directly or indirectly granted access to information associated with NERCnet.
The objectives of the NERCnet Security Policy are:
To ensure that NERCnet information assets are adequately protected on a cost-effective basis and
to a level that allows NERC to fulfill its mission.
To establish connectivity guidelines for a minimum level of security for the network.
To provide a mandate to all Users of NERCnet to properly handle and protect the information that
they have access to in order for NERC to be able to properly conduct its business and provide
services to its customers.
NERCs Security Mission Statement
NERC recognizes its dependency on data, information, and the computer systems used to facilitate
effective operation of its business and fulfillment of its mission. NERC also recognizes the value of the
information maintained and provided to its members and others authorized to have access to NERCnet. It
is, therefore, essential that this data, information, and computer systems, and the manual and technical
infrastructure that supports it, are secure from destruction, corruption, unauthorized access, and accidental
or deliberate breach of confidentiality.
Implementation and Responsibilities
This section identifies the various roles and responsibilities related to the protection of NERCnet
resources.
NERCnet User Organizations
Users of NERCnet who have received authorization from NERC to access the NERC network are
considered users of NERCnet resources. To be granted access, users shall complete a User Application
Form and submit this form to the NERC Telecommunications Manager.
Responsibilities
It is the responsibility of NERCnet User Organizations to:
Use NERCnet facilities for NERC-authorized business purposes only.
Comply with the NERCnet security policies, standards, and guidelines, as well as any procedures
specified by the data owner.
Prevent unauthorized disclosure of the data.
Report security exposures, misuse, or non-compliance situations via Reliability Coordinator
Information System or the NERC Telecommunications Manager.
Protect the confidentiality of all user IDs and passwords.
Maintain the data they own.
Maintain documentation identifying the users who are granted access to NERCnet data or
applications.
Authorize users within their organizations to access NERCnet data and applications.

Page 6 of 6
Advise staff on NERCnet Security Policy.
Ensure that all NERCnet users understand their obligation to protect these assets.
Conduct self-assessments for compliance.
User Accountability and Compliance
All users of NERCnet shall be familiar and ensure compliance with the policies in this document.
Violations of the NERCnet Security Policy shall include, but not be limited to any act that:
Exposes NERC or any user of NERCnet to actual or potential monetary loss through the
compromise of data security or damage.
Involves the disclosure of trade secrets, intellectual property, confidential information or the
unauthorized use of data.
Involves the use of data for illicit purposes, which may include violation of any law, regulation or
reporting requirement of any law enforcement or government body.
Standard COM-001-2 Communications
Page 1 of 11
A. Introduction
1. Title: Communications
2. Number: COM-001-2
3. Purpose: To establish Interpersonal Communication capabilities necessary to
maintain reliability.
4. Applicability:
4.1. Transmission Operator
4.3. Reliability Coordinator
4.4. Distribution Provider
4.5. Generator Operator
5. Effective Date: The first day of the second calendar quarter beyond the date that
this standard is approved by applicable regulatory authorities, or in those jurisdictions
where regulatory approval is not required, the standard becomes effective on the first
day of the first calendar quarter beyond the date this standard is approved by the NERC
Board of Trustees, or as otherwise made effective pursuant to the laws applicable to
such ERO governmental authorities.
B. Requirements
R1. Each Reliability Coordinator shall have Interpersonal Communication capability with
the following entities (unless the Reliability Coordinator detects a failure of its
Interpersonal Communication capability in which case Requirement R10 shall apply):
[Violation Risk Factor: High] [Time Horizon: Real-time Operations]
1.1. All Transmission Operators and Balancing Authorities within its Reliability
Coordinator Area.
1.2. Each adjacent Reliability Coordinator within the same Interconnection.
R2. Each Reliability Coordinator shall designate an Alternative Interpersonal
Communication capability with the following entities: [Violation Risk Factor: High]
[Time Horizon: Real-time Operations]
2.1. All Transmission Operators and Balancing Authorities within its Reliability
Coordinator Area.
2.2. Each adjacent Reliability Coordinator within the same Interconnection.
R3. Each Transmission Operator shall have Interpersonal Communication capability with
the following entities (unless the Transmission Operator detects a failure of its
Interpersonal Communication capability in which case Requirement R10 shall apply):
3.1. Its Reliability Coordinator.
3.2. Each Balancing Authority within its Transmission Operator Area.
Page 2 of 11
3.3. Each Distribution Provider within its Transmission Operator Area.
3.4. Each Generator Operator within its Transmission Operator Area.
3.5. Each adjacent Transmission Operator synchronously connected.
3.6. Each adjacent Transmission Operator asynchronously connected.
R4. Each Transmission Operator shall designate an Alternative Interpersonal
Communication capability with the following entities: [Violation Risk Factor: High]
4.2. Each Balancing Authority within its Transmission Operator Area.
4.3. Each adjacent Transmission Operator synchronously connected.
4.4. Each adjacent Transmission Operator asynchronously connected.
R5. Each Balancing Authority shall have Interpersonal Communication capability with the
following entities (unless the Balancing Authority detects a failure of its Interpersonal
Communication capability in which case Requirement R10 shall apply): [Violation
Risk Factor: High] [Time Horizon: Real-time Operations]
5.2. Each Transmission Operator that operates Facilities within its Balancing
Authority Area.
5.3. Each Distribution Provider within its Balancing Authority Area.
5.4. Each Generator Operator that operates Facilities within its Balancing Authority
Area.
5.5. Each Adjacent Balancing Authority.
R6. Each Balancing Authority shall designate an Alternative Interpersonal Communication
capability with the following entities: [Violation Risk Factor: High] [Time Horizon:
Real-time Operations]
1.2. Each Transmission Operator that operates Facilities within its Balancing
Authority Area.
1.3. Each Adjacent Balancing Authority.
R7. Each Distribution Provider shall have Interpersonal Communication capability with the
following entities (unless the Distribution Provider detects a failure of its Interpersonal
Risk Factor: Medium] [Time Horizon: Real-time Operations]
7.1. Its Balancing Authority.
7.2. Its Transmission Operator.
R8. Each Generator Operator shall have Interpersonal Communication capability with the
following entities (unless the Generator Operator detects a failure of its Interpersonal
Page 3 of 11
8.1. Its Balancing Authority.
8.2. Its Transmission Operator.
R9. Each Reliability Coordinator, Transmission Operator, and Balancing Authority shall
test its Alternative Interpersonal Communication capability at least once each calendar
month. If the test is unsuccessful, the responsible entity shall initiate action to repair or
designate a replacement Alternative Interpersonal Communication capability within 2
hours. [Violation Risk Factor: Medium][Time Horizon: Real-time Operations, Same-
day Operations]
notify entities as identified in Requirements R1, R3, and R5, respectively within 60
minutes of the detection of a failure of its Interpersonal Communication capability that
lasts 30 minutes or longer. [Violation Risk Factor: Medium] [Time Horizon: Real-
time Operations]
R11. Each Distribution Provider and Generator Operator that detects a failure of its
Interpersonal Communication capability shall consult each entity affected by the
failure, as identified in Requirement R7 for a Distribution Provider or Requirement R8
for a Generator Operator, to determine a mutually agreeable action for the restoration
of its Interpersonal Communication capability. [Violation Risk Factor: Medium]
C. Measures
M1. Each Reliability Coordinator shall have and provide upon request evidence that it has
Interpersonal Communication capability with all Transmission Operators and
Balancing Authorities within its Reliability Coordinator Area and with each adjacent
Reliability Coordinator within the same Interconnection, which could include, but is
not limited to:
physical assets, or
dated evidence, such as, equipment specifications and installation documentation,
test records, operator logs, voice recordings, transcripts of voice recordings, or
electronic communications. (R1.)
M2. Each Reliability Coordinator shall have and provide upon request evidence that it
designated an Alternative Interpersonal Communication capability with all
Transmission Operators and Balancing Authorities within its Reliability Coordinator
Area and with each adjacent Reliability Coordinator within the same Interconnection,
which could include, but is not limited to:
physical assets, or
Page 4 of 11
M3. Each Transmission Operator shall have and provide upon request evidence that it has
Interpersonal Communication capability with its Reliability Coordinator, each
Balancing Authority, Distribution Provider, and Generator Operator within its
Transmission Operator Area, and each adjacent Transmission Operator asynchronously
or synchronously connected, which could include, but is not limited to:
physical assets, or
electronic communication. (R3.)
M4. Each Transmission Operator shall have and provide upon request evidence that it
designated an Alternative Interpersonal Communication capability with its Reliability
Coordinator, each Balancing Authority within its Transmission Operator Area, and
each adjacent Transmission Operator asynchronously and synchronously connected,
which could include, but is not limited to:
physical assets, or
M5. Each Balancing Authority shall have and provide upon request evidence that it has
Interpersonal Communication capability with its Reliability Coordinator, each
Transmission Operator and Generator Operator that operates Facilities within its
Balancing Authority Area, each Distribution Provider within its Balancing Authority
Area, and each adjacent Balancing Authority, which could include, but is not limited
to:
physical assets, or
M6. Each Balancing Authority shall have and provide upon request evidence that it
designated an Alternative Interpersonal Communication capability with its Reliability
Coordinator, each Transmission Operator that operates Facilities within its Balancing
Authority Area, and each adjacent Balancing Authority, which could include, but is not
limited to:
physical assets, or
M7. Each Distribution Provider shall have and provide upon request evidence that it has
Interpersonal Communication capability with its Transmission Operator and its
Balancing Authority, which could include, but is not limited to:
Page 5 of 11
physical assets, or
M8. Each Generator Operator shall have and provide upon request evidence that it has
Interpersonal Communication capability with its Balancing Authority and its
Transmission Operator, which could include, but is not limited to:
physical assets, or
M9. Each Reliability Coordinator, Transmission Operator, and Balancing Authority shall
have and provide upon request evidence that it tested, at least once each calendar
month, its Alternative Interpersonal Communication capability designated in
Requirements R2, R4, or R6. If the test was unsuccessful, the entity shall have and
provide upon request evidence that it initiated action to repair or designated a
replacement Alternative Interpersonal Communication capability within 2 hours.
Evidence could include, but is not limited to: dated and time-stamped test records,
operator logs, voice recordings, transcripts of voice recordings, or electronic
communications. (R9.)
have and provide upon request evidence that it notified entities as identified in
Requirements R1, R3, and R5, respectively within 60 minutes of the detection of a
failure of its Interpersonal Communication capability that lasted 30 minutes or longer.
Evidence could include, but is not limited to: dated and time-stamped test records,
operator logs, voice recordings, transcripts of voice recordings, or electronic
communications. (R10.)
M11. Each Distribution Provider and Generator Operator that detected a failure of its
Interpersonal Communication capability shall have and provide upon request evidence
that it consulted with each entity affected by the failure, as identified in Requirement
R7 for a Distribution Provider or Requirement R8 for a Generator Operator, to
determine mutually agreeable action to restore the Interpersonal Communication
capability. Evidence could include, but is not limited to: dated operator logs, voice
recordings, transcripts of voice recordings, or electronic communications. (R11.)
D. Compliance
Entity. In such cases, the ERO or a Regional Entity approved by FERC or other
Page 6 of 11
Compliance Audit
Self-Certification
Spot Checking
Self-Reporting
Complaint
1.3. Data Retention
The Reliability Coordinator, Transmission Operator, Balancing Authority,
Distribution Provider, and Generator Operator shall keep data or evidence to show
compliance as identified below unless directed by its Compliance Enforcement
investigation:
The Reliability Coordinator for Requirements R1, R2, R9, and R10,
Measures M1, M2, M9, and M10 shall retain written documentation for the
most recent twelve calendar months and voice recordings for the most recent
90 calendar days.
The Transmission Operator for Requirements R3, R4, R9, and R10,
Measures M3, M4, M9, and M10 shall retain written documentation for the
most recent twelve calendar months and voice recordings for the most recent
90 calendar days.
The Balancing Authority forRequirements R5, R6, R9, and R10, Measures
M5, M6, M9, and M10 shall retain written documentation for the most
recent twelve calendar months and voice recordings for the most recent 90
calendar days.
The Distribution Provider for Requirements R7 and R11, Measures M7 and
M11 shall retain written documentation for the most recent twelve calendar
months and voice recordings for the most recent 90 calendar days.
The Generator Operator for Requirements R8 and R11, Measures M8 and
M11 shall retain written documentation for the most recent twelve calendar
months and voice recordings for the most recent 90 calendar days.
If a Reliability Coordinator, Transmission Operator, Balancing Authority,
Distribution Provider, or Generator Operator is found non-compliant, it shall keep
information related to the non-compliance until mitigation is complete and
approved or for the time specified above, whichever is longer.
requested and submitted subsequent audit records.
None.
Page 7 of 11

R1 N/A N/A
The Reliability Coordinator failed to
have Interpersonal Communication
capability with one of the entities
listed in Requirement R1, Parts 1.1 or
1.2, except when the Reliability
Coordinator detected a failure of its
Interpersonal Communication
capability in accordance with
Requirement R10.
capability with two or more of the
entities listed in Requirement R1,
Parts 1.1 or 1.2, except when the
Reliability Coordinator detected a
failure of its Interpersonal
Communication capability in
accordance with Requirement R10.
R2 N/A N/A
designate Alternative Interpersonal
Communication capability with one of
the entities listed in Requirement R2,
Parts 2.1 or 2.2.
Communication capability with two or
more of the entities listed in
Requirement R2, Parts 2.1 or 2.2.
R3 N/A N/A
The Transmission Operator failed to
listed in Requirement R3, Parts 3.1,
3.2, 3.3, 3.4, 3.5, or 3.6, except when
the Transmission Operator detected
a failure of its Interpersonal
Parts 3.1, 3.2, 3.3, 3.4, 3.5, or 3.6,
except when the Transmission
Operator detected a failure of its
Requirement R10.
R4 N/A N/A
Parts 4.1, 4.2, 4.3, or 4.4.
Requirement R4, Parts 4.1, 4.2, 4.3,
or 4.4.
Page 8 of 11
R5 N/A N/A
listed in Requirement R5, Parts 5.1,
5.2, 5.3, 5.4, or 5.5, except when the
Balancing Authority detected a failure
of its Interpersonal Communication
Requirement R10.
Parts 5.1, 5.2, 5.3, 5.4, or 5.5, except
when the Balancing Authority
detected a failure of its Interpersonal
R6 N/A N/A
Parts 6.1, 6.2, or 6.3.
Requirement R6, Parts 6.1, 6.2, or
6.3.
R7 N/A N/A
The Distribution Provider failed to
7.2, except when the Distribution
Provider detected a failure of its
Requirement R11.
The Distribution Provider failed to
Parts 7.1 or 7.2, except when the
Distribution Provider detected a
Page 9 of 11
R8 N/A N/A
The Generator Operator failed to
8.2, except when a Generator
Operator detected a failure of its
Requirement R11.
The Generator Operator failed to
Parts 8.1 or 8.2, except when a
Generator Operator detected a failure
of its Interpersonal Communication
Requirement R11.
R9
The Reliability Coordinator,
Transmission Operator, or Balancing
Authority tested the Alternative
capability but failed to initiate action
to repair or designate a replacement
Alternative Interpersonal
Communication in more than 2 hours
and less than or equal to 4 hours
upon an unsuccessful test.
Authority failed to test the Alternative
capability once each calendar month.
OR
R10
Authority failed to notify the entities
identified in Requirements R1, R3,
and R5, respectively upon the
detection of a failure of its
capability in more than 60 minutes
but less than or equal to 70 minutes.
capability in more than 90 minutes.
Page 10 of 11
R11 N/A N/A N/A
The Distribution Provider or
Generator Operator that detected a
Communication capability failed to
consult with each entity affected by
the failure, as identified in
Requirement R7 for a Distribution
Provider or Requirement R8 for a
Generator Operator, to determine a
mutually agreeable action for the
restoration of the Interpersonal
Communication capability.

Page 11 of 11
None identified.
Version History
0 August 8, 2005 Removed Proposed from Effective
Date
Errata
1 April 6, 2007 Requirement 1, added the word for
between facilities and the exchange.
Errata
1.1

October 29, 2008

BOT adopted errata changes; updated
Errata
2 November 7, 2012 Adopted by Board of Trustees Revised in accordance
with SAR for Project
2006-06, Reliability
Coordination (RC
SDT). Replaced R1
with R1-R8; R2
replaced by R9; R3
included within new
R1; R4 remains enforce
pending Project 2007-
02; R5 redundant with
EOP-008-0, retiring R5
as redundant with
EOP-008-0, R1;
retiring R6, relates to
ERO procedures; R10
& R11, new.

Standard COM-002-2 Communications and Coordination
Adopted by Board of Trustees: November 1, 2006 Page1 of 3
Effective Date: January 1, 2007
A. Introduction
1. Title: Communication and Coordination
3. Purpose: To ensure Balancing Authorities, Transmission Operators, and Generator
Operators have adequate communications and that these communications capabilities are
staffed and available for addressing a real-time emergency condition. To ensure
communications by operating personnel are effective.
4. Applicability
5. Effective Date: January 1, 2007
B. Requirements
R1. Each Transmission Operator, Balancing Authority, and Generator Operator shall have
communications (voice and data links) with appropriate Reliability Coordinators, Balancing
Authorities, and Transmission Operators. Such communications shall be staffed and available
for addressing a real-time emergency condition.
R1.1. Each Balancing Authority and Transmission Operator shall notify its Reliability
Coordinator, and all other potentially affected Balancing Authorities and
Transmission Operators through predetermined communication paths of any condition
that could threaten the reliability of its area or when firm load shedding is anticipated.
R2. Each Reliability Coordinator, Transmission Operator, and Balancing Authority shall issue
directives in a clear, concise, and definitive manner; shall ensure the recipient of the directive
repeats the information back correctly; and shall acknowledge the response as correct or repeat
the original statement to resolve any misunderstandings.
C. Measures
M1. Each Transmission Operator, Balancing Authority and Generator Operator shall have
communication facilities (voice and data links) with appropriate Reliability Coordinators,
Balancing Authorities, and Transmission Operators and shall have and provide as evidence, a list
of communication facilities or other equivalent evidence that confirms that the communications
have been provided to address a real-time emergency condition. (Requirement 1, part 1)
M2. The Balancing Authority and Transmission Operator shall have and provide upon request
evidence that could include but is not limited to, operator logs, voice recordings or transcripts
of voice recordings, electronic communications, or other equivalent evidence that will be used
to determine if it notified its Reliability Coordinator, and all other potentially affected
Balancing Authorities and Transmission Operators of a condition that could threaten the
reliability of its area or when firm load shedding was anticipated. (Requirement 1.1)
D. Compliance
1.3. Data Retention
Each Balancing Authority, Transmission Operator and Generator Operator shall keep
evidence of compliance for the previous two calendar years plus the current year. (Measure 1)
Each Balancing Authority and Transmission Operator shall keep 90 days of historical
data. (Measure 2).
noncompliance until found compliant or for two years plus the current year, whichever is longer.
None.
2. Levels of Non-Compliance for Transmission Operator and Balancing Authority:
2.4. Level 4: Communication did not occur as specified in R1.1.
3. Levels of Non-Compliance for Generator Operator:
3.4. Level 4: Communication facilities are not provided to address a real-time emergency
condition as specified in R1.
None identified.
Version History
1 February 7, 2006 Adopted by Board of Trustees Revised

Standard COM-002-2a Communications and Coordination
Page 1 of 4
A. Introduction
2. Number: COM-002-2a
3. Purpose: To ensure Balancing Authorities, Transmission Operators, and Generator
Operators have adequate communications and that these communications capabilities are
staffed and available for addressing a real-time emergency condition. To ensure
communications by operating personnel are effective.
4. Applicability
B. Requirements
R1. Each Transmission Operator, Balancing Authority, and Generator Operator shall have
communications (voice and data links) with appropriate Reliability Coordinators, Balancing
Authorities, and Transmission Operators. Such communications shall be staffed and available
for addressing a real-time emergency condition.
R1.1. Each Balancing Authority and Transmission Operator shall notify its Reliability
Coordinator, and all other potentially affected Balancing Authorities and
Transmission Operators through predetermined communication paths of any condition
that could threaten the reliability of its area or when firm load shedding is anticipated.
directives in a clear, concise, and definitive manner; shall ensure the recipient of the directive
repeats the information back correctly; and shall acknowledge the response as correct or repeat
the original statement to resolve any misunderstandings.
C. Measures
M1. Each Transmission Operator, Balancing Authority and Generator Operator shall have
communication facilities (voice and data links) with appropriate Reliability Coordinators,
Balancing Authorities, and Transmission Operators and shall have and provide as evidence, a list
of communication facilities or other equivalent evidence that confirms that the communications
have been provided to address a real-time emergency condition. (Requirement 1, part 1)
M2. The Balancing Authority and Transmission Operator shall have and provide upon request
of voice recordings, electronic communications, or other equivalent evidence that will be used
to determine if it notified its Reliability Coordinator, and all other potentially affected
Balancing Authorities and Transmission Operators of a condition that could threaten the
reliability of its area or when firm load shedding was anticipated. (Requirement 1.1)
D. Compliance
Page 2 of 4
1.3. Data Retention
Each Balancing Authority, Transmission Operator and Generator Operator shall keep
evidence of compliance for the previous two calendar years plus the current year. (Measure 1)
Each Balancing Authority and Transmission Operator shall keep 90 days of historical
data. (Measure 2).
noncompliance until found compliant or for two years plus the current year, whichever is longer.
None.
2. Levels of Non-Compliance for Transmission Operator and Balancing Authority:
2.4. Level 4: Communication did not occur as specified in R1.1.
3. Levels of Non-Compliance for Generator Operator:
3.4. Level 4: Communication facilities are not provided to address a real-time emergency
condition as specified in R1.
Page 3 of 4
None identified.
Version History
1 February 7, 2006 Adopted by Board of Trustees Revised
2a February 9, 2012 Interpretation of R2 adopted by Board of
Trustees
Project 2009-22

Page 4 of 4
Appendix 1

directives in a clear, concise, and definitive manner; shall ensure the recipient of the directive repeats the
information back correctly; and shall acknowledge the response as correct or repeat the original statement
to resolve any misunderstandings.
Question:
Please clarify whether routine operating instructions are directives or whether directives are limited
to actual and anticipated emergency operating conditions.
Response:
COM-002-2 R2 does not specify the conditions under which a directive is issued, nor does it define
directive. It only provides that the requirements be followed when a directive is issued to address a real-
time emergency. Routine operating instructions during normal operations would not require the
communications protocols for repeat backs as specified in R2.

Standard COM-002-3 Communication and Coordination
1 of 5
A. Introduction
3. Purpose: To ensure Emergency communications between operating personnel are
effective.
4. Applicability
5. Effective Date: The first day of the second calendar quarter beyond the date that this
standard is approved by applicable regulatory authorities, or in those jurisdictions
B. Requirements
R1. When a Reliability Coordinator, Transmission Operator, or Balancing Authority requires
actions to be executed as a Reliability Directive, the Reliability Coordinator,
Transmission Operator, or Balancing Authority shall identify the action as a Reliability
Directive to the recipient. [Violation Risk Factor: High][Time Horizon: Real-Time]
R2. Each Balancing Authority, Transmission Operator, Generator Operator, and Distribution
Provider that is the recipient of a Reliability Directive shall repeat, restate, rephrase, or
recapitulate the Reliability Directive. [Violation Risk Factor: High][Time Horizon:
Real-Time]
R3. Each Reliability Coordinator, Transmission Operator, and Balancing Authority that
issues a Reliability Directive shall either: [Violation Risk Factor: High][Time
Horizon: Real-Time]
Confirm that the response from the recipient of the Reliability Directive (in
accordance with Requirement R2) was accurate, or
Reissue the Reliability Directive to resolve a misunderstanding.
C. Measures
M1. When a Reliability Coordinator, Transmission Operator, or Balancing Authority
required actions to be executed as a Reliability Directive, the Reliability Coordinator,
Transmission Operator, or Balancing Authority shall have evidence to show that it
identified the action as a Reliability Directive to the recipient. Such evidence could
include, but is not limited to, dated and time-stamped voice recordings, time-stamped
transcripts of voice recordings, or dated operator logs. (R1.)
2 of 5
M2. Each Balancing Authority, Transmission Operator, Generator Operator, and
Distribution Provider that was the recipient of a Reliability Directive shall have
evidence to show that the recipient repeated, restated, rephrased, or recapitulated the
Reliability Directive to the issuer of the Reliability Directive. Such evidence could
include, but is not limited to, dated and time-stamped voice recordings or transcripts of
voice recordings, or dated operator logs. (R2.)
M3. Each Reliability Coordinator, Transmission Operator, and Balancing Authority that
issued a Reliability Directive shall have evidence that the issuer either confirmed that
the response from the recipient of the Reliability Directive was accurate or reissued the
Reliability Directive to resolve a misunderstanding. Such evidence could include, but
is not limited to, such as dated and time-stamped voice recordings, or dated and time-
stamped transcripts of voice recordings, or dated operator logs to show. (R3.)
D. Compliance
Compliance Audit
Self-Certification
Spot Checking
Self-Reporting
Complaint
1.3. Data Retention
the last audit.
Each Reliability Coordinator, Balancing Authority, Transmission Operator,
Generator Operator, and Distribution Provider shall keep data or evidence to show
investigation:
3 of 5
The Reliability Coordinator, Transmission Operator, and Balancing
Authority shall retain evidence of Requirement R1 and R3, Measure M1 and
M3 for the most recent 3 calendar months.
The Balancing Authority, Transmission Operator, Generator Operator, and
Distribution Provider shall retain evidence of Requirement R2, Measure M2
for the most recent 3 calendar months.
If a Reliability Coordinator, Balancing Authority, Transmission Operator,
Generator Operator, and Distribution Provider is found non-compliant, it shall
keep information related to the non-compliance until mitigation is complete and
None.
4 of 5
2. Violation Severity Levels:
R# Lower Moderate High Severe
R1 N/A N/A N/A
Transmission Operator, or
Balancing Authority that
required actions to be
executed as a Reliability
Directive failed to identify the
action as a Reliability Directive
to the recipient.
R2 N/A N/A N/A
The Transmission Operator,
Generator Operator, or
Distribution Provider that was
the recipient of a Reliability
Directive failed to repeat,
restate, rephrase, or
recapitulate the Reliability
Directive.
R3 N/A N/A
Balancing Authority issued a
Reliability Directive, but did
not confirm that the response
from the recipient of the
Reliability Directive (in
accordance with Requirement
R2) was accurate.
Balancing Authority issued a
Reliability Directive and failed
to reissue the Reliability
Directive to resolve a
misunderstanding when the
recipient did not repeat the
Reliability Directive accurately.

Page 5 of 5

None identified.
Version History
Date
Errata
1 February 7,
2006
Adopted by Board of Trustees Added measures and
compliance elements
2 November 1,
2006
Adopted by Board of Trustees Revised in accordance
with SAR for Project
2006-06, Reliability
Coordination (RC
SDT). Retired R1,
R1.1, M1, M2 and
updated the compliance
monitoring
information. Replaced
R2 with new R1, R2
and R3.
2a

February 9,
2012

Interpretation of R2 adopted by Board
of Trustees

Project 2009-22

3 November 7,
2012
Adopted by Board of Trustees

Standard EOP-001-2.1b Emergency Operations Planning
1

A. Introduction
1. Title: Emergency Operations Planning
2. Number: EOP-001-2.1b
3. Purpose: Each Transmission Operator and Balancing Authority needs to develop,
maintain, and implement a set of plans to mitigate operating emergencies. These plans need to
be coordinated with other Transmission Operators and Balancing Authorities, and the
Reliability Coordinator.
4. Applicability
5. Proposed Effective Date: Twenty-four months after the first day of the first calendar quarter
following applicable regulatory approval. In those jurisdictions where no regulatory approval
is required, all requirements go into effect twenty-four months after Board of Trustees
adoption.
B. Requirements
R1. Balancing Authorities shall have operating agreements with adjacent Balancing Authorities
that shall, at a minimum, contain provisions for emergency assistance, including provisions to
obtain emergency assistance from remote Balancing Authorities.
R2. Each Transmission Operator and Balancing Authority shall:
R2.1. Develop, maintain, and implement a set of plans to mitigate operating emergencies for
insufficient generating capacity.
R2.2. Develop, maintain, and implement a set of plans to mitigate operating emergencies on
the transmission system.
R2.3. Develop, maintain, and implement a set of plans for load shedding.
R3. Each Transmission Operator and Balancing Authority shall have emergency plans that will
enable it to mitigate operating emergencies. At a minimum, Transmission Operator and
Balancing Authority emergency plans shall include:
R3.1. Communications protocols to be used during emergencies.
R3.2. A list of controlling actions to resolve the emergency. Load reduction, in sufficient
quantity to resolve the emergency within NERC-established timelines, shall be one of
the controlling actions.
R3.3. The tasks to be coordinated with and among adjacent Transmission Operators and
R3.4. Staffing levels for the emergency.
R4. Each Transmission Operator and Balancing Authority shall include the applicable elements in
Attachment 1-EOP-001 when developing an emergency plan.
R5. The Transmission Operator and Balancing Authority shall annually review and update each
emergency plan. The Transmission Operator and Balancing Authority shall provide a copy of
its updated emergency plans to its Reliability Coordinator and to neighboring Transmission
Operators and Balancing Authorities.
2

R6. The Transmission Operator and Balancing Authority shall coordinate its emergency plans with
other Transmission Operators and Balancing Authorities as appropriate. This coordination
includes the following steps, as applicable:
R6.1. The Transmission Operator and Balancing Authority shall establish and maintain
reliable communications between interconnected systems.
R6.2. The Transmission Operator and Balancing Authority shall arrange new interchange
agreements to provide for emergency capacity or energy transfers if existing
agreements cannot be used.
R6.3. The Transmission Operator and Balancing Authority shall coordinate transmission
and generator maintenance schedules to maximize capacity or conserve the fuel in
short supply. (This includes water for hydro generators.)
R6.4. The Transmission Operator and Balancing Authority shall arrange deliveries of
electrical energy or fuel from remote systems through normal operating channels.
C. Measures
M1. The Transmission Operator and Balancing Authority shall have its emergency plans available
for review by the Regional Reliability Organization at all times.
M2. The Transmission Operator and Balancing Authority shall have its two most recent annual self-
assessments available for review by the Regional Reliability Organization at all times.
D. Compliance
The Regional Reliability Organization shall review and evaluate emergency plans every
three years to ensure that the plans consider the applicable elements of Attachment 1-
EOP-001.
The Regional Reliability Organization may elect to request self-certification of the
Transmission Operator and Balancing Authority in years that the full review is not done.
Reset: one calendar year.
1.3. Data Retention
Current plan available at all times.
Not specified.

3

Requirement Lower Moderate High Severe
R1 The Balancing Authority
failed to demonstrate the
existence of the necessary
operating agreements for less
than 25% of the adjacent
BAs.
Or less than 25% of those
agreements do not contain
provisions for emergency
assistance.
operating agreements for 25%
to 50% of the adjacent BAs.

Or 25 to 50% of those
assistance.
to 75% of the adjacent BAs.

Or 50% to 75% of those
assistance.
or more of the adjacent BAs.

Or more than 75% of those
assistance.
R2 The Transmission Operator or
Balancing Authority failed to
comply with one (1) of the
sub-components.
The Transmission Operator or
comply with two (2) of the
sub-components.
N/A The Transmission Operator or
Balancing Authority has
failed to comply with three
(3) of the sub-components.
R2.1 The Transmission Operator or
Balancing Authoritys
emergency plans to mitigate
insufficient generating
capacity are missing minor
details or minor
program/procedural elements.
Balancing Authority's has
demonstrated the existence of
capacity emergency plans but
the plans are not maintained.
Balancing Authority's
capacity emergency plans are
neither maintained nor
implemented.
failed to develop emergency
mitigation plans for
capacity.
Balancing Authoritys plans
to mitigate transmission
system emergencies are
missing minor details or
minor program/procedural
elements.
transmission system
emergency plans but are not
maintained.
Balancing Authority's
transmission system
emergency plans are neither
maintained nor implemented.
failed to develop, maintain,
and implement operating
emergency mitigation plans
for emergencies on the
transmission system.
4

Balancing Authoritys load
shedding plans are missing
minor details or minor
load shedding plans but are
not maintained.
Balancing Authority's load
shedding plans are partially
compliant with the
requirement but are neither
maintained nor implemented.
failed to develop, maintain,
and implement load shedding
plans.
R3 The Transmission Operator or
comply with one (1) of the
sub-components.
comply with two (2) of the
sub-components.
failed to comply with three
failed to comply with all four
communication protocols
included in the emergency
plan are missing minor
N/A N/A The Transmission Operator or
failed to include
communication protocols in
its emergency plans to
mitigate operating
emergencies.
Balancing Authoritys list of
controlling actions has
resulted in meeting the intent
of the requirement but is
missing minor
N/A The Transmission Operator or
Balancing Authority provided
a list of controlling actions,
however the actions fail to
resolve the emergency within
NERC-established timelines.
failed to provide a list of
controlling actions to resolve
the emergency.
5

demonstrated coordination
with Transmission Operators
and Balancing Authorities but
is missing minor
N/A N/A The Transmission Operator or
tasks to be coordinated with
adjacent Transmission
Operator and Balancing
Authorities as directed by the
requirement.
emergency plan does not
include staffing levels for the
emergency
N/A N/A N/A
R4 The Transmission Operator
and Balancing Authoritys
emergency plan has complied
with 90% or more of the
number of sub-components.
The Transmission Operator
with 70% to 90% of the
number of sub-components.
with between 50% to 70% of
the number of sub-
components.
with 50% or less of the
number of sub-components
and Balancing Authority is
missing minor
and Balancing Authority has
failed to annually review one
of it's emergency plans
failed to annually review two
of its emergency plans or
communicate with one of it's
neighboring Balancing
Authorities.
failed to annually review
and/or communicate any
emergency plans with its
Reliability Coordinator,
neighboring Transmission
Operators or Balancing
Authorities.
and/or the Balancing
Authority failed to comply
with one (1) of the sub-
components.
Authority failed to comply
with two (2) of the sub-
components.
Authority has failed to
comply with three (3) of the
sub-components.
comply with four (4) or more
of the sub-components.
6

failed to establish and
maintain reliable
communication between
interconnected systems.
N/A N/A N/A
failed to arrange new
interchange agreements to
provide for emergency
capacity or energy transfers
with required entities when
existing agreements could not
be used.
N/A N/A N/A
failed to coordinate
transmission and generator
maintenance schedules to
maximize capacity or
conserve fuel in short supply.
N/A N/A N/A
failed to arrange for
deliveries of electrical energy
or fuel from remote systems
through normal operating
channels.
N/A N/A N/A
7

None identified.
Version History
0 February 8,
2005
Adopted by the Board of Trustees New
1 October 17,
2008
Deleted R2
Replaced Levels of Non-compliance with
the February 28, 2008 BOT approved
Violation Severity Levels
Corrected typographical errors in BOT
approved version of VSLs
Revised
IROL Project
2 August 5, 2009 Removed R2.4 as redundant with EOP-
005-2 Requirement R1 for the
Transmission Operator; the Balancing
Authority does not need a restoration
plan.
Revised
Project 2006-03
2 August 5, 2009 Adopted by NERC Board of Trustees:
August 5, 2009
Revised
2 March 17, 2011 FERC Order issued approving EOP-
001-2 (Clarification issued on July 13,
2011)
Revised
2b November 4,
2010
Adopted by NERC Board of Trustees Project 2008-09 -
Interpretation of
Requirement R1
2b November 4,
2010
Adopted by NERC Board of Trustees Project 2009-28 -
Interpretation of
Requirement R2.2
2b December 15,
2011
FERC Order issued approving Interpretation
of R1 and R2.2 (Order effective December
15, 2011)
Project 2008-09 -
Interpretation of
Requirement R1 and
Project 2009-28 -
Interpretation of
Requirement R2.2
2.1b March 8, 2012
Errata adopted by Standards Committee;
(changed title and references to Attachment
1 to omit inclusion of version numbers and
corrected references in Appendix 1
Question 4 from EOP-001-0 to EOP-
001-2)
Errata
8

2.1b September 13,
2012
FERC approved
Errata

9

Attachment 1-EOP-001
Elements for Consideration in Development of Emergency Plans
1. Fuel supply and inventory An adequate fuel supply and inventory plan that recognizes reasonable
delays or problems in the delivery or production of fuel.
2. Fuel switching Fuel switching plans for units for which fuel supply shortages may occur, e.g., gas
and light oil.
3. Environmental constraints Plans to seek removal of environmental constraints for generating units
and plants.
4. System energy use The reduction of the systems own energy use to a minimum.
5. Public appeals Appeals to the public through all media for voluntary load reductions and energy
conservation including educational messages on how to accomplish such load reduction and
conservation.
6. Load management Implementation of load management and voltage reductions, if appropriate.
7. Optimize fuel supply The operation of all generating sources to optimize the availability.
8. Appeals to customers to use alternate fuels In a fuel emergency, appeals to large industrial and
commercial customers to reduce non-essential energy use and maximize the use of customer-owned
generation that rely on fuels other than the one in short supply.
9. Interruptible and curtailable loads Use of interruptible and curtailable customer load to reduce
capacity requirements or to conserve the fuel in short supply.
10. Maximizing generator output and availability The operation of all generating sources to maximize
output and availability. This should include plans to winterize units and plants during extreme cold
weather.
11. Notifying IPPs Notification of cogeneration and independent power producers to maximize output
and availability.
12. Requests of government Requests to appropriate government agencies to implement programs to
achieve necessary energy reductions.
13. Load curtailment A mandatory load curtailment plan to use as a last resort. This plan should
address the needs of critical loads essential to the health, safety, and welfare of the community.
Address firm load curtailment.
14. Notification of government agencies Notification of appropriate government agencies as the
various steps of the emergency plan are implemented.
15. Notifications to operating entities Notifications to other operating entities as steps in emergency
plan are implemented.

10

Appendix 1
R1. Balancing Authorities shall have operating agreements with adjacent Balancing Authorities
that shall, at a minimum, contain provisions for emergency assistance, including provisions to obtain
emergency assistance from remote Balancing Authorities.
Questions:
1. What is the definition of emergency assistance in the context of this standard? What scope and
time horizons, if any, are considered necessary in this definition?
2. What was intended by using the adjective adjacent in Requirement 1? Does adjacent
Balancing Authorities mean All or something else? Is there qualifying criteria to determine if
a very small adjacent Balancing Authority area has enough capacity to offer emergency
assistance?
3. What is the definition of the word remote as stated in the last phrase of Requirement 1? Does
remote mean every Balancing Authority whos area does not physically touch the Balancing
Authority attempting to comply with this Requirement?
4. Would a Balancing Authority that participates in a Reserve Sharing Group Agreement, which
meets the requirements of Reliability Standard BAL-002-0, Requirement 2, have to establish
additional operating agreements to achieve compliance with Reliability Standard EOP-001-2,
Requirement 1?
Responses:
1. In the context of this standard, emergency assistance is emergency energy. Emergency energy
would normally be arranged for during the current operating day. The agreement should describe
the conditions under which the emergency energy will be delivered to the responsible Balancing
Authority.
2. The intent is that all Balancing Authorities, interconnected by AC ties or DC (asynchronous) ties
within the same Interconnection, have emergency energy assistance agreements with at least one
Adjacent Balancing Authority and have sufficient emergency energy assistance agreements to
mitigate reasonably anticipated energy emergencies. However, the standard does not require
emergency energy assistance agreements with all Adjacent Balancing Authorities, nor does it
preclude having an emergency assistance agreement across Interconnections.
3. A remote Balancing Authority is a Balancing Authority other than an Adjacent Balancing
Authority. A Balancing Authority is not required to have arrangements in place to obtain
emergency energy assistance with any remote Balancing Authorities. A Balancing Authoritys
agreement(s) with Adjacent Balancing Authorities does (do) not preclude the Adjacent Balancing
Authority from purchasing emergency energy from remote Balancing Authorities.
4. A Reserve Sharing Group agreement that contains provisions for emergency assistance may be
used to meet Requirement R1 of EOP-001-2.

11

Appendix 2

R2.2. Develop, maintain, and implement a set of plans to mitigate operating emergencies on the
transmission system.
Questions:
Does the BA need to develop a plan to maintain a load-interchange-generation balance during
operating emergencies and follow the directives of the TOP?
Questions:
The answer to both parts of the question is yes. The Balancing Authority is required by the standard
to develop, maintain, and implement a plan. The plan must consider the relationships and
coordination with the Transmission Operator for actions directly taken by the Balancing Authority.
The Balancing Authority must take actions either as directed by the Transmission Operator or the
Reliability Coordinator (reference TOP-001-1, Requirement R3), or as previously agreed to with the
Transmission Operator or the Reliability Coordinator to mitigate transmission emergencies. As
stated in Requirement R4, the emergency plan shall include the applicable elements in Attachment 1
EOP-001.

Standard EOP-002-3.1 Capacity and Energy Emergencies
Page 1 of 12

A. Introduction
1. Title: Capacity and Energy Emergencies
2. Number: EOP-002-3.1
3. Purpose: To ensure Reliability Coordinators and Balancing Authorities are prepared for
capacity and energy emergencies.
4. Applicability
4.3. Load-Serving Entities.
5. (Proposed) Effective Date: First day of the first calendar quarter six months following
applicable regulatory approval; or, in those jurisdictions where no regulatory approval is
required, the first day of the first calendar quarter six months following Board of Trustees
adoption.
B. Requirements
R1. Each Balancing Authority and Reliability Coordinator shall have the responsibility and clear
decision-making authority to take whatever actions are needed to ensure the reliability of its
respective area and shall exercise specific authority to alleviate capacity and energy
emergencies.
R2. Each Balancing Authority shall, when required and as appropriate, take one or more actions as
described in its capacity and energy emergency plan to reduce risks to the interconnected
system.
R3. A Balancing Authority that is experiencing an operating capacity or energy emergency shall
communicate its current and future system conditions to its Reliability Coordinator and
neighboring Balancing Authorities.
R4. A Balancing Authority anticipating an operating capacity or energy emergency shall perform
all actions necessary including bringing on all available generation, postponing equipment
maintenance, scheduling interchange purchases in advance, and being prepared to reduce firm
load.
R5. A deficient Balancing Authority shall only use the assistance provided by the Interconnections
frequency bias for the time needed to implement corrective actions. The Balancing Authority
shall not unilaterally adjust generation in an attempt to return Interconnection frequency to
normal beyond that supplied through frequency bias action and Interchange Schedule changes.
Such unilateral adjustment may overload transmission facilities.
R6. If the Balancing Authority cannot comply with the Control Performance and Disturbance
Control Standards, then it shall immediately implement remedies to do so. These remedies
include, but are not limited to:
R6.1. Loading all available generating capacity.
R6.2. Deploying all available operating reserve.
R6.3. Interrupting interruptible load and exports.
R6.4. Requesting emergency assistance from other Balancing Authorities.
R6.5. Declaring an Energy Emergency through its Reliability Coordinator; and
Page 2 of 12

R6.6. Reducing load, through procedures such as public appeals, voltage reductions,
curtailing interruptible loads and firm loads.
R7. Once the Balancing Authority has exhausted the steps listed in Requirement 6, or if these steps
cannot be completed in sufficient time to resolve the emergency condition, the Balancing
Authority shall:
R7.1. Manually shed firm load without delay to return its ACE to zero; and
R7.2. Request the Reliability Coordinator to declare an Energy Emergency Alert in
accordance with Attachment 1-EOP-002 Energy Emergency Alerts.
R8. A Reliability Coordinator that has any Balancing Authority within its Reliability Coordinator
area experiencing a potential or actual Energy Emergency shall initiate an Energy Emergency
Alert as detailed in Attachment 1-EOP-002 Energy Emergency Alerts. The Reliability
Coordinator shall act to mitigate the emergency condition, including a request for emergency
assistance if required.
R9. When a Transmission Service Provider expects to elevate the transmission service priority of
an Interchange Transaction from Priority 6 (Network Integration Transmission Service from
Non-designated Resources) to Priority 7 (Network Integration Transmission Service from
designated Network Resources) as permitted in its transmission tariff:
R9.1. The deficient Load-Serving Entity shall request its Reliability Coordinator to initiate
an Energy Emergency Alert in accordance with Attachment 1-EOP-002 Energy
Emergency Alerts.
R9.2. The Reliability Coordinator shall submit the report to NERC for posting on the NERC
Website, noting the expected total MW that may have its transmission service priority
changed.
R9.3. The Reliability Coordinator shall use EEA 1 to forecast the change of the priority of
transmission service of an Interchange Transaction on the system from Priority 6 to
Priority 7.
R9.4. The Reliability Coordinator shall use EEA 2 to announce the change of the priority of
transmission service of an Interchange Transaction on the system from Priority 6 to
Priority 7.
C. Measures
M1. Each Reliability Coordinator and Balancing Authority shall have and provide upon request
evidence that could include but is not limited to, job descriptions, signed agreements, authority
letter signed by an appropriate officer of the company, or other equivalent evidence that will be
used to confirm that it meets Requirement 1.
M2. If a Reliability Coordinator or Balancing Authority implements one or more actions described
in its Capacity and Energy Emergency plan, that entity shall have and provide upon request
of voice recordings, electronic communications, computer printouts or other equivalent
evidence that will be used to determine if the actions it took to relieve emergency conditions
were in conformance with its Capacity and Energy Emergency Plan. (Requirement 2)
M3. If a Balancing Authority experiences an operating Capacity or Energy Emergency it shall have
and provide upon request evidence that could include, but is not limited to operator logs, voice
recordings or transcripts of voice recordings, electronic communications, or other equivalent
evidence that will be used to determine if it met Requirement 3.
Page 3 of 12

M4. The Balancing Authority shall have and provide upon request evidence (such as operator logs,
work orders, E-Tags, or other evidence) that it took the actions described in R4 in response to
anticipating a capacity or energy emergency.
dispatch instructions, or other evidence) that it only used the assistance provided by the
Interconnection frequency bias for the time needed to implement corrective actions and did not
attempt to return Interconnection frequency to normal through unilateral adjustment of
generation beyond that supplied through the frequency bias action and Interchange Schedule
changes. (Requirement 5)
dispatch instructions, or other evidence) that it took actions such as those listed in R6 to
comply with CPS and DCS.
voice recordings, or other evidence) that it took the actions listed in R7 when unable to resolve
an emergency condition.
M8. If a Reliability Coordinator has any Balancing Authority within its Reliability Coordinator
Area that has notified the Reliability Coordinator of a potential or actual Energy Emergency,
the Reliability Coordinator involved in the event shall have and provide upon request evidence
that could include, but is not limited to operator logs, voice recordings or transcripts of voice
recordings, electronic communications, or other equivalent evidence to determine if it initiated
an Energy Emergency Alert as specified in Requirement 8 and as detailed in Attachment 1-
EOP-002 Energy Emergency Alerts.
M9. If a Transmission Service Provider expects to elevate the transmission service priority of an
Interchange Transaction from Priority 6 (Network Integration Transmission Service from Non-
designated Resources) to Priority 7 (Network Integration Transmission Service from
designated Network Resources), the Reliability Coordinator involved in the event shall have
and provide upon request evidence that could include, but is not limited to, NERC reports,
EEA reports, operator logs, voice recordings or transcripts of voice recordings, electronic
communications, or other equivalent evidence that will be used to determine if that Reliability
Coordinator met Requirements 9.2, 9.3 and 9.4.
D. Compliance
Regional Entity
Not Applicable.
1.3. Compliance Monitoring and Enforcement Process
Compliance Audits
Self-Certifications
Spot Checking
Self-Reporting
Page 4 of 12

Complaints
1.4. Data Retention
For Measure 1, each Reliability Coordinator and Balancing Authority shall keep
The current in-force documents.
For Measure 2, 8 and 9 the Reliability Coordinator shall keep 90 days of historical data.
For Measure 3, 4, 5, 6, and 7 the Balancing Authority shall keep 90 days of historical
data.
noncompliance until found compliant or for two years plus the current year, whichever is
longer.
None.
None identified.
Version History
1 September 19, 2006 Changes R7. to refer to Requirement 6 instead
of Requirement 7
Errata
2 November 1, 2006 Corrected numbering in Section A.4.
Applicability.
Errata
2 October 1, 2007 Added to Section 1 inadvertently omitted 4.3.
Load-Serving Entities
Errata
2.1 October 29, 2008 BOT adopted errata changes; updated version
number to 2.1
Errata
2.1 May 13, 2009 FERC Approved Revised
3 June 4, 2010 Modified to address Order No. 693 Directives
contained in paragraphs 582.
Revised.
3 August 5, 2010
New
3.1 March 8, 2012
(Updated title of Attachment 1 and changed
Errata
Page 5 of 12

references to Attachment 1 throughout Standard
from Attachment 1-EOP-002-0 Energy
Emergency Alert Levels to Attachment 1-
EOP-002 Energy Emergency Alerts. Removed
parenthetical in Requirement R9 referencing a
retired Attachment in IRO-006)
3.1 September 13, 2012
FERC Approved
Errata

Page 6 of 12

Energy Emergency Alerts

Introduction
This Attachment provides the procedures by which a Load Serving Entity can obtain capacity and
energy when it has exhausted all other options and can no longer provide its customers expected
energy requirements. NERC defines this situation as an Energy Emergency. NERC assumes that a
capacity deficiency will manifest itself as an energy emergency.
The Energy Emergency Alert Procedure is initiated by the Load Serving Entitys Reliability
Coordinator, who declares various Energy Emergency Alert levels as defined in Section B, Energy
Emergency Alert Levels, to provide assistance to the Load Serving Entity.
The Load Serving Entity who requests this assistance is referred to as an Energy Deficient Entity.
NERC recognizes that Transmission Providers are subject to obligations under FERC-approved tariffs
and other agreements, and nothing in these procedures should be interpreted as changing those
obligations.
A. General Requirements
1. Initiation by Reliability Coordinator. An Energy Emergency Alert may be initiated only
by a Reliability Coordinator at 1) the Reliability Coordinators own request, or 2) upon the
request of a Balancing Authority, or 3) upon the request of a Load Serving Entity.
1.1. Situations for initiating alert. An Energy Emergency Alert may be initiated for the
following reasons:
When the Load Serving Entity is, or expects to be, unable to provide its
customers energy requirements, and has been unsuccessful in locating other
systems with available resources from which to purchase, or
The Load Serving Entity cannot schedule the resources due to, for example,
Available Transfer Capability (ATC) limitations or transmission loading relief
limitations.
2. Notification. A Reliability Coordinator who declares an Energy Emergency Alert shall notify
all Balancing Authorities and Transmission Providers in its Reliability Area. The Reliability
Coordinator shall also notify all other Reliability Coordinators of the situation via the
Reliability Coordinator Information System (RCIS). Additionally, conference calls between
Reliability Coordinators shall be held as necessary to communicate system conditions. The
Reliability Coordinator shall also notify the other Reliability Coordinators when the alert has
ended.
B. Energy Emergency Alert Levels
Introduction
To ensure that all Reliability Coordinators clearly understand potential and actual energy emergencies
in the Interconnection, NERC has established three levels of Energy Emergency Alerts. The
Reliability Coordinators will use these terms when explaining energy emergencies to each other. An
Energy Emergency Alert is an emergency procedure, not a daily operating practice, and is not
intended as an alternative to compliance with NERC reliability standards or power supply contracts.
The Reliability Coordinator may declare whatever alert level is necessary, and need not proceed
through the alerts sequentially.
1. Alert 1 All available resources in use.
Page 7 of 12

Circumstances:
Balancing Authority, Reserve Sharing Group, or Load Serving Entity foresees or is experiencing
conditions where all available resources are committed to meet firm load, firm transactions, and
reserve commitments, and is concerned about sustaining its required Operating Reserves, and
Non-firm wholesale energy sales (other than those that are recallable to meet reserve
requirements) have been curtailed.
2. Alert 2 Load management procedures in effect.
Circumstances:
Balancing Authority, Reserve Sharing Group, or Load Serving Entity is no longer able to provide
its customers expected energy requirements, and is designated an Energy Deficient Entity.
Energy Deficient Entity foresees or has implemented procedures up to, but excluding,
interruption of firm load commitments. When time permits, these procedures may include, but
are not limited to:
o Public appeals to reduce demand.
o Voltage reduction.
o Interruption of non-firm end use loads in accordance with applicable contracts
1
o Demand-side management.
.
o Utility load conservation measures.
During Alert 2, Reliability Coordinators, Balancing Authorities, and Energy Deficient Entities have
the following responsibilities:
2.1 Notifying other Balancing Authorities and market participants. The Energy Deficient Entity
shall communicate its needs to other Balancing Authorities and market participants. Upon
request from the Energy Deficient Entity, the respective Reliability Coordinator shall post the
declaration of the alert level along with the name of the Energy Deficient Entity and, if
applicable, its Balancing Authority on the NERC website.
2.2 Declaration period. The Energy Deficient Entity shall update its Reliability Coordinator of the
situation at a minimum of every hour until the Alert 2 is terminated. The Reliability Coordinator
shall update the energy deficiency information posted on the NERC website as changes occur
and pass this information on to the affected Reliability Coordinators, Balancing Authority, and
Transmission Providers.
2.3 Sharing information on resource availability. A Balancing Authority and market participants
with available resources shall immediately contact the Energy Deficient Entity. This should
include the possibility of selling non-firm (recallable) energy out of available Operating
Reserves. The Energy Deficient Entity shall notify the Reliability Coordinators of the results.
2.4 Evaluating and mitigating transmission limitations. The Reliability Coordinators shall
review all System Operating Limits (SOLs) and Interconnection Reliability Operating Limits
(IROLs) and transmission loading relief procedures in effect that may limit the Energy Deficient
Entitys scheduling capabilities. Where appropriate, the Reliability Coordinators shall inform

1
For emergency, not economic, reasons.
Page 8 of 12

the Transmission Providers under their purview of the pending Energy Emergency and request
that they increase their ATC by actions such as restoring transmission elements that are out of
service, reconfiguring their transmission system, adjusting phase angle regulator tap positions,
implementing emergency operating procedures, and reviewing generation redispatch options.
2.4.1 Notification of ATC adjustments. Resulting increases in ATCs shall be simultaneously
communicated to the Energy Deficient Entity and the market via posting on the
appropriate OASIS websites by the Transmission Providers.
2.4.2 Availability of generation redispatch options. Available generation redispatch options
shall be immediately communicated to the Energy Deficient Entity by its Reliability
Coordinator.
2.4.3 Evaluating impact of current transmission loading relief events. The Reliability
Coordinators shall evaluate the impact of any current transmission loading relief events
on the ability to supply emergency assistance to the Energy Deficient Entity. This
evaluation shall include analysis of system reliability and involve close communication
among Reliability Coordinators and the Energy Deficient Entity.
2.4.4 Initiating inquiries on reevaluating SOLs and IROLs. The Reliability Coordinators
shall consult with the Balancing Authorities and Transmission Providers in their
Reliability Areas about the possibility of reevaluating and revising SOLs or IROLs.
2.5 Coordination of emergency responses. The Reliability Coordinator shall communicate and
coordinate the implementation of emergency operating responses.
2.6 Energy Deficient Entity actions. Before declaring an Alert 3, the Energy Deficient Entity must
make use of all available resources. This includes but is not limited to:
2.6.1 All available generation units are on line. All generation capable of being on line in
the time frame of the emergency is on line including quick-start and peaking units,
regardless of cost.
2.6.2 Purchases made regardless of cost. All firm and non-firm purchases have been made,
regardless of cost.
2.6.3 Non-firm sales recalled and contractually interruptible loads and demand-side
management curtailed. All non-firm sales have been recalled, contractually
interruptible retail loads curtailed, and demand-side management activated within
provisions of the agreements.
2.6.4 Operating Reserves. Operating reserves are being utilized such that the Energy
Deficient Entity is carrying reserves below the required minimum or has initiated
emergency assistance through its operating reserve sharing program.
3. Alert 3 Firm load interruption imminent or in progress.

Circumstances:
Balancing Authority or Load Serving Entity foresees or has implemented firm load obligation
interruption. The available energy to the Energy Deficient Entity, as determined from Alert 2, is only
accessible with actions taken to increase transmission transfer capabilities.
3.1 Continue actions from Alert 2. The Reliability Coordinators and the Energy Deficient Entity
shall continue to take all actions initiated during Alert 2. If the emergency has not already been
posted on the NERC website (see paragraph 2.1), the respective Reliability Coordinators will, at
this time, post on the website information concerning the emergency.
Page 9 of 12

3.2 Declaration Period. The Energy Deficient Entity shall update its Reliability Coordinator of the
situation at a minimum of every hour until the Alert 3 is terminated. The Reliability Coordinator
shall update the energy deficiency information posted on the NERC website as changes occur
and pass this information on to the affected Reliability Coordinators (via the RCIS), Balancing
Authorities, and Transmission Providers.
3.3 Use of Transmission short-time limits. The Reliability Coordinators shall request the
appropriate Transmission Providers within their Reliability Area to utilize available short-time
transmission limits or other emergency operating procedures in order to increase transfer
capabilities into the Energy Deficient Entity.
3.4 Reevaluating and revising SOLs and IROLs. The Reliability Coordinator of the Energy
Deficient Entity shall evaluate the risks of revising SOLs and IROLs on the reliability of the
overall transmission system. Reevaluation of SOLs and IROLs shall be coordinated with other
Reliability Coordinators and only with the agreement of the Balancing Authority or
Transmission Operator whose equipment would be affected. The resulting increases in transfer
capabilities shall only be made available to the Energy Deficient Entity who has requested an
Energy Emergency Alert 3 condition. SOLs and IROLs shall only be revised as long as an Alert
3 condition exists or as allowed by the Balancing Authority or Transmission Operator whose
equipment is at risk. The following are minimum requirements that must be met before SOLs or
IROLs are revised:
3.4.1 Energy Deficient Entity obligations. The deficient Balancing Authority or Load
Serving Entity must agree that, upon notification from its Reliability Coordinator of the
situation, it will immediately take whatever actions are necessary to mitigate any undue
risk to the Interconnection. These actions may include load shedding.
3.4.2 Mitigation of cascading failures. The Reliability Coordinator shall use its best efforts to
ensure that revising SOLs or IROLs would not result in any cascading failures within the
Interconnection.
3.5 Returning to pre-emergency Operating Security Limits. Whenever energy is made available
to an Energy Deficient Entity such that the transmission systems can be returned to their pre-
emergency SOLs or IROLs, the Energy Deficient Entity shall notify its respective Reliability
Coordinator and downgrade the alert.
3.5.1 Notification of other parties. Upon notification from the Energy Deficient Entity that
an alert has been downgraded, the Reliability Coordinator shall notify the affected
Reliability Coordinators (via the RCIS), Balancing Authorities, and Transmission
Providers that their systems can be returned to their normal limits.
3.6 Reporting. Any time an Alert 3 is declared, the Energy Deficient Entity shall submit the report
enclosed in this Attachment to its respective Reliability Coordinator within two business days of
downgrading or termination of the alert. Upon receiving the report, the Reliability Coordinator
shall review it for completeness and immediately forward it to the NERC staff for posting on the
NERC website. The Reliability Coordinator shall present this report to the Reliability
Coordinator Working Group at its next scheduled meeting.
4. Alert 0 - Termination. When the Energy Deficient Entity believes it will be able to supply its
customers energy requirements, it shall request of its Reliability Coordinator that the EEA be
terminated.
4.1. Notification. The Reliability Coordinator shall notify all other Reliability Coordinators
via the RCIS of the termination. The Reliability Coordinator shall also notify the
Page 10 of 12

affected Balancing Authorities and Transmission Operators. The Alert 0 shall also be
posted on the NERC website if the original alert was so posted.
C. Energy Emergency Alert 3 Report
A Deficient Balancing Authority or Load Serving Entity declaring an Energy Emergency Alert 3 must
complete the following report. Upon completion of this report, it is to be sent to the Reliability
Coordinator for review within two business days of the incident.
Requesting Balancing Authority:

Entity experiencing energy deficiency (if different from Balancing Authority):

Date/Time Implemented:

Date/Time Released:

Declared Deficiency Amount (MW):

Total energy supplied by other Balancing Authority during the Alert 3 period:

Conditions that precipitated call for Energy Deficiency Alert 3:

If Energy Deficiency Alert 3 had not been called, would firm load be cut? If no, explain:

Explain what action was taken in each step to avoid calling for Energy Deficiency Alert 3:

Page 11 of 12

1. All generation capable of being on line in the time frame of the energy deficiency
was on line (including quick start and peaking units) without regard to cost.

2. All firm and nonfirm purchases were made regardless of cost.

3. All nonfirm sales were recalled within provisions of the sale agreement.

4. Interruptible load was curtailed where either advance notice restrictions were met
or the interruptible load was considered part of spinning reserve.

5. Available load reduction programs were exercised (public appeals, voltage
reductions, etc.).

6. Operating Reserves being utilized.

Comments:

Page 12 of 12

Reported By: Organization:
Title:

Standard EOP-003-1 Load Shedding Plans
Adopted by Board of Trustees: November 1, 2006 Page 1 of 3
Effecti ve Date: January 1, 2007
A. Introduction
1. Title: Load Shedding Plans
2. Number: EOP-003-1
3. Purpose: A Balancing Authority and Transmission Operator operating with
insufficient generation or transmission capacity must have the capability and authority
to shed load rather than risk an uncontrolled failure of the Interconnection.
4. Applicability
5. Effective Date: J anuary 1, 2007
B. Requirements
R1. After taking all other remedial steps, a Transmission Operator or Balancing Authority
operating with insufficient generation or transmission capacity shall shed customer
load rather than risk an uncontrolled failure of components or cascading outages of the
Interconnection.
R2. Each Transmission Operator and Balancing Authority shall establish plans for
automatic load shedding for underfrequency or undervoltage conditions.
R3. Each Transmission Operator and Balancing Authority shall coordinate load shedding
plans among other interconnected Transmission Operators and Balancing Authorities.
R4. A Transmission Operator or Balancing Authority shall consider one or more of these
factors in designing an automatic load shedding scheme: frequency, rate of frequency
decay, voltage level, rate of voltage decay, or power flow levels.
R5. A Transmission Operator or Balancing Authority shall implement load shedding in
steps established to minimize the risk of further uncontrolled separation, loss of
generation, or system shutdown.
R6. After a Transmission Operator or Balancing Authority Area separates from the
Interconnection, if there is insufficient generating capacity to restore system frequency
following automatic underfrequency load shedding, the Transmission Operator or
Balancing Authority shall shed additional load.
R7. The Transmission Operator and Balancing Authority shall coordinate automatic load
shedding throughout their areas with underfrequency isolation of generating units,
tripping of shunt capacitors, and other automatic actions that will occur under abnormal
frequency, voltage, or power flow conditions.
R8. Each Transmission Operator or Balancing Authority shall have plans for operator-
controlled manual load shedding to respond to real-time emergencies. The
Transmission Operator or Balancing Authority shall be capable of implementing the
load shedding in a timeframe adequate for responding to the emergency.
C. Measures
M1. Each Transmission Operator and Balancing Authority that has or directs the
deployment of undervoltage and/or underfrequency load shedding facilities, shall have
and provide upon request, its automatic load shedding plans.(Requirement 2)
M2. Each Transmission Operator and Balancing Authority shall have and provide upon
request its manual load shedding plans that will be used to confirm that it meets
Requirement 8. (Part 1)
D. Compliance
Regional Reliability Organizations shall be responsible for compliance
monitoring.
- Self-certification (Conducted annually with submission according to
schedule.)
- Spot Check Audits (Conducted anytime with up to 30 days notice given to
prepare.)
- Triggered Investigations (Notification of an investigation must be made
within 60 days of an event or complaint of noncompliance. The entity will
have up to 30 days to prepare for the investigation. An entity may request an
extension of the preparation period and the extension will be considered by
the Compliance Monitor on a case-by-case basis.)
compliance.
1.3. Additional Reporting Requirement
No additional reporting required.
1.4. Data Retention
Each Balancing Authority and Transmission Operator shall have its current, in-
force load shedding plans.
noncompliance until found compliant or for two years plus the current year,
None.
2.3. Level 3: Not Applicable.
2.4.1 Does not have an automatic load shedding plan as specified in R2.
2.4.2 Does not have manual load shedding plans as specified in R8.

None identified.
Version History
Date
Errata
1 November 1,
2006
Adopted by Board of Trustees Revised

1 of 5
A. Introduction
1. Title: Load Shedding Plans
3. Purpose: A Balancing Authority and Transmission Operator operating with insufficient
generation or transmission capacity must have the capability and authority to shed load rather
than risk an uncontrolled failure of the Interconnection.
4. Applicability:
5. Effective Date: One year following the first day of the first calendar quarter after
applicable regulatory approvals (or the standard otherwise becomes effective the first day of
the first calendar quarter after NERC Board of Trustees adoption in those jurisdictions where
regulatory approval is not required).
B. Requirements
R1. After taking all other remedial steps, a Transmission Operator or Balancing Authority
operating with insufficient generation or transmission capacity shall shed customer load rather
than risk an uncontrolled failure of components or cascading outages of the Interconnection.
[Violation Risk Factor: High]
R2. Each Transmission Operator shall establish plans for automatic load shedding for
undervoltage conditions if the Transmission Operator or its associated Transmission
Planner(s) or Planning Coordinator(s) determine that an under-voltage load shedding scheme
is required. [Violation Risk Factor: High]
R3. Each Transmission Operator and Balancing Authority shall coordinate load shedding plans,
excluding automatic under-frequency load shedding plans, among other interconnected
Transmission Operators and Balancing Authorities. [Violation Risk Factor: High]
R4. A Transmission Operator shall consider one or more of these factors in designing an automatic
under voltage load shedding scheme: voltage level, rate of voltage decay, or power flow
levels. [Violation Risk Factor: High]
R5. A Transmission Operator or Balancing Authority shall implement load shedding, excluding
automatic under-frequency load shedding, in steps established to minimize the risk of further
uncontrolled separation, loss of generation, or system shutdown. [Violation Risk Factor:
High]
R6. After a Transmission Operator or Balancing Authority Area separates from the
Interconnection, if there is insufficient generating capacity to restore system frequency
following automatic underfrequency load shedding, the Transmission Operator or Balancing
Authority shall shed additional load. [Violation Risk Factor: High]
R7. The Transmission Operator shall coordinate automatic undervoltage load shedding throughout
their areas with tripping of shunt capacitors, and other automatic actions that will occur under
abnormal voltage, or power flow conditions. [Violation Risk Factor: High]
R8. Each Transmission Operator or Balancing Authority shall have plans for operator controlled
manual load shedding to respond to real-time emergencies. The Transmission Operator or
2 of 5
Balancing Authority shall be capable of implementing the load shedding in a timeframe
adequate for responding to the emergency. [Violation Risk Factor: High]
C. Measures
M1. Each Transmission Operator that has or directs the deployment of undervoltage load shedding
facilities, shall have and provide upon request, its automatic load shedding plans.
(Requirement 2)
M2. Each Transmission Operator and Balancing Authority shall have and provide upon request its
manual load shedding plans that will be used to confirm that it meets Requirement 8. (Part 1)
D. Compliance
1.2. Compliance Monitoring
Self-certification (Conducted annually with submission according to schedule.)
Spot Check Audits (Conducted anytime with up to 30 days notice given to
prepare.)
Periodic Audit (Conducted once every three years according to schedule.)
Triggered Investigations (Notification of an investigation must be made within
60 days of an event or complaint of noncompliance. The entity will have up to
30 days to prepare for the investigation. An entity may request an extension of
1.3. Additional Reporting Requirement
No additional reporting required.
1.4. Data Retention
Each Balancing Authority and Transmission Operator shall have its current, in-force
load shedding plans.
noncompliance until found compliant or for two years plus the current year, whichever
is longer.
investigated for one year from the date that the investigation is closed, as determined
by the Compliance Monitor.
None
3 of 5


R1. N/A N/A N/A The Transmission Operator or
shed customer load.
R2 N/A N/A N/A The Transmission Operator did
not establish plans for automatic
load shedding for undervoltage
conditions as directed by the
requirement.
R3. The responsible entity did not
coordinate load shedding plans,
as directed by the requirement,
affecting 5% or less of its
required entities.
The responsible entity did not
affecting more than 5% up to
(and including) 10% of its
required entities.
affecting more than 10%, up to
(and including) 15% or less, of
its required entities.
affecting more than 15% of its
required entities.
R4. N/A N/A N/A The Transmission Operator
failed to consider at least one of
the three elements voltage level,
rate of voltage decay, or power
flow levels) listed in the
requirement.
implement load shedding in
steps established to minimize the
risk of further uncontrolled
separation, loss of generation, or
system shutdown.
4 of 5

shed additional load after it had
separated from the
Interconnection when there was
insufficient generating capacity
to restore system frequency
following automatic
underfrequency load shedding.
R7. The Transmission Operator did
not coordinate automatic
undervoltage load shedding with
5% or less of the types of
automatic actions described in
the Requirement.
The Transmission Operator did
more than 5% up to (and
including) 10% of the types of
the Requirement.
including) 15% of the types of
the Requirement.
more than 15% of the types of
the Requirement.
R8. N/A The responsible entity did not
have plans for operator
controlled manual load
shedding, as directed by the
requirement.
The responsible entity has plans
for manual load shedding but did
not have the capability to
implement the load shedding, as
directed by the requirement.
have plans for operator
controlled manual load
requirement nor had the
capability to implement the load
requirement.

5 of 5

None identified.

Version History

Date
Errata
1 November 1,
2006
2 November 4,
2010
Adopted by Board of Trustees; Modified
R4, R5, R6 and associated VSLs for R2, R4,
and R7 to clarify that the requirements dont
apply to automatic underfrequency load
shedding.
Revised to eliminate
redundancies with PRC-
006-1
2 May 7, 2012 FERC Order issued approving EOP-003-2
(approval becomes effective July 10, 2012)

Standard EOP-004-1 Disturbance Reporting
A. Introduction
1. Title: Disturbance Reporting
3. Purpose: Disturbances or unusual occurrences that jeopardize the operation of the
Bulk Electric System, or result in system equipment damage or customer interruptions,
need to be studied and understood to minimize the likelihood of similar events in the
future.
4. Applicability
4.6. Regional Reliability Organizations.
B. Requirements
R1. Each Regional Reliability Organization shall establish and maintain a Regional
reporting procedure to facilitate preparation of preliminary and final disturbance
reports.
R2. A Reliability Coordinator, Balancing Authority, Transmission Operator, Generator
Operator or Load Serving Entity shall promptly analyze Bulk Electric System
disturbances on its system or facilities.
R3. A Reliability Coordinator, Balancing Authority, Transmission Operator, Generator
Operator or Load Serving Entity experiencing a reportable incident shall provide a
preliminary written report to its Regional Reliability Organization and NERC.
R3.1. The affected Reliability Coordinator, Balancing Authority, Transmission
Operator, Generator Operator or Load Serving Entity shall submit within 24
hours of the disturbance or unusual occurrence either a copy of the report
submitted to DOE, or, if no DOE report is required, a copy of the NERC
Interconnection Reliability Operating Limit and Preliminary Disturbance
Report form. Events that are not identified until some time after they occur
shall be reported within 24 hours of being recognized.
R3.2. Applicable reporting forms are provided in Attachments 1-EOP-004 and 2-
EOP-004.
R3.3. Under certain adverse conditions, e.g., severe weather, it may not be possible
to assess the damage caused by a disturbance and issue a written
Interconnection Reliability Operating Limit and Preliminary Disturbance
Report within 24 hours. In such cases, the affected Reliability Coordinator,
Balancing Authority, Transmission Operator, Generator Operator, or Load
Serving Entity shall promptly notify its Regional Reliability Organization(s)
and NERC, and verbally provide as much information as is available at that
time. The affected Reliability Coordinator, Balancing Authority, Transmission
Operator, Generator Operator, or Load Serving Entity shall then provide
timely, periodic verbal updates until adequate information is available to issue
a written Preliminary Disturbance Report.
R3.4. If, in the judgment of the Regional Reliability Organization, after consultation
with the Reliability Coordinator, Balancing Authority, Transmission Operator,
Generator Operator, or Load Serving Entity in which a disturbance occurred, a
final report is required, the affected Reliability Coordinator, Balancing
Authority, Transmission Operator, Generator Operator, or Load Serving Entity
shall prepare this report within 60 days. As a minimum, the final report shall
have a discussion of the events and its cause, the conclusions reached, and
recommendations to prevent recurrence of this type of event. The report shall
be subject to Regional Reliability Organization approval.
R4. When a Bulk Electric System disturbance occurs, the Regional Reliability Organization
shall make its representatives on the NERC Operating Committee and Disturbance
Analysis Working Group available to the affected Reliability Coordinator, Balancing
Authority, Transmission Operator, Generator Operator, or Load Serving Entity
immediately affected by the disturbance for the purpose of providing any needed
assistance in the investigation and to assist in the preparation of a final report.
R5. The Regional Reliability Organization shall track and review the status of all final
report recommendations at least twice each year to ensure they are being acted upon in
a timely manner. If any recommendation has not been acted on within two years, or if
Regional Reliability Organization tracking and review indicates at any time that any
recommendation is not being acted on with sufficient diligence, the Regional
Reliability Organization shall notify the NERC Planning Committee and Operating
Committee of the status of the recommendation(s) and the steps the Regional
Reliability Organization has taken to accelerate implementation.
C. Measures
M1. The Regional Reliability Organization shall have and provide upon request as
evidence, its current regional reporting procedure that is used to facilitate preparation
of preliminary and final disturbance reports. (Requirement 1)
Operator, and Load-Serving Entity that has a reportable incident shall have and provide
upon request evidence that could include, but is not limited to, the preliminary report,
computer printouts, operator logs, or other equivalent evidence that will be used to
confirm that it prepared and delivered the NERC Interconnection Reliability Operating
Limit and Preliminary Disturbance Reports to NERC within 24 hours of its recognition
as specified in Requirement 3.1.
Operator, and/or Load Serving Entity that has a reportable incident shall have and
provide upon request evidence that could include, but is not limited to, operator logs,
voice recordings or transcripts of voice recordings, electronic communications, or other
equivalent evidence that will be used to confirm that it provided information verbally
as time permitted, when system conditions precluded the preparation of a report in 24
hours. (Requirement 3.3)
D. Compliance
NERC shall be responsible for compliance monitoring of the Regional Reliability
Organizations.
Regional Reliability Organizations shall be responsible for compliance monitoring
of Reliability Coordinators, Balancing Authorities, Transmission Operators,
Generator Operators, and Load-serving Entities.
schedule.)
prepare.)
compliance.
1.3. Data Retention
Each Regional Reliability Organization shall have its current, in-force, regional
reporting procedure as evidence of compliance. (Measure 1)
Each Reliability Coordinator, Balancing Authority, Transmission Operator,
Generator Operator, and/or Load Serving Entity that is either involved in a Bulk
Electric System disturbance or has a reportable incident shall keep data related to
the incident for a year from the event or for the duration of any regional
investigation, whichever is longer. (Measures 2 through 4)
See Attachments:
- EOP-004 Disturbance Reporting Form
- Table 1 EOP-004
2. Levels of Non-Compliance for a Regional Reliability Organization
2.4. Level 4: No current procedure to facilitate preparation of preliminary and final
disturbance reports as specified in R1.
3. Levels of Non-Compliance for a Reliability Coordinator, Balancing Authority,
Transmission Operator, Generator Operator, and Load- Serving Entity:
3.1. Level 1: There shall be a level one non-compliance if any of the following
conditions exist:
3.1.1 Failed to prepare and deliver the NERC Interconnection Reliability
Operating Limit and Preliminary Disturbance Reports to NERC within 24
hours of its recognition as specified in Requirement 3.1
3.1.2 Failed to provide disturbance information verbally as time permitted,
when system conditions precluded the preparation of a report in 24 hours
as specified in R3.3
3.1.3 Failed to prepare a final report within 60 days as specified in R3.4
3.3. Level 3: Not applicable
None identified.
Version History
0 May 23, 2005 Fixed reference to attachments 1-EOP-
004-0 and 2-EOP-004-0, Changed chart
title 1-FAC-004-0 to 1-EOP-004-0,
Fixed title of Table 1 to read 1-EOP-
004-0, and fixed font.
Errata
0 July 6, 2005 Fixed email in Attachment 1-EOP-004-0
from info@nerc.com to
esisac@nerc.com.
Errata
0 July 26, 2005 Fixed Header on page 8 to read EOP-
004-0
Errata
Date
Errata
1 November 1,
2006
1 March 22,
2007
Updated Department of Energy link and
references to Form OE-411
Errata
NERC Disturbance Report Form
Introduction

These disturbance reporting requirements apply to all Reliability Coordinators, Balancing
Authorities, Transmission Operators, Generator Operators, and Load Serving Entities, and
provide a common basis for all NERC disturbance reporting. The entity on whose system a
reportable disturbance occurs shall notify NERC and its Regional Reliability Organization of the
disturbance using the NERC Interconnection Reliability Operating Limit and Preliminary
Disturbance Report forms. Reports can be sent to NERC via email (esisac@nerc.com) by
facsimile (609-452-9550) using the NERC Interconnection Reliability Operating Limit and
Preliminary Disturbance Report forms. If a disturbance is to be reported to the U.S. Department
of Energy also, the responding entity may use the DOE reporting form when reporting to NERC.
Note: All Emergency Incident and Disturbance Reports (Schedules 1 and 2) sent to DOE shall be
simultaneously sent to NERC, preferably electronically at esisac@nerc.com.

The NERC Interconnection Reliability Operating Limit and Preliminary Disturbance Reports are
to be made for any of the following events:

1. The loss of a bulk power transmission component that significantly affects the integrity of
interconnected system operations. Generally, a disturbance report will be required if the
event results in actions such as:
a. Modification of operating procedures.
b. Modification of equipment (e.g. control systems or special protection systems) to
prevent reoccurrence of the event.
c. Identification of valuable lessons learned.
d. Identification of non-compliance with NERC standards or policies.
e. Identification of a disturbance that is beyond recognized criteria, i.e. three-phase fault
with breaker failure, etc.
f. Frequency or voltage going below the under-frequency or under-voltage load shed
points.
2. The occurrence of an interconnected system separation or system islanding or both.
3. Loss of generation by a Generator Operator, Balancing Authority, or Load-Serving Entity
2,000 MW or more in the Eastern Interconnection or Western Interconnection and 1,000
MW or more in the ERCOT Interconnection.
4. Equipment failures/system operational actions which result in the loss of firm system
demands for more than 15 minutes, as described below:
a. Entities with a previous year recorded peak demand of more than 3,000 MW are
required to report all such losses of firm demands totaling more than 300 MW.
b. All other entities are required to report all such losses of firm demands totaling more
than 200 MW or 50% of the total customers being supplied immediately prior to the
incident, whichever is less.
5. Firm load shedding of 100 MW or more to maintain the continuity of the bulk electric
system.
6. Any action taken by a Generator Operator, Transmission Operator, Balancing Authority, or
Load-Serving Entity that results in:
a. Sustained voltage excursions equal to or greater than 10%, or
b. Major damage to power system components, or
c. Failure, degradation, or misoperation of system protection, special protection schemes,
remedial action schemes, or other operating systems that do not require operator
intervention, which did result in, or could have resulted in, a system disturbance as
defined by steps 1 through 5 above.
7. An Interconnection Reliability Operating Limit (IROL) violation as required in reliability
standard TOP-007.
8. Any event that the Operating Committee requests to be submitted to Disturbance Analysis
Working Group (DAWG) for review because of the nature of the disturbance and the
insight and lessons the electricity supply and delivery industry could learn.


NERC Interconnection Reliability Operating Limit and Preliminary Disturbance
Report

Check here if this is an Interconnection Reliability Operating Limit (IROL) violation report.

1. Organization filing report.
2. Name of person filing report.
3. Telephone number.
4. Date and time of disturbance.
Date:(mm/dd/yy)
Time/Zone:

5. Did the disturbance originate in your
system?
Yes No
6. Describe disturbance including: cause,
equipment damage, critical services
interrupted, system separation, key
scheduled and actual flows prior to
disturbance and in the case of a
disturbance involving a special
protection or remedial action scheme,
what action is being taken to prevent
recurrence.

7. Generation tripped.
MW Total
List generation tripped

8. Frequency.
Just prior to disturbance (Hz):
Immediately after disturbance (Hz
max.):
Immediately after disturbance (Hz
min.):

9. List transmission lines tripped (specify
voltage level of each line).

FIRM INTERRUPTIBLE

10.
Demand tripped (MW):
Number of affected Customers:

Demand lost (MW-Minutes):

Restoration time. INITIAL FINAL
Transmission:
Generation:
11.
Demand:
U.S. Department of Energy Disturbance Reporting Requirements

Introduction
The U.S. Department of Energy (DOE), under its relevant authorities, has established mandatory
reporting requirements for electric emergency incidents and disturbances in the United States.
DOE collects this information from the electric power industry on Form OE-417 to meet its
overall national security and Federal Energy Management Agencys Federal Response Plan
(FRP) responsibilities. DOE will use the data from this form to obtain current information
regarding emergency situations on U.S. electric energy supply systems. DOEs Energy
Information Administration (EIA) will use the data for reporting on electric power emergency
incidents and disturbances in monthly EIA reports. In addition, the data may be used to develop
legislative recommendations, reports to the Congress and as a basis for DOE investigations
following severe, prolonged, or repeated electric power reliability problems.

Every Reliability Coordinator, Balancing Authority, Transmission Operator, Generator Operator
or Load Serving Entity must use this form to submit mandatory reports of electric power system
incidents or disturbances to the DOE Operations Center, which operates on a 24-hour basis,
seven days a week. All other entities operating electric systems have filing responsibilities to
provide information to the Reliability Coordinator, Balancing Authority, Transmission Operator,
Generator Operator or Load Serving Entity when necessary for their reporting obligations and to
file form OE-417 in cases where these entities will not be involved. EIA requests that it be
notified of those that plan to file jointly and of those electric entities that want to file separately.

Special reporting provisions exist for those electric utilities located within the United States, but
for whom Reliability Coordinator oversight responsibilities are handled by electrical systems
located across an international border. A foreign utility handling U.S. Balancing Authority
responsibilities, may wish to file this information voluntarily to the DOE. Any U.S.-based utility
in this international situation needs to inform DOE that these filings will come from a foreign-
based electric system or file the required reports themselves.

Form EIA-417 must be submitted to the DOE Operations Center if any one of the following
applies (see Table 1-EOP-004-0 Summary of NERC and DOE Reporting Requirements for
Major Electric System Emergencies):

1. Uncontrolled loss of 300 MW or more of firm system load for more than 15 minutes from a
single incident.
2. Load shedding of 100 MW or more implemented under emergency operational policy.
3. System-wide voltage reductions of 3 percent or more.
4. Public appeal to reduce the use of electricity for purposes of maintaining the continuity of the
electric power system.
5. Actual or suspected physical attacks that could impact electric power system adequacy or
reliability; or vandalism, which target components of any security system. Actual or
suspected cyber or communications attacks that could impact electric power system
adequacy or vulnerability.
6. Actual or suspected cyber or communications attacks that could impact electric power system
adequacy or vulnerability.
7. Fuel supply emergencies that could impact electric power system adequacy or reliability.
8. Loss of electric service to more than 50,000 customers for one hour or more.
9. Complete operational failure or shut-down of the transmission and/or distribution electrical
system.

The initial DOE Emergency Incident and Disturbance Report (form OE-417 Schedule 1) shall
be submitted to the DOE Operations Center within 60 minutes of the time of the system
disruption. Complete information may not be available at the time of the disruption. However,
provide as much information as is known or suspected at the time of the initial filing. If the
incident is having a critical impact on operations, a telephone notification to the DOE Operations
Center (202-586-8100) is acceptable, pending submission of the completed form OE-417.
Electronic submission via an on-line web-based form is the preferred method of notification.
However, electronic submission by facsimile or email is acceptable.

An updated form OE-417 (Schedule 1 and 2) is due within 48 hours of the event to provide
complete disruption information. Electronic submission via facsimile or email is the preferred
method of notification. Detailed DOE Incident and Disturbance reporting requirements can be
found at: http://www.oe.netl.doe.gov/oe417.aspx.
Table 1-EOP-004-0
Summary of NERC and DOE Reporting Requirements for Major Electric System
Emergencies
Incident
No.
Incident Threshold
Report
Required
Time
1
Uncontrolled
loss of Firm
System Load
300 MW 15 minutes or more
OE Sch-1
OE Sch-2
1 hour
48
hour
2 Load Shedding
100 MW under emergency
operational policy
OE Sch-1
OE Sch-2
1 hour
48
hour
3
Voltage
Reductions
3% or more applied system-wide
OE Sch-1
OE Sch-2
1 hour
48
hour
4 Public Appeals
Emergency conditions to reduce
demand
OE Sch-1
OE Sch-2
1 hour
48
hour
5
Physical
sabotage,
terrorism or
vandalism
On physical security systems
suspected or real
OE Sch-1
OE Sch-2
1 hour
48
hour
6
Cyber sabotage,
terrorism or
vandalism
If the attempt is believed to have or
did happen
OE Sch-1
OE Sch-2
1 hour
48
hour
7
Fuel supply
emergencies
Fuel inventory or hydro storage
levels 50% of normal
OE Sch-1
OE Sch-2
1 hour
48
hour
8
Loss of electric
service
50,000 for 1 hour or more
OE Sch-1
OE Sch-2
1 hour
48
hour
9
Complete
operation failure
of electrical
system
If isolated or interconnected
electrical systems suffer total
electrical system collapse
OE Sch-1
OE Sch-2
1 hour
48
hour
All DOE OE-417 Schedule 1 reports are to be filed within 60-minutes after the start of an
incident or disturbance
All DOE OE-417 Schedule 2 reports are to be filed within 48-hours after the start of an incident
or disturbance
All entities required to file a DOE OE-417 report (Schedule 1 & 2) shall send a copy of these
reports to NERC simultaneously, but no later than 24 hours after the start of the incident or
disturbance.
Incident
No.
Incident Threshold
Report
Required
Time
1
Loss of major
system
component
Significantly affects integrity of
interconnected system operations
NERC Prelim
Final report
24
hour
60 day
2
Interconnected
system
separation or
system islanding
Total system shutdown
Partial shutdown, separation, or
islanding
NERC Prelim
Final report
24
hour
60 day
3
Loss of
generation
2,000 Eastern Interconnection
2,000 Western Interconnection
1,000 ERCOT Interconnection
NERC Prelim
Final report
24
hour
60 day
4
Loss of firm
load 15-
minutes
Entities with peak demand 3,000:
loss 300 MW
All others 200MW or 50% of total
demand
NERC Prelim
Final report
24
hour
60 day
5
Firm load
shedding
100 MW to maintain continuity of
bulk system
NERC Prelim
Final report
24
hour
60 day
6
System
operation or
operation
actions resulting
in:
Voltage excursions 10%
Major damage to system
components
Failure, degradation, or
misoperation of SPS
NERC Prelim
Final report
24
hour
60 day
7 IROL violation Reliability standard TOP-007.
NERC Prelim
Final report
72
hour
60 day
8
As requested by
ORS Chairman
Due to nature of disturbance &
usefulness to industry (lessons
learned)
NERC Prelim
Final report
24
hour
60 day
All NERC Operating Security Limit and Preliminary Disturbance reports will be filed within 24
hours after the start of the incident. If an entity must file a DOE OE-417 report on an incident,
which requires a NERC Preliminary report, the Entity may use the DOE OE-417 form for both
DOE and NERC reports.
Any entity reporting a DOE or NERC incident or disturbance has the responsibility to also
notify its Regional Reliability Organization.

EOP-004-2 Event Reporting
1 of 22
A. I nt roduct ion
1. Title: Event Reporting


3. Purpose: To improve the reliability of the Bulk Electric System by requiring the reporting
of events by Responsible Entities.

4. Applicability:
4.1. Functional Entities: For the purpose of the Requirements and the EOP-004
Attachment 1 contained herein, the following functional entities will be collectively
referred to as Responsible Entity.
4.1.1. Reliability Coordinator
4.1.2. Balancing Authority
4.1.3. Transmission Owner
4.1.4. Transmission Operator
4.1.5. Generator Owner
4.1.6. Generator Operator
4.1.7. Distribution Provider

5. Effective Dates:

The first day of the first calendar quarter that is six months beyond the date that this
standard is approved by applicable regulatory authorities. In those jurisdictions where
regulatory approval is not required, the standard shall become effective on the first day of
the first calendar quarter that is six months beyond the date this standard is approved by
the NERC Board of Trustees, or as otherwise made effective pursuant to the laws applicable
to such ERO governmental authorities.

6. Background:
NERC established a SAR Team in 2009 to investigate and propose revisions to the CIP-001
and EOP-004 Reliability Standards. The team was asked to consider the following:

1. CIP-001 could be merged with EOP-004 to eliminate redundancies.
2. Acts of sabotage have to be reported to the DOE as part of EOP-004.
3. Specific references to the DOE form need to be eliminated.
4. EOP-004 had some fill-in-the-blank components to eliminate.

2 of 22
The development included other improvements to the standards deemed appropriate by
the drafting team, with the consensus of stakeholders, consistent with establishing high
quality, enforceable and technically sufficient Bulk Electric System reliability standards.

The SAR for Project 2009-01, Disturbance and Sabotage Reporting was moved forward for
standard drafting by the NERC Standards Committee in August of 2009. The Disturbance
and Sabotage Reporting Standard Drafting Team (DSR SDT) was formed in late 2009.

The DSR SDT developed a concept paper to solicit stakeholder input regarding the proposed
reporting concepts that the DSR SDT had developed. The posting of the concept paper
sought comments from stakeholders on the road map that will be used by the DSR SDT in
updating or revising CIP-001 and EOP-004. The concept paper provided stakeholders the
background information and thought process of the DSR SDT. The DSR SDT has reviewed
the existing standards, the SAR, issues from the NERC issues database and FERC Order 693
Directives in order to determine a prudent course of action with respect to revision of these
standards.

R1. Each Responsible Entity shall have an event reporting Operating Plan in accordance with
EOP-004-2 Attachment 1 that includes the protocol(s) for reporting to the Electric
Reliability Organization and other organizations (e.g., the Regional Entity, company
personnel, the Responsible Entitys Reliability Coordinator, law enforcement, or
governmental authority). [Violation Risk Factor: Lower] [Time Horizon: Operations
Planning]

M1. Each Responsible Entity will have a dated event reporting Operating Plan that includes,
but is not limited to the protocol(s) and each organization identified to receive an event
report for event types specified in EOP-004-2 Attachment 1 and in accordance with the
entity responsible for reporting.

R2. Each Responsible Entity shall report events per their Operating Plan within 24 hours of
recognition of meeting an event type threshold for reporting or by the end of the next
business day if the event occurs on a weekend (which is recognized to be 4 PM local time
on Friday to 8 AM Monday local time). [Violation Risk Factor: Medium] [Time Horizon:

M2. Each Responsible Entity will have as evidence of reporting an event, copy of the
completed EOP-004-2 Attachment 2 form or a DOE-OE-417 form; and evidence of
submittal (e.g., operator log or other operating documentation, voice recording,
electronic mail message, or confirmation of facsimile) demonstrating the event report was
submitted within 24 hours of recognition of meeting the threshold for reporting or by the
3 of 22
end of the next business day if the event occurs on a weekend (which is recognized to be
4 PM local time on Friday to 8 AM Monday local time). (R2)

R3. Each Responsible Entity shall validate all contact information contained in the Operating
Plan pursuant to Requirement R1 each calendar year. [Violation Risk Factor: Medium]

M3. Each Responsible Entity will have dated records to show that it validated all contact
information contained in the Operating Plan each calendar year. Such evidence may
include, but are not limited to, dated voice recordings and operating logs or other
communication documentation. (R3)

C. Compliance
identified below unless directed by its Compliance Enforcement Authority to
retain specific evidence for a longer period of time as part of an investigation:
Each Responsible Entity shall retain the current Operating Plan plus each
version issued since the last audit for Requirements R1, and Measure M1.
Each Responsible Entity shall retain evidence of compliance since the last
audit for Requirements R2, R3 and Measure M2, M3.
If a Responsible Entity is found non-compliant, it shall keep information related
to the non-compliance until mitigation is complete and approved or for the
duration specified above, whichever is longer.
4 of 22
1.3 Compliance Monitoring and Enforcement Processes:
Compliance Audit
Self-Certification
Spot Checking
Self-Reporting
Complaint
None
5 of 22

R # Time
Horizon
R1 Operations
Planning
Lower The Responsible Entity
had an Operating Plan,
but failed to include
one applicable event
type.
two applicable event
types.
three applicable event
types.
four or more
applicable event types.
OR
failed to have an event
reporting Operating
Plan.
6 of 22
R # Time
Horizon
R2 Operations
Assessment
Medium The Responsible Entity
submitted an event
report (e.g., written or
verbal) to all required
recipients more than
24 hours but less than
or equal to 36 hours
after meeting an event
threshold for
reporting.
OR
failed to submit an
event report (e.g.,
written or verbal) to
one entity identified in
its event reporting
Operating Plan within
24 hours.
submitted an event
threshold for
reporting.
OR
failed to submit an
event report (e.g.,
two entities identified
in its event reporting
Operating Plan within
24 hours.
submitted an event
threshold for
reporting.
OR
failed to submit an
event report (e.g.,
three entities
identified in its event
reporting Operating
Plan within 24 hours.
submitted an event
60 hours after meeting
an event threshold for
reporting.
OR
failed to submit an
event report (e.g.,
four or more entities
identified in its event
reporting Operating
Plan within 24 hours.
OR
failed to submit a
report for an event in
EOP-004 Attachment
1.
7 of 22
R # Time
Horizon
R3 Operations
Planning
Medium The Responsible Entity
validated all contact
information contained
in the Operating Plan
but was late by less
than one calendar
month.
OR
validated 75% but less
than 100% of the
contact information
contained in the
Operating Plan.
but was late by one
calendar month or
more but less than
two calendar months.
OR
validated 50% and less
than 75% of the
contact information
contained in the
Operating Plan.
but was late by two
calendar months or
more but less than
three calendar
months.
OR
validated 25% and less
than 50% of the
contact information
contained in the
Operating Plan.
but was late by three
calendar months or
more.
OR
validated less than
25% of contact
in the Operating Plan.
D. Variances
None.

E. Interpretations
None.

F. References
Guideline and Technical Basis (attached)
8 of 22
EOP-004 - Attachment 1: Reportable Events

NOTE: Under certain adverse conditions (e.g. severe weather, multiple events) it may not be possible to report the damage caused
by an event and issue a written Event Report within the timing in the standard. In such cases, the affected Responsible Entity shall
notify parties per Requirement R2 and provide as much information as is available at the time of the notification. Submit reports to
the ERO via one of the following: e-mail: systemawareness@nerc.net, Facsimile 404-446-9770 or Voice: 404-446-9780.

Submit EOP-004 Attachment 2 (or DOE-OE-417) pursuant to Requirements R1 and R2.

Event Type Entity with Reporting
Responsibility
Threshold for Reporting
Damage or destruction of
a Facility

RC, BA, TOP
Damage or destruction of a Facility within its Reliability
Coordinator Area, Balancing Authority Area or Transmission
Operator Area that results in actions to avoid a BES Emergency.
Damage or destruction of
a Facility

BA, TO, TOP, GO, GOP, DP
Damage or destruction of its Facility that results from actual or
suspected intentional human action.
Physical threats to a
Facility
BA, TO, TOP, GO, GOP, DP
Physical threat to its Facility excluding weather or natural disaster
related threats, which has the potential to degrade the normal
operation of the Facility.
OR
Suspicious device or activity at a Facility.
Do not report theft unless it degrades normal operation of a
Facility.
9 of 22
Responsibility
Physical threats to a BES
control center
RC, BA, TOP
Physical threat to its BES control center, excluding weather or
natural disaster related threats, which has the potential to
degrade the normal operation of the control center.
OR
Suspicious device or activity at a BES control center.
BES Emergency requiring
public appeal for load
reduction
Initiating entity is responsible for
reporting
Public appeal for load reduction event.
system-wide voltage
reduction
reporting
System wide voltage reduction of 3% or more.
manual firm load
shedding
reporting
Manual firm load shedding 100 MW.
BES Emergency resulting
in automatic firm load
shedding
DP, TOP Automatic firm load shedding 100 MW (via automatic
undervoltage or underfrequency load shedding schemes, or
SPS/RAS).
Voltage deviation on a
Facility
TOP Observed within its area a voltage deviation of 10% of nominal
voltage sustained for 15 continuous minutes.
10 of 22
Responsibility
IROL Violation (all
Interconnections) or SOL
Violation for Major WECC
Transfer Paths (WECC
only)
RC Operate outside the IROL for time greater than IROL T
v
(all
Interconnections) or Operate outside the SOL for more than 30
minutes for Major WECC Transfer Paths (WECC only).
Loss of firm load BA, TOP, DP Loss of firm load for 15 Minutes:
300 MW for entities with previous years demand 3,000
OR
200 MW for all other entities
System separation
(islanding)
RC, BA, TOP Each separation resulting in an island 100 MW
Generation loss BA, GOP Total generation loss, within one minute, of :
2,000 MW for entities in the Eastern or Western
Interconnection
OR
1,000 MW for entities in the ERCOT or Quebec Interconnection
Complete loss of off-site
power to a nuclear
generating plant (grid
supply)
TO, TOP
Complete loss of off-site power affecting a nuclear generating
station per the Nuclear Plant Interface Requirement
11 of 22
Responsibility
Transmission loss TOP
Unexpected loss within its area, contrary to design, of three or
more BES Elements caused by a common disturbance (excluding
successful automatic reclosing).
Unplanned BES control
center evacuation
RC, BA, TOP
Unplanned evacuation from BES control center facility for 30
continuous minutes or more.
Complete loss of voice
communication capability
RC, BA, TOP
Complete loss of voice communication capability affecting a BES
control center for 30 continuous minutes or more.
Complete loss of
monitoring capability
RC, BA, TOP
Complete loss of monitoring capability affecting a BES control
center for 30 continuous minutes or more such that analysis
capability (i.e., State Estimator or Contingency Analysis) is
rendered inoperable.

12 of 22
EOP-004 - Attachment 2: Event Reporting Form

EOP-004 Attachment 2: Event Reporting Form
Use this form to report events. The Electric Reliability Organization will accept the DOE OE-417 form
in lieu of this form if the entity is required to submit an OE-417 report. Submit reports to the ERO via
one of the following: e-mail: systemawareness@nerc.net , Facsimile 404-446-9770 or voice: 404-
446-9780.
Task Comments
1.

Entity filing the report include:
Company name:
Name of contact person:
Email address of contact person:
Telephone Number:
Submitted by (name):

2.
Date and Time of recognized event.
Date: (mm/dd/yyyy)
Time: (hh:mm)
Time/Zone:

3.
Did the event originate in your system? Yes No Unknown
4.
Event Identification and Description:
(Check applicable box)
Damage or destruction of a Facility
Physical Threat to a Facility
Physical Threat to a control center
BES Emergency:
public appeal for load reduction
system-wide voltage reduction
manual firm load shedding
automatic firm load shedding
Voltage deviation on a Facility
IROL Violation (all Interconnections) or
SOL Violation for Major WECC Transfer
Paths (WECC only)
Loss of firm load
System separation
Generation loss
Complete loss of off-site power to a
nuclear generating plant (grid supply)
Transmission loss
unplanned control center evacuation
Complete loss of voice communication
capability
Complete loss of monitoring capability

Written description (optional):

13 of 22

Distribution Provider Applicability Discussion

The DSR SDT has included Distribution Providers (DP) as an applicable entity under this
standard. The team realizes that not all DPs will own BES Facilities and will not meet the
Threshold for Reporting for any event listed in Attachment 1. These DPs will not have any
reports to submit under Requirement R2. However, these DPs will be responsible for meeting
Requirements R1 and R3. The DSR SDT does not intend for these entities to have a detailed
Operating Plan to address events that are not applicable to them. In this instance, the DSR SDT
intends for the DP to have a very simple Operating Plan that includes a statement that there are
no applicable events in Attachment 1 (to meet R1) and that the DP will review the list of events
in Attachment 1 each year (to meet R3). The team does not think this will be a burden on any
entity as the development and annual validation of the Operating Plan should not take more
that 30 minutes on an annual basis. If a DP discovers applicable events during the annual
review, it is expected that the DP will develop a more detailed Operating Plan to comply with
the requirements of the standard.

Multiple Reports for a Single Organization

For entities that have multiple registrations, the DSR SDT intends that these entities will only
have to submit one report for any individual event. For example, if an entity is registered as a
Reliability Coordinator, Balancing Authority and Transmission Operator, the entity would only
submit one report for a particular event rather submitting three reports as each individual
registered entity.

Summary of Key Concepts

The DSR SDT identified the following principles to assist them in developing the standard:
Develop a single form to report disturbances and events that threaten the reliability of
the Bulk Electric System
Investigate other opportunities for efficiency, such as development of an electronic
form and possible inclusion of regional reporting requirements
Establish clear criteria for reporting
Establish consistent reporting timelines
Provide clarity around who will receive the information and how it will be used

During the development of concepts, the DSR SDT considered the FERC directive to further
define sabotage. There was concern among stakeholders that a definition may be ambiguous
and subject to interpretation. Consequently, the DSR SDT decided to eliminate the term
sabotage from the standard. The team felt that it was almost impossible to determine if an act
or event was sabotage or vandalism without the intervention of law enforcement. The DSR SDT
felt that attempting to define sabotage would result in further ambiguity with respect to
14 of 22
reporting events. The term sabotage is no longer included in the standard. The events listed
in EOP-004 Attachment 1 were developed to provide guidance for reporting both actual events
as well as events which may have an impact on the Bulk Electric System. The DSR SDT believes
that this is an equally effective and efficient means of addressing the FERC Directive.

The types of events that are required to be reported are contained within EOP-004 Attachment
1. The DSR SDT has coordinated with the NERC Events Analysis Working Group to develop the
list of events that are to be reported under this standard. EOP-004 Attachment 1 pertains to
those actions or events that have impacted the Bulk Electric System. These events were
previously reported under EOP-004-1, CIP-001-1 or the Department of Energy form OE-417.
EOP-004 Attachment 1 covers similar items that may have had an impact on the Bulk Electric
System or has the potential to have an impact and should be reported.

The DSR SDT wishes to make clear that the proposed Standard does not include any real-time
operating notifications for the events listed in EOP-004 Attachment 1. Real-time
communication is achieved is covered in other standards. The proposed standard deals
exclusively with after-the-fact reporting.

Data Gathering
The requirements of EOP-004-1 require that entities promptly analyze Bulk Electric System
disturbances on its system or facilities (Requirement R2). The requirements of EOP-004-2
specify that certain types of events are to be reported but do not include provisions to analyze
events. Events reported under EOP-004-2 may trigger further scrutiny by the ERO Events
Analysis Program. If warranted, the Events Analysis Program personnel may request that more
data for certain events be provided by the reporting entity or other entities that may have
experienced the event. Entities are encouraged to become familiar with the Events Analysis
Program and the NERC Rules of Procedure to learn more about with the expectations of the
program.

Law Enforcement Reporting
The reliability objective of EOP-004-2 is to improve the reliability of the Bulk Electric System by
requiring the reporting of events by Responsible Entities. Certain outages, such as those due to
vandalism and terrorism, may not be reasonably preventable. These are the types of events
that should be reported to law enforcement. Entities rely upon law enforcement agencies to
respond to and investigate those events which have the potential to impact a wider area of the
BES. The inclusion of reporting to law enforcement enables and supports reliability principles
such as protection of Bulk Electric System from malicious physical attack. The importance of
BES awareness of the threat around them is essential to the effective operation and planning to
mitigate the potential risk to the BES.

Stakeholders in the Reporting Process
Industry
15 of 22
NERC (ERO), Regional Entity
FERC
DOE
NRC
DHS Federal
Homeland Security- State
State Regulators
Local Law Enforcement
State or Provincial Law Enforcement
FBI
Royal Canadian Mounted Police (RCMP)

The above stakeholders have an interest in the timely notification, communication and
response to an incident at a Facility. The stakeholders have various levels of accountability and
have a vested interest in the protection and response to ensure the reliability of the BES.

Present expectations of the industry under CIP-001-1a:

It has been the understanding by industry participants that an occurrence of sabotage has to be
reported to the FBI. The FBI has the jurisdictional requirements to investigate acts of sabotage
and terrorism. The CIP-001-1-1a standard requires a liaison relationship on behalf of the
industry and the FBI or RCMP. These requirements, under the standard, of the industry have
not been clear and have lead to misunderstandings and confusion in the industry as to how to
demonstrate that the liaison is in place and effective. As an example of proof of compliance
with Requirement R4, Responsible Entities have asked FBI Office personnel to provide, on FBI
letterhead, confirmation of the existence of a working relationship to report acts of sabotage,
the number of years the liaison relationship has been in existence, and the validity of the
telephone numbers for the FBI.

Coordination of Local and State Law Enforcement Agencies with the FBI

The Joint Terrorism Task Force (JTTF) came into being with the first task force being established
in 1980. JTTFs are small cells of highly trained, locally based, committed investigators, analysts,
linguists, SWAT experts, and other specialists from dozens of U.S. law enforcement and
intelligence agencies. The JTTF is a multi-agency effort led by the Justice Department and FBI
designed to combine the resources of federal, state, and local law enforcement. Coordination
and communications largely through the interagency National Joint Terrorism Task Force,
working out of FBI Headquarters, which makes sure that information and intelligence flows
freely among the local JTTFs. This information flow can be most beneficial to the industry in
analytical intelligence, incident response and investigation. Historically, the most immediate
response to an industry incident has been local and state law enforcement agencies to
suspected vandalism and criminal damages at industry facilities. Relying upon the JTTF
16 of 22
coordination between local, state and FBI law enforcement would be beneficial to effective
communications and the appropriate level of investigative response.

Coordination of Local and Provincial Law Enforcement Agencies with the RCMP

A similar law enforcement coordination hierarchy exists in Canada. Local and Provincial law
enforcement coordinate to investigate suspected acts of vandalism and sabotage. The
Provincial law enforcement agency has a reporting relationship with the Royal Canadian
Mounted Police (RCMP).

A Reporting Process Solution EOP-004

A proposal discussed with the FBI, FERC Staff, NERC Standards Project Coordinator and the SDT
Chair is reflected in the flowchart below (Reporting Hierarchy for Reportable Events).
Essentially, reporting an event to law enforcement agencies will only require the industry to
notify the state or provincial or local level law enforcement agency. The state or provincial or
local level law enforcement agency will coordinate with law enforcement with jurisdiction to
investigate. If the state or provincial or local level law enforcement agency decides federal
agency law enforcement or the RCMP should respond and investigate, the state or provincial or
local level law enforcement agency will notify and coordinate with the FBI or the RCMP.

17 of 22
YES NO
Notification Protocol to
State Agency Law
Enforcement
Enforcement coordinates
State Agency Law
Enforcement
notifies FBI
ERO conducts
investigation
ERO
Events Analysis
YES NO
Example of Reporting Process including Law
Enforcement
FBI Responds and
makes notification
to DHS
Communicate to
Law
Enforcement
State Agency Law
Enforcement
Investigates
* Canadian entities will follow law enforcement protocols applicable in
their jurisdictions
*
ERO Reports Applicable
Events to FERC Per Rules
of Procedure
Report Event to ERO,
Reliability Coordinator
State Agency Law
as appropriate with FBI
Criminal act
invoking
federal
jurisdiction ?
Refer to Ops Plan for Reporting
Entity Experiencing An Event in Attachment 1
Report to Law Enforcement ?
Refer to Ops Plan for communicating
to law enforcement
18 of 22

Disturbance and Sabotage Reporting Standard Drafting Team (Project 2009-01) -
Reporting Concepts

Introduction

The SAR for Project 2009-01, Disturbance and Sabotage Reporting was moved forward for
standard drafting by the NERC Standards Committee in August of 2009. The Disturbance and
Sabotage Reporting Standard Drafting Team (DSR SDT) was formed in late 2009 and has
developed updated standards based on the SAR.

The standards listed under the SAR are:
CIP-001 Sabotage Reporting
EOP-004 Disturbance Reporting

The changes do not include any real-time operating notifications for the types of events
covered by CIP-001 and EOP-004. The real-time reporting requirements are achieved through
the RCIS and are covered in other standards (e.g. EOP-002-Capacity and Energy Emergencies).
These standards deal exclusively with after-the-fact reporting.

The DSR SDT has consolidated disturbance and sabotage event reporting under a single
standard. These two components and other key concepts are discussed in the following
sections.

Summary of Concepts and Assumptions:

The Standard:
Requires reporting of events that impact or may impact the reliability of the Bulk
Electric System
Provides clear criteria for reporting
Includes consistent reporting timelines
Identifies appropriate applicability, including a reporting hierarchy in the case of
disturbance reporting
Provides clarity around of who will receive the information

Discussion of Disturbance Reporting
Disturbance reporting requirements existed in the previous version of EOP-004. The current
approved definition of Disturbance from the NERC Glossary of Terms is:
1. An unplanned event that produces an abnormal system condition.
2. Any perturbation to the electric system.
19 of 22
3. The unexpected change in ACE that is caused by the sudden failure of generation or
interruption of load.
Disturbance reporting requirements and criteria were in the previous EOP-004 standard and its
attachments. The DSR SDT discussed the reliability needs for disturbance reporting and
developed the list of events that are to be reported under this standard (EOP-004 Attachment
1).

Discussion of Event Reporting
There are situations worthy of reporting because they have the potential to impact reliability.

Event reporting facilitates industry awareness, which allows potentially impacted parties to
prepare for and possibly mitigate any associated reliability risk. It also provides the raw
material, in the case of certain potential reliability threats, to see emerging patterns.

Examples of such events include:
Bolts removed from transmission line structures
Train derailment adjacent to a Facility that either could have damaged a Facility directly
or could indirectly damage a Facility (e.g. flammable or toxic cargo that could pose fire
hazard or could cause evacuation of a control center)
Destruction of Bulk Electric System equipment

What about sabotage?
One thing became clear in the DSR SDTs discussion concerning sabotage: everyone has a
different definition. The current standard CIP-001 elicited the following response from FERC in
FERC Order 693, paragraph 471 which states in part: . . . the Commission directs the ERO to
develop the following modifications to the Reliability Standard through the Reliability Standards
development process: (1) further define sabotage and provide guidance as to the triggering
events that would cause an entity to report a sabotage event.

Often, the underlying reason for an event is unknown or cannot be confirmed. The DSR SDT
believes that by reporting material risks to the Bulk Electric System using the event
categorization in this standard, it will be easier to get the relevant information for mitigation,
awareness, and tracking, while removing the distracting element of motivation.

Certain types of events should be reported to NERC, the Department of Homeland Security
(DHS), the Federal Bureau of Investigation (FBI), and/or Provincial or local law enforcement.
Other types of events may have different reporting requirements. For example, an event that is
related to copper theft may only need to be reported to the local law enforcement authorities.

20 of 22
Potential Uses of Reportable Information
Event analysis, correlation of data, and trend identification are a few potential uses for the
information reported under this standard. The standard requires Functional entities to report
the incidents and provide known information at the time of the report. Further data gathering
necessary for event analysis is provided for under the Events Analysis Program and the NERC
Rules of Procedure. Other entities (e.g. NERC, Law Enforcement, etc) will be responsible for
performing the analyses. The NERC Rules of Procedure (section 800) provide an overview of
the responsibilities of the ERO in regards to analysis and dissemination of information for
reliability. Jurisdictional agencies (which may include DHS, FBI, NERC, RE, FERC, Provincial
Regulators, and DOE) have other duties and responsibilities.

Collection of Reportable Information or One stop shopping

The DSR SDT recognizes that some regions require reporting of additional information beyond
what is in EOP-004. The DSR SDT has updated the listing of reportable events in EOP-004
Attachment 1 based on discussions with jurisdictional agencies, NERC, Regional Entities and
stakeholder input. There is a possibility that regional differences still exist.

The reporting required by this standard is intended to meet the uses and purposes of NERC.
The DSR SDT recognizes that other requirements for reporting exist (e.g., DOE-417 reporting),
which may duplicate or overlap the information required by NERC. To the extent that other
reporting is required, the DSR SDT envisions that duplicate entry of information should not be
necessary, and the submission of the alternate report will be acceptable to NERC so long as all
information required by NERC is submitted. For example, if the NERC Report duplicates
information from the DOE form, the DOE report may be sent to the NERC in lieu of entering
that information on the NERC report.

Ra t iona le :

Rationale for R1:
The requirement to have an Operating Plan for reporting specific types of events provides the
entity with a method to have its operating personnel recognize events that affect reliability and
to be able to report them to appropriate parties; e.g., Regional Entities, applicable Reliability
Coordinators, and law enforcement and other jurisdictional agencies when so recognized. In
addition, these event reports are an input to the NERC Events Analysis Program. These other
parties use this information to promote reliability, develop a culture of reliability excellence,
provide industry collaboration and promote a learning organization.
Every Registered Entity that owns or operates elements or devices on the grid has a formal or
informal process, procedure, or steps it takes to gather information regarding what happened
when events occur. This requirement has the Responsible Entity establish documentation on
21 of 22
how that procedure, process, or plan is organized. This documentation may be a single
document or a combination of various documents that achieve the reliability objective.
The communication protocol(s) could include a process flowchart, identification of internal and
external personnel or entities to be notified, or a list of personnel by name and their associated
contact information. An existing procedure that meets the requirements of CIP-001-2a may be
included in this Operating Plan along with other processes, procedures or plans to meet this
requirement.

Rationale for R2:
Each Responsible Entity must report and communicate events according to its Operating Plan
based on the information in EOP-004-2 Attachment 1. By implementing the event reporting
Operating Plan the Responsible Entity will assure situational awareness to the Electric Reliability
Organization so that they may develop trends and prepare for a possible next event and
mitigate the current event. This will assure that the BES remains secure and stable by
mitigation actions that the Responsible Entity has within its function. By communicating events
per the Operating Plan, the Responsible Entity will assure that people/agencies are aware of
the current situation and they may prepare to mitigate current and further events.

Rationale for R3:
Requirement 3 calls for the Responsible Entity to validate the contact information contained in
the Operating Plan each calendar year. This requirement helps ensure that the event reporting
Operating Plan is up to date and entities will be able to effectively report events to assure
situational awareness to the Electric Reliability Organization. If an entity experiences an actual
event, communication evidence from the event may be used to show compliance with the
validation requirement for the specific contacts used for the event.

Rationale for EOP-004 Attachment 1:
The DSR SDT used the defined term Facility to add clarity for several events listed in
Attachment 1. A Facility is defined as:

A set of electrical equipment that operates as a single Bulk Electric System Element
(e.g., a line, a generator, a shunt compensator, transformer, etc.)

The DSR SDT does not intend the use of the term Facility to mean a substation or any other
facility (not a defined term) that one might consider in everyday discussions regarding the grid.
This is intended to mean ONLY a Facility as defined above.

22 of 22
Version History

2 Merged CIP-001-2a Sabotage Reporting
and EOP-004-1 Disturbance Reporting
into EOP-004-2 Event Reporting; Retire
CIP-001-2a Sabotage Reporting and
Retired EOP-004-1 Disturbance
Reporting.

Revision to entire
standard (Project
2009-01)

2

November 7,
2012
Adopted by the NERC Board of Trustees
2 June 20, 2013 FERC approved

Standard EOP-005-2 System Restoration from Blackstart Resources
1
A. Introduction
1. Title: System Restoration from Blackstart Resources
3. Purpose: Ensure plans, Facilities, and personnel are prepared to enable System
restoration from Blackstart Resources to assure reliability is maintained during
restoration and priority is placed on restoring the Interconnection.
4. Applicability:
4.3. Transmission Owners identified in the Transmission Operators restoration plan.
4.4. Distribution Providers identified in the Transmission Operators restoration plan.
5. Proposed Effective Date: Twenty-four months after the first day of the first calendar
quarter following applicable regulatory approval. In those jurisdictions where no
regulatory approval is required, all requirements go into effect twenty-four months after Board
of Trustees adoption.
B. Requirements
R1. Each Transmission Operator shall have a restoration plan approved by its Reliability
Coordinator. The restoration plan shall allow for restoring the Transmission
Operators System following a Disturbance in which one or more areas of the Bulk
Electric System (BES) shuts down and the use of Blackstart Resources is required to
restore the shut down area to service, to a state whereby the choice of the next Load to
be restored is not driven by the need to control frequency or voltage regardless of
whether the Blackstart Resource is located within the Transmission Operators System.
The restoration plan shall include: [Violation Risk Factor = High] [Time Horizon =
R1.1. Strategies for system restoration that are coordinated with the Reliability
Coordinators high level strategy for restoring the Interconnection.
R1.2. A description of how all Agreements or mutually agreed upon procedures or
protocols for off-site power requirements of nuclear power plants, including
priority of restoration, will be fulfilled during System restoration.
R1.3. Procedures for restoring interconnections with other Transmission Operators
under the direction of the Reliability Coordinator.
R1.4. Identification of each Blackstart Resource and its characteristics including but
not limited to the following: the name of the Blackstart Resource, location,
megawatt and megavar capacity, and type of unit.
R1.5. Identification of Cranking Paths and initial switching requirements between
each Blackstart Resource and the unit(s) to be started.
R1.6. Identification of acceptable operating voltage and frequency limits during
restoration.
2
R1.7. Operating Processes to reestablish connections within the Transmission
Operators System for areas that have been restored and are prepared for
reconnection.
R1.8. Operating Processes to restore Loads required to restore the System, such as
station service for substations, units to be restarted or stabilized, the Load
needed to stabilize generation and frequency, and provide voltage control.
R1.9. Operating Processes for transferring authority back to the Balancing Authority
in accordance with the Reliability Coordinators criteria.
R2. Each Transmission Operator shall provide the entities identified in its approved
restoration plan with a description of any changes to their roles and specific tasks prior
to the implementation date of the plan. [Violation Risk Factor = Medium] [Time
Horizon = Operations Planning]
R3. Each Transmission Operator shall review its restoration plan and submit it to its
Reliability Coordinator annually on a mutually agreed predetermined schedule.
[Violation Risk Factor = Medium] [Time Horizon = Operations Planning]
R3.1. If there are no changes to the previously submitted restoration plan, the
Transmission Operator shall confirm annually on a predetermined schedule to
its Reliability Coordinator that it has reviewed its restoration plan and no
changes were necessary. (Retirement approved by NERC BOT pending
R4. Each Transmission Operator shall update its restoration plan within 90 calendar days
after identifying any unplanned permanent System modifications, or prior to
implementing a planned BES modification, that would change the implementation of
its restoration plan. [Violation Risk Factor = Medium] [Time Horizon = Operations
Planning]
R4.1. Each Transmission Operator shall submit its revised restoration plan to its
Reliability Coordinator for approval within the same 90 calendar day period.
R5. Each Transmission Operator shall have a copy of its latest Reliability Coordinator
approved restoration plan within its primary and backup control rooms so that it is
available to all of its System Operators prior to its implementation date. [Violation Risk
Factor = Lower] [Time Horizon = Operations Planning]
R6. Each Transmission Operator shall verify through analysis of actual events, steady state
and dynamic simulations, or testing that its restoration plan accomplishes its intended
function. This shall be completed every five years at a minimum. Such analysis,
simulations or testing shall verify: [Violation Risk Factor = Medium] [Time Horizon =
Long-term Planning]
R6.1. The capability of Blackstart Resources to meet the Real and Reactive Power
requirements of the Cranking Paths and the dynamic capability to supply initial
Loads.
R6.2. The location and magnitude of Loads required to control voltages and
frequency within acceptable operating limits.
3
R6.3. The capability of generating resources required to control voltages and
frequency within acceptable operating limits.
R7. Following a Disturbance in which one or more areas of the BES shuts down and the
use of Blackstart Resources is required to restore the shut down area to service, each
affected Transmission Operator shall implement its restoration plan. If the restoration
plan cannot be executed as expected the Transmission Operator shall utilize its
restoration strategies to facilitate restoration. [Violation Risk Factor = High] [Time
Horizon = Real-time Operations]
R8. Following a Disturbance in which one or more areas of the BES shuts down and the
use of Blackstart Resources is required to restore the shut down area to service, the
Transmission Operator shall resynchronize area(s) with neighboring Transmission
Operator area(s) only with the authorization of the Reliability Coordinator or in
accordance with the established procedures of the Reliability Coordinator. [Violation
Risk Factor = High] [Time Horizon = Real-time Operations]
R9. Each Transmission Operator shall have Blackstart Resource testing requirements to
verify that each Blackstart Resource is capable of meeting the requirements of its
restoration plan. These Blackstart Resource testing requirements shall include:
R9.1. The frequency of testing such that each Blackstart Resource is tested at least
once every three calendar years.
R9.2. A list of required tests including:
R9.2.1. The ability to start the unit when isolated with no support from the
BES or when designed to remain energized without connection to the
remainder of the System.
R9.2.2. The ability to energize a bus. If it is not possible to energize a bus
during the test, the testing entity must affirm that the unit has the
capability to energize a bus such as verifying that the breaker close
coil relay can be energized with the voltage and frequency monitor
controls disconnected from the synchronizing circuits.
R9.3. The minimum duration of each of the required tests.
R10. Each Transmission Operator shall include within its operations training program,
annual System restoration training for its System Operators to assure the proper
execution of its restoration plan. This training program shall include training on the
following: [Violation Risk Factor = Medium] [Time Horizon = Operations Planning]
R10.1. System restoration plan including coordination with the Reliability
Coordinator and Generator Operators included in the restoration plan.
R10.2. Restoration priorities.
R10.3. Building of cranking paths.
R10.4. Synchronizing (re-energized sections of the System).
4
R11. Each Transmission Operator, each applicable Transmission Owner, and each
applicable Distribution Provider shall provide a minimum of two hours of System
restoration training every two calendar years to their field switching personnel
identified as performing unique tasks associated with the Transmission Operators
restoration plan that are outside of their normal tasks. [Violation Risk Factor =
Medium] [Time Horizon = Operations Planning]
R12. Each Transmission Operator shall participate in its Reliability Coordinators restoration
drills, exercises, or simulations as requested by its Reliability Coordinator. [Violation
Risk Factor = Medium] [Time Horizon = Operations Planning]
R13. Each Transmission Operator and each Generator Operator with a Blackstart Resource
shall have written Blackstart Resource Agreements or mutually agreed upon
procedures or protocols, specifying the terms and conditions of their arrangement.
Such Agreements shall include references to the Blackstart Resource testing
requirements. [Violation Risk Factor = Medium] [Time Horizon = Operations
Planning]
R14. Each Generator Operator with a Blackstart Resource shall have documented procedures
for starting each Blackstart Resource and energizing a bus. [Violation Risk Factor =
R15. Each Generator Operator with a Blackstart Resource shall notify its Transmission
Operator of any known changes to the capabilities of that Blackstart Resource affecting
the ability to meet the Transmission Operators restoration plan within 24 hours
following such change. [Violation Risk Factor = Medium] [Time Horizon =
R16. Each Generator Operator with a Blackstart Resource shall perform Blackstart Resource
tests, and maintain records of such testing, in accordance with the testing requirements
set by the Transmission Operator to verify that the Blackstart Resource can perform as
specified in the restoration plan. [Violation Risk Factor = Medium] [Time Horizon =
R16.1. Testing records shall include at a minimum: name of the Blackstart Resource,
unit tested, date of the test, duration of the test, time required to start the unit,
an indication of any testing requirements not met under Requirement R9.
R16.2. Each Generator Operator shall provide the blackstart test results within 30
calendar days following a request from its Reliability Coordinator or
Transmission Operator.
R17. Each Generator Operator with a Blackstart Resource shall provide a minimum of two
hours of training every two calendar years to each of its operating personnel
responsible for the startup of its Blackstart Resource generation units and energizing a
bus. The training program shall include training on the following: [Violation Risk
Factor = Medium] [Time Horizon = Operations Planning]
R17.1. System restoration plan including coordination with the Transmission
Operator.
R17.2. The procedures documented in Requirement R14.
5
R18. Each Generator Operator shall participate in the Reliability Coordinators restoration
drills, exercises, or simulations as requested by the Reliability Coordinator. [Violation
Risk Factor = Medium] [Time Horizon = Operations Planning]
C. Measures
M1. Each Transmission Operator shall have a dated, documented System restoration plan
developed in accordance with Requirement R1 that has been approved by its
Reliability Coordinator as shown with the documented approval from its Reliability
Coordinator.
M2. Each Transmission Operator shall have evidence such as e-mails with receipts or
registered mail receipts that it provided the entities identified in its approved
restoration plan with a description of any changes to their roles and specific tasks prior
to the implementation date of the plan in accordance with Requirement R2.
M3. Each Transmission Operator shall have documentation such as a dated review signature
sheet, revision histories, e-mails with receipts, or registered mail receipts, that it has
annually reviewed and submitted the Transmission Operators restoration plan to its
Reliability Coordinator in accordance with Requirement R3.
M4. Each Transmission Operator shall have documentation such as dated review signature
sheets, revision histories, e-mails with receipts, or registered mail receipts, that it has
updated its restoration plan and submitted it to its Reliability Coordinator in
M5. Each Transmission Operator shall have documentation that it has made the latest
Reliability Coordinator approved copy of its restoration plan available in its primary
and backup control rooms and its System Operators prior to its implementation date in
M6. Each Transmission Operator shall have documentation such as power flow outputs,
that it has verified that its latest restoration plan will accomplish its intended function
in accordance with Requirement R6.
M7. If there has been a Disturbance in which Blackstart Resources have been utilized in
restoring the shut down area of the BES to service, each Transmission Operator
involved shall have evidence such as voice recordings, e-mail, dated computer
printouts, or operator logs, that it implemented its restoration plan or restoration plan
strategies in accordance with Requirement R7.
M8. If there has been a Disturbance in which Blackstart Resources have been utilized in
restoring the shut down area of the BES to service, each Transmission Operator
involved in such an event shall have evidence, such as voice recordings, e-mail, dated
computer printouts, or operator logs, that it resynchronized shut down areas in
M9. Each Transmission Operator shall have documented Blackstart Resource testing
requirements in accordance with Requirement R9.
M10. Each Transmission Operator shall have an electronic or hard copy of the training
program material provided for its System Operators for System restoration training in
6
M11. Each Transmission Operator, each applicable Transmission Owner, and each
applicable Distribution Provider shall have an electronic or hard copy of the training
program material provided to their field switching personnel for System restoration
training and the corresponding training records including training dates and duration in
M12. Each Transmission Operator shall have evidence, such as training records, that it
participated in the Reliability Coordinators restoration drills, exercises, or simulations
as requested in accordance with Requirement R12.
M13. Each Transmission Operator and Generator Operator with a Blackstart Resource shall
have the dated Blackstart Resource Agreements or mutually agreed upon procedures or
protocols in accordance with Requirement R13.
M14. Each Generator Operator with a Blackstart Resource shall have dated documented
procedures on file for starting each unit and energizing a bus in accordance with
Requirement R14.
M15. Each Generator Operator with a Blackstart Resource shall provide evidence, such as e-
mails with receipts or registered mail receipts, showing that it notified its Transmission
Operator of any known changes to its Blackstart Resource capabilities within twenty-
four hours of such changes in accordance with Requirement R15.
M16. Each Generator Operator with a Blackstart Resource shall maintain dated
documentation of its Blackstart Resource test results and shall have evidence such as e-
mails with receipts or registered mail receipts, that it provided these records to its
Reliability Coordinator and Transmission Operator when requested in accordance with
Requirement R16.
M17. Each Generator Operator with a Blackstart Resource shall have an electronic or hard
copy of the training program material provided to its operating personnel responsible
for the startup and synchronization of its Blackstart Resource generation units and a
copy of its dated training records including training dates and durations showing that it
has provided training in accordance with Requirement R17.
M18. Each Generator Operator shall have evidence, such as dated training records, that it
participated in the Reliability Coordinators restoration drills, exercises, or simulations
if requested to do so in accordance with Requirement R18.
D. Compliance
Regional Entity.
Not applicable.
Compliance Audits
Self-Certifications
7
Spot Checking
Self-Reporting
Complaints
1.4. Data Retention
The Transmission Operator shall keep data or evidence to show compliance as
o Approved restoration plan and any restoration plans in force since the last
compliance audit for Requirement R1, Measure M1.
o Provided the entities identified in its approved restoration plan with a
description of any changes to their roles and specific tasks prior to the
implementation date of the plan for the current calendar year and three
prior calendar years for Requirement R2, Measure M2.
o Submission of the Transmission Operators annually reviewed restoration
plan to its Reliability Coordinator for the current calendar year and three
prior calendar years for Requirement R3, Measure M3.
o Submission of an updated restoration plan to its Reliability Coordinator
for all versions for the current calendar year and the prior three years for
Requirement R4, Measure M4.
o The current, restoration plan approved by the Reliability Coordinator and
any restoration plans for the last three calendar years that was made
available in its control rooms for Requirement R5, Measure M5.
o The verification results for the current, approved restoration plan and the
previous approved restoration plan for Requirement R6, Measure M6.
o Implementation of its restoration plan or restoration plan strategies on any
occasion for three calendar years if there has been a Disturbance in which
Blackstart Resources have been utilized in restoring the shut down area of
the BES to service for Requirement R7, Measure M7.
o Resynchronization of shut down areas on any occasion over three calendar
years if there has been a Disturbance in which Blackstart Resources have
been utilized in restoring the shut down area of the BES to service for
o The verification process and results for the current Blackstart Resource
testing requirements and the last previous Blackstart Resource testing
requirements for Requirement R9, Measure M9.
o Actual training program materials or descriptions for three calendar years
for Requirement R10, Measure M10.
o Records of participation in all requested Reliability Coordinator
restoration drills, exercises, or simulations since its last compliance audit
8
as well as one previous compliance audit period for Requirement R12,
Measure M12.
If a Transmission Operator is found non-compliant for any requirement, it shall
keep information related to the non-compliance until found compliant.
The Transmission Operator, applicable Transmission Owner, and applicable
Distribution provider shall keep data or evidence to show compliance as identified
below unless directed by its Compliance Enforcement Authority to retain specific
evidence for a longer period of time as part of an investigation:
o Actual training program materials or descriptions and actual training
records for three calendar years for Requirement R11, Measure M11.
If a Transmission Operator, applicable Transmission owner, or applicable
Distribution Provider is found non-compliant for any requirement, it shall keep
information related to the non-compliance until found compliant.
The Transmission Operator and Generator Operator with a Blackstart Resource
shall keep data or evidence to show compliance as identified below unless
directed by its Compliance Enforcement Authority to retain specific evidence for
a longer period of time as part of an investigation:
o Current Blackstart Resource Agreements and any Blackstart Resource
Agreements or mutually agreed upon procedures or protocols in force
since its last compliance audit for Requirement R13, Measure M13.
The Generator Operator with a Blackstart Resource shall keep data or evidence to
show compliance as identified below unless directed by its Compliance
part of an investigation:
o Current documentation and any documentation in force since its last
compliance audit on procedures to start each Blackstart Resources and for
energizing a bus for Requirement R14, Measure M14.
o Notification to its Transmission Operator of any known changes to its
Blackstart Resource capabilities over the last three calendar years for
o The verification test results for the current set of requirements and one
previous set for its Blackstart Resources for Requirement R16, Measure
M16.
o Actual training program materials and actual training records for three
calendar years for Requirement R17, Measure M17.
If a Generation Operator with a Blackstart Resource is found non-compliant for
any requirement, it shall keep information related to the non-compliance until
found compliant.
The Generator Operator shall keep data or evidence to show compliance as
9
o Records of participation in all requested Reliability Coordinator
restoration drills, exercises, or simulations since its last compliance audit
If a Generation Operator is found non-compliant for any requirement, it shall keep
None.
10

R1. The Transmission Operator has
an approved plan but failed to
comply with one of the sub-
requirements within the
requirement.
The Transmission Operator has
an approved plan but failed to
comply with two of the sub-
requirement.
has an approved plan but failed
to comply with three of the sub-
requirement.
does not have an approved
restoration plan.
R2. The Transmission Operator
failed to provide one of the
entities identified in its
approved restoration plan with a
description of any changes to
their roles and specific tasks
prior to the implementationdate
of the plan.
OR
provided the information to all
entities but was up to 10
calendar days late in doing so.
failed to provide two of the
prior to the implementation date
of the plan.
OR
entities but was more than 10
and less than or equal to 20
failed to provide three of the
of the plan.
OR
and less than or equal to 30
failed to provide four or more of
the entities identified in its
of the plan.
OR
submitted the reviewed
restoration plan or confirmation
of no change within 30 calendar
days after the pre-determined
schedule.
of no change more than 30 and
less than or equal to 60 calendar
schedule.
of no change more than 60 and
less than or equal to 90 calendar
schedule.
of no change more than 90
calendar days after the pre-
determined schedule.
failed to update and submit its
restoration plan to the
has failed to update and submit
its restoration plan to the
has failed to update and submit
its restoration plan to the
11
Reliability Coordinator within
90 calendar days of an
unplanned change.
more than 90 calendar days but
less than120 calendar days of an
unplanned change.
less than 150 calendar days of
unplanned change.

more than 150 calendar days of
an unplanned change.
OR
Reliability Coordinator prior to
a planned BES modification.
R5. N/A N/A N/A The Transmission Operator did
not make the latest Reliability
Coordinator approved
restoration plan available in its
primary and backup control
rooms prior to its
implementation date.
performed the verification
within the required timeframe
but did not comply with one of
the sub-requirements.
but did not comply with two of
performed the verification but
did not complete it within the
five calendar year period.
not performthe verification or it
took more than six calendar
years to complete the
verification.
OR
but did not comply with any of
R7. N/A N/A N/A The Transmission Operator did
not implement its restoration
plan following a Disturbance in
which Blackstart Resources
have been utilized in restoring
12
the shut down area of the BES.
Or, if the restoration plan cannot
be executed as expected, the
Transmission Operator did not
utilize its restoration plan
strategies to facilitate
restoration.
R8. N/A N/A N/A The Transmission Operator
resynchronized without
approval of the Reliability
Coordinator or not in
accordance with the established
procedures of the Reliability
Coordinator following a
Disturbance in which Blackstart
Resources have been utilized in
restoring the shut down area of
theBES to service.
R9. N/A N/A N/A The Transmission Operators
Blackstart Resource testing
requirements do not address one
or more of the sub-requirements
of Requirement R9.

R10. The Transmission Operators
training does not address one of
the sub-requirements of
Requirement R10.
The Transmission Operators
training does not address two of
the sub-requirements of
Requirement R10.
training does not address three
or more of the sub-requirements
of Requirement R10.
not included Systemrestoration
training in its operations
training program.
R11. The Transmission Operator,
applicable Transmission Owner,
or applicable Distribution
Provider failed to train 5% or
less of the personnel required by
Provider failed to train more
than 5% and up to 10% of the
than 10% and up to 15% of the
than 15% of the personnel
13
Requirement R11 within a two
calendar year period.
personnel required by
required by Requirement R11
within a two calendar year
period.
R12. N/A. N/A N/A

has failed to comply with a
request for their participation
fromthe Reliability
Coordinator.
R13. N/A The Transmission Operator and
Generator Operator with a
Blackstart Resource do not
reference Blackstart Resource
Testing requirements in their
written Blackstart Resource
Agreements or mutually agreed
upon procedures or protocols.
N/A The Transmission Operator and
Generator Operator with a
Blackstart resource do not have
a written Blackstart Resource
Agreement or mutually agreed
upon procedure or protocol.
R14. N/A N/A N/A The Generator Operator does
not have documented starting
and bus energizing procedures
for each Blackstart Resource.
R15. The Generator Operator with a
Blackstart Resource did not
notify the Transmission
Operator of a known change in
Blackstart Resource capability
affecting the ability to meet the
Transmission Operators
restoration plan within 24 hours
but did make the notification
within 48 hours.
The Generator Operator with a
within 72 hours.
within 96 hours.
restoration plan for more than
96 hours.
R16.
The GOP with a Blackstart
Resource performed tests and
Resource performed tests and
Resource performed tests but
14
maintained records but the
records did not include all of the
items in R16.1.
OR
The Generator Operator did not
supply the Blackstart Resource
testing records as requested for
31 to 60 calendar days of the
request.
maintained records but did not
supply the Blackstart Resource
testing records as requested for
61 days to 90 calendar days
after the request.

either did not maintain records
or did not supply the Blackstart
Resource testing records as
requested within 91 or more
calendar days after the request.

performBlackstart Resource
tests.
R17. The Generator Operator with a
train less than or equal to 10%
of the personnel required by
train more than 10% and less
than or equal to 25% of the
train more than 25% and less
train more than 50% of the
R18. N/A. N/A N/A

The Generator Operator failed
to participate in the Reliability
Coordinators restoration drills,
exercises, or simulations as
requested by the Reliability
Coordinator.
15

None.
Version History
0 August 8, 2005 Removed Proposed from
Effective Date
Errata
1 May 2, 2007 Approved by Board of
Trustees
Revised
2 TBD Revisions pursuant to
Project 2006-03
Updated testing requirements
Incorporated Attachment 1 into the
requirements
Updated Measures and Compliance to
match new Requirements
2 August 5, 2009 Adopted by Board of
Trustees
Revised
2 March 17, 2011 Order issued by FERC
approving EOP-005-2
(approval effective 5/23/11)

2 February 7, 2013 R3.1 and associated
elements approved by
NERC Board of Trustees for
retirement as part of the
Paragraph 81 project
(Project 2013-02) pending
applicable regulatory
approval.

2 J uly 1, 2013 Updated VRFs and VSLs
based on J une 24, 2013
approval.

Standard EOP-006-2 System Restoration Coordination
1
A. Introduction
1. Title: System Restoration Coordination
3. Purpose: Ensure plans are established and personnel are prepared to enable effective
coordination of the System restoration process to ensure reliability is maintained during
restoration and priority is placed on restoring the Interconnection.
4. Applicability:
5. Proposed Effective Date: Twenty-four months after the first day of the first calendar
quarter following applicable regulatory approval. In those jurisdictions where no
regulatory approval is required, all requirements go into effect twenty-four months
B. Requirements
R1. Each Reliability Coordinator shall have a Reliability Coordinator Area restoration plan.
The scope of the Reliability Coordinators restoration plan starts when Blackstart
Resources are utilized to re-energize a shut down area of the Bulk Electric System
(BES), or separation has occurred between neighboring Reliability Coordinators, or an
energized island has been formed on the BES within the Reliability Coordinator Area.
The scope of the Reliability Coordinators restoration plan ends when all of its
Transmission Operators are interconnected and it
R1.1. A description of the high level strategy to be employed during restoration
events for restoring the Interconnection including minimum criteria for
meeting the objectives of the Reliability Coordinators restoration plan.
its Reliability Coordinator Area is
connected to all of its neighboring Reliability Coordinator Areas. The restoration plan
shall include: [Violation Risk Factor = High] [Time Horizon = Operations Planning]
R1.2. Operating Processes for restoring the Interconnection.
R1.3. Descriptions of the elements of coordination between individual Transmission
Operator restoration plans.
R1.4. Descriptions of the elements of coordination of restoration plans with
neighboring Reliability Coordinators.
R1.5. Criteria and conditions for reestablishing interconnections with other
Transmission Operators within its Reliability Coordinator Area, with
Transmission Operators in other Reliability Coordinator Areas, and with other
Reliability Coordinators.
R1.6. Reporting requirements for the entities within the Reliability Coordinator Area
during a restoration event.
R1.7. Criteria for sharing information regarding restoration with neighboring
Reliability Coordinators and with Transmission Operators and Balancing
Authorities within its Reliability Coordinator Area.
2
R1.8. Identification of the Reliability Coordinator as the primary contact for
disseminating information regarding restoration to neighboring Reliability
Coordinators, and to Transmission Operators, and Balancing Authorities
within its Reliability Coordinator Area.
R1.9. Criteria for transferring operations and authority back to the Balancing
Authority.
R2. The Reliability Coordinator shall distribute its most recent Reliability Coordinator
Area restoration plan to each of its Transmission Operators and neighboring Reliability
Coordinators within 30 calendar days of creation or revision. [Violation Risk Factor =
Lower] [Time Horizon = Operations Planning]
R3. Each Reliability Coordinator shall review its restoration plan within 13 calendar
months of the last review. [Violation Risk Factor = Medium] [Time Horizon =
R4. Each Reliability Coordinator shall review their neighboring Reliability Coordinators
restoration plans. [Violation Risk Factor = Medium] [Time Horizon = Operations
Planning]
R4.1. If the Reliability Coordinator finds conflicts between its restoration plans and
any of its neighbors, the conflicts shall be resolved in 30 calendar days.
R5. Each Reliability Coordinator shall review the restoration plans required by EOP-005 of
the Transmission Operators within its Reliability Coordinator Area. [Violation Risk
R5.1. The Reliability Coordinator shall determine whether the Transmission
Operators restoration plan is coordinated and compatible with the Reliability
Coordinators restoration plan and other Transmission Operators restoration
plans within its Reliability Coordinator Area. The Reliability Coordinator
shall approve or disapprove, with stated reasons, the Transmission Operators
submitted restoration plan within 30 calendar days following the receipt of the
restoration plan from the Transmission Operator.
R6. Each Reliability Coordinator shall have a copy of its latest restoration plan and copies
of the latest approved restoration plan of each Transmission Operator in its Reliability
Coordinator Area within its primary and backup control rooms so that it is available to
all of its System Operators prior to the implementation date. [Violation Risk Factor =
Lower] [Time Horizon = Operations Planning]
R7. Each Reliability Coordinator shall work with its affected Generator Operators,
R8. The Reliability Coordinator shall coordinate or authorize resynchronizing islanded
areas that bridge boundaries between Transmission Operators or Reliability
and
Transmission Operators as well as neighboring Reliability Coordinators to monitor
restoration progress, coordinate restoration, and take actions to restore the BES
frequency within acceptable operating limits. If the restoration plan cannot be
completed as expected the Reliability Coordinator shall utilize its restoration plan
strategies to facilitate System restoration. [Violation Risk Factor = High] [Time
Horizon = Real-time Operations]
3
Coordinators. If the resynchronization cannot be completed as expected the Reliability
Coordinator shall utilize its restoration plan strategies to facilitate resynchronization.
[Violation Risk Factor = High] [Time Horizon = Real-time Operations]
R9. Each Reliability Coordinator shall include within its operations training program,
annual System restoration training for its System Operators to assure the proper
execution of its restoration plan. This training program shall address the following:
R9.1. The coordination role of the Reliability Coordinator.
R9.2. Reestablishing the Interconnection.
R10. Each Reliability Coordinator shall conduct two System restoration drills, exercises, or
simulations per calendar year, which shall include the Transmission Operators and
Generator Operators as dictated by the particular scope of the drill, exercise, or
simulation that is being conducted. [Violation Risk Factor = Medium] [Time Horizon
= Operations Planning]
R10.1. Each Reliability Coordinator shall request each Transmission Operator
identified in its restoration plan and each Generator Operator identified in the
Transmission Operators restoration plans to participate in a drill, exercise, or
simulation at least every two calendar years.
C. Measures
M1. Each Reliability Coordinator shall have available a dated copy of its restoration plan in
M2. Each Reliability Coordinator shall provide evidence such as e-mails with receipts,
posting to a secure web site with notification to affected entities, or registered mail
receipts, that its most recent restoration plan has been distributed in accordance with
Requirement R2.
M3. Each Reliability Coordinator shall provide evidence such as a review signature sheet,
or revision histories, that it has reviewed its restoration plan within 13 calendar months
of the last review in accordance with Requirement R3.
M4. Each Reliability Coordinator shall provide evidence such as dated review signature
sheets that it has reviewed its neighboring Reliability Coordinators restoration plans
and resolved any conflicts within 30 calendar days in accordance with Requirement
R4.
M5. Each Reliability Coordinator shall provide evidence, such as a review signature sheet
or emails, that it has reviewed, approved or disapproved, and notified its Transmission
Operators within 30 calendar days following the receipt of the restoration plan from
the Transmission Operator in accordance with Requirement R5.
M6. Each Reliability Coordinator shall have documentation such as e-mail receipts that it
has made the latest copy of its restoration plan and copies of the latest approved
restoration plan of each Transmission Operator in its Reliability Coordinator Area
available in its primary and backup control rooms and to each of its System Operators
prior to the implementation date in accordance with Requirement R6.
4
M7. Each Reliability Coordinator involved shall have evidence such as voice recordings, e-
mail, dated computer printouts, or operator logs, that it monitored and coordinated
restoration progress in accordance with Requirement R7.
M8. If there has been a resynchronizing of an islanded area, each Reliability Coordinator
involved shall have evidence such as voice recordings, e-mail, or operator logs, that it
coordinated or authorized resynchronizing in accordance with Requirement R8.
M9. Each Reliability Coordinator shall have an electronic or hard copy of its training
records available showing that it has provided training in accordance with Requirement
R9.
M10. Each Reliability Coordinator shall have evidence that it conducted two System
restoration drills, exercises, or simulations per calendar year and that Transmission
Operators and Generator Operators included in the Reliability Coordinators restoration
plan were invited in accordance with Requirement R10.
D. Compliance
Regional Entity.
Not applicable.
Compliance Audits
Self-Certifications
Spot Checking
Self-Reporting
Complaints
1.4. Data Retention
The Reliability Coordinator shall keep data or evidence to show compliance as
o The current restoration plan and any restoration plans in force since the
last compliance audit for Requirement R1, Measure M1.
o Distribution of its most recent restoration plan and any restoration plans in
force for the current calendar year and three prior calendar years for
o Its reviewed restoration plan for the current review period and the last
three prior review periods for Requirement R3, Measure M3.
5
o Reviewed copies of neighboring Reliability Coordinator restoration plans
for the current calendar year and the three prior calendar years for
o The reviewed restoration plans for the current calendar year and the last
three prior calendar years for Requirement R5, Measure M5.
o The current, approved restoration plan and any restoration plans in force
for the last three calendar years was made available in its control rooms
o If there has been a restoration event, implementation of its restoration plan
on any occasion over a rolling 12 month period for Requirement R7,
Measure M7.
o If there has been a resynchronization of an islanded area, implementation
of its restoration plan on any occasion over a rolling 12 month period for
o Actual training program materials or descriptions for three calendar years
for Requirements R9, Measure M9.
o Records of all Reliability Coordinator restoration drills, exercises, or
simulations since its last compliance audit as well as one previous
compliance audit period for Requirement R10, Measure M10.
If a Reliability Coordinator is found non-compliant, it shall keep information
related to the non-compliance until found compliant.
None.
6
R1. The Reliability Coordinator
failed to include one sub-
requirement of Requirement R1
within its restoration plan.
The Reliability Coordinator
failed to include two sub-
requirements of Requirement
R1 within its restoration plan.
failed to include three of the
sub-requirements of
Requirement R1 within its
restoration plan.
failed to include four or more of
the sub-requirements within its
restoration plan.
distributed the most recent
Reliability Coordinator Area
restoration plan to the entities
identified in Requirement R2
but was more than 30 calendar
days late but less than 60
calendar days late.
but was 60 calendar days or
more late, but less than 90
calendar days late.
but was 90 or more calendar
days late but less than 120
calendar days late.
restoration plan to entities
but was 120 calendar days or
more late.
R3. N/A N/A N/A The Reliability Coordinator did
not review its restoration plan
within 13 calendar months of
the last review.
R4. The Reliability Coordinator did
not review and resolve conflicts
with the submitted restoration
plans fromits neighboring
Reliability Coordinators within
30 calendar days but did resolve
conflicts within 60 calendar
days.
The Reliability Coordinator did
30 calendar days but did resolve
conflicts within 90 calendar
days.
did not review and resolve
conflicts with the submitted
restoration plans fromits
neighboring Reliability
Coordinators within 30 calendar
days but did resolve conflicts
within 120 calendar days.
120 calendar days.
7
3.
R5. The Reliability Coordinator did
not review and
approve/disapprove the
submitted restoration plans
fromits Transmission
Operators and neighboring
30 calendar days of receipt but
did review and
approve/disapprove the plans
within 45 calendar days of
receipt.

OR

failed to notify the
Transmission Operator of its
approval or disapproval with
stated reasons for disapproval
receipt but did notify the
reasons within 45 calendar days
of receipt.
not review and
did review and
receipt.

OR

receipt, but did notify the
of receipt
not review and
did review and
receipt.

OR

receipt but did notify the
of receipt.
not review and
Reliability Coordinators for
more than 90 calendar days of
receipt.

OR

for more than 90 calendar days
of receipt. .
R6. N/A N/A The Reliability Coordinator did
not have a copy of the latest
approved restoration plan of all
Transmission Operators in its
within its primary and backup
control rooms prior to the
not have a copy of its latest
restoration plan within its
primary and backup control
rooms prior to the
8
not work with its affected
Generator Operators and
Transmission Operators as well
as neighboring Reliability
Coordinators to monitor
restoration progress, coordinate
restoration, and take actions to
restore the BES frequency
within acceptable operating
limits.

OR

When the restoration plan
cannot be completed as
expected, the Reliability
Coordinator did not utilize its
restoration plan strategies to
facilitate Systemrestoration.
not coordinate or authorize
resynchronizing islanded areas
that bridge boundaries between
Transmission Operators or

OR

If the resynchronization could
not be completed as expected,
the Reliability Coordinator did
9
not utilize its restoration plan
strategies to facilitate
resynchronization.
R9. N/A N/A The Reliability Coordinator
included the annual System
restoration training within its
operations training program, but
did not address both of the sub-
requirements.
not include the annual System
restoration training within its
operations training program.
only held one restoration drill,
exercise, or simulation during
the calendar year.
not invite a Transmission
Operator or Generator Operator
identified in its restoration plan
to participate in a drill, exercise,
or simulation within two
calendar years.
N/A The Reliability Coordinator did
not hold a restoration drill,
exercise, or simulation during
the calendar year.

10

None.

Version History
Date
Errata
2 TBD Revisions pursuant to Project 2006-03 Updated Measures
and Compliance to
match new
Requirements
2 August 5, 2009 Adopted by Board of Trustees Revised
2 March 17, 2011 Order issued by FERC approving EOP-
006-2 (approval effective 5/23/11)

2 J uly 1, 2013 Updated VRFs and VSLs based on J une
24, 2013 approval.

Standard EOP-008-1 Loss of Control Center Functionality
Page 1 of 9

A. Introduction
1. Title: Loss of Control Center Functionality
3. Purpose: Ensure continued reliable operations of the Bulk Electric System (BES) in the
event that a control center becomes inoperable.
4. Applicability:
4.1. Functional Entity
4.1.1. Reliability Coordinator.
4.1.2. Transmission Operator.
4.1.3. Balancing Authority.
5. Effective Date: The first day of the first calendar quarter twenty-four months after
applicable regulatory approval. In those jurisdictions where no regulatory approval is required,
the standard shall become effective on the first day of the first calendar quarter twenty-four
months after Board of Trustees adoption.
B. Requirements
R1. Each Reliability Coordinator, Balancing Authority, and Transmission Operator shall have a
current Operating Plan describing the manner in which it continues to meet its functional
obligations with regard to the reliable operations of the BES in the event that its primary
control center functionality is lost. This Operating Plan for backup functionality shall include
the following, at a minimum: [Violation Risk Factor = Medium] [Time Horizon = Operations
Planning]
1.1. The location and method of implementation for providing backup functionality for the
time it takes to restore the primary control center functionality.
1.2. A summary description of the elements required to support the backup functionality.
These elements shall include, at a minimum:
1.2.1. Tools and applications to ensure that System Operators have situational
awareness of the BES.
1.2.2. Data communications.
1.2.3. Voice communications.
1.2.4. Power source(s).
1.2.5. Physical and cyber security.
1.3. An Operating Process for keeping the backup functionality consistent with the primary
control center.
1.4. Operating Procedures, including decision authority, for use in determining when to
implement the Operating Plan for backup functionality.
1.5. A transition period between the loss of primary control center functionality and the time
to fully implement the backup functionality that is less than or equal to two hours.
1.6. An Operating Process describing the actions to be taken during the transition period
between the loss of primary control center functionality and the time to fully implement
backup functionality elements identified in Requirement R1, Part 1.2. The Operating
Process shall include at a minimum:
Page 2 of 9
1.6.1. A list of all entities to notify when there is a change in operating locations.
1.6.2. Actions to manage the risk to the BES during the transition from primary to
backup functionality as well as during outages of the primary or backup
functionality.
1.6.3. Identification of the roles for personnel involved during the initiation and
implementation of the Operating Plan for backup functionality.
R2. Each Reliability Coordinator, Balancing Authority, and Transmission Operator shall have a
copy of its current Operating Plan for backup functionality available at its primary control
center and at the location providing backup functionality. [Violation Risk Factor = Lower]
[Time Horizon = Operations Planning]
R3. Each Reliability Coordinator shall have a backup control center facility (provided through its
own dedicated backup facility or at another entitys control center staffed with certified
Reliability Coordinator operators when control has been transferred to the backup facility) that
provides the functionality required for maintaining compliance with all Reliability Standards
that depend on primary control center functionality. To avoid requiring a tertiary facility, a
backup facility is not required during: [Violation Risk Factor = High] [Time Horizon =
Planned outages of the primary or backup facilities of two weeks or less
Unplanned outages of the primary or backup facilities
R4. Each Balancing Authority and Transmission Operator shall have backup functionality
(provided either through a facility or contracted services staffed by applicable certified
operators when control has been transferred to the backup functionality location) that includes
monitoring, control, logging, and alarming sufficient for maintaining compliance with all
Reliability Standards that depend on a Balancing Authority and Transmission Operators
primary control center functionality respectively. To avoid requiring tertiary functionality,
backup functionality is not required during: [Violation Risk Factor = High] [Time Horizon =
Planned outages of the primary or backup functionality of two weeks or less
Unplanned outages of the primary or backup functionality
R5. Each Reliability Coordinator, Balancing Authority, and Transmission Operator, shall annually
review and approve its Operating Plan for backup functionality. [Violation Risk Factor =
5.1. An update and approval of the Operating Plan for backup functionality shall take
place within sixty calendar days of any changes to any part of the Operating Plan
described in Requirement R1.
R6. Each Reliability Coordinator, Balancing Authority, and Transmission Operator shall have
primary and backup functionality that do not depend on each other for the control center
functionality required to maintain compliance with Reliability Standards. [Violation Risk
R7. Each Reliability Coordinator, Balancing Authority, and Transmission Operator shall conduct
and document results of an annual test of its Operating Plan that demonstrates: [Violation Risk
7.1. The transition time between the simulated loss of primary control center functionality
and the time to fully implement the backup functionality.
7.2. The backup functionality for a minimum of two continuous hours.
Page 3 of 9
R8. Each Reliability Coordinator, Balancing Authority, and Transmission Operator that has
experienced a loss of its primary or backup functionality and that anticipates that the loss of
primary or backup functionality will last for more than six calendar months shall provide a plan
to its Regional Entity within six calendar months of the date when the functionality is lost,
showing how it will re-establish primary or backup functionality. [Violation Risk Factor =
C. Measures
M1. Each Reliability Coordinator, Balancing Authority, and Transmission Operator shall have a
dated, current, in force Operating Plan for backup functionality in accordance with Requirement
R1, in electronic or hardcopy format.
M2. Each Reliability Coordinator, Balancing Authority, and Transmission Operator shall have a
dated, current, in force copy of its Operating Plan for backup functionality in accordance with
Requirement R2, in electronic or hardcopy format, available at its primary control center and at
the location providing backup functionality.
M3. Each Reliability Coordinator shall provide dated evidence that it has a backup control center
facility (provided through its own dedicated backup facility or at another entitys control center
staffed with certified Reliability Coordinator operators when control has been transferred to the
backup facility) that provides the functionality required for maintaining compliance with all
Reliability Standards that depend on primary control center functionality in accordance with
Requirement R3.
M4. Each Balancing Authority and Transmission Operator shall provide dated evidence that its
backup functionality (provided either through a facility or contracted services staffed by
applicable certified operators when control has been transferred to the backup functionality
location) includes monitoring, control, logging, and alarming sufficient for maintaining
compliance with all Reliability Standards that depend on a Balancing Authority or
Transmission Operators primary control center functionality respectively in accordance with
Requirement R4.
M5. Each Reliability Coordinator, Balancing Authority, and Transmission Operator, shall have
evidence that its dated, current, in force Operating Plan for backup functionality, in electronic or
hardcopy format, has been reviewed and approved annually and that it has been updated within
sixty calendar days of any changes to any part of the Operating Plan described in Requirement
R1 in accordance with Requirement R5.
M6. Each Reliability Coordinator, Balancing Authority, and Transmission Operator shall have dated
evidence that its primary and backup functionality do not depend on each other for the control
center functionality required to maintain compliance with Reliability Standards in accordance
with Requirement R6.
M7. Each Reliability Coordinator, Balancing Authority, and Transmission Operator shall provide
evidence such as dated records, that it has completed and documented its annual test of its
Operating Plan for backup functionality, in accordance with Requirement R7.
M8. Each Reliability Coordinator, Balancing Authority, and Transmission Operator that has
experienced a loss of their primary or backup functionality and that anticipates that the loss of
primary or backup functionality will last for more than six calendar months shall provide
evidence that a plan has been submitted to its Regional Entity within six calendar months of the
date when the functionality is lost showing how it will re-establish primary or backup
functionality in accordance with Requirement R8.

Page 4 of 9

D. Compliance
Regional Entity.
Compliance Audits
Self-Certifications
Spot Checking
Self-Reporting
Complaints
1.3. Data Retention
The Reliability Coordinator, Balancing Authority, and Transmission Operator shall retain data
or evidence to show compliance as identified unless directed by its Compliance Enforcement
Authority to retain specific evidence for a longer period of time as part of an investigation:
Each Reliability Coordinator, Balancing Authority, and Transmission Operator shall
retain its dated, current, in force Operating Plan for backup functionality plus all
issuances of the Operating Plan for backup functionality since its last compliance audit
in accordance with Measurement M1.
retain a dated, current, in force copy of its Operating Plan for backup functionality,
with evidence of its last issue, available at its primary control center and at the location
providing backup functionality, for the current year, in accordance with Measurement
M2.
Each Reliability Coordinator shall retain dated evidence for the time period since its
last compliance audit, that it has demonstrated that it has a backup control center
facility (provided through its own dedicated backup facility or at another entitys
control center staffed with certified Reliability Coordinator operators when control has
been transferred to the backup facility) in accordance with Requirement R3 that
provides the functionality required for maintaining compliance with all Reliability
Standards that depend on primary control center functionality in accordance with
Measurement M3.
Each Balancing Authority and Transmission Operator shall retain dated evidence for
the time period since its last compliance audit, that it has demonstrated that its backup
functionality (provided either through a facility or contracted services staffed by
applicable certified operators when control has been transferred to the backup
functionality location) in accordance with Requirement R4 includes monitoring,
control, logging, and alarming sufficient for maintaining compliance with all
Reliability Standards that depend on a Balancing Authority and Transmission
Operators primary control center functionality respectively in accordance with
Measurement M4.
Each Reliability Coordinator, Balancing Authority, and Transmission Operator, shall
retain evidence for the time period since its last compliance audit, that its dated,
Page 5 of 9
current, in force Operating Plan for backup functionality, has been reviewed and
approved annually and that it has been updated within sixty calendar days of any
changes to any part of the Operating Plan described in Requirement R1 in accordance
with Measurement M5.
retain dated evidence for the current year and for any Operating Plan for backup
functionality in force since its last compliance audit, that its primary and backup
functionality do not depend on each other for the control center functionality required
to maintain compliance with Reliability Standards in accordance with Measurement
M6.
retain evidence for the current year and one previous year, such as dated records, that it
has tested its Operating Plan for backup functionality, in accordance with
Measurement M7.
Each Reliability Coordinator, Balancing Authority, and Transmission Operator that
has experienced a loss of their primary or backup functionality and that anticipates that
the loss of primary or backup functionality would last for more than six calendar
months shall retain evidence for the current in force document and any such
documents in force since its last compliance audit that a plan has been submitted to its
Regional Entity within six calendar months of the date when the functionality is lost
showing how it will re-establish primary or backup functionality in accordance with
Measurement M8.
None.
Page 6 of 9
R1. The responsible entity had a current
Operating Plan for backup functionality
but the plan was missing one of the
requirements six Parts (1.1 through 1.6).
The responsible entity had a current
Operating Plan for backup
functionality but the plan was missing
two of the requirements six Parts (1.1
through 1.6).
functionality but the plan was missing
three of the requirements six Parts
(1.1 through 1.6).
functionality, but the plan was
missing four or more of the
requirements six Parts (1.1 through
1.6)
OR
The responsible entity did not have a
current Operating Plan for backup
functionality.
R2 N/A The responsible entity did not have a
copy of its current Operating Plan for
backup functionality available in at
least one of its control locations.
N/A The responsible entity did not have a
copy of its current Operating Plan for
backup functionality at any of its
locations.
R3. N/A N/A N/A The Reliability Coordinator does not
have a backup control center facility
(provided through its own dedicated
backup facility or at another entitys
control center staffed with certified
Reliability Coordinator operators
when control has been transferred to
the backup facility) that provides the
functionality required for maintaining
compliance with all Reliability
Standards that depend on primary
control center functionality.

R4. N/A N/A N/A The responsible entity does not have
backup functionality (provided either
through a facility or contracted
services staffed by applicable certified
operators when control has been
transferred to the backup functionality
location) that includes monitoring,
control, logging, and alarming
Page 7 of 9
sufficient for maintaining compliance
with all Reliability Standards that
depend on a Balancing Authority and
Transmission Operators primary
control center functionality
respectively.

R5. The responsible entity did not update and
approve its Operating Plan for backup
functionality for more than 60 calendar
days and less than or equal to 70
calendar days after a change to any part
of the Operating Plan described in
Requirement R1.
The responsible entity did not update
and approve its Operating Plan for
backup functionality for more than 70
calendar days and less than or equal to
80 calendar days after a change to any
part of the Operating Plan described in
Requirement R1.
calendar days and less than or equal to
90 calendar days after a change to any
part of the Operating Plan described in
Requirement R1.
The responsible entity did not have
evidence that its Operating Plan for
backup functionality was annually
reviewed and approved.
OR,
calendar days after a change to any
part of the Operating Plan described
in Requirement R1.
R6. N/A
N/A N/A
The responsible entity has primary
and backup functionality that do
depend on each other for the control
center functionality required to
maintain compliance with Reliability
Standards.
R7. The responsible entity conducted an
annual test of its Operating Plan for
backup functionality but it did not
document the results.
OR,
The responsible entity conducted an
backup functionality but the test was for
less than two continuous hours but more
than or equal to 1.5 continuous hours.
backup functionality but the test was
for less than 1.5 continuous hours but
more than or equal to 1 continuous
hour.
backup functionality but the test did
not assess the transition time between
the simulated loss of its primary
control center and the time to fully
implement the backup functionality
OR,
for less than 1 continuous hour but
The responsible entity did not conduct
an annual test of its Operating Plan for
backup functionality.
OR,
for less than 0.5 continuous hours.
Page 8 of 9
more than or equal to 0.5 continuous
hours.
R8. The responsible entity experienced a loss
of its primary or backup functionality
and anticipated that the loss of primary
or backup functionality would last for
more than six calendar months and
provided a plan to its Regional Entity
showing how it will re-establish primary
or backup functionality but the plan was
submitted more than six calendar months
but less than or equal to seven calendar
months after the date when the
functionality was lost.
The responsible entity experienced a
loss of its primary or backup
functionality and anticipated that the
loss of primary or backup
functionality would last for more than
six calendar months provided a plan to
its Regional Entity showing how it
will re-establish primary or backup
functionality but the plan was
submitted in more than seven calendar
months but less than or equal to eight
calendar months after the date when
the functionality was lost.
six calendar months provided a plan to
its Regional Entity showing how it
will re-establish primary or backup
functionality but the plan was
submitted in more than eight calendar
months but less than or equal to nine
calendar months after the date when
the functionality was lost.
six calendar months, but did not
submit a plan to its Regional Entity
showing how it will re-establish
primary or backup functionality for
more than nine calendar months after
the date when the functionality was
lost.

Page 9 of 9

None.
Version History
1 TBD Revisions for Project 2006-04 Major re-write to
accommodate changes
noted in project file
1 August 5, 2010 Adopted by the Board of Trustees
1 April 21, 2011 FERC Order issued approving EOP-008-1
(approval effective June 27, 2011)

1 July 1, 2013 Updated VRFs and VSLs based on June 24,
2013 approval.

Standard FAC-001-0 Facility Connection Requirements

Effecti ve Date: April 1, 2005

A. Introduction
1. Title: Facility Connection Requirements
2. Number: FAC-001-0
3. Purpose: To avoid adverse impacts on reliability, Transmission Owners must establish
facility connection and performance requirements.
4. Applicability:
4.1. Transmission Owner
B. Requirements
R1. The Transmission Owner shall document, maintain, and publish facility connection
requirements to ensure compliance with NERC Reliability Standards and applicable Regional
Reliability Organization, subregional, Power Pool, and individual Transmission Owner
planning criteria and facility connection requirements. The Transmission Owners facility
connection requirements shall address connection requirements for:
R1.1. Generation facilities,
R1.2. Transmission facilities, and
R1.3. End-user facilities
R2. The Transmission Owners facility connection requirements shall address, but are not limited
to, the following items:
R2.1. Provide a written summary of its plans to achieve the required system performance as
described above throughout the planning horizon:
R2.1.1. Procedures for coordinated joint studies of new facilities and their impacts on
the interconnected transmission systems.
R2.1.2. Procedures for notification of new or modified facilities to others (those
responsible for the reliability of the interconnected transmission systems) as
soon as feasible.
R2.1.3. Voltage level and MW and MVAR capacity or demand at point of connection.
R2.1.4. Breaker duty and surge protection.
R2.1.5. System protection and coordination.
R2.1.6. Metering and telecommunications.
R2.1.7. Grounding and safety issues.
R2.1.8. Insulation and insulation coordination.
R2.1.9. Voltage, Reactive Power, and power factor control.
R2.1.10. Power quality impacts.
R2.1.11. Equipment Ratings.
R2.1.12. Synchronizing of facilities.


R2.1.13. Maintenance coordination.
R2.1.14. Operational issues (abnormal frequency and voltages).
R2.1.15. Inspection requirements for existing or new facilities.
R2.1.16. Communications and procedures during normal and emergency operating
conditions.
R3. The Transmission Owner shall maintain and update its facility connection requirements as
required. The Transmission Owner shall make documentation of these requirements available
to the users of the transmission system, the Regional Reliability Organization, and NERC on
request (five business days).
C. Measures
M1. The Transmission Owner shall make available (to its Compliance Monitor) for inspection
evidence that it met all the requirements stated in Reliability Standard FAC-001-0_R1.
evidence that it met all requirements stated in Reliability Standard FAC-001-0_R2.
evidence that it met all the requirements stated in Reliability Standard FAC-001-0_R3.
D. Compliance
Compliance Monitor: Regional Reliability Organization.
On request (five business days).
1.3. Data Retention
None specified.
None.
2.1. Level 1: Facility connection requirements were provided for generation,
transmission, and end-user facilities, per Reliability Standard FAC-001-0_R1, but the
document(s) do not address all of the requirements of Reliability Standard FAC-001-
0_R2.
2.2. Level 2: Facility connection requirements were not provided for all three
categories (generation, transmission, or end-user) of facilities, per Reliability Standard
FAC-001-0_R1, but the document(s) provided address all of the requirements of
Reliability Standard FAC-001-0_R2.
2.3. Level 3: Facility connection requirements were not provided for all three
categories (generation, transmission, or end-user) of facilities, per Reliability Standard
FAC-001-0_R1, and the document(s) provided do not address all of the requirements
of Reliability Standard FAC-001-0_R2.


2.4. Level 4: No document on facility connection requirements was provided per
Reliability Standard FAC-001-0_R3.
1. None identified.

Version History


Adopted by the Board of Trustees: February 9, 2012 1 of 5

A. Introduction
1. Title: Facility Connection Requirements
3. Purpose: To avoid adverse impacts on reliability, Transmission Owners and Generator
Owners must establish Facility connection and performance requirements.
4. Applicability:
4.2. Applicable Generator Owner
4.2.1 Generator Owner with an executed Agreement to evaluate the reliability impact
of interconnecting a third party Facility to the Generator Owners existing
Facility that is used to interconnect to the interconnected Transmission systems.
5. Effective Date:
5.1. In those jurisdictions where regulatory approval is required, all requirements applied to
the Transmission Owner become effective upon regulatory approval. In those
jurisdictions where no regulatory approval is required, all requirements applied to the
Transmission Owner and Regional Entity become effective upon Board of Trustees
adoption.
5.2. In those jurisdictions where regulatory approval is required, all requirements applied to
the Generator Owner become effective on the first calendar day of the first calendar
quarter one year after the date of the order approving the standard from applicable
regulatory authorities. In those jurisdictions where no regulatory approval is required, all
requirements applied to the Generator Owner become effective on the first calendar day
of the first calendar quarter one year after Board of Trustees adoption.
B. Requirements
R1. The Transmission Owner shall document, maintain, and publish Facility connection
requirements to ensure compliance with NERC Reliability Standards and applicable Regional
Entity, subregional, Power Pool, and individual Transmission Owner planning criteria and
Facility connection requirements. The Transmission Owners Facility connection
requirements shall address connection requirements for:
1.1. Generation Facilities,
1.2. Transmission Facilities, and
1.3. End-user Facilities
[VRF Medium]
R2. Each applicable Generator Owner shall, within 45 days of having an executed Agreement to
evaluate the reliability impact of interconnecting a third party Facility to the Generator
Owners existing Facility that is used to interconnect to the interconnected Transmission
systems (under FAC-002-1), document and publish its Facility connection requirements to
ensure compliance with NERC Reliability Standards and applicable Regional Entity,
subregional, Power Pool, and individual Transmission Owner planning criteria and Facility
connection requirements.


[VRF Medium]

R3. Each Transmission Owner and each applicable Generator Owner (in accordance with
Requirement R2) shall address the following items in its Facility connection requirements:
3.1. Provide a written summary of its plans to achieve the required system performance as
described in Requirements R1 or R2 throughout the planning horizon:
3.1.1. Procedures for coordinated joint studies of new Facilities and their impacts on the
interconnected Transmission systems.
3.1.2. Procedures for notification of new or modified Facilities to others (those
responsible for the reliability of the interconnected Transmission systems) as
soon as feasible.
3.1.3. Voltage level and MW and MVAR capacity or demand at point of connection.
3.1.4. Breaker duty and surge protection.
3.1.5. System protection and coordination.
3.1.6. Metering and telecommunications.
3.1.7. Grounding and safety issues.
3.1.8. Insulation and insulation coordination.
3.1.9. Voltage, Reactive Power, and power factor control.
3.1.10. Power quality impacts.
3.1.11. Equipment Ratings.
3.1.12. Synchronizing of Facilities.
3.1.13. Maintenance coordination.
3.1.14. Operational issues (abnormal frequency and voltages).
3.1.15. Inspection requirements for existing or new Facilities.
3.1.16. Communications and procedures during normal and emergency operating
conditions.
[VRF Medium]
R4. The Transmission Owner shall maintain and update its Facility connection requirements as
required. The Transmission Owner shall make documentation of these requirements available
to the users of the transmission system, the Regional Entity, and ERO on request (five
business days).
[VRF Medium]
C. Measures
M1. The Transmission Owner shall make available (to its Compliance Enforcement Authority)
evidence that it met all the requirements stated in Requirement R1.


M2. Each Generator Owner that has an executed Agreement to evaluate the reliability impact of
interconnecting a third party Facility to the Generator Owners existing Facility that is used to
interconnect to the interconnected Transmission systems shall make available (to its
Compliance Enforcement Authority) evidence that it met all requirements stated in
Requirement R2.
M3. Each Transmission Owner and each applicable Generator Owner (in accordance with
Requirement R2) shall make available (to its Compliance Enforcement Authority) evidence
that it met all requirements stated in Requirement R3.
M4. The Transmission Owner shall make available (to its Compliance Enforcement Authority)
evidence that it met all the requirements stated in Requirement R4.
D. Compliance
Compliance Monitor: Regional Entity
Compliance Audits
Self-Certifications
Spot Checking
Self-Reporting
Complaints
1.3. Data Retention
The Transmission Owner shall keep data or evidence to show compliance as identified
The Transmission Owner shall retain evidence of Requirement R1, Measure M1,
Requirement R3, Measure M3, and Requirement R4, Measure M4 from its last
audit.
The Generator Owner shall keep data or evidence to show compliance as identified
The Generator Owner shall retain evidence of Requirement R2, Measure M2, and
Requirement R3, Measure M3 from its last audit.
None.




R
#
R1 Not Applicable. The Transmission
Owner failed to do one
of the following:

Document or maintain
or publish Facility
connection
requirements as
specified in the
Requirement

OR

Failed to include one
(1) of the components
as specified in R1.1,
R1.2 or R1.3.
The Transmission
Owner failed to do one
of the following:

Failed to include (2) of
the components as
specified in R1.1, R1.2
or R1.3

OR

Failed to document or
maintain or publish its
Facility connection
requirements as
specified in the
Requirement and
failed to include one
(1) of the components
as specified in R1.1,
R1.2 or R1.3.
The Transmission
Owner did not
develop Facility
connection
requirements.
R2 The Generator Owner
failed to document and
publish Facility
connection
requirements until
more than 45 calendar
days after having an
Agreement to evaluate
the reliability impact of
interconnecting a third
party Facility to the
Generator Owners
existing Facility that is
used to interconnect to
the interconnected
Transmission systems.
The Generator Owner
publish Facility
connection
requirements until
the reliability impact of
interconnecting a third
party Facility to the
Generator Owners
the interconnected
The Generator Owner
publish Facility
connection
requirements until
the reliability impact
of interconnecting a
third party Facility to
the Generator Owners
the interconnected
The Generator
Owner failed to
document and
publish Facility
connection
requirements until
more than 80 days
after having an
Agreement to
evaluate the
reliability impact of
interconnecting a
third party Facility
to the Generator
Owners existing
Facility that is used
to interconnect to
the interconnected
Transmission
systems.
R3 The responsible
entitys Facility
connection
The responsible
entitys Facility
connection
The responsible
entitys Facility
connection
The responsible
entitys Facility
connection


requirements failed to
address one of the parts
listed in Requirement
R3, parts 3.1.1 through
3.1.16.
address two of the parts
R3, parts 3.1.1 through
3.1.16.
address three of the
parts listed in
Requirement R3, parts
3.1.1 through 3.1.16.
requirements failed
to address four or
more of the parts
listed in
Requirement R3,
parts 3.1.1 through
3.1.16.

R4 The responsible entity
made the requirements
available more than
five business days but
business days after a
request.
The responsible entity
available more than 10
business days but less
than or equal to 20
business days after a
request.
available more than 20
business days less than
or equal to 30 business
days after a request.
The responsible
entity made the
requirements
available more than
30 business days
after a request.

1. None identified.

Version History
1 Added requirements for Generator Owner
and brought overall standard format up to
date.
Revision under Project
2010-07
1 February 9,
2012
Adopted by the Board of Trustees

Standard FAC-002-1 Coordination of Plans for New Facilities
1 of 3
A. Introduction
1. Title: Coordination of Plans For New Generation, Transmission, and End-User
Facilities
3. Purpose: To avoid adverse impacts on reliability, Generator Owners and Transmission
Owners and electricity end-users must meet facility connection and performance requirements.
4. Applicability:
4.1. Generator Owner
4.4. Load-Serving Entity
4.5. Transmission Planner
4.6. Planning Authority
5. (Proposed) Effective Date: The first day of the first calendar quarter six months after
required, the first day of the first calendar quarter six months after Board of Trustees
adoption.
B. Requirements
R1. The Generator Owner, Transmission Owner, Distribution Provider, and Load-Serving Entity
seeking to integrate generation facilities, transmission facilities, and electricity end-user
facilities shall each coordinate and cooperate on its assessments with its Transmission Planner
and Planning Authority. The assessment shall include:
1.1. Evaluation of the reliability impact of the new facilities and their connections on the
interconnected transmission systems.
1.2. Ensurance of compliance with NERC Reliability Standards and applicable Regional,
subregional, Power Pool, and individual system planning criteria and facility
connection requirements.
1.3. Evidence that the parties involved in the assessment have coordinated and cooperated
on the assessment of the reliability impacts of new facilities on the interconnected
transmission systems. While these studies may be performed independently, the
results shall be jointly evaluated and coordinated by the entities involved.
1.4. Evidence that the assessment included steady-state, short-circuit, and dynamics studies
as necessary to evaluate system performance under both normal and contingency
conditions in accordance with Reliability Standards TPL-001-0, TPL-002-0, and TPL-
003-0.
1.5. Documentation that the assessment included study assumptions, system performance,
alternatives considered, and jointly coordinated recommendations.
R2. The Planning Authority, Transmission Planner, Generator Owner, Transmission Owner, Load-
Serving Entity, and Distribution Provider shall each retain its documentation (of its evaluation
of the reliability impact of the new facilities and their connections on the interconnected
transmission systems) for three years and shall provide the documentation to the Regional
2 of 3
Reliability Organization(s) and NERC on request (within 30 calendar days). (Retirement
C. Measures
M1. The Planning Authority, Transmission Planner, Generator Owner, Transmission Owner, Load-
Serving Entity, and Distribution Providers documentation of its assessment of the reliability
impacts of new facilities shall address all items in Reliability Standard FAC-002-0_R1.
M2. The Planning Authority, Transmission Planner, Generator Owner, Transmission Owner, Load-
Serving Entity, and Distribution Provider shall each have evidence of its assessment of the
reliability impacts of new facilities and their connections on the interconnected transmission
systems is retained and provided to other entities in accordance with Reliability Standard
FAC-002-0_R2. (Retirement approved by NERC BOT pending applicable regulatory
approval.)
D. Compliance
Regional Entity.
Not applicable.
Compliance Audits
Self-Certifications
Spot Checking
Self-Reporting
Complaints
1.4. Data Retention
Evidence of the assessment of the reliability impacts of new facilities and their
connections on the interconnected transmission systems: Three years.
None
1. None identified.

Version History
0 J anuary 13, 2006 Removed duplication of Regional Reliability
Organizations(s).
Errata
3 of 3
1 August 5, 2010 Modified to address Order No. 693 Directives
contained in paragraph 693.
Adopted by the NERC Board of Trustees.
Revised.
1 February 7, 2013 R2 and associated elements approved by
approval.

Standard FAC-003-1 Transmission Vegetation Management Program

A. Introduction
1. Title: Transmission Vegetation Management Program
3. Purpose: To improve the reliability of the electric transmission systems by preventing
outages from vegetation located on transmission rights-of-way (ROW) and minimizing
outages from vegetation located adjacent to ROW, maintaining clearances between
transmission lines and vegetation on and along transmission ROW, and reporting vegetation-
related outages of the transmission systems to the respective Regional Reliability
Organizations (RRO) and the North American Electric Reliability Council (NERC).
4. Applicability:
4.1. Transmission Owner.
4.2. Regional Reliability Organization.
4.3. This standard shall apply to all transmission lines operated at 200 kV and above and to
any lower voltage lines designated by the RRO as critical to the reliability of the
electric system in the region.
5. Effective Dates:
5.1. One calendar year from the date of adoption by the NERC Board of Trustees for
Requirements 1 and 2.
5.2. Sixty calendar days from the date of adoption by the NERC Board of Trustees for
Requirements 3 and 4.
B. Requirements
R1. The Transmission Owner shall prepare, and keep current, a formal transmission vegetation
management program (TVMP). The TVMP shall include the Transmission Owners
objectives, practices, approved procedures, and work specifications
1
.
R1.1. The TVMP shall define a schedule for and the type (aerial, ground) of ROW vegetation
inspections. This schedule should be flexible enough to adjust for changing
conditions. The inspection schedule shall be based on the anticipated growth of
vegetation and any other environmental or operational factors that could impact the
relationship of vegetation to the Transmission Owners transmission lines.
R1.2. The Transmission Owner, in the TVMP, shall identify and document clearances
between vegetation and any overhead, ungrounded supply conductors, taking into
consideration transmission line voltage, the effects of ambient temperature on
conductor sag under maximum design loading, and the effects of wind velocities on
conductor sway. Specifically, the Transmission Owner shall establish clearances to be
achieved at the time of vegetation management work identified herein as Clearance 1,
and shall also establish and maintain a set of clearances identified herein as Clearance
2 to prevent flashover between vegetation and overhead ungrounded supply
conductors.
R1.2.1. Clearance 1 The Transmission Owner shall determine and document
appropriate clearance distances to be achieved at the time of transmission
vegetation management work based upon local conditions and the expected
time frame in which the Transmission Owner plans to return for future

1
ANSI A300, Tree Care Operations Tree, Shrub, and Other Woody Plant Maintenance Standard Practices, while
not a requirement of this standard, is considered to be an industry best practice.

vegetation management work. Local conditions may include, but are not
limited to: operating voltage, appropriate vegetation management techniques,
fire risk, reasonably anticipated tree and conductor movement, species types
and growth rates, species failure characteristics, local climate and rainfall
patterns, line terrain and elevation, location of the vegetation within the span,
and worker approach distance requirements. Clearance 1 distances shall be
greater than those defined by Clearance 2 below.
R1.2.2. Clearance 2 The Transmission Owner shall determine and document
specific radial clearances to be maintained between vegetation and conductors
under all rated electrical operating conditions. These minimum clearance
distances are necessary to prevent flashover between vegetation and
conductors and will vary due to such factors as altitude and operating voltage.
These Transmission Owner-specific minimum clearance distances shall be no
less than those set forth in the Institute of Electrical and Electronics Engineers
(IEEE) Standard 516-2003 (Guide for Maintenance Methods on Energized
Power Lines) and as specified in its Section 4.2.2.3, Minimum Air Insulation
Distances without Tools in the Air Gap.
R1.2.2.1 Where transmission system transient overvoltage factors are not
known, clearances shall be derived from Table 5, IEEE 516-2003,
phase-to-ground distances, with appropriate altitude correction
factors applied.
R1.2.2.2 Where transmission system transient overvoltage factors are
known, clearances shall be derived from Table 7, IEEE 516-2003,
phase-to-phase voltages, with appropriate altitude correction
factors applied.
R1.3. All personnel directly involved in the design and implementation of the TVMP shall
hold appropriate qualifications and training, as defined by the Transmission Owner, to
perform their duties.
R1.4. Each Transmission Owner shall develop mitigation measures to achieve sufficient
clearances for the protection of the transmission facilities when it identifies locations
on the ROW where the Transmission Owner is restricted from attaining the clearances
specified in Requirement 1.2.1.
R1.5. Each Transmission Owner shall establish and document a process for the immediate
communication of vegetation conditions that present an imminent threat of a
transmission line outage. This is so that action (temporary reduction in line rating,
switching line out of service, etc.) may be taken until the threat is relieved.
R2. The Transmission Owner shall create and implement an annual plan for vegetation
management work to ensure the reliability of the system. The plan shall describe the methods
used, such as manual clearing, mechanical clearing, herbicide treatment, or other actions. The
plan should be flexible enough to adjust to changing conditions, taking into consideration
anticipated growth of vegetation and all other environmental factors that may have an impact
on the reliability of the transmission systems. Adjustments to the plan shall be documented as
they occur. The plan should take into consideration the time required to obtain permissions or
permits from landowners or regulatory authorities. Each Transmission Owner shall have
systems and procedures for documenting and tracking the planned vegetation management
work and ensuring that the vegetation management work was completed according to work
specifications.

R3. The Transmission Owner shall report quarterly to its RRO, or the RROs designee, sustained
transmission line outages determined by the Transmission Owner to have been caused by
vegetation.
R3.1. Multiple sustained outages on an individual line, if caused by the same vegetation,
shall be reported as one outage regardless of the actual number of outages within a 24-
hour period.
R3.2. The Transmission Owner is not required to report to the RRO, or the RROs designee,
certain sustained transmission line outages caused by vegetation: (1) Vegetation-
related outages that result from vegetation falling into lines from outside the ROW that
result from natural disasters shall not be considered reportable (examples of disasters
that could create non-reportable outages include, but are not limited to, earthquakes,
fires, tornados, hurricanes, landslides, wind shear, major storms as defined either by
the Transmission Owner or an applicable regulatory body, ice storms, and floods), and
(2) Vegetation-related outages due to human or animal activity shall not be considered
reportable (examples of human or animal activity that could cause a non-reportable
outage include, but are not limited to, logging, animal severing tree, vehicle contact
with tree, arboricultural activities or horticultural or agricultural activities, or removal
or digging of vegetation).
R3.3. The outage information provided by the Transmission Owner to the RRO, or the
RROs designee, shall include at a minimum: the name of the circuit(s) outaged, the
date, time and duration of the outage; a description of the cause of the outage; other
pertinent comments; and any countermeasures taken by the Transmission Owner.
R3.4. An outage shall be categorized as one of the following:
R3.4.1. Category 1 Grow-ins: Outages caused by vegetation growing into lines
from vegetation inside and/or outside of the ROW;
R3.4.2. Category 2 Fall-ins: Outages caused by vegetation falling into lines from
inside the ROW;
R3.4.3. Category 3 Fall-ins: Outages caused by vegetation falling into lines from
outside the ROW.
R4. The RRO shall report the outage information provided to it by Transmission Owners, as
required by Requirement 3, quarterly to NERC, as well as any actions taken by the RRO as a
result of any of the reported outages.
C. Measures
M1. The Transmission Owner has a documented TVMP, as identified in Requirement 1.
M1.1. The Transmission Owner has documentation that the Transmission Owner performed
the vegetation inspections as identified in Requirement 1.1.
M1.2. The Transmission Owner has documentation that describes the clearances identified in
Requirement 1.2.
M1.3. The Transmission Owner has documentation that the personnel directly involved in the
design and implementation of the Transmission Owners TVMP hold the qualifications
identified by the Transmission Owner as required in Requirement 1.3.
M1.4. The Transmission Owner has documentation that it has identified any areas not
meeting the Transmission Owners standard for vegetation management and any
mitigating measures the Transmission Owner has taken to address these deficiencies as
identified in Requirement 1.4.

M1.5. The Transmission Owner has a documented process for the immediate communication
of imminent threats by vegetation as identified in Requirement 1.5.
M2. The Transmission Owner has documentation that the Transmission Owner implemented the
work plan identified in Requirement 2.
M3. The Transmission Owner has documentation that it has supplied quarterly outage reports to
the RRO, or the RROs designee, as identified in Requirement 3.
M4. The RRO has documentation that it provided quarterly outage reports to NERC as identified in
Requirement 4.
D. Compliance
RRO
NERC
1.2. Compliance Monitoring Period and Reset
One calendar Year
1.3. Data Retention
Five Years
The Transmission Owner shall demonstrate compliance through self-certification
submitted to the compliance monitor (RRO) annually that it meets the requirements of
NERC Reliability Standard FAC-003-1. The compliance monitor shall conduct an on-
site audit every five years or more frequently as deemed appropriate by the compliance
monitor to review documentation related to Reliability Standard FAC-003-1. Field
audits of ROW vegetation conditions may be conducted if determined to be necessary
by the compliance monitor.
2.1. Level 1:
2.1.1. The TVMP was incomplete in one of the requirements specified in any
subpart of Requirement 1, or;
2.1.2. Documentation of the annual work plan, as specified in Requirement 2, was
incomplete when presented to the Compliance Monitor during an on-site
audit, or;
2.1.3. The RRO provided an outage report to NERC that was incomplete and did not
contain the information required in Requirement 4.
2.2. Level 2:
2.2.1. The TVMP was incomplete in two of the requirements specified in any
subpart of Requirement 1, or;
2.2.2. The Transmission Owner was unable to certify during its annual self-
certification that it fully implemented its annual work plan, or documented
deviations from, as specified in Requirement 2.
2.2.3. The Transmission Owner reported one Category 2 transmission vegetation-
related outage in a calendar year.

2.3. Level 3:
2.3.1. The Transmission Owner reported one Category 1 or multiple Category 2
transmission vegetation-related outages in a calendar year, or;
2.3.2. The Transmission Owner did not maintain a set of clearances (Clearance 2),
as defined in Requirement 1.2.2, to prevent flashover between vegetation
and overhead ungrounded supply conductors, or;
2.3.3. The TVMP was incomplete in three of the requirements specified in any
subpart of Requirement 1.
2.4. Level 4:
2.4.1. The Transmission Owner reported more than one Category 1 transmission
vegetation-related outage in a calendar year, or;
2.4.2. The TVMP was incomplete in four or more of the requirements specified in
any subpart of Requirement 1.
None Identified.

Version History
Version 1 TBA 1. Added Standard Development
Roadmap.
2. Changed 60 to Sixty in section A,
5.2.
3. Added Proposed Effective Date: April
7, 2006 to footer.
4. Added Draft 3: November 17, 2005 to
footer.
01/20/06

FAC-003-2 Transmission Vegetation Management

1
Effective Dates

This standard becomes effective on the first calendar day of the first calendar quarter one year after the date of the order approving
the standard from applicable regulatory authorities where such explicit approval is required. Where no regulatory approval is
required, the standard becomes effective on the first calendar day of the first calendar quarter one year after Board of Trustees
adoption.

Requirement Jurisdiction
Alberta British
Columbia
Manitoba New
Brunswick
Newfound-
land
Nova
Scotia
Ontario Quebec Saskatch-
ewan
USA
R1 R7
(All Req.)
TBD TBD TBD TBD TBD TBD TBD TBD TBD TBD

Effective dates for individual lines when they undergo specific transition cases:

1. A line operated below 200kV, designated by the Planning Coordinator as an element of an Interconnection Reliability
Operating Limit (IROL) or designated by the Western Electricity Coordinating Council (WECC) as an element of a Major WECC
Transfer Path, becomes subject to this standard the latter of: 1) 12 months after the date the Planning Coordinator or WECC
initially designates the line as being an element of an IROL or an element of a Major WECC Transfer Path, or 2) January 1 of
the planning year when the line is forecast to become an element of an IROL or an element of a Major WECC Transfer Path.

2. A line operated below 200 kV currently subject to this standard as a designated element of an IROL or a Major WECC Transfer
Path which has a specified date for the removal of such designation will no longer be subject to this standard effective on
that specified date.


2
3. A line operated at 200 kV or above, currently subject to this standard which is a designated element of an IROL or a Major
WECC Transfer Path and which has a specified date for the removal of such designation will be subject to Requirement R2
and no longer be subject to Requirement R1 effective on that specified date.

4. An existing transmission line operated at 200kV or higher which is newly acquired by an asset owner and which was not
previously subject to this standard becomes subject to this standard 12 months after the acquisition date.

5. An existing transmission line operated below 200kV which is newly acquired by an asset owner and which was not previously
subject to this standard becomes subject to this standard 12 months after the acquisition date of the line if at the time of
acquisition the line is designated by the Planning Coordinator as an element of an IROL or by WECC as an element of a Major
WECC Transfer Path.


3

A. Introduction
1. Title: Transmission Vegetation Management


3. Purpose: To maintain a reliable electric transmission system by using a defense-in-
depth strategy to manage vegetation located on transmission rights of
way (ROW) and minimize encroachments from vegetation located
adjacent to the ROW, thus preventing the risk of those vegetation-related
outages that could lead to Cascading.

4. Applicability
4.1. Functional Entities:
4.1.1 Transmission Owners
4.2. Facilities: Defined below (referred to as applicable lines), including but not
limited to those that cross lands owned by federal
1
4.2.1. Each overhead transmission line operated at 200kV or higher.
, state, provincial, public,
private, or tribal entities:
4.2.2. Each overhead transmission line operated below 200kV identified as an
element of an IROL under NERC Standard FAC-014 by the Planning
Coordinator.
4.2.3. Each overhead transmission line operated below 200 kV identified as an
element of a Major WECC Transfer Path in the Bulk Electric System by
WECC.
4.2.4. Each overhead transmission line identified above (4.2.1 through 4.2.3)
located outside the fenced area of the switchyard, station or substation
and any portion of the span of the transmission line that is crossing the
substation fence.
5. Background:
This standard uses three types of requirements to provide layers of protection to
prevent vegetation related outages that could lead to Cascading:
a) Performance-based defines a particular reliability objective or outcome to be
achieved. In its simplest form, a results-based requirement has four

1
EPAct 2005 section 1211c: Access
approvals by Federal agencies.

4
components: who, under what conditions (if any), shall perform what action, to
achieve what particular bulk power system performance result or outcome?
b) Risk-based preventive requirements to reduce the risks of failure to acceptable
tolerance levels. A risk-based reliability requirement should be framed as: who,
under what conditions (if any), shall perform what action, to achieve what
particular result or outcome that reduces a stated risk to the reliability of the bulk
power system?
c) Competency-based defines a minimum set of capabilities an entity needs to
have to demonstrate it is able to perform its designated reliability functions. A
competency-based reliability requirement should be framed as: who, under what
conditions (if any), shall have what capability, to achieve what particular result or
outcome to perform an action to achieve a result or outcome or to reduce a risk
to the reliability of the bulk power system?
The defense-in-depth strategy for reliability standards development recognizes that
each requirement in a NERC reliability standard has a role in preventing system failures,
and that these roles are complementary and reinforcing. Reliability standards should
not be viewed as a body of unrelated requirements, but rather should be viewed as
part of a portfolio of requirements designed to achieve an overall defense-in-depth
strategy and comport with the quality objectives of a reliability standard.
This standard uses a defense-in-depth approach to improve the reliability of the
electric Transmission system by:
Requiring that vegetation be managed to prevent vegetation encroachment
inside the flash-over clearance (R1 and R2);
Requiring documentation of the maintenance strategies, procedures, processes
and specifications used to manage vegetation to prevent potential flash-over
conditions including consideration of 1) conductor dynamics and 2) the
interrelationships between vegetation growth rates, control methods and the
inspection frequency (R3);
Requiring timely notification to the appropriate control center of vegetation
conditions that could cause a flash-over at any moment (R4);
Requiring corrective actions to ensure that flash-over distances will not be
violated due to work constrains such as legal injunctions (R5);
Requiring inspections of vegetation conditions to be performed annually (R6);
and
Requiring that the annual work needed to prevent flash-over is completed (R7).
For this standard, the requirements have been developed as follows:
Performance-based: Requirements 1 and 2
Competency-based: Requirement 3

5
Risk-based: Requirements 4, 5, 6 and 7
R3 serves as the first line of defense by ensuring that entities understand the problem
they are trying to manage and have fully developed strategies and plans to manage the
problem. R1, R2, and R7 serve as the second line of defense by requiring that entities
carry out their plans and manage vegetation. R6, which requires inspections, may be
either a part of the first line of defense (as input into the strategies and plans) or as a
third line of defense (as a check of the first and second lines of defense). R4 serves as
the final line of defense, as it addresses cases in which all the other lines of defense
have failed.
Major outages and operational problems have resulted from interference between
overgrown vegetation and transmission lines located on many types of lands and
ownership situations. Adherence to the standard requirements for applicable lines on
any kind of land or easement, whether they are Federal Lands, state or provincial lands,
public or private lands, franchises, easements or lands owned in fee, will reduce and
manage this risk. For the purpose of the standard the term public lands includes
municipal lands, village lands, city lands, and a host of other governmental entities.
This standard addresses vegetation management along applicable overhead lines and
does not apply to underground lines, submarine lines or to line sections inside an
electric station boundary.
This standard focuses on transmission lines to prevent those vegetation related outages
that could lead to Cascading. It is not intended to prevent customer outages due to tree
contact with lower voltage distribution system lines. For example, localized customer
service might be disrupted if vegetation were to make contact with a 69kV transmission
line supplying power to a 12kV distribution station. However, this standard is not
written to address such isolated situations which have little impact on the overall
electric transmission system.
Since vegetation growth is constant and always present, unmanaged vegetation poses
an increased outage risk, especially when numerous transmission lines are operating at
or near their Rating. This can present a significant risk of consecutive line failures when
lines are experiencing large sags thereby leading to Cascading. Once the first line fails
the shift of the current to the other lines and/or the increasing system loads will lead to
the second and subsequent line failures as contact to the vegetation under those lines
occurs. Conversely, most other outage causes (such as trees falling into lines, lightning,
animals, motor vehicles, etc.) are not an interrelated function of the shift of currents or
the increasing system loading. These events are not any more likely to occur during
heavy system loads than any other time. There is no cause-effect relationship which
creates the probability of simultaneous occurrence of other such events. Therefore
these types of events are highly unlikely to cause large-scale grid failures. Thus, this
standard places the highest priority on the management of vegetation to prevent
vegetation grow-ins.

6

R1. Each Transmission Owner shall manage vegetation to prevent encroachments into the
MVCD of its applicable line(s) which are either an element of an IROL, or an element of
a Major WECC Transfer Path; operating within their Rating and all Rated Electrical
Operating Conditions of the types shown below
2
1. An encroachment into the MVCD as shown in FAC-003-Table 2, observed in Real-
time, absent a Sustained Outage,
[Violation Risk Factor: High] [Time
Horizon: Real-time]:
3
2. An encroachment due to a fall-in from inside the ROW that caused a vegetation-
related Sustained Outage,

4
3. An encroachment due to the blowing together of applicable lines and vegetation
located inside the ROW that caused a vegetation-related Sustained Outage,
4

4. An encroachment due to vegetation growth into the MVCD that caused a
vegetation-related Sustained Outage.
4

M1. Each Transmission Owner has evidence that it managed vegetation to prevent
encroachment into the MVCD as described in R1. Examples of acceptable forms of
evidence may include dated attestations, dated reports containing no Sustained
Outages associated with encroachment types 2 through 4 above, or records
confirming no Real-time observations of any MVCD encroachments. (R1)

R2. Each Transmission Owner shall manage vegetation to prevent encroachments into the
MVCD of its applicable line(s) which are not either an element of an IROL, or an
element of a Major WECC Transfer Path; operating within its Rating and all Rated
Electrical Operating Conditions of the types shown below
2
[Violation Risk Factor: High]
[Time Horizon: Real-time]:
1. An encroachment into the MVCD, observed in Real-time, absent a Sustained
Outage,
3

4

3. An encroachment due to blowing together of applicable lines and vegetation
located inside the ROW that caused a vegetation-related Sustained Outage,
4

2
This requirement does not apply to circumstances that are beyond the control of a Transmission Owner subject to this
reliability standard, including natural disasters such as earthquakes, fires, tornados, hurricanes, landslides, wind shear, fresh
gale, major storms as defined either by the Transmission Owner or an applicable regulatory body, ice storms, and floods;
human or animal activity such as logging, animal severing tree, vehicle contact with tree, or installation, removal, or digging of
vegetation. Nothing in this footnote should be construed to limit the Transmission Owners right to exercise its full legal rights
on the ROW.
3
If a later confirmation of a Fault by the Transmission Owner shows that a vegetation encroachment within the MVCD has
occurred from vegetation within the ROW, this shall be considered the equivalent of a Real-time observation.
4
Multiple Sustained Outages on an individual line, if caused by the same vegetation, will be reported as one outage regardless
of the actual number of outages within a 24-hour period.

7
4. An encroachment due to vegetation growth into the line MVCD that caused a
vegetation-related Sustained Outage
4

M2. Each Transmission Owner has evidence that it managed vegetation to prevent
encroachment into the MVCD as described in R2. Examples of acceptable forms of
evidence may include dated attestations, dated reports containing no Sustained
Outages associated with encroachment types 2 through 4 above, or records
confirming no Real-time observations of any MVCD encroachments. (R2)

R3. Each Transmission Owner shall have documented maintenance
strategies or procedures or processes or specifications it uses to
prevent the encroachment of vegetation into the MVCD of its
applicable lines that accounts for the following:
3.1 Movement of applicable line conductors under their Rating and
all Rated Electrical Operating Conditions;
3.2 Inter-relationships between vegetation growth rates,
vegetation control methods, and inspection frequency.
[Violation Risk Factor: Lower] [Time Horizon: Long Term Planning]:

M3. The maintenance strategies or procedures or processes or specifications provided
demonstrate that the Transmission Owner can prevent encroachment into the MVCD
considering the factors identified in the requirement. (R3)

R4. Each Transmission Owner, without any intentional time delay, shall notify the control
center holding switching authority for the associated applicable line when the
Transmission Owner has confirmed the existence of a vegetation condition that is
likely to cause a Fault at any moment [Violation Risk Factor: Medium] [Time Horizon:
Real-time].

M4. Each Transmission Owner that has a confirmed vegetation condition likely to cause a
Fault at any moment will have evidence that it notified the control center holding
switching authority for the associated transmission line without any intentional time
delay. Examples of evidence may include control center logs, voice recordings,
switching orders, clearance orders and subsequent work orders. (R4)

R5. When a Transmission Owner is constrained from performing vegetation work on an
applicable line operating within its Rating and all Rated Electrical Operating
Conditions, and the constraint may lead to a vegetation encroachment into the MVCD
prior to the implementation of the next annual work plan, then the Transmission
Owner shall take corrective action to ensure continued vegetation management to
prevent encroachments [Violation Risk Factor: Medium] [Time Horizon: Operations
Planning].


8
M5. Each Transmission Owner has evidence of the corrective action taken for each
constraint where an applicable transmission line was put at potential risk. Examples
of acceptable forms of evidence may include initially-planned work orders,
documentation of constraints from landowners, court orders, inspection records of
increased monitoring, documentation of the de-rating of lines, revised work orders,
invoices, or evidence that the line was de-energized. (R5)

R6. Each Transmission Owner shall perform a Vegetation Inspection of 100% of its
applicable transmission lines (measured in units of choice - circuit, pole line, line miles
or kilometers, etc.) at least once per calendar year and with no more than 18 calendar
months between inspections on the same ROW
5

[Violation Risk Factor: Medium] [Time
Horizon: Operations Planning].
M6. Each Transmission Owner has evidence that it conducted Vegetation Inspections of
the transmission line ROW for all applicable lines at least once per calendar year but
with no more than 18 calendar months between inspections on the same ROW.
Examples of acceptable forms of evidence may include completed and dated work
orders, dated invoices, or dated inspection records. (R6)

R7. Each Transmission Owner shall complete 100% of its annual vegetation work plan of
applicable lines to ensure no vegetation encroachments occur within the MVCD.
Modifications to the work plan in response to changing conditions or to findings from
vegetation inspections may be made (provided they do not allow encroachment of
vegetation into the MVCD) and must be documented. The percent completed
calculation is based on the number of units actually completed divided by the number
of units in the final amended plan (measured in units of choice - circuit, pole line, line
miles or kilometers, etc.) Examples of reasons for modification to annual plan may
include [Violation Risk Factor: Medium] [Time Horizon: Operations Planning]:
Change in expected growth rate/ environmental factors
Circumstances that are beyond the control of a Transmission Owner
6
Rescheduling work between growing seasons

Crew or contractor availability/ Mutual assistance agreements
Identified unanticipated high priority work
Weather conditions/Accessibility
Permitting delays
Land ownership changes/Change in land use by the landowner
Emerging technologies

5
When the Transmission Owner is prevented from performing a Vegetation Inspection within the timeframe in R6 due to a
natural disaster, the TO is granted a time extension that is equivalent to the duration of the time the TO was prevented from
performing the Vegetation Inspection.
6
Circumstances that are beyond the control of a Transmission Owner include but are not limited to natural disasters such as
earthquakes, fires, tornados, hurricanes, landslides, ice storms, floods, or major storms as defined either by the TO or an
applicable regulatory body.

9

M7. Each Transmission Owner has evidence that it completed its annual vegetation work
plan for its applicable lines. Examples of acceptable forms of evidence may include a
copy of the completed annual work plan (as finally modified), dated work orders,
dated invoices, or dated inspection records. (R7)

C. Compliance
Regional Entity
The Transmission Owner retains data or evidence to show compliance with
Requirements R1, R2, R3, R5, R6 and R7, Measures M1, M2, M3, M5, M6 and M7
for three calendar years unless directed by its Compliance Enforcement
investigation.
The Transmission Owner retains data or evidence to show compliance with
Requirement R4, Measure M4 for most recent 12 months of operator logs or
most recent 3 months of voice recordings or transcripts of voice recordings,
unless directed by its Compliance Enforcement Authority to retain specific
If a Transmission Owner is found non-compliant, it shall keep information related
to the non-compliance until found compliant or for the time period specified
above, whichever is longer.
Compliance Audit
Self-Certification
Spot Checking
Compliance Violation Investigation

10
Self-Reporting
Complaint
Periodic Data Submittal

Periodic Data Submittal: The Transmission Owner will submit a quarterly report
to its Regional Entity, or the Regional Entitys designee, identifying all Sustained
Outages of applicable lines operated within their Rating and all Rated Electrical
Operating Conditions as determined by the Transmission Owner to have been
caused by vegetation, except as excluded in footnote 2, and including as a
minimum the following:
o The name of the circuit(s), the date, time and duration of the outage;
the voltage of the circuit; a description of the cause of the outage; the
category associated with the Sustained Outage; other pertinent
comments; and any countermeasures taken by the Transmission
Owner.
A Sustained Outage is to be categorized as one of the following:
o Category 1A Grow-ins: Sustained Outages caused by vegetation
growing into applicable lines, that are identified as an element of an
IROL or Major WECC Transfer Path, by vegetation inside and/or
outside of the ROW;
o Category 1B Grow-ins: Sustained Outages caused by vegetation
growing into applicable lines, but are not identified as an element of
an IROL or Major WECC Transfer Path, by vegetation inside and/or
outside of the ROW;
o Category 2A Fall-ins: Sustained Outages caused by vegetation
falling into applicable lines that are identified as an element of an
IROL or Major WECC Transfer Path, from within the ROW;
o Category 2B Fall-ins: Sustained Outages caused by vegetation
falling into applicable lines, but are not identified as an element of an
o Category 3 Fall-ins: Sustained Outages caused by vegetation falling
into applicable lines from outside the ROW;
o Category 4A Blowing together: Sustained Outages caused by
vegetation and applicable lines that are identified as an element of an
IROL or Major WECC Transfer Path, blowing together from within the
ROW.

11
o Category 4B Blowing together: Sustained Outages caused by
vegetation and applicable lines, but are not identified as an element
of an IROL or Major WECC Transfer Path, blowing together from
within the ROW.
The Regional Entity will report the outage information provided by Transmission
Owners, as per the above, quarterly to NERC, as well as any actions taken by the
Regional Entity as a result of any of the reported Sustained Outages.

12

R# Time
Horizon
VRF Violation Severity Level
Lower Moderate High Severe
R1 Real-time High
N/A N/A The Transmission Owner failed
to manage vegetation to
prevent encroachment into the
MVCD of a line identified as an
element of an IROL or Major
WECC transfer path and
encroachment into the MVCD
as identified in FAC-003-Table
2 was observed in real time
absent a Sustained Outage.
The Transmission Owner failed
MVCD of a line identified as an
WECC transfer path and a
vegetation-related Sustained
Outage was caused by one of
the following:
A fall-in from inside the
active transmission line
ROW
Blowing together of
applicable lines and
vegetation located inside
the active transmission line
ROW
A grow-in
R2 Real-time High
N/A N/A The Transmission Owner failed
MVCD of a line not identified
as an element of an IROL or
Major WECC transfer path and
MVCD of a line not identified
as an element of an IROL or
Major WECC transfer path and
a vegetation-related Sustained
the following:

13
ROW
Blowing together of
ROW
A grow-in
R3
Long-Term
Planning
Lower
N/A The Transmission Owner has
maintenance strategies or
documented procedures or
processes or specifications
but has not accounted for the
inter-relationships between
vegetation growth rates,
vegetation control methods,
and inspection frequency, for
the Transmission Owners
applicable lines.
(Requirement R3, Part 3.2)
The Transmission Owner has
processes or specifications but
has not accounted for the
movement of transmission line
conductors under their Rating
and all Rated Electrical
Operating Conditions, for the
Transmission Owners
applicable lines. Requirement
R3, Part 3.1)
The Transmission Owner does
not have any maintenance
strategies or documented
procedures or processes or
specifications used to prevent
the encroachment of
vegetation into the MVCD, for
the Transmission Owners
applicable lines.
R4 Real-time Medium
N/A N/A The Transmission Owner
experienced a confirmed
vegetation threat and notified
the control center holding
switching authority for that
applicable line, but there was
intentional delay in that
notification.
The Transmission Owner
vegetation threat and did not
notify the control center
holding switching authority for
that applicable line.
R5
Operations
Planning
Medium
N/A N/A N/A The Transmission Owner did
not take corrective action
when it was constrained from
performing planned vegetation
work where an applicable line

14
was put at potential risk.
R6
Operations
Planning
Medium
failed to inspect 5% or less
of its applicable lines
(measured in units of
choice - circuit, pole line,
line miles or kilometers,
etc.)
failed to inspect more than
5% up to and including 10% of
its applicable lines (measured
in units of choice - circuit,
pole line, line miles or
kilometers, etc.).
to inspect more than 10% up
to and including 15% of its
applicable lines (measured in
units of choice - circuit, pole
line, line miles or kilometers,
etc.).
to inspect more than 15% of its
etc.).
R7
Operations
Planning
Medium
failed to complete 5% or
less of its annual
vegetation work plan for
its applicable lines (as
finally modified).
failed to complete more than
5% and up to and including
10% of its annual vegetation
work plan for its applicable
lines (as finally modified).
to complete more than 10%
and up to and including 15% of
its annual vegetation work
plan for its applicable lines (as
finally modified).
to complete more than 15% of
its annual vegetation work plan
for its applicable lines (as
finally modified).

D. Regional Differences
None.

E. Interpretations
None.

Guideline and Technical Basis (attached).


15


Enforcement:

The Requirements within a Reliability Standard govern and will be enforced. The Requirements within a Reliability Standard define
what an entity must do to be compliant and binds an entity to certain obligations of performance under Section 215 of the Federal
Power Act. Compliance will in all cases be measured by determining whether a party met or failed to meet the Reliability Standard
Requirement given the specific facts and circumstances of its use, ownership or operation of the bulk power system.

Measures provide guidance on assessing non-compliance with the Requirements. Measures are the evidence that could be
presented to demonstrate compliance with a Reliability Standard Requirement and are not intended to contain the quantitative
metrics for determining satisfactory performance nor to limit how an entity may demonstrate compliance if valid alternatives to
demonstrating compliance are available in a specific case. A Reliability Standard may be enforced in the absence of specified
Measures.

Entities must comply with the Compliance section in its entirety, including the Administrative Procedure that sets forth, among
other things, reporting requirements.

The Guideline and Technical Basis section, the Background section and text boxes with Examples and Rationale are provided
for informational purposes. They are designed to convey guidance from NERCs various activities. The Guideline and Technical
Basis section and text boxes with Examples and Rationale are not intended to establish new Requirements under NERCs
Reliability Standards or to modify the Requirements in any existing NERC Reliability Standard. Implementation of the Guideline and
Technical Basis section, the Background section and text boxes with Examples and Rationale is not a substitute for compliance
with Requirements in NERCs Reliability Standards.

Effective dates:

The first two sentences of the Effective Dates section is standard language used in most NERC standards to cover the general
effective date and is sufficient to cover the vast majority of situations. Five special cases are needed to cover effective dates for
individual lines which undergo transitions after the general effective date. These special cases cover the effective dates for those

16
lines which are initially becoming subject to the standard, those lines which are changing their applicability within the standard, and
those lines which are changing in a manner that removes their applicability to the standard.

Case 1 is needed because the Planning Coordinators may designate lines below 200 kV to become elements of an IROL or Major
WECC Transfer Path in a future Planning Year (PY). For example, studies by the Planning Coordinator in 2011 may identify a line to
have that designation beginning in PY 2021, ten years after the planning study is performed. It is not intended for the Standard to
be immediately applicable to, or in effect for, that line until that future PY begins. The effective date provision for such lines ensures
that the line will become subject to the standard on January 1 of the PY specified with an allowance of at least 12 months for the
Transmission Owner to make the necessary preparations to achieve compliance on that line. The table below has some explanatory
examples of the application.

Date that
Planning Study is
completed
PY the line
will become
an IROL
element Date 1 Date 2
Effective Date
The latter of Date 1
or Date 2
05/15/2011 2012 05/15/2012 01/01/2012 05/15/2012
05/15/2011 2013 05/15/2012 01/01/2013 01/01/2013
05/15/2011 2014 05/15/2012 01/01/2014 01/01/2014
05/15/2011 2021 05/15/2012 01/01/2021 01/01/2021

Case 2 is needed because a line operating below 200kV designated as an element of an IROL or Major WECC Transfer Path may be
removed from that designation due to system improvements, changes in generation, changes in loads or changes in studies and
analysis of the network.

Case 3 is needed because a line operating at 200 kV or above that once was designated as an element of an IROL or Major WECC
Transfer Path may be removed from that designation due to system improvements, changes in generation, changes in loads or
changes in studies and analysis of the network. Such changes result in the need to apply R1 to that line until that date is reached
and then to apply R2 to that line thereafter.


17
Case 4 is needed because an existing line that is to be operated at 200 kV or above can be acquired by a Transmission Owner from a
third party such as a Distribution Provider or other end-user who was using the line solely for local distribution purposes, but the
Transmission Owner, upon acquisition, is incorporating the line into the interconnected electrical energy transmission network
which will thereafter make the line subject to the standard.

Case 5 is needed because an existing line that is operated below 200 kV can be acquired by a Transmission Owner from a third party
such as a Distribution Provider or other end-user who was using the line solely for local distribution purposes, but the Transmission
owner, upon acquisition, is incorporating the line into the interconnected electrical energy transmission network. In this special case
the line upon acquisition was designated as an element of an Interconnection Reliability Operating Limit (IROL) or an element of a
Major WECC Transfer Path.

Defined Terms:

Explanation for revising the definition of ROW:
The current NERC glossary definition of Right of Way has been modified to address the matter set forth in Paragraph 734 of FERC
Order 693. The Order pointed out that Transmission Owners may in some cases own more property or rights than are needed to
reliably operate transmission lines. This modified definition represents a slight but significant departure from the strict legal definition
of right of way in that this definition is based on engineering and construction considerations that establish the width of a corridor
from a technical basis. The pre-2007 maintenance records are included in the revised definition to allow the use of such vegetation
widths if there were no engineering or construction standards that referenced the width of right of way to be maintained for
vegetation on a particular line but the evidence exists in maintenance records for a width that was in fact maintained prior to this
standard becoming mandatory. Such widths may be the only information available for lines that had limited or no vegetation
easement rights and were typically maintained primarily to ensure public safety. This standard does not require additional easement
rights to be purchased to satisfy a minimum right of way width that did not exist prior to this standard becoming mandatory.

Explanation for revising the definition of Vegetation Inspections:
The current glossary definition of this NERC term is being modified to allow both maintenance inspections and vegetation inspections
to be performed concurrently. This allows potential efficiencies, especially for those lines with minimal vegetation and/or slow
vegetation growth rates.

Explanation of the definition of the MVCD:

18
The MVCD is a calculated minimum distance that is derived from the Gallet Equations. This is a method of calculating a flash over
distance that has been used in the design of high voltage transmission lines. Keeping vegetation away from high voltage conductors
by this distance will prevent voltage flash-over to the vegetation. See the explanatory text below for Requirement R3 and associated
Figure 1. Table 2 below provides MVCD values for various voltages and altitudes. Details of the equations and an example calculation
are provided in Appendix 1 of the Technical Reference Document.

Guidelines:

Requirements R1 and R2:
R1 and R2 are performance-based requirements. The reliability objective or outcome to be achieved is the management of vegetation
such that there are no vegetation encroachments within a minimum distance of transmission lines. Content-wise, R1 and R2 are the
same requirements; however, they apply to different Facilities. Both R1 and R2 require each Transmission Owner to manage
vegetation to prevent encroachment within the MVCD of transmission lines. R1 is applicable to lines that are identified as an element
of an IROL or Major WECC Transfer Path. R2 is applicable to all other lines that are not elements of IROLs, and not elements of Major
WECC Transfer Paths.
The separation of applicability (between R1 and R2) recognizes that inadequate vegetation management for an applicable line that is
an element of an IROL or a Major WECC Transfer Path is a greater risk to the interconnected electric transmission system than
applicable lines that are not elements of IROLs or Major WECC Transfer Paths. Applicable lines that are not elements of IROLs or
Major WECC Transfer Paths do require effective vegetation management, but these lines are comparatively less operationally
significant.
Requirements R1 and R2 state that if inadequate vegetation management allows vegetation to encroach within the MVCD distance
as shown in Table 2, it is a violation of the standard. Table 2 distances are the minimum clearances that will prevent spark-over
based on the Gallet equations as described more fully in the Technical Reference document.
These requirements assume that transmission lines and their conductors are operating within their Rating. If a line conductor is
intentionally or inadvertently operated beyond its Rating and Rated Electrical Operating Condition (potentially in violation of other
standards), the occurrence of a clearance encroachment may occur solely due to that condition. For example, emergency actions
taken by a Transmission Operator or Reliability Coordinator to protect an Interconnection may cause excessive sagging and an
outage. Another example would be ice loading beyond the lines Rating and Rated Electrical Operating Condition. Such vegetation-
related encroachments and outages are not violations of this standard.

19
Evidence of failures to adequately manage vegetation include real-time observation of a vegetation encroachment into the MVCD
(absent a Sustained Outage), or a vegetation-related encroachment resulting in a Sustained Outage due to a fall-in from inside the
ROW, or a vegetation-related encroachment resulting in a Sustained Outage due to the blowing together of the lines and vegetation
located inside the ROW, or a vegetation-related encroachment resulting in a Sustained Outage due to a grow-in. Faults which do not
cause a Sustained outage and which are confirmed to have been caused by vegetation encroachment within the MVCD are
considered the equivalent of a Real-time observation for violation severity levels.
With this approach, the VSLs for R1 and R2 are structured such that they directly correlate to the severity of a failure of a
Transmission Owner to manage vegetation and to the corresponding performance level of the Transmission Owners vegetation
programs ability to meet the objective of preventing the risk of those vegetation related outages that could lead to Cascading.
Thus violation severity increases with a Transmission Owners inability to meet this goal and its potential of leading to a Cascading
event. The additional benefits of such a combination are that it simplifies the standard and clearly defines performance for
compliance. A performance-based requirement of this nature will promote high quality, cost effective vegetation management
programs that will deliver the overall end result of improved reliability to the system.
Multiple Sustained Outages on an individual line can be caused by the same vegetation. For example initial investigations and
corrective actions may not identify and remove the actual outage cause then another outage occurs after the line is re-energized
and previous high conductor temperatures return. Such events are considered to be a single vegetation-related Sustained Outage
under the standard where the Sustained Outages occur within a 24 hour period.
The MVCD is a calculated minimum distance stated in feet (or meters) to prevent spark-over, for various altitudes and operating
voltages that is used in the design of Transmission Facilities. Keeping vegetation from entering this space will prevent transmission
outages.
If the Transmission Owner has applicable lines operated at nominal voltage levels not listed in Table 2, then the TO should use the
next largest clearance distance based on the next highest nominal voltage in the table to determine an acceptable distance.

Requirement R3:
R3 is a competency based requirement concerned with the maintenance strategies, procedures, processes, or specifications, a
Transmission Owner uses for vegetation management.

An adequate transmission vegetation management program formally establishes the approach the Transmission Owner uses to plan
and perform vegetation work to prevent transmission Sustained Outages and minimize risk to the transmission system. The
approach provides the basis for evaluating the intent, allocation of appropriate resources, and the competency of the Transmission

20
Owner in managing vegetation. There are many acceptable approaches to manage vegetation and avoid Sustained Outages.
However, the Transmission Owner must be able to show the documentation of its approach and how it conducts work to maintain
clearances.
An example of one approach commonly used by industry is ANSI Standard A300, part 7. However, regardless of the approach a
utility uses to manage vegetation, any approach a Transmission Owner chooses to use will generally contain the following elements:
1. the maintenance strategy used (such as minimum vegetation-to-conductor distance or maximum vegetation height) to
ensure that MVCD clearances are never violated.
2. the work methods that the Transmission Owner uses to control vegetation
3. a stated Vegetation Inspection frequency
4. an annual work plan

The conductors position in space at any point in time is continuously changing in reaction to a number of different loading variables.
Changes in vertical and horizontal conductor positioning are the result of thermal and physical loads applied to the line. Thermal
loading is a function of line current and the combination of numerous variables influencing ambient heat dissipation including wind
velocity/direction, ambient air temperature and precipitation. Physical loading applied to the conductor affects sag and sway by
combining physical factors such as ice and wind loading. The movement of the transmission line conductor and the MVCD is
illustrated in Figure 1 below. In the Technical Reference document more figures and explanations of conductor dynamics are
provided.

21

Figure 1

A cross-section view of a single conductor at a given point along the span is shown with six possible conductor
positions due to movement resulting from thermal and mechanical loading.

Requirement R4:
R4 is a risk-based requirement. It focuses on preventative actions to be taken by the Transmission Owner for the mitigation of Fault
risk when a vegetation threat is confirmed. R4 involves the notification of potentially threatening vegetation conditions, without any
intentional delay, to the control center holding switching authority for that specific transmission line. Examples of acceptable
unintentional delays may include communication system problems (for example, cellular service or two-way radio disabled), crews
located in remote field locations with no communication access, delays due to severe weather, etc.

Confirmation is key that a threat actually exists due to vegetation. This confirmation could be in the form of a Transmission Owners
employee who personally identifies such a threat in the field. Confirmation could also be made by sending out an employee to
evaluate a situation reported by a landowner.


22
Vegetation-related conditions that warrant a response include vegetation that is near or encroaching into the MVCD (a grow-in
issue) or vegetation that could fall into the transmission conductor (a fall-in issue). A knowledgeable verification of the risk would
include an assessment of the possible sag or movement of the conductor while operating between no-load conditions and its rating.

The Transmission Owner has the responsibility to ensure the proper communication between field personnel and the control center
to allow the control center to take the appropriate action until or as the vegetation threat is relieved. Appropriate actions may
include a temporary reduction in the line loading, switching the line out of service, or other preparatory actions in recognition of the
increased risk of outage on that circuit. The notification of the threat should be communicated in terms of minutes or hours as
opposed to a longer time frame for corrective action plans (see R5).

All potential grow-in or fall-in vegetation-related conditions will not necessarily cause a Fault at any moment. For example, some
Transmission Owners may have a danger tree identification program that identifies trees for removal with the potential to fall near
the line. These trees would not require notification to the control center unless they pose an immediate fall-in threat.

Requirement R5:
R5 is a risk-based requirement. It focuses upon preventative actions to be taken by the Transmission Owner for the mitigation of
Sustained Outage risk when temporarily constrained from performing vegetation maintenance. The intent of this requirement is to
deal with situations that prevent the Transmission Owner from performing planned vegetation management work and, as a result,
have the potential to put the transmission line at risk. Constraints to performing vegetation maintenance work as planned could
result from legal injunctions filed by property owners, the discovery of easement stipulations which limit the Transmission Owners
rights, or other circumstances.

This requirement is not intended to address situations where the transmission line is not at potential risk and the work event can be
rescheduled or re-planned using an alternate work methodology. For example, a land owner may prevent the planned use of
chemicals on non-threatening, low growth vegetation but agree to the use of mechanical clearing. In this case the Transmission
Owner is not under any immediate time constraint for achieving the management objective, can easily reschedule work using an
alternate approach, and therefore does not need to take interim corrective action.

However, in situations where transmission line reliability is potentially at risk due to a constraint, the Transmission Owner is required
to take an interim corrective action to mitigate the potential risk to the transmission line. A wide range of actions can be taken to
address various situations. General considerations include:

23
Identifying locations where the Transmission Owner is constrained from performing planned vegetation maintenance
work which potentially leaves the transmission line at risk.
Developing the specific action to mitigate any potential risk associated with not performing the vegetation maintenance
work as planned.
Documenting and tracking the specific action taken for the location.
In developing the specific action to mitigate the potential risk to the transmission line the Transmission Owner could
consider location specific measures such as modifying the inspection and/or maintenance intervals. Where a legal
constraint would not allow any vegetation work, the interim corrective action could include limiting the loading on the
transmission line.
The Transmission Owner should document and track the specific corrective action taken at each location. This location
may be indicated as one span, one tree or a combination of spans on one property where the constraint is considered to
be temporary.

Requirement R6:
R6 is a risk-based requirement. This requirement sets a minimum time period for completing Vegetation Inspections. The provision
that Vegetation Inspections can be performed in conjunction with general line inspections facilitates a Transmission Owners ability
to meet this requirement. However, the Transmission Owner may determine that more frequent vegetation specific inspections are
needed to maintain reliability levels, based on factors such as anticipated growth rates of the local vegetation, length of the local
growing season, limited ROW width, and local rainfall. Therefore it is expected that some transmission lines may be designated with
a higher frequency of inspections.

The VSLs for Requirement R6 have levels ranked by the failure to inspect a percentage of the applicable lines to be inspected. To
calculate the appropriate VSL the Transmission Owner may choose units such as: circuit, pole line, line miles or kilometers, etc.

For example, when a Transmission Owner operates 2,000 miles of applicable transmission lines this Transmission Owner will be
responsible for inspecting all the 2,000 miles of lines at least once during the calendar year. If one of the included lines was 100
miles long, and if it was not inspected during the year, then the amount failed to inspect would be 100/2000 = 0.05 or 5%. The Low
VSL for R6 would apply in this example.


24
Requirement R7:
R7 is a risk-based requirement. The Transmission Owner is required to complete its an annual work plan for vegetation
management to accomplish the purpose of this standard. Modifications to the work plan in response to changing conditions or to
findings from vegetation inspections may be made and documented provided they do not put the transmission system at risk. The
annual work plan requirement is not intended to necessarily require a span-by-span, or even a line-by-line detailed description
of all work to be performed. It is only intended to require that the Transmission Owner provide evidence of annual planning and
execution of a vegetation management maintenance approach which successfully prevents encroachment of vegetation into the
MVCD.
For example, when a Transmission Owner identifies 1,000 miles of applicable transmission lines to be completed in the Transmission
Owners annual plan, the Transmission Owner will be responsible completing those identified miles. If a Transmission Owner makes
a modification to the annual plan that does not put the transmission system at risk of an encroachment the annual plan may be
modified. If 100 miles of the annual plan is deferred until next year the calculation to determine what percentage was completed
for the current year would be: 1000 100 (deferred miles) = 900 modified annual plan, or 900 / 900 = 100% completed annual miles.
If a Transmission Owner only completed 875 of the total 1000 miles with no acceptable documentation for modification of the
annual plan the calculation for failure to complete the annual plan would be: 1000 875 = 125 miles failed to complete then, 125
miles (not completed) / 1000 total annual plan miles = 12.5% failed to complete.

The ability to modify the work plan allows the Transmission Owner to change priorities or treatment methodologies during the year
as conditions or situations dictate. For example recent line inspections may identify unanticipated high priority work, weather
conditions (drought) could make herbicide application ineffective during the plan year, or a major storm could require redirecting
local resources away from planned maintenance. This situation may also include complying with mutual assistance agreements by
moving resources off the Transmission Owners system to work on another system. Any of these examples could result in
acceptable deferrals or additions to the annual work plan provided that they do not put the transmission system at risk of a
vegetation encroachment.

In general, the vegetation management maintenance approach should use the full extent of the Transmission Owners easement,
fee simple and other legal rights allowed. A comprehensive approach that exercises the full extent of legal rights on the ROW is
superior to incremental management because in the long term it reduces the overall potential for encroachments, and it ensures
that future planned work and future planned inspection cycles are sufficient.


25
When developing the annual work plan the Transmission Owner should allow time for procedural requirements to obtain permits to
work on federal, state, provincial, public, tribal lands. In some cases the lead time for obtaining permits may necessitate preparing
work plans more than a year prior to work start dates. Transmission Owners may also need to consider those special landowner
requirements as documented in easement instruments.

This requirement sets the expectation that the work identified in the annual work plan will be completed as planned. Therefore,
deferrals or relevant changes to the annual plan shall be documented. Depending on the planning and documentation format used
by the Transmission Owner, evidence of successful annual work plan execution could consist of signed-off work orders, signed
contracts, printouts from work management systems, spreadsheets of planned versus completed work, timesheets, work inspection
reports, or paid invoices. Other evidence may include photographs, and walk-through reports.


26

FAC-003 TABLE 2 Minimum Vegetation Clearance Distances (MVCD)
7
For Alternating Current Voltages (feet)

( AC )
Nominal
System
Voltage
(KV)
( AC )
Maximum
System
Voltage
(kV)
8
MVCD
(feet)

MVCD
(feet)
MVCD
feet

MVCD
feet

MVCD
feet

MVCD
feet

MVCD
feet

MVCD
feet

MVCD
feet
MVCD
feet
MVCD
feet
MVCD
feet

Over sea
level up
to 500 ft
Over 500
ft up to
1000 ft
Over 1000
ft up to
2000 ft
Over
2000 ft
up to
3000 ft
Over
3000 ft
up to
4000 ft
Over
4000 ft
up to
5000 ft
Over
5000 ft
up to
6000 ft
Over
6000 ft
up to
7000 ft
Over
7000 ft
up to
8000 ft
Over
8000 ft
up to
9000 ft
Over
9000 ft
up to
10000 ft
Over
10000 ft
up to
11000 ft

765 800 8.2ft 8.33ft 8.61ft 8.89ft 9.17ft 9.45ft 9.73ft 10.01ft 10.29ft 10.57ft 10.85ft 11.13ft
161* 169 2.05ft 2.09ft 2.19ft 2.28ft 2.38ft 2.48ft 2.58ft 2.69ft 2.8ft 2.91ft 3.03ft 3.14ft
Such lines are applicable to this standard only if PC has determined such per FAC-014
(refer to the Applicability Section above)

7
The distances in this Table are the minimums required to prevent Flash-over; however prudent vegetation maintenance practices dictate that substantially greater distances
will be achieved at time of vegetation maintenance.
8
Where applicable lines are operated at nominal voltages other than those listed, The Transmission Owner should use the maximum system voltage to determine the
appropriate clearance for that line.


27

TABLE 2 (CONT) Minimum Vegetation Clearance Distances (MVCD)
7

For Alternating Current Voltages (meters)

( AC )
Nominal
System
Voltage
(KV)
( AC )
Maximum
System
Voltage
(kV)
8

MVCD
meters
MVCD
meters
MVCD
meters
MVCD
meters
MVCD
meters
MVCD
meters
MVCD
meters
MVCD
meters
MVCD
meters
MVCD
meters
MVCD
meters
MVCD
meters

Over sea
level up
to 152.4
m
Over
152.4 m up
to 304.8 m
Over 304.8
m up to
609.6m
Over
609.6m up
to 914.4m
Over
914.4m up
to
1219.2m
Over
1219.2m
up to
1524m
Over 1524 m
up to 1828.8
m
Over
1828.8m
up to
2133.6m
Over
2133.6m
up to
2438.4m
Over
2438.4m up
to 2743.2m
Over
2743.2m up
to 3048m
Over
3048m up
to
3352.8m
765 800 2.49m 2.54m 2.62m 2.71m 2.80m 2.88m 2.97m 3.05m 3.14m 3.22m 3.31m 3.39m
500 550 1.57m 1.6m 1.66m 1.73m 1.79m 1.85m 1.91m 1.98m 2.04m 2.11m 2.17m 2.24m
345 362 0.97m 0.99m 1.03m 1.08m 1.12m 1.16m 1.21m 1.26m 1.30m 1.35m 1.40m 1.44m
287 302 1.18m 0.88m 1.26m 1.31m 1.36m 1.41m 1.46m 1.51m 1.57m 1.62m 1.68m 1.73m
230 242 0.92m 0.94m 0.98m 1.02m 1.06m 1.11m 1.15m 1.19m 1.24m 1.29m 1.33m 1.38m
161* 169 0.62m 0.64m 0.67m 0.69m 0.73m 0.76m 0.79m 0.82m 0.85m 0.89m 0.92m 0.96m
138* 145 0.53m 0.54m 0.57m 0.59m 0.62m 0.65m 0.67m 0.70m 0.73m 0.76m 0.79m 0.82m
115* 121 0.44m 0.45m 0.47m 0.49m 0.51m 0.53m 0.56m 0.58m 0.61m 0.63m 0.66m 0.69m
88* 100 0.36m 0.37m 0.38m 0.40m 0.42m 0.44m 0.46m 0.48m 0.50m 0.52m 0.54m 0.57m
69* 72 0.26m 0.26m 0.27m 0.29m 0.30m 0.31m 0.33m 0.34m 0.36m 0.37m 0.39m 0.41m
Such lines are applicable to this standard only if PC has determined such per FAC-014 (refer to the Applicability Section above)


28

TABLE 2 (CONT) Minimum Vegetation Clearance Distances (MVCD)
7

For Direct Current Voltages feet (meters)

( DC )
Nominal
Pole to
Ground
Voltage
(kV)
( DC )
Nominal
Pole to
Ground
Voltage
(kV)
( DC )
Nominal
Pole to
Ground
Voltage
(kV)
( DC )
Nominal
Pole to
Ground
Voltage
(kV)
( DC )
Nominal
Pole to
Ground
Voltage
(kV)
( DC )
Nominal
Pole to
Ground
Voltage
(kV)
( DC )
Nominal
Pole to
Ground
Voltage
(kV)
( DC )
Nominal
Pole to
Ground
Voltage
(kV)
( DC )
Nominal
Pole to
Ground
Voltage
(kV)
( DC )
Nominal
Pole to
Ground
Voltage
(kV)
( DC )
Nominal
Pole to
Ground
Voltage
(kV)
( DC )
Nominal
Pole to
Ground
Voltage
(kV)
( DC )
Nominal
Pole to
Ground
Voltage
(kV)

Over sea
level up to
500 ft
Over 500
ft up to
1000 ft
Over 1000
ft up to
2000 ft
Over 2000
ft up to
3000 ft
Over 3000
ft up to
4000 ft
Over 4000
ft up to
5000 ft
Over 5000
ft up to
6000 ft
Over 6000
ft up to
7000 ft
Over 7000
ft up to
8000 ft
Over 8000
ft up to
9000 ft
Over 9000
ft up to
10000 ft
Over 10000
ft up to
11000 ft

(Over sea
level up to
152.4 m)
(Over
152.4 m
up to
304.8 m
(Over
304.8 m
up to
609.6m)
(Over
609.6m up
to 914.4m
(Over
914.4m up
to
1219.2m
(Over
1219.2m
up to
1524m
(Over
1524 m up
to 1828.8
m)
(Over
1828.8m
up to
2133.6m)
(Over
2133.6m
up to
2438.4m)
(Over
2438.4m
up to
2743.2m)
(Over
2743.2m
up to
3048m)
(Over
3048m up
to
3352.8m)
750
14.12ft
(4.30m)
14.31ft
(4.36m)
14.70ft
(4.48m)
15.07ft
(4.59m)
15.45ft
(4.71m)
15.82ft
(4.82m)
16.2ft
(4.94m)
16.55ft
(5.04m)
16.91ft
(5.15m)
17.27ft
(5.26m)
17.62ft
(5.37m)
17.97ft
(5.48m)
600
10.23ft
(3.12m)
10.39ft
(3.17m)
10.74ft
(3.26m)
11.04ft
(3.36m)
11.35ft
(3.46m)
11.66ft
(3.55m)
11.98ft
(3.65m)
12.3ft
(3.75m)
12.62ft
(3.85m)
12.92ft
(3.94m)
13.24ft
(4.04m)
13.54ft
(4.13m)
500
8.03ft
(2.45m)
8.16ft
(2.49m)
8.44ft
(2.57m)
8.71ft
(2.65m)
8.99ft
(2.74m)
9.25ft
(2.82m)
9.55ft
(2.91m)
9.82ft
(2.99m)
10.1ft
(3.08m)
10.38ft
(3.16m)
10.65ft
(3.25m)
10.92ft
(3.33m)
400
6.07ft
(1.85m)
6.18ft
(1.88m)
6.41ft
(1.95m)
6.63ft
(2.02m)
6.86ft
(2.09m)
7.09ft
(2.16m)
7.33ft
(2.23m)
7.56ft
(2.30m)
7.80ft
(2.38m)
8.03ft
(2.45m)
8.27ft
(2.52m)
8.51ft
(2.59m)
250
3.50ft
(1.07m)
3.57ft
(1.09m)
3.72ft
(1.13m)
3.87ft
(1.18m)
4.02ft
(1.23m)
4.18ft
(1.27m)
4.34ft
(1.32m)
4.5ft
(1.37m)
4.66ft
(1.42m)
4.83ft
(1.47m)
5.00ft
(1.52m)
5.17ft
(1.58m)

Notes:

The SDT determined that the use of IEEE 516-2003 in version 1 of FAC-003 was a misapplication. The SDT consulted specialists who
advised that the Gallet Equation would be a technically justified method. The explanation of why the Gallet approach is more
appropriate is explained in the paragraphs below.


29
The drafting team sought a method of establishing minimum clearance distances that uses realistic weather conditions and realistic
maximum transient over-voltages factors for in-service transmission lines.

The SDT considered several factors when looking at changes to the minimum vegetation to conductor distances in FAC-003-1:
avoid the problem associated with referring to tables in another standard (IEEE-516-2003)
transmission lines operate in non-laboratory environments (wet conditions)
transient over-voltage factors are lower for in-service transmission lines than for inadvertently re-energized transmission
lines with trapped charges.

FAC-003-1 uses the minimum air insulation distance (MAID) without tools formula provided in IEEE 516-2003 to determine the
minimum distance between a transmission line conductor and vegetation. The equations and methods provided in IEEE 516 were
developed by an IEEE Task Force in 1968 from test data provided by thirteen independent laboratories. The distances provided in
IEEE 516 Tables 5 and 7 are based on the withstand voltage of a dry rod-rod air gap, or in other words, dry laboratory conditions.
Consequently, the validity of using these distances in an outside environment application has been questioned.

FAC-003-01 allowed Transmission Owners to use either Table 5 or Table 7 to establish the minimum clearance distances. Table 7
could be used if the Transmission Owner knew the maximum transient over-voltage factor for its system. Otherwise, Table 5 would
have to be used. Table 5 represented minimum air insulation distances under the worst possible case for transient over-voltage
factors. These worst case transient over-voltage factors were as follows: 3.5 for voltages up to 362 kV phase to phase; 3.0 for 500 -
550 kV phase to phase; and 2.5 for 765 to 800 kV phase to phase. These worst case over-voltage factors were also a cause for
concern in this particular application of the distances.

In general, the worst case transient over-voltages occur on a transmission line that is inadvertently re-energized immediately after
the line is de-energized and a trapped charge is still present. The intent of FAC-003 is to keep a transmission line that is in service
from becoming de-energized (i.e. tripped out) due to spark-over from the line conductor to nearby vegetation. Thus, the worst case
transient overvoltage assumptions are not appropriate for this application. Rather, the appropriate over voltage values are those
that occur only while the line is energized.

Typical values of transient over-voltages of in-service lines, as such, are not readily available in the literature because they are
negligible compared with the maximums. A conservative value for the maximum transient over-voltage that can occur anywhere
along the length of an in-service ac line is approximately 2.0 per unit. This value is a conservative estimate of the transient over-

30
voltage that is created at the point of application (e.g. a substation) by switching a capacitor bank without pre-insertion devices (e.g.
closing resistors). At voltage levels where capacitor banks are not very common (e.g. Maximum System Voltage of 362 kV), the
maximum transient over-voltage of an in-service ac line are created by fault initiation on adjacent ac lines and shunt reactor bank
switching. These transient voltages are usually 1.5 per unit or less.

Even though these transient over-voltages will not be experienced at locations remote from the bus at which they are created, in
order to be conservative, it is assumed that all nearby ac lines are subjected to this same level of over-voltage. Thus, a maximum
transient over-voltage factor of 2.0 per unit for transmission lines operated at 302 kV and below is considered to be a realistic
maximum in this application. Likewise, for ac transmission lines operated at Maximum System Voltages of 362 kV and above a
transient over-voltage factor of 1.4 per unit is considered a realistic maximum.

The Gallet Equations are an accepted method for insulation coordination in tower design. These equations are used for computing
the required strike distances for proper transmission line insulation coordination. They were developed for both wet and dry
applications and can be used with any value of transient over-voltage factor. The Gallet Equation also can take into account various
air gap geometries. This approach was used to design the first 500 kV and 765 kV lines in North America.

If one compares the MAID using the IEEE 516-2003 Table 7 (table D.5 for English values) with the critical spark-over distances
computed using the Gallet wet equations, for each of the nominal voltage classes and identical transient over-voltage factors, the
Gallet equations yield a more conservative (larger) minimum distance value.

Distances calculated from either the IEEE 516 (dry) formulas or the Gallet wet formulas are not vastly different when the same
transient overvoltage factors are used; the wet equations will consistently produce slightly larger distances than the IEEE 516
equations when the same transient overvoltage is used. While the IEEE 516 equations were only developed for dry conditions the
Gallet equations have provisions to calculate spark-over distances for both wet and dry conditions.

While EPRI is currently trying to establish empirical data for spark-over distances to live vegetation, there are no spark-over formulas
currently derived expressly for vegetation to conductor minimum distances. Therefore the SDT chose a proven method that has
been used in other EHV applications. The Gallet equations relevance to wet conditions and the selection of a Transient Overvoltage
Factor that is consistent with the absence of trapped charges on an in-service transmission line make this methodology a better
choice.
The following table is an example of the comparison of distances derived from IEEE 516 and the Gallet equations.

31

Comparison of spark-over distances computed using Gallet wet equations vs.
IEEE 516-2003 MAID distances

Table 7
(Table D.5 for feet)
( AC ) ( AC ) Transient Clearance (ft.) IEEE 516-2003
Nom System Max System Over-voltage Gallet (wet) MAID (ft)
Voltage (kV) Voltage (kV) Factor (T) @ Alt. 3000 feet @ Alt. 3000 feet

765 800 2.0 14.36 13.95
500 550 2.4 11.0 10.07
345 362 3.0 8.55 7.47
230 242 3.0 5.28 4.2
115 121 3.0 2.46 2.1

Rationale:

During development of this standard, text boxes were embedded within the standard to explain the rationale for various parts of the
standard. Upon BOT approval, the text from the rationale text boxes was moved to this section.

Rationale for Applicability (section 4.2.4):
The areas excluded in 4.2.4 were excluded based on comments from industry for reasons summarized as follows: 1) There is a very
low risk from vegetation in this area. Based on an informal survey, no TOs reported such an event. 2) Substations, switchyards, and
stations have many inspection and maintenance activities that are necessary for reliability. Those existing process manage the
threat. As such, the formal steps in this standard are not well suited for this environment. 3) NERC has a project in place to address
at a later date the applicability of this standard to Generation Owners. 4) Specifically addressing the areas where the standard does
and does not apply makes the standard clearer.


32
Rationale for R1 and R2:
Lines with the highest significance to reliability are covered in R1; all other lines are covered in R2.

Rationale for the types of failure to manage vegetation which are listed in order of increasing degrees of severity in non-
compliant performance as it relates to a failure of a Transmission Owner's vegetation maintenance program:

1. This management failure is found by routine inspection or Fault event investigation, and is normally symptomatic of unusual
conditions in an otherwise sound program.

2. This management failure occurs when the height and location of a side tree within the ROW is not adequately addressed by the
program.

3. This management failure occurs when side growth is not adequately addressed and may be indicative of an unsound program.

4. This management failure is usually indicative of a program that is not addressing the most fundamental dynamic of vegetation
management, (i.e. a grow-in under the line). If this type of failure is pervasive on multiple lines, it provides a mechanism for a
Cascade.

Rationale for R3:
The documentation provides a basis for evaluating the competency of the Transmission Owners vegetation program. There may be
many acceptable approaches to maintain clearances. Any approach must demonstrate that the Transmission Owner avoids
vegetation-to-wire conflicts under all Ratings and all Rated Electrical Operating Conditions. See Figure 1 for an illustration of possible
conductor locations.

Rationale for R4:
This is to ensure expeditious communication between the Transmission Owner and the control center when a critical situation is
confirmed.

Rationale for R5:
Legal actions and other events may occur which result in constraints that prevent the Transmission Owner from performing planned
vegetation maintenance work.

33
In cases where the transmission line is put at potential risk due to constraints, the intent is for the Transmission Owner to put
interim measures in place, rather than do nothing.
The corrective action process is not intended to address situations where a planned work methodology cannot be performed but an
alternate work methodology can be used.

Rationale for R6:
Inspections are used by Transmission Owners to assess the condition of the entire ROW. The information from the assessment can
be used to determine risk, determine future work and evaluate recently-completed work. This requirement sets a minimum
Vegetation Inspection frequency of once per calendar year but with no more than 18 months between inspections on the same
ROW. Based upon average growth rates across North America and on common utility practice, this minimum frequency is
reasonable. Transmission Owners should consider local and environmental factors that could warrant more frequent inspections.

Rationale for R7:
This requirement sets the expectation that the work identified in the annual work plan will be completed as planned. It allows
modifications to the planned work for changing conditions, taking into consideration anticipated growth of vegetation and all other
environmental factors, provided that those modifications do not put the transmission system at risk of a vegetation encroachment.


34

Version History

1 TBA 1. Added Standard Development
Roadmap.
2. Changed 60 to Sixty in section A,
5.2.
3. Added Proposed Effective Date:
April 7, 2006 to footer.
4. Added Draft 3: November 17, 2005
to footer.
01/20/06
1 April 4, 2007 Regulatory Approval - Effective Date New
2 November 3,
2011
Adopted by the NERC Board of Trustees
2 March 21,
2013
FERC Order issued approving FAC-003-2
2 May 9, 2013 Board of Trustees adopted the
modification of the VRF for Requirement
R2 of FAC-003-2 by raising the VRF from
Medium to High.

Page 1 of 32

Effective Dates

There are two effective dates associated with this standard.

The first effective date allows Generator Owners time to develop documented maintenance strategies or procedures or processes or
specifications as outlined in Requirement R3.

In those jurisdictions where regulatory approval is required, Requirement R3 applied to the Generator Owner becomes
effective on the first calendar day of the first calendar quarter one year after the date of the order approving the standard from
applicable regulatory authorities where such explicit approval for all requirements is required. In those jurisdictions where no
regulatory approval is required, Requirement R3 becomes effective on the first day of the first calendar quarter one year following
Board of Trustees adoption or as otherwise made effective pursuant to the laws applicable to such ERO governmental authorities.

The second effective date allows entities time to comply with Requirements R1, R2, R4, R5, R6, and R7.

In those jurisdictions where regulatory approval is required, Requirements R1, R2, R4, R5, R6, and R7 applied to the
Generator Owner become effective on the first calendar day of the first calendar quarter two years after the date of the order
approving the standard from applicable regulatory authorities where such explicit approval for all requirements is required. In
those jurisdictions where no regulatory approval is required, Requirements R1, R2, R4, R5, R6, and R7 become effective on the
first day of the first calendar quarter two years following Board of Trustees adoption or as otherwise made effective pursuant to the
laws applicable to such ERO governmental authorities.

Effective dates for individual lines when they undergo specific transition cases:

1. A line operated below 200kV, designated by the Planning Coordinator as an element of an Interconnection Reliability
Operating Limit (IROL) or designated by the Western Electricity Coordinating Council (WECC) as an element of a Major
WECC Transfer Path, becomes subject to this standard the latter of: 1) 12 months after the date the Planning Coordinator or
WECC initially designates the line as being an element of an IROL or an element of a Major WECC Transfer Path, or 2)
January 1 of the planning year when the line is forecast to become an element of an IROL or an element of a Major WECC
Transfer Path.

2. A line operated below 200 kV currently subject to this standard as a designated element of an IROL or a Major WECC
Transfer Path which has a specified date for the removal of such designation will no longer be subject to this standard effective
on that specified date.
Page 2 of 32

3. A line operated at 200 kV or above, currently subject to this standard which is a designated element of an IROL or a Major
WECC Transfer Path and which has a specified date for the removal of such designation will be subject to Requirement R2
and no longer be subject to Requirement R1 effective on that specified date.

4. An existing transmission line operated at 200kV or higher which is newly acquired by an asset owner and which was not
previously subject to this standard becomes subject to this standard 12 months after the acquisition date.

5. An existing transmission line operated below 200kV which is newly acquired by an asset owner and which was not previously
subject to this standard becomes subject to this standard 12 months after the acquisition date of the line if at the time of
acquisition the line is designated by the Planning Coordinator as an element of an IROL or by WECC as an element of a Major
WECC Transfer Path.

Page 3 of 32

A. Introduction
1. Title: Transmission Vegetation Management


3. Purpose: To maintain a reliable electric transmission system by using a defense-in-
depth strategy to manage vegetation located on transmission rights of way
(ROW) and minimize encroachments from vegetation located adjacent to
the ROW, thus preventing the risk of those vegetation-related outages that
could lead to Cascading.

4. Applicability
4.1.1. Applicable Transmission Owners
4.1.1.1 Transmission Owners that own Transmission Facilities defined in 4.2.
4.1.2 Applicable Generator Owners
4.1.2.1 Generator Owners that own generation Facilities defined in 4.3
4.2. Transmission Facilities: Defined below (referred to as applicable lines),
including but not limited to those that cross lands owned by federal
1
4.2. 1 Each overhead transmission line operated at 200kV or higher.
, state,
provincial, public, private, or tribal entities:
4.2.2 Each overhead transmission line operated below 200kV identified as an element
of an IROL under NERC Standard FAC-014 by the Planning Coordinator.
4.2.3 Each overhead transmission line operated below 200 kV identified as an
element of a Major WECC Transfer Path in the Bulk Electric System by WECC.
4.2.4 Each overhead transmission line identified above (4.2.1 through 4.2.3) located
outside the fenced area of the switchyard, station or substation and any portion of the
span of the transmission line that is crossing the substation fence.
4.3. Generation Facilities: Defined below (referred to as applicable lines),
including but not limited to those that cross lands owned by federal
2
4.3.1 Overhead transmission lines that (1) extend greater than one mile or 1.609
kilometers beyond the fenced area of the generating station switchyard to the point of
interconnection with a Transmission Owners Facility or (2) do not have a clear line
, state,
provincial, public, private, or tribal entities:

1
EPAct 2005 section 1211c: Access approvals by Federal agencies.
2
Id.
Page 4 of 32

of sight
3
4.3.1.1 Operated at 200kV or higher; or
from the generating station switchyard fence to the point of interconnection
with a Transmission Owners Facility and are:
4.3.1.2 Operated below 200kV identified as an element of an IROL under NERC
Standard FAC-014 by the Planning Coordinator; or
4.3.1.3 Operated below 200 kV identified as an element of a Major WECC Transfer
Path in the Bulk Electric System by WECC.
Enforcement:

The Requirements within a Reliability Standard govern and will be enforced. The Requirements
within a Reliability Standard define what an entity must do to be compliant and binds an entity to
certain obligations of performance under Section 215 of the Federal Power Act. Compliance
will in all cases be measured by determining whether a party met or failed to meet the Reliability
Standard Requirement given the specific facts and circumstances of its use, ownership or
operation of the bulk power system.

Measures provide guidance on assessing non-compliance with the Requirements. Measures are
the evidence that could be presented to demonstrate compliance with a Reliability Standard
Requirement and are not intended to contain the quantitative metrics for determining satisfactory
performance nor to limit how an entity may demonstrate compliance if valid alternatives to
demonstrating compliance are available in a specific case. A Reliability Standard may be
enforced in the absence of specified Measures.

Entities must comply with the Compliance section in its entirety, including the Administrative
Procedure that sets forth, among other things, reporting requirements.

The Guideline and Technical Basis section, the Background section and text boxes with
Examples and Rationale are provided for informational purposes. They are designed to
convey guidance from NERCs various activities. The Guideline and Technical Basis section
and text boxes with Examples and Rationale are not intended to establish new Requirements
under NERCs Reliability Standards or to modify the Requirements in any existing NERC
Reliability Standard. Implementation of the Guideline and Technical Basis section, the
Background section and text boxes with Examples and Rationale is not a substitute for
compliance with Requirements in NERCs Reliability Standards.
5. Background:
This standard uses three types of requirements to provide layers of protection to
prevent vegetation related outages that could lead to Cascading:

3
Clear line of sight means the distance that can be seen by the average person without special instrumentation
(e.g., binoculars, telescope, spyglasses, etc.) on a clear day.
Page 5 of 32

a) Performance-based defines a particular reliability objective or outcome to be
achieved. In its simplest form, a results-based requirement has four components:
who, under what conditions (if any), shall perform what action, to achieve what
particular bulk power system performance result or outcome?
b) Risk-based preventive requirements to reduce the risks of failure to acceptable
tolerance levels. A risk-based reliability requirement should be framed as: who,
under what conditions (if any), shall perform what action, to achieve what particular
result or outcome that reduces a stated risk to the reliability of the bulk power
system?
c) Competency-based defines a minimum set of capabilities an entity needs to
have to demonstrate it is able to perform its designated reliability functions. A
competency-based reliability requirement should be framed as: who, under what
conditions (if any), shall have what capability, to achieve what particular result or
outcome to perform an action to achieve a result or outcome or to reduce a risk to the
reliability of the bulk power system?
The defense-in-depth strategy for reliability standards development recognizes that
each requirement in a NERC reliability standard has a role in preventing system
failures, and that these roles are complementary and reinforcing. Reliability
standards should not be viewed as a body of unrelated requirements, but rather should
be viewed as part of a portfolio of requirements designed to achieve an overall
defense-in-depth strategy and comport with the quality objectives of a reliability
standard.
This standard uses a defense-in-depth approach to improve the reliability of the electric
Transmission system by:
Requiring that vegetation be managed to prevent vegetation encroachment inside
the flash-over clearance (R1 and R2);
Requiring documentation of the maintenance strategies, procedures, processes and
specifications used to manage vegetation to prevent potential flash-over
conditions including consideration of 1) conductor dynamics and 2) the
interrelationships between vegetation growth rates, control methods and the
inspection frequency (R3);
Requiring timely notification to the appropriate control center of vegetation
conditions that could cause a flash-over at any moment (R4);
Requiring corrective actions to ensure that flash-over distances will not be
violated due to work constrains such as legal injunctions (R5);
Requiring inspections of vegetation conditions to be performed annually (R6);
and
Requiring that the annual work needed to prevent flash-over is completed (R7).
For this standard, the requirements have been developed as follows:
Performance-based: Requirements 1 and 2
Competency-based: Requirement 3
Page 6 of 32

Risk-based: Requirements 4, 5, 6 and 7
R3 serves as the first line of defense by ensuring that entities understand the problem
they are trying to manage and have fully developed strategies and plans to manage the
problem. R1, R2, and R7 serve as the second line of defense by requiring that entities
carry out their plans and manage vegetation. R6, which requires inspections, may be
either a part of the first line of defense (as input into the strategies and plans) or as a
third line of defense (as a check of the first and second lines of defense). R4 serves as
the final line of defense, as it addresses cases in which all the other lines of defense
have failed.
Major outages and operational problems have resulted from interference between
overgrown vegetation and transmission lines located on many types of lands and
ownership situations. Adherence to the standard requirements for applicable lines on
any kind of land or easement, whether they are Federal Lands, state or provincial
lands, public or private lands, franchises, easements or lands owned in fee, will
reduce and manage this risk. For the purpose of the standard the term public lands
includes municipal lands, village lands, city lands, and a host of other governmental
entities.
This standard addresses vegetation management along applicable overhead lines and
does not apply to underground lines, submarine lines or to line sections inside an
electric station boundary.
This standard focuses on transmission lines to prevent those vegetation related
outages that could lead to Cascading. It is not intended to prevent customer outages
due to tree contact with lower voltage distribution system lines. For example,
localized customer service might be disrupted if vegetation were to make contact with
a 69kV transmission line supplying power to a 12kV distribution station. However,
this standard is not written to address such isolated situations which have little impact
on the overall electric transmission system.
Since vegetation growth is constant and always present, unmanaged vegetation poses
an increased outage risk, especially when numerous transmission lines are operating
at or near their Rating. This can present a significant risk of consecutive line failures
when lines are experiencing large sags thereby leading to Cascading. Once the first
line fails the shift of the current to the other lines and/or the increasing system loads
will lead to the second and subsequent line failures as contact to the vegetation under
those lines occurs. Conversely, most other outage causes (such as trees falling into
lines, lightning, animals, motor vehicles, etc.) are not an interrelated function of the
shift of currents or the increasing system loading. These events are not any more
likely to occur during heavy system loads than any other time. There is no cause-
effect relationship which creates the probability of simultaneous occurrence of other
such events. Therefore these types of events are highly unlikely to cause large-scale
grid failures. Thus, this standard places the highest priority on the management of
vegetation to prevent vegetation grow-ins.
Page 7 of 32


R1. Each applicable Transmission Owner and applicable Generator Owner shall manage
vegetation to prevent encroachments into the MVCD of its applicable line(s) which are
either an element of an IROL, or an element of a Major WECC Transfer Path;
operating within their Rating and all Rated Electrical Operating Conditions of the types
shown below
4
1. An encroachment into the MVCD as shown in FAC-003-Table 2, observed in
Real-time, absent a Sustained Outage,
[Violation Risk Factor: High] [Time Horizon: Real-time]:
5

6
3. An encroachment due to the blowing together of applicable lines and vegetation
located inside the ROW that caused a vegetation-related Sustained Outage

7
4. An encroachment due to vegetation growth into the MVCD that caused a
vegetation-related Sustained Outage.
,
8

M1. Each applicable Transmission Owner and applicable Generator Owner has evidence
that it managed vegetation to prevent encroachment into the MVCD as described in R1.
Examples of acceptable forms of evidence may include dated attestations, dated reports
containing no Sustained Outages associated with encroachment types 2 through 4
above, or records confirming no Real-time observations of any MVCD encroachments.
(R1)

R2. Each applicable Transmission Owner and applicable Generator Owner shall manage
vegetation to prevent encroachments into the MVCD of its applicable line(s) which are
not either an element of an IROL, or an element of a Major WECC Transfer Path;
operating within its Rating and all Rated Electrical Operating Conditions of the types
shown below
9
1. An encroachment into the MVCD, observed in Real-time, absent a Sustained
Outage,
[Violation Risk Factor: Medium] [Time Horizon: Real-time]:
10

4
This requirement does not apply to circumstances that are beyond the control of an applicable Transmission Owner
or applicable Generator Owner subject to this reliability standard, including natural disasters such as earthquakes,
fires, tornados, hurricanes, landslides, wind shear, fresh gale, major storms as defined either by the applicable
Transmission Owner or applicable Generator Owner or an applicable regulatory body, ice storms, and floods; human
or animal activity such as logging, animal severing tree, vehicle contact with tree, or installation, removal, or
digging of vegetation. Nothing in this footnote should be construed to limit the Transmission Owners or applicable
Generator Owners right to exercise its full legal rights on the ROW.

5
If a later confirmation of a Fault by the applicable Transmission Owner or applicable Generator Owner shows that
a vegetation encroachment within the MVCD has occurred from vegetation within the ROW, this shall be
considered the equivalent of a Real-time observation.
6
Multiple Sustained Outages on an individual line, if caused by the same vegetation, will be reported as one outage
regardless of the actual number of outages within a 24-hour period.
7
Id.
8
Id.
9
See footnote 4.
10
See footnote 5.
Page 8 of 32

11
3. An encroachment due to blowing together of applicable lines and vegetation located
inside the ROW that caused a vegetation-related Sustained Outage,

12
4. An encroachment due to vegetation growth into the line MVCD that caused a
vegetation-related Sustained Outage

13

that it managed vegetation to prevent encroachment into the MVCD as described in R2.
Examples of acceptable forms of evidence may include dated attestations, dated reports
containing no Sustained Outages associated with encroachment types 2 through 4
above, or records confirming no Real-time observations of any MVCD encroachments.
(R2)

R3. Each applicable Transmission Owner and applicable Generator
Owner shall have documented maintenance strategies or procedures
or processes or specifications it uses to prevent the encroachment of
vegetation into the MVCD of its applicable lines that accounts for
the following:
3.1 Movement of applicable line conductors under their Rating and
all Rated Electrical Operating Conditions;
3.2 Inter-relationships between vegetation growth rates, vegetation
control methods, and inspection frequency.
[Violation Risk Factor: Lower] [Time Horizon: Long Term
Planning]

M3. The maintenance strategies or procedures or processes or specifications provided
demonstrate that the applicable Transmission Owner and applicable Generator Owner
can prevent encroachment into the MVCD considering the factors identified in the
requirement. (R3)

R4. Each applicable Transmission Owner and applicable Generator Owner, without any
intentional time delay, shall notify the control center holding switching authority for the
associated applicable line when the applicable Transmission Owner and applicable
Generator Owner has confirmed the existence of a vegetation condition that is likely to
cause a Fault at any moment [Violation Risk Factor: Medium] [Time Horizon: Real-
time].

M4. Each applicable Transmission Owner and applicable Generator Owner that has a
confirmed vegetation condition likely to cause a Fault at any moment will have
evidence that it notified the control center holding switching authority for the
associated transmission line without any intentional time delay. Examples of evidence

11
See footnote 6.
12
Id.
13
Id.
Page 9 of 32

may include control center logs, voice recordings, switching orders, clearance orders
and subsequent work orders. (R4)

R5. When a applicable Transmission Owner and applicable Generator Owner is constrained
from performing vegetation work on an applicable line operating within its Rating and
all Rated Electrical Operating Conditions, and the constraint may lead to a vegetation
encroachment into the MVCD prior to the implementation of the next annual work
plan, then the applicable Transmission Owner or applicable Generator Owner shall take
corrective action to ensure continued vegetation management to prevent encroachments
[Violation Risk Factor: Medium] [Time Horizon: Operations Planning].

M5. Each applicable Transmission Owner and applicable Generator Owner has evidence of
the corrective action taken for each constraint where an applicable transmission line
was put at potential risk. Examples of acceptable forms of evidence may include
initially-planned work orders, documentation of constraints from landowners, court
orders, inspection records of increased monitoring, documentation of the de-rating of
lines, revised work orders, invoices, or evidence that the line was de-energized. (R5)

R6. Each applicable Transmission Owner and applicable Generator Owner shall perform a
Vegetation Inspection of 100% of its applicable transmission lines (measured in units
of choice - circuit, pole line, line miles or kilometers, etc.) at least once per calendar
year and with no more than 18 calendar months between inspections on the same
ROW
14

[Violation Risk Factor: Medium] [Time Horizon: Operations Planning].
that it conducted Vegetation Inspections of the transmission line ROW for all
applicable lines at least once per calendar year but with no more than 18 calendar
months between inspections on the same ROW. Examples of acceptable forms of
evidence may include completed and dated work orders, dated invoices, or dated
inspection records. (R6)

R7. Each applicable Transmission Owner and applicable Generator Owner shall complete
100% of its annual vegetation work plan of applicable lines to ensure no vegetation
encroachments occur within the MVCD. Modifications to the work plan in response to
changing conditions or to findings from vegetation inspections may be made (provided
they do not allow encroachment of vegetation into the MVCD) and must be
documented. The percent completed calculation is based on the number of units
actually completed divided by the number of units in the final amended plan (measured
in units of choice - circuit, pole line, line miles or kilometers, etc.) Examples of reasons
for modification to annual plan may include [Violation Risk Factor: Medium] [Time
Horizon: Operations Planning]:

14
When the applicable Transmission Owner or applicable Generator Owner is prevented from performing a
Vegetation Inspection within the timeframe in R6 due to a natural disaster, the TO or GO is granted a time extension
that is equivalent to the duration of the time the TO or GO was prevented from performing the Vegetation
Inspection.
Page 10 of 32

Change in expected growth rate/ environmental factors
Circumstances that are beyond the control of an applicable Transmission Owner or
applicable Generator Owner
15
Rescheduling work between growing seasons

Crew or contractor availability/ Mutual assistance agreements
Identified unanticipated high priority work
Weather conditions/Accessibility
Permitting delays
Land ownership changes/Change in land use by the landowner
Emerging technologies

that it completed its annual vegetation work plan for its applicable lines. Examples of
acceptable forms of evidence may include a copy of the completed annual work plan
(as finally modified), dated work orders, dated invoices, or dated inspection records.
(R7)

C. Compliance
The Regional Entity shall serve as the Compliance Enforcement Authority unless the
applicable entity is owned, operated, or controlled by the Regional Entity. In such
cases the ERO or a Regional entity approved by FERC or other applicable
governmental authority shall serve as the CEA.
For NERC, a third-party monitor without vested interest in the outcome for
NERC shall serve as the Compliance Enforcement Authority.
the last audit.
The applicable Transmission Owner and applicable Generator Owner retains data
or evidence to show compliance with Requirements R1, R2, R3, R5, R6 and R7,
Measures M1, M2, M3, M5, M6 and M7 for three calendar years unless directed
by its Compliance Enforcement Authority to retain specific evidence for a longer

15
Circumstances that are beyond the control of an applicable Transmission Owner or applicable Generator Owner
include but are not limited to natural disasters such as earthquakes, fires, tornados, hurricanes, landslides, ice storms,
floods, or major storms as defined either by the TO or GO or an applicable regulatory body.
Page 11 of 32

The applicable Transmission Owner and applicable Generator Owner retains data
or evidence to show compliance with Requirement R4, Measure M4 for most
recent 12 months of operator logs or most recent 3 months of voice recordings or
transcripts of voice recordings, unless directed by its Compliance Enforcement
investigation.
If a applicable Transmission Owner or applicable Generator Owner is found non-
compliant or for the time period specified above, whichever is longer.
Compliance Audit
Self-Certification
Spot Checking
Self-Reporting
Complaint
Periodic Data Submittal

Periodic Data Submittal: The applicable Transmission Owner and applicable
Generator Owner will submit a quarterly report to its Regional Entity, or the
Regional Entitys designee, identifying all Sustained Outages of applicable lines
operated within their Rating and all Rated Electrical Operating Conditions as
determined by the applicable Transmission Owner or applicable Generator Owner
to have been caused by vegetation, except as excluded in footnote 2, and
including as a minimum the following:
o The name of the circuit(s), the date, time and duration of the outage;
the voltage of the circuit; a description of the cause of the outage; the
category associated with the Sustained Outage; other pertinent
comments; and any countermeasures taken by the applicable
Transmission Owner or applicable Generator Owner.
A Sustained Outage is to be categorized as one of the following:
o Category 1A Grow-ins: Sustained Outages caused by vegetation
growing into applicable lines, that are identified as an element of an
Page 12 of 32

outside of the ROW;
o Category 1B Grow-ins: Sustained Outages caused by vegetation
growing into applicable lines, but are not identified as an element of an
outside of the ROW;
o Category 2A Fall-ins: Sustained Outages caused by vegetation
falling into applicable lines that are identified as an element of an
o Category 2B Fall-ins: Sustained Outages caused by vegetation
falling into applicable lines, but are not identified as an element of an
o Category 3 Fall-ins: Sustained Outages caused by vegetation falling
into applicable lines from outside the ROW;
o Category 4A Blowing together: Sustained Outages caused by
vegetation and applicable lines that are identified as an element of an
IROL or Major WECC Transfer Path, blowing together from within
the ROW.
o Category 4B Blowing together: Sustained Outages caused by
vegetation and applicable lines, but are not identified as an element of
an IROL or Major WECC Transfer Path, blowing together from within
the ROW.
The Regional Entity will report the outage information provided by applicable
Transmission Owners and applicable Generator Owners, as per the above,
quarterly to NERC, as well as any actions taken by the Regional Entity as a result
of any of the reported Sustained Outages.
Page 13 of 32


R# Time
Horizon
R1 Real-time High
The responsible entity failed to
manage vegetation to prevent
of a line identified as an
of a line identified as an
the following:
ROW
Blowing together of
ROW
A grow-in
R2 Real-time Medium
of a line not identified as an
of a line not identified as an
the following:
Page 14 of 32

ROW
Blowing together of
ROW
A grow-in
R3
Long-Term
Planning
Lower
The responsible entity has
inter-relationships between
vegetation growth rates,
vegetation control methods,
and inspection frequency, for
the responsible entitys
applicable lines. (Requirement
R3, Part 3.2)
movement of transmission line
conductors under their Rating
and all Rated Electrical
Operating Conditions, for the
responsible entitys applicable
lines. Requirement R3, Part
3.1)
The responsible entity does not
have any maintenance
strategies or documented
procedures or processes or
specifications used to prevent
the encroachment of vegetation
into the MVCD, for the
responsible entitys applicable
lines.
R4 Real-time Medium
vegetation threat and notified
the control center holding
switching authority for that
applicable line, but there was
intentional delay in that
notification.
vegetation threat and did not
notify the control center
holding switching authority for
that applicable line.
R5
Operations
Planning
Medium
take corrective action when it
was constrained from
performing planned vegetation
work where an applicable line
was put at potential risk.
R6
Operations
Medium The responsible entity The responsible entity failed The responsible entity failed to The responsible entity failed to
Page 15 of 32

Planning failed to inspect 5% or less
of its applicable lines
(measured in units of
choice - circuit, pole line,
line miles or kilometers,
etc.)
to inspect more than 5% up to
and including 10% of its
etc.).
inspect more than 10% up to
and including 15% of its
etc.).
inspect more than 15% of its
etc.).
R7
Operations
Planning
Medium
failed to complete 5% or
less of its annual
vegetation work plan for
its applicable lines (as
finally modified).
The responsible entity failed
to complete more than 5% and
up to and including 10% of its
annual vegetation work plan
finally modified).
complete more than 10% and
up to and including 15% of its
annual vegetation work plan
finally modified).
complete more than 15% of its
annual vegetation work plan for
its applicable lines (as finally
modified).

None.

E. Interpretations
None.

F. As s ociated Documents
Guideline and Technical Basis (attached).

Page 16 of 32

G Gu ui id de el li in ne e a an nd d T Te ec ch hn ni ic ca al l B Ba as si is s

Effective dates:

The first two sentences of the Effective Dates section is standard language used in most NERC
standards to cover the general effective date and is sufficient to cover the vast majority of
situations. Five special cases are needed to cover effective dates for individual lines which
undergo transitions after the general effective date. These special cases cover the effective dates
for those lines which are initially becoming subject to the standard, those lines which are
changing their applicability within the standard, and those lines which are changing in a manner
that removes their applicability to the standard.

Case 1 is needed because the Planning Coordinators may designate lines below 200 kV to
become elements of an IROL or Major WECC Transfer Path in a future Planning Year (PY).
For example, studies by the Planning Coordinator in 2011 may identify a line to have that
designation beginning in PY 2021, ten years after the planning study is performed. It is not
intended for the Standard to be immediately applicable to, or in effect for, that line until that
future PY begins. The effective date provision for such lines ensures that the line will become
subject to the standard on January 1 of the PY specified with an allowance of at least 12 months
for the applicable Transmission Owner or applicable Generator Owner to make the necessary
preparations to achieve compliance on that line. The table below has some explanatory
examples of the application.

Date that Planning
Study is
completed
PY the line
will become
an IROL
element Date 1 Date 2
Effective Date
The latter of Date 1
or Date 2
05/15/2011 2012 05/15/2012 01/01/2012 05/15/2012
05/15/2011 2013 05/15/2012 01/01/2013 01/01/2013
05/15/2011 2014 05/15/2012 01/01/2014 01/01/2014
05/15/2011 2021 05/15/2012 01/01/2021 01/01/2021

Case 2 is needed because a line operating below 200kV designated as an element of an IROL or
Major WECC Transfer Path may be removed from that designation due to system improvements,
changes in generation, changes in loads or changes in studies and analysis of the network.

Case 3 is needed because a line operating at 200 kV or above that once was designated as an
element of an IROL or Major WECC Transfer Path may be removed from that designation due
to system improvements, changes in generation, changes in loads or changes in studies and
analysis of the network. Such changes result in the need to apply R1 to that line until that date is
reached and then to apply R2 to that line thereafter.

Case 4 is needed because an existing line that is to be operated at 200 kV or above can be
acquired by an applicable Transmission Owner or applicable Generator Owner from a third party
Page 17 of 32

such as a Distribution Provider or other end-user who was using the line solely for local
distribution purposes, but the applicable Transmission Owner or applicable Generator Owner,
upon acquisition, is incorporating the line into the interconnected electrical energy transmission
network which will thereafter make the line subject to the standard.

Case 5 is needed because an existing line that is operated below 200 kV can be acquired by an
applicable Transmission Owner or applicable Generator Owner from a third party such as a
Distribution Provider or other end-user who was using the line solely for local distribution
purposes, but the applicable Transmission Owner or applicable Generator Owner, upon
acquisition, is incorporating the line into the interconnected electrical energy transmission
network. In this special case the line upon acquisition was designated as an element of an
Interconnection Reliability Operating Limit (IROL) or an element of a Major WECC Transfer
Path.

Defined Terms:

Explanation for revising the definition of ROW:
The current NERC glossary definition of Right of Way has been modified to include Generator
Owners and to address the matter set forth in Paragraph 734 of FERC Order 693. The Order
pointed out that Transmission Owners may in some cases own more property or rights than are
needed to reliably operate transmission lines. This modified definition represents a slight but
significant departure from the strict legal definition of right of way in that this definition is based
on engineering and construction considerations that establish the width of a corridor from a
technical basis. The pre-2007 maintenance records are included in the revised definition to allow
the use of such vegetation widths if there were no engineering or construction standards that
referenced the width of right of way to be maintained for vegetation on a particular line but the
evidence exists in maintenance records for a width that was in fact maintained prior to this
standard becoming mandatory. Such widths may be the only information available for lines that
had limited or no vegetation easement rights and were typically maintained primarily to ensure
public safety. This standard does not require additional easement rights to be purchased to satisfy a
minimum right of way width that did not exist prior to this standard becoming mandatory.

The Project 2010-07 team further modified that proposed definition to include applicable
Generator Owners.

Explanation for revising the definition of Vegetation Inspections:

The current glossary definition of this NERC term is being modified to include Generator Owners
and to allow both maintenance inspections and vegetation inspections to be performed
concurrently. This allows potential efficiencies, especially for those lines with minimal vegetation
and/or slow vegetation growth rates.

The Project 2010-07 team further modified that proposed definition to include applicable
Generator Owners.
Page 18 of 32

Explanation of the definition of the MVCD:

The MVCD is a calculated minimum distance that is derived from the Gallet Equations. This is a
method of calculating a flash over distance that has been used in the design of high voltage
transmission lines. Keeping vegetation away from high voltage conductors by this distance will
prevent voltage flash-over to the vegetation. See the explanatory text below for Requirement R3
and associated Figure 1. Table 2 below provides MVCD values for various voltages and altitudes.
Details of the equations and an example calculation are provided in Appendix 1 of the Technical
Reference Document.

Requirements R1 and R2:
R1 and R2 are performance-based requirements. The reliability objective or outcome to be
achieved is the management of vegetation such that there are no vegetation encroachments within
a minimum distance of transmission lines. Content-wise, R1 and R2 are the same requirements;
however, they apply to different Facilities. Both R1 and R2 require each applicable Transmission
Owner or applicable Generator Owner to manage vegetation to prevent encroachment within the
MVCD of transmission lines. R1 is applicable to lines that are identified as an element of an IROL
or Major WECC Transfer Path. R2 is applicable to all other lines that are not elements of IROLs,
and not elements of Major WECC Transfer Paths.
The separation of applicability (between R1 and R2) recognizes that inadequate vegetation
management for an applicable line that is an element of an IROL or a Major WECC Transfer
Path is a greater risk to the interconnected electric transmission system than applicable lines that
are not elements of IROLs or Major WECC Transfer Paths. Applicable lines that are not
elements of IROLs or Major WECC Transfer Paths do require effective vegetation management,
but these lines are comparatively less operationally significant. As a reflection of this difference
in risk impact, the Violation Risk Factors (VRFs) are assigned as High for R1 and Medium for
R2.
Requirements R1 and R2 state that if inadequate vegetation management allows vegetation to
encroach within the MVCD distance as shown in Table 2, it is a violation of the standard. Table
2 distances are the minimum clearances that will prevent spark-over based on the Gallet
equations as described more fully in the Technical Reference document.
These requirements assume that transmission lines and their conductors are operating within
their Rating. If a line conductor is intentionally or inadvertently operated beyond its Rating and
Rated Electrical Operating Condition (potentially in violation of other standards), the occurrence
of a clearance encroachment may occur solely due to that condition. For example, emergency
actions taken by an applicable Transmission Owner or applicable Generator Owner or Reliability
Coordinator to protect an Interconnection may cause excessive sagging and an outage. Another
example would be ice loading beyond the lines Rating and Rated Electrical Operating
Condition. Such vegetation-related encroachments and outages are not violations of this
standard.
Evidence of failures to adequately manage vegetation include real-time observation of a
vegetation encroachment into the MVCD (absent a Sustained Outage), or a vegetation-related
encroachment resulting in a Sustained Outage due to a fall-in from inside the ROW, or a
Page 19 of 32

vegetation-related encroachment resulting in a Sustained Outage due to the blowing together of
the lines and vegetation located inside the ROW, or a vegetation-related encroachment resulting
in a Sustained Outage due to a grow-in. Faults which do not cause a Sustained outage and which
are confirmed to have been caused by vegetation encroachment within the MVCD are considered
the equivalent of a Real-time observation for violation severity levels.
With this approach, the VSLs for R1 and R2 are structured such that they directly correlate to the
severity of a failure of an applicable Transmission Owner or applicable Generator Owner to
manage vegetation and to the corresponding performance level of the Transmission Owners
vegetation programs ability to meet the objective of preventing the risk of those vegetation
related outages that could lead to Cascading. Thus violation severity increases with an
applicable Transmission Owners or applicable Generator Owners inability to meet this goal and
its potential of leading to a Cascading event. The additional benefits of such a combination are
that it simplifies the standard and clearly defines performance for compliance. A performance-
based requirement of this nature will promote high quality, cost effective vegetation management
programs that will deliver the overall end result of improved reliability to the system.
Multiple Sustained Outages on an individual line can be caused by the same vegetation. For
example initial investigations and corrective actions may not identify and remove the actual
outage cause then another outage occurs after the line is re-energized and previous high
conductor temperatures return. Such events are considered to be a single vegetation-related
Sustained Outage under the standard where the Sustained Outages occur within a 24 hour period.
The MVCD is a calculated minimum distance stated in feet (or meters) to prevent spark-over, for
various altitudes and operating voltages that is used in the design of Transmission Facilities.
Keeping vegetation from entering this space will prevent transmission outages.
If the applicable Transmission Owner or applicable Generator Owner has applicable lines
operated at nominal voltage levels not listed in Table 2, then the applicable TO or applicable GO
should use the next largest clearance distance based on the next highest nominal voltage in the
table to determine an acceptable distance.

Requirement R3:
R3 is a competency based requirement concerned with the maintenance strategies, procedures,
processes, or specifications, an applicable Transmission Owner or applicable Generator Owner
uses for vegetation management.

An adequate transmission vegetation management program formally establishes the approach the
applicable Transmission Owner or applicable Generator Owner uses to plan and perform
vegetation work to prevent transmission Sustained Outages and minimize risk to the transmission
system. The approach provides the basis for evaluating the intent, allocation of appropriate
resources, and the competency of the applicable Transmission Owner or applicable Generator
Owner in managing vegetation. There are many acceptable approaches to manage vegetation
and avoid Sustained Outages. However, the applicable Transmission Owner or applicable
Generator Owner must be able to show the documentation of its approach and how it conducts
work to maintain clearances.
An example of one approach commonly used by industry is ANSI Standard A300, part 7.
However, regardless of the approach a utility uses to manage vegetation, any approach an
Page 20 of 32

applicable Transmission Owner or applicable Generator Owner chooses to use will generally
contain the following elements:
1. the maintenance strategy used (such as minimum vegetation-to-conductor distance or
maximum vegetation height) to ensure that MVCD clearances are never violated.
2. the work methods that the applicable Transmission Owner or applicable Generator
Owner uses to control vegetation
3. a stated Vegetation Inspection frequency
4. an annual work plan

The conductors position in space at any point in time is continuously changing in reaction to a
number of different loading variables. Changes in vertical and horizontal conductor positioning
are the result of thermal and physical loads applied to the line. Thermal loading is a function of
line current and the combination of numerous variables influencing ambient heat dissipation
including wind velocity/direction, ambient air temperature and precipitation. Physical loading
applied to the conductor affects sag and sway by combining physical factors such as ice and
wind loading. The movement of the transmission line conductor and the MVCD is illustrated in
Figure 1 below. In the Technical Reference document more figures and explanations of
conductor dynamics are provided.

Figure 1

A cross-section view of a single conductor at a given point along the span is
shown with six possible conductor positions due to movement resulting from
thermal and mechanical loading.

Requirement R4:
R4 is a risk-based requirement. It focuses on preventative actions to be taken by the applicable
Transmission Owner or applicable Generator Owner for the mitigation of Fault risk when a
vegetation threat is confirmed. R4 involves the notification of potentially threatening vegetation
conditions, without any intentional delay, to the control center holding switching authority for
that specific transmission line. Examples of acceptable unintentional delays may include
Page 21 of 32

communication system problems (for example, cellular service or two-way radio disabled),
crews located in remote field locations with no communication access, delays due to severe
weather, etc.

Confirmation is key that a threat actually exists due to vegetation. This confirmation could be in
the form of an applicable Transmission Owner or applicable Generator Owner employee who
personally identifies such a threat in the field. Confirmation could also be made by sending out
an employee to evaluate a situation reported by a landowner.

Vegetation-related conditions that warrant a response include vegetation that is near or
encroaching into the MVCD (a grow-in issue) or vegetation that could fall into the transmission
conductor (a fall-in issue). A knowledgeable verification of the risk would include an
assessment of the possible sag or movement of the conductor while operating between no-load
conditions and its rating.

The applicable Transmission Owner or applicable Generator Owner has the responsibility to
ensure the proper communication between field personnel and the control center to allow the
control center to take the appropriate action until or as the vegetation threat is relieved.
Appropriate actions may include a temporary reduction in the line loading, switching the line out
of service, or other preparatory actions in recognition of the increased risk of outage on that
circuit. The notification of the threat should be communicated in terms of minutes or hours as
opposed to a longer time frame for corrective action plans (see R5).

All potential grow-in or fall-in vegetation-related conditions will not necessarily cause a Fault at
any moment. For example, some applicable Transmission Owners or applicable Generator
Owners may have a danger tree identification program that identifies trees for removal with the
potential to fall near the line. These trees would not require notification to the control center
unless they pose an immediate fall-in threat.

Requirement R5:
R5 is a risk-based requirement. It focuses upon preventative actions to be taken by the
applicable Transmission Owner or applicable Generator Owner for the mitigation of Sustained
Outage risk when temporarily constrained from performing vegetation maintenance. The intent
of this requirement is to deal with situations that prevent the applicable Transmission Owner or
applicable Generator Owner from performing planned vegetation management work and, as a
result, have the potential to put the transmission line at risk. Constraints to performing
vegetation maintenance work as planned could result from legal injunctions filed by property
owners, the discovery of easement stipulations which limit the applicable Transmission Owners
or applicable Generator Owners rights, or other circumstances.

This requirement is not intended to address situations where the transmission line is not at
potential risk and the work event can be rescheduled or re-planned using an alternate work
methodology. For example, a land owner may prevent the planned use of chemicals on non-
threatening, low growth vegetation but agree to the use of mechanical clearing. In this case the
applicable Transmission Owner or applicable Generator Owner is not under any immediate time
Page 22 of 32

constraint for achieving the management objective, can easily reschedule work using an alternate
approach, and therefore does not need to take interim corrective action.

However, in situations where transmission line reliability is potentially at risk due to a constraint,
the applicable Transmission Owner or applicable Generator Owner is required to take an interim
corrective action to mitigate the potential risk to the transmission line. A wide range of actions
can be taken to address various situations. General considerations include:
Identifying locations where the applicable Transmission Owner or applicable
Generator Owner is constrained from performing planned vegetation maintenance
work which potentially leaves the transmission line at risk.
Developing the specific action to mitigate any potential risk associated with not
performing the vegetation maintenance work as planned.
Documenting and tracking the specific action taken for the location.
In developing the specific action to mitigate the potential risk to the transmission line
the applicable Transmission Owner or applicable Generator Owner could consider
location specific measures such as modifying the inspection and/or maintenance
intervals. Where a legal constraint would not allow any vegetation work, the interim
corrective action could include limiting the loading on the transmission line.
The applicable Transmission Owner or applicable Generator Owner should document
and track the specific corrective action taken at each location. This location may be
indicated as one span, one tree or a combination of spans on one property where the
constraint is considered to be temporary.

Requirement R6:
R6 is a risk-based requirement. This requirement sets a minimum time period for completing
Vegetation Inspections. The provision that Vegetation Inspections can be performed in
conjunction with general line inspections facilitates a Transmission Owners ability to meet this
requirement. However, the applicable Transmission Owner or applicable Generator Owner may
determine that more frequent vegetation specific inspections are needed to maintain reliability
levels, based on factors such as anticipated growth rates of the local vegetation, length of the
local growing season, limited ROW width, and local rainfall. Therefore it is expected that some
transmission lines may be designated with a higher frequency of inspections.

The VSLs for Requirement R6 have levels ranked by the failure to inspect a percentage of the
applicable lines to be inspected. To calculate the appropriate VSL the applicable Transmission
Owner or applicable Generator Owner may choose units such as: circuit, pole line, line miles or
kilometers, etc.

For example, when an applicable Transmission Owner or applicable Generator Owner operates
2,000 miles of applicable transmission lines this applicable Transmission Owner or applicable
Generator Owner will be responsible for inspecting all the 2,000 miles of lines at least once
during the calendar year. If one of the included lines was 100 miles long, and if it was not
inspected during the year, then the amount failed to inspect would be 100/2000 = 0.05 or 5%.
The Low VSL for R6 would apply in this example.
Page 23 of 32

Requirement R7:
R7 is a risk-based requirement. The applicable Transmission Owner or applicable Generator
Owner is required to complete its an annual work plan for vegetation management to accomplish
the purpose of this standard. Modifications to the work plan in response to changing conditions
or to findings from vegetation inspections may be made and documented provided they do not
put the transmission system at risk. The annual work plan requirement is not intended to
necessarily require a span-by-span, or even a line-by-line detailed description of all work to
be performed. It is only intended to require that the applicable Transmission Owner or
applicable Generator Owner provide evidence of annual planning and execution of a vegetation
management maintenance approach which successfully prevents encroachment of vegetation into
the MVCD.

For example, when an applicable Transmission Owner or applicable Generator Owner identifies
1,000 miles of applicable transmission lines to be completed in the applicable Transmission
Owners or applicable Generator Owners annual plan, the applicable Transmission Owner or
applicable Generator Owner will be responsible completing those identified miles. If a
applicable Transmission Owner or applicable Generator Owner makes a modification to the
annual plan that does not put the transmission system at risk of an encroachment the annual plan
may be modified. If 100 miles of the annual plan is deferred until next year the calculation to
determine what percentage was completed for the current year would be: 1000 100 (deferred
miles) = 900 modified annual plan, or 900 / 900 = 100% completed annual miles. If an
applicable Transmission Owner or applicable Generator Owner only completed 875 of the total
1000 miles with no acceptable documentation for modification of the annual plan the calculation
for failure to complete the annual plan would be: 1000 875 = 125 miles failed to complete
then, 125 miles (not completed) / 1000 total annual plan miles = 12.5% failed to complete.

The ability to modify the work plan allows the applicable Transmission Owner or applicable
Generator Owner to change priorities or treatment methodologies during the year as conditions
or situations dictate. For example recent line inspections may identify unanticipated high
priority work, weather conditions (drought) could make herbicide application ineffective during
the plan year, or a major storm could require redirecting local resources away from planned
maintenance. This situation may also include complying with mutual assistance agreements by
moving resources off the applicable Transmission Owners or applicable Generator Owners
system to work on another system. Any of these examples could result in acceptable deferrals or
additions to the annual work plan provided that they do not put the transmission system at risk of
a vegetation encroachment.

In general, the vegetation management maintenance approach should use the full extent of the
applicable Transmission Owners or applicable Generator Owners easement, fee simple and
other legal rights allowed. A comprehensive approach that exercises the full extent of legal
rights on the ROW is superior to incremental management because in the long term it reduces the
overall potential for encroachments, and it ensures that future planned work and future planned
inspection cycles are sufficient.

Page 24 of 32

When developing the annual work plan the applicable Transmission Owner or applicable
Generator Owner should allow time for procedural requirements to obtain permits to work on
federal, state, provincial, public, tribal lands. In some cases the lead time for obtaining permits
may necessitate preparing work plans more than a year prior to work start dates. Applicable
Transmission Owners or applicable Generator Owners may also need to consider those special
landowner requirements as documented in easement instruments.

This requirement sets the expectation that the work identified in the annual work plan will be
completed as planned. Therefore, deferrals or relevant changes to the annual plan shall be
documented. Depending on the planning and documentation format used by the applicable
Transmission Owner or applicable Generator Owner, evidence of successful annual work plan
execution could consist of signed-off work orders, signed contracts, printouts from work
management systems, spreadsheets of planned versus completed work, timesheets, work
inspection reports, or paid invoices. Other evidence may include photographs, and walk-through
reports.

Page 25 of 32

F FA AC C- -0 00 03 3 T TA AB BL LE E 2 2 M Mi in ni im mu um m V Ve eg ge et ta at ti io on n C Cl le ea ar ra an nc ce e D Di is st ta an nc ce es s ( (M MV VC CD D) )
1
For Alternating Current Voltages (feet)
16 6

( AC )
Nominal
System
Voltage
(KV)
( AC )
Maximum
System
Voltage
(kV)
17
MVCD
(feet)

MVCD
(feet)
MVCD
feet

MVCD
feet

MVCD
feet

MVCD
feet

MVCD
feet

MVCD
feet

MVCD
feet
MVCD
feet
MVCD
feet
MVCD
feet
Over sea
level up
to 500 ft
Over 500
ft up to
1000 ft
Over 1000
ft up to
2000 ft
Over
2000 ft
up to
3000 ft
Over
3000 ft
up to
4000 ft
Over
4000 ft
up to
5000 ft
Over
5000 ft
up to
6000 ft
Over
6000 ft
up to
7000 ft
Over
7000 ft
up to
8000 ft
Over
8000 ft
up to
9000 ft
Over
9000 ft
up to
10000 ft
Over
10000 ft
up to
11000 ft

Such lines are applicable to this standard only if PC has determined such per FAC-014
(refer to the Applicability Section above)

16
The distances in this Table are the minimums required to prevent Flash-over; however prudent vegetation maintenance practices dictate that substantially greater distances will
be achieved at time of vegetation maintenance.
17
Where applicable lines are operated at nominal voltages other than those listed, the applicable Transmission Owner or applicable Generator Owner should use
the maximum system voltage to determine the appropriate clearance for that line.

Page 26 of 32

T TA AB BL LE E 2 2 ( (C CO ON NT T) ) M Mi in ni im mu um m V Ve eg ge et ta at ti io on n C Cl le ea ar ra an nc ce e D Di is st ta an nc ce es s ( (M MV VC CD D) )
7 7

For Alternating Current Voltages (meters)

( AC )
Nominal
System
Voltage
(KV)
( AC )
Maximum
System
Voltage
(kV)
8

MVCD
meters
MVCD
meters
MVCD
meters
MVCD
meters
MVCD
meters
MVCD
meters
MVCD
meters
MVCD
meters
MVCD
meters
MVCD
meters
MVCD
meters
MVCD
meters

Over sea
level up
to 152.4
m
Over
152.4 m up
to 304.8 m
Over 304.8
m up to
609.6m
Over
609.6m up
to 914.4m
Over
914.4m up
to
1219.2m
Over
1219.2m
up to
1524m
Over 1524 m
up to 1828.8
m
Over
1828.8m
up to
2133.6m
Over
2133.6m
up to
2438.4m
Over
2438.4m up
to 2743.2m
Over
2743.2m up
to 3048m
Over
3048m up
to
3352.8m
765 800 2.49m 2.54m 2.62m 2.71m 2.80m 2.88m 2.97m 3.05m 3.14m 3.22m 3.31m 3.39m
500 550 1.57m 1.6m 1.66m 1.73m 1.79m 1.85m 1.91m 1.98m 2.04m 2.11m 2.17m 2.24m
345 362 0.97m 0.99m 1.03m 1.08m 1.12m 1.16m 1.21m 1.26m 1.30m 1.35m 1.40m 1.44m
287 302 1.18m 0.88m 1.26m 1.31m 1.36m 1.41m 1.46m 1.51m 1.57m 1.62m 1.68m 1.73m
230 242 0.92m 0.94m 0.98m 1.02m 1.06m 1.11m 1.15m 1.19m 1.24m 1.29m 1.33m 1.38m
161* 169 0.62m 0.64m 0.67m 0.69m 0.73m 0.76m 0.79m 0.82m 0.85m 0.89m 0.92m 0.96m
138* 145 0.53m 0.54m 0.57m 0.59m 0.62m 0.65m 0.67m 0.70m 0.73m 0.76m 0.79m 0.82m
115* 121 0.44m 0.45m 0.47m 0.49m 0.51m 0.53m 0.56m 0.58m 0.61m 0.63m 0.66m 0.69m
88* 100 0.36m 0.37m 0.38m 0.40m 0.42m 0.44m 0.46m 0.48m 0.50m 0.52m 0.54m 0.57m
69* 72 0.26m 0.26m 0.27m 0.29m 0.30m 0.31m 0.33m 0.34m 0.36m 0.37m 0.39m 0.41m
Such lines are applicable to this standard only if PC has determined such per FAC-014 (refer to the Applicability Section above)

Page 27 of 32

T TA AB BL LE E 2 2 ( (C CO ON NT T) ) M Mi in ni im mu um m V Ve eg ge et ta at ti io on n C Cl le ea ar ra an nc ce e D Di is st ta an nc ce es s ( (M MV VC CD D) )
7 7

For Direct Current Voltages feet (meters)

( DC )
Nominal
Pole to
Ground
Voltage
(kV)
MVCD
meters
MVCD
meters
MVCD
meters
MVCD
meters
MVCD
meters
MVCD
meters
MVCD
meters
MVCD
meters
MVCD
meters
MVCD
meters
MVCD
meters
MVCD
meters
Over sea
level up to
500 ft
Over 500
ft up to
1000 ft
Over 1000
ft up to
2000 ft
Over 2000
ft up to
3000 ft
Over 3000
ft up to
4000 ft
Over 4000
ft up to
5000 ft
Over 5000
ft up to
6000 ft
Over 6000
ft up to
7000 ft
Over 7000
ft up to
8000 ft
Over 8000
ft up to
9000 ft
Over 9000
ft up to
10000 ft
Over 10000
ft up to
11000 ft
(Over sea
level up to
152.4 m)
(Over
152.4 m
up to
304.8 m
(Over
304.8 m
up to
609.6m)
(Over
609.6m up
to 914.4m
(Over
914.4m up
to
1219.2m
(Over
1219.2m
up to
1524m
(Over
1524 m up
to 1828.8
m)
(Over
1828.8m
up to
2133.6m)
(Over
2133.6m
up to
2438.4m)
(Over
2438.4m
up to
2743.2m)
(Over
2743.2m
up to
3048m)
(Over
3048m up
to
3352.8m)
750
14.12ft
(4.30m)
14.31ft
(4.36m)
14.70ft
(4.48m)
15.07ft
(4.59m)
15.45ft
(4.71m)
15.82ft
(4.82m)
16.2ft
(4.94m)
16.55ft
(5.04m)
16.91ft
(5.15m)
17.27ft
(5.26m)
17.62ft
(5.37m)
17.97ft
(5.48m)
600
10.23ft
(3.12m)
10.39ft
(3.17m)
10.74ft
(3.26m)
11.04ft
(3.36m)
11.35ft
(3.46m)
11.66ft
(3.55m)
11.98ft
(3.65m)
12.3ft
(3.75m)
12.62ft
(3.85m)
12.92ft
(3.94m)
13.24ft
(4.04m)
13.54ft
(4.13m)
500
8.03ft
(2.45m)
8.16ft
(2.49m)
8.44ft
(2.57m)
8.71ft
(2.65m)
8.99ft
(2.74m)
9.25ft
(2.82m)
9.55ft
(2.91m)
9.82ft
(2.99m)
10.1ft
(3.08m)
10.38ft
(3.16m)
10.65ft
(3.25m)
10.92ft
(3.33m)
400
6.07ft
(1.85m)
6.18ft
(1.88m)
6.41ft
(1.95m)
6.63ft
(2.02m)
6.86ft
(2.09m)
7.09ft
(2.16m)
7.33ft
(2.23m)
7.56ft
(2.30m)
7.80ft
(2.38m)
8.03ft
(2.45m)
8.27ft
(2.52m)
8.51ft
(2.59m)
250
3.50ft
(1.07m)
3.57ft
(1.09m)
3.72ft
(1.13m)
3.87ft
(1.18m)
4.02ft
(1.23m)
4.18ft
(1.27m)
4.34ft
(1.32m)
4.5ft
(1.37m)
4.66ft
(1.42m)
4.83ft
(1.47m)
5.00ft
(1.52m)
5.17ft
(1.58m)

Page 28 of 32

Notes:

The SDT determined that the use of IEEE 516-2003 in version 1 of FAC-003 was a
misapplication. The SDT consulted specialists who advised that the Gallet Equation would be a
technically justified method. The explanation of why the Gallet approach is more appropriate is
explained in the paragraphs below.

The drafting team sought a method of establishing minimum clearance distances that uses
realistic weather conditions and realistic maximum transient over-voltages factors for in-service
transmission lines.

The SDT considered several factors when looking at changes to the minimum vegetation to
conductor distances in FAC-003-1:
avoid the problem associated with referring to tables in another standard (IEEE-516-
2003)
transmission lines operate in non-laboratory environments (wet conditions)
transient over-voltage factors are lower for in-service transmission lines than for
inadvertently re-energized transmission lines with trapped charges.

FAC-003-1 uses the minimum air insulation distance (MAID) without tools formula provided in
IEEE 516-2003 to determine the minimum distance between a transmission line conductor and
vegetation. The equations and methods provided in IEEE 516 were developed by an IEEE Task
Force in 1968 from test data provided by thirteen independent laboratories. The distances
provided in IEEE 516 Tables 5 and 7 are based on the withstand voltage of a dry rod-rod air gap,
or in other words, dry laboratory conditions. Consequently, the validity of using these distances
in an outside environment application has been questioned.

FAC-003-01 allowed Transmission Owners to use either Table 5 or Table 7 to establish the
minimum clearance distances. Table 7 could be used if the Transmission Owner knew the
maximum transient over-voltage factor for its system. Otherwise, Table 5 would have to be
used. Table 5 represented minimum air insulation distances under the worst possible case for
transient over-voltage factors. These worst case transient over-voltage factors were as follows:
3.5 for voltages up to 362 kV phase to phase; 3.0 for 500 - 550 kV phase to phase; and 2.5 for
765 to 800 kV phase to phase. These worst case over-voltage factors were also a cause for
concern in this particular application of the distances.

In general, the worst case transient over-voltages occur on a transmission line that is
inadvertently re-energized immediately after the line is de-energized and a trapped charge is still
present. The intent of FAC-003 is to keep a transmission line that is in service from becoming
de-energized (i.e. tripped out) due to spark-over from the line conductor to nearby vegetation.
Thus, the worst case transient overvoltage assumptions are not appropriate for this application.
Rather, the appropriate over voltage values are those that occur only while the line is energized.

Typical values of transient over-voltages of in-service lines, as such, are not readily available in
the literature because they are negligible compared with the maximums. A conservative value
for the maximum transient over-voltage that can occur anywhere along the length of an in-
Page 29 of 32

service ac line is approximately 2.0 per unit. This value is a conservative estimate of the
transient over-voltage that is created at the point of application (e.g. a substation) by switching a
capacitor bank without pre-insertion devices (e.g. closing resistors). At voltage levels where
capacitor banks are not very common (e.g. Maximum System Voltage of 362 kV), the maximum
transient over-voltage of an in-service ac line are created by fault initiation on adjacent ac lines
and shunt reactor bank switching. These transient voltages are usually 1.5 per unit or less.

Even though these transient over-voltages will not be experienced at locations remote from the
bus at which they are created, in order to be conservative, it is assumed that all nearby ac lines
are subjected to this same level of over-voltage. Thus, a maximum transient over-voltage factor
of 2.0 per unit for transmission lines operated at 302 kV and below is considered to be a realistic
maximum in this application. Likewise, for ac transmission lines operated at Maximum System
Voltages of 362 kV and above a transient over-voltage factor of 1.4 per unit is considered a
realistic maximum.

The Gallet Equations are an accepted method for insulation coordination in tower design. These
equations are used for computing the required strike distances for proper transmission line
insulation coordination. They were developed for both wet and dry applications and can be used
with any value of transient over-voltage factor. The Gallet Equation also can take into account
various air gap geometries. This approach was used to design the first 500 kV and 765 kV lines
in North America.

If one compares the MAID using the IEEE 516-2003 Table 7 (table D.5 for English values) with
the critical spark-over distances computed using the Gallet wet equations, for each of the
nominal voltage classes and identical transient over-voltage factors, the Gallet equations yield a
more conservative (larger) minimum distance value.

Distances calculated from either the IEEE 516 (dry) formulas or the Gallet wet formulas are
not vastly different when the same transient overvoltage factors are used; the wet equations
will consistently produce slightly larger distances than the IEEE 516 equations when the same
transient overvoltage is used. While the IEEE 516 equations were only developed for dry
conditions the Gallet equations have provisions to calculate spark-over distances for both wet
and dry conditions.

While EPRI is currently trying to establish empirical data for spark-over distances to live
vegetation, there are no spark-over formulas currently derived expressly for vegetation to
conductor minimum distances. Therefore the SDT chose a proven method that has been used in
other EHV applications. The Gallet equations relevance to wet conditions and the selection of a
Transient Overvoltage Factor that is consistent with the absence of trapped charges on an in-
service transmission line make this methodology a better choice.
The following table is an example of the comparison of distances derived from IEEE 516 and the
Gallet equations.

Page 30 of 32

Comparison of spark-over distances computed using Gallet wet equations vs.
IEEE 516-2003 MAID distances

Table 7
(Table D.5 for feet)
( AC ) ( AC ) Transient Clearance (ft.) IEEE 516-2003
Nom System Max System Over-voltage Gallet (wet) MAID (ft)
Voltage (kV) Voltage (kV) Factor (T) @ Alt. 3000 feet @ Alt. 3000 feet

765 800 2.0 14.36 13.95
500 550 2.4 11.0 10.07
345 362 3.0 8.55 7.47
230 242 3.0 5.28 4.2
115 121 3.0 2.46 2.1

Rationale:


Rationale for Applicability (section 4.2.4):
The areas excluded in 4.2.4 were excluded based on comments from industry for reasons
summarized as follows: 1) There is a very low risk from vegetation in this area. Based on an
informal survey, no TOs reported such an event. 2) Substations, switchyards, and stations have
many inspection and maintenance activities that are necessary for reliability. Those existing
process manage the threat. As such, the formal steps in this standard are not well suited for this
environment. 3) Specifically addressing the areas where the standard does and does not apply
makes the standard clearer.

Rationale for Applicability (section 4.3):
Within the text of NERC Reliability Standard FAC-003-3, transmission line(s) and applicable
line(s) can also refer to the generation Facilities as referenced in 4.3 and its subsections.

Rationale for R1 and R2:
Lines with the highest significance to reliability are covered in R1; all other lines are covered in
R2.

Rationale for the types of failure to manage vegetation which are listed in order of increasing
degrees of severity in non-compliant performance as it relates to a failure of an applicable
Transmission Owner's or applicable Generator Owners vegetation maintenance program:

Page 31 of 32

1. This management failure is found by routine inspection or Fault event investigation, and is
normally symptomatic of unusual conditions in an otherwise sound program.

2. This management failure occurs when the height and location of a side tree within the ROW is
not adequately addressed by the program.

3. This management failure occurs when side growth is not adequately addressed and may be
indicative of an unsound program.

4. This management failure is usually indicative of a program that is not addressing the most
fundamental dynamic of vegetation management, (i.e. a grow-in under the line). If this type of
failure is pervasive on multiple lines, it provides a mechanism for a Cascade.

Rationale for R3:
The documentation provides a basis for evaluating the competency of the applicable
Transmission Owners or applicable Generator Owners vegetation program. There may be
many acceptable approaches to maintain clearances. Any approach must demonstrate that the
applicable Transmission Owner or applicable Generator Owner avoids vegetation-to-wire
conflicts under all Ratings and all Rated Electrical Operating Conditions. See Figure

Rationale for R4:
This is to ensure expeditious communication between the applicable Transmission Owner or
applicable Generator Owner and the control center when a critical situation is confirmed.

Rationale for R5:
Legal actions and other events may occur which result in constraints that prevent the applicable
Transmission Owner or applicable Generator Owner from performing planned vegetation
maintenance work.
In cases where the transmission line is put at potential risk due to constraints, the intent is for the
applicable Transmission Owner and applicable Generator Owner to put interim measures in
place, rather than do nothing.
The corrective action process is not intended to address situations where a planned work
methodology cannot be performed but an alternate work methodology can be used.

Rationale for R6:
Inspections are used by applicable Transmission Owners and applicable Generator Owners to
assess the condition of the entire ROW. The information from the assessment can be used to
determine risk, determine future work and evaluate recently-completed work. This requirement
sets a minimum Vegetation Inspection frequency of once per calendar year but with no more
than 18 months between inspections on the same ROW. Based upon average growth rates across
North America and on common utility practice, this minimum frequency is reasonable.
Transmission Owners should consider local and environmental factors that could warrant more
frequent inspections.

Page 32 of 32

Rationale for R7:
This requirement sets the expectation that the work identified in the annual work plan will be
completed as planned. It allows modifications to the planned work for changing conditions,
taking into consideration anticipated growth of vegetation and all other environmental factors,
provided that those modifications do not put the transmission system at risk of a vegetation
encroachment.

Version History

3 September 29,
2011
Using the latest draft of FAC-003-2
from the Project 2007-07 SDT, modified
proposed definitions and Applicability
to include Generator Owners of a certain
length.
2010-07
3 May 9, 2012 Adopted by Board of Trustees

Standard FAC-008-3 Facility Ratings
Page 1 of 11

A. Introduction
1. Title: Facility Ratings
3. Purpose: To ensure that Facility Ratings used in the reliable planning and operation of the
Bulk Electric System (BES) are determined based on technically sound principles. A Facility
Rating is essential for the determination of System Operating Limits.
4. Applicability
4.2. Generator Owner.
5. Effective Date: The first day of the first calendar quarter that is twelve months beyond
the date approved by applicable regulatory authorities, or in those jurisdictions where
regulatory approval is not required, the first day of the first calendar quarter twelve months
following BOT adoption.
B. Requirements
R1. Each Generator Owner shall have documentation for determining the Facility Ratings of its
solely and jointly owned generator Facility(ies) up to the low side terminals of the main step up
transformer if the Generator Owner does not own the main step up transformer and the high
side terminals of the main step up transformer if the Generator Owner owns the main step up
transformer. [Violation Risk Factor: Lower] [Time Horizon: Long-term Planning]
1.1. The documentation shall contain assumptions used to rate the generator and at least one
of the following:
Design or construction information such as design criteria, ratings provided
by equipment manufacturers, equipment drawings and/or specifications,
engineering analyses, method(s) consistent with industry standards (e.g.
ANSI and IEEE), or an established engineering practice that has been
verified by testing or engineering analysis.
Operational information such as commissioning test results, performance
testing or historical performance records, any of which may be supplemented
by engineering analyses.
1.2. The documentation shall be consistent with the principle that the Facility Ratings do not
exceed the most limiting applicable Equipment Rating of the individual equipment that
comprises that Facility.
R2. Each Generator Owner shall have a documented methodology for determining Facility Ratings
(Facility Ratings methodology) of its solely and jointly owned equipment connected between
the location specified in R1 and the point of interconnection with the Transmission Owner that
contains all of the following. [Violation Risk Factor: Medium] [Time Horizon: Long-term
Planning]
2.1. The methodology used to establish the Ratings of the equipment that comprises the
Facility(ies) shall be consistent with at least one of the following:
Ratings provided by equipment manufacturers or obtained from equipment
manufacturer specifications such as nameplate rating.
Page 2 of 11

One or more industry standards developed through an open process such as
Institute of Electrical and Electronic Engineers (IEEE) or International
Council on Large Electric Systems (CIGRE).
A practice that has been verified by testing, performance history or
engineering analysis.
2.2. The underlying assumptions, design criteria, and methods used to determine the
Equipment Ratings identified in Requirement R2, Part 2.1 including identification of
how each of the following were considered:
2.2.1. Equipment Rating standard(s) used in development of this methodology.
2.2.2. Ratings provided by equipment manufacturers or obtained from equipment
manufacturer specifications.
2.2.3. Ambient conditions (for particular or average conditions or as they vary in
real-time).
2.2.4. Operating limitations.
1

2.3. A statement that a Facility Rating shall respect the most limiting applicable
Equipment Rating of the individual equipment that comprises that Facility.
2.4. The process by which the Rating of equipment that comprises a Facility is determined.
2.4.1. The scope of equipment addressed shall include, but not be limited to,
conductors, transformers, relay protective devices, terminal equipment, and
series and shunt compensation devices.
2.4.2. The scope of Ratings addressed shall include, as a minimum, both Normal
and Emergency Ratings.
R3. Each Transmission Owner shall have a documented methodology for determining Facility
Ratings (Facility Ratings methodology) of its solely and jointly owned Facilities (except for
those generating unit Facilities addressed in R1 and R2) that contains all of the following:
[Violation Risk Factor: Medium] [ Time Horizon: Long-term Planning]
3.1. The methodology used to establish the Ratings of the equipment that comprises the
Facility shall be consistent with at least one of the following:
Ratings provided by equipment manufacturers or obtained from equipment
manufacturer specifications such as nameplate rating.
One or more industry standards developed through an open process such as
Institute of Electrical and Electronics Engineers (IEEE) or International
Council on Large Electric Systems (CIGRE).
A practice that has been verified by testing, performance history or
engineering analysis.
3.2. The underlying assumptions, design criteria, and methods used to determine the
Equipment Ratings identified in Requirement R3, Part 3.1 including identification of
how each of the following were considered:
3.2.1. Equipment Rating standard(s) used in development of this methodology.

1
Such as temporary de-ratings of impaired equipment in accordance with good utility practice.
Page 3 of 11

3.2.2. Ratings provided by equipment manufacturers or obtained from equipment
manufacturer specifications.
3.2.3. Ambient conditions (for particular or average conditions or as they vary in
real-time).
3.2.4. Operating limitations.
2

3.3. A statement that a Facility Rating shall respect the most limiting applicable
Equipment Rating of the individual equipment that comprises that Facility.
3.4. The process by which the Rating of equipment that comprises a Facility is determined.
3.4.1. The scope of equipment addressed shall include, but not be limited to,
transmission conductors, transformers, relay protective devices, terminal
equipment, and series and shunt compensation devices.
3.4.2. The scope of Ratings addressed shall include, as a minimum, both Normal
and Emergency Ratings.
R4. Each Transmission Owner shall make its Facility Ratings methodology and each Generator
Owner shall each make its documentation for determining its Facility Ratings and its Facility
Ratings methodology available for inspection and technical review by those Reliability
Coordinators, Transmission Operators, Transmission Planners and Planning Coordinators that
have responsibility for the area in which the associated Facilities are located, within 21
calendar days of receipt of a request. [Violation Risk Factor: Lower] [Time Horizon:
Operations Planning] (Retirement approved by NERC BOT pending applicable regulatory
approval.)
R5. If a Reliability Coordinator, Transmission Operator, Transmission Planner or Planning
Coordinator provides documented comments on its technical review of a Transmission
Owners Facility Ratings methodology or Generator Owners documentation for determining
its Facility Ratings and its Facility Rating methodology, the Transmission Owner or Generator
Owner shall provide a response to that commenting entity within 45 calendar days of receipt of
those comments. The response shall indicate whether a change will be made to the Facility
Ratings methodology and, if no change will be made to that Facility Ratings methodology, the
reason why. [Violation Risk Factor: Lower] [Time Horizon: Operations Planning]
R6. Each Transmission Owner and Generator Owner shall have Facility Ratings for its solely and
jointly owned Facilities that are consistent with the associated Facility Ratings methodology or
documentation for determining its Facility Ratings. [Violation Risk Factor: Medium] [Time
Horizon: Operations Planning]
R7. Each Generator Owner shall provide Facility Ratings (for its solely and jointly owned Facilities
that are existing Facilities, new Facilities, modifications to existing Facilities and re-ratings of
existing Facilities) to its associated Reliability Coordinator(s), Planning Coordinator(s),
Transmission Planner(s), Transmission Owner(s) and Transmission Operator(s) as scheduled
by such requesting entities. [Violation Risk Factor: Medium] [Time Horizon: Operations
Planning]
R8. Each Transmission Owner (and each Generator Owner subject to Requirement R2) shall
provide requested information as specified below (for its solely and jointly owned Facilities
that are existing Facilities, new Facilities, modifications to existing Facilities and re-ratings of
existing Facilities) to its associated Reliability Coordinator(s), Planning Coordinator(s),

2
Such as temporary de-ratings of impaired equipment in accordance with good utility practice.
Page 4 of 11

Transmission Planner(s), Transmission Owner(s) and Transmission Operator(s): [Violation
Risk Factor: Medium] [Time Horizon: Operations Planning]
8.1. As scheduled by the requesting entities:
8.1.1. Facility Ratings
8.1.2. Identity of the most limiting equipment of the Facilities
8.2. Within 30 calendar days (or a later date if specified by the requester), for any
requested Facility with a Thermal Rating that limits the use of Facilities under the
requesters authority by causing any of the following: 1) An Interconnection
Reliability Operating Limit, 2) A limitation of Total Transfer Capability, 3) An
impediment to generator deliverability, or 4) An impediment to service to a major
load center:
8.2.1. Identity of the existing next most limiting equipment of the Facility
8.2.2. The Thermal Rating for the next most limiting equipment identified in
Requirement R8, Part 8.2.1.
C. Measures
M1. Each Generator Owner shall have documentation that shows how its Facility Ratings were
determined as identified in Requirement 1.
M2. Each Generator Owner shall have a documented Facility Ratings methodology that includes all
of the items identified in Requirement 2, Parts 2.1 through 2.4.
M3. Each Transmission Owner shall have a documented Facility Ratings methodology that includes
all of the items identified in Requirement 3, Parts 3.1 through 3.4.
Each Transmission Owner shall have evidence, such as a copy of a dated electronic note, or
other comparable evidence to show that it made its Facility Ratings methodology available for
inspection within 21 calendar days of a request in accordance with Requirement 4. The
Generator Owner shall have evidence, such as a copy of a dated electronic note, or other
comparable evidence to show that it made its documentation for determining its Facility
Ratings or its Facility Ratings methodology available for inspection within 21 calendar days of
a request in accordance with Requirement R4. (Retirement approved by NERC BOT pending
If the Reliability Coordinator, Transmission Operator, Transmission Planner or Planning
Coordinator provides documented comments on its technical review of a Transmission
Owners or Generator Owners Facility Ratings methodology or a Generator Owners
documentation for determining its Facility Ratings, the Transmission Owner or Generator
Owner shall have evidence, (such as a copy of a dated electronic or hard copy note, or other
comparable evidence from the Transmission Owner or Generator Owner addressed to the
commenter that includes the response to the comment,) that it provided a response to that
commenting entity in accordance with Requirement R5. (Retirement approved by NERC BOT
pending applicable regulatory approval.)
M4. Each Transmission Owner and Generator Owner shall have evidence to show that its Facility
Ratings are consistent with the documentation for determining its Facility Ratings as specified
in Requirement R1 or consistent with its Facility Ratings methodology as specified in
Requirements R2 and R3 (Requirement R6).
M5. Each Generator Owner shall have evidence, such as a copy of a dated electronic note, or other
comparable evidence to show that it provided its Facility Ratings to its associated Reliability
Page 5 of 11

Coordinator(s), Planning Coordinator(s), Transmission Planner(s), Transmission Owner(s) and
Transmission Operator(s) in accordance with Requirement R7.
M6. Each Transmission Owner (and Generator Owner subject to Requirement R2) shall have
evidence, such as a copy of a dated electronic note, or other comparable evidence to show that
it provided its Facility Ratings and identity of limiting equipment to its associated Reliability
Coordinator(s), Planning Coordinator(s), Transmission Planner(s), Transmission Owner(s) and
Transmission Operator(s) in accordance with Requirement R8.
D. Compliance
Regional Entity
Self-Certifications
Spot Checking
Compliance Audits
Self-Reporting
Complaints
1.3. Data Retention
The Generator Owner shall keep its current documentation (for R1) and any
modifications to the documentation that were in force since last compliance audit
period for Measure M1 and Measure M6.
The Generator Owner shall keep its current, in force Facility Ratings methodology
(for R2) and any modifications to the methodology that were in force since last
compliance audit period for Measure M2 and Measure M6.
The Transmission Owner shall keep its current, in force Facility Ratings
methodology (for R3) and any modifications to the methodology that were in force
since the last compliance audit for Measure M3 and Measure M6.
The Transmission Owner and Generator Owner shall keep its current, in force
Facility Ratings and any changes to those ratings for three calendar years for Measure
M6.
The Generator Owner and Transmission Owner shall each keep evidence for Measure
M4, and Measure M5, for three calendar years. (Retirement approved by NERC BOT
The Generator Owner shall keep evidence for Measure M7 for three calendar years.
The Transmission Owner (and Generator Owner that is subject to Requirement R2)
shall keep evidence for Measure M8 for three calendar years.
If a Generator Owner or Transmission Owner is found non-compliant, it shall keep
Page 6 of 11

The Compliance Enforcement Authority shall keep the last audit and all subsequent
compliance records.

None
Page 7 of 11

R # Lower VSL Moderate VSL High VSL Severe VSL
R1

N/A The Generator Owners
Facility Rating documentation
did not address Requirement
R1, Part 1.1.
The Generator Owners Facility
Rating documentation did not
address Requirement R1, Part 1.2.
The Generator Owner failed to
provide documentation for
determining its Facility Ratings.
R2 The Generator Owner failed to include
in its Facility Rating methodology one
of the following Parts of Requirement
R2:
2.1.
2.2.1
2.2.2
2.2.3
2.2.4

include in its Facility Rating
methodology two of the following
Parts of Requirement R2:
2.1
2.2.1
2.2.2
2.2.3
2.2.4
Rating methodology did not
address all the components of
Requirement R2, Part 2.4.
OR
Methodology, three of the
following Parts of Requirement R2:
2.1.
2.2.1
2.2.2
2.2.3
2.2.4
Rating methodology failed to
recognize a facility's rating based
on the most limiting component
rating as required in Requirement
R2, Part 2.3
OR
Methodology four or more of the
2.1
2.2.1
2.2.2
2.2.3
2.2.4
R3 The Transmission Owner failed to
methodology one of the following Parts
of Requirement R3:
3.1
3.2.1
The Transmission Owner failed to
methodology two of the following
3.1
3.2.1
The Transmission Owners Facility
Rating methodology did not
address either of the following
3.4.1
3.4.2
The Transmission Owners Facility
Rating methodology failed to
recognize a Facility's rating based
on the most limiting component
rating as required in Requirement
R3, Part 3.3
OR
Page 8 of 11

3.2.2
3.2.3
3.2.4
3.2.2
3.2.3
3.2.4
OR
methodology three of the following
3.1
3.2.1
3.2.2
3.2.3
3.2.4
methodology four or more of the
3.1
3.2.1
3.2.2
3.2.3
3.2.4
R4
by NERC BOT
pending applicable

The responsible entity made its Facility
Ratings methodology or Facility Ratings
documentation available within more
than 21 calendar days but less than or
equal to 31 calendar days after a request.
The responsible entity made its
Facility Ratings methodology or
Facility Ratings documentation
available within more than 31
calendar days but less than or equal
to 41 calendar days after a request.
The responsible entity made its
Facility Rating methodology or
Facility Ratings documentation
available within more than 41
to 51 calendar days after a request.
make its Facility Ratings
methodology or Facility Ratings
documentation available in more
than 51 calendar days after a
request. (R3)
R5
by NERC BOT
pending applicable

The responsible entity provided a
response in more than 45 calendar days
but less than or equal to 60 calendar
days after a request. (R5)

response in more than 60 calendar
days but less than or equal to 70
calendar days after a request.
OR
response within 45 calendar days,
and the response indicated that a
change will not be made to the
Facility Ratings methodology or
Facility Ratings documentation but
did not indicate why no change will
be made. (R5)
response in more than 70 calendar
calendar days after a request.
OR
response within 45 calendar days,
but the response did not indicate
whether a change will be made to
the Facility Ratings methodology or
Facility Ratings documentation.
(R5)
provide a response as required in
more than 80 calendar days after
the comments were received. (R5)

Page 9 of 11

R6 The responsible entity failed to establish
Facility Ratings consistent with the
associated Facility Ratings methodology
or documentation for determining the
Facility Ratings for 5% or less of its
solely owned and jointly owned
Facilities. (R6)
establish Facility Ratings consistent
with the associated Facility Ratings
methodology or documentation for
determining the Facility Ratings for
more than 5% or more, but less
than up to (and including) 10% of
its solely owned and jointly owned
Facilities. (R6)
including) 15% of its solely owned
and jointly owned Facilities. (R6)
more than15% of its solely owned
and jointly owned Facilities. (R6)
R7 The Generator Owner provided its
Facility Ratings to all of the requesting
entities but missed meeting the
schedules by up to and including 15
calendar days.
The Generator Owner provided its
Facility Ratings to all of the
requesting entities but missed
meeting the schedules by more than
15 calendar days but less than or
equal to 25 calendar days.
equal to 35 calendar days.
35 calendar days.
OR
provide its Facility Ratings to the
requesting entities.
R8

The responsible entity provided its
Facility Ratings to all of the requesting
entities but missed meeting the
schedules by up to and including 15
calendar days. (R8, Part 8.1)
OR
The responsible entity provided less than
100%, but not less than or equal to 95%
of the required Rating information to all
of the requesting entities. (R8, Part 8.1)
OR
The responsible entity provided the
required Rating information to the
requesting entity, but the information
equal to 25 calendar days. (R8, Part
8.1)
OR
The responsible entity provided less
than 95%, but not less than or equal
to 90% of the required Rating
information to all of the requesting
entities. (R8, Part 8.1)
OR
equal to 35 calendar days. (R8, Part
8.1)
OR
OR
35 calendar days. (R8, Part 8.1)
OR
than 85% of the required Rating
OR
requesting entity, but did so more
Page 10 of 11

was provided up to and including 15
calendar days late. (R8, Part 8.2)
OR
The responsible entity provided less than
100%, but not less than or equal to 95%
of the required Rating information to the
requesting entity. (R8, Part 8.2)
equal to 25 calendar days late. (R8,
Part 8.2)
OR
information to the requesting entity.
(R8, Part 8.2)
than 25 calendar days but less than
or equal to 35 calendar days late.
(R8, Part 8.2)
OR
than 90%, but no less than or equal
(R8, Part 8.2)
than 35 calendar days late. (R8,
Part 8.2)
OR
than 85 % of the required Rating
(R8, Part 8.2)
OR
provide its Rating information to
the requesting entity. (R8, Part 8.1)

Page 11 of 11

None.

Version History
1 Feb 7, 2006 Approved by Board of
Trustees
New
1 Mar 16, 2007 Approved by FERC New
2 May 12, 2010 Approved by Board of
Trustees
Complete Revision, merging
FAC_008-1 and FAC-009-1
under Project 2009-06 and
address directives from Order
693
3 May 24, 2011 Addition of Requirement R8 Project 2009-06 Expansion to
address third directive from
Order 693
3 May 24, 2011 Adopted by NERC Board of
Trustees

3 November 17,
2011
FERC Order issued approving
FAC-008-3

3 May 17, 2012 FERC Order issued directing
the VRF for Requirement R2
be changed from Lower to
Medium

3 February 7,
2013
R4 and R5 and associated
elements approved by NERC
Board of Trustees for
retirement as part of the
Paragraph 81 project (Project
2013-02) pending applicable

Standard FAC-010-2.1 System Operating Limits Methodology for the Planning Horizon
Page 1 of 9

A. Introduction
1. Title: System Operating Limits Methodology for the Planning Horizon
2. Number: FAC-010-2.1
3. Purpose: To ensure that System Operating Limits (SOLs) used in the reliable planning of
the Bulk Electric System (BES) are determined based on an established methodology or
methodologies.
4. Applicability
B. Requirements
R1. The Planning Authority shall have a documented SOL Methodology for use in developing
SOLs within its Planning Authority Area. This SOL Methodology shall:
R1.1. Be applicable for developing SOLs used in the planning horizon.
R1.2. State that SOLs shall not exceed associated Facility Ratings.
R1.3. Include a description of how to identify the subset of SOLs that qualify as IROLs.
R2. The Planning Authoritys SOL Methodology shall include a requirement that SOLs provide
BES performance consistent with the following:
R2.1. In the pre-contingency state and with all Facilities in service, the BES shall
demonstrate transient, dynamic and voltage stability; all Facilities shall be within their
Facility Ratings and within their thermal, voltage and stability limits. In the
determination of SOLs, the BES condition used shall reflect expected system
conditions and shall reflect changes to system topology such as Facility outages.
R2.2. Following the single Contingencies
1
identified in Requirement 2.2.1 through
Requirement 2.2.3, the system shall demonstrate transient, dynamic and voltage
stability; all Facilities shall be operating within their Facility Ratings and within their
thermal, voltage and stability limits; and Cascading or uncontrolled separation shall
not occur.
R2.2.1. Single line to ground or three-phase Fault (whichever is more severe), with
Normal Clearing, on any Faulted generator, line, transformer, or shunt
device.
R2.2.2. Loss of any generator, line, transformer, or shunt device without a Fault.
R2.2.3. Single pole block, with Normal Clearing, in a monopolar or bipolar high
voltage direct current system.
R2.3. Starting with all Facilities in service, the systems response to a single Contingency,
may include any of the following:
R2.3.1. Planned or controlled interruption of electric supply to radial customers or
some local network customers connected to or supplied by the Faulted
Facility or by the affected area.

1
The Contingencies identified in R2.2.1 through R2.2.3 are the minimum contingencies that must be studied but are
not necessarily the only Contingencies that should be studied.
Page 2 of 9
R2.3.2. System reconfiguration through manual or automatic control or protection
actions.
R2.4. To prepare for the next Contingency, system adjustments may be made, including
changes to generation, uses of the transmission system, and the transmission system
topology.
R2.5. Starting with all Facilities in service and following any of the multiple Contingencies
identified in Reliability Standard TPL-003 the system shall demonstrate transient,
dynamic and voltage stability; all Facilities shall be operating within their Facility
Ratings and within their thermal, voltage and stability limits; and Cascading or
uncontrolled separation shall not occur.
R2.6. In determining the systems response to any of the multiple Contingencies, identified
in Reliability Standard TPL-003, in addition to the actions identified in R2.3.1 and
R2.3.2, the following shall be acceptable:
R2.6.1. Planned or controlled interruption of electric supply to customers (load
shedding), the planned removal from service of certain generators, and/or
the curtailment of contracted Firm (non-recallable reserved) electric power
Transfers.
R3. The Planning Authoritys methodology for determining SOLs, shall include, as a minimum, a
description of the following, along with any reliability margins applied for each:
R3.1. Study model (must include at least the entire Planning Authority Area as well as the
critical modeling details from other Planning Authority Areas that would impact the
Facility or Facilities under study).
R3.2. Selection of applicable Contingencies.
R3.3. Level of detail of system models used to determine SOLs.
R3.4. Allowed uses of Special Protection Systems or Remedial Action Plans.
R3.5. Anticipated transmission system configuration, generation dispatch and Load level.
R3.6. Criteria for determining when violating a SOL qualifies as an Interconnection
Reliability Operating Limit (IROL) and criteria for developing any associated IROL
T
v
.
R4. The Planning Authority shall issue its SOL Methodology, and any change to that methodology,
to all of the following prior to the effectiveness of the change:
R4.1. Each adjacent Planning Authority and each Planning Authority that indicated it has a
reliability-related need for the methodology.
R4.2. Each Reliability Coordinator and Transmission Operator that operates any portion of
the Planning Authoritys Planning Authority Area.
R4.3. Each Transmission Planner that works in the Planning Authoritys Planning Authority
Area.
R5. If a recipient of the SOL Methodology provides documented technical comments on the
methodology, the Planning Authority shall provide a documented response to that recipient
within 45 calendar days of receipt of those comments. The response shall indicate whether a
change will be made to the SOL Methodology and, if no change will be made to that SOL
Methodology, the reason why. (Retirement approved by NERC BOT pending applicable

Page 3 of 9
C. Measures
M1. The Planning Authoritys SOL Methodology shall address all of the items listed in
Requirement 1 through Requirement 3.
M2. The Planning Authority shall have evidence it issued its SOL Methodology and any changes to
that methodology, including the date they were issued, in accordance with Requirement 4.
If the recipient of the SOL Methodology provides documented comments on its technical
review of that SOL methodology, the Planning Authority that distributed that SOL
Methodology shall have evidence that it provided a written response to that commenter within
45 calendar days of receipt of those comments in accordance with Requirement 5. (Retirement
D. Compliance
Regional Reliability Organization
Each Planning Authority shall self-certify its compliance to the Compliance Monitor at
least once every three years. New Planning Authorities shall demonstrate compliance
through an on-site audit conducted by the Compliance Monitor within the first year that it
commences operation. The Compliance Monitor shall also conduct an on-site audit once
every nine years and an investigation upon complaint to assess performance.
The Performance-Reset Period shall be twelve months from the last non-compliance.
1.3. Data Retention
The Planning Authority shall keep all superseded portions to its SOL Methodology for 12
months beyond the date of the change in that methodology and shall keep all documented
comments on its SOL Methodology and associated responses for three years. In addition,
entities found non-compliant shall keep information related to the non-compliance until
found compliant. (Deleted text retired-Retirement approved by NERC BOT pending
The Compliance Monitor shall keep the last audit and all subsequent compliance records.
The Planning Authority shall make the following available for inspection during an on-
site audit by the Compliance Monitor or within 15 business days of a request as part of an
investigation upon complaint:
1.4.1 SOL Methodology.
Documented comments provided by a recipient of the SOL Methodology on its
technical review of a SOL Methodology, and the associated responses.
1.4.2 Superseded portions of its SOL Methodology that had been made within the past
12 months.
1.4.3 Evidence that the SOL Methodology and any changes to the methodology that
occurred within the past 12 months were issued to all required entities.
2. Levels of Non-Compliance for Western Interconnection: (To be replaced with VSLs once
developed and approved by WECC)
Page 4 of 9
2.1. Level 1: There shall be a level one non-compliance if either of the following
conditions exists:
2.1.1 The SOL Methodology did not include a statement indicating that Facility
Ratings shall not be exceeded.
2.1.2 No evidence of responses to a recipients comments on the SOL Methodology.
2.2. Level 2: The SOL Methodology did not include a requirement to address all of the
elements in R2.1 through R2.3 and E1.
2.3. Level 3: There shall be a level three non-compliance if any of the following
conditions exists:
Ratings shall not be exceeded and the methodology did not include evaluation of
system response to one of the three types of single Contingencies identified in
R2.2.
system response to two of the seven types of multiple Contingencies identified in
E1.1.
2.3.3 The System Operating Limits Methodology did not include a statement
indicating that Facility Ratings shall not be exceeded and the methodology did
not address two of the six required topics in R3.
2.4. Level 4: The SOL Methodology was not issued to all required entities in accordance
with R4
Page 5 of 9

R1 Not applicable. The Planning Authority has a
documented SOL Methodology
for use in developing SOLs
within its Planning Authority
Area, but it does not address
R1.2
The Planning Authority has a
R1.3.
R1.1.
OR
The Planning Authority has no
Area.
R2

The Planning Authoritys SOL
Methodology requires that SOLs
are set to meet BES
performance following single and
multiple contingencies, but does
not address the pre-contingency
state (R2.1)
are set to meet BES
performance in the pre-
contingency state and following
single contingencies, but does
not address multiple
contingencies. (R2.5-R2.6)
are set to meet BES
contingency state and following
multiple contingencies, but does
not meet the performance for
response to single
contingencies. (R2.2 R2.4)
are set to meet BES
contingency state but does not
require that SOLs be set to meet
the BES performance specified
for response to single
contingencies (R2.2-R2.4) and
does not require that SOLs be
set to meet the BES
performance specified for
response to multiple
contingencies. (R2.5-R2.6)
R3

methodology for determining
SOLs that includes a description
for all but one of the following:
R3.1 through R3.6.
for all but two of the following:
R3.1 through R3.6.
for all but three of the following:
R3.1 through R3.6.
SOLs that is missing a
description of four or more of the
following: R3.1 through R3.6.
R4 One or both of the following:
The Planning Authority issued its
SOL Methodology and changes
One of the following:
The Planning Authority failed to
issue its SOL Methodology and
Page 6 of 9

to that methodology to all but
one of the required entities.
For a change in methodology,
the changed methodology was
provided up to 30 calendar days
after the effectiveness of the
change.
one of the required entities AND
for a change in methodology, the
changed methodology was
provided 30 calendar days or
more, but less than 60 calendar
days after the effectiveness of
the change.
OR
two of the required entities AND
change.

the change.
OR
the change.
OR
three of the required entities
AND for a change in
methodology, the changed
methodology was provided up to
30 calendar days after the
effectiveness of the change.

changes to that methodology to
more than three of the required
entities.
more after the effectiveness of
the change.
OR
the change.
OR
three of the required entities
AND for a change in
methodology was provided 30
calendar days or more, but less
than 60 calendar days after the
Page 7 of 9

four of the required entities AND
change.
R5
(Retirement
approved by NERC
BOT pending
applicable
regulatory
approval.)
The Planning Authority received
documented technical comments
on its SOL Methodology and
provided a complete response in
a time period that was longer
than 45 calendar days but less

a time period that was 60
calendar days or longer but less
calendar days or longer but less
OR
The Planning Authoritys
response to documented
technical comments on its SOL
Methodology indicated that a
change will not be made, but did
not include an explanation of
why the change will not be
made.
calendar days or longer.
OR
The Planning Authoritys
Methodology did not indicate
whether a change will be made
to the SOL Methodology.

Page 8 of 9

1. The following Interconnection-wide Regional Difference shall be applicable in the Western
Interconnection:
1.1. As governed by the requirements of R2.5 and R2.6, starting with all Facilities in service,
shall require the evaluation of the following multiple Facility Contingencies when
establishing SOLs:
1.1.1 Simultaneous permanent phase to ground Faults on different phases of each of
two adjacent transmission circuits on a multiple circuit tower, with Normal
Clearing. If multiple circuit towers are used only for station entrance and exit
purposes, and if they do not exceed five towers at each station, then this
condition is an acceptable risk and therefore can be excluded.
1.1.2 A permanent phase to ground Fault on any generator, transmission circuit,
transformer, or bus section with Delayed Fault Clearing except for bus
sectionalizing breakers or bus-tie breakers addressed in E1.1.7
1.1.3 Simultaneous permanent loss of both poles of a direct current bipolar Facility
without an alternating current Fault.
1.1.4 The failure of a circuit breaker associated with a Special Protection System to
operate when required following: the loss of any element without a Fault; or a
permanent phase to ground Fault, with Normal Clearing, on any transmission
circuit, transformer or bus section.
1.1.5 A non-three phase Fault with Normal Clearing on common mode Contingency of
two adjacent circuits on separate towers unless the event frequency is determined
to be less than one in thirty years.
1.1.6 A common mode outage of two generating units connected to the same
switchyard, not otherwise addressed by FAC-010.
1.1.7 The loss of multiple bus sections as a result of failure or delayed clearing of a bus
tie or bus sectionalizing breaker to clear a permanent Phase to Ground Fault.
1.2. SOLs shall be established such that for multiple Facility Contingencies in E1.1.1 through
E1.1.5 operation within the SOL shall provide system performance consistent with the
following:
1.2.1 All Facilities are operating within their applicable Post-Contingency thermal,
frequency and voltage limits.
1.2.2 Cascading does not occur.
1.2.3 Uncontrolled separation of the system does not occur.
1.2.4 The system demonstrates transient, dynamic and voltage stability.
1.2.5 Depending on system design and expected system impacts, the controlled
interruption of electric supply to customers (load shedding), the planned removal
from service of certain generators, and/or the curtailment of contracted firm (non-
recallable reserved) electric power transfers may be necessary to maintain the
overall security of the interconnected transmission systems.
1.2.6 Interruption of firm transfer, Load or system reconfiguration is permitted through
manual or automatic control or protection actions.
Page 9 of 9

1.2.7 To prepare for the next Contingency, system adjustments are permitted, including
changes to generation, Load and the transmission system topology when
determining limits.
following with respect to impacts on other systems:
1.4. The Western Interconnection may make changes (performance category adjustments) to
the Contingencies required to be studied and/or the required responses to Contingencies
for specific facilities based on actual system performance and robust design. Such
changes will apply in determining SOLs.
Version History
1 November 1,
2006
Adopted by Board of Trustees New
1 November 1,
2006
Fixed typo. Removed the word each from
the 1
st
sentence of section D.1.3, Data
Retention.
01/11/07
2 J une 24, 2008 Adopted by Board of Trustees; FERC Order
705
Revised
2 Changed the effective date to J uly 1, 2008
Changed Cascading Outage to
Cascading
Revised
2 J anuary 22,
2010
Updated effective date and footer to April
29, 2009 based on the March 20, 2009
FERC Order
Update
2.1 November 5,
2009
Adopted by the Board of Trustees errata
change Section E1.1 modified to reflect the
renumbering of requirements R2.4 and R2.5
from FAC-010-1 to R2.5 and R2.6 in FAC-
010-2.
Errata
2.1 April 19, 2010 FERC Approved errata change Section
E1.1 modified to reflect the renumbering of
requirements R2.4 and R2.5 from FAC-010-
1 to R2.5 and R2.6 in FAC-010-2.
Errata
2.1 February 7,
2013
R5 and associated elements approved by
approval.

Standard FAC-011-2 System Operating Limits Methodology for the Operations Horizon
Page 1 of 9
A. Introduction
1. Title: System Operating Limits Methodology for the Operations Horizon
3. Purpose: To ensure that System Operating Limits (SOLs) used in the reliable operation of
the Bulk Electric System (BES) are determined based on an established methodology or
methodologies.
4. Applicability
B. Requirements
R1. The Reliability Coordinator shall have a documented methodology for use in developing SOLs
(SOL Methodology) within its Reliability Coordinator Area. This SOL Methodology shall:
R1.1. Be applicable for developing SOLs used in the operations horizon.
R1.2. State that SOLs shall not exceed associated Facility Ratings.
R1.3. Include a description of how to identify the subset of SOLs that qualify as IROLs.
R2. The Reliability Coordinators SOL Methodology shall include a requirement that SOLs
provide BES performance consistent with the following:
R2.1. In the pre-contingency state, the BES shall demonstrate transient, dynamic and
voltage stability; all Facilities shall be within their Facility Ratings and within their
thermal, voltage and stability limits. In the determination of SOLs, the BES condition
used shall reflect current or expected system conditions and shall reflect changes to
system topology such as Facility outages.
R2.2. Following the single Contingencies
1
identified in Requirement 2.2.1 through
Requirement 2.2.3, the system shall demonstrate transient, dynamic and voltage
stability; all Facilities shall be operating within their Facility Ratings and within their
thermal, voltage and stability limits; and Cascading or uncontrolled separation shall
not occur.
R2.2.1. Single line to ground or 3-phase Fault (whichever is more severe), with
Normal Clearing, on any Faulted generator, line, transformer, or shunt
device.
R2.2.2. Loss of any generator, line, transformer, or shunt device without a Fault.
R2.2.3. Single pole block, with Normal Clearing, in a monopolar or bipolar high
voltage direct current system.
R2.3. In determining the systems response to a single Contingency, the following shall be
acceptable:
R2.3.1. Planned or controlled interruption of electric supply to radial customers or
some local network customers connected to or supplied by the Faulted
Facility or by the affected area.

1
The Contingencies identified in FAC-011 R2.2.1 through R2.2.3 are the minimum contingencies that must be
studied but are not necessarily the only Contingencies that should be studied.
Page 2 of 9
R2.3.2. Interruption of other network customers, (a) only if the system has already
been adjusted, or is being adjusted, following at least one prior outage, or
(b) if the real-time operating conditions are more adverse than anticipated in
the corresponding studies
R2.3.3. System reconfiguration through manual or automatic control or protection
actions.
R2.4. To prepare for the next Contingency, system adjustments may be made, including
changes to generation, uses of the transmission system, and the transmission system
topology.
R3. The Reliability Coordinators methodology for determining SOLs, shall include, as a
minimum, a description of the following, along with any reliability margins applied for each:
R3.1. Study model (must include at least the entire Reliability Coordinator Area as well as
the critical modeling details from other Reliability Coordinator Areas that would
impact the Facility or Facilities under study.)
R3.2. Selection of applicable Contingencies
R3.3. A process for determining which of the stability limits associated with the list of
multiple contingencies (provided by the Planning Authority in accordance with FAC-
014 Requirement 6) are applicable for use in the operating horizon given the actual or
expected system conditions.
R3.3.1. This process shall address the need to modify these limits, to modify the list
of limits, and to modify the list of associated multiple contingencies.
R3.4. Level of detail of system models used to determine SOLs.
R3.5. Allowed uses of Special Protection Systems or Remedial Action Plans.
R3.6. Anticipated transmission system configuration, generation dispatch and Load level
R3.7. Criteria for determining when violating a SOL qualifies as an Interconnection
Reliability Operating Limit (IROL) and criteria for developing any associated IROL
T
v
.
R4. The Reliability Coordinator shall issue its SOL Methodology and any changes to that
methodology, prior to the effectiveness of the Methodology or of a change to the Methodology,
to all of the following:
R4.1. Each adjacent Reliability Coordinator and each Reliability Coordinator that indicated
it has a reliability-related need for the methodology.
R4.2. Each Planning Authority and Transmission Planner that models any portion of the
Reliability Coordinators Reliability Coordinator Area.
R4.3. Each Transmission Operator that operates in the Reliability Coordinator Area.
R5. If a recipient of the SOL Methodology provides documented technical comments on the
methodology, the Reliability Coordinator shall provide a documented response to that recipient
within 45 calendar days of receipt of those comments. The response shall indicate whether a
change will be made to the SOL Methodology and, if no change will be made to that SOL
Methodology, the reason why. (Retirement approved by NERC BOT pending applicable

Page 3 of 9

C. Measures
M1. The Reliability Coordinators SOL Methodology shall address all of the items listed in
Requirement 1 through Requirement 3.
M2. The Reliability Coordinator shall have evidence it issued its SOL Methodology, and any
changes to that methodology, including the date they were issued, in accordance with
Requirement 4.
M3. If the recipient of the SOL Methodology provides documented comments on its technical
review of that SOL methodology, the Reliability Coordinator that distributed that SOL
Methodology shall have evidence that it provided a written response to that commenter within
45 calendar days of receipt of those comments in accordance with Requirement 5. (Retirement

D. Compliance
Each Reliability Coordinator shall self-certify its compliance to the Compliance Monitor
at least once every three years. New Reliability Authorities shall demonstrate
compliance through an on-site audit conducted by the Compliance Monitor within the
first year that it commences operation. The Compliance Monitor shall also conduct an on-
site audit once every nine years and an investigation upon complaint to assess
performance.
The Performance-Reset Period shall be twelve months from the last non-compliance.
1.3. Data Retention
The Reliability Coordinator shall keep all superseded portions to its SOL Methodology
for 12 months beyond the date of the change in that methodology and shall keep all
documented comments on its SOL Methodology and associated responses for three years.
In addition, entities found non-compliant shall keep information related to the non-
compliance until found compliant. (Deleted text retired-Retirement approved by NERC
BOT pending applicable regulatory approval.)
The Reliability Coordinator shall make the following available for inspection during an
on-site audit by the Compliance Monitor or within 15 business days of a request as part
of an investigation upon complaint:
1.4.1 SOL Methodology.
1.4.2 Documented comments provided by a recipient of the SOL Methodology on its
technical review of a SOL Methodology, and the associated responses.
Page 4 of 9

1.4.3 Superseded portions of its SOL Methodology that had been made within the past
12 months.
1.4.4 Evidence that the SOL Methodology and any changes to the methodology that
occurred within the past 12 months were issued to all required entities.
2. Levels of Non-Compliance for Western Interconnection: (To be replaced with VSLs once
developed and approved by WECC)
conditions exists:
Ratings shall not be exceeded.
2.1.2 No evidence of responses to a recipients comments on the SOL Methodology
2.2. Level 2: The SOL Methodology did not include a requirement to address all of the
elements in R3.1, R3.2, R3.4 through R3.7 and E1.
conditions exists:
system response to one of the three types of single Contingencies identified in
R2.2.
system response to two of the seven types of multiple Contingencies identified in
E1.1.
2.3.3 The System Operating Limits Methodology did not include a statement
indicating that Facility Ratings shall not be exceeded and the methodology did
not address two of the six required topics in R3.1, R3.2, R3.4 through R3.7.
2.4. Level 4: The SOL Methodology was not issued to all required entities in accordance
with R4.
Page 5 of 9
R1 Not applicable. The Reliability Coordinator has a
within its Reliability Coordinator
R1.2
The Reliability Coordinator has a
R1.3.
R1.1.
OR
The Reliability Coordinator has
no documented SOL
Methodology for use in
developing SOLs within its
Reliability Coordinator Area.
R2 The Reliability Coordinators
SOL Methodology requires that
SOLs are set to meet BES
performance following single
contingencies, but does not
require that SOLs are set to
meet BES performance in the
pre-contingency state. (R2.1)
Not applicable. The Reliability Coordinators
SOL Methodology requires that
SOLs are set to meet BES
contingency state, but does not
meet BES performance following
single contingencies. (R2.2
R2.4)
The Reliability Coordinators
SOL Methodology does not
meet BES performance in the
pre-contingency state and does
not require that SOLs are set to
meet BES performance following
single contingencies. (R2.1
through R2.4)
R3

for all but one of the following:
R3.1 through R3.7.
for all but two of the following:
R3.1 through R3.7.
for all but three of the following:
R3.1 through R3.7.
SOLs that is missing a
description of three or more of
the following: R3.1 through R3.7.
R4 One or both of the following:
issued its SOL Methodology and
all but one of the required
entities.
For a change in methodology,
the changed methodology was
entities AND for a change in
The Reliability Coordinator failed
to issue its SOL Methodology
and changes to that
methodology to more than three
of the required entities.
Page 6 of 9
change.
OR
all but two of the required entities
AND for a change in

OR
AND for a change in
OR
all but three of the required

calendar days or more after the
OR
AND for a change in
OR
all but three of the required
OR
all but four of the required
Page 7 of 9
R5
(Retirement
approved by NERC
BOT pending
applicable
regulatory
approval.)

received documented technical
comments on its SOL
Methodology and provided a
complete response in a time
period that was longer than 45
calendar days but less than 60
calendar days.

comments on its SOL
period that was 60 calendar days
or longer but less than 75
calendar days.
comments on its SOL
or longer but less than 90
calendar days.
OR
Methodology indicated that a
change will not be made, but did
not include an explanation of
why the change will not be
made.
comments on its SOL
or longer.
OR
Methodology did not indicate
whether a change will be made
to the SOL Methodology.
Page 8 of 9

Regional Differences
1. The following Interconnection-wide Regional Difference shall be applicable in the Western
Interconnection:
1.1. As governed by the requirements of R3.3, starting with all Facilities in service, shall
require the evaluation of the following multiple Facility Contingencies when establishing
SOLs:
1.1.1 Simultaneous permanent phase to ground Faults on different phases of each of
two adjacent transmission circuits on a multiple circuit tower, with Normal
Clearing. If multiple circuit towers are used only for station entrance and exit
purposes, and if they do not exceed five towers at each station, then this
condition is an acceptable risk and therefore can be excluded.
1.1.2 A permanent phase to ground Fault on any generator, transmission circuit,
transformer, or bus section with Delayed Fault Clearing except for bus
sectionalizing breakers or bus-tie breakers addressed in E1.1.7
1.1.3 Simultaneous permanent loss of both poles of a direct current bipolar Facility
without an alternating current Fault.
1.1.4 The failure of a circuit breaker associated with a Special Protection System to
operate when required following: the loss of any element without a Fault; or a
permanent phase to ground Fault, with Normal Clearing, on any transmission
circuit, transformer or bus section.
1.1.5 A non-three phase Fault with Normal Clearing on common mode Contingency of
two adjacent circuits on separate towers unless the event frequency is determined
to be less than one in thirty years.
1.1.6 A common mode outage of two generating units connected to the same
switchyard, not otherwise addressed by FAC-011.
1.1.7 The loss of multiple bus sections as a result of failure or delayed clearing of a bus
tie or bus sectionalizing breaker to clear a permanent Phase to Ground Fault.
following:
1.2.1 All Facilities are operating within their applicable Post-Contingency thermal,
frequency and voltage limits.
1.2.3 Uncontrolled separation of the system does not occur.
1.2.4 The system demonstrates transient, dynamic and voltage stability.
1.2.5 Depending on system design and expected system impacts, the controlled
interruption of electric supply to customers (load shedding), the planned removal
from service of certain generators, and/or the curtailment of contracted firm (non-
recallable reserved) electric power transfers may be necessary to maintain the
overall security of the interconnected transmission systems.
1.2.6 Interruption of firm transfer, Load or system reconfiguration is permitted through
manual or automatic control or protection actions.
Page 9 of 9
1.2.7 To prepare for the next Contingency, system adjustments are permitted, including
changes to generation, Load and the transmission system topology when
determining limits.
following with respect to impacts on other systems:
1.4. The Western Interconnection may make changes (performance category adjustments) to
the Contingencies required to be studied and/or the required responses to Contingencies
for specific facilities based on actual system performance and robust design. Such
changes will apply in determining SOLs.
Version History
1 November 1,
2006
2 Changed the effective date to October 1,
2008
Changed Cascading Outage to
Cascading
Corrected footnote 1 to reference FAC-011
rather than FAC-010
Revised
2 J une 24, 2008 Adopted by Board of Trustees: FERC Order
705
Revised
2 J anuary 22,
2010
FERC Order
Update
2 February 7,
2013
approval.

Standard FAC-013-2 Assessment of Transfer Capability for the Near-term
Transmission Planning Horizon
Page 1 of 9
A. Introduction
1. Title: Assessment of Transfer Capability for the Near-Term Transmission
Planning Horizon
3. Purpose: To ensure that Planning Coordinators have a methodology for, and
perform an annual assessment to identify potential future Transmission System
weaknesses and limiting Facilities that could impact the Bulk Electric Systems (BES)
ability to reliably transfer energy in the Near-Term Transmission Planning Horizon.
4. Applicability:
4.1. Planning Coordinators
5. Effective Date:
In those jurisdictions where regulatory approval is required, the latter of either the first
day of the first calendar quarter twelve months after applicable regulatory approval or
the first day of the first calendar quarter six months after MOD-001-1, MOD-028-1,
MOD-029-1, and MOD-030-2 are effective.
In those jurisdictions where no regulatory approval is required, the latter of either the
first day of the first calendar quarter twelve months after Board of Trustees adoption or
the first day of the first calendar quarter six months after MOD-001-1, MOD-028-1,
MOD-029-1 and MOD-030-2 are effective.
B. Requirements
R1. Each Planning Coordinator shall have a documented methodology it uses to perform an
annual assessment of Transfer Capability in the Near-Term Transmission Planning
Horizon (Transfer Capability methodology). The Transfer Capability methodology
shall include, at a minimum, the following information: [Violation Risk Factor:
Medium] [Time Horizon: Long-term Planning ]
1.1. Criteria for the selection of the transfers to be assessed.
1.2. A statement that the assessment shall respect known System Operating Limits
(SOLs).
1.3. A statement that the assumptions and criteria used to perform the assessment are
consistent with the Planning Coordinators planning practices.
1.4. A description of how each of the following assumptions and criteria used in
performing the assessment are addressed:
1.4.1. Generation dispatch, including but not limited to long term planned
outages, additions and retirements.
1.4.2. Transmission system topology, including but not limited to long term
planned Transmission outages, additions, and retirements.
1.4.3. System demand.
1.4.4. Current approved and projected Transmission uses.
Page 2 of 9
1.4.5. Parallel path (loop flow) adjustments.
1.4.6. Contingencies
1.4.7. Monitored Facilities.
1.5. A description of how simulations of transfers are performed through the
adjustment of generation, Load or both.
R2. Each Planning Coordinator shall issue its Transfer Capability methodology, and any
revisions to the Transfer Capability methodology, to the following entities subject to
the following: [Violation Risk Factor: Lower] [Time Horizon: Long-term Planning]
2.1. Distribute to the following prior to the effectiveness of such revisions:
2.1.1. Each Planning Coordinator adjacent to the Planning Coordinators
Planning Coordinator area or overlapping the Planning Coordinators area.
2.1.2. Each Transmission Planner within the Planning Coordinators Planning
Coordinator area.
2.2. Distribute to each functional entity that has a reliability-related need for the
Transfer Capability methodology and submits a request for that methodology
within 30 calendar days of receiving that written request.
R3. If a recipient of the Transfer Capability methodology provides documented concerns
with the methodology, the Planning Coordinator shall provide a documented response
to that recipient within 45 calendar days of receipt of those comments. The response
shall indicate whether a change will be made to the Transfer Capability methodology
and, if no change will be made to that Transfer Capability methodology, the reason
why. [Violation Risk Factor: Lower][Time Horizon: Long-term Planning]
R4. During each calendar year, each Planning Coordinator shall conduct simulations and
document an assessment based on those simulations in accordance with its Transfer
Capability methodology for at least one year in the Near-Term Transmission Planning
Horizon. [Violation Risk Factor: Medium] [Time Horizon: Long-term Planning]
R5. Each Planning Coordinator shall make the documented Transfer Capability assessment
results available within 45 calendar days of the completion of the assessment to the
recipients of its Transfer Capability methodology pursuant to Requirement R2, Parts
2.1 and Part 2.2. However, if a functional entity that has a reliability related need for
the results of the annual assessment of the Transfer Capabilities makes a written
request for such an assessment after the completion of the assessment, the Planning
Coordinator shall make the documented Transfer Capability assessment results
available to that entity within 45 calendar days of receipt of the request [Violation Risk
Factor: Lower] [Time Horizon: Long-term Planning]
R6. If a recipient of a documented Transfer Capability assessment requests data to support
the assessment results, the Planning Coordinator shall provide such data to that entity
within 45 calendar days of receipt of the request. The provision of such data shall be
subject to the legal and regulatory obligations of the Planning Coordinators area
Page 3 of 9
regarding the disclosure of confidential and/or sensitive information. [Violation Risk
Factor: Lower] [Time Horizon: Long-term Planning]
C. Measures
M1. Each Planning Coordinator shall have a Transfer Capability methodology that includes
the information specified in Requirement R1.
M2. Each Planning Coordinator shall have evidence such as dated e-mail or dated
transmittal letters that it provided the new or revised Transfer Capability methodology
in accordance with Requirement R2
Each Planning Coordinator shall have evidence, such as dated e-mail or dated
transmittal letters, that the Planning Coordinator provided a written response to that
commenter in accordance with Requirement R3. (Retirement approved by NERC BOT
M3. Each Planning Coordinator shall have evidence such as dated assessment results, that it
conducted and documented a Transfer Capability assessment in accordance with
Requirement R4.
M4. Each Planning Coordinator shall have evidence, such as dated copies of e-mails or
transmittal letters, that it made its documented Transfer Capability assessment
available to the entities in accordance with Requirement R5.
M5. Each Planning Coordinator shall have evidence, such as dated copies of e-mails or
transmittal letters, that it made its documented Transfer Capability assessment data
available in accordance with Requirement R6.
D. Compliance
Regional Entity
1.2. Data Retention
The Planning Coordinator shall keep data or evidence to show compliance as
The Planning Coordinator shall have its current Transfer Capability
methodology and any prior versions of the Transfer Capability methodology
that were in force since the last compliance audit to show compliance with
Requirement R1.
The Planning Coordinator shall retain evidence since its last compliance audit
to show compliance with Requirement R2.
The Planning Coordinator shall retain evidence to show compliance with
Requirements R3, R4, R5 and R6 for the most recent assessment. (R3 retired-
Retirement approved by NERC BOT pending applicable regulatory approval.)

Page 4 of 9
If a Planning Coordinator is found non-compliant, it shall keep information
related to the non-compliance until found compliant or for the time periods
specified above, whichever is longer.
1.3. Compliance Monitoring and Assessment Processes
Compliance Audits
Self-Certifications
Spot Checking
Self-Reporting
Complaints
None
Standard FAC-013-2 Assessment of Transfer Capability for the Near-term Transmission Planning Horizon

Page 5 of 9

R1
The Planning Coordinator
has a Transfer Capability
methodology but failed to
address one or two of the
items listed in Requirement
R1, Part 1.4.
The Planning Coordinator has a
Transfer Capability
methodology, but failed to
incorporate one of the following
Parts of Requirement R1 into
that methodology:
Part 1.1
Part 1.2
Part 1.3
Part 1.5
OR
Transfer Capability methodology
but failed to address three of the
items listed in Requirement R1,
Part 1.4.
Transfer Capability
incorporate two of the following
Parts of Requirement R1 into
that methodology:
Part 1.1
Part 1.2
Part 1.3
Part 1.5
OR
but failed to address four of the
items listed in Requirement R1,
Part 1.4.

The Planning Coordinator did
not have a Transfer Capability
methodology.
OR
Transfer Capability
incorporate three or more of the
following Parts of Requirement
R1 into that methodology:
Part 1.1
Part 1.2
Part 1.3
Part 1.5
OR
but failed to address more than
four of the items listed in

Page 6 of 9
R2
notified one or more of the
parties specified in
Requirement R2 of a new or
revised Transfer Capability
methodology after its
implementation, but not more
than 30 calendar days after its
implementation.
OR
provided the transfer
Capability methodology more
than 30 calendar days but not
more than 60 calendar days
after the receipt of a request.
methodology more than 30
calendar days after its
implementation, but not more
implementation.
OR
provided the Transfer
after receipt of a request
calendar days, but not more
implementation.
OR
after receipt of a request.
failed to notify one or more of
the parties specified in
implementation.
OR
than 120 calendar days after
receipt of a request.
R3
(Retirement
approved
by NERC
BOT
pending
applicable
regulatory
approval.)

provided a documented
response to a documented
concern with its Transfer
Capability methodology as
required in Requirement R3
more than 45 calendar days,
but not more than 60 calendar
days after receipt of the
concern.
concern.
concern.
failed to provide a documented
required in Requirement R3 by
after receipt of the concern.
OR
failed to respond to a
documented concern with its
Transfer Capability
methodology.

Page 7 of 9

R4 The Planning Coordinator
conducted a Transfer Capability
assessment outside the
calendar year, but not by more

calendar year, by more than 30
calendar days, but not by more
calendar year, by more than 60
calendar days, but not by more
The Planning Coordinator failed
to conduct a Transfer Capability
calendar year by more than 90
calendar days.
OR
to conduct a Transfer Capability
assessment.

Page 8 of 9

R5

made its documented Transfer
Capability assessment
available to one or more of the
recipients of its Transfer
requirements of R5,, but not
after completion of the
assessment.

made its Transfer Capability
assessment available to one or
more of the recipients of its
Transfer Capability
requirements of R5, but not
after completion of the
assessment.

made its Transfer Capability
assessment available to one or
more of the recipients of its
Transfer Capability
requirements of R5, but not
more than 90 days after
completion of the assessment.

failed to make its documented
Transfer Capability assessment
available to one or more of the
than 90 days after the
requirements of R5.
OR
failed to make its documented
Transfer Capability assessment
available to any of the
Capability methodology under
the requirements of R5.
provided the requested data as
after receipt of the request for
data, but not more than 60
calendar days after the receipt
of the request for data.
more than 90 after the receipt
OR
failed to provide the requested
data as required in
Requirement R6.
Page 9 of 9
None.
Version History
1 08/01/05 1. Changed incorrect use of certain
hyphens (-) to en dash ().
2. Lower cased the word draft and
drafting team where appropriate.
3. Changed Anticipated Action #5, page 1,
from 30-day to Thirty-day.
4. Added or removed periods.
01/20/05
2 01/24/11 Approved by BOT
2 11/17/11 FERC Order issued approving FAC-013-2
2 05/17/12 FERC Order issued directing the VRFs for
Requirements R1. and R4. be changed from
Lower to Medium.
FERC Order issued correcting the High and
Severe VSL language for R1.

2 02/7/13
approval.

Standard FAC-014-2 Establish and Communicate System Operating Limits
Adopted by Board of Trustees: June 24, 2008 Page 1 of 6
A. Introduction
1. Title: Establish and Communicate System Operating Limits
3. Purpose: To ensure that System Operating Limits (SOLs) used in the reliable planning and
operation of the Bulk Electric System (BES) are determined based on an established
methodology or methodologies.
4. Applicability
B. Requirements
R1. The Reliability Coordinator shall ensure that SOLs, including Interconnection Reliability
Operating Limits (IROLs), for its Reliability Coordinator Area are established and that the
SOLs (including Interconnection Reliability Operating Limits) are consistent with its SOL
Methodology.
R2. The Transmission Operator shall establish SOLs (as directed by its Reliability Coordinator) for
its portion of the Reliability Coordinator Area that are consistent with its Reliability
Coordinators SOL Methodology.
R3. The Planning Authority shall establish SOLs, including IROLs, for its Planning Authority Area
that are consistent with its SOL Methodology.
R4. The Transmission Planner shall establish SOLs, including IROLs, for its Transmission
Planning Area that are consistent with its Planning Authoritys SOL Methodology.
R5. The Reliability Coordinator, Planning Authority and Transmission Planner shall each provide
its SOLs and IROLs to those entities that have a reliability-related need for those limits and
provide a written request that includes a schedule for delivery of those limits as follows:
R5.1. The Reliability Coordinator shall provide its SOLs (including the subset of SOLs that
are IROLs) to adjacent Reliability Coordinators and Reliability Coordinators who
indicate a reliability-related need for those limits, and to the Transmission Operators,
Transmission Planners, Transmission Service Providers and Planning Authorities
within its Reliability Coordinator Area. For each IROL, the Reliability Coordinator
shall provide the following supporting information:
R5.1.1. Identification and status of the associated Facility (or group of Facilities)
that is (are) critical to the derivation of the IROL.
R5.1.2. The value of the IROL and its associated T
v
.
R5.1.3. The associated Contingency(ies).
R5.1.4. The type of limitation represented by the IROL (e.g., voltage collapse,
angular stability).
R5.2. The Transmission Operator shall provide any SOLs it developed to its Reliability
Coordinator and to the Transmission Service Providers that share its portion of the
R5.3. The Planning Authority shall provide its SOLs (including the subset of SOLs that are
IROLs) to adjacent Planning Authorities, and to Transmission Planners, Transmission
Service Providers, Transmission Operators and Reliability Coordinators that work
within its Planning Authority Area.
R5.4. The Transmission Planner shall provide its SOLs (including the subset of SOLs that
are IROLs) to its Planning Authority, Reliability Coordinators, Transmission
Operators, and Transmission Service Providers that work within its Transmission
Planning Area and to adjacent Transmission Planners.
R6. The Planning Authority shall identify the subset of multiple contingencies (if any), from
Reliability Standard TPL-003 which result in stability limits.
R6.1. The Planning Authority shall provide this list of multiple contingencies and the
associated stability limits to the Reliability Coordinators that monitor the facilities
associated with these contingencies and limits.
R6.2. If the Planning Authority does not identify any stability-related multiple
contingencies, the Planning Authority shall so notify the Reliability Coordinator.
C. Measures
M1. The Reliability Coordinator, Planning Authority, Transmission Operator, and Transmission
Planner shall each be able to demonstrate that it developed its SOLs (including the subset of
SOLs that are IROLs) consistent with the applicable SOL Methodology in accordance with
Requirements 1 through 4.
M2. The Reliability Coordinator, Planning Authority, Transmission Operator, and Transmission
Planner shall each have evidence that its SOLs (including the subset of SOLs that are IROLs)
were supplied in accordance with schedules supplied by the requestors of such SOLs as
specified in Requirement 5.
M3. The Planning Authority shall have evidence it identified a list of multiple contingencies (if any)
and their associated stability limits and provided the list and the limits to its Reliability
Coordinators in accordance with Requirement 6.
D. Compliance
The Reliability Coordinator, Planning Authority, Transmission Operator, and
Transmission Planner shall each verify compliance through self-certification submitted to
its Compliance Monitor annually. The Compliance Monitor may conduct a targeted audit
once in each calendar year (J anuary December) and an investigation upon a complaint
to assess performance.
The Performance-Reset Period shall be twelve months from the last finding of non-
compliance.
1.3. Data Retention
Transmission Planner shall each keep documentation for 12 months. In addition, entities
found non-compliant shall keep information related to non-compliance until found
compliant.
Transmission Planner shall each make the following available for inspection during a
targeted audit by the Compliance Monitor or within 15 business days of a request as part
of an investigation upon complaint:
1.4.1 SOL Methodology(ies)
1.4.2 SOLs, including the subset of SOLs that are IROLs and the IROLs supporting
information
1.4.3 Evidence that SOLs were distributed
1.4.4 Evidence that a list of stability-related multiple contingencies and their associated
limits were distributed
1.4.5 Distribution schedules provided by entities that requested SOLs
R1 There are SOLs, for the
Reliability Coordinator Area, but
from 1% up to but less than 25%
of these SOLs are inconsistent
with the Reliability Coordinators
SOL Methodology. (R1)
There are SOLs, for the
25% or more, but less than 50%
There are SOLs, for the
50% or more, but less than 75%
There are SOLs for the Reliability
Coordinator Area, but 75% or
more of these SOLs are
inconsistent with the Reliability
(R1)
R2 The Transmission Operator has
established SOLs for its portion
of the Reliability Coordinator
Area, but from 1% up to but less
than 25% of these SOLs are
(R2)
Area, but 25% or more, but less
(R2)
(R2)
Area, but 75% or more of these
SOLs are inconsistent with the
Reliability Coordinators SOL
Methodology. (R2)
R3 There are SOLs, for the Planning
Coordinator Area, but from 1% up
to, but less than, 25% of these
Planning Coordinators SOL
Methodology. (R3)
There are SOLs, for the Planning
more, but less than 50% of these
Methodology. (R3)
There are SOLs for the Planning
more, but less than 75% of these
Methodology. (R3)
There are SOLs, for the Planning
more of these SOLs are
inconsistent with the Planning
(R3)
R4 The Transmission Planner has
of the Planning Coordinator Area,
but up to 25% of these SOLs are
(R4)
The Transmission Planner has
but 25% or more, but less than
50% of these SOLs are
(R4)
(R4)
but 75% or more of these SOLs
are inconsistent with the Planning
(R4)
R5

The responsible entity provided
its SOLs (including the subset of
SOLs that are IROLs) to all the
meeting one or more of the
schedules by less than 15
SOLs that are IROLs) to all but
one of the requesting entities
within the schedules provided.
SOLs that are IROLs) to all but
two of the requesting entities
within the schedules provided.
provide its SOLs (including the
subset of SOLs that are IROLs)
to more than two of the
requesting entities within 45
calendar days. (R5)

(R5)
Or
its SOLs to all the requesting
entities but missed meeting one
or more of the schedules for 15
or more but less than 30 calendar
days. (R5)
OR
The supporting information
provided with the IROLs does not
address 5.1.4
(R5)
Or
its SOLs to all the requesting
entities but missed meeting one
or more of the schedules for 30
or more but less than 45 calendar
days. (R5)
OR
address 5.1.3
calendar days of the associated
schedules. (R5)
OR
address 5.1.1 and 5.1.2.

R6

The Planning Authority failed to
notify the Reliability Coordinator
in accordance with R6.2
Not applicable. The Planning Authority identified
the subset of multiple
contingencies which result in
stability limits but did not provide
the list of multiple contingencies
and associated limits to one
Reliability Coordinator that
monitors the Facilities associated
with these limits. (R6.1)

The Planning Authority did not
identify the subset of multiple
stability limits. (R6)
OR
The Planning Authority identified
the subset of multiple
stability limits but did not provide
the list of multiple contingencies
and associated limits to more
than one Reliability Coordinator
that monitors the Facilities
associated with these limits.
(R6.1)
None identified.
Version History
1 November 1,
2006
2 Changed the effective date to J anuary 1,
2009
Revised
2 J une 24, 2008 Adopted by Board of Trustees: FERC Order Revised
2 J anuary 22,
2010
FERC Order
Update

WECC Standard FAC-501-WECC-1 Transmission Maintenance
Adopted by Board of Trustees: October 29, 2008 1
A. Introduction
1. Title: Transmission Maintenance
2. Number: FAC-501-WECC-1
3. Purpose: To ensure the Transmission Owner of a transmission path identified in the table
titled Major WECC Transfer Paths in the Bulk Electric System including
associated facilities has a Transmission Maintenance and Inspection Plan (TMIP);
and performs and documents maintenance and inspection activities in accordance
with the TMIP.
4. Applicability
4.1. Transmission Owners that maintain the transmission paths in the most current table titled
Major WECC Transfer Paths in the Bulk Electric System provided at:
http://www.wecc.biz/Standards/Approved%20Standards/Supporting%20Tables/Table%20Ma
jor%20Paths%204-28-08.pdf
5. Effective Date: On the first day of the first quarter, after applicable regulatory approval.

B. Requirements
R.1. Transmission Owners shall have a TMIP detailing their inspection and maintenance
requirements that apply to all transmission facilities necessary for System Operating Limits
associated with each of the transmission paths identified in table titled Major WECC
Transfer Paths in the Bulk Electric System. [Violation Risk Factor: Medium] [Time
Horizon: Long-term Planning]
R1.1. Transmission Owners shall annually review their TMIP and update as required.
[Violation Risk Factor: Medium] [Time Horizon: Long-term Planning]
R.2. Transmission Owners shall include the maintenance categories in Attachment 1-FAC-501-
WECC-1 when developing their TMIP. [Violation Risk Factor: Medium] [Time Horizon:
R.3. Transmission Owners shall implement and follow their TMIP. [Violation Risk Factor:
Medium] [Time Horizon: Operations Assessment]

C. Measures
M1. Transmission Owners shall have a documented TMIP per R.1.
M1.1 Transmission Owners shall have evidence they have annually reviewed their TMIP
and updated as needed.
M2. Transmission Owners shall have evidence that their TMIP addresses the required maintenance
details of R.2.
M3. Transmission Owners shall have records that they implemented and followed their TMIP as
required in R.3. The records shall include:
1. The person or crew responsible for performing the work or inspection,
2. The date(s) the work or inspection was performed,
3. The transmission facility on which the work was performed, and
4. A description of the inspection or maintenance performed.

D. Compliance
Compliance Enforcement Authority

The Compliance Enforcement Authority may use one or more of the following methods
to assess compliance:
- Self-certification conducted annually
- Spot check audits conducted anytime with 30 days notice given to prepare
- Periodic audit as scheduled by the Compliance Enforcement Authority
- Investigations
- Other methods as provided for in the Compliance Monitoring Enforcement Program
The Reset Time Frame shall be one year.
1.3 Data Retention
The Transmission Owners shall keep evidence for Measure M1 through M3 for three
years plus the current year, or since the last audit, whichever is longer.
No additional compliance information.
2.1. Lower: There shall be a Lower Level of non-compliance if any of the following
conditions exist:
2.1.1 The TMIP does not include associated Facilities for one of the Paths identified in
Attachment 1 FAC-501-WECC-1 as required by R.1 but Transmission Owners are
performing maintenance and inspection for the missing Facilities.
2.1.2 Transmission Owners did not review their TMIP annually as required by R.1.1.
2.1.3 The TMIP does not include one maintenance category identified in Attachment 1
FAC-501-WECC-1 as required by R.2 but Transmission Owners are performing
maintenance and inspection for the missing maintenance categories.
2.1.4 Transmission Owners do not have maintenance and inspection records as required
by R.3 but have evidence that they are implementing and following their TMIP.
2.2. Moderate: There shall be a Moderate Level of non-compliance if any of the following
conditions exist:
2.2.1 The TMIP does not include associated Facilities for two of the Paths identified in
the most current Table titled Major WECC Transfer Paths in the Bulk Electric
System as required by R.1 and Transmission Owners are not performing
maintenance and inspection for the missing Facilities.
2.2.2 The TMIP does not include two maintenance categories identified in Attachment 1
2.2.3 Transmission Owners are not performing maintenance and inspection for one
maintenance category identified in Attachment 1 FAC-501-WECC-1 as required in
R3.
2.3. High: There shall be a High Level of non-compliance if any of the following
condition exists:
2.3.1 The TMIP does not include associated Facilities for three of the Paths identified in
the most current Table titled Major WECC Transfer Paths in the Bulk Electric
System as required by R.1 and Transmission Owners are not performing
2.3.2 The TMIP does not include three maintenance categories identified in Attachment 1
2.3.3 Transmission Owners are not performing maintenance and inspection for two
maintenance categories identified in Attachment 1 FAC-501-WECC-1 as required in
R3.
2.4. Severe: There shall be a Severe Level of non-compliance if any of the following
condition exists:
2.4.1 The TMIP does not include associated Facilities for more than three of the Paths
identified in the most current Table titled Major WECC Transfer Paths in the Bulk
Electric System as required by R.1 and Transmission Owners are not performing
2.4.2 The TMIP does not exist or does not include more than three maintenance categories
identified in Attachment 1 FAC-501-WECC-1 as required by R.2 but Transmission
Owners are performing maintenance and inspection for the missing maintenance
categories.
2.4.3 Transmission Owners are not performing maintenance and inspection for more
than two maintenance categories identified in Attachment 1 FAC-501-WECC-1 as
required in R3.

1 April 16, 2008 Permanent Replacement Standard for
PRC-STD-005-1

1 April 21, 2011 FERC Order issued approving FAC-
501-WECC-1 (approval effective June
27, 2011)


Attachment 1-FAC-501-WECC-1
Transmission Line and Station Maintenance Details

The maintenance practices in the TMIP may be performance-based, time-based, conditional
based, or a combination of all three. The TMIP shall include:
1. A list of Facilities and associated Elements necessary to maintain the SOL for the transfer
paths identified in the most current Table titled Major WECC Transfer Paths in the Bulk
Electric System;
2. The scheduled interval for any time-based maintenance activities and/or a description
supporting condition or performance-based maintenance activities including a description
of the condition based trigger;
3. Transmission Line Maintenance Details:
a. Patrol/Inspection
b. Contamination Control
c. Tower and wood pole structure management
4. Station Maintenance Details:
a. Inspections
b. Contamination Control
c. Equipment Maintenance for the following:
Circuit Breakers
Power Transformers (including phase-shifting transformers)
Regulators
Reactive Devices (including, but not limited to, Shunt Capacitors, Series
Capacitors, Synchronous Condensers, Shunt Reactors, and Tertiary
Reactors)

Standard INT-001-3 Interchange Information
Approved by Board of Trustees: October 9, 2007 Page 1 of 3
A. Introduction
1. Title: Interchange Information
2. Number: INT-001-3
3. Purpose:
To ensure that Interchange information is submitted to the NERC-identified reliability
analysis service.
4. Applicability:
4.1. Purchase-Selling Entities.
5. Effective Date: August 27, 2008 (U.S.)
NERC Board Approval: October 9, 2007
B. Requirements
R1. The Load-Serving, Purchasing-Selling Entity shall ensure that Arranged Interchange is
submitted to the Interchange Authority for:
R1.1. All Dynamic Schedules at the expected average MW profile for each hour.
R2. The Sink Balancing Authority shall ensure that Arranged Interchange is submitted to
the Interchange Authority:
R2.1. If a Purchasing-Selling Entity is not involved in the Interchange, such as
delivery from a jointly owned generator.
R2.2. For each bilateral Inadvertent Interchange payback.
C. Measures
M1. The Purchasing-Selling Entity that serves the load shall have and provide upon request
evidence that could include but is not limited to, its Interchange Transaction tags
operator logs, voice recordings or transcripts of voice recordings, electronic
communications, computer printouts or other equivalent evidence that will be used to
confirm that Arranged Interchange was submitted to the Interchange Authority for all
Dynamic Schedules at the expected average MW profile for each hour as specified in
Requirement 1.
M2. Each Sink Balancing Authority shall have and provide upon request evidence that
could include but is not limited to, Interchange Transaction tags operator logs, voice
recordings or transcripts of voice recordings, electronic communications, computer
printouts, or other equivalent evidence that will be used to confirm that Arranged
Interchange was submitted to the Interchange Authority as specified in Requirements
2.1 and 2.2.
D. Compliance
monitoring.
schedule.)
prepare.)
compliance.
1.3. Data Retention
The Purchasing-Selling Entity that serves load and Sink Balancing Authority shall
each keep 90 days of historical data (evidence).
None.
2. Levels of Non-Compliance for Sink Balancing Authorities:
2.1. Level 1: One instance of not submitting Arranged Interchange to the Interchange
Authority as specified in R2.1 and R2.2.
2.2. Level 2: Two instances of not submitting Arranged Interchange to the Interchange
Authority as specified in R2.1 and 2.2.
2.3. Level 3: Three instances of not submitting Arranged Interchange to the
Interchange Authority as specified in R2.1 and 2.2.
2.4. Level 4: Four or more instances of not submitting Arranged Interchange to the
Interchange Authority as specified in R2.1 and 2.2.
3. Levels of Non-Compliance for Purchasing-Selling Entities that Serve Load:
3.1. Level 1: One instance of not submitting Arranged Interchange to the Interchange
Authority as specified in R1.
3.2. Level 2: Two instances of not submitting Arranged Interchange to the Interchange
Authority as specified in R1.
3.3. Level 3: Three instances of not submitting Arranged Interchange to the
Interchange Authority as specified in R1.
3.4. Level 4: Four or more instances of not submitting Arranged Interchange to the
Interchange Authority as specified in R1.
1. MISO Energy Flow Information Waiver effective on J uly 16, 2003.

Version History
1 May 2, 2006 Adopted by Board of Trustees Revised
2 November 1,
2006
3 October 9,
2008
Adopted by Board of Trustees (Remove
WECC Waiver)
Revised
3 J uly 21, 2008 Regulatory Approval Revised

Standard INT-003-3 Interchange Transaction Implementation
1
A. Introduction
1. Title: Interchange Transaction Implementation
3. Purpose:
To ensure Balancing Authorities confirm Interchange Schedules with Adjacent Balancing
Authorities prior to implementing the schedules in their Area Control Error (ACE) equations.
4. Applicability
5. Effective Date: First day of first calendar quarter after applicable regulatory approval, or in
those jurisdictions where no regulatory approval is required, the first day of the first calendar
quarter after Board of Trustees adoption.
B. Requirements
R1. Each Receiving Balancing Authority shall confirm Interchange Schedules with the Sending
Balancing Authority prior to implementation in the Balancing Authoritys ACE equation.
(Violation Risk Factor: Medium)
R1.1. The Sending Balancing Authority and Receiving Balancing Authority shall agree on
Interchange as received from the Interchange Authority, including: (Violation Risk
Factor: Lower)
R1.1.1. Interchange Schedule start and end time. (Violation Risk Factor: Lower)
R1.1.2. Energy profile. (Violation Risk Factor: Lower)
R1.2. If a high voltage direct current (HVDC) tie is on the Scheduling Path, then the
Sending Balancing Authorities and Receiving Balancing Authorities shall coordinate
the Interchange Schedule with the Transmission Operator of the HVDC tie. (Violation
Risk Factor: Medium)
C. Measures
M1. Each Receiving and Sending Balancing Authority shall have and provide upon request
evidence that could include, but is not limited to, interchange transaction tags, operator logs,
voice recordings or transcripts of voice recordings, electronic communications, computer
printouts, or other equivalent evidence that will be used to confirm that each Interchange
Schedules start and end time, and energy profile were confirmed prior to implementation in
the Balancing Authoritys ACE equation. (Requirement R1, R1.1, R1.1.1 & R1.1.2)
M2. Each Receiving and Sending Balancing Authority shall have and provide upon request
evidence that could include, but is not limited to, interchange transaction tags, operator logs,
voice recordings or transcripts of voice recordings, electronic communications, computer
printouts, or other equivalent evidence that will be used to confirm that it coordinated the
Interchange Schedule with the Transmission Operator of the HVDC tie as specified in
Requirement 1.2.
D. Compliance
2
compliance.
1.3. Data Retention
Each Balancing Authority shall keep 90 days of historical data (evidence).

longer.
None.
3

R1 There shall be a separate Lower
VSL, if either of the following
conditions exists: One instance of
entering a schedule into its ACE
equation without confirming the
schedule as specified in R1, R1.1,
R1.1.1 and R1.1.2. One instance of
not coordinating the Interchange
Schedule with the Transmission
Operator of the HVDC tie as
specified in R1.2
There shall be a separate Moderate
conditions exists: Two instances of
R1.1.1 and R1.1.2. Two instances
of not coordinating the Interchange
specified in R1.2
There shall be a separate High
conditions exists: Three instances
of entering a schedule into its ACE
R1.1.1 and R1.1.2. Three instances
of not coordinating the Interchange
specified in R1.2
There shall be a separate Severe
conditions exists: Four or more
instances of entering a schedule
into its ACE equation without
confirming the schedule as
specified in R1, R1.1, R1.1.1 and
R1.1.2. Four or more instances of
not coordinating the Interchange
specified in R1.2
R1.1 The Balancing Authority
experienced one instance of
R1.1.1 and R1.1.2.
experienced two instances of
R1.1.1 and R1.1.2.
experienced three instances of
R1.1.1 and R1.1.2.
experienced four instances of
R1.1.1 and R1.1.2.
R1.1.1 The Balancing Authority
R1.1.1 and R1.1.2.
R1.1.1 and R1.1.2.
R1.1.1 and R1.1.2.
R1.1.1 and R1.1.2.
R1.1.2 The Balancing Authority
R1.1.1 and R1.1.2.
R1.1.1 and R1.1.2.
R1.1.1 and R1.1.2.
R1.1.1 and R1.1.2.
R1.2 The sending or receiving
Balancing Authority experienced
The sending or receiving
4
one instance of not coordinating
the Interchange Schedule with the
Transmission Operator of the
HVDC tie as specified in R1.2
two instances of not coordinating
three instances of not coordinating
four instances of not coordinating
5
MISO Energy Flow Information Waiver dated July 16, 2003.
Version History
1 May 2, 2006 Adopted by Board of Trustees Revised
3 November 5, 2009 Added approved VRFs and VSLs to document.
Removed MISO Scheduling Agent Waiver, and
MISO Enhanced Scheduling Agent Waiver
(Project 2009-18).
Revised

Standard INT-004-2 Dynamic Interchange Transaction Modifications
A. Introduction
1. Title: Dynamic Interchange Transaction Modifications
3. Purpose: To ensure Dynamic Transfers are adequately tagged to be able to
determine their reliability impacts.
4. Applicability
4.4. Purchasing-Selling Entities
5. Effective Date: August 27, 2008 (U.S.)
NERC Board Approval: October 9, 2007
B. Requirements
R1. At such time as the reliability event allows for the reloading of the transaction, the
entity that initiated the curtailment shall release the limit on the Interchange
Transaction tag to allow reloading the transaction and shall communicate the release of
the limit to the Sink Balancing Authority.
R2. The Purchasing-Selling Entity responsible for tagging a Dynamic Interchange Schedule
shall ensure the tag is updated for the next available scheduling hour and future hours
when any one of the following occurs:
R2.1. The average energy profile in an hour is greater than 250 MW and in that hour
the actual hourly integrated energy deviates from the hourly average energy
profile indicated on the tag by more than +10%.
R2.2. The average energy profile in an hour is less than or equal to 250 MW and in
that hour the actual hourly integrated energy deviates from the hourly average
energy profile indicated on the tag by more than +25 megawatt-hours.
R2.3. A Reliability Coordinator or Transmission Operator determines the deviation,
regardless of magnitude, to be a reliability concern and notifies the Purchasing-
Selling Entity of that determination and the reasons.
C. Measures
M1. The Sink Balancing Authority shall provide evidence that the responsible Purchasing-
Selling Entity revised a tag when the deviation exceeded the criteria in INT-004
Requirement 2.
D. Compliance
Periodic tag audit as prescribed by NERC. For the requested time period, the Sink
Balancing Authority shall provide the instances when Dynamic Schedule deviation
Standard INT-004-2 Dynamic Interchange Transaction Modifications
exceeded the criteria in INT-004 R2 and shall provide evidence that the responsible
Purchasing-Selling Entity submitted a revised tag.
One calendar year without a violation from the time of the violation.
1.3. Data Retention
Three months.
Not specified.
2.1. Level 1: Not specified.
1. None
Version History
1 May 2, 2006 Board of Trustees Approval Revised
2 October 9,
2007
Board of Trustees Approval (Removal
of WECC Waiver)
Revised
2 J uly 21, 2008 FERC Approval Revised

Standard INT-005-3 Interchange Authority Distributes Arranged Interchange
Adopted by NERC Board of Trustees: October 29, 2008 Page 1 of 6
Effective Date: J uly 1, 2010
A. Introduction
1. Title: Interchange Authority Distributes Arranged Interchange
3. Purpose: To ensure that the implementation of Interchange between Source and
Sink Balancing Authorities is distributed by an Interchange Authority such that
Interchange information is available for reliability assessments.
4. Applicability:
4.1. Interchange Authority.
5. Effective Date: J uly 1, 2010
B. Requirements
R1. Prior to the expiration of the time period defined in the timing requirements tables in this
standard, Column A, the Interchange Authority shall distribute the Arranged Interchange
information for reliability assessment to all reliability entities involved in the Interchange.
R1.1. When a Balancing Authority or Reliability Coordinator initiates a Curtailment to
Confirmed or Implemented Interchange for reliability, the Interchange Authority shall
distribute the Arranged Interchange information for reliability assessment only to the
Source Balancing Authority and the Sink Balancing Authority.
C. Measures
M1. For each Arranged Interchange, the Interchange Authority shall be able to provide evidence
that it has distributed the Arranged Interchange information to all reliability entities involved in
the Interchange within the applicable time frame.
D. Compliance
The Performance-Reset Period shall be twelve months from the last non-
compliance to Requirement 1.
1.3. Data Retention
The Interchange Authority shall keep 90 days of historical data. The Compliance
Monitor shall keep audit records for a minimum of three calendar years.
Each Interchange Authority shall demonstrate compliance to the Compliance
Monitor within the first year that this standard becomes effective or the first year
the entity commences operation by self-certification to the Compliance Monitor.
Subsequent to the initial compliance review, compliance may be:
1.4.1 Verified by audit at least once every three years.
1.4.2 Verified by spot checks in years between audits.
1.4.3 Verified by annual audits of noncompliant Interchange Authorities, until
compliance is demonstrated.
1.4.4 Verified at any time as the result of a specific complaint of failure to
perform R1. Complaints must be lodged within 60 days of the incident.
The Compliance Monitor will evaluate complaints.
Each Interchange Authority shall make the following available for inspection by
the Compliance Monitor upon request:
1.4.5 For compliance audits and spot checks, relevant data and system log
records for the audit period which indicate the Interchange Authoritys
distribution of all Arranged Interchange information to all reliability
entities involved in an Interchange. The Compliance Monitor may request
up to a three month period of historical data ending with the date the
request is received by the Interchange Authority.
1.4.6 For specific complaints, only those data and system log records associated
with the specific Interchange event contained in the complaint which
indicate that the Interchange Authority distributed the Arranged
Interchange information to all reliability entities involved in that specific
Interchange.
2.1. Level 1: One occurrence
1
2.2. Level 2: Two occurrences
1
of not distributing information to all involved
reliability entities as described in R1.
2.3. Level 3: Three occurrences
1
2.4. Level 4: Four or more occurrences
1
of not distributing information to all
involved reliability entities as described in R1 or no evidence provided.
None
Version History
1 May 2, 2006 Approved by BOT New
2 May 2, 2007 Approved by BOT Revised
3 April 8, 2010 Approved by FERC, Effective J uly 1,
2010

1
This does not include instances of not distributing information due to extenuating circumstances approved by the
Compliance Monitor.
Timing Requirements for all Interconnections except WECC

A B C D
If Arranged
Interchange (RFI)
2
IA Assigned
Time
Classification is Submitted
IA Makes Initial
Distribution of
Arranged Interchange
BA and TSP Conduct
Reliability Assessments
IA Compiles and
Distributes Status
BA Prepares
Confirmed Interchange
for Implementation
>1 hour after the RFI
start time

ATF < 1 minute from RFI
submission
Entities have up to 2 hours
to respond.
< 1 minute from receipt of
all Reliability Assessments
NA

<15 minutes prior to
ramp start and <1
hour after the RFI
start time
Late < 1 minute from RFI
submission
Entities have up to 10
minutes to respond.
< 3 minutes after receipt
of confirmed RFI
<1 hour and > 15
minutes prior to
ramp start
On-time < 1 minute from RFI
submission
< 10 minutes from
receipt from IA
> 3 minutes prior to
ramp start
>1 hour to < 4
hours prior to ramp
start
submission
< 20 minutes from
receipt from IA
ramp start
> 4 hours prior to
ramp start
submission
< 2 hours from Arranged
Interchange receipt from
IA
> 1 hour 58 minutes
prior to ramp start

2
Time Classifications and deadlines apply to both initial Arranged Interchange submittal and any subsequent modifications to the Arranged Interchange.
Ramp
Start
Interchange Timeline with Minimum
Reliability-Related Response Times
Request for
Interchange
Submitted
Example of Timing Requirements for all Interconnections except WECC

10:00 9:55 9:40
1 hour
before
ramp start
Late
Ramp
Start Time
2 hours
8:55 11:00
4 hours
before
ramp start
5:55
20 minutes 2 hours
On Time ATF
RFI submit time
relative to start
time
Time
Classification
Assessment
Interchange
Start Time
10 minutes
15
minutes
before
ramp start
Timing Requirements for WECC
A B C D
If Arranged Interchange
(RFI)
3
IA Assigned
Time
Classification
is Submitted
IA Makes Initial
Distribution of
Arranged
Interchange
BA and TSP Conduct

IA Compiles and
Distributes Status
BA Prepares Confirmed
Interchange for
Implementation
>1 hour after the start time ATF < 1minute from RFI
submission
Entities have up to 2 hours to
respond.
< 1minute from receipt of
NA
<10 minutes prior to ramp
start and <1 hour after the
start time
Late < 1minute from RFI
submission

Entities have up to 10 minutes
to respond.
of confirmed RFI
10 minutes prior to ramp
start
On-time < 1minute from RFI
submission
< 5 minutes from Arranged
Interchange receipt from IA
> 3 minutes prior to ramp
start
start
submission
start
start
submission
start
start
submission
start
start
submission
start
<1 hour and > 15 minutes
prior to ramp start
submission
start
> 1hour and < 4 hours prior
to ramp start
submission
interchange receipt from IA
start
> 4 hours prior to ramp
start
submission
> 1 hour 58 minutes prior
to ramp start
Submitted before 10:00 PPT
with start time > 00:00 PPT
of following day
submission
By 12:00 PPT of day the
Arranged Interchange was
received by the IA
to ramp start

3
Example of Timing Requirements for WECC

10:00 9:50
9:40
1 hour
before
ramp start
Late
Ramp
Start Time
2 hours
8:50 11:00
4 hours
before
ramp start
5:50
20 minutes 10 minutes 2 hours
On Time ATF
RFI submit time
relative to start
time
Time
Classification
Assessment*
Interchange
Start Time
9:35
10 minutes
Submittal &
Assessment
Times
9:35 - 10
9:36 - 9
9:37 - 8
9:38 - 7
9:39 - 6
9:40 - 5
*If submitted before 10:00 PPT with
start time >= 00:00 PPT of the
following day then assessment is
>= 2 hours and by 12:00 PPT

Standard INT-006-3 Response to Interchange Authority
Adopted by NERC Board of Trustee: October 29, 2008 Page 1 of 7
A. Introduction
1. Title: Response to Interchange Authority
3. Purpose: To ensure that each Arranged Interchange is checked for reliability before it is
implemented.
4. Applicability:
4.1. Balancing Authority.
4.2. Transmission Service Provider.
B. Requirements
R1. Prior to the expiration of the reliability assessment period defined in the timing requirements
tables in this standard, Column B, the Balancing Authority and Transmission Service Provider
shall respond to each On-time Request for Interchange (RFI), and to each Emergency RFI and
Reliability Adjustment RFI from an Interchange Authority to transition an Arranged
Interchange to a Confirmed Interchange.
1
R1.1. Each involved Balancing Authority shall evaluate the Arranged Interchange with
respect to:

R1.1.1. Energy profile (ability to support the magnitude of the Interchange).
R1.1.2. Ramp (ability of generation maneuverability to accommodate).
R1.1.3. Scheduling path (proper connectivity of Adjacent Balancing Authorities).
R1.2. Each involved Transmission Service Provider shall confirm that the transmission
service arrangements associated with the Arranged Interchange have adjacent
Transmission Service Provider connectivity, are valid and prevailing transmission
system limits will not be violated.
C. Measures
M1. The Balancing Authority and Transmission Service Provider shall each provide evidence that it
responded, relative to transitioning an Arranged Interchange to a Confirmed Interchange, to
each Ontime Request for Interchange (RFI), and to each Emergency RFI or Reliability
Adjustment RFI from an Interchange Authority within the reliability assessment period defined
in the Timing Table, Column B. The Balancing Authority and Transmission Service Provider
need not provide evidence that it responded to any other requests.
D. Compliance
The Performance-Reset Period shall be twelve months from the last non-compliance to
Requirement 1.

1
The Balancing Authority and Transmission Service Provider need not provide responses to any other requests.
1.3. Data Retention
The Balancing Authority and Transmission Service Provider shall each keep 90 days of
historical data. The Compliance Monitor shall keep audit records for a minimum of three
calendar years.
The Balancing Authority and Transmission Service Provider shall demonstrate
compliance to the Compliance Monitor within the first year that this standard becomes
effective or the first year the entity commences operation by self-certification to the
Compliance Monitor.
1.4.3 Verified by annual audits of non-compliant Interchange Authorities, until
1.4.4 Verified at any time as the result of a complaint. Complaints must be lodged
within 60 days of the incident. The Compliance Monitor will evaluate
complaints.
The Balancing Authority, and Transmission Service Provider shall make the
following available for inspection by the Compliance Monitor upon request:
1.4.5 For compliance audits and spot checks, relevant data and system log records and
agreements for the audit period which indicate a reliability entity identified in R1
responded to all instances of the Interchange Authoritys communication under
Reliability Standard INT-005 Requirement 1 concerning the pending transition of
an Arranged Interchange to Confirmed Interchange. The Compliance Monitor
may request up to a three month period of historical data ending with the date the
request is received by the Balancing Authority, or Transmission Service
Provider.
1.4.6 For specific complaints, agreements and those data and system log records
associated with the specific Interchange event contained in the complaint which
indicates a reliability entity identified in R1 has responded to the Interchange
Authoritys communication under INT-005 R1 concerning the pending transition
of Arranged Interchange to Confirmed Interchange for that specific Interchange.
2
1
of not responding to the Interchange Authority as
described in R1.
of not responding to the Interchange Authority as described
in R1.
1
described in R1.

2
This does not include instances of not responding due to extenuating circumstances approved by the Compliance
Monitor.
1
described in R1 or no evidence provided.
None.
Version History
2010


A B C D
If Arranged
Interchange (RFI)
3
IA Assigned
Time
IA Makes Initial
Distribution of
BA and TSP Conduct
IA Compiles and
Distributes Status
BA Prepares
for Implementation
start time

submission
to respond.
NA

ramp start and <1
hour after the RFI
start time
submission
minutes to respond.
of confirmed RFI
<1 hour and > 15
minutes prior to
ramp start
submission
< 10 minutes from
receipt from IA
ramp start
>1 hour to < 4
hours prior to ramp
start
submission
< 20 minutes from
receipt from IA
ramp start
> 4 hours prior to
ramp start
submission
IA
> 1 hour 58 minutes
prior to ramp start

3
Ramp
Start
Request for
Interchange
Submitted

10:00 9:55 9:40
1 hour
before
ramp start
Late
Ramp
Start Time
2 hours
8:55 11:00
4 hours
before
ramp start
5:55
20 minutes 2 hours
On Time ATF
RFI submit time
relative to start
time
Time
Classification
Assessment
Interchange
Start Time
10 minutes
15
minutes
before
ramp start
A B C D
(RFI)
4
IA Assigned
Time
Classification
is Submitted
IA Makes Initial
Distribution of
Arranged
Interchange
BA and TSP Conduct

IA Compiles and
Distributes Status
Interchange for
Implementation
submission
respond.
NA
start time
submission

to respond.
of confirmed RFI
start
submission
start
start
submission
start
start
submission
start
start
submission
start
start
submission
start
prior to ramp start
submission
start
to ramp start
submission
start
start
submission
to ramp start
of following day
submission
received by the IA
to ramp start

4

10:00 9:50
9:40
1 hour
before
ramp start
Late
Ramp
Start Time
2 hours
8:50 11:00
4 hours
before
ramp start
5:50
On Time ATF
RFI submit time
relative to start
time
Time
Classification
Assessment*
Interchange
Start Time
9:35
10 minutes
Submittal &
Assessment
Times
9:35 - 10
9:36 - 9
9:37 - 8
9:38 - 7
9:39 - 6
9:40 - 5

Standard INT-007-1 Interchange Confirmation
Page 1 of 3

A. Introduction
1. Title: Interchange Confirmation
3. Purpose: To ensure that each Arranged Interchange is checked for reliability before it is
implemented.
4. Applicability
B. Requirements
R1. The Interchange Authority shall verify that Arranged Interchange is balanced and valid prior to
transitioning Arranged Interchange to Confirmed Interchange by verifying the following:
R1.1. Source Balancing Authority megawatts equal sink Balancing Authority megawatts
(adjusted for losses, if appropriate).
R1.2. All reliability entities involved in the Arranged Interchange are currently in the NERC
registry. (Retirement approved by NERC BOT pending applicable regulatory
approval.)
R1.3. The following are defined:
R1.3.1. Generation source and load sink.
R1.3.2. Megawatt profile.
R1.3.3. Ramp start and stop times.
R1.3.4. Interchange duration.
R1.4. Each Balancing Authority and Transmission Service Provider that received the
Arranged Interchange information from the Interchange Authority for reliability
assessment has provided approval.
C. Measures
M1. For each Arranged Interchange, the Interchange Authority shall show evidence that it has
verified the Arranged Interchange information prior to the dissemination of the Confirmed
Interchange.
D. Compliance
The Performance-Reset Period shall be twelve months from the last noncompliance to
Requirement 1.
1.3. Data Retention
Page 2 of 3

Each Interchange Authority shall demonstrate compliance to the Compliance Monitor
within the first year that this standard becomes effective or the first year the entity
commences operation by self-certification to the Compliance Monitor.
within 60 days of the incident. Complaints will be evaluated by the Compliance
Monitor.
Each Interchange Authority shall make the following available for inspection by the
Compliance Monitor upon request:
1.4.5 For compliance audits and spot checks, relevant data and system log records for
the audit period which indicate an Interchange Authoritys verification that all
Arranged Interchange was balanced and valid as defined in R1. The Compliance
Monitor may request up to a three-month period of historical data ending with
the date the request is received by the Interchange Authority.
1.4.6 For specific complaints, only those data and system log records associated with
the specific Interchange event contained in the complaint which indicate an
Interchange Authoritys verification that an Arranged Interchange was balanced
and valid as defined in R1 for that specific Interchange
1
where Interchange-related data was not verified as defined
in R1.
2.2. Level 2: Two occurrences where Interchange-related data was not verified as defined
in R1.
2.3. Level 3: Three occurrences where Interchange-related data was not verified as
defined in R1.
2.4. Level 4: Four or more occurrences where Interchange-related data was not verified as
defined in R1.
None

1
This does not include instances of not verifying due to extenuating circumstances approved by the Compliance
Monitor.
Page 3 of 3

Version History
1 May 2, 2006 Adopted by the NERC Board of Trustees
1 March 16, 2007 FERC Approved
1 February 7,
2013
R1.2 and associated elements approved by
approval.

Standard INT-008-3 Interchange Authority Distributes Status
A. Introduction
1. Title: Interchange Authority Distributes Status
3. Purpose: To ensure that the implementation of Interchange between Source and
Sink Balancing Authorities is coordinated by an Interchange Authority.
4. Applicability:
B. Requirements
R1. Prior to the expiration of the time period defined in the Timing Table, Column C, the
Interchange Authority shall distribute to all Balancing Authorities (including Balancing
Authorities on both sides of a direct current tie), Transmission Service Providers and
Purchasing-Selling Entities involved in the Arranged Interchange whether or not the
Arranged Interchange has transitioned to a Confirmed Interchange.
R1.1. For Confirmed Interchange, the Interchange Authority shall also communicate:
R1.1.1. Start and stop times, ramps, and megawatt profile to Balancing
Authorities.
R1.1.2. Necessary Interchange information to NERC-identified reliability
analysis services.
C. Measures
M1. For each Arranged Interchange, the Interchange Authority shall provide evidence that it
has distributed the final status and Confirmed Interchange information specified in
Requirement 1 to all Balancing Authorities, Transmission Service Providers and
Purchasing-Selling Entities involved in the Arranged Interchange within the time
period defined in the Timing Table, Column C. If denied, the Interchange Authority
shall tell all involved parties that approval has been denied.
M1.1 For each Arranged Interchange that includes a direct current tie, the
Interchange Authority shall provide evidence that it has communicated the
final status to the Balancing Authorities on both sides of the direct current tie,
even if the Balancing Authorities are neither the Source nor Sink for the
Interchange.
D. Compliance
The Performance-Reset Period shall be twelve months from the last non-
compliance to R1.
1.3. Data Retention

Each Interchange Authority shall demonstrate compliance to the Compliance
Monitor within the first year that this standard becomes effective or the first year
the entity commences operation by self-certification to the Compliance Monitor.
Subsequent to the initial compliance review, compliance will be:
1.4.4 Verified at any time as the result of a complaint. Complaints must be
lodged within 60 days of the incident. Complaints will be evaluated by
Each Interchange Authority shall make the following available for inspection by
the Compliance Monitor upon request:
1.4.5 For compliance audits and spot checks, relevant data and system log
records for the audit period which indicate the Interchange Authoritys
distribution of all Arranged Interchange final status and Confirmed
Interchange information to all entities involved in an Interchange per R1.
The Compliance Monitor may request up to a three-month period of
historical data ending with the date the request is received by the
Interchange Authority
1.4.6 For specific complaints, only those data and system log records associated
with the specific Interchange event contained in the complaint which
indicate that the Interchange Authority distributed the Arranged
Interchange final status and Confirmed Interchange information to all
entities involved in that specific Interchange.
1
1
of not distributing final status and information as
described in R1.
described in R1.
1
described in R1.

1
This does not include instances of not distributing information due to extenuating circumstances approved by the
Compliance Monitor.

1
of not distributing final status and
information as described in R1 or no evidence provided.
None.
Version History
2010


A B C D
If Arranged
Interchange (RFI)
2
IA Assigned
Time
IA Makes Initial
Distribution of
BA and TSP Conduct
IA Compiles and
Distributes Status
BA Prepares
for Implementation
start time

submission
to respond.
NA

ramp start and <1
hour after the RFI
start time
submission
minutes to respond.
of confirmed RFI
<1 hour and > 15
minutes prior to
ramp start
submission
< 10 minutes from
receipt from IA
ramp start
>1 hour to < 4
hours prior to ramp
start
submission
< 20 minutes from
receipt from IA
ramp start
> 4 hours prior to
ramp start
submission
IA
> 1 hour 58 minutes
prior to ramp start

2
Ramp
Start
Request for
Interchange
Submitted

10:00 9:55 9:40
1 hour
before
ramp start
Late
Ramp
Start Time
2 hours
8:55 11:00
4 hours
before
ramp start
5:55
20 minutes 2 hours
On Time ATF
RFI submit time
relative to start
time
Time
Classification
Assessment
Interchange
Start Time
10 minutes
15
minutes
before
ramp start
A B C D
(RFI)
3
IA Assigned
Time
Classification
is Submitted
IA Makes Initial
Distribution of
Arranged
Interchange
BA and TSP Conduct

IA Compiles and
Distributes Status
Interchange for
Implementation
submission
respond.
NA
start time
submission

to respond.
of confirmed RFI
start
submission
start
start
submission
start
start
submission
start
start
submission
start
start
submission
start
prior to ramp start
submission
start
to ramp start
submission
start
start
submission
to ramp start
of following day
submission
received by the IA
to ramp start

3

10:00 9:50
9:40
1 hour
before
ramp start
Late
Ramp
Start Time
2 hours
8:50 11:00
4 hours
before
ramp start
5:50
On Time ATF
RFI submit time
relative to start
time
Time
Classification
Assessment*
Interchange
Start Time
9:35
10 minutes
Submittal &
Assessment
Times
9:35 - 10
9:36 - 9
9:37 - 8
9:38 - 7
9:39 - 6
9:40 - 5

Standard INT-009-1 Implementation of Interchange
Adopted by Board of Trustees: May 2, 2006 Page 1 of 2
A. Introduction
1. Title: Implementation of Interchange
3. Purpose: To ensure that the implementation of Interchange between Source and Sink
Balancing Authorities is coordinated by an Interchange Authority such that the Balancing
Authorities implement the Interchange exactly as agreed upon in the Interchange confirmation
process.
4. Applicability
B. Requirements
R1. The Balancing Authority shall implement Confirmed Interchange as received from the
Interchange Authority.
C. Measures
M1. The Balancing Authority shall provide evidence that Implemented Interchange matches
Confirmed Interchange as submitted by the Interchange Authority.
M2. Evidence shall demonstrate that the Interchange was implemented in the Balancing Authoritys
Area Control Error (ACE) equation, or the system that calculates the ACE equation. Evidence
may be on a net basis or an individual Interchange basis.
M3. Balancing Authorities that are interconnected with a direct current tie shall demonstrate that the
Interchange was implemented in the ACE equation or modeled as an equivalent generator/load
within its area.
D. Compliance
Requirement 1.
1.3. Data Retention
The Balancing Authority and Interchange Authority shall each keep 90 days of historical
data. The Compliance Monitor shall keep audit records for a minimum of three calendar
years.
Each Balancing Authority shall demonstrate compliance to the Compliance Monitor
within the first year that this standard becomes effective or the first year the entity
commences operation by self-certification to the Compliance Monitor.
Standard INT-009-1 Implementation of Interchange
1.4.3 Verified by annual audits of non-compliant Balancing Authorities, until
complaints.
The Balancing Authorities shall make the following available for inspection by the
Compliance Monitor upon request:
the audit period which indicate a Balancing Authority implemented all instances
of the Interchange Authoritys communication under R1 concerning the
implementation of a Confirmed Interchange. The Compliance Monitor may
request up to a three month period of historical data ending with the date the
request is received by the Balancing Authority
the specific Interchange event contained in the complaint which indicates a
Balancing Authority implemented the Interchange Authoritys communication
under R1 concerning the implementation of the Confirmed Interchange for that
specific Interchange.
1
of not implementing a Confirmed Interchange as described
in R1.
1
of not implementing a Confirmed Interchange as
described in R1.
1
described in R1.
1
described in R1 or no evidence provided.
None identified.
Version History

1
This does not include instances of not implementing due to extenuating circumstances approved by the
Compliance Monitor.

Standard INT-010-1 Interchange Coordination Exemptions
A. Introduction
1. Title: Interchange Coordination Exemptions
3. Purpose: Allow certain types of Interchange schedules to be initiated or modified by
reliability entities, and to be exempt from compliance with other Interchange Standards under
abnormal operating conditions.
4. Applicability
4.2. Reliability Coordinator.
B. Requirements
R1. The Balancing Authority that experiences a loss of resources covered by an energy sharing
agreement shall ensure that a request for an Arranged Interchange is submitted with a start time
no more than 60 minutes beyond the resource loss. If the use of the energy sharing agreement
does not exceed 60 minutes from the time of the resource loss, no request for Arranged
Interchange is required.
R2. For a modification to an existing Interchange schedule that is directed by a Reliability
Coordinator for current or imminent reliability-related reasons, the Reliability Coordinator
shall direct a Balancing Authority to submit the modified Arranged Interchange reflecting that
modification within 60 minutes of the initiation of the event.
R3. For a new Interchange schedule that is directed by a Reliability Coordinator for current or
imminent reliability-related reasons, the Reliability Coordinator shall direct a Balancing
Authority to submit an Arranged Interchange reflecting that Interchange schedule within 60
minutes of the initiation of the event.
C. Measures
M1. The Balancing Authority that uses its energy sharing agreement where the duration exceeds 60
minutes shall have evidence it submitted Arranged Interchange per Requirement 1.
M2. The Reliability Coordinator that directs a modification to an existing Interchange shall have
evidence that a directive was issued to submit the Arranged Interchange in accordance with
Requirement 2.
M3. The Reliability Coordinator that directs the initiation of a new Interchange shall have evidence
that a directive was issued to submit the Arranged Interchange in accordance with Requirement
3.
D. Compliance
R1, R2, or R3.
1.3. Data Retention
The Balancing Authority and Reliability Coordinator shall each keep 90 days of historical
data. The Compliance Monitor shall keep audit records for a minimum of three calendar
years.
Each Balancing Authority and Reliability Coordinator shall demonstrate compliance to
the Compliance Monitor within the first year that this standard becomes effective or the
first year the entity commences operation by self-certification to the Compliance
Monitor.
1.4.3 Verified by annual audits of non-compliant Balancing Authorities and Reliability
Coordinators, until compliance is demonstrated.
complaints.
The Balancing Authority and Reliability Coordinator shall make the following available
for inspection by the Compliance Monitor upon request:
the audit period which indicate a Balancing Authority or Reliability Coordinator
acted in compliance with INT-010. The Compliance Monitor may request up to a
three month period of historical data ending with the date the request is received
by the Balancing Authority
the specific Interchange event contained in the complaint which indicates a
Balancing Authority or Reliability Coordinator failed to act in compliance with
INT-010.
conditions is present:
2.1.1 One occurrence of not submitting an Arranged Interchange as described in R1.
2.1.2 One occurrence of not directing the submittal of a new or modified Arranged
Interchange as described in R2 or R3.
2.2. Level 2: There shall be a level two non-compliance if either of the following
2.2.1 Two occurrences of not submitting an Arranged Interchange as described in R1.
2.2.2 Two occurrences of not directing the submittal of a new or modified Arranged
2.3. Level 3: There shall be a level three non-compliance if either of the following
2.3.1 Three occurrences of not submitting an Arranged Interchange as described in R1.
2.3.2 Three occurrences of not directing the submittal of a new or modified Arranged
2.4.1 Four or more occurrences of not submitting an Arranged Interchange as
described in R1.
2.4.2 Four or more occurrences of not directing the submittal of a new or modified
Arranged Interchange as described in Requirements 2 or 3.
2.4.3 No evidence provided.
None identified.
Version History

Standard IRO-001-1.1 Reliability Coordination Responsibilities and Authorities
Page 1 of 5
A. Introduction
1. Title: Reliability Coordination Responsibilities and Authorities
2. Number: IRO-001-1.1
3. Purpose: Reliability Coordinators must have the authority, plans, and agreements in
place to immediately direct reliability entities within their Reliability Coordinator
Areas to re-dispatch generation, reconfigure transmission, or reduce load to mitigate
critical conditions to return the system to a reliable state. If a Reliability Coordinator
delegates tasks to others, the Reliability Coordinator retains its responsibilities for
complying with NERC and regional standards. Standards of conduct are necessary to
ensure the Reliability Coordinator does not act in a manner that favors one market
participant over another.
4. Applicability
4.2. Regional Reliability Organizations.
4.3. Transmission Operator.
4.6. Transmission Service Providers.
4.8. Purchasing-Selling Entities.
B. Requirements
R1. Each Regional Reliability Organization, subregion, or interregional coordinating group
shall establish one or more Reliability Coordinators to continuously assess
transmission reliability and coordinate emergency operations among the operating
entities within the region and across the regional boundaries.
R2. The Reliability Coordinator shall comply with a regional reliability plan approved by
the NERC Operating Committee.
R3. The Reliability Coordinator shall have clear decision-making authority to act and to
direct actions to be taken by Transmission Operators, Balancing Authorities, Generator
Operators, Transmission Service Providers, Load-Serving Entities, and Purchasing-
Selling Entities within its Reliability Coordinator Area to preserve the integrity and
reliability of the Bulk Electric System. These actions shall be taken without delay, but
no longer than 30 minutes.
R4. Reliability Coordinators that delegate tasks to other entities shall have formal operating
agreements with each entity to which tasks are delegated. The Reliability Coordinator
shall verify that all delegated tasks are understood, communicated, and addressed
within its Reliability Coordinator Area. All responsibilities for complying with NERC
and regional standards applicable to Reliability Coordinators shall remain with the
Page 2 of 5
R5. The Reliability Coordinator shall list within its reliability plan all entities to which the
Reliability Coordinator has delegated required tasks.
R6. The Reliability Coordinator shall verify that all delegated tasks are carried out by
NERC-certified Reliability Coordinator operating personnel.
R7. The Reliability Coordinator shall have clear, comprehensive coordination agreements
with adjacent Reliability Coordinators to ensure that System Operating Limit or
Interconnection Reliability Operating Limit violation mitigation requiring actions in
adjacent Reliability Coordinator Areas are coordinated.
R8. Transmission Operators, Balancing Authorities, Generator Operators, Transmission
Service Providers, Load-Serving Entities, and Purchasing-Selling Entities shall comply
with Reliability Coordinator directives unless such actions would violate safety,
equipment, or regulatory or statutory requirements. Under these circumstances, the
Transmission Operator, Balancing Authority, Generator Operator, Transmission
Service Provider, Load-Serving Entity, or Purchasing-Selling Entity shall immediately
inform the Reliability Coordinator of the inability to perform the directive so that the
Reliability Coordinator may implement alternate remedial actions.
R9. The Reliability Coordinator shall act in the interests of reliability for the overall
Reliability Coordinator Area and the Interconnection before the interests of any other
entity.
C. Measures
M1. Each Regional Reliability Organization shall have, and provide upon request, evidence
that could include, but is not limited to signed agreements or other equivalent evidence
that will be used to confirm that it established one or more Reliability Coordinators to
continuously assess transmission reliability and coordinate emergency operations
among the operating entities within the region and across the regional boundaries as
described in Requirement 1.
M2. Each Reliability Coordinator shall have and provide upon request evidence that could
include, but is not limited to, job descriptions, signed agreements, an authority letter
signed by an officer of the company, or other equivalent evidence that will be used to
confirm that the Reliability Coordinator has the authority to act as described in
Requirement 3.
M3. The Reliability Coordinator shall have and provide upon request current formal
operating agreements with entities that have been delegated any Reliability Coordinator
tasks (Requirement 4 Part 1).
M4. The Reliability Coordinator shall have and provide upon request evidence that could
include, but is not limited to, job descriptions, signed agreements, records of training
sessions, monitoring procedures or other equivalent evidence that will be used to
confirm that all delegated tasks are understood, communicated, and addressed within
its Reliability Coordinator Area (Requirement 4 Part 2 and Requirement 5).
include, but is not limited to, records that show each operating person assigned to
perform a Reliability Coordinator delegated task has a NERC Reliability Coordinator
certification credential, or equivalent evidence confirming that delegated tasks were
carried out by NERC certified Reliability Coordinator operating personnel, as specified
in Requirement 6.
Page 3 of 5
M6. The Reliability Coordinator shall have and provide upon request as evidence, signed
agreements with adjacent Reliability Coordinators that will be used to confirm that it
will coordinate corrective actions in the event SOL and IROL mitigation actions within
neighboring areas must be taken. (Requirement 7)
M7. Each Transmission Operator, Balancing Authority, Generator Operator, Transmission
Service Provider, Load-Serving Entity, or Purchasing-Selling Entity shall have and
provide upon request evidence that could include, but is not limited to, operator logs,
voice recordings or transcripts of voice recordings, or other equivalent evidence that
will be used to confirm that it did comply with the Reliability Coordinator's directives,
or if for safety, equipment, regulatory or statutory requirements it could not comply, it
informed the Reliability Coordinator immediately. (Requirement 8)
D. Compliance
NERC shall be responsible for compliance monitoring of the Regional Reliability
Organization.
monitoring of the Reliability Coordinators, Transmission Operators, Generator
Operators, Distribution Providers, and Load Serving Entities.
schedule.)
prepare.)
compliance.
1.3. Data Retention
Each Regional Reliability Organization shall have its current, in-force document
for Measure 1.
Each Reliability Coordinator shall have its current, in-force documents or the
latest copy of a record as evidence of compliance to Measures 2 through 6.
Each Transmission Operator, Generator Operator, Transmission Service
Provider, and Load Serving Entity shall keep 90 days of historical data (evidence)
for Measure 7.
Page 4 of 5
None.
2. Levels of Non-Compliance: for a Regional Reliability Organization:
2.4. Level 4: Does not have evidence it established one or more Reliability
Coordinators to continuously assess transmission reliability and coordinate
emergency operations among the operating entities within the region and across
the regional boundaries as described in Requirement 1.
3. Levels of Non-Compliance for a Reliability Coordinator:
3.4. Level 4: There shall be a separate Level 4 non-compliance for every one of the
3.4.1 Does not have the authority to act as described in R3.
3.4.2 Does not have formal operating agreements with entities that have been
delegated any Reliability Coordinator tasks, as specified in R4, Part 1.
3.4.3 Did not confirm that all delegated tasks are understood, communicated,
and addressed within its Reliability Coordinator Area and that they are
being performed in a manner that complies with NERC and regional
standards for the delegated tasks as per R4, Part 2.
3.4.4 Did not verify that delegated tasks are being carried out by NERC
Reliability Coordinator certified staff as specified in R6.
3.4.5 Does not have agreements with adjacent Reliability Coordinators that
confirm that they will coordinate corrective actions in the event SOL and
IROL mitigation actions must be taken (R7).
4. Levels of Non-Compliance for a Transmission Operator, Balancing Authority,
Generator Operator, Transmission Service Provider, Load-Serving Entity, or
Purchasing-Selling Entity:
Page 5 of 5
4.4. Level 4: There shall be a separate Level 4 non-compliance for every one of the
4.4.1 Did not comply with a Reliability Coordinator directive for reasons other
than safety, equipment, or regulatory or statutory requirements. (R8)
4.4.2 Did not inform the Reliability Coordinator immediately after it was
determined that it could not follow a Reliability Coordinator directive.
(R8)
None identified.
Version History
Date
Errata
1 November 1,
2006
1 November 19,
2006
Changes Distribution Provider to
Transmission Service Provider
Errata
1.1 October 29,
2008
Removed Proposed from effective
date;
BOT adopted errata changes;
updated version number to 1.1
Errata
1.1 May 13, 2009 FERC Approved Revised

Standard IRO-001-3 Reliability Coordination Responsibilities and Authorities
Page 1 of 5
A. Introduction
1. Title: Reliability Coordination Responsibilities and Authorities
2. Number: IRO-001-3
3. Purpose: To establish the authority of Reliability Coordinators to direct other
entities to prevent an Emergency or Adverse Reliability Impacts to the Bulk Electric
System.
4. Applicability
5. Effective Date: The first day of the second calendar quarter beyond the date that this
standard is approved by applicable regulatory authorities, or in those jurisdictions
B. Requirements
R1. Each Reliability Coordinator shall have the authority to act or direct others to act (which
could include issuing Reliability Directives) to prevent identified events or mitigate the
magnitude or duration of actual events that result in an Emergency or Adverse
Reliability Impact. [Violation Risk Factor: High][Time Horizon: Real-time
Operations, Same Day Operations and Operations Planning]
R2. Each Transmission Operator, Balancing Authority, Generator Operator, and Distribution
Provider shall comply with its Reliability Coordinators direction unless compliance
with the direction cannot be physically implemented or unless such actions would
violate safety, equipment, regulatory, or statutory requirements. [Violation Risk
Factor: High] [Time Horizon: Real-time Operations, Same Day Operations and
R3. Each Transmission Operator, Balancing Authority, Generator Operator, and Distribution
Provider shall inform its Reliability Coordinator upon recognition of its inability to
perform as directed in accordance with Requirement R2. [Violation Risk Factor:
High] [Time Horizon: Real-time Operations, Same Day Operations and Operations
Planning]
C. Measures
M1. Each Reliability Coordinator shall have and provide evidence which may include, but is
not limited to dated operator logs, dated records, dated and time-stamped voice
recordings or dated transcripts of voice recordings, electronic communications, or
equivalent documentation, that will be used to determine that it had the authority to take
Page 2 of 5
action or direct action, which could have included issuing Reliability Directives, to
prevent identified events or mitigate the magnitude or duration of actual events that
resulted in an Emergency or Adverse Reliability Impact within its Reliability
Coordinator Area. (R1.)
M2. Each Transmission Operator, Balancing Authority, Generator Operator, and
Distribution Provider shall have and provide evidence which may include, but is not
limited to dated operator logs, dated records, dated and time-stamped voice recordings
or dated transcripts of voice recordings, electronic communications, or equivalent
documentation, that will be used to determine that it complied with its Reliability
Coordinator's direction, unless the direction could not be physically implemented, or
such actions would have violated safety, equipment, regulatory or statutory
requirements. In such cases, the Transmission Operator, Balancing Authority,
Generator Operator, or Distribution Provider shall have and provide copies of the
safety, equipment, regulatory, or statutory requirements as evidence for not complying
with the Reliability Coordinators direction. (R2.)
M3. Each Transmission Operator, Balancing Authority, Generator Operator, and
Distribution Provider shall have and provide evidence which may include, but is not
limited to dated operator logs, dated records, dated and time-stamped voice recordings
or dated transcripts of voice recordings, electronic communications, or equivalent
documentation, that will be used to determine that it informed the Reliability
Coordinator of its inability to perform as directed in accordance with Requirement R2.
(R3.)
D. Compliance
Compliance Audit
Self-Certification
Spot Checking
Self-Reporting
Complaint
1.3. Data Retention
Page 3 of 5
the last audit.
The Reliability Coordinator, Transmission Operator, Balancing Authority,
Generator Operator, and Distribution Provider shall keep data or evidence to show
investigation:
The Reliability Coordinator for Requirement R1, Measure M1shall retain
voice recordings for the most recent 90 calendar days or documentation for
the most recent 12 calendar months.
The Transmission Operator, Balancing Authority, Generator Operator, and
Distribution Provider for Requirements R2 and R3, Measures M2 and M3
shall retain voice recordings for the most recent 90 calendar days or
documentation for the most recent 12 calendar months.
If a Reliability Coordinator, Transmission Operator, Balancing Authority,
Generator Operator, or Distribution Provider is found non-compliant, it shall keep
information related to the non-compliance until mitigation is complete and
None.
Page 4 of 5
R1 N/A N/A N/A
take action or direct actions, to prevent
an identified event that resulted in an
Emergency or Adverse Reliability
Impact.
OR
The Reliability Coordinator failed to take
action or direct actions to mitigate the
magnitude or duration of an event that
resulted in an Emergency or Adverse
Reliability Impact.
R2 N/A N/A N/A
The Transmission Operator, Balancing
Authority, Generator Operator, and
Distribution Provider did not comply with
the Reliability Coordinators direction,
and compliance with the direction could
have been physically implemented and
such actions would not have violated
safety, equipment, regulatory, or
statutory requirements.
R3 N/A N/A N/A
The Transmission Operator, Balancing
Authority, Generator Operator, and
Distribution Provider failed to inform its
Reliability Coordinator upon recognition
of its inability to perform as directed.

Page 5 of 5
None identified.
Version History
Date
Errata
1 November 1,
2006
1 April 4, 2007 Approved by FERC Effective Date New
1 May 19, 2011 Replaced Levels of Noncompliance with
FERC-approved VSLs
VSL Order
2 To be
determined
Retired Requirement R7 to eliminate
redundancy with IRO-014-2,
Requirement R1.
Project 2006-06
3 TBD Revised in accordance with SAR for
Project 2006-06, Reliability
Coordination (RC SDT). Revised the
standard and retired six requirements
(R1, R2, R4, R5, R6, and R9).
Requirement R3 becomes the new R1
and R8 becomes the new R2 and R3.
Project 2006-06
3 August 16,
2012

Standard IRO-002-2 Reliability Coordination Facilities
Page 1 of 8
A. Introduction
1. Title: Reliability Coordination Facilities
2. Number: IRO 002-2
3. Purpose: Reliability Coordinators need information, tools and other capabilities to
perform their responsibilities.
4. Applicability
5. Proposed Effective Date:
In those jurisdictions where no regulatory approval is required, the standard shall
become effective on the latter of either April 1, 2009 or the first day of the first
calendar quarter, three months after Board of Trustee adoption.
In those jurisdictions where regulatory approval is required, the standard shall become
effective on the latter of either April 1, 2009 or the first day of the first calendar
quarter, three months after applicable regulatory approval.
B. Requirements
R1. Each Reliability Coordinator shall have adequate communications facilities (voice and data
links) to appropriate entities within its Reliability Coordinator Area. These communications
facilities shall be staffed and available to act in addressing a real-time emergency condition.
R2. Each Reliability Coordinator or its Transmission Operators and Balancing Authorities
shall provide, or arrange provisions for, data exchange to other Reliability Coordinators or
Transmission Operators and Balancing Authorities via a secure network.
R3. Each Reliability Coordinator shall have multi-directional communications capabilities with its
Transmission Operators and Balancing Authorities, and with neighboring Reliability
Coordinators, for both voice and data exchange as required to meet reliability needs of the
Interconnection.
R4. Each Reliability Coordinator shall have detailed real-time monitoring capability of its
Reliability Coordinator Area and sufficient monitoring capability of its surrounding Reliability
Coordinator Areas to ensure that potential or actual System Operating Limit or Interconnection
Reliability Operating Limit violations are identified. Each Reliability Coordinator shall have
monitoring systems that provide information that can be easily understood and interpreted by
the Reliability Coordinators operating personnel, giving particular emphasis to alarm
management and awareness systems, automated data transfers, and synchronized information
systems, over a redundant and highly reliable infrastructure.
R5. Each Reliability Coordinator shall monitor Bulk Electric System elements (generators,
transmission lines, buses, transformers, breakers, etc.) that could result in SOL or IROL
violations within its Reliability Coordinator Area. Each Reliability Coordinator shall monitor
both real and reactive power system flows, and operating reserves, and the status of Bulk
Electric System elements that are or could be critical to SOLs and IROLs and system
restoration requirements within its Reliability Coordinator Area.
R6. Each Reliability Coordinator shall have adequate analysis tools such as state estimation, pre-
and post-contingency analysis capabilities (thermal, stability, and voltage), and wide-area
overview displays.
Page 2 of 8
R7. Each Reliability Coordinator shall continuously monitor its Reliability Coordinator Area. Each
Reliability Coordinator shall have provisions for backup facilities that shall be exercised if the
main monitoring system is unavailable. Each Reliability Coordinator shall ensure SOL and
IROL monitoring and derivations continue if the main monitoring system is unavailable.
R8. Each Reliability Coordinator shall control its Reliability Coordinator analysis tools, including
approvals for planned maintenance. Each Reliability Coordinator shall have procedures in
place to mitigate the effects of analysis tool outages.
C. Measures
M1. Each Reliability Coordinator shall have and provide upon request evidence that could include,
but is not limited to, a document that lists its voice communications facilities with
Transmission Operators, Balancing Authorities and Generator Operators within its Reliability
Coordinator Area and with neighboring Reliability Coordinators, that will be used to confirm
that it has communication facilities in accordance with Requirements 1 and 3.
but is not limited to, a data-link facility description document, computer print-out, training-
document, or other equivalent evidence that will be used to confirm that it has data links with
entities within its Reliability Coordinator Area and with neighboring Reliability Coordinators,
as specified in Requirements 1 and 3.
but is not limited to, Energy Management System description documents, computer printouts,
SCADA data collection system communications performance or equivalent evidence to
demonstrate that it has real-time monitoring capability of its Reliability Coordinator Area and
monitoring capability of its surrounding Reliability Coordinator Areas to identify potential or
actual System Operating Limit or Interconnection Reliability Operating Limit violations.
but is not limited to, documentation from suppliers, operating and planning staff training
documents, examples of studies, or other equivalent evidence to show that it has analysis tools
in accordance with Requirement 6.
M5. Each Reliability Coordinator shall provide evidence such as equipment specifications,
operating procedures, staff records of their involvement in training, or other equivalent
evidence to show that it has a backup monitoring facility that can be used to identify and
monitor SOLs and IROLs. (Requirement 7)
but is not limited to, a documented procedure or equivalent evidence that will be used to
confirm that the Reliability Coordinator has the authority to veto planned outages to analysis
tools, including final approvals for planned maintenance as specified in Requirement 8 Part 1.
M7. Each Reliability Coordinator shall have and provide upon request its current procedures used to
mitigate the effects of analysis tool outages as specified in Requirement 8 Part 2.
D. Compliance
Regional Reliability Organizations shall be responsible for compliance.
Monitoring.
Page 3 of 8
schedule.)
prepare.)
compliance.
1.3. Data Retention
Each Reliability Coordinator shall have current in-force documents used to show
compliance with Measures 1 through 7.
None.
Page 4 of 8
R1 The Reliability Coordinator
has demonstrated
communication facilities for
both voice and data exist to
all appropriate entities and
that they are staffed and
available but they are less
than adequate.
has failed to demonstrate that
is has:
1) Voice communication
links with one appropriate
entity or
2) Data links with one
appropriate entity.
is has:
links with two appropriate
entities or
2) Data links with two
appropriate entities.
is has:
links with more than two
appropriate entities or
2) Data links with more than
two appropriate entities or
3) Communication facilities
are not staffed or
4) Communication facilities
are not ready.
R2 N/A The Reliability Coordinator
or designated Transmission
demonstrate it provided or
arranged provision for the
exchange of data with one of
the other Reliability
Coordinators or Transmission
Operators and Balancing
Authorities.
exchange of data with two of
the other Reliability
Authorities.
exchange of data with three
of the other Reliability
Authorities.
has failed to demonstrate
multi-directional
communication capabilities to
one of the Transmission
Authorities in its Reliability
Coordinator Area and with
Coordinators.
multi-directional
two or more of the
Transmission Operators and
Balancing Authorities in its
and with neighboring
multi-directional
all of the Transmission
Coordinator Area and with all
Coordinators.
Page 5 of 8
R4 The Reliability Coordinator's
monitoring systems provide
information in a way that is
not easily understood and
interpreted by the Reliability
Coordinator's operating
personnel or particular
emphasis was not given to
alarm management and
awareness systems,
automated data transfers and
synchronized information
systems.
is has detailed real-time
monitoring capabilities in its
and sufficient monitoring
capabilities of its surrounding
Reliability Coordinator Areas
to ensure that one potential or
actual SOL or IROL violation
is not identified.
to ensure that two or more
potential and actual SOL and
IROL violations are not
identified.
to ensure that all potential and
actual SOL and IROL
violations are identified.
failed to monitor:
1) the status, real power flow
or reactive power flow of
Bulk Electric System
elements that could result in
one SOL violations or
2) or operating reserves for a
small portion of the
Reliability Authority Area.
failed to monitor:
elements critical to assessing
one IROL or to system
restoration,
multiple SOL violations, or
3) operating reserves.
failed to monitor:
two or more IROLs; or one
IROL and to system
restoration,
multiple SOL violations and
operating reserves, or
one IROL or system
restoration and operating
reserves.
failed to monitor:
all IROLs and to system
restoration, or
all SOL violations and
operating reserves.
Page 6 of 8
failed to demonstrate that it
has:
1) analysis tools capable of
assessing all pre-contingency
flows,
assessing all post-
contingency flows, or
3) all necessary wide-area
overview displays exist.
has:
assessing the majority of pre-
contingency flows,
assessing the majority of
post-contingency flows, or
3) the majority of necessary
wide-area overview displays
exist.
has:
assessing a minority of pre-
contingency flows,
assessing a minority of post-
3) a minority of necessary
wide-area overview displays
exist.
has:
assessing any pre-
contingency flows,
assessing any post-
3) any necessary wide-area
overview displays exist.
failed to demonstrate that:
1) it or a delegated entity
monitored SOLs when the
main monitoring system was
unavailable or
2) it has provisions to monitor
SOLs when the main
monitoring system is not
available.
monitored one IROL when
the main monitoring system
was unavailable or
one IROL when the main
monitoring system is not
available.
monitored two or more
IROLs when the main
monitoring system was
unavailable,
monitored SOLs and one
IROL when the main
monitoring system was
unavailable
two or more IROLs when the
main monitoring system is
not available, or
SOLs and one IROL when
the main monitoring system
was unavailable.
R9. The Reliability
demonstrate that it
continuously
monitored its
Reliability Authority
Area.
Page 7 of 8
R8 Reliability Coordinator has
approval rights for planned
maintenance outages of
analysis tools but does not
have approval rights for work
on analysis tools that creates
a greater risk of an unplanned
outage of the tools.
Reliability Coordinator has
maintenance but does not
have plans to mitigate the
effects of outages of the
analysis tools.
Reliability Coordinator has
maintenance but does not
have plans to mitigate the
effects of outages of the
analysis tools and does not
have approval rights for work
on analysis tools that creates
a greater risk of an unplanned
outage of the tools.
approval is not required for
planned maintenance.

Page 8 of 8
None identified.
Version History
Date
Errata
1 November 1,
2006
2 Deleted R2, M3 and associated
compliance elements
Replaced Levels of Non-compliance
with the Feb 28, BOT approved
Violation Severity Levels (VSLs)
Revised
2 October 17,
2008
2 March 17,
2011
Order issued by FERC approving IRO-

Standard IRO-002-3 Reliability Coordination Analysis Tools
Adopted by NERC Board of Trustees: August 4, 2011 1 of 3
A. Introduction
1. Title: Reliability Coordination Analysis Tools
3. Purpose: To ensure that Reliability Coordinators provide their System Operators with
authority with respect to analysis tool outages and to have procedures to mitigate effects of
analysis tool outages.
4. Applicability
5. Effective Date: In those jurisdictions where regulatory approval is required, this standard
shall become effective on the first day of the first calendar quarter after applicable regulatory
approval. In those jurisdictions where no regulatory approval is required, this standard shall
become effective on the first day of the first calendar quarter after Board of Trustees approval.
B. Requirements
R1. Each Reliability Coordinator shall provide its System Operators with the authority to approve,
deny or cancel planned outages of its own analysis tools. [Violation Risk Factor: Medium]
[Time Horizon: Real-time Operations, Same Day Operations and Operations Planning]
R2. Each Reliability Coordinator shall have procedures in place to mitigate the effects of analysis
tool outages. [Violation Risk Factor: Medium] [Time Horizon: Real-time Operations, Same
Day Operations and Operations Planning]
C. Measures
confirm that the Reliability Coordinator has provided its System Operators with the authority
to approve, deny or cancel planned outages of its own analysis tools. (R1)
confirm that that the Reliability Coordinator has procedures in place to mitigate the effects of
analysis tool outages. (R2)
D. Compliance
Reliability Coordinator works for the Regional Entity. Where the Reliability Coordinator
works for the Regional Entity, the Regional Entity will establish an agreement with the
ERO or another entity approved by the ERO and FERC (i.e. another Regional Entity), to
be responsible for compliance enforcement.
Compliance Audit
Self-Certification
Spot Checking
Self-Reporting
Complaint

1.3. Data Retention
The Reliability Coordinator shall retain its current, in force document and any
documents in force for the current year and previous calendar year for Requirements
R1 and R2 and Measures M1 and M2.
o If a Reliability Coordinator is found non-compliant, it shall keep information related
to the non-compliance until found compliant.
o The Compliance Enforcement Authority shall keep the last audit records and
all requested and submitted subsequent audit records.
None.
R1 N/A N/A N/A The Reliability
provide its System
Operator with the
authority to approve,
deny or cancel
planned outages of its
own analysis tools.
R2 N/A N/A N/A The Reliability
have a procedure to
mitigate the effects of
analysis tool outages.

None identified.
Version History
1 November 1,
2006
1 April 4, 2007 Replaced Levels of Non-compliance with
the Feb 28, BOT approved Violation
Severity Levels (VSLs)

Revised to add missing
measures and compliance
elements
2 October 17,
2008
Deleted R2, M3 and associated compliance
elements as conforming changes associated
with approval of IRO-010-1
Revised as part of IROL
Project
2 October 17,
2008
Adopted by NERC Board of Trustees IROL Project
2 March 23, 2011 Order issued by FERC approving IRO-002-
2 (approval effective 5/23/11)

3 August 4, 2011 Retired R1-R8 under Project 2006-06. Project 2006-06

Standard IRO-003-2 Reliability Coordination Wide-Area View
A. Introduction
1. Title: Reliability Coordination Wide-Area View
3. Purpose: The Reliability Coordinator must have a wide-area view of its own
Reliability Coordinator Area and that of neighboring Reliability Coordinators.
4. Applicability
B. Requirements
R1. Each Reliability Coordinator shall monitor all Bulk Electric System facilities, which
may include sub-transmission information, within its Reliability Coordinator Area and
adjacent Reliability Coordinator Areas, as necessary to ensure that, at any time,
regardless of prior planned or unplanned events, the Reliability Coordinator is able to
determine any potential System Operating Limit and Interconnection Reliability
Operating Limit violations within its Reliability Coordinator Area.
R2. Each Reliability Coordinator shall know the current status of all critical facilities
whose failure, degradation or disconnection could result in an SOL or IROL violation.
Reliability Coordinators shall also know the status of any facilities that may be
required to assist area restoration objectives.
C. Measures
include, but is not limited to, Energy Management System description documents,
computer printouts, SCADA data collection, or other equivalent evidence that will be
used to confirm that it monitors adjacent Reliability Coordinator Areas as necessary to
ensure that, regardless of prior planned or unplanned events, the Reliability
Coordinator is able to determine any potential System Operating Limit and
Interconnection Reliability Operating Limit violations within its Reliability
Coordinator Area.
D. Compliance
monitoring.
schedule.)
prepare.)
compliance.
1.3. Data Retention
Each Reliability Coordinator shall have current in-force documents used to show
compliance with Measure 1.
None.
2. Levels of Non-Compliance for a Reliability Coordinator
2.4. Level 4: Did not produce acceptable evidence to confirm that it monitors adjacent
Reliability Coordinator Areas as necessary to ensure that, at any time, regardless
of prior planned or unplanned events, the Reliability Coordinator is able to
determine any potential System Operating Limit and Interconnection Reliability
Operating Limit violations within its Reliability Coordinator Area.
None identified.
Version History
Date
Errata
1 February 7,
2006
2 November 1,
2006

Standard IRO-004-2 Reliability Coordination Operations Planning
A. Introduction
1. Title: Reliability Coordination Operations Planning
3. Purpose: Each Reliability Coordinator must conduct next-day reliability analyses for its
Reliability Coordinator Area to ensure the Bulk Electric System can be operated reliably in
anticipated normal and Contingency conditions. System studies must be conducted to
highlight potential interface and other operating limits, including overloaded transmission lines
and transformers, voltage and stability limits, etc. Plans must be developed to alleviate System
Operating Limit (SOL) and Interconnection Reliability Operating Limit (IROL) violations.
4. Applicability
5. Effective Date: In those jurisdictions where no regulatory approval is required, the
standard shall become effective on the latter of either April 1, 2009 or the first day of the first
calendar quarter, three months after BOT adoption.
effective on the latter of either April 1, 2009 or the first day of the first calendar quarter, three
months after applicable regulatory approval.
B. Requirements
R1. Each Transmission Operator, Balancing Authority, and Transmission Service Provider shall
comply with the directives of its Reliability Coordinator based on the next day assessments in
the same manner in which it would comply during real time operating events.
C. Measures
M1. None
D. Compliance
Entities will be selected for an on-site audit at least every three years. For a selected 30-day
period in the previous three calendar months prior to the on site audit, Reliability Coordinators
will be asked to provide documentation showing that next-day reliability analyses were
conducted each day to ensure the bulk power system could be operated in anticipated normal
and Contingency conditions; and that they identified potential interface and other operating
limits including overloaded transmission lines and transformers, voltage and stability limits,
etc.
1.3. Data Retention

R1 The responsible entity failed
to comply with the directives
of its Reliability Coordinator
based on the next day
assessments in the same
manner in which it would
comply during real time
operating events on one (1)
occasion during a calendar
month.
operating events on two (2) to
three (3) occasions during a
calendar month.
operating events on four (4)
to five (5) occasions during a
calendar month.
operating events on more
than five (5) occasions during
a calendar month.

Version History
1 Replaced Levels of Non-compliance with
the February 28, 2008 BOT approved
Retired R1 through R6, and associated
Measures, Data Retention, and VSLs
Revision
2 October 17,
2008
Adopted by NERC Board of Trustees Revision
2 March 17, 2011 FERC Order issued approving IRO-004-2
(Clarification issued on J uly 13, 2011)
Revision

Standard IRO-005-3.1a Reliability Coordination Current Day Operations
Page 1 of 15

A. Introduction
1. Title: Reliability Coordination Current Day Operations
2. Number: IRO-005-3.1a
3. Purpose: The Reliability Coordinator must be continuously aware of conditions
within its Reliability Coordinator Area and include this information in its reliability
assessments. The Reliability Coordinator must monitor Bulk Electric System
parameters that may have significant impacts upon the Reliability Coordinator Area
and neighboring Reliability Coordinator Areas.
4. Applicability
5. Effective Date:
B. Requirements
R1. Each Reliability Coordinator shall monitor its Reliability Coordinator Area parameters,
including but not limited to the following:
R1.1. Current status of Bulk Electric System elements (transmission or generation including
critical auxiliaries such as Automatic Voltage Regulators and Special Protection
Systems) and system loading.
R1.2. Current pre-contingency element conditions (voltage, thermal, or stability), including
any applicable mitigation plans to alleviate SOL or IROL violations, including the
plans viability and scope.
R1.3. Current post-contingency element conditions (voltage, thermal, or stability), including
any applicable mitigation plans to alleviate SOL or IROL violations, including the
R1.4. System real and reactive reserves (actual versus required).
R1.5. Capacity and energy adequacy conditions.
R1.6. Current ACE for all its Balancing Authorities.
Page 2 of 15

R1.7. Current local or Transmission Loading Relief procedures in effect.
R1.8. Planned generation dispatches.
R1.9. Planned transmission or generation outages.
R1.10. Contingency events.
R2. Each Reliability Coordinator shall monitor its Balancing Authorities parameters to ensure that
the required amount of operating reserves is provided and available as required to meet the
Control Performance Standard and Disturbance Control Standard requirements. If necessary,
the Reliability Coordinator shall direct the Balancing Authorities in the Reliability Coordinator
Area to arrange for assistance from neighboring Balancing Authorities. The Reliability
Coordinator shall issue Energy Emergency Alerts as needed and at the request of its Balancing
Authorities and Load-Serving Entities.
R3. Each Reliability Coordinator shall ensure its Transmission Operators and Balancing
Authorities are aware of Geo-Magnetic Disturbance (GMD) forecast information and assist as
needed in the development of any required response plans.
R4. The Reliability Coordinator shall disseminate information within its Reliability Coordinator
Area, as required.
R5. Each Reliability Coordinator shall monitor system frequency and its Balancing Authorities
performance and direct any necessary rebalancing to return to CPS and DCS compliance. The
Transmission Operators and Balancing Authorities shall utilize all resources, including firm
load shedding, as directed by its Reliability Coordinator to relieve the emergent condition.
R6. The Reliability Coordinator shall coordinate with Transmission Operators, Balancing
Authorities, and Generator Operators as needed to develop and implement action plans to
mitigate potential or actual SOL, CPS, or DCS violations. The Reliability Coordinator shall
coordinate pending generation and transmission maintenance outages with Transmission
Operators, Balancing Authorities, and Generator Operators as needed in both the real time and
next-day reliability analysis timeframes.
R7. As necessary, the Reliability Coordinator shall assist the Balancing Authorities in its
Reliability Coordinator Area in arranging for assistance from neighboring Reliability
Coordinator Areas or Balancing Authorities.
R8. The Reliability Coordinator shall identify sources of large Area Control Errors that may be
contributing to Frequency Error, Time Error, or Inadvertent Interchange and shall discuss
corrective actions with the appropriate Balancing Authority. The Reliability Coordinator shall
direct its Balancing Authority to comply with CPS and DCS.
R9. Whenever a Special Protection System that may have an inter-Balancing Authority, or inter-
Transmission Operator impact (e.g., could potentially affect transmission flows resulting in a
SOL or IROL violation) is armed, the Reliability Coordinators shall be aware of the impact of
the operation of that Special Protection System on inter-area flows. The Transmission
Operator shall immediately inform the Reliability Coordinator of the status of the Special
Protection System including any degradation or potential failure to operate as expected.
R10. In instances where there is a difference in derived limits, the Transmission Operators,
Balancing Authorities, Generator Operators, Transmission Service Providers, Load-Serving
Entities, and Purchasing-Selling Entities shall always operate the Bulk Electric System to the
most limiting parameter.
R11. The Transmission Service Provider shall respect SOLs and IROLs in accordance with filed
tariffs and regional Total Transfer Calculation and Available Transfer Calculation processes.
Page 3 of 15

R12. Each Reliability Coordinator who foresees a transmission problem (such as an SOL or IROL
violation, loss of reactive reserves, etc.) within its Reliability Coordinator Area shall issue an
alert to all impacted Transmission Operators and Balancing Authorities in its Reliability
Coordinator Area without delay. The receiving Reliability Coordinator shall disseminate this
information to its impacted Transmission Operators and Balancing Authorities. The Reliability
Coordinator shall notify all impacted Transmission Operators, Balancing Authorities, when the
transmission problem has been mitigated.
C. Measures
M1. The Reliability Coordinator shall have and provide upon request evidence that could include,
but is not limited to, Energy Management System description documents, computer printouts, a
prepared report specifically detailing compliance to each of the bullets in Requirement 1, EMS
availability, SCADA data collection system communications performance or equivalent
evidence that will be used to confirm that it monitors the Reliability Coordinator Area
parameters specified in Requirements 1.1 through 1.9.
M2. If one of its Balancing Authorities has insufficient operating reserves, the Reliability
Coordinator shall have and provide upon request evidence that could include, but is not limited
to computer printouts, operating logs, voice recordings or transcripts of voice recordings, or
equivalent evidence that will be used to determine if the Reliability Coordinator directed and, if
needed, assisted the Balancing Authorities in the Reliability Coordinator Area to arrange for
assistance from neighboring Balancing Authorities. (Requirement 2 and Requirement 7)
but is not limited to, operator logs, voice recordings or transcripts of voice recordings,
electronic communications or equivalent evidence that will be used to determine if it informed
Transmission Operators and Balancing Authorities of Geo-Magnetic Disturbance (GMD)
forecast information and provided assistance as needed in the development of any required
response plans. (Requirement 3)
but is not limited to, operator logs, voice recordings or transcripts of voice recordings, Hot Line
recordings, electronic communications or equivalent evidence that will be used to determine if
it disseminated information within its Reliability Coordinator Area in accordance with
Requirement 4.
but is not limited to, computer printouts, operator logs, voice recordings or transcripts of voice
recordings, electronic communications or equivalent evidence that will be used to confirm that
it monitored system frequency and Balancing Authority performance and directed any
necessary rebalancing, as specified in Requirement 5 Part 1.
M6. The Transmission Operators and Balancing Authorities shall have and provide upon request
evidence that could include, but is not limited to, operator logs, voice recordings or transcripts
of voice recordings, electronic communications or equivalent evidence that will be used to
confirm that it utilized all resources, including firm load shedding, as directed by its Reliability
Coordinator, to relieve an emergent condition. (Requirement 5 Part 2)
but is not limited to, voice recordings or transcripts of voice recordings, electronic
communications, operator logs or equivalent evidence that will be used to determine if it
coordinated with Transmission Operators, Balancing Authorities, and Generator Operators as
needed to develop and implement action plans to mitigate potential or actual SOL, CPS, or
DCS violations including the coordination of pending generation and transmission maintenance
Page 4 of 15

outages with Transmission Operators, Balancing Authorities and Generator Operators.
(Requirement 6 Part 1)
M8. If a large Area Control Error has occurred, the Reliability Coordinator shall have and provide
upon request evidence that could include, but is not limited to, operator logs, voice recordings
or transcripts of voice recordings, Hot Line recordings, electronic communications or
equivalent evidence that will be used to determine if it identified sources of the Area Control
Errors, and initiated corrective actions with the appropriate Balancing Authority if the problem
was within the Reliability Coordinators Area (Requirement 8 Part 1)
M9. If a Special Protection System is armed and that system could have had an inter-area impact,
the Reliability Coordinator shall have and provide upon request evidence that could include,
but is not limited to, agreements with their Transmission Operators, procedural documents,
operator logs, computer analysis, training modules, training records or equivalent evidence that
will be used to confirm that it was aware of the impact of that Special Protection System on
inter-area flows. (Requirement 9)
M10. If there is an instance where there is a disagreement on a derived limit, the Transmission
Operator, Balancing Authority, Generator Operator, Load-serving Entity, Purchasing-selling
Entity and Transmission Service Provider involved in the disagreement shall have and provide
upon request evidence that could include, but is not limited to, operator logs, voice recordings,
electronic communications or equivalent evidence that will be used to determine if it operated
to the most limiting parameter. (Requirement 10)
M11. The Transmission Service Providers shall have and provide upon request evidence that could
include, but is not limited to, procedural documents, operator logs, voice recordings or
transcripts of voice recordings, electronic communications or equivalent evidence that will be
used to confirm that it respected the SOLs or IROLs in accordance with filed tariffs and
regional Total Transfer Calculation and Available Transfer Calculation
processes.(Requirement 11)
electronic communications or equivalent evidence that will be used to confirm that it issued
alerts when it foresaw a transmission problem (such as an SOL or IROL violation, loss of
reactive reserves, etc.) within its Reliability Coordinator Area, to all impacted Transmission
Operators and Balancing Authorities in its Reliability Coordinator Area as specified in
Requirement 12 Part 1.
electronic communications or equivalent evidence that will be used to confirm that upon
receiving information such as an SOL or IROL violation, loss of reactive reserves, etc. it
disseminated the information to its impacted Transmission Operators and Balancing
Authorities as specified in Requirement 12 Part 2.
electronic communications or equivalent evidence that will be used to confirm that it notified
all impacted Transmission Operators, Balancing Authorities and Reliability Coordinators when
a transmission problem has been mitigated. (Requirement 12 Part 3)
D. Compliance
Page 5 of 15

monitoring.
schedule.)
prepare.)
compliance.
1.3. Data Retention
For Measures 1 and 9, each Reliability Coordinator shall have its current in-force
documents as evidence.
For Measures 28 and Measures 12 through 13, the Reliability Coordinator shall
keep 90 days of historical data (evidence).
For Measure 6, the Transmission Operator and Balancing Authority shall keep 90
days of historical data (evidence).
For Measure 10, the Transmission Operator, Balancing Authority, and
Transmission Service Provider shall keep 90 days of historical data (evidence).
For Measure 11, the Transmission Service Provider shall keep 90 days of
historical data (evidence).
None.
Page 6 of 15

failed to monitor one (1) of
the elements listed in IRO-
005-1 R1.1 through R1.10.
failed to monitor two (2) of
005-1 R1.1 through R1.10.
failed to monitor three (3) of
005-1 R1.1 through R1.10.
failed to monitor more than
three (3) of the elements
listed in IRO-005-1 R1.1
through R1.10.
R1.1 The Reliability Coordinator
failed to monitor the current
status of Bulk Electric
System elements
(transmission or generation
including critical auxiliaries
such as Automatic Voltage
Regulators and Special
Protection Systems) and
system loading.
N/A N/A N/A
failed to monitor current pre-
contingency element
conditions (voltage, thermal,
or stability), including any
applicable mitigation plans to
alleviate SOL or IROL
violations, including the
N/A N/A N/A
Page 7 of 15

failed to monitor current post-
contingency element
conditions (voltage, thermal,
or stability), including any
applicable mitigation plans to
alleviate SOL or IROL
violations, including the
N/A N/A N/A
failed to monitor system real
and reactive reserves (actual
versus required).
N/A N/A N/A
failed to monitor capacity and
energy adequacy conditions.
N/A N/A N/A
failed to monitor current ACE
for all its Balancing
Authorities.
N/A N/A N/A
failed to monitor current local
or Transmission Loading
Relief procedures in effect.
N/A N/A N/A
failed to monitor planned
generation dispatches.
N/A N/A N/A
failed to monitor planned
transmission or generation
outages.
N/A N/A N/A
Page 8 of 15

failed to monitor contingency
events.
N/A N/A N/A
failed to direct the Balancing
Authorities in the Reliability
Coordinator Area to arrange
for assistance from
neighboring Balancing
Authorities.
failed to issue Energy
Emergency Alerts as needed
and at the request of its
Balancing Authorities and
Load-Serving Entities.
failed to monitor its
Balancing Authorities
parameters to ensure that the
required amount of operating
reserves was provided and
available as required to meet
the Control Performance
Standard and Disturbance
Control Standard
requirements.
R3 N/A N/A The Reliability Coordinator
ensured its Transmission
Authorities were aware of
Geo-Magnetic Disturbance
(GMD) forecast information,
but failed to assist, when
needed, in the development of
any required response plans.
failed to ensure its
Balancing Authorities were
aware of Geo-Magnetic
Disturbance (GMD) forecast
information.
R4 N/A N/A N/A The Reliability Coordinator
failed to disseminate
information within its
Reliability Coordinator Area,
when required.
Page 9 of 15

R5 N/A N/A The Reliability Coordinator
monitored system frequency
and its Balancing Authorities
performance but failed to
direct any necessary
rebalancing to return to CPS
and DCS compliance.
failed to monitor system
frequency and its Balancing
Authorities performance and
direct any necessary
rebalancing to return to CPS
and DCS compliance or the
responsible entity failed to
utilize all resources, including
firm load shedding, as
directed by its Reliability
Coordinator to relieve the
emergent condition.
Page 10 of 15

coordinated with
Transmission Operators,
Balancing Authorities, and
Generator Operators, as
needed, to develop action
plans to mitigate potential or
actual SOL, CPS, or DCS
violations but failed to
implement said plans, or the
coordinated pending
generation and transmission
maintenance outages with
Generator Operators as
needed in the real-time
reliability analysis timeframe
but failed to coordinate
pending generation and
transmission maintenance
outages in the next-day
reliability analysis timeframe.
failed to coordinate with
needed to develop and
implement action plans to
mitigate potential or actual
SOL, CPS, or DCS
violations, or the Reliability
coordinate pending
needed in both the real-time
and next-day reliability
analysis timeframes.
failed to coordinate with
needed to develop and
implement action plans to
mitigate potential or actual
SOL, CPS, or DCS violations
and the Reliability
coordinate pending
needed in both the real-time
and next-day reliability
analysis timeframes.
failed to assist the Balancing
Coordinator Area in
arranging for assistance from
Coordinator Areas or
Balancing Authorities, when
necessary.
Page 11 of 15

identified sources of large
Area Control Errors that were
contributing to Frequency
Error, Time Error, or
Inadvertent Interchange and
discussed corrective actions
with the appropriate
Balancing Authority but
failed to direct the Balancing
Authority to comply with
CPS and DCS.
identified sources of large
Area Control Errors that were
contributing to Frequency
Error, Time Error, or
Inadvertent Interchange but
failed to discuss corrective
actions with the appropriate
Balancing Authority.
failed to identify sources of
large Area Control Errors that
were contributing to
Frequency Error, Time Error,
or Inadvertent Interchange.
failed to be aware of the
impact on inter-area flows of
an inter-Balancing Authority
or inter-Transmission
Operator, following the
operation of a Special
Protection System that is
armed (e.g., could potentially
affect transmission flows
resulting in a SOL or IROL
violation), or the
Transmission Operator failed
to immediately inform the
Reliability Coordinator of the
status of the Special
Protection System including
any degradation or potential
failure to operate as expected.
Page 12 of 15

R10 N/A

N/A N/A The responsible entity failed
to operate the Bulk Electric
System to the most limiting
parameter in instances where
there was a difference in
derived limits.
R11 N/A N/A N/A The Transmission Service
Provider failed to respect
SOLs or IROLs in
accordance with filed tariffs
and regional Total Transfer
Calculation and Available
Transfer Calculation
processes.
failed to notify all impacted
Balancing Authorities, when
the transmission problem had
been mitigated.
N/A The Reliability Coordinator
who foresaw a transmission
problem (such as an SOL or
IROL violation, loss of
reactive reserves, etc.) within
its Reliability Coordinator
Area failed to issue an alert to
all impacted Transmission
Coordinator Area, or the
receiving Reliability
disseminate this information
to its impacted Transmission
Authorities.
Page 13 of 15

None identified.
Version History
Date
Errata
1 Retired R2, R3, R5; modified R9,
R13 and R14; retired R16 and R17
Retired M2 and M3; modified M9
and M12; retired M13
Made conforming changes to data
retention
Replaced Levels of Non-compliance
with the Feb 28, BOT approved
Violation Severity Levels (VSLs)
Retired VSLs associated with R2,
R3, R5, R16 and R17;
Modified VSLs associated with R9
and R13, and R14
Revised
2 January 1, 2007 Effective Date
2a November 5, 2009 Approved by the Board of Trustees
3 October 17, 2008 Approved by the Board of Trustees
3 March 17, 2011 Order issued by FERC approving
IRO-005-3 (approval effective
5/23/11)

3a April 21, 2011 Added FERC approved
Interpretation

3.1a March 8, 2012 Errata adopted by Standards
Committee; (removed outdated
references in Measures M10 and
M11 to Part 2 of Requirements
R10 and R11)
Errata
3.1a September 13,
2012
FERC approved Errata

Page 14 of 15

Appendix 1
TOP-005-1 Requirement R3
Upon request, each Balancing Authority and Transmission Operator shall provide to other Balancing
Authorities and Transmission Operators with immediate responsibility for operational reliability, the
operating data that are necessary to allow these Balancing Authorities and Transmission Operators to
perform operational reliability assessments and to coordinate reliable operations. Balancing Authorities
and Transmission Operators shall provide the types of data as listed in Attachment 1-TOP-005-0 Electric
System Reliability Data, unless otherwise agreed to by the Balancing Authorities and Transmission
Operators with immediate responsibility for operational reliability.
The above-referenced Attachment 1 TOP-005-0 specifies the following data as item 2.6: New or
degraded special protection systems. [Underline added for emphasis.]
IRO-005-1 Requirement R12
1
Transmission Operator impact (e.g., could potentially affect transmission flows resulting in a SOL or
IROL violation) is armed, the Reliability Coordinators shall be aware of the impact of the operation of
that Special Protection System on inter-area flows. The Transmission Operator shall immediately inform
the Reliability Coordinator of the status of the Special Protection System including any degradation or
potential failure to operate as expected. [Underline added for emphasis.]

PRC-012-0 Requirements R1 and R1.3
R1. Each Regional Reliability Organization with a Transmission Owner, Generator Owner, or
Distribution Providers that uses or is planning to use an SPS shall have a documented Regional
Reliability Organization SPS review procedure to ensure that SPSs comply with Regional criteria and
NERC Reliability Standards. The Regional SPS review procedure shall include:
R1.3. Requirements to demonstrate that the SPS shall be designed so that a single SPS
component failure, when the SPS was intended to operate, does not prevent the interconnected
transmission system from meeting the performance requirements defined in Reliability Standards
TPL-001-0, TPL-002-0, and TPL-003-0.
Background Information for Interpretation
The TOP-005-1 standard focuses on two key obligations. The first key obligation (Requirement R1) is a
responsibility mandate. Requirement R1 establishes who is responsible for the obligation to provide
operating data required by a Reliability Coordinator within the framework of the Reliability
Coordinator requirements defined in the IRO standards. The second key obligation (Requirement R3) is a
performance mandate. Requirement R3 defines the obligation to provide data requested by other
reliability entities that is needed to perform assessments and to coordinate operations.
The Attachment to TOP-005-1 is provided as a guideline of what can be shared. The Attachment is not
an obligation of what must be shared. Enforceable NERC Requirements must be explicitly contained
within a given Standards approved requirements. In this case, the standard only requires data upon
request. If a Reliability Coordinator or other reliability entity were to request data such as listed in the
Attachment, then the entity being asked would be mandated by Requirements R1 and R3 to provide that

1
In the current version of the Standard (IRO-005-3a), this requirement is R9.
Page 15 of 15

data (including item 2.6, whether it is or is not in some undefined degraded state).
IRO-002-1 requires the Reliability Coordinator to have processes in place to support its reliability
obligations (Requirement R2). Requirement R4 mandates that the Reliability Coordinator have
communications processes in place to meet its reliability obligations, and Requirement R5 et al mandate
the Reliability Coordinator to have the tools to carry out these reliability obligations.
IRO-003-2 (Requirements R1 and R2) requires the Reliability Coordinator to monitor the state of its
system.
IRO-004-1 requires that the Reliability Coordinator carry out studies to identify Interconnection
Reliability Operating Limits (Requirement R1) and to be aware of system conditions via monitoring tools
and information exchange.
IRO-005-1 mandates that each Reliability Coordinator monitor predefined base conditions (Requirement
R1), collect additional data when operating limits are or may be exceeded (Requirement R3), and identify
actual or potential threats (Requirement R5). The basis for that request is left to each Reliability
Coordinator. The Purpose statement of IRO-005-1 focuses on the Reliability Coordinators obligation to
be aware of conditions that may have a significant impact upon its area and to communicate that
information to others (Requirements R7 and R9). Please note: it is from this communication that
Transmission Operators and Balancing Authorities would either obtain or would know to ask for SPS
information from another Transmission Operator.
The IRO-005-1 (Requirement R12) standard implies that degraded is a condition that will result in a
failure to operate as designed. If the loss of a communication channel will result in the failure of an SPS
to operate as designed then the Transmission Operator would be mandated to report that information. On
the other hand, if the loss of a communication channel will not result in the failure of the SPS to operate
as designed, then such a condition can be, but is not mandated to be, reported.
Conclusion
The TOP-005-1 standard does not provide, nor does it require, a definition for the term degraded.
The IRO-005-1 (R12) standard implies that degraded is a condition that will result in a failure of an SPS
to operate as designed. If the loss of a communication channel will result in the failure of an SPS to
operate as designed, then the Transmission Operator would be mandated to report that information. On
To request a formal definition of the term degraded, the Reliability Standards Development Procedure
requires the submittal of a Standards Authorization Request.

Standard IRO-005-4 Reliability Coordination Current Day Operations
Adopted by NERC Board of Trustees: August 4, 2011 Page 1 of 5
Introduction
1. Title: Reliability Coordination Current Day Operations
3. Purpose: To ensure that entities are notified when an expected or actual event with
Adverse Reliability Impacts is identified.
4. Applicability:
5. Effective Date: In those jurisdictions where regulatory approval is required, this
standard shall become effective on the first day of the first calendar quarter after
applicable regulatory approval. In those jurisdictions where no regulatory approval is
required, this standard shall become effective on the first day of the first calendar
quarter after Board of Trustees approval.
A. Requirements
R1. When the results of an Operational Planning Analysis or Real-time Assessment
indicate an anticipated or actual condition with Adverse Reliability Impacts within its
Reliability Coordinator Area, each Reliability Coordinator shall notify all impacted
Transmission Operators and Balancing Authorities in its Reliability Coordinator Area.
[Violation Risk Factor: High] [Time Horizon: Real-time Operations, Same Day
Operations and Operations Planning]
R2. Each Reliability Coordinator that identifies an anticipated or actual condition with
Adverse Reliability Impacts within its Reliability Coordinator Area shall notify all
impacted Transmission Operators and Balancing Authorities in its Reliability
Coordinator Area when the problem has been mitigated. [Violation Risk Factor:
Medium] [Time Horizon: Real-time Operations, Same Day Operations and Operations
Planning]
B. Measures
M1. Each Reliability Coordinator shall have and provide evidence which may include, but
is not limited to dated operator logs, dated voice recordings or dated transcripts of
voice recordings, electronic communications, or equivalent documentation, that will be
used to determine that it notified all impacted Transmission Operators and Balancing
Authorities in its Reliability Coordinator Area when it identified an anticipated or
actual condition with Adverse Reliability Impacts, within its Reliability Coordinator
Area. (R1)
is not limited to dated operator logs, dated voice recordings or dated transcripts of
voice recordings, electronic communications, or equivalent documentation, that will be
used to determine that it notified all impacted Transmission Operators and Balancing
Authorities in its Reliability Coordinator Area when an anticipated or actual condition
with Adverse Reliability Impacts within its Reliability Coordinator Area had been
mitigated. (R2)

C. Compliance
Reliability Coordinator works for the Regional Entity. Where the Reliability
Coordinator works for the Regional Entity, the Regional Entity will establish an
agreement with the ERO or another entity approved by the ERO and FERC (i.e.
another Regional Entity), to be responsible for compliance enforcement.
Compliance Audit
Self-Certification
Spot Checking
Self-Reporting
Complaint
1.3. Data Retention
The Reliability Coordinator shall retain its evidence for the most recent 90
days for voice recordings or 12 months for other documentation for
Requirements R1 and R2 and Measures M1 and M2.
If a Reliability Coordinator is found non-compliant, it shall keep information
The Compliance Enforcement Authority shall keep the last audit records and
all requested and submitted subsequent audit records or for the time period
None.

R1 The Reliability Coordinator who
identified an anticipated or actual
condition with Adverse Reliability
Impacts within its Reliability
Coordinator Area failed to issue an
alert to one, but not all, impacted
The Reliability Coordinator who
identified an anticipated or
actual condition with Adverse
Reliability Impacts within its
failed to issue an alert to two,
but not all, impacted
identified an anticipated or
actual condition with Adverse
Reliability Impacts within its
failed to issue an alert to three,
but not all, impacted
Coordinator Area failed to issue
an alert to more than three
impacted Transmission
Coordinator Area.
OR
Coordinator Area failed to issue
an alert to all impacted
Reliability Coordinator Area (in
cases where there are less than
three impacted entities).
R2 The Reliability Coordinator failed to
notify one, but not all, impacted
Transmission Operators, Balancing
Authorities, when the transmission
problem had been mitigated.
failed to notify two, but not all,
Operators, Balancing
Authorities, when the
transmission problem had been
mitigated.
failed to notify three, but not all,
Operators, Balancing
Authorities, when the
mitigated.
to notify more than three
Operators, Balancing Authorities,
when the transmission problem
had been mitigated.
OR
to notify more all impacted
Balancing Authorities, when the
mitigated (in cases where there
are less than three impacted
entities).


None identified.
E. Associated Documents
Version History
Date
Errata
1 August 28, 2006 Added three items that were
inadvertently left out to Applicability
section:
4.5 Generator Operators.
4.6 Load-Serving Entities.
4.7 Purchasing-Selling Entities.
Errata
1 February 7, 2006 BOT Approval Revised
2 November 1, 2006 BOT Approval Revised under Missing
Measures &
Compliance Elements
Project
2a November 5, 2009 Interpretation approved by the Board of
Trustees
Interpretation
3

October 17, 2008 Retired R2, R3, R5, R16, R17 and
revised R9, R13, R14 to eliminate
redundancy or conflicts with IRO
standards IRO-009-1, and IRO-010-1
IROL Project
conforming changes
3 October 17, 2008 Adopted by the Board of Trustees
3 March 23, 2011 Order issued by FERC approving IRO-

3a April 21, 2011 Added FERC approved Interpretation
4 August 4, 2011 Retired R1-R11; revised R12 Project 2006-06

Standard IRO-006-5 Reliability Coordination Trans mis s ion Loading Relief
Approved by the Board of Trustees on November 4, 2010 Page 1 of 4

A. Introduction
1. Title: Reliability Coordination Transmission Loading Relief (TLR)
3. Purpose: To ensure coordinated action between Interconnections when
implementing Interconnection-wide transmission loading relief procedures to prevent
or manage potential or actual SOL and IROL exceedances to maintain reliability of
the bulk electric system.
4. Applicability:
5. Proposed Effective Date: First day of the first calendar quarter following the date
where regulatory approval is not required; the standard becomes effective on the first
day of the first calendar quarter after the date this standard is approved by the NERC
Board of Trustees.
B. Requirements
R1. Each Reliability Coordinator and Balancing Authority that receives a request pursuant
to an Interconnection-wide transmission loading relief procedure (such as Eastern
Interconnection TLR, WECC Unscheduled Flow Mitigation, or congestion
management procedures from the ERCOT Protocols) from any Reliability
Coordinator, Balancing Authority, or Transmission Operator in another
Interconnection to curtail an Interchange Transaction that crosses an Interconnection
boundary shall comply with the request, unless it provides a reliability reason to the
requestor why it cannot comply with the request. [Violation Risk Factor: High]
C. Measures
M1. Each Reliability Coordinator and Balancing Authority shall provide evidence (such as
dated logs, voice recordings, Tag histories, and studies, in electronic or hard copy
format) that, when a request to curtail an Interchange Transaction crossing an
Interconnection boundary pursuant to an Interconnection-wide transmission loading
relief procedure was made from another Reliability Coordinator, Balancing
Authority, or Transmission Operator in that other Interconnection, it complied with
the request or provided a reliability reason why it could not comply with the request
(R1).
D. Compliance
Regional Entity.

The following processes may be used:
Compliance Audits
Self-Certifications
Spot Checking
Self-Reporting
Complaints
1.3. Data Retention
The Reliability Coordinator and Balancing Authority shall each keep data or evidence
to show compliance as identified below unless directed by its Compliance Enforcement
investigation:
- The Reliability Coordinator and Balancing Authority shall maintain evidence to
show compliance with R1 for the most recent twelve calendar months plus the
current month.
- If a Reliability Coordinator or Balancing Authority is found non-compliant, it
shall keep information related to the non-compliance until found compliant or for
the duration specified above, whichever is longer.
None.

R1

received a request to curtail
an Interchange Transaction
crossing an Interconnection
boundary pursuant to an
Interconnection-wide
transmission loading relief
procedure from a Reliability
Coordinator, Balancing
Authority, or Transmission
Operator, but the entity
neither complied with the
request, nor provided a
reliability reason why it could
not comply with the request.

E. Variances
None.
None.

G. Version History
Date
Errata
1 August 8, 2005 Revised Attachment 1 Revision
3 February 26,
2007
Revised Purpose and Attachment 1
related to NERC NAESB split of the
TLR procedure
Revision
4 October 23,
2007
Completed NERC/NAESB split Revision
5 TBD Removed Attachment 1 and made into a
new standard, eliminated unnecessary
requirements.
Revision
5 November 4,
2010
Approved by the Board of Trustees
5 April 21, 2011 FERC Order issued approving IRO-006-
5 (approval effective June 27, 2011)

Standard IRO-006-EAST-1 TLR Procedure for the Eastern Interconnection


A. Introduction
1. Title: Transmission Loading Relief Procedure for the Eastern Interconnection
2. Number: IRO-006-EAST-1
3. Purpose: To provide an Interconnection-wide transmission loading relief
procedure (TLR) for the Eastern Interconnection that can be used to prevent and/or
mitigate potential or actual System Operating Limit (SOL) and Interconnection
Reliability Operating Limit (IROL) exceedances to maintain reliability of the Bulk
Electric System (BES).
4. Applicability:
4.1. Reliability Coordinators in the Eastern Interconnection.
5. Proposed Effective Date: First day of the first calendar quarter following the date
day of the first calendar quarter after the date this standard is approved by the NERC
Board of Trustees.
B. Requirements

R1. When acting or instructing others to act to mitigate the magnitude and duration of
the instance of exceeding an IROL within that IROLs T
V
, each Reliability
Coordinator shall initiate, prior to or concurrently with the initiation of the Eastern
Interconnection TLR procedure (or continuing management of this procedure if
already initiated), one or more of the following actions: [Violation Risk Factor:
High] [ Time Horizon: Real-time Operations]
Inter-area redispatch of generation
Intra-area redispatch of generation
Reconfiguration of the transmission system
Voluntary load reductions (e.g., Demand-side Management)
Controlled load reductions (e.g., load shedding)
R2. To ensure operating entities are provided with information needed to maintain an
awareness of changes to the Transmission System, when initiating the Eastern
Interconnection TLR procedure to prevent or mitigate an SOL or IROL
exceedance, and at least every clock hour (with the exception of TLR-1, where an
hourly update is not required) after initiation up to and including the hour when the
TLR level has been identified as TLR Level 0, the Reliability Coordinator shall
identify: [Violation Risk Factor: Medium] [ Time Horizon: Real-time Operations]
2.1. A list of congestion management actions to be implemented, and
2.2. One of the following TLR levels: TLR-1, TLR-2, TLR-3A, TLR-3B,
TLR-4, TLR-5A, TLR-5B, TLR-6, TLR-0
1

1
For more information on TLR levels, please see Implementation Guideline for Reliability Coordinators:
Eastern Interconnection TLR Levels Reference Document.



R3. Upon the identification of the TLR level and a list of congestion management
actions to be implemented, the Reliability Coordinator initiating this TLR
procedure shall: [Violation Risk Factor: Medium] [ Time Horizon: Real-time
Operations]
3.1. Notify all Reliability Coordinators in the Eastern Interconnection of the
identified TLR level
3.2. Communicate the list of congestion management actions to be
implemented to 1.) all Reliability Coordinators in the Eastern
Interconnection, and 2.) those Reliability Coordinators in other
Interconnections responsible for curtailing Interchange Transactions
crossing Interconnection boundaries identified in the list of congestion
management actions.
3.3. Request that the congestion management actions identified in
Requirement R2, Part 2.1 be implemented by:
1.) Each Reliability Coordinator associated with a Sink Balancing
Authority for which Interchange Transactions are to be curtailed,
2.) Each Reliability Coordinator associated with a Balancing Authority in
the Eastern Interconnection for which Network Integration Transmission
Service or Native Load is to be curtailed, and
3.) Each Reliability Coordinator associated with a Balancing Authority in
the Eastern Interconnection for which its Market Flow is to be curtailed.
R4. Each Reliability Coordinator that receives a request as described in Requirement
R3, Part 3.3. shall, within 15 minutes of receiving the request, implement the
congestion management actions requested by the issuing Reliability Coordinator as
follows: [Violation Risk Factor: High] [ Time Horizon: Real-time Operations]
Instruct its Balancing Authorities to implement the Interchange Transaction
schedule change requests.
Instruct its Balancing Authorities to implement the Network Integration
Transmission Service and Native Load schedule changes for which the
Balancing Authorities are responsible.
Instruct its Balancing Authorities to implement the Market Flow schedule
changes for which the Balancing Authorities are responsible.
If an assessment determines shows that one or more of the congestion
management actions communicated in Requirement R3, Part 3.3 will result in
a reliability concern or will be ineffective, the Reliability Coordinator may
replace those specific actions with alternate congestion management actions,
provided that:
o The alternate congestion management actions have been agreed to by the
initiating Reliability Coordinator, and
o The assessment shows that the alternate congestion management actions
will not adversely affect reliability.
C. Measures


M1. Each Reliability Coordinator shall provide evidence (such as dated logs, voice
recordings, or other information in electronic or hard-copy format) that when acting
or instructing others to act to mitigate the magnitude and duration of the instance of
exceeding an IROL within that IROLs T
v
, the Reliability Coordinator initiated one
or more of the actions listed in R1 prior to or concurrently with the initiation of the
Eastern Interconnection TLR procedure (or continuing management of this procedure
if already initiated)(R1).
recordings, or other information in electronic or hard-copy format) that at the time it
initiated the Eastern Interconnection TLR procedure, and at least every clock hour
after initiation up to and including the hour when the TLR level was identified as
TLR Level 0, the Reliability Coordinator identified both the TLR Level and a list of
congestion management actions to be implemented (R2).
recordings, or other information in electronic or hard-copy format) that after it
identified a TLR level and a list of congestion management actions to take, it 1.)
notified all Reliability Coordinators in the Eastern Interconnection of the TLR Level,
2.) communicated the list of actions to all Reliability Coordinators in the Eastern
Interconnection and those Reliability Coordinators in other Interconnections
responsible for curtailing Interchange Transactions crossing Interconnection
boundaries identified in the list of congestion management actions, and 3.) requested
the Reliability Coordinators identified in Requirement R3 Part 3.2 to implement the
congestion management actions identified in Requirement R2 Part 2.1 (R3).
recordings, or other information in electronic or hard-copy format) that within fifteen
minutes of the receipt of a request as described in R3, the Reliability Coordinator
complied with the request by either 1.) implementing the communicated congestion
management actions requested by the issuing Reliability Coordinator, or 2.)
implementing none or some of the communicated congestion management actions
requested by the issuing Reliability Coordinator, and replacing the remainder with
alternate congestion management actions if assessment showed that some or all of
the congestion management actions communicated in R3 would have resulted in a
reliability concern or would have been ineffective, the alternate congestion
management actions were agreed to by the initiating Reliability Coordinator, and
assessment showed that the alternate congestion management actions would not
adversely affect reliability (R4).
D. Compliance
Regional Entity.
- Compliance Audits
- Self-Certifications


- Spot Checking
- Compliance Violation Investigations
- Self-Reporting
- Complaints
1.3. Data Retention
- The Reliability Coordinator shall maintain evidence to show compliance
with R1, R2, R3, and R4 for the past 12 months plus the current month.
- If a Reliability Coordinator is found non-compliant, it shall keep
None.




R1

When acting or instructing
others to act to mitigate the
magnitude and duration of the
instance of exceeding an IROL
within that IROLs T
v
, the
Reliability Coordinator did not
initiate one or more of the
actions listed under R1 prior to
or in conjunction with the
initiation of the Eastern
Interconnection TLR procedure
(or continuing management of
this procedure if already
initiated).
R2
initiating the Eastern
missed identifying the TLR
Level and/or a list of congestion
management actions to take as
specified by the requirement for
one clock hour during the
period from initiation up to the
hour when the TLR level was
identified as TLR Level 0.
two clock hours during the
three clock hours during the
four or more clock hours during
the period from initiation up to
the hour when the TLR level
was identified as TLR Level 0.


R3
The initiating Reliability
Coordinator did not notify one
or more Reliability
Coordinators in the Eastern
Interconnection of the TLR
Level (3.1).
N/A

Coordinator did not
communicate the list of
congestion management actions
to one or more of the Reliability
Coordinators listed in

OR

Coordinator requested some,
but not all, of the Reliability
Coordinators identified in
Requirement R3, Part 3.3 to
implement the identified
congestion management
actions.
Coordinator requested none of
the Reliability Coordinators
identified in Requirement R3,
Part 3.3 to implement the
identified congestion
management actions.
R4

The responding Reliability
Coordinator did not, within 15
minutes of receiving a request,
either 1.) implement all the
requested congestion
management actions, or 2.)
implement none or some of the
requested congestion
management actions and
replace the remainder with
alternate congestion


management actions, provided
that: assessment showed that
the actions replaced would have
resulted in a reliability concern
or would have been ineffective,
the alternate congestion
management actions were
agreed to by the initiating
Reliability Coordinator, and
assessment determined that the
alternate congestion
management actions would not
adversely affect reliability.


E. Variances
None.

Implementation Guideline for Reliability Coordinators:
Eastern Interconnection TLR Levels Reference Document

G. Revision History

Version Date Action Tracking
1 Creation of new standard, incorporating
concepts from IRO-006-4 Attachment;
elimination of Regional Differences, as the
standard allows the use of Market Flow
New
1 April 21,
2011
FERC Order issued approving IRO-006-EAST-
1 (approval effective June 27, 2011)

Standard IRO-006-TRE-1 IROL and SOL Mitigation in the ERCOT Region
1

Introduction

1. Title: IROL and SOL Mitigation in the ERCOT Region
2. Number: IRO-006-TRE-1
3. Purpose: To provide and execute transmission loading relief procedures that can be
used to mitigate SOL or IROL exceedances for the purpose of maintaining
reliable operation of the bulk electric system in the ERCOT Region.
4. Applicability:

4.1 Functional Entities:

5. Effective Date: The first day of the first calendar quarter after applicable regulatory
approval.


R1. The RC shall have procedures to identify and mitigate exceedances of identified
Interconnection Reliability Operating Limits (IROL) and System Operating Limits (SOL) that
will not be resolved by the automatic actions of the ERCOT Nodal market operations
system. The procedures shall address, but not be limited to, one or more of the following:
redispatch of generation;
reconfiguration of the Transmission system;
controlled load reductions (including both firm and non-firm load shedding).
[Violation Risk Factor: Medium] [Time Horizon: Operations Planning]
M1. The RC shall provide evidence including documentation of procedures to identify
and mitigate exceedances of identified IROLs and SOLs to demonstrate compliance
R2. The RC shall act to identify and mitigate exceedances of identified Interconnection
Reliability Operating Limits and System Operating Limits that will not be resolved by the
automatic actions of the ERCOT Nodal market operations system, in accordance with the
procedures required by R1.
[Violation Risk Factor: High] [Time Horizon: Real Time Operations]
M2. To demonstrate compliance with Requirement R2, the RC shall provide evidence,
such as system logs, voice recordings, or operating messages that shows that it
acted to identify and to mitigate exceedances of IROLs and SOLs in accordance with
the procedures required by R1.
2

Compliance

Texas Reliability Entity, Inc.

Compliance Monitoring and Assessment Processes
Compliance Audits
Self-Certifications
Spot Checks
Self-Reporting
Complaints

Evidence Retention

The Reliability Coordinator shall keep data or evidence to show compliance as identified
below unless directed by its Compliance Enforcement Authority to retain specific evidence
for a longer period of time as part of an investigation:

- The Reliability Coordinator shall retain evidence to show compliance with requirements
R1 and R2 for the period since it became subject to these requirements or since its last
compliance audit, whichever is shorter.

- If a Reliability Coordinator is found non-compliant, it shall retain all evidence for the
period in which it was non-compliant until it is found compliant or for the duration

The Compliance Enforcement Authority shall keep the last audit records and all requested

Additional Compliance Information

None.

3

Time Horizons, Violation Risk Factors, and Violation Severity Levels

Table 1
R# Time
Horizon
R1

Operations
Planning
Medium N/A N/A N/A The RC did not
have procedures
to identify and
mitigate
exceedances of
identified IROLs
and SOLs.
R2 Real-time
Operations
High N/A N/A The RC failed to
follow its
procedures in
identifying and
mitigating an
exceedance of an
SOL.

The RC failed to
follow its
procedures in
identifying and
mitigating an
exceedance of an
IROL.
4


Rationale:
the rationale for various parts of the standard. Upon BOT approval, the text from each of the
rationale text boxes was moved to this section.
Rationale for R1:
The methodology for identifying IROLs and SOLs is addressed in FAC standards, including FAC-
014.
Rationale for R2:
IRO-005-2a (Requirements 3 and 5) calls for relieving IROL violations in no longer than 30
minutes.

Version History

1 June 28, 2011 Texas RE Board Approval
1 November 3,
2011
1 May 31, 2012
FERC Order issued approving IRO-006-TRE-1

WECC Standard IRO-006-WECC-1 Qualified Transfer Path Unscheduled Flow Relief

Page 1 of 3

A. Introduction
1. Title: Qualified Transfer Path Unscheduled Flow (USF) Relief
2. Number: IRO-006-WECC-1
3. Purpose: Mitigation of transmission overloads due to unscheduled flow on Qualified
Transfer Paths.
4. Applicability
4.2 Reliability Coordinators
5. Effective Date: The first day of the first quarter after applicable regulatory approvals.

B. Requirements
R1. Upon receiving a request of Step 4 or greater (see Attachment 1-IRO-006-WECC-1) from the
Transmission Operator of a Qualified Transfer Path, the Reliability Coordinator shall approve
(actively or passively) or deny that request within five minutes. [Violation Risk Factor:
Medium] [Time Horizon: Real-time Operations]
R2. The Balancing Authorities shall approve curtailment requests to the schedules as submitted,
implement alternative actions, or a combination there of that collectively meets the Relief
Requirement. [Violation Risk Factor: Medium] [Time Horizon: Real-time Operations]

C. Measures
M1. The Reliability Coordinator shall have evidence that it approved or denied the request within
five minutes in accordance with R1.
M2. The Balancing Authorities shall have evidence that they provided the Relief Requirement
through Contributing Schedules curtailments, alternative actions, or a combination that
collectively meets the Relief Requirement as directed in R.2.

D. Compliance
Compliance Enforcement Authority may use one or more of the following methods to assess
compliance:
- Reviews conducted monthly
- Investigations
1.2.1 Compliance Monitoring Period: A Qualified Transfer Path Curtailment Event
1.2.2 The Performance-reset Period is one calendar month.

Page 2 of 3

1.3. Data Retention
Reliability Coordinators and Balancing Authorities shall keep evidence for Measure M.1 through
M2 for three years plus current, or since the last audit, whichever is longer.
Compliance shall be determined by a single event, per path, per calendar month (at a minimum)
provided at least one event occurs in that month.

2. Violation Severity Levels of Non-Compliance for Requirement R1
2.1. Lower: There shall be a Lower Level of non-compliance if there is one instance during a
calendar month in which the Reliability Coordinator approved (actively or passively) or
denied a Step 4 or greater request greater than five minutes after receipt of notification from
the Transmission Operator of a Qualified Transfer Path.
2.2. Moderate: Not Applicable
2.3. High: Not Applicable
2.4. Severe: Not Applicable

3. Violation Severity Levels of Non-Compliance for Requirement R2
3.1. Lower: There shall be a Lower Level of non-compliance if there is less than 100% Relief
Requirement provided but greater than or equal to 90% Relief Requirement provided or the
Relief Requirement was less than 5 MW and was not provided.
3.2. Moderate: There shall be a Moderate Level of non-compliance if there is less than 90%
Relief Requirement provided but greater than or equal to 75% Relief Requirement provided
and the Relief Requirement was greater than 5 MW and was not provided.
3.3. High: There shall be a High Level of non-compliance if there is less than 75% Relief
Requirement provided but greater than or equal to 60% Relief Requirement provided and the
Relief Requirement was greater than 5 MW and was not provided.
3.4. Severe: There shall be a Severe Level of non-compliance if there is less than 60% Relief
Requirement provided and the Relief Requirement was greater than 5 MW and was not
provided.

IRO-STD-006-0

1 February 10,
2009
1 March 17, 2011 Order issued by FERC approving IRO-
006-WECC-1 (FERC approval is effective
on May 24, 2011)

1 May 2, 2012 Updated the requirements to R1. and R2.
instead of R.1. and R1.2.


Page 3 of 3

Attachment 1 WECC IRO-006-WECC-1
WECC UNSCHEDULED FLOW MITIGATION
SUMMARY OF ACTIONS

Step Action Description
Unscheduled Flow
Accommodation across Path

Equivalent Percent Curtailment Required in
Contributing Schedule -Based on amount of
Unscheduled Flow across the Qualified
Transfer Path
(Transfer Distribution Factor)
10-14% 15-19% 20-29% 30-49% 50+ %
1
Operate controllable
devices in path
NA

2 Accommodation
50 MW or 5% of maximum
transfer limit

3
Coordinated operation of
Qualified Controllable
Devices
50 MW or /5% of maximum
transfer limit

4 First level curtailment
transfer limit
10% 20%
5 Second level curtailment
transfer limit
10% 15% 25%
6 Accommodation
transfer limit
10% 15% 25%
7 Third level curtailment
transfer limit
10% 15% 20% 30%
8 Accommodation
transfer limit
10% 15% 20% 30%
9 Fourth level curtailment
transfer limit
10% 15% 20% 25% 35%

WECC Standard IRO-006-WECC-2 Qualified Transfer Path Unscheduled Flow (USF) Relief

1
A. Introduction
1. Title: Qualified Transfer Path Unscheduled Flow (USF) Relief

2. Number: IRO-006-WECC-2

3. Purpose: Mitigation of transmission overloads due to unscheduled flow on Qualified
Transfer Paths.

4. Applicability

4.2 Reliability Coordinator
5. Effective Date: On the latter of the first day of the first quarter at least 45 days after
Regulatory approval, or upon complete implementation of applicable webSAS changes and
FERC approval of this standard and the revised Unscheduled Flow Mitigation Plan
Documents.
B. Requirements
R1. Each Reliability Coordinator shall approve or deny a request within five minutes of
receiving the request for unscheduled flow transmission relief from the Transmission
Operator of a Qualified Transfer Path that will result in the calculation of a Relief
Requirement. [Violation Risk Factor: Medium] [Time Horizon: Real-time Operations]

R2. Each Balancing Authority shall perform any combination of the following actions meeting
the Relief Requirement upon receiving a request for relief as described in Requirement
R1: [Violation Risk Factor: Medium] [Time Horizon: Real-time Operations]

Approve curtailment requests to the schedules as submitted
Implement alternative actions
C. Measures
M1. The Reliability Coordinator shall have evidence that it approved or denied the request
within five minutes of receiving a request for relief, in accordance with Requirement R1.
Evidence may include, but is not limited to, documentation of either an active or passive
approval.

M1.1.1 Each Balancing Authority shall have evidence that it provided the Relief
Requirement through Contributing Schedules curtailments, alternative actions, or a
combination that collectively meets the Relief Requirement as directed in
Requirement R.2.

2
D. Compliance
1. Compliance Monitoring Process:
Regional Entity
If the Responsible Entity works for the Regional Entity, then the Regional
Entity will establish an agreement with the ERO or another entity approved by
the ERO and FERC (i.e., another Regional Entity) to be responsible for
compliance enforcement.
If the Responsible Entity is also a Regional Entity, the ERO or a Regional

the last audit, the Compliance Enforcement Authority may ask an entity to provide
other evidence to show that it was complaint for the full time period since the last
audit.
Each Balancing Authority and Reliability Coordinator shall keep data or
evidence to show compliance as identified below unless directed by its
Compliance Enforcement Authority to retain specific evidence for a longer
The Balancing Authority and Reliability Coordinator shall retain data or
evidence for three calendar years or for the duration of any Compliance
Enforcement Authority investigation; whichever is longer.
If a Balancing Authority or Reliability Coordinator is found non-compliant, it
shall keep information related to the non-compliance until found compliant or
for the duration specified above, whichever is longer.

Compliance Audit
Self-Certification
Spot Checking
Self-Reporting
Complaint

3
1.4. Additional Compliance Information:

Compliance shall be determined by a single event, per path, per calendar month (at
a minimum) provided at least one event occurs in that month.

Version History

IRO-STD-006-0

1 February 10, 2009 Adopted by NERC Board of Trustees

1 March 17, 2011 FERC Order 746 issued by FERC
approving IRO-006-WECC-1 (FERC
approval effective on May 24, 2011)

1 May 2, 2012

Updated the requirements to R1. and R2.

1 J uly 1, 2011 Effective Date

No change
2 February 7, 2013 Adopted by NERC Board of Trustees

WECCStandardIRO006WECC2QualifiedTransferPathUnscheduledFlowRelief

4

Time
Horizon
VRF ViolationSeverityLevels
R1 RealTime
Operations
Medium NotApplicable NotApplicable
NotApplicable ThereshallbeaSevere
levelofnoncomplianceif
thereisoneinstance
duringacalendarmonth
inwhichtheReliability
Coordinatorapproved
(activelyorpassively)or
deniedarequestfor
unscheduledflow
transmissionrelieffrom
theTransmissionOperator
ofaQualifiedTransfer
Path,greaterthanfive
minutesafterreceiptof
notificationfromthe
TransmissionOperatorof
aQualifiedTransferPath.
R2 RealTime
Operations
Medium
ThereshallbeaLower
Levelofnon
complianceifthereis
lessthan100%Relief
Requirementprovided
butgreaterthanor
equalto90%Relief
Requirementprovided
ortheRelief
Requirementwasless
Thereshallbea
ModerateLevelofnon
complianceifthereis
lessthan90%Relief
Requirementprovided
butgreaterthanor
equalto75%Relief
Requirementprovided.
ThereshallbeaHigh
Levelofnon
complianceifthereis
lessthan75%Relief
Requirementprovided
butgreaterthanor
equalto60%Relief
Requirementprovided.
ThereshallbeaSevere
Levelofnoncomplianceif
thereislessthan60%
ReliefRequirement
provided.
WECCStandardIRO006WECC2QualifiedTransferPathUnscheduledFlowRelief

5

Time
Horizon
VRF ViolationSeverityLevels
than5MWandwas
notfullyprovided.
Standard IRO-008-1 Reliability Coordinator Operational Analys es and Real-time As s es s ments

Page 1 of 4
A. Introduction
1. Title: Reliability Coordinator Operational Analyses and Real-time
Assessments
3. Purpose: To prevent instability, uncontrolled separation, or cascading outages that
adversely impact the reliability of the interconnection by ensuring that the Bulk
Electric System is assessed during the operations horizon.
4. Applicability
B. Requirements
R1. Each Reliability Coordinator shall perform an Operational Planning Analysis to assess
whether the planned operations for the next day within its Wide Area, will exceed any
of its Interconnection Reliability Operating Limits (IROLs) during anticipated normal
and Contingency event conditions. (Violation Risk Factor: Medium) (Time Horizon:
Operations Planning)
R2. Each Reliability Coordinator shall perform a Real-Time Assessment at least once every
30 minutes to determine if its Wide Area is exceeding any IROLs or is expected to
exceed any IROLs. (Violation Risk Factor: High) (Time Horizon: Real-time
Operations)
R3. When a Reliability Coordinator determines that the results of an Operational Planning
Analysis or Real-Time Assessment indicates the need for specific operational actions
to prevent or mitigate an instance of exceeding an IROL, the Reliability Coordinator
shall share its results with those entities that are expected to take those actions.
(Violation Risk Factor: Medium) (Time Horizon: Real-time Operations or Same Day
Operations)
C. Measures
M1. The Reliability Coordinator shall have, and make available upon request, the results of
its Operational Planning Analyses.
M2. The Reliability Coordinator shall have, and make available upon request, evidence to
show it conducted a Real-Time Assessment at least once every 30 minutes. This
evidence could include, but is not limited to, dated computer log showing times the
assessment was conducted, dated checklists, or other evidence.
Page 2 of 4
M3. The Reliability Coordinator shall have and make available upon request, evidence to
confirm that it shared the results of its Operational Planning Analyses or Real-Time
Assessments with those entities expected to take actions based on that information.
This evidence could include, but is not limited to, dated operator logs, dated voice
recordings, dated transcripts of voice records, dated facsimiles, or other evidence.
D. Compliance
For Reliability Coordinators that work for the Regional Entity, the ERO shall
For Reliability Coordinators that do not work for the Regional Entity, the
Regional Entity shall serve as the Compliance Enforcement Authority.
Not applicable.
Compliance Audits
Self-Certifications
Spot Checking
Self-Reporting
Complaints
1.4. Data Retention
The Reliability Coordinator shall retain evidence for Requirement R1, Measure
M1 and Requirement R2, Measure M2 for a rolling 30 days. The Reliability
Coordinator shall keep evidence for Requirement R3, Measure M3 for a rolling
three months.
None.
Page 3 of 4
R1
Performed an Operational
Planning Analysis that covers
all aspects of the requirement
for all except one of 30 days.
(R1)

Planning Analysis that
covers all aspects of the
requirement for all except
two of 30 days. (R1)
Planning Analysis that
covers all aspects of the
requirement for all except
three of 30 days. (R1)

Missed performing an
Operational Planning
Analysis that covers all
aspects of the requirement
for four or more of 30 days.
(R1)
R2
For any sample 24 hour period
within the 30 day retention
period, a Real-time Assessment
was not conducted for one 30-
minute period. within that 24-
hour period (R2)

For any sample 24 hour
period within the 30 day
retention period, Real-time
Assessments were not
conducted for two 30-
minute periods within that
24-hour period (R2)

conducted for three 30-
minute periods within that
24-hour period (R2)

conducted for more than
three 30-minute periods
within that 24-hour period
(R2)
R3
Shared the results with
some but not all of the
entities that were required to
take action (R3)
Did not share the results
of its analyses or
assessments with any of
the entities that were
required to take action
(R3).

Page 4 of 4
None
None
Version History
1 October 17,
2008
1 March 17,
2011

Standard IRO-009-1 Reliability Coordinator Actions to Operate Within IROLs
Page 1 of 6
A. Introduction
1. Title: Reliability Coordinator Actions to Operate Within IROLs
adversely impact the reliability of the interconnection by ensuring prompt action to
prevent or mitigate instances of exceeding Interconnection Reliability Operating Limits
(IROLs).
4. Applicability:
B. Requirements
R1. For each IROL (in its Reliability Coordinator Area) that the Reliability Coordinator
identifies one or more days prior to the current day, the Reliability Coordinator shall
have one or more Operating Processes, Procedures, or Plans that identify actions it
shall take or actions it shall direct others to take (up to and including load shedding)
that can be implemented in time to prevent exceeding those IROLs. (Violation Risk
Factor: Medium) (Time Horizon: Operations Planning or Same Day Operations)
R2. For each IROL (in its Reliability Coordinator Area) that the Reliability Coordinator
identifies one or more days prior to the current day, the Reliability Coordinator shall
have one or more Operating Processes, Procedures, or Plans that identify actions it
shall take or actions it shall direct others to take (up to and including load shedding) to
mitigate the magnitude and duration of exceeding that IROL such that the IROL is
relieved within the IROLs T
v
. (Violation Risk Factor: Medium) (Time Horizon:
Operations Planning or Same Day Operations)
R3. When an assessment of actual or expected system conditions predicts that an IROL in
its Reliability Coordinator Area will be exceeded, the Reliability Coordinator shall
implement one or more Operating Processes, Procedures or Plans (not limited to the
Operating Processes, Procedures, or Plans developed for Requirements R1) to prevent
exceeding that IROL. (Violation Risk Factor: High) (Time Horizon: Real-time
Operations)
R4. When actual system conditions show that there is an instance of exceeding an IROL in
its Reliability Coordinator Area, the Reliability Coordinator shall, without delay, act or
direct others to act to mitigate the magnitude and duration of the instance of exceeding
that IROL within the IROLs T
v
. (Violation Risk Factor: High ) (Time Horizon: Real-
time Operations)
Page 2 of 6
R5. If unanimity cannot be reached on the value for an IROL or its T
v
, each Reliability
Coordinator that monitors that Facility (or group of Facilities) shall, without delay, use
the most conservative of the values (the value with the least impact on reliability)
under consideration. (Violation Risk Factor: High) (Time Horizon: Real-time
Operations)
C. Measures
M1. Each Reliability Coordinator shall have, and make available upon request, evidence to
confirm that it has Operating Processes, Procedures, or Plans to address both
preventing and mitigating instances of exceeding IROLs in accordance with
Requirement R1 and Requirement R2. This evidence shall include a list of any IROLs
(and each associated T
v
) identified in advance, along with one or more dated Operating
Processes, Procedures, or Plans that that will be used.
M2. Each Reliability Coordinator shall have, and make available upon request, evidence to
confirm that it acted or directed others to act in accordance with Requirement R3 and
Requirement R4. This evidence could include, but is not limited to, Operating
Processes, Procedures, or Plans from Requirement R1, dated operating logs, dated
voice recordings, dated transcripts of voice recordings, or other evidence.
M3. For a situation where Reliability Coordinators disagree on the value of an IROL or its
T
v
the Reliability Coordinator shall have, and make available upon request, evidence to
confirm that it used the most conservative of the values under consideration, without
delay. Such evidence could include, but is not limited to, dated computer printouts,
dated operator logs, dated voice recordings, dated transcripts of voice recordings, or
other equivalent evidence. (R5)
D. Compliance
For Reliability Coordinators that work for the Regional Entity, the ERO shall
For Reliability Coordinators that do not work for the Regional Entity, the
Regional Entity shall serve as the Compliance Enforcement Authority.
Not applicable.
Compliance Audits
Self-Certifications
Spot Checking
Self-Reporting
Complaints
Page 3 of 6
Exception Reporting
1.4. Data Retention
The Reliability Coordinator, shall keep data or evidence to show compliance as
The Reliability Coordinator shall retain evidence of Requirement R1,
Requirement R2, and Measure M1, for a rolling 12 months.
The Reliability Coordinator shall retain evidence of Requirement R3,
Requirement R4, Requirement R5, Measure M2, and Measure M3 for a
rolling 12 months.
requested and submitted subsequent audit records, and all IROL Violation
Reports submitted since the last audit.
Exception Reporting: For each instance of exceeding an IROL for time greater
than IROL T
v
, the Reliability Coordinator shall submit an IROL Violation Report
to its Compliance Enforcement Authority within 30 days of the initiation of the
event.
Page 4 of 6
R1 An IROL in its Reliability
Coordinator Area was
identified one or more days
in advance and the
Reliability Coordinator does
not have an Operating
Process, Procedure, or Plan
that identifies actions to
prevent exceeding that IROL.
(R1)
R2 An IROL in its Reliability
Coordinator Area was
identified one or more days
in advance and the
Reliability Coordinator does
not have an Operating
Process, Procedure, or Plan
that identifies actions to
mitigate exceeding that
IROL within the IROLs T
v
.
(R2)
R3 An assessment of actual or
expected system conditions
predicted that an IROL in the
Reliability Coordinators
Area would be exceeded, but
no Operating Processes,
Procedures, or Plans were
implemented. (R3)

R4
Actual system conditions
Actual system conditions
Page 5 of 6
showed that there was an
instance of exceeding an
IROL in its Reliability
Coordinator Area, and there
was a delay of five minutes
or more before acting or
directing others to act to
mitigate the magnitude and
duration of the instance of
exceeding that IROL,
however the IROL was
mitigated within the IROL
T
v
.
(R4)
showed that there was an
instance of exceeding an
IROL in its Reliability
Coordinator Area, and that
IROL was not resolved
within the IROLs T
v
. (R4)
R5 Not applicable. Not applicable. Not applicable. There was a disagreement on
the value of the IROL or its
T
v
and the most conservative
limit under consideration was
not used. (R5)

Page 6 of 6
None
IROL Violation Report
Version History
1 October 17,
2008
1 March 17,
2011

Standard IRO-010-1a Reliability Coordinator Data Specification and Collection
Page 1 of 7
A. Introduction
1. Title: Reliability Coordinator Data Specification and Collection
2. Number: IRO-010-1a
adversely impact the reliability of the interconnection by ensuring the Reliability
Coordinator has the data it needs to monitor and assess the operation of its Reliability
Coordinator Area.
4. Applicability
4.4. Generator Operator.
4.6. Load-Serving Entity.
5. Proposed Effective Date: In those jurisdictions where no regulatory approval is
required, the standard shall become effective on the latter of either April 1, 2009 or the
first day of the first calendar quarter, three months after BOT adoption.
effective on the latter of either April 1, 2009 or the first day of the first calendar quarter,
three months after applicable regulatory approval.
B. Requirements
R1. The Reliability Coordinator shall have a documented specification for data and
information to build and maintain models to support Real-time monitoring, Operational
Planning Analyses, and Real-time Assessments of its Reliability Coordinator Area to
prevent instability, uncontrolled separation, and cascading outages. The specification
shall include the following: (Violation Risk Factor: Low) (Time Horizon: Operations
Planning)
R1.1. List of required data and information needed by the Reliability Coordinator to
support Real-Time Monitoring, Operational Planning Analyses, and Real-Time
Assessments.
R1.2. Mutually agreeable format.
R1.3. Timeframe and periodicity for providing data and information (based on its
hardware and software requirements, and the time needed to do its Operational
Planning Analyses).
R1.4. Process for data provision when automated Real-Time system operating data is
unavailable.
Page 2 of 7
R2. The Reliability Coordinator shall distribute its data specification to entities that have
Facilities monitored by the Reliability Coordinator and to entities that provide Facility
status to the Reliability Coordinator. (Violation Risk Factor: Low) (Time Horizon:
Operations Planning)
R3. Each Balancing Authority, Generator Owner, Generator Operator, Interchange
Authority, Load-serving Entity, Reliability Coordinator, Transmission Operator, and
Transmission Owner shall provide data and information, as specified, to the Reliability
Coordinator(s) with which it has a reliability relationship. (Violation Risk Factor:
Medium) (Time Horizon: Operations Planning; Same-day Operations; Real-time
Operations)
C. Measures
M1. The Reliability Coordinator shall have, and make available upon request, a documented
data specification that contains all elements identified in Requirement R1.
M2. The Reliability Coordinator shall have, and make available upon request, evidence that
it distributed its data specification to entities that have Facilities monitored by the
Reliability Coordinator and to entities that provide Facility status to the Reliability
Coordinator. This evidence could include, but is not limited to, dated paper or
electronic notice used to distribute its data specification showing recipient, and data or
information requested or other equivalent evidence. (R2)
M3. The Balancing Authority, Generator Owner, Generator Operator, Load-Serving Entity,
Reliability Coordinator, Transmission Operator and Transmission Owner shall each
have, and make available upon request, evidence to confirm that it provided data and
information, as specified in Requirement R3. This evidence could include, but is not
limited to, dated operator logs, dated voice recordings, dated computer printouts, dated
SCADA data, or other equivalent evidence.
D. Compliance
1.1.Compliance Enforcement Authority
For Reliability Coordinators and other functional entities that work for the Regional
Entity, the ERO shall serve as the Compliance Enforcement Authority.
For entities that do not work for the Regional Entity, the Regional Entity shall serve
1.2.Compliance Monitoring Period and Reset Time Frame
Not applicable.
Compliance Audits
Self-Certifications
Spot Checking
Page 3 of 7
Self-Reporting
Complaints
1.4.Data Retention
The Balancing Authority, Generator Owner, Generator Operator, Load-Serving
Entity, Reliability Coordinator, Transmission Operator and Transmission Owner,
shall each keep data or evidence to show compliance as identified below unless
directed by its Compliance Enforcement Authority to retain specific evidence for a
The Reliability Coordinator shall retain its current, in force data specification for
The Reliability Coordinator shall keep evidence of its most recent distribution of
its data specification and evidence to show the data supplied in response to that
specification for Requirement R2, Measure M2 and Requirement R3 Measure
M3.
For data that is requested in accordance with Requirement R2, the Balancing
Authority, Generator Owner, Generator Operator, Load-Serving Entity,
Reliability Coordinator, Transmission Operator and Transmission Owner shall
keep evidence used to show compliance with Requirement R3 Measure M3 for
the Reliability Coordinators most recent data specification for a rolling 90
calendar days.
1.5.1 None.
Page4 of 7

R1 Data specification is complete
with the following exception:
Missing the mutually agreeable
format. (R1.2)
Data specification is complete
with the following exception
no process for data provision
when automated Real-Time
systemoperating data is
unavailable. (R1.4)
Data specification incomplete
(missing either the list of
required data (R1.1), or the
timeframe for providing data.
(R1.3)
No data specification (R1)
R2 Distributed its data
specification to greater than or
equal to 95% but less than
100% of the entities that have
Facilities monitored by the
Reliability Coordinator and the
entities that provide the
Reliability Coordinator with
Facility status.
Distributed its data
equal to 85% but less than 95%
of the entities that have
Facility status. (R2)
Distributed its data
equal to 75% - but less then
85% of the entities that have
Data specification distributed to
less than 75% of the entities
that have Facilities monitored
by the Reliability Coordinator
and the entities that provide the
R3 Provided greater than or equal
to 95% but less then 100% of
the data and information as
specified. (R3)
Provided greater than or equal
to 85% but less than 95% of the
data and information as
specified. (R3)
Provided greater than or equal
to 75% but less then 85% of the
specified. (R3)
Provided less than 75% of the
specified. (R3)

Page 5 of 7

None
1. Appendix 1 Interpretation of Requirements R1.2 and R3
Version History
1 October 17,
2008
1a August 5, 2009 Added Appendix 1: Interpretation of
R1.2 and R3 as approved by Board of
Trustees
Addition
1a March 17,
2011
010-1a (approval effective 5/23/11)

Page 6 of 7

Appendix 1

Interpretation of Requirements R1.2 and R3

Text of Requirements R1.2 and R3

Question 1
Does the phrase, as specified in Requirement R3 reference the documented data and
information specification in IRO-010-1 Requirement R1, or is the data and information in
Requirement R3 any data and information that the Reliability Coordinator might request?

Response: The data to be supplied in Requirement R3 applies to the documented specification for
data and information referenced in Requirement R1.
Question 2
Is the intent of Requirement R3 to have each responsible entity provide its own data and
information to its Reliability Coordinator, or is the intent to have responsible entities provide
aggregated data (collected and compiled from other entities at the direction of the Reliability
Coordinator) to the Reliability Coordinator?

Response: The intent of Requirement R3 is for each responsible entity to ensure that its data and
information (as stated in the documented specification in Requirement R1) are provided to the

Another entity may provide that data or information to the Reliability Coordinator on behalf of the
responsible entity, but the responsibility remains with the responsible entity. There is neither
intent nor obligation for any entity to compile information from other entities and provide it to the
R1. The Reliability Coordinator shall have a documented specification for data and
information to build and maintain models to support Real-time monitoring, Operational
Planning Analyses, and Real-time Assessments of its Reliability Coordinator Area to
prevent instability, uncontrolled separation, and cascading outages. The specification
shall include the following:
R1.1. List of required data and information needed by the Reliability Coordinator to
support Real-Time Monitoring, Operational Planning Analyses, and Real-Time
Assessments.
R1.2. Mutually agreeable format.
R1.3. Timeframe and periodicity for providing data and information (based on its
hardware and software requirements, and the time needed to do its Operational
Planning Analyses).
R1.4. Process for data provision when automated Real-Time system operating data is
unavailable.
R3. Each Balancing Authority, Generator Owner, Generator Operator, Interchange
Authority, Load-serving Entity, Reliability Coordinator, Transmission Operator, and
Transmission Owner shall provide data and information, as specified, to the Reliability
Coordinator(s) with which it has a reliability relationship.
Page 7 of 7

Question 3
Under Requirement R1.2, what actions (on the part of the Reliability Coordinator) are expected
to support the mutually acceptable format for submission of data and information?

Response: Requirement R1.2 mandates that the parties will reach a mutual agreement with
respect to the format of the data and information. If the parties can not mutually agree on the
format, it is expected that they will negotiate to reach agreement or enter into dispute resolution to
resolve the disagreement.
Standard IRO-014-1 Procedures, Processes, or Plans to Support Coordination Between

Adopted by Board of Trustees: February 7, 2006 1 of 4
Effecti ve Date: November 1, 2006
A. Introduction
1. Title: Procedures, Processes, or Plans to Support Coordination Between
3. Purpose: To ensure that each Reliability Coordinators operations are coordinated such
that they will not have an Adverse Reliability Impact on other Reliability Coordinator Areas and
to preserve the reliability benefits of interconnected operations.
4. Applicability
5. Effective Date: November 1, 2006
B. Requirements
R1. The Reliability Coordinator shall have Operating Procedures, Processes, or Plans in place for
activities that require notification, exchange of information or coordination of actions with one
or more other Reliability Coordinators to support Interconnection reliability. These Operating
Procedures, Processes, or Plans shall address Scenarios that affect other Reliability Coordinator
Areas as well as those developed in coordination with other Reliability Coordinators.
R1.1. These Operating Procedures, Processes, or Plans shall collectively address, as a
R1.1.1. Communications and notifications, including the conditions
1
under which
one Reliability Coordinator notifies other Reliability Coordinators; the
process to follow in making those notifications; and the data and
information to be exchanged with other Reliability Coordinators.
R1.1.2. Energy and capacity shortages.
R1.1.3. Planned or unplanned outage information.
R1.1.4. Voltage control, including the coordination of reactive resources for voltage
control.
R1.1.5. Coordination of information exchange to support reliability assessments.
R1.1.6. Authority to act to prevent and mitigate instances of causing Adverse
Reliability Impacts to other Reliability Coordinator Areas.
R2. Each Reliability Coordinators Operating Procedure, Process, or Plan that requires one or more
other Reliability Coordinators to take action (e.g., make notifications, exchange information, or
coordinate actions) shall be:
R2.1. Agreed to by all the Reliability Coordinators required to take the indicated action(s).
R2.2. Distributed to all Reliability Coordinators that are required to take the indicated
action(s).

1
Examples of conditions when one Reliability Coordinator may need to notify another Reliability
Coordinator may include (but arent limited to) sabotage events, Interconnection Reliability Operating
Limit violations, voltage reductions, insufficient resources, arming of special protection systems, etc.


R3. A Reliability Coordinators Operating Procedures, Processes, or Plans developed to support a
Reliability Coordinator-to-Reliability Coordinator Operating Procedure, Process, or Plan shall
include:
R3.1. A reference to the associated Reliability Coordinator-to-Reliability Coordinator
Operating Procedure, Process, or Plan.
R3.2. The agreed-upon actions from the associated Reliability Coordinator-to-Reliability
Coordinator Operating Procedure, Process, or Plan.
R4. Each of the Operating Procedures, Processes, and Plans addressed in Reliability Standard IRO-
014 Requirement 1 and Requirement 3 shall:
R4.1. Include version control number or date.
R4.2. Include a distribution list.
R4.3. Be reviewed, at least once every three years, and updated if needed.
C. Measures
M1. The Reliability Coordinator's System Operators shall have available for Real-time use, the
latest approved version of Operating Procedures, Processes, or Plans that require notifications,
information exchange or the coordination of actions between Reliability Coordinators.
M1.1 These Operating Procedures, Processes, or Plans shall address:
M1.1.1 Communications and notifications, including the conditions under which
one Reliability Coordinator notifies other Reliability Coordinators; the
process to follow in making those notifications; and the data and
information to be exchanged with other Reliability Coordinators.
M1.1.2 Energy and capacity shortages.
M1.1.3 Planned or unplanned outage information.
M1.1.4 Voltage control, including the coordination of reactive resources for voltage
control.
M1.1.5 Coordination of information exchange to support reliability assessments.
M1.1.6 Authority to act to prevent and mitigate instances of causing Adverse
Reliability Impacts to other Reliability Coordinator Areas.
M2. The Reliability Coordinator shall have evidence that these Operating Procedures, Processes, or
Plans were:
M2.1 Agreed to by all the Reliability Coordinators required to take the indicated action(s).
M2.2 Distributed to all Reliability Coordinators that are required to take the indicated
action(s).
M3. The Reliability Coordinators Operating Procedures, Processes, or Plans developed (for its
System Operators internal use) to support a Reliability Coordinator-to-Reliability Coordinator
Operating Procedure, Process, or Plan received from another Reliability Coordinator shall:
M3.1 Be available to the Reliability Coordinators System Operators for Real-time use,
M3.2 Include a reference to the associated source document, and
M3.3 Support the agreed-upon actions from the source document.

M4. The Reliability Coordinators Operating Procedures, Processes, or Plans that addresses
Reliability Coordinator-to-Reliability Coordinator coordination shall each include a version
control number or date and a distribution list. The Reliability Coordinator shall have evidence
that these Operating Procedures, Processes, or Plans were reviewed within the last three years.
D. Compliance
The Performance-Reset Period shall be one calendar year.
1.3. Data Retention
The Reliability Coordinator shall keep documentation for the prior calendar year and the
current calendar year. The Compliance Monitor shall keep compliance data for a minimum
of three years or until the Reliability Coordinator has achieved full compliance, whichever is
longer.
The Reliability Coordinator shall demonstrate compliance through self-certification
submitted to its Compliance Monitor annually. The Compliance Monitor shall also use a
scheduled on-site review at least once every three years and investigations upon complaint.
The Compliance Monitor shall conduct an investigation upon a complaint within 30 days of
the alleged infractions discovery date. The Compliance Monitor shall complete the
investigation within 45 days after the start of the investigation. As part of an audit or
investigation, the Compliance Monitor shall interview other Reliability Coordinators to
identify Operating Procedures, Processes or Plans that were distributed to the Reliability
Coordinator being audited to verify that these documents are available for Real-time use by
the receiving Reliability Coordinators System Operators.
The Reliability Coordinator shall have the following documents available for inspection
during an on-site audit or within five business days of a request as part of an investigation
upon a complaint:
1.4.1 The latest version of its Operating Procedures, Processes, or Plans that require
notification, exchange of information, or coordination of actions with one or more
other Reliability Coordinators to support Interconnection reliability.
1.4.2 Evidence of distribution of Operating Procedures, Processes, or Plans.
2.1. Level 1: There shall be a level one non-compliance if either of the following conditions is
present:
2.1.1 The latest versions of Operating Procedures, Processes, or Plans (identified through
self-certification) that require notification, exchange of information, or coordination
of actions with one or more other Reliability Coordinators to support Interconnection
reliability do not include a version control number or date, and a distribution list.
2.1.2 The latest versions of Reliability Coordinator internal documents developed to
support action(s) required as a result of other Reliability Coordinators do not include

both a reference to the source Operating Procedure, Process, or Plan and the agreed-
upon actions from the source Operating Procedure, Process, or Plan.
2.2. Level 2: There shall be a level two non-compliance if any of the following conditions is
present:
2.2.1 Documents required by this standard were not distributed to all entities on the
distribution list.
2.2.2 Documents required by this standard were not available for System Operators Real-
time use.
2.2.3 Documents required by this standard do not address all required topics.
2.3. Level 3: Documents required by this standard do not address any of the six required topics
in Reliability Standard IRO-014 R1.

None Identified.
Version History
Version 1 08/10/05 1. Changed incorrect use of certain hyphens (-)
to en dash ().
2. Hyphenated 30-day when used as
adjective.
3. Changed standard header to be consistent
with standard Title.
4. Initial capped heading Definitions of
Terms Used in Standard.
5. Added periods to items where
appropriate.
6. Changed Timeframe to Time Frame in
item D, 1.2.
7. Lower cased all words that are not defined
terms drafting team, self-certification.
8. Changed apostrophes to smart symbols.
9. Added comma in all word strings
Procedures, Processes, or Plans, etc.
10. Added hyphens to Reliability Coordinator-
to-Reliability Coordinator where used as
adjective.
11. Removed comma in item 2.1.2.
12. Removed extra spaces between words where
appropriate.
01/20/06

Standard IRO-014-2 Coordination Among Reliability Coordinators
A. Introduction
1. Title: Coordination Among Reliability Coordinators
3. Purpose: To ensure that each Reliability Coordinators operations are coordinated
such that they will not have an Adverse Reliability Impact on other Reliability
Coordinator Areas and to preserve the reliability benefits of interconnected operations.
4. Applicability:
5. Effective Date: In those jurisdictions where regulatory approval is required, this
standard shall become effective on the first day of the first calendar quarter that is 12
months after applicable regulatory approval. In those jurisdictions where no regulatory
approval is required, this standard shall become effective on the first day of the first
calendar quarter that is 12 months after Board of Trustees approval.
B. Requirements
R1. Each Reliability Coordinator shall have Operating Procedures, Operating Processes, or
Operating Plans for activities that require notification, exchange of information or
coordination of actions that may impact other Reliability Coordinator Areas to support
Interconnection reliability. These Operating Procedures, Processes, or Plans shall
collectively address the following: [Violation Risk Factor: Medium] [Time Horizon:
Same Day Operations and Operations Planning]
1.1. Communications and notifications, including the mutually agreed to conditions
under which one Reliability Coordinator notifies other Reliability
Coordinators; the process to follow in making those notifications; and the data
and information to be exchanged with other Reliability Coordinators.
1.2. Energy and capacity shortages.
1.3. Planned or unplanned outage information.
1.4. Control of voltage, including the coordination of reactive resources.
1.5. Coordination of information exchange to support reliability assessments.
1.6. Authority to act to prevent and mitigate system conditions which could cause
Adverse Reliability Impacts to other Reliability Coordinator Areas.
1.7. Weekly conference calls
R2. Each Reliability Coordinator shall maintain its Operating Procedures, Operating
Processes, or Operating Plans identified in Requirement R1 as follows: [Violation Risk
Factor: Lower] [Time Horizon: Same Day Operations and Operations Planning]
2.1. Review and update annually with no more that 15 months between reviews.
2.2. Obtain written agreement from all of the Reliability Coordinators required to
take the indicated action(s) for each update.
2.3. Distribute to all Reliability Coordinators that are required to take the indicated
action(s) within 30 days of an update.
R3. Each Reliability Coordinator shall make notifications and exchange reliabilityrelated
information with other Reliability Coordinators in accordance with the Operating
Procedures, Operating Processes, or Operating Plans identified in Requirement R1.
[Violation Risk Factor: Medium][Time Horizon: Real-time Operations and Operations
Planning]
R4. Each Reliability Coordinator shall participate in agreed upon conference calls, at least
weekly (per Requirement 1, Part 1.7) with other Reliability Coordinators within the
same Interconnection. [Violation Risk Factor: Lower][Time Horizon: Real-time
Operations]
R5. Each Reliability Coordinator, upon identification of an Adverse Reliability Impact,
shall notify all other Reliability Coordinators. [Violation Risk Factor: Medium] [Time
Horizon: Operations Planning, Same Day Operations and Real-time Operations]
R6. During each instance where Reliability Coordinators disagree on the existence of an
Adverse Reliability Impact each impacted Reliability Coordinator shall operate as
though the problem exists. [Violation Risk Factor: High] [Time Horizon: Operations
Planning, Same Day Operations and Real-time Operations]
R7. During those instances where Reliability Coordinators disagree on the existence of an
Adverse Reliability Impact, the Reliability Coordinator that identified the Adverse
Reliability Impact shall develop an action plan to resolve the Adverse Reliability
Impact. [Violation Risk Factor: High][Time Horizon: Operations Planning, Same
Day Operations and Real-time Operations]
R8. During those instances where Reliability Coordinators disagree on the existence of an
Adverse Reliability Impact, each Reliability Coordinator shall implement the action
plan developed by the Reliability Coordinator that identified the Adverse Reliability
Impact unless such actions would violate safety, equipment, regulatory or statutory
requirements. [Violation Risk Factor: High][Time Horizon: Operations Planning,
Same Day Operations and Real-time Operations]
C. Measures
M1. Each Reliability Coordinator shall have available the latest approved documented
version of its Operating Procedures, Processes, and Operating Plans that require
notifications, information exchange or the coordination of actions among impacted
Reliability Coordinators for conditions or activities that impact other Reliability
Coordinator Areas. This documentation shall include dated, current in force
documentation with the specified elements. (R1)
M2. Each Reliability Coordinator shall have dated evidence that the Operating Procedures,
Processes, and Plans that require one or more other Reliability Coordinators to take
action (e.g., make notifications, exchange information, or coordinate actions) were:
2.1 Reviewed and updated annually with no more than 15 months between
reviews.
2.2 Agreed to, in writing, by all the Reliability Coordinators required to take the
indicated action(s).
2.3 Distributed within 30 days of an update to all Reliability Coordinators that are
required to take the indicated action(s).
This evidence may include, but is not limited to dated documentation with
confirmation of receipt, dated notice of acceptance or agreement to take specified
actions, or dated electronic communications with confirmation of receipt and
acceptance or agreement to take specified actions. (R2)
is not limited to operator logs, voice recordings or transcripts of voice recordings,
electronic communications, or equivalent dated documentation, that will be used to
determine that it made notifications and exchanged reliabilityrelated information with
impacted Reliability Coordinators in accordance with the Operating Procedures,
Processes, or Plans identified in Requirement R1. (R3)
determine that it participated in agreed upon (at least weekly) conference calls with
other Reliability Coordinators within the same Interconnection. (R4)
determine that it, upon identification of an Adverse Reliability Impact, notified other
Reliability Coordinators. (R5)
electronic communications, or equivalent documentation, that will be used to
determine that it operated under the assumption that the Adverse Reliability Impact
existed during each instance where Reliability Coordinators disagreed on the existence
of an Adverse Reliability Impact. (R6)
M7. Each Reliability Coordinator that identified an Adverse Reliability Impact shall have
evidence and provide evidence that it developed an action plan during those instances
where Reliability Coordinators disagreed on the existence of an Adverse Reliability
Impact. This evidence may include, but is not limited to operator logs, voice
recordings or transcripts of voice recordings, electronic communications, or equivalent
dated documentation. (R7)
M8. Each impacted Reliability Coordinator shall have and provide evidence which may
include, but is not limited to operator logs, voice recordings or transcripts of voice
recordings, electronic communications, or equivalent dated documentation, that will be
used to determine that it implemented the action plan developed by the Reliability
Coordinator who has the identified the Adverse Reliability Impact when a Reliability
Coordinator has identified an Adverse Reliability Impact and the impacted Reliability
Coordinators disagree on an action unless such actions would have violated safety,
equipment, or regulatory or statutory requirements. (R8)
D. Compliance
Reliability Coordinator works for the Regional Entity. Where the Reliability
Coordinator works for the Regional Entity, the Regional Entity will establish an
agreement with the ERO or another entity approved by the ERO and FERC (i.e.
another Regional Entity), to be responsible for compliance enforcement.
Not Applicable
Compliance Audit
Self-Certification
Spot Checking
Self-Reporting
Complaint
1.4. Data Retention
o Each Reliability Coordinator shall retain its current, in force document and
any documents in force since the last compliance audit for Requirements R1,
R2, and Measures M1, M2.
o Each Reliability Coordinator shall retain its most recent 12 months of
evidence for Requirement R3, R4, R5 and Measure M3, M4, M5.
o Each Reliability Coordinator shall retain 3 calendar years plus current
calendar year of evidence for Requirements R6 through R8 and Measures M6
through M8.
o If a Reliability Coordinator is found non-compliant, it shall keep information
related to the non-compliance until found compliant, or for the time period
o The Compliance Enforcement Authority shall keep the last audit records and


R1 The Reliability Coordinator has
Operating Procedures, Operating
Processes, or Operating Plans in
place for activities that require
notification, exchange of
information or coordination of
actions with impacted Reliability
Coordinators to support
Interconnection reliability but failed
to address one of the topical areas
identified in Parts 1.1 through 1.7.
to address two of the topical areas
identified in Parts 1.1 through 1.7.
to address three of the topical
areas identified in Parts 1.1
through 1.7.
have Operating Procedures,
Operating Processes, or Operating
Plans in place for activities that
require notification, exchange of
Interconnection reliability to
address three or more of the
topical areas identified in Parts 1.1
through 1.7.
Processes, or Operating Plans
identified in R1 but failed to
distribute these to all Reliability
Coordinators that are required to
take action.
identified in R1 but failed to obtain
agreement from all Reliability
take action.
OR
Failed to review and update the
Processes, and Operating Plans
identified in R1 annually.
identified in R1 but failed to review
and update annually and obtain
written agreement from all
Reliability Coordinators that are
required to take action and failed to
distribute these to all Reliability
take action.
R3 N/A N/A The Reliability Coordinator failed to
make notifications OR exchange
reliabilityrelated information with
impacted Reliability Coordinators.
make notifications AND exchange
reliabilityrelated information with
impacted Reliability Coordinators.
R4 N/A N/A N/A The Reliability Coordinator failed to
participate in an agreed upon (at
least weekly) conference call with
impacted Reliability Coordinators
within the same Interconnection.
R5 N/A The Reliability Coordinator failed to
notify one, but not all, of the
impacted Reliability Coordinators
upon identification of an Adverse
Reliability Impact.
N/A The Reliability Coordinator failed to
notify more than one impacted
Reliability Coordinators upon
identification of an Adverse
Reliability Impact.
OR
notify the impacted Reliability
Coordinator (when there is only
one impacted Reliability
Coordinator) upon identification of
an Adverse Reliability Impact.
operate under the assumption that
the Adverse Reliability Impact
existed during an instance where
Reliability Coordinators disagree
on the existence of an Adverse
Reliability Impact.
R7 N/A N/A N/A The Reliability Coordinator that
identified the Adverse Reliability
Impact failed to develop an action
plan to resolve the Adverse
Reliability Impact during an
instance where Reliability
Coordinators disagreed on the
existence of an Adverse Reliability
Impact.
implement the action plan
developed by the Reliability
Coordinator that identified the
Adverse Reliability Impact during
an instance where Reliability
Coordinators disagreed on the
existence of an Adverse Reliability
Impact.

None identified.
Version History
Tracking
1 August 10, 2005 1. Changed incorrect use of certain hyphens (-) to en dash
().
2. Hyphenated 30-day when used as adjective.
3. Changed standard header to be consistent with standard
Title.
4. Initial capped heading Definitions of Terms Used in
Standard.
5. Added periods to items where appropriate.
6. Changed Timeframe to Time Frame in item D, 1.2.
7. Lower cased all words that are not defined terms
drafting team, self-certification.
9. Added comma in all word strings Procedures, Processes,
or Plans, etc.
10. Added hyphens to Reliability Coordinator-to-Reliability
Coordinator where used as adjective.
11. Removed comma in item 2.1.2.
12. Removed extra spaces between words where appropriate.
J anuary 20, 2006
1 February 7, 2006 Approved by BOT Revised
2 August 4, 2011 Revised per Project 2006-6; Revised existing requirements
for clarity, retired R3 and R4 and incorporated requirements
from IRO-015-1 and IRO-016-1 into this standard.
Revised
2 August 4, 2011 Adopted by Board of Trustees

Standard IRO-015-1 Notifications and Information Exchange Between Reliability Coordinators
A. Introduction
1. Title: Notifications and Information Exchange Between Reliability Coordinators
that they will not have an Adverse Reliability Impact on other Reliability Coordinator Areas
and to preserve the reliability benefits of interconnected operations.
4. Applicability
B. Requirements
R1. The Reliability Coordinator shall follow its Operating Procedures, Processes, or Plans for
making notifications and exchanging reliability-related information with other Reliability
Coordinators.
R1.1. The Reliability Coordinator shall make notifications to other Reliability Coordinators
of conditions in its Reliability Coordinator Area that may impact other Reliability
Coordinator Areas.
R2. The Reliability Coordinator shall participate in agreed upon conference calls and other
communication forums with adjacent Reliability Coordinators.
R2.1. The frequency of these conference calls shall be agreed upon by all involved
Reliability Coordinators and shall be at least weekly.
R3. The Reliability Coordinator shall provide reliability-related information as requested by other
C. Measures
M1. The Reliability Coordinator shall have evidence (such as operator logs or other data sources) it
has followed its Operating Procedures, Processes, or Plans for notifying other Reliability
Coordinators of conditions in its Reliability Coordinator Area that may impact other Reliability
Coordinator Areas.
M2. The Reliability Coordinator shall have evidence (such as operator logs or other data sources)
that it participated in agreed upon (at least weekly) conference calls and other communication
forums with adjacent Reliability Coordinators.
M3. The Reliability Coordinator shall have evidence that it provided requested reliability-related
information to other Reliability Coordinators.
D. Compliance
The Performance Reset Period shall be one calendar year.
1.3. Data Retention
The Reliability Coordinator shall keep auditable documentation for a rolling 12 months.
The Compliance Monitor shall keep compliance data for a minimum of three years or until
the Reliability Coordinator has achieved full compliance whichever is longer.
submitted to its Compliance Monitor annually. The Compliance Monitor shall also use a
scheduled on-site review at least once every three years and investigations upon complaint.
The Compliance Monitor shall conduct an investigation upon a complaint within 30 days of
the alleged infractions discovery date. The Compliance Monitor shall complete the
investigation within 45 days after the start of the investigation. As part of an audit or an
investigation, the Compliance Monitor shall interview other Reliability Coordinators within
the Interconnection and verify that the Reliability Coordinator being audited or investigated
has been making notifications and exchanging reliability-related information according to
agreed Operating Procedures, Processes, or Plans.
The Reliability Coordinator shall have the following available for its Compliance Monitor
to inspect during a scheduled, on-site review or within five days of a request as part of an
investigation upon complaint:
1.4.1 Evidence it has participated in agreed-upon conference calls or other
communications forums.
1.4.2 Operating logs or other data sources that document notifications made to other
2.1. Level 1: Did not participate in agreed upon (at least weekly) conference calls and other
communication forums with adjacent Reliability Coordinators.
2.2. Level 2: Did not notify other Reliability Coordinators as specified in its Operating
Procedures, Processes, or Plans for making notifications but no Adverse Reliability Impacts
resulted from the incident.
2.3. Level 3: Did not provide requested reliability-related information to other Reliability
Coordinators.
2.4. Level 4: Did not notify other Reliability Coordinators as specified in its Operating
Procedures, Processes, or Plans for making notifications and Adverse Reliability Impacts
resulted from the incident.
None Identified.
Version History
Version 1 08/10/05 1. Changed incorrect use of
certain hyphens (-) to en dash
().
01/20/06
2. Hyphenated 30-day and
reliability-related when used
as adjective.
3. Changed standard header to be
consistent with standard
Title.
4. Added periods to items
where appropriate.
5. Initial capped heading
Definitions of Terms Used in
Standard.
6. Changed Timeframe to
Time Frame in item D, 1.2.
7. Lower cased all words that are
not defined terms
drafting team, and self-
certification.
8. Changed apostrophes to
smart symbols.
9. Added comma in all word
strings Procedures, Processes,
or Plans, etc.
10. Added hyphens to Reliability
Coordinator-to-Reliability
Coordinator where used as
adjective.
11. Removed comma in item
2.1.2.
12. Removed extra spaces
between words where
appropriate.

Standard IRO-016-1 Coordination of Real-time Activities Between Reliability Coordinators
1 of 3
A. Introduction
1. Title: Coordination of Real-time Activities Between Reliability Coordinators
that they will not have an Adverse Reliability Impact on other Reliability Coordinator Areas
and to preserve the reliability benefits of interconnected operations.
4. Applicability
B. Requirements
R1. The Reliability Coordinator that identifies a potential, expected, or actual problem that requires
the actions of one or more other Reliability Coordinators shall contact the other Reliability
Coordinator(s) to confirm that there is a problem and then discuss options and decide upon a
solution to prevent or resolve the identified problem.
R1.1. If the involved Reliability Coordinators agree on the problem and the actions to take
to prevent or mitigate the system condition, each involved Reliability Coordinator
shall implement the agreed-upon solution, and notify the involved Reliability
Coordinators of the action(s) taken.
R1.2. If the involved Reliability Coordinators cannot agree on the problem(s) each
Reliability Coordinator shall re-evaluate the causes of the disagreement (bad data,
status, study results, tools, etc.).
R1.2.1. If time permits, this re-evaluation shall be done before taking corrective
actions.
R1.2.2. If time does not permit, then each Reliability Coordinator shall operate as
though the problem(s) exist(s) until the conflicting system status is resolved.
R1.3. If the involved Reliability Coordinators cannot agree on the solution, the more
conservative solution shall be implemented.
R2. The Reliability Coordinator shall document (via operator logs or other data sources) its actions
taken for either the event or for the disagreement on the problem(s) or for both.

C. Measures
M1. For each event that requires Reliability Coordinator-to-Reliability Coordinator coordination,
each involved Reliability Coordinator shall have evidence (operator logs or other data sources)
of the actions taken for either the event or for the disagreement on the problem or for both.
D. Compliance
The performance reset period shall be one calendar year.
2 of 3
1.3. Data Retention
The Reliability Coordinator shall keep auditable evidence for a rolling 12 months. In
addition, entities found non-compliant shall keep information related to the non-compliance
until it has been found compliant. The Compliance Monitor shall keep compliance data for
a minimum of three years or until the Reliability Coordinator has achieved full compliance,
submitted to its Compliance Monitor annually. The Compliance Monitor shall use a
scheduled on-site review at least once every three years. The Compliance Monitor shall
conduct an investigation upon a complaint that is received within 30 days of an alleged
infractions discovery date. The Compliance Monitor shall complete the investigation and
report back to all involved Reliability Coordinators (the Reliability Coordinator that
complained as well as the Reliability Coordinator that was investigated) within 45 days
after the start of the investigation. As part of an audit or investigation, the Compliance
Monitor shall interview other Reliability Coordinators within the Interconnection and
verify that the Reliability Coordinator being audited or investigated has been coordinating
actions to prevent or resolve potential, expected, or actual problems that adversely impact
the Interconnection.
The Reliability Coordinator shall have the following available for its Compliance Monitor
to inspect during a scheduled, on-site review or within five working days of a request as
part of an investigation upon complaint:
1.4.1 Evidence (operator log or other data source) to show coordination with other
2.1. Level 1: For potential, actual or expected events which required Reliability
Coordinator-to-Reliability Coordinator coordination, the Reliability Coordinator did
coordinate, but did not have evidence that it coordinated with other Reliability
Coordinators.
2.4. Level 4: For potential, actual or expected events which required Reliability
Coordinator-to-Reliability Coordinator coordination, the Reliability Coordinator did not
coordinate with other Reliability Coordinators.
None identified.
Version History
1 August 10, 2005 1. Changed incorrect use of certain hyphens (-)
to en dash ().
2. Hyphenated 30-day and Reliability
Coordinator-to-Reliability Coordinator
when used as adjective.
01/20/06
3 of 3
3. Changed standard header to be consistent
with standard Title.
appropriate.
5. Initial capped heading Definitions of
Terms Used in Standard.
item D, 1.2.
7. Lower cased all words that are not defined
terms drafting team, and self-
certification.
9. Removed comma after word condition in
item R.1.1.
10. Added comma after word expected in
item 1.4, last sentence.
11. Removed extra spaces between words where
appropriate.
1 February 7,
2006
1 March 16, 2007 Approved by FERC
1 February 7,
2013
approval.

Standard MOD-001-1a Available Transmission System Capability

Page 1 of 15

A. Introduction
1. Title: Available Transmission System Capability
2. Number: MOD-001-1a
3. Purpose: To ensure that calculations are performed by Transmission Service
Providers to maintain awareness of available transmission system capability and future
flows on their own systems as well as those of their neighbors
4. Applicability:
5. Proposed Effective Date: Immediately after approval of applicable regulatory authorities.
B. Requirements
R1. Each Transmission Operator shall select one of the methodologies
1
The Area Interchange Methodology, as described in MOD-028
listed below for
calculating Available Transfer Capability (ATC) or Available Flowgate Capability (AFC) for
each ATC Path per time period identified in R2 for those Facilities within its Transmission
operating area: [Violation Risk Factor: Lower] [Time Horizon: Operations Planning]
The Rated System Path Methodology, as described in MOD-029
The Flowgate Methodology, as described in MOD-030
R2. Each Transmission Service Provider shall calculate ATC or AFC values as listed
below using the methodology or methodologies selected by its Transmission
Operator(s): [Violation Risk Factor: Lower [Time Horizon: Operations Planning]
R2.1. Hourly values for at least the next 48 hours.
R2.2. Daily values for at least the next 31 calendar days.
R2.3. Monthly values for at least the next 12 months (months 2-13).
R3. Each Transmission Service Provider shall prepare and keep current an Available
Transfer Capability Implementation Document (ATCID) that includes, at a minimum,
the following information: [Violation Risk Factor: Lower] [Time Horizon:
R3.1. Information describing how the selected methodology (or methodologies) has
been implemented, in such detail that, given the same information used by
the Transmission Service Provider, the results of the ATC or AFC
calculations can be validated.
R3.2. A description of the manner in which the Transmission Service Provider will
account for counterflows including:

1
All ATC Paths do not have to use the same methodology and no particular ATC Path must use the same
methodology for all time periods.

Page 2 of 15

R3.2.1. How confirmed Transmission reservations, expected Interchange
and internal counterflow are addressed in firm and non-firm ATC or
AFC calculations.
R3.2.2. A rationale for that accounting specified in R3.2.
R3.3. The identity of the Transmission Operators and Transmission Service
Providers from which the Transmission Service Provider receives data for
use in calculating ATC or AFC.
R3.4. The identity of the Transmission Service Providers and Transmission
Operators to which it provides data for use in calculating transfer or Flowgate
capability.
R3.5. A description of the allocation processes listed below that are applicable to
the Transmission Service Provider:
Processes used to allocate transfer or Flowgate capability among multiple
lines or sub-paths within a larger ATC Path or Flowgate.
Processes used to allocate transfer or Flowgate capabilities among
multiple owners or users of an ATC Path or Flowgate.
Processes used to allocate transfer or Flowgate capabilities between
Transmission Service Providers to address issues such as forward looking
congestion management and seams coordination.
R3.6. A description of how generation and transmission outages are considered in
transfer or Flowgate capability calculations, including:
R3.6.1. The criteria used to determine when an outage that is in effect part
of a day impacts a daily calculation.
R3.6.2. The criteria used to determine when an outage that is in effect part
of a month impacts a monthly calculation.
R3.6.3. How outages from other Transmission Service Providers that can
not be mapped to the Transmission model used to calculate transfer
or Flowgate capability are addressed.
R4. The Transmission Service Provider shall notify the following entities before
implementing a new or revised ATCID: [Violation Risk Factor: Lower] [Time
R4.1. Each Planning Coordinator associated with the Transmission Service
Providers area.
R4.2. Each Reliability Coordinator associated with the Transmission Service
Providers area.
R4.3. Each Transmission Operator associated with the Transmission Service
Providers area.
R4.4. Each Planning Coordinator adjacent to the Transmission Service Providers
area.

Page 3 of 15

Note that the North
American Energy
Standards Board (NAESB)
is developing the
companion standards that
address the posting of
ATC information, including
supporting information
such as that described in
R9.
R4.5. Each Reliability Coordinator adjacent to the Transmission Service Providers
area.
R4.6. Each Transmission Service Provider whose area is adjacent to the
Transmission Service Providers area.
R5. The Transmission Service Provider shall make available the current ATCID to all of
the entities specified in R4. [Violation Risk Factor: Lower] [Time Horizon:
R6. When calculating Total Transfer Capability (TTC) or Total Flowgate Capability
(TFC) the Transmission Operator shall use assumptions no more limiting than those
used in the planning of operations for the corresponding time period studied,
providing such planning of operations has been performed for that time period.
[Violation Risk Factor: Lower] [Time Horizon: Operations Planning]
R7. When calculating ATC or AFC the Transmission Service Provider shall use
assumptions no more limiting than those used in the planning of operations for the
corresponding time period studied, providing such planning of operations has been
performed for that time period. [Violation Risk Factor: Lower] [Time Horizon:
R8. Each Transmission Service Provider that calculates ATC shall recalculate ATC at a
minimum on the following frequency, unless none of the calculated values identified
in the ATC equation have changed: [Violation Risk Factor: Lower] [Time Horizon:
R8.1. Hourly values, once per hour. Transmission Service Providers are allowed
up to 175 hours per calendar year during which calculations are not required
to be performed, despite a change in a calculated value identified in the ATC
equation.
R8.2. Daily values, once per day.
R8.3. Monthly values, once per week.
R9. Within thirty calendar days of receiving a request by any Transmission Service
Provider, Planning Coordinator, Reliability Coordinator, or Transmission Operator
for data from the list below solely for use in the requestors ATC or AFC
calculations, each Transmission Service Provider receiving said request shall begin to
make the requested data available to the requestor, subject to the conditions specified
in R9.1 and R9.2: [Violation Risk Factor: Lower] [Time
Expected generation and Transmission outages,
additions, and retirements.
Load forecasts.
Unit commitments and order of dispatch, to include all
designated network resources and other resources that are
committed or have the legal obligation to run, as they are
expected to run, in one of the following formats chosen
by the data provider:

Page 4 of 15

Dispatch Order
Participation Factors
Block Dispatch
Aggregated firm capacity set-aside for Network Integration Transmission Service
and aggregated non-firm capacity set aside for Network Integration Transmission
Service (i.e. Secondary Service).
Firm and non-firm Transmission reservations.
Aggregated capacity set-aside for Grandfathered obligations
Firm roll-over rights.
Any firm and non-firm adjustments applied by the Transmission Service Provider
to reflect parallel path impacts.
Power flow models and underlying assumptions.
Contingencies, provided in one or more of the following formats:
A list of Elements
A list of Flowgates
A set of selection criteria that can be applied to the Transmission model used
by the Transmission Operator and/or Transmission Service Provider
Facility Ratings.
Any other services that impact Existing Transmission Commitments (ETCs).
Values of Capacity Benefit Margin (CBM) and Transmission Reliability Margin
(TRM) for all ATC Paths or Flowgates.
Values of Total Flowgate Capability (TFC) and AFC for any Flowgates
considered by the Transmission Service Provider receiving the request when
selling Transmission service.
Values of TTC and ATC for all ATC Paths for those Transmission Service
Providers receiving the request that do not consider Flowgates when selling
Transmission Service.
Source and sink identification and mapping to the model.

R9.1. The Transmission Service Provider shall make its own current data available,
in the format maintained by the Transmission Service Provider, for up to 13
months into the future (subject to confidentiality and security requirements).
R9.1.1. If the Transmission Service Provider uses the data requested in its
transfer or Flowgate capability calculations, it shall make the data
used available

Page 5 of 15

R9.1.2. If the Transmission Service Provider does not use the data requested
in its transfer or Flowgate capability calculations, but maintains that
data, it shall make that data available
R9.1.3. If the Transmission Service Provider does not use the data requested
in its transfer or Flowgate capability calculations, and does not
maintain that data, it shall not be required to make that data
available
R9.2. This data shall be made available by the Transmission Provider on the
schedule specified by the requestor (but no more frequently than once per
hour, unless mutually agreed to by the requester and the provider).
C. Measures
M1. The Transmission Operator shall provide evidence (such as a calculation, inclusion of
the information in the ATCID, or other written documentation) that it has selected
one of the specified methodologies per time period in R2 for use in determining
Transfer Capabilities of those Facilities for each ATC Path within the Transmission
Operators operating area. (R1).
M2. The Transmission Service Provider shall provide ATC or AFC values and
identification of the selected methodologies along with other evidence (such as
written documentation, processes, or data) to show it calculated ATC or AFC for the
following using the selected methodology or methodologies chosen as part of R1
(R2):
- There has been at least 48 hours of hourly values calculated at all times. (R2.1)
- There has been at least 31 consecutive calendar days of daily values calculated at
all times. (R2.2)
- There has been at least the next 12 months of monthly values calculated at all
times (Months 2-13). (R2.3)
M3. The Transmission Service Provider shall provide its current ATCID that contains all
the information specified in R3. (R3)
M4. The Transmission Service Provider shall provide evidence (such as dated electronic
mail messages, mail receipts, or voice recordings) that it has notified the entities
specified in R4 before a new or revised ATCID was implemented. (R4)
M5. The Transmission Service Provider shall provide evidence (such as a demonstration)
that the current ATCID is available to all of the entities specified in R4, as required
by R5. (R5)
M6. The Transmission Operator shall provide a copy of the assumptions (such as
contingencies, loop flow, generation re-dispatch, switching operating guides or data
sources for load forecast and facility outages) used to calculate TTC or TFC as well
as other evidence (such as copies of operations planning studies, models, supporting
information, or data) to show that the assumptions used in determining TTC or TFC
are no more limiting than those used in planning of operations for the corresponding
time period studied. Alternatively the Transmission Operator may demonstrate that
the same load flow cases are used for both TTC or TFC and Operations Planning.

Page 6 of 15

When different inputs to the calculations are used because the calculations are
performed at different times, such that the most recent information is used in any
calculation, a difference in that input data shall not be considered to be a difference in
assumptions. (R6)
M7. The Transmission Service Provider shall provide a copy of the assumptions (such as
contingencies, loop flow, generation re-dispatch, switching operating guides or data
sources for load forecast and facility outages) used to calculate ATC or AFC as well
as other evidence (such as copies of operations planning studies, models, supporting
information, or data) to show that the assumptions used in determining ATC or AFC
are no more limiting than those used in planning of operations for the corresponding
time period studied. Alternatively the Transmission Service Provider may
demonstrate that the same load flow cases are used for both AFC and Operations
Planning. When different inputs to the calculations are used because the calculations
are performed at different times, such that the most recent information is used in any
calculation, a difference in that input data shall not be considered to be a difference in
assumptions. (R7)
M8. The Transmission Service Provider calculating ATC shall provide evidence (such as
logs or data) that it has calculated the hourly, daily, and monthly values on at least
the minimum frequencies specified in R8 or provide evidence (such as data,
procedures, or software documentation) that the calculated values identified in the
ATC equation have not changed. (R8)
M9. The Transmission Service Provider shall provide a copy of the dated request, if any,
for ATC or AFC data as well as evidence to show it responded to that request (such
as logs or data) within thirty calendar days of receiving the request, and the requested
data items were made available in accordance with R9. (R9)
D. Compliance
Regional Entity.
Not applicable.
1.3. Data Retention
The Transmission Operator and Transmission Service Provider shall keep data
or evidence to show compliance as identified below unless directed by its
period of time as part of an investigation:
- The Transmission Operator shall maintain its current selected method(s) for
calculating ATC or AFC and any methods in force since last compliance
audit period to show compliance with R1.

Page 7 of 15

- The Transmission Service Provider shall maintain evidence to show
compliance with R2, R4, R6, R7, and R8 for the most recent calendar year
plus the current year.
- The Transmission Service Provider shall maintain its current, in force
ATCID and any prior versions of the ATCID that were in force since the
last compliance audit to show compliance with R3.
compliance with R5 for the most recent three calendar years plus the current
year.
- The Transmission Operator shall maintain evidence to show compliance
with R6 for the most recent calendar year plus the current year.
- If a Transmission Service Provider or Transmission Operator is found non-
compliant, it shall keep information related to the non-compliance until
found compliant.
- Compliance Audits
- Spot Checking
- Self-Reporting
- Complaints
None.

Page 8 of 15
R1. N/A N/A N/A
The Transmission Operator did not
select one of the specified
methodologies for each ATC Path
per time period identified in R2 for
those Facilities within its
Transmission operating area.
R2.
One or more of the following:
The Transmission Service
Provider has calculated hourly
ATC or AFC values for more
than the next 30 hours but less
than the next 48 hours.
Has calculated daily ATC or
AFC values for more than the
next 21 calendar days but less
than the next 31 calendar
days.
Has calculated monthly ATC or
next 9 months but less than
the next 12 months.
days.
the next 10 months.
days.
the next 7 months.
ATC or AFC values for less
AFC values for less than the
next 8 calendar days.
AFC values for less than the
next 4 months.
Did not use the selected
methodology(ies) to calculate
ATC.
R3.
The Transmission Service Provider
has an ATCID that does not
incorporate changes made up to
three months ago.
incorporate changes made more
than three months but not more
than six months ago.
incorporate changes made more
than six months but not more than
one year ago.
OR
has an ATCID, but it does not
include one or two of the
information items described in R3.
incorporate changes made a year
or more ago.
OR
does not have an ATCID, or its
ATCID does not include three or
more of the information items
described in R3.

Page 9 of 15
R4.
notified one or more of the parties
specified in R4 of a new or
modified ATCID after, but not more
than 30 calendar days after, its
implementation.
modified ATCID more than 30, but
not more than 60, calendar days
after its implementation.
modified ATCID more than 60, but
not more than 90, calendar days
after its implementation.
modified ATCID more than 90
implementation.
OR
did not notify one or more of the
parties specified in R4 of a new or
modified ATCID for more than 90
implementation.
R5. N/A N/A N/A
did not make the ATCID available
to the parties described in R4.
R6.
determined TTC or TFC using
assumptions more limiting than
those used in planning of
operations for the studied time
period for more than zero ATC
Paths or Flowgates, but not more
than 5% of all ATC Paths or
Flowgates or 1 ATC Path or
Flowgate (whichever is greater).
period for more than 5% of all ATC
Paths or Flowgates or 1 ATC Path
or Flowgate (whichever is greater),
but not more than 10% of all ATC
Paths or Flowgates or 2 ATC
Paths or Flowgates (whichever is
greater).
period for more than 10% of all
ATC Paths or Flowgates or 2 ATC
Path or Flowgate (whichever is
greater), but not more than 15% of
all ATC Paths or Flowgates or 3
ATC Paths or Flowgates
(whichever is greater).
ATC Paths or Flowgates or more
than 3 ATC Paths or Flowgates
R7
determined ATC or AFC using
period for more than zero ATC
Paths or Flowgates, but not more
period for more than 5% of all ATC
Paths or Flowgates or 1 ATC Path
period for more than 10%, of all
ATC Paths or Flowgates or 2 ATC
ATC Paths or Flowgates or more

Page 10 of 15
Flowgates or 1 ATC Path or
Flowgate (whichever is greater).
or Flowgate (whichever is greater),
but not more than 10% of all ATC
Paths or Flowgates or 2 ATC
Paths or Flowgates (whichever is
greater).
Path or Flowgate (whichever is
greater), but not more than 15% of
all ATC Paths or Flowgates or 3
ATC Paths or Flowgates
than 3 ATC Paths or Flowgates
R8.
For Hourly, the values
described in the ATC equation
changed and the Transmission
Service provider did not
calculate for one or more
hours but not more than 15
hours, and was in excess of
the 175-hour per year
requirement.
For Daily, the values described
in the ATC equation changed
and the Transmission Service
provider did not calculate for
one or more calendar days but
not more than 3 calendar days.
For Monthly, the values
calculate for seven or more
calendar days, but less than
14 calendar days.
calculate for more than 15
requirement.
calculate for 14 or more
21 calendar days.
requirement.
28 calendar days.
requirement.
more than 5 calendar days.
calendar days.

Page 11 of 15
R9 N/A
made the requested data items
specified in R9 available to the
requesting entities specified within
the requirement, per the schedule
specified in the request, subject to
the limitations specified in R9,
available more than 30 calendar
days but less than 45 calendar
days after receiving a request.
made the requested data items
specified in R9 available to the
requesting entities specified within
the requirement, per the schedule
specified in the request, subject to
the limitations specified in R9,
available 45 calendar days or more
but less than 60 calendar days
after receiving a request.
did not make the requested data
items specified in R9 available to
the requesting entities specified
within the requirement, per the
schedule specified in the request,
subject to the limitations specified
in R9, available for 60 calendar
days or more after receiving a
request.

Page 12 of 15

Version History
1 8/26/2008 Adopted by the Board of Trustees
1a Board approved
11/05/2009
Interpretation of R2 and R8 Interpretation (Project
2009-15)


Page 13 of 15
Appendix 1

MOD-001-01 Requirement R2:
R2. Each Transmission Service Provider shall calculate ATC or AFC values as listed below using
the methodology or methodologies selected by its Transmission Operator(s):

minimum on the following frequency, unless none of the calculated values identified in the ATC
equation have changed:
R8.1. Hourly values, once per hour. Transmission Service Providers are allowed up to
175 hours per calendar year during which calculations are not required to be performed,
despite a change in a calculated value identified in the ATC equation.
Question #1
Is the advisory ATC used under the NYISO tariff subject to the ATC calculation and
recalculation requirements in MOD-001-1 Requirements R2 and R8? If not, is it necessary to
document the frequency of advisory calculations in the responsible entitys Available Transfer
Capability Implementation Document?
Response to Question #1
Requirements R2 and R8 of MOD-001-1 are both related to Requirement R1, which defines that
ATC methodologies are to be applied to specific ATC Paths. The NERC definition of ATC
Path is Any combination of Point of Receipt and Point of Delivery for which ATC is calculated;
and any Posted Path. Based on a review of the language included in this request, the NYISO
Open Access Transmission Tariff, and other information posted on the NYISO Web site, it
appears that the NYISO does indeed have multiple ATC Paths, which are subject to the
calculation and recalculation requirements in Requirements R2 and R8. It appears from
reviewing this information that ATC is defined in the NYISO tariff in the same manner in which
NERC defines it, making it difficult to conclude that NYISOs advisory ATC is not the same as
ATC. In addition, it appears that pre-scheduling is permitted on certain external paths, making
the calculation of ATC prior to day ahead necessary on those paths.
The second part of NYISOs question is only applicable if the first part was answered in the

Page 14 of 15
negative and therefore will not be addressed.
MOD-029-01 Requirements R5 and R6:
R5. When calculating ETC for firm Existing Transmission Commitments (ETC
F
) for a specified
period for an ATC Path, the Transmission Service Provider shall use the algorithm below:
ETC
F
= NL
F
+ NITS
F
+ GF
F
+ PTP
F
+ ROR
F
+ OS
F

Where:
NL
F
is the firm capacity set aside to serve peak Native Load forecast commitments
for the time period being calculated, to include losses, and Native Load growth,
not otherwise included in Transmission Reliability Margin or Capacity Benefit
Margin.
NITS
F
is the firm capacity reserved for Network Integration Transmission Service
serving Load, to include losses, and Load growth, not otherwise included in
Transmission Reliability Margin or Capacity Benefit Margin.
GF
F
is the firm capacity set aside for grandfathered Transmission Service and
contracts for energy and/or Transmission Service, where executed prior to the
effective date of a Transmission Service Providers Open Access Transmission
Tariff or safe harbor tariff.
PTP
F
is the firm capacity reserved for confirmed Point-to-Point Transmission
Service.
ROR
F
is the firm capacity reserved for Roll-over rights for contracts granting
Transmission Customers the right of first refusal to take or continue to take
Transmission Service when the Transmission Customers Transmission Service
contract expires or is eligible for renewal.
OS
F
is the firm capacity reserved for any other service(s), contract(s), or
agreement(s) not specified above using Firm Transmission Service as specified in
the ATCID.
R6. When calculating ETC for non-firm Existing Transmission Commitments (ETC
NF
) for all
time horizons for an ATC Path the Transmission Service Provider shall use the following
algorithm:
ETC
NF
= NITS
NF
+ GF
NF
+ PTP
NF
+ OS
NF

Where:
NITS
NF
is the non-firm capacity set aside for Network Integration Transmission
Service serving Load (i.e., secondary service), to include losses, and load growth
Margin.
GF
NF
is the non-firm capacity set aside for grandfathered Transmission Service
and contracts for energy and/or Transmission Service, where executed prior to the

Page 15 of 15
PTP
NF
is non-firm capacity reserved for confirmed Point-to-Point Transmission
Service.
OS
NF
is the non-firm capacity reserved for any other service(s), contract(s), or agreement(s) not
specified above using non-firm transmission service as specified in the ATCID.
Question #2
Could OS
F
in MOD-029-1 Requirement R5 and OS
NF
in MOD-029-1 Requirement R6 be
calculated using Transmission Flow Utilization in the determination of ATC?
This request for interpretation and the NYISO Open Access Transmission Tariff describe the
NYISOs concept of "Transmission Flow Utilization;" however, it is unclear whether or not
Native Load, Point-to-Point Transmission Service, Network Integration Transmission Service, or
any of the other components explicitly defined in Requirements R5 and R6 are incorporated into
"Transmission Flow Utilization." Provided that "Transmission Flow Utilization" does not include
any of the other components explicitly defined in Requirements R5 and R6, it is appropriate to be
included within the "Other Services" term. However, if "Transmission Flow Utilization" does
incorporate those components, then simply including "Transmission Flow Utilization" in Other
Service would be inappropriate.

Standard MOD-004-1 Capacity Benefit Margin
A. Introduction
1. Title: Capacity Benefit Margin
2. Number: MOD-004-1
3. Purpose: To promote the consistent and reliable calculation, verification,
preservation, and use of Capacity Benefit Margin (CBM) to support analysis and
system operations.
4. Applicability:
4.2. Resource Planners.
4.5. Transmission Planners, when their associated Transmission Service Provider has
elected to maintain CBM.
5. Effective Date: First day of the first calendar quarter that is twelve months beyond
the date that this standard is approved by applicable regulatory authorities, or in those
jurisdictions where regulatory approval is not required, the standard becomes effective
on the first day of the first calendar quarter that is twelve months beyond the date this
standard is approved by the NERC Board of Trustees.
B. Requirements
R1. The Transmission Service Provider that maintains CBM shall prepare and keep current
a Capacity Benefit Margin Implementation Document (CBMID) that includes, at a
minimum, the following information: [Violation Risk Factor: Lower] [Time Horizon:
Operations Planning, Long-term Planning]
R1.1. The process through which a Load-Serving Entity within a Balancing Authority
Area associated with the Transmission Service Provider, or the Resource
Planner associated with that Balancing Authority Area, may ensure that its need
for Transmission capacity to be set aside as CBM will be reviewed and
accommodated by the Transmission Service Provider to the extent Transmission
capacity is available.
R1.2. The procedure and assumptions for establishing CBM for each Available
Transfer Capability (ATC) Path or Flowgate.
R1.3. The procedure for a Load-Serving Entity or Balancing Authority to use
Transmission capacity set aside as CBM, including the manner in which the
Transmission Service Provider will manage situations where the requested use
of CBM exceeds the amount of CBM available.
R2. The Transmission Service Provider that maintains CBM shall make available its current
CBMID to the Transmission Operators, Transmission Service Providers, Reliability
Coordinators, Transmission Planners, Resource Planners, and Planning Coordinators
that are within or adjacent to the Transmission Service Providers area, and to the Load
Serving Entities and Balancing Authorities within the Transmission Service Providers
Adopted by NERC Board of Trustees: November 13, 2008 Page 1 of 13
area, and notify those entities of any changes to the CBMID prior to the effective date
of the change. [Violation Risk Factor: Lower] [Time Horizon: Operations Planning]
R3. Each Load-Serving Entity determining the need for Transmission capacity to be set
aside as CBM for imports into a Balancing Authority Area shall determine that need
by: [Violation Risk Factor: Lower] [Time Horizon: Operations Planning]
R3.1. Using one or more of the following to determine the GCIR:
Loss of Load Expectation (LOLE) studies
Loss of Load Probability (LOLP) studies
Deterministic risk-analysis studies
Reserve margin or resource adequacy requirements established by other
entities, such as municipalities, state commissions, regional transmission
organizations, independent system operators, Regional Reliability
Organizations, or regional entities
R3.2. Identifying expected import path(s) or source region(s).
R4. Each Resource Planner determining the need for Transmission capacity to be set aside
as CBM for imports into a Balancing Authority Area shall determine that need by:
R4.1. Using one or more of the following to determine the GCIR:
Loss of Load Expectation (LOLE) studies
Loss of Load Probability (LOLP) studies
Deterministic risk-analysis studies
Reserve margin or resource adequacy requirements established by other
entities, such as municipalities, state commissions, regional transmission
organizations, independent system operators, Regional Reliability
Organizations, or regional entities
R4.2. Identifying expected import path(s) or source region(s).
R5. At least every 13 months, the Transmission Service Provider that maintains CBM shall
establish a CBM value for each ATC Path or Flowgate to be used for ATC or Available
Flowgate Capability (AFC) calculations during the 13 full calendar months (months 2-
14) following the current month (the month in which the Transmission Service Provider
is establishing the CBM values). This value shall: [Violation Risk Factor: Lower]
R5.1. Reflect consideration of each of the following if available:
Any studies (as described in R3.1) performed by Load-Serving Entities for
loads within the Transmission Service Providers area
Any studies (as described in R4.1) performed by Resource Planners for
loads within the Transmission Service Providers area
Any reserve margin or resource adequacy requirements for loads within the
Transmission Service Providers area established by other entities, such as
municipalities, state commissions, regional transmission organizations,
independent system operators, Regional Reliability Organizations, or
regional entities
R5.2. Be allocated as follows:
For ATC Paths, based on the expected import paths or source regions
provided by Load-Serving Entities or Resource Planners
For Flowgates, based on the expected import paths or source regions
provided by Load-Serving Entities or Resource Planners and the
distribution factors associated with those paths or regions, as determined
by the Transmission Service Provider
R6. At least every 13 months, the Transmission Planner shall establish a CBM value for
each ATC Path or Flowgate to be used in planning during each of the full calendar
years two through ten following the current year (the year in which the Transmission
Planner is establishing the CBM values). This value shall: [Violation Risk Factor:
Lower] [Time Horizon: Long-term Planning]
R6.1. Reflect consideration of each of the following if available:
Any studies (as described in R3.1) performed by Load-Serving Entities for
loads within the Transmission Planners area
Any studies (as described in R4.1) performed by Resource Planners for
loads within the Transmission Planners area
Any reserve margin or resource adequacy requirements for loads within the
Transmission Planners area established by other entities, such as
municipalities, state commissions, regional transmission organizations,
independent system operators, Regional Reliability Organizations, or
regional entities
R6.2. Be allocated as follows:
For ATC Paths, based on the expected import paths or source regions
provided by Load-Serving Entities or Resource Planners
For Flowgates, based on the expected import paths or source regions
provided by Load-Serving Entities or Resource Planners and the distribution
factors associated with those paths or regions, as determined by the
Transmission Planner.
R7. Less than 31 calendar days after the establishment of CBM, the Transmission Service
Provider that maintains CBM shall notify all the Load-Serving Entities and Resource
Planners that determined they had a need for CBM on the Transmission Service
Providers system of the amount of CBM set aside. [Violation Risk Factor: Lower]
R8. Less than 31 calendar days after the establishment of CBM, the Transmission Planner
shall notify all the Load-Serving Entities and Resource Planners that determined they
had a need for CBM on the system being planned by the Transmission Planner of the
amount of CBM set aside. [Violation Risk Factor: Lower] [Time Horizon: Operations
Planning]
R9. The Transmission Service Provider that maintains CBM and the Transmission Planner
shall each provide (subject to confidentiality and security requirements) copies of the
applicable supporting data, including any models, used for determining CBM or
allocating CBM over each ATC Path or Flowgate to the following: [Violation Risk
Factor: Lower] [Time Horizon: Operations Planning, Long-term Planning]
R9.1. Each of its associated Transmission Operators within 30 calendar days of their
making a request for the data.
R9.2. To any Transmission Service Provider, Reliability Coordinator, Transmission
Planner, Resource Planner, or Planning Coordinator within 30 calendar days of
their making a request for the data.
R10. The Load-Serving Entity or Balancing Authority shall request to import energy over
firm Transfer Capability set aside as CBM only when experiencing a declared NERC
Energy Emergency Alert (EEA) 2 or higher. [Violation Risk Factor: Lower] [Time
Horizon: Same-day Operations]
R11. When reviewing an Arranged Interchange using CBM, all Balancing Authorities and
Transmission Service Providers shall waive, within the bounds of reliable operation,
any Real-time timing and ramping requirements. [Violation Risk Factor: Medium]
[Time Horizon: Same-day Operations]
R12. The Transmission Service Provider that maintains CBM shall approve, within the
bounds of reliable operation, any Arranged Interchange using CBM that is submitted by
an energy deficient entity
1
under an EEA 2 if: [Violation Risk Factor: Medium]
[Time Horizon: Same-day Operations]

R12.1. The CBM is available
R12.2. The EEA 2 is declared within the Balancing Authority Area of the energy
deficient entity, and
R12.3. The Load of the energy deficient entity is located within the Transmission
Service Providers area.
C. Measures
M1. Each Transmission Service Provider that maintains CBM shall produce its CBMID
evidencing inclusion of all information specified in R1. (R1)
M2. Each Transmission Service Provider that maintains CBM shall have evidence (such
as dated logs and data, copies of dated electronic messages, or other equivalent
evidence) to show that it made the current CBMID available to the Transmission
Operators, Transmission Service Providers, Reliability Coordinators, Transmission
Planners, and Planning Coordinators specified in R2, and that prior to any change to
the CBMID, it notified those entities of the change. (R2)

1
See Attachment 1-EOP-002-0 for explanation.
M3. Each Load-Serving Entity that determined a need for Transmission capacity to be set
aside as CBM shall provide evidence (including studies and/or requirements) that it
met the criteria in R3. (R3)
M4. Each Resource Planner that determined a need for Transmission capacity to be set
aside as CBM shall provide evidence (including studies and/or requirements) that it
met the criteria in R4. (R4)
M5. Each Transmission Service Provider that maintains CBM shall provide evidence
(such as studies, requirements, and dated CBM values) that it established 13 months
of CBM values consistent with the requirements in R5.1 and allocated the values
consistent with the requirements in R5.2. (Note that CBM values may legitimately be
zero.) (R5)
M6. Each Transmission Planner with an associated Transmission Service Provider that
maintains CBM shall provide evidence (such as studies, requirements, and dated
CBM values) that it established CBM values for years two through ten consistent
with the requirements in R6.1 and allocated the values consistent with the
requirements in R6.2. Inclusion of GCIR based on R6.1 and R6.2 within the
transmission base case meets this requirement. (Note that CBM values may
legitimately be zero.) (R6)
(such as dated e-mail, data, or other records) that it notified the entities described in
R7 of the amount of CBM set aside. (R7)
M8. Each Transmission Planner with an associated Transmission Service Provider that
maintains CBM shall provide evidence (such as e-mail, data, or other records) that it
notified the entities described in R8 of the amount of CBM set aside. (R8)
M9. Each Transmission Service Provider that maintains CBM and each Transmission
Planner shall provide evidence including copies of dated requests for data supporting
the calculation of CBM along with other evidences such as copies of electronic
messages or other evidence to show that it provided the required entities with copies
of the supporting data, including any models, used for allocating CBM as specified in
R9. (R9)
M10. Each Load-Serving Entity and Balancing Authority shall provide evidence (such as
logs, copies of tag data, or other data from its Reliability Coordinator) that at the time
it requested to import energy using firm Transfer Capability set aside as CBM, it was
in an EEA 2 or higher. (R10)
M11. Each Balancing Authority and Transmission Service Provider shall provide evidence
(such as operating logs and tag data) that it waived Real-time timing and ramping
requirements when approving an Arranged Interchange using CBM (R11)
including copies of CBM values along with other evidence (such as tags, reports, and
supporting data) to show that it approved any Arranged Interchange meeting the
criteria in R12. (R12)
D. Compliance
1.1. Compliance Enforcement Authority (CEA)
Regional Entity.
Not applicable.
1.3. Data Retention
- The Transmission Service Provider that maintains CBM shall maintain its
current, in force CBMID and any prior versions of the CBMID that were in
force during the past three calendar years plus the current year to show
compliance with R1.
- The Transmission Service Provider that maintains CBM shall maintain
evidence to show compliance with R2, R5, R7, R9, and R12 for the most
recent three calendar years plus the current year.
- The Load-Serving Entity shall each maintain evidence to show compliance
with R3 and R10 for the most recent three calendar years plus the current
year.
- The Resource Planner shall each maintain evidence to show compliance
with R4 for the most recent three calendar years plus the current year.
- The Transmission Planner shall maintain evidence to show compliance with
R6, R8, and R9 for the most recent three calendar years plus the current
year.
- The Balancing Authority shall maintain evidence to show compliance with
R10 and R11 for the most recent three calendar years plus the current year.
compliance with R11 for the most recent three calendar years plus the
current year.
- If an entity is found non-compliant, it shall keep information related to the
non-compliance until found compliant.
- The Compliance Enforcement Authority shall keep the last audit records and
all requested and subsequently submitted audit records.
- Compliance Audits
- Spot Checking
- Self-Reporting
- Complaints
None.
R1. The Transmission Service
Provider that maintains CBM
has a CBMID that does not
incorporate changes that have
been made within the last three
months.
been made more than three, but
not more than six, months ago.
OR
The CBM maintaining
Transmission Service Providers
CBMID does not address one of
the sub requirements.

been made more than six, but
not more than twelve, months
ago.
OR
The CBM maintaining
CBMID does not address two of
the sub requirements.

been made more than twelve
months ago.
OR
does not have a CBMID;
OR
The CBM maintaining
CBMID does not address three
of the sub requirements.
notifies one or more of the
entities specified in R2 of a
change in the CBM ID after the
effective date of the change, but
not more than 30 calendar days
after the effective date of the
change.

change in the CBM ID 30 or
more calendar days but not
the effective date of the change.
change in the CBM ID 60 or
more calendar days but not
the effective date of the change.
OR
made available the CBMID to at
least one, but not all, of the
entities specified in R2.

change in the CBM ID more
effective date of the change.
OR
made available the CBMID to
none of the entities specified in
R2.

R3. The Load-Serving Entity did not
use one of the methods
described in R3.1
OR
The Load-Serving Entity did not
identify paths or regions as
described in R3.2
The Load-Serving Entity did
not use one of the methods
described in R3.1
AND
The Load-Serving Entity did not
described in R3.2
R4 The Resource Planner did not
described in R4.1
OR
The Resource Planner did not
described in R4.2
described in R4.1
AND
described in R4.2
R5.
established CBM more than 13
months, but not more than 16
months, after the last time the
values were established.

OR
did not consider one or more of
the items described in R5.1 that
was available.
OR
did not base the allocation on
one or more paths or regions as

months after the last time the
OR
failed to establish an initial
value for CBM.
OR
did not consider one or more of
the items described in R5.1 that
was available, and did not base
the allocation on one or more
described in R5.2. paths or regions as described in
R5.2
R6.
The Transmission Planner with
an associated Transmission
Service Provider that maintains
CBM established CBM for each
of the years 2 through 10 more
than 13 months, but not more
than 16 months, after the last
time the values were
established.

established.
OR
CBM did not consider one or
more of the items described in
R6.1 that was available.
OR
CBM did not base the allocation
established.

than 22 months after the last
established.
OR
CBM failed to establish an
initial value for CBM for each
of the years 2 through 10.
OR
CBM did not consider one or
more of the items described in
on one or more paths or regions
as described in R6.2
R6.1 that was available, and did
not base the allocation on one or
more paths or regions as
described in R6.2
notified all the entities as
required, but did so in 31 or
more days, but less than 45
days.
days.
days.
OR
notified at least one, but not all,
of the entities as required.
more days,
OR
notified none of the entities as
required.
R8. The Transmission Planner with
CBM notified all the entities as
days.
days.
days.
OR
more days,
OR
CBM notified at least one, but
not all, of the entities as
required.
CBM notified none of the
entities as required.
Provider or Transmission
Planner provided a requester
specified in R9 with the
supporting data, including
models, used to allocate CBM
more than 30, but not more than
45, days after the submission of
the request.
the request.
the request.
OR
Planner provided at least one,
but not all, of the requesters
models, used to allocate CBM.
more than 75 days after the
submission of the request.
OR
Planner provided none of the
requesters specified in R9 with
the supporting data, including
models, used to allocate CBM.

R10.
N/A N/A N/A
A Load-Serving Entity or
Balancing Authority requested
to schedule energy over CBM
while not in an EEA 2 or higher.
R11.
N/A N/A N/A
A Balancing Authority or
denied an Arranged Interchange
using CBM based on timing or
ramping requirements without a
reliability reason to do so.
R12.
N/A N/A N/A
Provider failed to approve an
Arranged Interchange for CBM
that met the criteria described in
R12 without a reliability reason
to do so.

Standard MOD-008-1 TRM Calculation Methodology
A. Introduction
1. Title: Transmission Reliability Margin Calculation Methodology
3. Purpose: To promote the consistent and reliable calculation, verification,
preservation, and use of Transmission Reliability Margin (TRM) to support analysis and
system operations.
4. Applicability:
4.1. Transmission Operators that maintain TRM.
5. Proposed Effective Date: First day of the first calendar quarter that is twelve months
beyond the date this standard is approved by applicable regulatory authorities, or in those
jurisdictions where regulatory approval is not required, the standard becomes effective on
the first day of the first calendar quarter that is twelve months beyond the date this
standard is approved by the NERC Board of Trustees.
B. Requirements
R1. Each Transmission Operator shall prepare and keep current a TRM Implementation
Document (TRMID) that includes, as a minimum, the following information:
R1.1. Identification of (on each of its respective ATC Paths or Flowgates) each of the
following components of uncertainty if used in establishing TRM, and a
description of how that component is used to establish a TRM value:
- Aggregate Load forecast.
- Load distribution uncertainty.
- Forecast uncertainty in Transmission system topology (including, but not
limited to, forced or unplanned outages and maintenance outages).
- Allowances for parallel path (loop flow) impacts.
- Allowances for simultaneous path interactions.
- Variations in generation dispatch (including, but not limited to, forced or
unplanned outages, maintenance outages and location of future generation).
- Short-term System Operator response (Operating Reserve actions ).
- Reserve sharing requirements.
- Inertial response and frequency bias.
R1.2. The description of the method used to allocate TRM across ATC Paths or
Flowgates.
R1.3. The identification of the TRM calculation used for the following time periods:
R1.3.1. Same day and real-time.
R1.3.2. Day-ahead and pre-schedule.
R1.3.3. Beyond day-ahead and pre-schedule, up to thirteen months ahead.
Adopted by NERC Board of Trustees: August 26. 2008 Page 1 of 5
R2. Each Transmission Operator shall only use the components of uncertainty from R1.1 to
establish TRM, and shall not include any of the components of Capacity Benefit
Margin (CBM). Transmission capacity set aside for reserve sharing agreements can be
included in TRM. [Violation Risk Factor: Lower] [Time Horizon: Operations
Planning]
R3. Each Transmission Operator shall make available its TRMID, and if requested,
underlying documentation (if any) used to determine TRM, in the format used by the
Transmission Operator, to any of the following who make a written request no more
than 30 calendar days after receiving the request. [Violation Risk Factor: Lower]
Planning Coordinators
Transmission Planner
R4. Each Transmission Operator that maintains TRM shall establish TRM values in
accordance with the TRMID at least once every 13 months. [Violation Risk Factor:
Lower] [Time Horizon: Operations Planning]
R5. The Transmission Operator that maintains TRM shall provide the TRM values to its
Transmission Service Provider(s) and Transmission Planner(s) no more than seven
calendar days after a TRM value is initially established or subsequently changed.
C. Measures
M1. Each Transmission Operator shall produce its TRMID evidencing inclusion of all
specified information in R1. (R1)
M2. Each Transmission Operator shall provide evidence including its TRMID, TRM values,
CBM values, or other evidence, (such as written documentation, study reports,
documentation of its CBM process, and supporting information) to demonstrate that its
TRM values did not include any elements of uncertainty beyond those defined in R1.1
and to show that it did not include any of the components of CBM. (R2)
M3. Each Transmission Operator shall provide a dated copy of any request from an entity
described in R3. The Transmission Operator shall also provide evidence (such as
copies of emails or postal receipts that show the recipient, date and contents) that the
requested documentation (such as work papers and load flow cases) was made available
within the specified timeframe to the requestor. (R3)
M4. Each Transmission Operator shall provide evidence (such as logs, study report, review
notes, or data) that it established TRM values at least once every thirteen months for
each of the TRM time periods. (R4)
M5. Each Transmission Operator shall provide evidence (such as logs, email, website
postings) that it provided their Transmission Service Provider(s) and Transmission
Planner(s) with the updated TRM value as described in R5. (R5)
D. Compliance
Regional Entity.
Not applicable.
1.3. Data Retention
The Transmission Operator shall keep data or evidence to show compliance as
- The Transmission Operator shall have its current, in-force TRMID and any
TRMIDs in force since last compliance audit period for R1.
- The Transmission Operator shall retain evidence to show compliance with
R2, R3, and R5 for the most recent three calendar years plus the current
year.
- The Transmission Operator shall retain evidence to show compliance with
R4 for the most recent three calendar years plus the current year.
- If a responsible entity is found non-compliant, it shall keep information
- The Compliance Enforcement Authority shall keep the last audit records
and all requested and submitted subsequent audit records.
Any of the following may be used:
- Compliance Audits
- Spot Checking
- Self-Reporting
- Complaints
None.
R1.
a TRMID that does not
incorporate changes made up
to three months ago.
been made three or more
months ago but less than six
months ago.
OR
TRMID does not address one of
the following:
R1.1
R1.2
Any one or more of the
following:
o R1.3.1, R1.3.2 or
R1.3.3

been made six or more months
ago but less than one year ago.
OR
TRMID does not address two of
the following:
R1.1
R1.2
Any one or more of the
following:
o R1.3.1, R1.3.2 or
R1.3.3

The Transmission Operator has a
TRMID that does not incorporate
changes that have been made one year
ago or more.
OR
The Transmission Operator does not
have a TRMID.
OR
The Transmission Operators TRMID
does not address three of the following:
R1.1
R1.2
Any one or more of the following:
o R1.3.1, R1.3.2 or R1.3.3
R2.
N/A N/A N/A
One or both of the following:
The Transmission Operator included
elements of uncertainty not defined
in R1 in their establishment of TRM.
The Transmission Operator included
components of CBM in TRM.
R3.
made the TRMID available to a
requesting entity specified in R3
but provided TRMID in more
than 30 days but less than 45
days.
but provided TRMID in 45 days
or more but less than 60 days.
but provided TRMID in 60 days
or more but less than 90 days.
The Transmission Operator did not make
the TRMID available for 90 days or more.
R4
established TRM values on
schedule BUT the values were
incomplete or incorrect. Not
more than 5% or 1 value
(whichever is greater) were
incorrect or missing.
not establish TRM within
thirteen months of the previous
determination, and the last
determination was not more
than 15 months ago
OR
incomplete. More than 5%, or 1
value (which ever is greater)
were incorrect or missing, but
not more than 10% or 2 values
not establish TRM within 15
determination, and the last
determination was not more
than 18 months ago.
OR
incomplete or incorrect. More
than 10% or 2 values (which
ever is greater) were incorrect
or missing, but not more than
15% or 3 values.
establish TRM
OR
The last determination of TRM was more
than 18 months ago.
OR
The Transmission Operator established
TRM values on schedule BUT the values
were incomplete or incorrect. More than
15% or 3 values (which ever is greater)
were incorrect or missing.
R5
provide the TRM values to all
entities specified in more then 7
days but less than 14 days.
OR
provide TRM values on
incomplete or did not match
those determined in R4. Not
more than 5% or 1 value (which
or missing.
entities specified in 14 days or
more, but less than 30 days.
OR
those determined in R4. More
than 5% or 1 value (which ever
is greater) were incorrect or
missing, but not more than 10%
or 2 values (whichever is
greater).
entities specified in 30 days or
more, but less than 60 days.
OR
those determined in R4. More
than 10% or 2 values (which
or missing, but not more than
15% or 3 values.
provide the TRM values to all entities
specified within 60 days of the change.
OR
The Transmission Operator did provide
TRM values on schedule BUT the values
were incomplete or did not match those
determined in R4. More than 15% or 3
values (which ever is greater) were
incorrect or missing.

Standard MOD-010-0 Steady-State Data for Transmission System Modeling and Simulation

A. Introduction
1. Title: Steady-State Data for Modeling and Simulation of the Interconnected
Transmission System
3. Purpose: To establish consistent data requirements, reporting procedures, and system
models to be used in the analysis of the reliability of the Interconnected Transmission Systems.
4. Applicability:
4.1. Transmission Owners specified in the data requirements and reporting procedures of
MOD-011-0_R1
4.2. Transmission Planners specified in the data requirements and reporting procedures of
MOD-011-0_R1
4.3. Generator Owners specified in the data requirements and reporting procedures of MOD-
011-0_R1
4.4. Resource Planners specified in the data requirements and reporting procedures of MOD-
011-0_R1
B. Requirements
R1. The Transmission Owners, Transmission Planners Generator Owners, and Resource Planners
(specified in the data requirements and reporting procedures of MOD-011-0_R1) shall provide
appropriate equipment characteristics, system data, and existing and future Interchange
Schedules in compliance with its respective Interconnection Regional steady-state modeling
and simulation data requirements and reporting procedures as defined in Reliability Standard
MOD-011-0_R1.
R2. The Transmission Owners, Transmission Planners, Generator Owners, and Resource Planners
this steady-state modeling and simulation data to the Regional Reliability Organizations,
NERC, and those entities specified within Reliability Standard MOD-011-0_R1. If no schedule
exists, then these entities shall provide the data on request (30 calendar days).
C. Measures
M1. The Transmission Owner, Transmission Planner, Generator Owner, and Resource Planner,
(specified in the data requirements and reporting procedures of MOD-011-0_R1) shall have
evidence that it provided equipment characteristics, system data, and Interchange Schedules for
steady-state modeling and simulation to the Regional Reliability Organizations and NERC as
specified in Standard MOD-010-0_R1 and MOD-010-0_R2.
D. Compliance
Compliance Monitor: Regional Reliability Organizations.
Standard MOD-010-0 Steady-State Data for Transmission System Modeling and Simulation

As specified within the applicable reporting procedures (Reliability Standard MOD-011-
0_R2-M1). If no schedule exists, then on request (30 calendar days.)
1.3. Data Retention
None specified.
None.
2.1. Level 1: Steady-state data was provided, but was incomplete in one of the seven
areas identified in Reliability Standard MOD-011-0_R1.
2.3. Level 3: Steady-state data was provided, but was incomplete in two or more of the
seven areas identified in Reliability Standard MOD-011-0_R1.
2.4. Level 4: Steady-state data was not provided.
1. None identified.
Version History

Standard MOD-011-0 Regional Steady-State Data Requirements and Reporting Procedures
A. Introduction
1. Title: Maintenance and Distribution of Steady-State Data Requirements and
Reporting Procedures.
models to be used in the analysis of the reliability of the interconnected transmission systems.
4. Applicability:
4.1. Regional Reliability Organization
B. Requirements
R1. The Regional Reliability Organizations within an Interconnection, in conjunction with the
Transmission Owners, Transmission Planners, Generator Owners, and Resource Planners,
shall develop comprehensive steady-state data requirements and reporting procedures needed
to model and analyze the steady-state conditions for each of the NERC Interconnections:
Eastern, Western, and ERCOT. Within an Interconnection, the Regional Reliability
Organizations shall jointly coordinate the development of the data requirements and reporting
procedures for that Interconnection. The Interconnection-wide requirements shall include the
following steady-state data requirements:
R1.1. Bus (substation): name, nominal voltage, electrical demand supplied (consistent with
the aggregated and dispersed substation demand data supplied per Reliability
Standards MOD-016-0, MOD-017-0, and MOD-020-0), and location.
R1.2. Generating Units (including synchronous condensers, pumped storage, etc.): location,
minimum and maximum Ratings (net Real and Reactive Power), regulated bus and
voltage set point, and equipment status.
R1.3. AC Transmission Line or Circuit (overhead and underground): nominal voltage,
impedance, line charging, Normal and Emergency Ratings (consistent with
methodologies defined and Ratings supplied per Reliability Standard FAC-008-1 and
FAC-009-1) equipment status, and metering locations.
R1.4. DC Transmission Line (overhead and underground): line parameters, Normal and
Emergency Ratings, control parameters, rectifier data, and inverter data.
R1.5. Transformer (voltage and phase-shifting): nominal voltages of windings, impedance,
tap ratios (voltage and/or phase angle or tap step size), regulated bus and voltage set
point, Normal and Emergency Ratings (consistent with methodologies defined and
Ratings supplied per Reliability Standard FAC-008-1 and FAC-009-1), and equipment
status.
R1.6. Reactive Compensation (shunt and series capacitors and reactors): nominal Ratings,
impedance, percent compensation, connection point, and controller device.
R1.7. Interchange Schedules: Existing and future Interchange Schedules and/or assumptions.
R2. The Regional Reliability Organizations within an Interconnection shall document their
Interconnections steady-state data requirements and reporting procedures, shall review those
data requirements and reporting procedures (at least every five years), and shall make the data
requirements and reporting procedures available on request (within five business days) to
Standard MOD-011-0 Regional Steady-State Data Requirements and Reporting Procedures
Regional Reliability Organizations, NERC, and all users of the interconnected transmission
systems.
C. Measures
M1. The Regional Reliability Organization shall have documentation of its Interconnections
steady-state data requirements and reporting procedures and shall provide the documentation as
specified in Reliability Standard MOD-011-0_R2.
D. Compliance
Compliance Monitor: NERC.
Periodic review of data requirements and reporting procedures: at least every five years.
1.3. Data Retention
None specified.
None.
2.1. Level 1: Data requirements and reporting procedures for steady-state data were
provided, but were incomplete in one of the seven areas defined in Reliability Standard
MOD-011-0_R1.
2.2. Level 2: Data requirements and reporting procedures for steady-state data were
provided, but were incomplete in two of the seven areas defined in Reliability Standard
MOD-011-0_R1.
2.4. Level 4: Data requirements and reporting procedures for steady-state data were not
provided, or the data requirements and reporting procedures provided were incomplete
in three or more of the seven areas defined in Reliability Standard MOD-011-0_R1.
1. None identified.
Version History
0 March 18, 2008 Corrected references to FAC-004-0 and
FAC-005-0 since these standards were
retired and replaced with FAC-008-1 and
FAC-009-1.
Errata

Standard MOD-012-0 Dynamics Data for Transmission System Modeling and Simulation

A. Introduction
1. Title: Dynamics Data for Modeling and Simulation of the Interconnected
Transmission System.
4. Applicability:
4.1. Transmission Owners specified in the data requirements and reporting procedures of
MOD-013-0_R1
4.2. Transmission Planners specified in the data requirements and reporting procedures of
MOD-013-0_R1
4.3. Generator Owners specified in the data requirements and reporting procedures of MOD-
013-0_R1
4.4. Resource Planners specified in the data requirements and reporting procedures of MOD-
013-0_R1
B. Requirements
appropriate equipment characteristics and system data in compliance with the respective
Interconnection-wide Regional dynamics system modeling and simulation data requirements
and reporting procedures as defined in Reliability Standard MOD-013-0_R1.
dynamics system modeling and simulation data to its Regional Reliability Organization(s),
NERC, and those entities specified within the applicable reporting procedures identified in
Reliability Standard MOD-013-0_R1. If no schedule exists, then these entities shall provide
data on request (30 calendar days).
C. Measures
M1. The Transmission Owners, Transmission Planners, Generator Owners, and Resource Planners
(specified in the data requirements and reporting procedures of MOD-013-0_R1) shall each
have evidence that it provided equipment characteristics and system data for dynamics system
modeling and simulation in accordance with Reliability Standard MOD-012-0_R1 and
Reliability Standard MOD-012-0_R2.
D. Compliance
Standard MOD-012-0 Dynamics Data for Transmission System Modeling and Simulation

As specified within the applicable reporting procedures (Reliability Standard MOD-
013-0). If no schedule exists, then on request (30 calendar days.)
1.3. Data Retention
None specified.
None.
2.1. Level 1: Dynamics data was provided, but was incomplete in one of the four areas
identified in Reliability Standard MOD-013-0_R1.
2.3. Level 3: Dynamics data was provided, but was incomplete in two or more of the four
areas identified in Reliability Standard MOD-013-0_R1.
2.4. Level 4: Dynamics data was not provided.
1. None identified.
Version History
0 September 16, 2005 Changed references to MOD-013-0 R4
to MOD-013-0 R1 in Applicability,
Requirements, and Measures (4 in all).
Errata

Standard MOD-013-1 RRO Dynamics Data Requirements and Reporting Procedures
Effecti ve Date: Six months after BOT adoption.
A. Introduction
1. Title: Maintenance and Distribution of Dynamics Data Requirements and
Reporting Procedures
4. Applicability:
5. Effective Date: Six months after BOT adoption.
B. Requirements
R1. The Regional Reliability Organization, in coordination with its Transmission Owners,
Transmission Planners, Generator Owners, and Resource Planners, shall develop
comprehensive dynamics data requirements and reporting procedures needed to model and
analyze the dynamic behavior or response of each of the NERC Interconnections: Eastern,
Western, and ERCOT. Within an Interconnection, the Regional Reliability Organizations shall
jointly coordinate on the development of the data requirements and reporting procedures for
that Interconnection. Each set of Interconnection-wide dynamics data requirements shall
include the following dynamics data requirements:
R1.1. Design data shall be provided for new or refurbished excitation systems (for
synchronous generators and synchronous condensers) at least three months prior to the
installation date.
R1.1.1. If design data is unavailable from the manufacturer 3 months prior to the
installation date, estimated or typical manufacturers data, based on
excitation systems of similar design and characteristics, shall be provided.
R1.2. Unit-specific dynamics data shall be reported for generators and synchronous
condensers (including, as appropriate to the model, items such as inertia constant,
damping coefficient, saturation parameters, and direct and quadrature axes reactances
and time constants), excitation systems, voltage regulators, turbine-governor systems,
power system stabilizers, and other associated generation equipment.
R1.2.1. Estimated or typical manufacturers dynamics data, based on units of similar
design and characteristics, may be submitted when unit-specific dynamics
data cannot be obtained. In no case shall other than unit-specific data be
reported for generator units installed after 1990.
R1.2.2. The Interconnection-wide requirements shall specify unit size thresholds for
permitting:
The use of non-detailed vs. detailed models,
The netting of small generating units with bus load, and
The combining of multiple generating units at one plant.
R1.3. Device specific dynamics data shall be reported for dynamic devices, including,
among others, static VAR controllers, high voltage direct current systems, flexible AC
transmission systems, and static compensators.
R1.4. Dynamics data representing electrical Demand characteristics as a function of
frequency and voltage.
R1.5. Dynamics data shall be consistent with the reported steady-state (power flow) data
supplied per Reliability Standard MOD-010 Requirement 1.
R2. The Regional Reliability Organization shall participate in the documentation of its
Interconnections data requirements and reporting procedures and, shall participate in the
review of those data requirements and reporting procedures (at least every five years), and shall
provide those data requirements and reporting procedures to Regional Reliability
Organizations, NERC, and all users of the Interconnected systems on request (within five
business days).
C. Measures
M1. The Regional Reliability Organizations within each Interconnection shall have documentation
of their Interconnections dynamics data requirements and reporting procedures and shall
provide the documentation as specified in Requirement 2.
D. Compliance
Data requirements and reporting procedures: on request (five business days).
Periodic review of data requirements and reporting procedures: at least every five years.
1.3. Data Retention
None specified.
None.
2.1. Level 1: Data requirements and reporting procedures for dynamics data were
provided, but were incomplete in one of the five areas defined in R1.
2.3. Level 3: Data requirements and reporting procedures provided were incomplete in
two or more of the five areas defined in R1.
2.4. Level 4: Data requirements and reporting procedures for dynamics data were not
provided, or the data requirements and reporting procedures provided were incomplete in
three or more of the five areas defined in R1.
None identified.
Version History

Standard MOD-014-0 Development of Interconnection-Specific Steady State System Models

A. Introduction
1. Title: Development of Steady-State System Models
4. Applicability:
B. Requirements
R1. The Regional Reliability Organization(s) within each Interconnection shall coordinate and
jointly develop and maintain a library of solved (converged) Interconnection-specific steady-
state system models. The Interconnection-specific models shall include near- and longer-term
planning horizons that are representative of system conditions for projected seasonal peak,
minimum, and other appropriate system demand levels.
R2. The Regional Reliability Organization(s) within each Interconnection shall coordinate and
jointly develop steady-state system models annually for selected study years, as determined by
the Regional Reliability Organizations within its Interconnection. The Regional Reliability
Organization shall provide the most recent solved (converged) Interconnection-specific steady-
state models to NERC in accordance with each Interconnections schedule for submission.
C. Measures
M1. Each Regional Reliability Organization shall have Interconnection-specific steady-state system
models as specified in MOD-014-0_R1 and MOD-014-0_R2.
D. Compliance
Development of steady-state system models: annually, as determined by each
Interconnections schedule.
Most recent steady-state system models: 30 calendar days.
1.3. Data Retention
None specified.
None.
Standard MOD-014-0 Development of Interconnection-Specific Steady State System Models

2.1. Level 1: One of a Regional Reliability Organizations cases either was not submitted
by each Interconnections data submission deadlines, or was submitted by the data
submission deadline but was not fully solved/initialized or had other identified errors, or
corrections were not submitted by the correction submittal deadline.
2.2. Level 2: Two of a Regional Reliability Organizations cases were either not
submitted by each Interconnections data submission deadlines, or were submitted by the
data submission deadline but were not fully solved/initialized or had other identified
errors, or corrections were not submitted by the correction submittal deadline (or a
combination thereof).
2.3. Level 3: Three of a Regional Reliability Organizations cases were either not
2.4. Level 4: Four or more of a Regional Reliability Organizations cases were either not
1. None identified.
Version History

Standard MOD-015-0 Development of Interconnection-Specific Dynamics System Models
Adopted by NERC Board of Trustees: February 8, 2005 Page 1 of 2
A. Introduction
1. Title: Development of Dynamics System Models
3. Purpose: To establish consistent data requirements, reporting procedures, and
system models to be used in the analysis of the reliability of the interconnected
transmission systems.
4. Applicability:
B. Requirements
R1. The Regional Reliability Organization(s) within each Interconnection shall coordinate
and jointly develop and maintain a library of initialized (with no Faults or system
Disturbances) Interconnection-specific dynamics system models linked to the steady-
state system models, as appropriate, of Reliability Standard MOD-014-0_R1.
R1.1. The Regional Reliability Organization(s) shall develop Interconnection-
specific dynamics system models for at least two timeframes (present or near-
term model and a future or longer-term model), and additional seasonal and
demand level models, as necessary, to analyze the dynamic response of that
Interconnection.
R2. The Regional Reliability Organization(s) within each Interconnection shall develop
Interconnection dynamics system models for their Interconnection annually for
selected study years as determined by the Regional Reliability Organization(s) within
each Interconnection and shall provide the most recent initialized (approximately 25
seconds, no-fault) models to NERC in accordance with each Interconnections
schedule for submission.
C. Measures
M1. The Regional Reliability Organization shall have Interconnection-specific dynamics
system models in accordance with Reliability Standard MOD-015-0 Requirement 1
and MOD-015-0 Requirement 2.
D. Compliance
Development of dynamics system models: annually in accordance with each
Most recent dynamics system models: 30 calendar days.

1.3. Data Retention
Standard MOD-015-0 Development of Interconnection-Specific Dynamics System Models
None specified.
None.
2.1. Level 1: One of a Regional Reliability Organizations cases was either not
submitted by each Interconnections data submission deadlines, or was submitted
by the data submission deadline but was not fully solved/initialized or had other
identified errors, or corrections were not submitted by the correction submittal
deadline.
submitted by each Interconnections data submission deadlines, or were submitted
by the data submission deadline but were not fully solved/initialized or had other
deadline (or a combination thereof).
2.3. Level 3: Three of a Regional Reliability Organizations cases were either not
2.4. Level 4: Four or more of a Regional Reliability Organizations cases were
either not submitted by each Interconnections data submission deadlines, or were
submitted by the data submission deadline but were not fully solved/initialized or
had other identified errors, or corrections were not submitted by the correction
submittal deadline (or a combination thereof).
1. None.
Version History
0 April 1, 2005 Corrected typo in Section M1.
removed reference to Requirement 3.
J anuary 26, 2007

Standard MOD-015-0.1 Development of Interconnection-Specific Dynamics System
Models

Page 1 of 2

A. Introduction
1. Title: Development of Dynamics System Models
2. Number: MOD-015-0.1
3. Purpose: To establish consistent data requirements, reporting procedures, and
system models to be used in the analysis of the reliability of the interconnected
4. Applicability:
5. Effective Date: Immediately after approval of applicable regulatory authorities
B. Requirements
R1. The Regional Reliability Organization(s) within each Interconnection shall coordinate
and jointly develop and maintain a library of initialized (with no Faults or system
Disturbances) Interconnection-specific dynamics system models linked to the
steadystate system models, as appropriate, of Reliability Standard MOD-014-0_R1.
R1.1. R1.1. The Regional Reliability Organization(s) shall develop Interconnection
specific dynamics system models for at least two timeframes (present or near-
term model and a future or longer-term model), and additional seasonal and
demand level models, as necessary, to analyze the dynamic response of that
Interconnection.
R2. The Regional Reliability Organization(s) within each Interconnection shall develop
Interconnection dynamics system models for their Interconnection annually for
selected study years as determined by the Regional Reliability Organization(s) within
each Interconnection and shall provide the most recent initialized (approximately 25
seconds, no-fault) models to NERC in accordance with each Interconnections
schedule for submission.
C. Measures
M1. The Regional Reliability Organization shall have Interconnection-specific dynamics
system models in accordance with Reliability Standard MOD-015-0 Requirement 1
and MOD-015-0 Requirement 2.
D. Compliance
Development of dynamics system models: annually in accordance with each
Most recent dynamics system models: 30 calendar days.
1.3. Data Retention
Standard MOD-015-0.1 Development of Interconnection-Specific Dynamics System
Models

Page 2 of 2

None specified.
None.
2.1. Level 1: One of a Regional Reliability Organizations cases was either not
submitted by each Interconnections data submission deadlines, or was submitted
by the data submission deadline but was not fully solved/initialized or had other
deadline.
2.3. Level 3: Three of a Regional Reliability Organizations cases were either
not submitted by each Interconnections data submission deadlines, or were
2.4. Level 4: Four or more of a Regional Reliability Organizations cases were
either not submitted by each Interconnections data submission deadlines, or were
1. None.
Version History
0 April 1, 2005 Corrected typo in Section M1. removed
reference to Requirement R3.
J anuary 26, 2007

0 February 8,
2005

0.1 October 29,
2008
BOT adopted errata changes; changed
Errata

Standard MOD-016-1.1 Actual and Forecas t Demands , Net Energy for Load, Controllable DSM
Page 1 of 3

A. Introduction
1. Title: Documentation of Data Reporting Requirements for Actual and
Forecast Demands, Net Energy for Load, and Controllable Demand-Side
Management
3. Purpose: Ensure that accurate, actual Demand data is available to support
assessments and validation of past events and databases. Forecast Demand data is
needed to perform future system assessments to identify the need for system
reinforcements for continued reliability. In addition, to assist in proper real-time
operating, Load information related to controllable Demand-Side Management (DSM)
programs is needed.
4. Applicability:
4.1. Planning Authority.
B. Requirements
R1. The Planning Authority and Regional Reliability Organization shall have
documentation identifying the scope and details of the actual and forecast (a) Demand
data, (b) Net Energy for Load data, and (c) controllable DSM data to be reported for
system modeling and reliability analyses.
R1.1. The aggregated and dispersed data submittal requirements shall ensure that
consistent data is supplied for Reliability Standards TPL-005, TPL-006, MOD-
010, MOD-011, MOD-012, MOD-013, MOD-014, MOD-015, MOD-016,
MOD-017, MOD-018, MOD-019, MOD-020, and MOD-021.
The data submittal requirements shall stipulate that each Load-Serving Entity
count its customer Demand once and only once, on an aggregated and
dispersed basis, in developing its actual and forecast customer Demand values.
R2. The Regional Reliability Organization shall distribute its documentation required in
Requirement 1 and any changes to that documentation, to all Planning Authorities that
work within its Region.
R2.1. The Regional Reliability Organization shall make this distribution within 30
calendar days of approval.
R3. The Planning Authority shall distribute its documentation required in R1 for reporting
customer data and any changes to that documentation, to its Transmission Planners and
Load-Serving Entities that work within its Planning Authority Area.
R3.1. The Planning Authority shall make this distribution within 30 calendar days of
approval.
Page 2 of 3

C. Measures
M1. The Planning Authority and Regional Reliability Organizations documentation for
actual and forecast customer data shall contain all items identified in R1.
M2. The Regional Reliability Organization shall have evidence it provided its actual and
forecast customer data reporting requirements as required in Requirement 2.
M3. The Planning Authority shall have evidence it provided its actual and forecast customer
data and reporting requirements as required in Requirement 3.
D. Compliance
Compliance Monitor for Planning Authority: Regional Reliability Organization.
Compliance Monitor for Regional Reliability Organization: NERC.
One calendar year.
1.3. Data Retention
For the Regional Reliability Organization and Planning Authority: Current
version of the documentation.
For the Compliance Monitor: Three years of audit information.
The Regional Reliability Organization and Planning Authority shall each
demonstrate compliance through self-certification or audit (periodic, as part of
targeted monitoring or initiated by complaint or event), as determined by the
Compliance Monitor.
2.1. Level 1: Documentation does not address completeness and double counting of
customer data.
2.2. Level 2: Documentation did not address one of the three types of data required in
R1 (Demand data, Net Energy for Load data, and controllable DSM data).
2.3. Level 3: No evidence documentation was distributed as required.
2.4. Level 4: Either the documentation did not address two of the three types of data
required in R1 (Demand data, Net Energy for Load data, and controllable DSM
data) or there was no documentation.
None identified.
Page 3 of 3

Version History
1 November 1, 2006 Corrected sequential numbering
problem in Sections R2. and R3.
Errata
1 May 2, 2006 Adopted by NERC Board of
Trustees

1.1 October 29, 2008 BOT adopted errata changes;
updated version number to 1.1
Errata
1.1 May 13, 2009 FERC Approved Updated
Effective Date
Revised

Standard MOD-017-0.1 Aggregated Actual and Forecas t Demands and Net Energy for
Load
Page 1 of 2
A. Introduction
1. Title: Aggregated Actual and Forecast Demands and Net Energy for Load
3. Purpose: To ensure that assessments and validation of past events and databases can
be performed, reporting of actual Demand data is needed. Forecast demand data is
needed to perform future system assessment to identify the need for system
reinforcement for continued reliability. In addition to assist in proper real-time
operating, load information related to controllable Demand-Side Management
programs is needed.
4. Applicability:
4.3. Resource Planner.
B. Requirements
R1. The Load-Serving Entity, Planning Authority and Resource Planner shall each provide
the following information annually on an aggregated Regional, subregional, Power
Pool, individual system, or Load-Serving Entity basis to NERC, the Regional
Reliability Organizations, and any other entities specified by the documentation in
Standard MOD-016-1_R1.
R1.1. Integrated hourly demands in megawatts (MW) for the prior year.
R1.2. Monthly and annual peak hour actual demands in MW and Net Energy for
Load in gigawatthours (GWh) for the prior year.
R1.3. Monthly peak hour forecast demands in MW and Net Energy for Load in GWh
for the next two years.
R1.4. Annual Peak hour forecast demands (summer and winter) in MW and annual
Net Energy for load in GWh for at least five years and up to ten years into the
future, as requested.
C. Measures
M1. Load-Serving Entity, Planning Authority, and Resource Planner shall each provide
evidence to its Compliance Monitor that it provided load data per Standard MOD-017-
0_R1.
D. Compliance
Standard MOD-017-0.1 Aggregated Actual and Forecas t Demands and Net Energy for
Load
Page 2 of 2
Annually or as specified in the documentation (Standard MOD-016-1_R1.)
1.3. Data Retention
None specified.
None.
3. Level 1: Did not provide actual and forecast demands and Net Energy for Load
data in one of the four areas as required in Reliability Standard MOD-017-0_R1.
data in two of the four areas as required in Reliability Standard MOD-017-0_R1.
data in three of the four areas as required in Reliability Standard MOD-017-0_R1.
data in any of the areas as required in Reliability Standard MOD-017-0_R1.
None identified.
Version History
0 April 18, 2008 Revised R1. And D1.2. to reflect
update in version from MOD-016-
0_R1 to MOD-016-1_R1.
Errata
0 February 8, 2005 Adopted By NERC Board of Trustees
0.1 October 29, 2008 BOT adopted errata changes; updated
Errata
0.1 May 13, 2009 FERC Approved Updated Effective
Date
Revised

Standard MOD-018-0 Reports of Actual and Forecast Demand Data

A. Introduction
1. Title: Treatment of Nonmember Demand Data and How Uncertainties are
Addressed in the Forecasts of Demand and Net Energy for Load
3. Purpose: To ensure that Assessments and validation of past events and databases can be
performed, reporting of actual demand data is needed. Forecast demand data is needed to
perform future system assessments to identify the need for system reinforcement for continued
reliability. In addition, to assist in proper real-time operating, load information related to
controllable Demand-Side Management programs is needed.
4. Applicability:
4.4. Resource Planner
B. Requirements
R1. The Load-Serving Entity, Planning Authority, Transmission Planner and Resource Planners
report of actual and forecast demand data (reported on either an aggregated or dispersed basis)
shall:
R1.1. Indicate whether the demand data of nonmember entities within an area or Regional
Reliability Organization are included, and
R1.2. Address assumptions, methods, and the manner in which uncertainties are treated in
the forecasts of aggregated peak demands and Net Energy for Load.
R1.3. Items (MOD-018-0_R1.1) and (MOD-018-0_R1.2) shall be addressed as described in
the reporting procedures developed for Standard MOD-016-0_R1.
R2. The Load-Serving Entity, Planning Authority, Transmission Planner and Resource Planner
shall each report data associated with Reliability Standard MOD-018-0_R1 to NERC, the
Regional Reliability Organization, Load-Serving Entity, Planning Authority, and Resource
Planner on request (within 30 calendar days).
C. Measures
M1. The Load-Serving Entity, Planning Authority, Transmission Planner, and Resource Planner
shall each provide evidence to its Compliance Monitor that its actual and forecast demand data
were addressed as described in the reporting procedures developed for Reliability Standard
MOD-018-0_R1.
M2. The Load-Serving Entity, Planning Authority, Transmission Planner, and Resource Planner
shall each report current information for Reliability Standard MOD-018-0_R1 to NERC, the
Regional Reliability Organization, Load-Serving Entity, Planning Authority, and Resource
Planner on request (within 30 calendar days).
Standard MOD-018-0 Reports of Actual and Forecast Demand Data

D. Compliance
Regional Reliability Organizations.
On Request (within 30 calendar days).
1.3. Data Retention
None specified.
None.
2.1. Level 1: Information for Reliability Standard MOD-018-0 item R1.1 or R1.2 was not
provided.
2.2. Level 2: Information for Reliability Standards MOD-018-0 items R1.1 and R1.2 was
not provided.
1. None identified.
Version History

Standard MOD-019-0.1 Forecas ts of Interruptible Demands and DCLM Data
Page | 1

A. Introduction
1. Title: Reporting of Interruptible Demands and Direct Control Load
Management
3. Purpose: To ensure that assessments and validation of past events and databases can
be performed, reporting of actual demand data is needed. Forecast demand data is
needed to perform future system assessments to identify the need for system
reinforcement for continued reliability. In addition, to assist in proper real-time
operating, load information related to controllable Demand-Side Management
programs is needed.
4. Applicability:
4.3. Transmission Planner.
4.4. Resource Planner.
B. Requirements
R1. The Load-Serving Entity, Planning Authority, Transmission Planner, and Resource
Planner shall each provide annually its forecasts of interruptible demands and Direct
Control Load Management (DCLM) data for at least five years and up to ten years into
the future, as requested, for summer and winter peak system conditions to NERC, the
Regional Reliability Organizations, and other entities (Load-Serving Entities, Planning
Authorities, and Resource Planners) as specified by the documentation in Reliability
C. Measures
M1. The Load-Serving Entity, Planning Authority, Transmission Planner, and Resource
Planner shall each provide evidence to its Compliance Monitor that it provided
forecasts of interruptible demands and DCLM data per Reliability Standard MOD-019-
0_R1.
D. Compliance
Each Regional Reliability Organization.
Annually or as specified in the documentation (Reliability Standard MOD-016-
1_R1.)
1.3. Data Retention
Standard MOD-019-0.1 Forecas ts of Interruptible Demands and DCLM Data
Page | 2

None specified.
None.
2.4. Level 4: Did not provide forecasts of interruptible Demands and DCLM
data as required in Standard MOD-019-0_R1.
None identified.
Version History
0 February 8,
2005
Approved by BOT Revised
0 July 24, 2007 Changed reference R1. and Dl.1.2. to
MOD-016-0_R1 to MOD-016-1_R1.
(New version number.)
Errata
0.1 October 29,
2008
version number to 0.1.
Errata
Date
Revised

Standard MOD-020-0 Providing Interruptible Demands and DCLM Data

A. Introduction
1. Title: Providing Interruptible Demands and Direct Control Load Management
Data to System Operators and Reliability Coordinators
3. Purpose: To ensure that assessments and validation of past events and databases can be
performed, reporting of actual demand data is needed. Forecast demand data is needed to
reliability. In addition to assist in proper real-time operating, load information related to
controllable Demand-Side Management programs is needed.
4. Applicability:
B. Requirements
R1. The Load-Serving Entity, Transmission Planner, and Resource Planner shall each make known
its amount of interruptible demands and Direct Control Load Management (DCLM) to
Transmission Operators, Balancing Authorities, and Reliability Coordinators on request within
30 calendar days.
C. Measures
M1. The Load-Serving Entity, Transmission Planner, and Resource Planner each make known its
amount of interruptible demands and DCLM to Transmission Operators, Balancing Authorities
and Reliability Coordinators on request within 30 calendar days.
D. Compliance
On request (within 30 calendar days).
1.3. Data Retention
None specified.
None.
2.1. Level 1: Interruptible Demands and DCLM data were provided to Reliability
Coordinators, Balancing Authorities, and Transmission Operators, but were incomplete.
Standard MOD-020-0 Providing Interruptible Demands and DCLM Data

2.4. Level 4: Interruptible Demands and DCLM data were not provided to Reliability
Coordinators, Balancing Authorities, and Transmission Operators.
1. None identified.
Version History

Standard MOD-021-1 Accounting Methodology for Effects of DSM in Forecasts
Adopted by Board of Trustees: August 5, 2010 1 of 2
A. Introduction
1. Title: Documentation of the Accounting Methodology for the Effects of Demand-
Side Management in Demand and Energy Forecasts.
3. Purpose: To ensure that assessments and validation of past events and databases can be
performed, reporting of actual Demand data is needed. Forecast demand data is needed to
reliability. In addition, to assist in proper real-time operating, load information related to
Demand-Side Management (DSM) programs is needed.
4. Applicability:
5. (Proposed) Effective Date: The first day of the first calendar quarter after applicable
regulatory approval; or in those jurisdictions where no regulatory approval is required, the first
day of the first calendar quarter after Board of Trustees adoption.
B. Requirements
R1. The Load-Serving Entity, Transmission Planner and Resource Planners forecasts shall each
clearly document how the Demand and energy effects of DSM programs (such as conservation,
time-of-use rates, interruptible Demands, and Direct Control Load Management) are addressed.
R2. The Load-Serving Entity, Transmission Planner and Resource Planner shall each include
information detailing how Demand-Side Management measures are addressed in the forecasts
of its Peak Demand and annual Net Energy for Load in the data reporting procedures of
R3. The Load-Serving Entity, Transmission Planner and Resource Planner shall each make
documentation on the treatment of its DSM programs available to NERC on request (within 30
calendar days).
C. Measures
M1. The Load-Serving Entity, Transmission Planner and Resource Planner forecasts clearly
document how the demand and energy effects of DSM programs (such as conservation, time-
of-use rates, interruptible demands, and Direct Control Load Management) are addressed.
M2. The Load-Serving Entity, Transmission Planner and Resource Planner information detailing
how Demand-Side Management measures are addressed in the forecasts of Peak Demand and
annual Net Energy for Load are included in the data reporting procedures of Reliability
M3. The Load-Serving Entity, Planning Authority and Resource Planner shall each provide
evidence to its Compliance Monitor that it provided documentation on the treatment of DSM
programs to NERC as requested (within 30 calendar days).
D. Compliance
Standard MOD-021-1 Accounting Methodology for Effects of DSM in Forecasts
Adopted by Board of Trustees: August 5, 2010 2 of 2
Regional Entity.
Compliance Audits
Self-Certifications
Spot Checking
Self-Reporting
Complaints
1.4. Data Retention
None specified.
None.
1. None identified.
Version History
0.1 April 15, 2009 R1. comma inserted after Load-Serving
Entity

0.1 December 10, 2009 Approved by FERC Added effective date Update
1 TBD Modified to address Order No. 693
Directives contained in paragraph 1300.
Revised.

Standard MOD-024-1 Verification of Generator Gross and Net Real Power Capability
Effecti ve Date: Phased through January 1, 2007
A. Introduction
1. Title: Verification of Generator Gross and Net Real Power Capability
3. Purpose: To ensure accurate information on generator gross and net Real Power capability
is available for steady-state models used to assess Bulk Electric System reliability.
4. Applicability
5. Effective Dates:
Requirement 1 and Requirement 2 April 1, 2006.
Requirement 3 J anuary 1, 2007.
B. Requirements
R1. The Regional Reliability Organization shall establish and maintain procedures to address
verification of generator gross and net Real Power capability. These procedures shall include
the following:
R1.1. Generating unit exemption criteria including documentation of those units that are
exempt from a portion or all of these procedures.
R1.2. Criteria for reporting generating unit auxiliary loads.
R1.3. Acceptable methods for model and data verification, including any applicable
conditions under which the data should be verified. Such methods can include use of
manufacturer data, commissioning data, performance tracking, and testing, etc.
R1.4. Periodicity and schedule of model and data verification and reporting.
R1.5. Information to be verified and reported:
R1.5.1. Seasonal gross and net Real Power generating capabilities.
R1.5.2. Real power requirements of auxiliary loads.
R1.5.3. Method of verification, including date and conditions.
R2. The Regional Reliability Organization shall provide its generator gross and net Real Power
capability verification and reporting procedures, and any changes to those procedures, to the
Generator Owners, Generator Operators, Transmission Operators, Planning Authorities, and
Transmission Planners affected by the procedure within 30 calendar days of the approval.
R3. The Generator Owner shall follow its Regional Reliability Organizations procedures for
verifying and reporting its gross and net Real Power generating capability per R1.
C. Measures
M1. The Regional Reliability Organization shall have available for inspection the procedures for the
verification and reporting of generator gross and net Real Power capability in accordance with
R1.
M2. The Regional Reliability Organization shall have evidence that its procedures, and any
revisions to those procedures, for verification and reporting of generator gross and net Real
Power capability were provided to affected Generator Owners, Generator Operators,
Transmission Operators, Planning Authorities, and Transmission Planners within 30 calendar
days of approval.
M3. The Generator Owner shall have evidence it provided verified information of its generator
gross and net Real Power capability, consistent with that Regional Reliability Organizations
procedures.
D. Compliance
For Regional Reliability Organization: NERC
For Generator Owner: Regional Reliability Organization.
One calendar year.
1.3. Data Retention
The Regional Reliability Organization shall retain both the current and previous versions
of the procedures.
The Generator Owner shall retain information from the most current and prior
verification.
The Compliance Monitor shall retain any audit data for three years.
The Regional Reliability Organization and Generator Owner shall each demonstrate
compliance through self-certification or audit (periodic, as part of targeted monitoring or
initiated by complaint or event), as determined by the Compliance Monitor.
2. Levels of Non-Compliance for Regional Reliability Organization:
2.1.1 Procedures did not meet one of the following requirements: R1.1, R1.2, R1.4
2.1.2 No evidence that procedures were distributed as required in R2.
2.2. Level 2: There shall be a level two non-compliance if both of the following
conditions are present:
2.2.1 Procedures did not meet two of the following requirements: R1.1, R1.2, R1.4
2.3. Level 3: Procedures did not meet R1.3.
2.4. Level 4: Procedures did not meet either R1.5.1, R1.5.2 or R1.5.3
3. Levels of Non-Compliance for Generator Owner:
3.1. Level 1: Complete, verified generator data were provided for 98% or more but less than
100% of a generator owner's units as required by the regional procedures.
3.2. Level 2: Complete, verified generator data were provided for than 96% or more, but less
than 98% of a generator owners units as required by the regional procedures.
3.3. Level 3: Complete, verified generator data were provided for 94% or more, but less than
96% of a generator owners units as required by the regional procedures.
3.4. Level 4: Complete, verified generator data were provided for less than 94% of a
generator owners units as required by the regional procedures.
None identified.
Version History
Version 1 12/01/05 1. Changed tabs in footer.
2. Removed comma after 2004 in
Development Steps Completed, #1.
3. Changed incorrect use of certain
hyphens (-) to en dash () and em
dash ().
appropriate.
5. Changed apostrophes to smart
symbols.
6. Changed Timeframe to Time Frame
in item D, 1.2.
7. Lower cased all instances of regional
in section D.3.
8. Removed the word less after 94% in
section 3.4. Level 4.
01/20/06

Standard MOD-025-1 Verification of Generator Gross and Net Reactive Power Capability
Effecti ve Dates: Phased through January 1, 2012
A. Introduction
1. Title: Verification of Generator Gross and Net Reactive Power Capability
3. Purpose: To ensure accurate information on generator gross and net Reactive Power
capability is available for steady-state models used to assess Bulk Electric System reliability.
4. Applicability
5. Effective Dates:
Requirement 1 and Requirement 2 J anuary 1, 2007
Requirement 3:
J anuary 1, 2008 1
st
20% compliant
J anuary 1, 2009 2
nd
20% compliant
J anuary 1, 2010 3
rd
20% compliant
J anuary 1, 2011 4
th
20% compliant
J anuary 1, 2012 5
th
20% compliant
B. Requirements
R1. The Regional Reliability Organization shall establish and maintain procedures to address
verification of generator gross and net Reactive Power capability. These procedures shall
include the following:
R1.1. Generating unit exemption criteria including documentation of those units that are
exempt from a portion or all of these procedures.
R1.2. Criteria for reporting generating unit auxiliary loads.
R1.3. Acceptable methods for model and data verification, including any applicable
conditions under which the data should be verified. Such methods can include use of
commissioning data, performance tracking, engineering analysis, testing, etc.
R1.4. Periodicity and schedule of model and data verification and reporting.
R1.5. Information to be reported:
R1.5.1. Verified maximum gross and net Reactive Power capability (both lagging
and leading) at Seasonal Real Power generating capabilities as reported in
accordance with Reliability Standard MOD-024 Requirement 1.5.1.
R1.5.2. Verified Reactive Power limitations, such as generator terminal voltage
limitations, shorted rotor turns, etc.
R1.5.3. Verified Reactive Power of auxiliary loads.
R1.5.4. Method of verification, including date and conditions.
R2. The Regional Reliability Organization shall provide its generator gross and net Reactive Power
capability verification and reporting procedures, and any changes to those procedures, to the
Generator Owners, Generator Operators, Transmission Operators, Planning Authorities, and
Transmission Planners affected by the procedure within 30 calendar days of the approval.
R3. The Generator Owner shall follow its Regional Reliability Organizations procedures for
verifying and reporting its gross and net Reactive Power generating capability per R1.
C. Measures
M1. The Regional Reliability Organization shall have available for inspection the procedures for the
verification and reporting of generator gross and net Reactive Power capability in accordance
with R1.
M2. The Regional Reliability Organization shall have evidence that its procedures, and any
revisions to these procedures, for verification and reporting of generator gross and net Reactive
Power capability were provided to affected Generator Owners, Generator Operators,
Transmission Operators, Planning Authorities, and Transmission Planners within 30 calendar
days of approval.
M3. The Generator Owner shall have evidence it provided verified information of its generator
gross and net Reactive Power capability, consistent with that Regional Reliability
Organizations procedures.
D. Compliance
For Regional Reliability Organization: NERC.
For Generator Owner: Regional Reliability Organization.
One calendar year.
1.3. Data Retention
The Regional Reliability Organization shall retain both the current and previous version
of the procedures.
The Generator Owner shall retain information from the most current and prior
verification.
The Regional Reliability Organization and Generator Owner shall each demonstrate
2. Levels of Non-Compliance for Regional Reliability Organization:
2.1.1 Procedures did not meet one of the following requirements: R1.1, R1.2 or R1.4.
2.2. Level 2: Procedures did not meet two or three of the following requirements: R1.1,
R1.2 or R1.4.
2.3. Level 3: Procedures did not meet R1.3.
2.4. Level 4: Procedures did not meet R1.5.1, R1.5.2, R1.5.3, or R1.5.4.
3. Levels of Non-Compliance for Generator Owner:
3.1. Level 1: Complete, verified generator data were provided for 98% or more but less than
100% of a Generator Owners units as required by the regional procedures.
3.2. Level 2: Complete, verified generator data were provided for than 96% or more, but less
than 98% of a Generator Owners units as required by the regional procedures.
3.3. Level 3: Complete, verified generator data were provided for 94% or more, but less than
96% of a Generator Owners units as required by the regional procedures.
3.4. Level 4: Complete, verified generator data were provided for less than 94% less of a
Generator Owners units as required by the regional procedures.
None identified.
Version History
Version 1 12/01/05 1. Changed tabs in footer.
dash ().
appropriate.
symbols.
in item D, 1.2.
7. Lower cased all instances of regional
in section D.3.
01/20/06

Standard MOD-025-2 Verification and Data Reporting of Generator Real and Reactive
Power Capability and Synchronous Condenser Reactive Power Capability
Page 1 of 20

A. Introduction
1. Title: Verification and Data Reporting of Generator Real and Reactive Power
Capability and Synchronous Condenser Reactive Power Capability
3. Purpose: To ensure that accurate information on generator gross and net Real and
Reactive Power capability and synchronous condenser Reactive Power capability is
available for planning models used to assess Bulk Electric System (BES) reliability.
4. Applicability:
4.1. Functional entities
4.1.2 Transmission Owner that owns synchronous condenser(s)
4.2. Facilities:
For the purpose of this standard, the term, applicable Facility shall mean any one of
the following:
4.2.1 Individual generating unit greater than 20 MVA (gross nameplate rating)
directly connected to the Bulk Electric System.
4.2.2 Synchronous condenser greater than 20 MVA (gross nameplate rating)
4.2.3 Generating plant/Facility greater than 75 MVA (gross aggregate
nameplate rating) directly connected to the Bulk Electric System.
5. Effective Date:
5.1. In those jurisdictions where regulatory approval is required
1
:
5.1.1 By the first day of the first calendar quarter, two calendar years following
applicable regulatory approval, or as otherwise made effective pursuant to
the laws applicable to such ERO governmental authorities, each Generator
Owner and Transmission Owner shall have verified at least 40 percent of
its applicable Facilities.
5.1.2 By the first day of the first calendar quarter, three calendar years following
5.1.3 By the first day of the first calendar quarter, four calendar years following

1
Wind Farm Verification - If an entity has two wind sites, and verification of one site is complete, the entity is 50%
complete regardless of the number of turbines at each site. A wind site is a group of wind turbines connected at a
common point of interconnection or utilizing a common aggregate control system.
Page 2 of 20

5.1.4 By the first day of the first calendar quarter, five calendar years following
Owner and Transmission Owner shall have verified 100 percent of its
applicable Facilities.
5.2. In those jurisdictions where regulatory approval is not required
2
:
Board of Trustees approval, each Generator Owner and Transmission
Owner shall have verified at least 40 percent of its applicable Facilities.
Owner shall have verified 100 percent of its applicable Facilities.
Note: The verification percentage above is based on the number of applicable units owned.

2
Wind farm verification - If an entity has two wind sites, and verification of one site is complete, the entity is 50%
complete regardless of the number of turbines at each site. A wind site is a group of wind turbines connected at a
common point of interconnection or utilizing a common aggregate control system.
Page 3 of 20

Requirements
R1. Each Generator Owner shall provide its Transmission Planner with verification of the
Real Power capability of its applicable Facilities as follows: [Violation Risk Factor:
Medium] [Time Horizon: Long-term Planning]
1.1. Verify the Real Power capability of its generating units in accordance with
Attachment 1.
1.2. Submit a completed Attachment 2 (or a form containing the same information as
identified in Attachment 2) to its Transmission Planner within 90 calendar days of
either (i) the date the data is recorded for a staged test; or (ii) the date the data is
selected for verification using historical operational data.
R2. Each Generator Owner shall provide its Transmission Planner with verification of the
Reactive Power capability of its applicable Facilities as follows: [Violation Risk
Factor: Medium] [Time Horizon: Long-term Planning]
2.1. Verify, in accordance with Attachment 1, (i) the Reactive Power capability of its
generating units and (ii) the Reactive Power capability of its synchronous
condenser units.
R3. Each Transmission Owner shall provide its Transmission Planner with verification of
the Reactive Power capability of its applicable Facilities as follows: [Violation Risk
3.1. Verify, in accordance with Attachment 1, the Reactive Power capability of its
synchronous condenser units.
B. Measures
M1. Each Generator Owner will have evidence that it performed the verification, such as a
completed Attachment 2 or the Generator Owner form with the same information or
dated information collected and used to complete attachments, and will have evidence
that it submitted the information within 90 days to its Transmission Planner; such as
dated electronic mail messages or mail receipts in accordance with Requirement R1.
M2. Each Generator Owner will have evidence that it performed the verification, such as a
completed Attachment 2 or the Generator Owner form with the same information, or
dated information collected and used to complete attachments and will have evidence
that it submitted the information within 90 days to its Transmission Planner; such as
dated electronic mail messages or mail receipts in accordance with Requirement R2.
Page 4 of 20

M3. Each Transmission Owner will have evidence that it performed the verification, such as
a completed Attachment 2 or the Transmission Owner form with equivalent
information or dated information collected and used to complete attachments, and will
have evidence that it submitted the information within 90 days to its Transmission
Planner; such as dated electronic mail messages or mail receipts in accordance with
Requirement R3.
C. Compliance
The Regional Entity shall serve as the Compliance enforcement authority unless
the applicable entity is owned, operated, or controlled by the Regional Entity. In
such cases the ERO or a Regional entity approved by FERC or other applicable

1.2. Evidence Retention
The following evidence retention periods identify a period of time an entity is
where the evidence retention specified below is shorter than the time since the last
compliance audit, the Compliance Enforcement Authority may ask an entity to
the last audit.
The Generator Owner and Transmission Owner shall each keep the data or
evidence to show compliance as identified below, unless directed by its
Compliance Enforcement Authority to retain specific evidence for a longer period
of time as part of an investigation:
The Generator Owner shall retain the latest MOD-025 Attachment 2 and
the data behind Attachment 2 or Generator Owner form with equivalent
information and submittal evidence for Requirements R1 and R2,
Measures M1 and M2 for the time period since the last compliance
audit.
The Transmission Owner shall retain the latest MOD-025 Attachment 2
and the data behind Attachment 2 or Transmission Owner form with
equivalent information and submittal evidence for Requirement R3,
Measure M3 for the time period since the last compliance audit.
If a Generator Owner or Transmission Owner is found noncompliant, it shall keep
information related to the noncompliance until mitigation is complete or for the
time specified above, whichever is longer.

Page 5 of 20

Compliance Audit
Self-Certification
Spot Checking
Self-Reporting
Complaint
None
Standard MOD-025-2 Verification and Data Reporting of Generator Real and Reactive Power Capability and Synchronous
Condenser Reactive Power Capability
Page 6 of 20

verified and recorded the
Real Power capability of
its applicable generating
unit, but submitted the data
to its Transmission Planner
days, but within 120
calendar days, of the date
the data is recorded for a
staged test or the date the
data is selected for
verification using historical
operational data.

OR

The Generator Owner
verified the Real Power
capability, per Attachment
1 and submitted the data
but was missing 1 to less
than or equal to 33 percent
of the data.

The Generator Owner
Real Power capability of its
applicable generating unit,
but submitted the data to its
Transmission Planner more
than 120 calendar days, but
within 150 calendar days, of
the date the data is recorded
for a staged test or the date
the data is selected for
verification using historical
operational data.

OR

The Generator Owner
verified the Real Power
capability, per Attachment 1
and submitted the data but
was missing more than 33 to
66 percent of the data.

The Generator Owner verified
and recorded the Real Power
capability of its applicable
generating unit, but submitted
the data to its Transmission
Planner more than 150
calendar days, but within 180
calendar days, of the date the
data is recorded for a staged
test or the date the data is
selected for verification using
historical operational data.

OR

the Real Power capability, per
Attachment 1 and submitted
the data but was missing from
67 to 99 percent of the data.

OR

The Generator Owner verified and
recorded the Real Power capability
of its applicable generating unit, but
submitted the data to its
Transmission Planner more than 180
calendar days of the date the data is
recorded for a staged test or the date
the data is selected for verification
using historical operational data.

OR

verify the Real Power capability, per
Attachment 1 of an applicable
generating unit.

OR

The Generator Owner performed the
Real Power verification per
Attachment 1, Periodicity for
conducting a new verification item
Page 7 of 20

OR

The Generator Owner
performed the Real Power
verification per Attachment
1, Periodicity for
conducting a new
verification item 1 or item
2 (5 year requirement) but
did so in more than 66
calendar months but less
than or equal to 69 months.

OR

The Generator Owner
1, Periodicity for
conducting a new
verification item 1, 2 or 3
(12 calendar month
requirement) but did so in
months but less than or
months.
OR

The Generator Owner
1, Periodicity for
conducting a new
verification item 1 or item 2
(5 year requirement) but did
so in more than 69 calendar
months but less than or equal
to 72 months.

OR

The Generator Owner
1, Periodicity for
conducting a new
(12 calendar month
to 14 calendar months.

The Generator Owner
verification per Attachment 1,
Periodicity for conducting a
new verification item 1 or
item 2 (5 year requirement) but
calendar months but less than
or equal to 75 months.

OR

The Generator Owner
new verification item 1, 2 or 3
(12 calendar month
more than 14 calendar months
but less than or equal to 15
calendar months.

1 or item 2 (5 year requirement) but
did so in more than 75 calendar
months.

OR

Real Power verification per
1, 2 or 3 (12 calendar month
requirement) but did so in more than
15 calendar months.

The Generator Owner
and recorded the Reactive
The Generator Owner verified and
recorded the Reactive Power
Page 8 of 20

Reactive Power capability
of its applicable generating
unit or applicable
synchronous condenser,
within 120 calendar days,
of the date the data is
recorded for a staged test
or the date the data is
selected for verification
using historical operational
data.

OR

The Generator Owner
verified the Reactive
Power capability, per
Attachment 1 and
submitted the data but was
missing 1 to up to and
including 33 percent of the
data.
OR

The Generator Owner
performed the Reactive
Power verification per
Reactive Power capability of
its applicable generating unit
or applicable synchronous
condenser, but submitted the
data to its Transmission
data.

OR

The Generator Owner
verified the Reactive Power
was missing 34 to 66 percent
of the data.
OR

The Generator Owner
Attachment 1, Periodicity
for conducting a new
Power capability of its
applicable generating unit or
applicable synchronous

OR

the Reactive Power capability,
per Attachment 1 and
missing 67 to 99 percent of the
data.
OR

The Generator Owner
performed the Reactive Power
generating unit or applicable
synchronous condenser, but
OR

verify the Reactive Power
capability, per Attachment 1 of an
applicable generating unit or
synchronous condenser unit.
OR

Reactive Power verification per
1 or item 2 (5 year requirement) but
did so in more than 75 calendar
months.

OR

Page 9 of 20


OR

The Generator Owner
(12 calendar month
months.

to 72 months.

OR

The Generator Owner
(12 calendar month


OR

The Generator Owner
(12 calendar month
calendar months.

Reactive Power verification per
15 calendar months.

R3 The Transmission Owner
Reactive Power capability
of its applicable
synchronous condenser,
its applicable synchronous
an applicable synchronous
condenser unit, but submitted
the data to its Transmission
The Transmission Owner verified
and recorded the Reactive Power
synchronous condenser, but
Page 10 of 20

within 120 calendar days,
of the date the data is
recorded for a staged test
or the date the data is
data.

OR

verified the Reactive
Power capability, per
Attachment 1 and
missing 1 to up to and
including 33 percent of the
data.
OR

data.

OR

was missing 34 to 66 percent
of the data.

OR

to 72 months.

OR

and submitted the data but was
missing 67 to 99 percent of the
data.

OR


OR
verify the Reactive Power
capability, per Attachment 1 of an
applicable synchronous condenser
unit.
OR

The Transmission Owner performed
the verification per Attachment 1,
Periodicity for conducting a new
verification item 1 or item 2 (5 year
75 calendar months.

OR

The Transmission Owner performed
the Reactive Power verification per
15calendar months.

Page 11 of 20


OR

(12 calendar month
months.

OR

(12 calendar month

OR

(12 calendar month
calendar months.

Page 12 of 20

None
Version History
1 12/1/2005 1. Changed tabs in footer.
dash ().
appropriate.
symbols.
6. Changed Timeframe to Time
Frame in item D, 1.2.
7. Lower cased all instances of
regional in section D.3.
8. Removed the word less after 94%
in section 3.4. Level 4.
01/20/06
2 February 7, 2013 Adopted by NERC Board of Trustees Revised per SAR for
Project 2007-09 and
combined with MOD-
024-1

Page 13 of 20

MOD-025 Attachment 1 Verification of Generator Real and Reactive Power Capability
and Synchronous Condenser Reactive Power Capability

Periodicity for conducting a new verification:
The periodicity for performing Real and Reactive Power capability verification is as follows:
1. For staged verification; verify each applicable Facility at least every five years (with no
more than 66 calendar months between verifications), or within 12 calendar months of
the discovery of a change that affects its Real Power or Reactive Power capability by
more than 10 percent of the last reported verified capability and is expected to last more
than six months. The first verification for each applicable Facility under this standard
must be a staged test.
2. For verification using operational data; verify each applicable Facility at least every five
years (with no more than 66 calendar months between verifications), or within 12
calendar months following the discovery that its Real Power or Reactive Power capability
has changed by more than 10 percent of the last reported verified capability and is
expected to last more than six months. If data for different points is recorded on different
days, designate the earliest of those dates as the verification date, and report that date as
the verification date on MOD-025, Attachment 2 for periodicity purposes.
3. For either verification method, verify each new applicable Facility within 12 calendar
months of its commercial operation date. Existing units that have been in long term shut
down and have not been tested for more than five years shall be verified within 12
calendar months.

It is intended that Real Power testing be performed at the same time as full load Reactive Power
testing, however separate testing is allowed for this standard. For synchronous condensers,
perform only the Reactive Power capability verifications as specified below.
If the Reactive Power capability is verified through test, it is to be scheduled at a time
advantageous for the unit being verified to demonstrate its Reactive Power capabilities while the
Transmission Operator takes measures to maintain the plant's system bus voltage at the
scheduled value or within acceptable tolerance of the scheduled value.

Verification specifications for applicable Facilities:

1. For generating units of 20 MVA or less that are part of a plant greater than 75 MVA in
aggregate, record data either on an individual unit basis or as a group. Perform
verification individually for every generating unit or synchronous condenser greater
than 20 MVA (gross nameplate rating).
2. Verify with all auxiliary equipment needed for expected normal operation in service for
both the Real Power and Reactive Power capability verification. Perform verification
with the automatic voltage regulator in service for the Reactive Power capability
Page 14 of 20

verification. Operational data from within the two years prior to the verification date is
acceptable for the verification of either the Real Power or the Reactive Power
capability, as long as a) that operational data meets the criteria in 2.1 through 2.4 below
and b) the operational data demonstrates at least 90 percent of a previously staged test
that demonstrated at least 50 percent of the Reactive capability shown on the associated
thermal capability curve (D-curve). If the previously staged test was unduly restricted
(so that it did not demonstrate at least 50 percent of the associated thermal capability
curve) by unusual generation or equipment limitations (e.g., capacitor or reactor banks
out of service), then the next verification will be by another staged test, not operational
data:
2.1. Verify Real Power capability and Reactive Power capability over-excited
(lagging) of all applicable Facilities at the applicable Facilities normal (not
emergency) expected maximum Real Power output at the time of the
verifications.
2.1.1 Verify synchronous generating units maximum real power and lagging
reactive power for a minimum of one hour.
2.1.2 Verify variable generating units, such as wind, solar, and run of river
hydro, at the maximum Real Power output the variable resource can
provide at the time of the verification. Perform verification of Reactive
Power capability of wind turbines and photovoltaic inverters with at least
90 percent of the wind turbines or photovoltaic inverters at a site on-line.
If verification of wind turbines or photovoltaic inverter Facility cannot be
accomplished meeting the 90 percent threshold, document the reasons the
threshold was not met and test to the full capability at the time of the test.
Reschedule the test of the facility within six months of being able to reach
the 90 percent threshold. Maintain, as steady as practical, Real and
Reactive Power output during verifications.
2.2. Verify Reactive Power capability of all applicable Facilities, other than wind and
photovoltaic, for maximum overexcited (lagging) and under-excited (leading)
reactive capability for the following conditions:
2.2.1 At the minimum Real Power output at which they are normally expected
to operate collect maximum leading and lagging reactive values as soon as
a limit is reached.
2.2.2 At maximum Real Power output collect maximum leading reactive values
as soon as a limit is reached.
2.2.3 Nuclear Units are not required to perform Reactive Power verification at
minimum Real Power output.
2.3. For hydrogen-cooled generators, perform the verification at normal operating
hydrogen pressure.
2.4. Calculate the Generator Step-Up (GSU) transformer losses if the verification
measurements are taken from the high side of the GSU transformer. GSU
Page 15 of 20

transformer real and reactive losses may be estimated, based on the GSU
impedance, if necessary.
3. Record the following data for the verifications specified above:
3.1. The value of the gross Real and Reactive Power generating capabilities at the end
of the verification period.
3.2. The voltage schedule provided by the Transmission Operator, if applicable.
3.3. The voltage at the high and low side of the GSU and/or system interconnection
transformer(s) at the end of the verification period. If only one of these values is
metered, the other may be calculated.
3.4. The ambient conditions, if applicable, at the end of the verification period that the
Generator Owner requires to perform corrections to Real Power for different
ambient conditions such as:
Ambient air temperature
Relative humidity
Cooling water temperature
Other data as determined to be applicable by the Generator Owner to perform
corrections for ambient conditions.
3.5. The date and time of the verification period, including start and end time in hours
and minutes.
3.6. The existing GSU and/or system interconnection transformer(s) voltage ratio and
tap setting.
3.7. The GSU transformer losses (real or reactive) if the verification measurements
were taken from the high side of the GSU transformer.
3.8. Whether the test data is a result of a staged test or if it is operational data.
4. Develop a simplified key one-line diagram (refer to MOD-025, Attachment 2) showing
sources of auxiliary Real and Reactive Power and associated system connections for
each unit verified. Include GSU and/or system Interconnection and auxiliary
transformers. Show Reactive Power flows, with directional arrows.
4.1. If metering does not exist to measure specific Reactive auxiliary load(s), provide
an engineering estimate and associated calculations. Transformer Real and
Reactive Power losses will also be estimates or calculations. Only output data are
required when using a computer program to calculate losses or loads.
5. If an adjustment is requested by the Transmission Planner, then develop the
relationships between test conditions and generator output so that the amount of Real
Power that can be expected to be delivered from a generator can be determined at
different conditions, such as peak summer conditions. Adjust MW values tested to the
ambient conditions specified by the Transmission Planner upon request and submit
them to the Transmission Planner within 90 days of the request or the date the data was
recorded/selected whichever is later.
Page 16 of 20

Note 1: Under some transmission system conditions, the data points obtained by the Mvar
verification required by the standard will not duplicate the manufacturer supplied
thermal capability curve (D-curve). However, the verification required by the
standard, even when conducted under these transmission system conditions, may
uncover applicable Facility limitations; such as rotor thermal instability, improper tap
settings or voltage ratios, inaccurate AVR operation, etc., which could be further
analyzed for resolution. The Mvar limit level(s) achieved during a staged test or from
operational data may not be representative of the units reactive capability for
extreme system conditions. See Note 2.
Note 2: While not required by the standard, it is desirable to perform engineering analyses to
determine expected applicable Facility capabilities under less restrictive system
voltages than those encountered during the verification. Even though this analysis
will not verify the complete thermal capability curve (D-curve), it provides a
reasonable estimate of applicable Facility capability that the Transmission Planner
can use for modeling.
Note 3: The Reactive Power verification is intended to define the limits of the units Reactive
Power capabilities. If a unit has no leading capability, then it should be reported with
no leading capability; or the minimum lagging capability at which it can operate.
Note 4: Synchronous Condensers only need to be tested at two points (one over-excited point
and one under-excited point) since they have no Real Power output.
Page 17 of 20

MOD-025 Attachment 2
One-line Diagram, Table, and Summary for Verification Information Reporting
Note: If the configuration of the applicable Facility does not lend itself to the use of the diagram,
tables, or summaries for reporting the required information, changes may be made to this form,
provided that all required information (identified in MOD-025, Attachment 1) is reported.
Company: Reported By (name):
Plant: Unit No.: Date of Report:

Check all that apply:

Over-excited Full Load Reactive Power Verification
Under-excited Full Load Reactive Power Verification
Over-excited Minimum Load Reactive Power Verification
Under-excited Minimum Load Reactive Power Verification
Real Power Verification
Staged Test Data
Operational Data

Simplified one-line diagram showing plant auxiliary Load connections and verification data:

Aux bus
B
Generator Step Up
Point of
interconnection
D
E
Other point(s) of
interconnection
Auxiliary or
Station Service
Transformer(s)

C
*
Positivenumbers indicatepower
flow in direction of arrow; negative
numbers indicatepower flow in
oppositedirection of arrow.
Aux bus
Auxiliary or
Station Service
Transformer(s)
Generator(s)
A
Unit Auxiliary
Transformer(s)
*
*
*
*
*
F
*
Page 18 of 20

Point Voltage Real Power Reactive Power Comment
A kV MW Mvar
Sum multiple generators that are verified together
or are part of the same unit. Report individual unit
values separately whenever the verification
measurements were taken at the individual unit.
Individual values are required for units or
synchronous condensers >20 MVA.
Identify calculated values, if any:
B kV MW Mvar Sum multiple unit auxiliary transformers.
C kV MW Mvar Sum multiple tertiary Loads, if any.
D kV MW Mvar
Sum multiple auxiliary and station service
transformers.
E kV MW Mvar
If multiple points of Interconnection, describe
these for accurate modeling; report points
individually (sum multiple auxiliary transformers).
F kV MW Mvar Net unit capability
Page 19 of 20

MOD-025 -Attachment 2 (continued)
Verification Data
Provide data by unit or Facility, as appropriate
Data Type Data Recorded Last Verification
(Previous Data;
will be blank for
the initial
verification)
Gross Reactive Power Capability (*Mvar)
Aux Reactive Power (*Mvar)
Net Reactive Power Capability (*Mvar) equals Gross
Reactive Power Capability (*Mvar) minus Aux
Reactive Power connected at the same bus (*Mvar)
minus tertiary Reactive Power connected at the same
bus(*Mvar)

Gross Real Power Capability (*MW)
Aux Real Power (*MW)
Net Real Power Capability (*MW) equals Gross Real
Power Capability (*MW) minus Aux Real Power
connected at the same bus (*MW) minus tertiary Real
Power connected at the same bus(*MW)

* Note: Enter values at the end of the verification period.
GSU losses (only required if verification measurements
are taken on the high side of the GSU - Mvar)

Summary of Verification
Date of Verification _________,Verification Start Time _____, Verification End Time ______
Scheduled Voltage ______________
Transformer Voltage Ratio: GSU ______, Unit Aux _____, Station Aux _____, Other Aux
_____
Transformer Tap Setting: GSU ______, Unit Aux _____, Station Aux _____, Other Aux _____
Ambient conditions at the end of the verification period:
Air temperature: _________
Humidity: _________
Cooling water temperature: _________
Other data as applicable: _________
Page 20 of 20

Generator hydrogen pressure at time of test (if applicable) _____________
Date that data shown in last verification column in table above was taken _____________

Remarks :

Note: If the verification value did not reach the thermal capability curve (D-curve), describe the reason.
Standard MOD-026-1 Verification of Models and Data for Generator Excitation Control
System or Plant Volt/Var Control Functions
Page 1 of 17
A. Introduction
1. Title: Verification of Models and Data for Generator Excitation Control System
or Plant Volt/Var Control Functions
3. Purpose: To verify that the generator excitation control system or plant volt/var
control function
1
model (including the power system stabilizer model and the
impedance compensator model) and the model parameters used in dynamic simulations
accurately represent the generator excitation control system or plant volt/var control
function behavior when assessing Bulk Electric System (BES) reliability.
4. Applicability:
4.1.2 Transmission Planner
4.2. Facilities:
For the purpose of the requirements contained herein, Facilities that are directly
connected to the Bulk Electric System (BES) will be collectively referred as an
applicable unit that meet the following:
4.2.1 Generation in the Eastern or Quebec Interconnections with the following
characteristics:
4.2.1.1 Individual generating unit greater than 100 MVA (gross nameplate
rating).
4.2.1.2 Individual generating plant consisting of multiple generating units
that are directly connected at a common BES bus with total
generation greater than 100 MVA (gross aggregate nameplate
rating).
4.2.2 Generation in the Western Interconnection with the following
characteristics:
rating).
rating).

1
Excitation control system or plant volt/var control function:
a. For individual synchronous machines, the generator excitation control system includes the generator,
exciter, voltage regulator, impedance compensation and power system stabilizer.
b. For an aggregate generating plant, the volt/var control system includes the voltage regulator & reactive
power control system controlling and coordinating plant voltage and associated reactive capable resources.
Page 2 of 17
4.2.3 Generation in the ERCOT Interconnection with the following
characteristics:
rating).
rating).
4.2.4 For all Interconnections:
A technically justified
2
unit that meets NERC registry criteria but is
not otherwise included in the above Applicability sections 4.2.1, 4.2.2,
or 4.2.3 and is requested by the Transmission Planner.
5. Effective Date:
5.1. For Requirements R1, and R3 through R6, the first day of the first calendar
quarter beyond the date that this standard is approved by applicable regulatory
authorities or as otherwise made effective pursuant to the laws applicable to such
ERO governmental authorities. In those jurisdictions where regulatory approval
is not required, the standard shall become effective on the first day of the first
calendar quarter beyond the date this standard is approved by the NERC Board of
Trustees, or as otherwise made effective pursuant to the laws applicable to such
ERO governmental authorities.
5.2. For Requirement R2, 30 percent of the entitys applicable unit gross MVA for
each Interconnection on the first day of the first calendar quarter that is four years
following applicable regulatory approval or as otherwise made effective pursuant
to the laws applicable to such ERO governmental authorities, or in those
jurisdictions where no regulatory approval is required, on the first day of the first
calendar quarter that is four years following NERC Board of Trustees adoption or
as otherwise made effective pursuant to the laws applicable to such ERO
governmental authorities.
each Interconnection on first day of the first calendar quarter that is six years
calendar quarter that is six years following NERC Board of Trustees adoption or
each Interconnection on the first day of the first calendar quarter that is 10 years

2
Technical justification is achieved by the Transmission Planner demonstrating that the simulated unit or plant
response does not match the measured unit or plant response.
Page 3 of 17
calendar quarter that is 10 years following NERC Board of Trustees adoption or

B. Requirements
R1. Each Transmission Planner shall provide the following requested information to the
Generator Owner within 90 calendar days of receiving a written request : [Violation
Risk Factor: Lower] [Time Horizon: Operations Planning]
Instructions on how to obtain the list of excitation control system or plant volt/var
control function models that are acceptable to the Transmission Planner for use in
dynamic simulation,
Instructions on how to obtain the dynamic excitation control system or plant
volt/var control function model library block diagrams and/or data sheets for
models that are acceptable to the Transmission Planner, or
Model data for any of the Generator Owners existing applicable unit specific
excitation control system or plant volt/var control function contained in the
Transmission Planners dynamic database from the current (in-use) models,
including generator MVA base.
R2. Each Generator Owner shall provide for each applicable unit, a verified generator
excitation control system or plant volt/var control function model, including
documentation and data (as specified in Part 2.1) to its Transmission Planner in
accordance with the periodicity specified in MOD-026 Attachment 1. [Violation Risk
2.1. Each applicable units model shall be verified by the Generator Owner using one
or more models acceptable to the Transmission Planner. Verification for
individual units less than 20 MVA (gross nameplate rating) in a generating plant
(per Section 4.2.1.2, 4.2.2.2, or 4.2.3.2) may be performed using either individual
unit or aggregate unit model(s), or both. Each verification shall include the
following:
2.1.1. Documentation demonstrating the applicable units model response
matches the recorded response for a voltage excursion from either a staged
test or a measured system disturbance,
2.1.2. Manufacturer, model number (if available), and type of the excitation
control system including, but not limited to static, AC brushless, DC
rotating, and/or the plant volt/var control function (if installed),
2.1.3. Model structure and data including, but not limited to reactance, time
constants, saturation factors, total rotational inertia, or equivalent data for
the generator,
Page 4 of 17
2.1.4. Model structure and data for the excitation control system, including the
closed loop voltage regulator if a closed loop voltage regulator is installed
or the model structure and data for the plant volt/var control function
system,
2.1.5. Compensation settings (such as droop, line drop, differential
compensation), if used, and
2.1.6. Model structure and data for power system stabilizer, if so equipped.

R3. Each Generator Owner shall provide a written response to its Transmission Planner
within 90 calendar days of receiving one of the following items for an applicable unit:
Written notification from its Transmission Planner (in accordance with
Requirement R6) that the excitation control system or plant volt/var control
function model is not usable,
Written comments from its Transmission Planner identifying technical
concerns with the verification documentation related to the excitation control
system or plant volt/var control function model, or
Written comments and supporting evidence from its Transmission Planner
indicating that the simulated excitation control system or plant volt/var control
function model response did not match the recorded response to a
transmission system event.
The written response shall contain either the technical basis for maintaining the current
model, the model changes, or a plan to perform model verification
3
(in accordance with
Requirement R2). [Violation Risk Factor: Lower] [Time Horizon: Operations
Planning]
R4. Each Generator Owner shall provide revised model data or plans to perform model
verification
4
(in accordance with Requirement R2) for an applicable unit to its
Transmission Planner within 180 calendar days of making changes to the excitation
control system or plant volt/var control function that alter the equipment response
characteristic.
5

3
If verification is performed, the 10-year period as outlined in MOD-026 Attachment 1 is reset.
4
Ibid
5
Exciter, voltage regulator, plant volt/var or power system stabilizer control replacement including software alterations that alter
excitation control system equipment response, plant digital control system addition or replacement, plant digital control system
software alterations that alter excitation control system equipment response, plant volt/var function equipment addition or
replacement (such as static var systems, capacitor banks, individual unit excitation systems, etc), a change in the voltage control
mode (such as going from power factor control to automatic voltage control, etc), exciter, voltage regulator, impedance
compensator, or power system stabilizer settings change. Automatic changes in settings that occur due to changes in operating
mode do not apply to Requirement R4.
Page 5 of 17
R5. Each Generator Owner shall provide a written response to its Transmission Planner,
within 90 calendar days following receipt of a technically justified
6
unit request from
the Transmission Planner to perform a model review of a unit or plant that includes one
of the following: [Violation Risk Factor: Lower] [Time Horizon: Operations
Planning]
Details of plans to verify the model (in accordance with Requirement R2), or
Corrected model data including the source of revised model data such as
discovery of manufacturer test values to replace generic model data or
updating of data parameters based on an on-site review of the equipment.
R6. Each Transmission Planner shall provide a written response to the Generator Owner
within 90 calendar days of receiving the verified excitation control system or plant
volt/var control function model information in accordance with Requirement R2 that
the model is usable (meets the criteria specified in Parts 6.1 through 6.3) or is not
usable.
6.1. The excitation control system or plant volt/var control function model initializes
to compute modeling data without error,
6.2. A no-disturbance simulation results in negligible transients, and
6.3. For an otherwise stable simulation, a disturbance simulation results in the
excitation control and plant volt/var control function model exhibiting positive
damping.
If the model is not usable, the Transmission Planner shall provide a technical
description of why the model is not usable. [Violation Risk Factor: Medium] [Time
C. Measures
M1. The Transmission Planner must have and provide the dated request for instructions or
data, the transmitted instructions or data, and dated evidence of a written transmittal
(e.g., electronic mail message, postal receipt, or confirmation of facsimile) as evidence
that it provided the request within 90 calendar days in accordance with Requirement
R1.
M2. The Generator Owner must have and provide dated evidence it verified each generator
excitation control system or plant volt/var control function model according to Part 2.1
for each applicable unit and a dated transmittal (e.g., electronic mail message, postal
receipt, or confirmation of facsimile) as evidence it provided the model,
documentation, and data to its Transmission Planner, in accordance with Requirement
R2.
M3. Evidence for Requirement R3 must include the Generator Owners dated written
response containing the information identified in Requirement R3 and dated evidence

6
Technical justification is achieved by the Transmission Planner demonstrating that the simulated unit or plant
response does not match the measured unit or plant response.
Page 6 of 17
of transmittal (e.g., electronic mail message, postal receipt, or confirmation of
facsimile) of the response.
M4. Evidence for Requirement R4 must include, for each of the Generator Owners
applicable units for which system changes specified in Requirement R4 were made, a
dated revised model data or plans to perform a model verification and dated evidence
(e.g., electronic mail message, postal receipt, or confirmation of facsimile) it provided
the revised model and data or plans within 180 calendar days of making changes.
(e.g., electronic mail message, postal receipt, or confirmation of facsimile) it provided
a written response within 90 calendar days following receipt of a technically justified
request.
M6. Evidence of Requirement R6 must include, for each model received, the dated response
indicating the model was usable or not usable according to the criteria specified in
Parts 6.1 through 6.3 and for a model that is not usable, a technical description; and
dated evidence of transmittal (e.g., electronic mail message, postal receipt, or
confirmation of facsimile) that the Generator Owner was notified within 90 calendar
days of receipt of model information.
D. Compliance
The Regional Entity shall serve as the Compliance Enforcement Authority unless

1.2. Data Retention
the last audit.
The Generator Owner and Transmission Planner shall each keep data or evidence
to show compliance as identified below unless directed by its Compliance
The Transmission Planner shall retain the information/data request and
provided response evidence of Requirements R1 and R6, Measures M1 and
M6 for three calendar years from the date the document was provided.
Page 7 of 17
The Generator Owner shall retain the latest excitation control system or plant
volt/var control function model verification evidence of Requirement R2,
Measure M2.
The Generator Owner shall retain the information/data request and provided
response evidence of Requirements R3 through R5, and Measures M3 through
M5 for three calendar years from the date the document was provided.
If a Generator Owner or Transmission Planner is found non-compliant, it shall
keep information related to the non-compliance until mitigation is complete or
Compliance Audit
Self-Certification
Spot Checking
Self-Reporting
Complaints
None
Standard MOD-026-1 Verification of Models and Data for Generator Excitation Control System or Plant Volt/Var Control
Functions
Page 8 of 17

R1 The Transmission Planner provided
the instructions and data to the
Generator Owner more than 90
to 120 calendar days of receiving a
written request.
The Transmission Planner provided
written request.
written request.
The Transmission Planner failed to
provide the instructions and data to
the Generator Owner within 180
calendar days of receiving a written
request.
verified model(s), including
documentation and data to its
Transmission Planner after the
timeframe specified in MOD-026
Attachment 1 but less than or equal
to 90 calendar days late;
OR
The Generator Owner provided the
Transmission Planner verified
models that omitted one of the six
Parts identified in Requirement R2,
Parts 2.1.1 through 2.1.6.
to 180 calendar days late as specified
by the periodicity timeframe in
MOD-026 Attachment 1.
OR
models that omitted two of the six
to 270 calendar days late as specified
by the periodicity timeframe in
OR
models that omitted three of the six
documentation and data more than
270 calendar days late to its
Transmission Planner in accordance
with the periodicity specified in
OR
The Generator Owner failed to use
model(s) acceptable to the
Transmission Planner as specified in
OR
model(s) but omitted four or more of
the six parts identified in
Requirement R2, Subparts 2.1.1
through 2.1.6.

Functions
Page 9 of 17
R3 The Generator Owner provided a
written response more than 90
to 120 calendar days of receiving
written notice.
The Generator Owner provided a
written notice.
written notice.
provide a written response within
180 calendar days of receiving
written notice.
OR
The Generator Owner's written
response failed to contain either the
technical basis for maintaining the
current model, or a list of future
model changes, or a plan to perform
another model verification.
R4 The Generator Owner provided
revised model data or plans to
perform model verification more
or equal to 210 calendar days of
making changes to the excitation
control system or plant volt/var
control function that altered the
equipment response characteristic.
The Generator Owner provided
provide revised model data or failed
to provide plans to perform model
verification within 270 calendar days
of making changes to the excitation
to 120 calendar days to the
Transmission Planner following
receipt of a technically justified
request to perform a model review of
an applicable unit.
an applicable unit.
an applicable unit.

provide a written response to the
Transmission Planner within 180
calendar days following receipt of a
technically justified request to
perform a model review of an
applicable unit.
OR
The Generator Owners written
response failed to include one of the
sub bullets of Requirement R5.
Functions
Page 10 of 17
R6 The Transmission Planner provided
a written response to the Generator
Owner indicating whether the model
is usable or not usable; including a
technical description if the model is
not usable, more than 90 calendar
calendar days of receiving verified
model information.
calendar days of receiving the
verified model information.
OR
The Transmission Planners written
response omitted confirmation for
one of the specified model criteria
listed in Requirement R6, Parts 6.1
through 6.3.
OR
two of the specified model criteria
through 6.3.
The Transmission Planner failed to
provide a written response to the
Generator Owner within 180
OR
response omitted confirmation for all
specified model criteria listed in
Requirement R6, Parts 6.1 through
6.3.
Standard MOD-026-1 Verification of Models and Data for Generator Excitation
Control System or Plant Volt/Var Control Functions
Page 11 of 17

None.
None.
Version History
1 February 7, 2013 Adopted by NERC Board of
Trustees
New

Page 12 of 17
G. References
The following documents contain technical information beyond the scope of this
Standard on excitation control system functionality, modeling, and testing.
1. IEEE 421.1 Definitions for Excitation Systems for Synchronous Machines
2. IEEE 421.2 Guide for Identification, Testing, and Evaluation of the Dynamic
Performance of Excitation Control Systems
3. IEEE 421.5 IEEE Recommended Practice for Excitation System Models for
Power System Stability Studies
4. K. Clark, R.A. Walling, N.W. Miller, "Solar Photovoltaic (PV) Plant Models in
PSLF," IEEE/PES General Meeting, Detroit, MI, July 2011
5. M. Asmine, J. Brochu, J. Fortmann, R. Gagnon, Y. Kazachkov, C.-E. Langlois, C.
Larose, E. Muljadi, J. MacDowell, P. Pourbeik, S. A. Seman, and K. Wiens,
Model Validation for Wind Turbine Generator Models, IEEE Transactions on
Power System, Volume 26, Issue 3, August 2011
6. A. Ellis, E. Muljadi, J. Sanchez-Gasca, Y. Kazachkov, Generic Models for
Simulation of Wind Power Plants in Bulk System Planning Studies, IEEE PES
General Meeting 2011, Detroit, MI, July 24-28
7. N.W. Miller, J. J. Sanchez-Gasca, K. Clark, J.M. MacDowell, Dynamic
Modeling of GE Wind Plants for Stability Simulations, IEEE PES General
Meeting 2011, Detroit, MI, July 24-28
8. A. Ellis, Y. Kazachkov, E. Muljadi, P. Pourbeik, J.J. Sanchez-Gasca, Working
Group Joint Report WECC Working Group on Dynamic Performance of Wind
Power Generation & IEEE Working Group on Dynamic Performance of Wind
Power Generation, Description and Technical Specifications for Generic WTG
Models A Status Report, Proc. IEEE PES 2011 Power Systems Conference and
Exposition (PSCE), March 2011, Phoenix, AZ
9. K. Clark, N.W. Miller, R.A. Walling, "Modeling of GE Solar Photovoltaic (PV)
Plants for Grid Studies," version 1.1, April 2010
10. K. Clark, N.W. Miller, J. J. Sanchez-Gasca, Modeling of GE Wind Turbine-
Generators for Grid Studies, version 4.5, April 16, 2010, Available from GE
Energy
11. R.J. Piwko, N.W. Miller, J.M. MacDowell, Field Testing & Model Validation of
Wind Plants, in Proc. IEEE PES General Meeting, Pittsburg, PA, July 2008
12. N. Miller, K. Clark, J. MacDowell and W. Barton, Experience with Field and
Factory Testing for Model Validation of GE Wind Plants, in Proc. Eur. Wind
Energy Conf. Exhib., Brussels, Belgium, March/April 2008
13. IEEE Task Force on Generator Model Validation Testing of the Power System
Stability Subcommittee, Guidelines for Generator Stability Model Validation
Testing, IEEE PES General Meeting 2007, paper 07GM1307
Page 13 of 17
14. W.W. Price and J. J. Sanchez-Gasca, Simplified Wind Turbine Generator
Aerodynamic Models for Transient Stability Studies, in PROC IEEE PES 2006
Power Systems Conf. Expo. (PSCE), Atlanta, GA, October 1, 2006, p. 986-992
15. J.J. Sanchez-Gasca, R.J. Piwko, N. W. Miller, W. W. Price, On the Integration of
Wind Power Plants in Large Power Systems, Proc. X Symposium of Specialists
in Electric and Expansion Planning (SEPOPE), Florianopolis, Brazil, May 2006
16. N. W. Miller, J. J. Sanchez-Gasca, W. W. Price, R. W. Delmerico, Dynamic
Modeling of GE 1.5 and 3.6 MW Wind Turbine-Generators for Stability
Simulations, Proc. IEEE Power Engineering Society General Meeting, Toronto,
Ontario, July 2003
17. P. Pourbeik, C. Pink and R. Bisbee, Power Plant Model Validation for Achieving
Reliability Standard Requirements Based on Recorded On-Line Disturbance
Data, Proceedings of the IEEE PSCE, March, 2011
Functions
Page 14 of 17

Excitation Control System or Plant Volt/Var Function Model Verification Periodicity
Row Number Verification Condition Required Action
1 Establishing the initial verification date for an applicable
unit.
(Requirement R2)
Transmit the verified model, documentation and data to the Transmission
Planner on or before the Effective Date.
Row 4 applies when calculating generation fleet compliance during the 10-
year implementation period.
See Section A5 for Effective Dates.
2 Subsequent verification for an applicable unit.
(Requirement R2)
Planner on or before the 10-year anniversary of the last transmittal (per Note
1).
3 Initial verification for a new applicable unit or for an
existing applicable unit with new excitation control system
or plant volt/var control function equipment installed.
(Requirement R2)
Planner within 365 calendar days after the commissioning date.
Functions
Page 15 of 17
4 Existing applicable unit that is equivalent to another unit(s)
at the same physical location.
AND
Each applicable unit has the same MVA nameplate rating.
AND
The nameplate rating is 350 MVA.
AND
Each applicable unit has the same components and settings.
AND
The model for one of these equivalent applicable units has
been verified.
(Requirement R2)
Document circumstance with a written statement and include with the
verified model, documentation and data provided to the Transmission
Planner for the verified equivalent unit.
Verify a different equivalent unit during each 10-year verification period.
Applies to Row 1 when calculating generation fleet compliance during the
10-year implementation period.
5 The Generator Owner has submitted a verification plan.
(Requirement R3, R4 or R5)
Planner within 365 calendar days after the submittal of the verification plan.
Functions
Page 16 of 17
6 New or existing applicable unit does not include an active
closed loop voltage or reactive power control function.
(Requirement R2)
Requirement 2 is met with a written statement to that effect transmitted to
the Transmission Planner.
Perform verification per the periodicity specified in Row 3 for a New
Generating Unit (or new equipment) only if active closed loop function is
established.
See Footnote 1 (see Section A.3) for clarification of what constitutes an
active closed loop function for both conventional synchronous machines
(reference Footnote 1a) and aggregate generating plants (reference Footnote
1b).
7 Existing applicable unit has a current average net capacity
factor over the most recent three calendar years, beginning
on January 1 and ending on December 31 of 5% or less.
(Requirement R2)

At the end of this 10-year timeframe, the current average three year net
capacity factor (for years 8, 9, and 10) can be examined to determine if the
capacity factor exemption can be declared for the next 10-year period. If not
eligible for the capacity factor exemption, then model verification must be
completed within 365 calendar days of the date the capacity factor
exemption expired.
For the definition of net capacity factor, refer to Appendix F of the GADS
Data Reporting Instructions on the NERC website.
Functions
Page 17 of 17
NOTES:
NOTE 1: Establishing the recurring 10-year unit verification period start date:
The start date is the actual date of submittal of a verified model to the Transmission Planner for the most recently performed unit verification.
NOTE 2: Consideration for early compliance:
Existing generator excitation control system or plant volt/var control function model verification is sufficient for demonstrating compliance for a 10-year period
from the actual transmittal date if either of the following applies:
The Generator Owner has a verified model that is compliant with the applicable regional policies, guidelines or criteria existing at the time of model
verification.
The Generator Owner has an existing verified model that is compliant with the requirements of this standard.

Standard MOD-027-1 Verification of Models and Data for Turbine/Governor and Load
Control or Active Power/Frequency Control Functions
Page 1 of 15
A. Introduction
1. Title: Verification of Models and Data for Turbine/Governor and Load Control
or Active Power/Frequency Control Functions
3. Purpose: To verify that the turbine/governor and load control or active
power/frequency control
1
model and the model parameters, used in dynamic
simulations that assess Bulk Electric System (BES) reliability, accurately represent
generator unit real power response to system frequency variations.
4. Applicability:
4.1. Functional entities
4.1.2 Transmission Planner
4.2. Facilities
For the purpose of the requirements contained herein, Facilities that are directly
connected to the Bulk Electric System (BES) will be collectively referred to as an
applicable unit that meet the following:
4.2.1 Generation in the Eastern or Quebec Interconnections with the following
characteristics:
rating).
rating).
4.2.2 Generation in the Western Interconnection with the following
characteristics:
rating).
rating).
4.2.3 Generation in the ERCOT Interconnection with the following
characteristics:

1
Turbine/governor and load control or active power/frequency control:
a. Turbine/governor and load control applies to conventional synchronous generation.
b. Active power/frequency control applies to inverter connected generators (often found at variable energy plants).
Page 2 of 15
rating).
rating).

5. Effective Date:
5.1. For Requirements R1, and R3 through R5, the first day of the first calendar
quarter beyond the date that this standard is approved by applicable regulatory
authorities or as otherwise made effective pursuant to the laws applicable to such
ERO governmental authorities. In those jurisdictions where regulatory approval
is not required, the standard shall become effective on the first day of the first
calendar quarter beyond the date this standard is approved by the NERC Board of
Trustees, or as otherwise made effective pursuant to the laws applicable to such
ERO governmental authorities.
each Interconnection on the first day of the first calendar quarter that is four years
calendar quarter that is four years following NERC Board of Trustees adoption or
each Interconnection on first day of the first calendar quarter that is six years
calendar quarter that is six years following NERC Board of Trustees adoption or
each Interconnection on the first day of the first calendar quarter that is 10 years
calendar quarter that is 10 years following NERC Board of Trustees adoption or

Page 3 of 15
B. Requirements
R1. Each Transmission Planner shall provide the following requested information to the
Generator Owner within 90 calendar days of receiving a written request: [Violation
Instructions on how to obtain the list of turbine/governor and load control or active
power/frequency control system models that are acceptable to the Transmission
Planner for use in dynamic simulation,
Instructions on how to obtain the dynamic turbine/governor and load control or
active power/frequency control function model library block diagrams and/or data
sheets for models that are acceptable to the Transmission Planner, or
Model data for any of the Generator Owners existing applicable unit specific
turbine/governor and load control or active power/frequency control system
contained in the Transmission Planners dynamic database from the current (in-use)
models.
R2. Each Generator Owner shall provide, for each applicable unit, a verified
turbine/governor and load control or active power/frequency control model, including
documentation and data (as specified in Part 2.1) to its Transmission Planner in
accordance with the periodicity specified in MOD-027 Attachment 1. [Violation Risk
2.1. Each applicable units model shall be verified by the Generator Owner using one
or more models acceptable to the Transmission Planner. Verification for
individual units rated less than 20 MVA (gross nameplate rating) in a generating
plant (per Section 4.2.1.2, 4.2.2.2, or 4.2.3.2) may be performed using either
individual unit or aggregate unit model(s) or both. Each verification shall include
the following:
2.1.1. Documentation comparing the applicable units MW model response to
the recorded MW response for either:
A frequency excursion from a system disturbance that meets
MOD-027 Attachment 1 Note 1 with the applicable unit on-line,
A speed governor reference change with the applicable unit on-
line, or
A partial load rejection test,
2

2.1.2. Type of governor and load control or active power control/frequency
control
3
equipment,

2
Differences between the control mode tested and the final simulation model must be identified, particularly when
analyzing load rejection data. Most controls change gains or have a set point runback which takes effect when the
breaker opens. Load or set point controls will also not be in effect once the breaker opens. Some method of
accounting for these differences must be presented if the final model is not validated from on-line data under the
normal operating conditions under which the model is expected to apply
3
Turbine/governor and load control or active power/frequency control:
Page 4 of 15
2.1.3. A description of the turbine (e.g. for hydro turbine - Kaplan, Francis, or
Pelton; for steam turbine - boiler type, normal fuel type, and turbine type;
for gas turbine - the type and manufacturer; for variable energy plant -
type and manufacturer),
2.1.4. Model structure and data for turbine/governor and load control or active
power/frequency control, and
2.1.5. Representation of the real power response effects of outer loop controls
(such as operator set point controls, and load control but excluding AGC
control) that would override the governor response (including blocked or
nonfunctioning governors or modes of operation that limit Frequency
Response), if applicable.
R3. Each Generator Owner shall provide a written response to its Transmission Planner
within 90 calendar days of receiving one of the following items for an applicable unit.
Written notification, from its Transmission Planner (in accordance with
Requirement R5) that the turbine/governor and load control or active
power/frequency control model is not usable,
Written comments from its Transmission Planner identifying technical
concerns with the verification documentation related to the turbine/governor
and load control or active power/frequency control model, or
Written comments and supporting evidence from its Transmission Planner
indicating that the simulated turbine/governor and load control or active
power/frequency control response did not approximate the recorded response
for three or more transmission system events.
The written response shall contain either the technical basis for maintaining the current
model, the model changes, or a plan to perform model verification
4
(in accordance with
Requirement R2). [Violation Risk Factor: Lower] [Time Horizon: Operations
Planning]
R4. Each Generator Owner shall provide revised model data or plans to perform model
verification
5
(in accordance with Requirement R2) for an applicable unit to its
Transmission Planner within 180 calendar days of making changes to the
turbine/governor and load control or active power/frequency control system that alter
the equipment response characteristic
6
. [Violation Risk Factor: Lower] [Time

a. Turbine/governor and load control applies to conventional synchronous generation.
b. Active power/frequency control applies to inverter connected generators (often found at variable energy plants).
4
If verification is performed, the 10 year period as outlined in MOD-027 Attachment 1 is reset.
5
Ibid.
6
Control replacement or alteration including software alterations or plant digital control system addition or replacement, plant
digital control system software alterations that alter droop, and/or dead band, and/or frequency response and/or a change in the
frequency control mode (such as going from droop control to constant MW control, etc).
Page 5 of 15
R5. Each Transmission Planner shall provide a written response to the Generator Owner
within 90 calendar days of receiving the turbine/governor and load control or active
power/frequency control system verified model information in accordance with
Requirement R2 that the model is usable (meets the criteria specified in Parts 5.1
through 5.3) or is not usable.
5.1. The turbine/governor and load control or active power/frequency control function
model initializes to compute modeling data without error,
5.2. A no-disturbance simulation results in negligible transients, and
5.3. For an otherwise stable simulation, a disturbance simulation results in the
turbine/governor and load control or active power/frequency control model
exhibiting positive damping.
If the model is not usable, the Transmission Planner shall provide a technical
description of why the model is not usable. [Violation Risk Factor: Medium] [Time
C. Measures
M1. The Transmission Planner must have and provide the dated request for instructions or
data, the transmitted instruction or data, and dated evidence of a written transmittal
(e.g., electronic mail message, postal receipt, or confirmation of facsimile) as evidence
that it provided the request within 90 calendar days in accordance with Requirement
R1.
M2. The Generator Owner must have and provide dated evidence it verified each generator
turbine/governor and load control or active power/frequency control model according
to Part 2.1 for each applicable unit and a dated transmittal (e.g., electronic mail
message, postal receipt, or confirmation of facsimile) as evidence it provided the
model, documentation, and data to its Transmission Planner, in accordance with
Requirement R2.
of transmittal (e.g., electronic mail message, postal receipt, or confirmation of
facsimile) of the response.
M4. Evidence for Requirement R4 must include, for each of the Generator Owners
applicable units for which system changes specified in Requirement R4 were made,
dated revised model data or dated plans to perform a model verification and dated
evidence of transmittal (e.g., electronic mail message, postal receipt, or confirmation of
facsimile) within 180 calendar days of making changes.
M5. Evidence of Requirement R5 must include, for each model received, the dated response
indicating the model was usable or not usable according to the criteria specified in
Parts 5.1 through 5.3 and for a model that is not useable, a technical description is the
model is not usable, and dated evidence of transmittal (e.g., electronic mail messages,
postal receipts, or confirmation of facsimile) that the Generator Owner was notified
within 90 calendar days of receipt of model information in accordance with
Requirement R5.
Page 6 of 15
D. Compliance
The Regional Entity shall serve as the Compliance Enforcement Authority unless
1.2. Data Retention
the last audit.
The Generator Owner and Transmission Planner shall each keep data or evidence
to show compliance as identified below unless directed by its Compliance
The Transmission Planner shall retain the information/data request and
provided response evidence of Requirements R1 and R5, Measures M1 and
M5 for 3 calendar years from the date the document was provided.
The Generator Owner shall retain the latest turbine/governor and load control
or active power/frequency control system model verification evidence of
The Generator Owner shall retain the information/data request and provided
response evidence of Requirements R3, and R4 Measures M3 and M4 for 3
calendar years from the date the document was provided.
If a Generator Owner or Transmission Planner is found non-compliant, it shall
keep information related to the non-compliance until mitigation is complete and
Compliance Audit
Self-Certification
Spot Checking
Self-Reporting
Complaint
Page 7 of 15
None
Standard MOD-027-1 Verification of Models and Data for Turbine/Governor and Load Control or Active Power/Frequency
Control Functions
Page 8 of 15

R1 The Transmission Planner
provided the instructions and data
to the Generator Owner more than
equal to 120 calendar days of
receiving a written request.
written request.
written request.
The Transmission Planner failed to provide
the instructions and data to the Generator
Owner within 180 calendar days of
receiving a written request.
verified model(s) to its
Transmission Planner after the
periodicity timeframe specified in
MOD-027 Attachment 1 but less
than or equal to 90 calendar days
late;
OR
Transmission Planner a verified
model that omitted one of the five
Subparts 2.1.1, through 2.1.5.
verified model(s) to its Transmission
Planner more than 90 calendar days
days late as specified by the
periodicity timeframe in MOD-027
Attachment 1;
OR
Transmission Planner a verified
model that omitted two of the five
verified model(s) to its Transmission
Planner more than 180 calendar days
days late as specified by the
periodicity timeframe in MOD-027
Attachment 1;
OR
models that omitted three of the five
The Generator Owner provided its verified
model(s) more than 270 calendar days late
to its Transmission Planner in accordance
with the periodicity specified in MOD-027
Attachment 1;
OR
The Generator Owner failed to use model(s)
acceptable to the Transmission Planner as
specified in Requirement R2, Part 2.1;
OR
Transmission Planner verified model(s) that
omitted four or more of the five Parts
identified in Requirement R2, Subparts
2.1.1, through 2.1.5.
Control Functions
Page 9 of 15
written notice.
written notice.
written notice.
The Generator Owner failed to provide a
written response within 180 calendar days
of receiving written notice;
OR
The Generator Owner's written response
failed to contain either the technical basis
for maintaining the current model, or a list
of future model changes, or a plan to
perform another model verification.
R4 The Generator Owner provided
of making changes to the
turbine/governor and load control
or active power/frequency control
system that alter the equipment
response characteristic.
perform model verification more than
equal to 240 calendar days of making
changes to the turbine/governor and
load control or active
power/frequency control system that
alter the equipment response
characteristic.
perform model verification more than
equal to 270 calendar days of making
changes to the turbine/governor and
load control or active
power/frequency control system that
alter the equipment response
characteristic.
The Generator Owner failed to provide
revised model data or failed to provide
plans to perform model verification within
270 calendar days of making changes to the
turbine/governor and load control or active
power/frequency control system that altered
the equipment response characteristic.
Control Functions
Page 10 of 15
R5 The Transmission Planner
provided a written response to the
Generator Owner indicating
whether the model is usable or not
usable, including a technical
description if the model is not
usable, more than 90 calendar days
calendar days of receiving verified
model information;
The Transmission Planner provided a
written response to the Generator
is usable or not usable, including a
verified model information;
OR
one of the specified model criteria
through 5.3.
written response to the Generator
is usable or not usable, including a
OR
two of the specified model criteria
through 5.3.
The Transmission Planner failed to provide
a written response to the Generator Owner
within 180 calendar days of receiving the
OR
written response without including
confirmation of all specified model criteria
listed in Requirement R5, Parts 5.1 through
5.3.
Page 11 of 15

None.
None.
VersionHistory
1 February 7,
2013
Adopted by NERC Board of Trustees New

G. References
The following documents contain technical information beyond the scope of this Standard on
turbine/governor and load control or active power/frequency control system functionality,
modeling, and testing.
1) IEEE Task Force on Generator Model Validation Testing of the Power System
Stability Subcommittee, Guidelines for Generator Stability Model Validation
Testing, IEEE PES General Meeting 2007, paper 07GM1307
2) L. Pereira "New Thermal Governor Model Development: Its Impact on Operation and
Planning Studies on the Western Interconnection" IEEE POWER AND ENERGY
MAGAZINE, MAY/JUNE 2005
3) D.M. Cabbell, S. Rueckert, B.A. Tuck, and M.C. Willis, "The New Thermal
Governor Model Used in Operating and Planning Studies in WECC," in Proc. IEEE
PES General Meeting, Denver, CO, 2004
4) S. Patterson, "Importance of Hydro Generation Response Resulting from the New
Thermal Modeling-and Required Hydro Modeling Improvements," in Proc. IEEE
PES General Meeting, Denver, CO, 2004
5) L. Pereira, D. Kosterev, D. Davies, and S. Patterson, "New Thermal Governor Model
Selection and Validation in the WECC," IEEE Trans. Power Syst., vol. 19, no. 1, pp.
517-523, February 2004
6) L. Pereira, J. Undrill, D. Kosterev, D. Davies, and S. Patterson, "A New Thermal
Governor Modeling Approach in the WECC," IEEE Trans. Power Syst., vol. 18, no.
2, pp. 819-829, May 2003
7) P. Pourbeik, C. Pink and R. Bisbee, Power Plant Model Validation for Achieving
Reliability Standard Requirements Based on Recorded On-Line Disturbance Data,
Proceedings of the IEEE PSCE, March, 2011
Control Functions
Page 12 of 15

Turbine/Governor and Load Control or Active Power/Frequency Control Model Periodicity
Row
Number
Verification Condition Required Action
1 Establishing the initial verification date for an applicable unit.
(Requirement R2)
Planner on or before the Effective Date.
Row 5 applies when calculating generation fleet compliance during the
10year implementation period.
See Section A5 for Effective Dates.
2 Subsequent verification for an applicable unit.
(Requirement R2)

Planner on or before the 10-year anniversary of the last transmittal (per Note
2).

3 Applicable unit is not subjected to a frequency excursion per Note
1 by the date otherwise required to meet the dates per Rows 1, 2,
4, or 6.
(This row is only applicable if a frequency excursion from a
system disturbance that meets Note 1 is selected for the
verification method and the ability to record the applicable units
real power response to a frequency excursion is installed and
expected to be available).
(Requirement R2)
the Transmission Planner. Transmit the verified model, documentation and
data to the Transmission Planner on or before 365 calendar days after a
frequency excursion per Note 1 occurs and the recording equipment captures
the applicable units real power response as expected.
4 Initial verification for a new applicable unit or for an existing
applicable unit with new turbine/governor and load control or
active power/frequency control equipment installed.
(Requirement R2)
Planner within 365 calendar days after the commissioning date.

Control Functions
Page 13 of 15
Row
Number
5 Existing applicable unit that is equivalent to another applicable
unit(s) at the same physical location;
AND
Each applicable unit has the same MVA nameplate rating;
AND
The nameplate rating is 350 MVA;
AND
Each applicable unit has the same components and settings;
AND
The model for one of these equivalent applicable units has been
verified.
(Requirement R2)
Document circumstance with a written statement and include with the
verified model, documentation and data provided to the Transmission
Planner for the verified equivalent unit.
Verify a different equivalent unit during each 10-year verification period.
Applies to Row 1 when calculating generation fleet compliance during the
10-year implementation period.
6 The Generator Owner has submitted a verification plan.
(Requirement R3 or R4)
Planner within 365 calendar days after the submittal of the verification plan.
Control Functions
Page 14 of 15
Row
Number
7 Applicable unit is not responsive to both over and under frequency
excursion events (The applicable unit does not operate in a
frequency control mode, except during normal start up and shut
down, that would result in a turbine/governor and load control or
active power/frequency control mode response.);
OR
Applicable unit either does not have an installed frequency control
system or has a disabled frequency control system.
(Requirement R2)
Perform verification per the periodicity specified in Row 4 for a New
Generating Unit (or new equipment) only if responsive control mode
operation for connected operations is established.
8 Existing applicable unit has a current average net capacity factor
over the most recent three calendar years, beginning on January 1
and ending on December 31 of 5% or less.
(Requirement R2)
At the end of this 10 calendar year timeframe, the current average three year
net capacity factor (for years 8, 9, and 10) can be examined to determine if
the capacity factor exemption can be declared for the next 10 calendar year
period. If not eligible for the capacity factor exemption, then model
verification must be completed within 365 calendar days of the date the
capacity factor exemption expired.
For the definition of net capacity factor, refer to Appendix F of the GADS
Data Reporting Instructions on the NERC website.
Control Functions
Page 15 of 15
Row
Number
NOTES:
NOTE 1: Unit model verification frequency excursion criteria:
0.05 hertz deviation (nadir point) from scheduled frequency for the Eastern Interconnection with the applicable unit operating in a frequency
responsive mode
0.10 hertz deviation (nadir point) from scheduled frequency for the ERCOT and Western Interconnections with the applicable unit operating in a
frequency responsive mode
0.15 hertz deviation (nadir point) from scheduled frequency for the Quebec Interconnection with the applicable unit operating in a frequency
responsive mode
NOTE 2: Establishing the recurring ten year unit verification period start date:
The start date is the actual date of submittal of a verified model to the Transmission Planner for the most recently performed unit verification.
NOTE 3: Consideration for early compliance:
Existing turbine/governor and load control or active power/frequency control model verification is sufficient for demonstrating compliance for a 10 year period
from the actual transmittal date if either of the following applies:
The Generator Owner has a verified model that is compliant with the applicable regional policies, guidelines or criteria existing at the time of model
verification
The Generator Owner has an existing verified model that is compliant with the requirements of this standard

Standard MOD-028-1 Area Interchange Methodology
A. Introduction
1. Title: Area Interchange Methodology
3. Purpose: To increase consistency and reliability in the development and
documentation of Transfer Capability calculations for short-term use performed by
entities using the Area Interchange Methodology to support analysis and system
operations.
4. Applicability:
4.1. Each Transmission Operator that uses the Area Interchange Methodology to
calculate Total Transfer Capabilities (TTCs) for ATC Paths.
4.2. Each Transmission Service Provider that uses the Area Interchange Methodology
to calculate Available Transfer Capabilities (ATCs) for ATC Paths.
5. Proposed Effective Date: First day of the first calendar quarter that is twelve months
beyond the date that all four standards (MOD-001-1, MOD-028-1, MOD-029-1, and
MOD-030-1) are approved by all applicable regulatory authorities.
B. Requirements
R1. Each Transmission Service Provider shall include in its Available Transfer Capability
Implementation Document (ATCID), at a minimum, the following information relative
to its methodology for determining Total Transfer Capability (TTC): [Violation Risk
R1.1. Information describing how the selected methodology has been implemented,
in such detail that, given the same information used by the Transmission
Operator, the results of the TTC calculations can be validated.
R1.2. A description of the manner in which the Transmission Operator will account
for Interchange Schedules in the calculation of TTC.
R1.3. Any contractual obligations for allocation of TTC.
R1.4. A description of the manner in which Contingencies are identified for use in
the TTC process.
R1.5. The following information on how source and sink for transmission service is
accounted for in ATC calculations including:
R1.5.1. Define if the source used for Available Transfer Capability (ATC)
calculations is obtained from the source field or the Point of Receipt
(POR) field of the transmission reservation
R1.5.2. Define if the sink used for ATC calculations is obtained from the sink
field or the Point of Delivery (POD) field of the transmission
reservation
R1.5.3. The source/sink or POR/POD identification and mapping to the
model.
R1.5.4. If the Transmission Service Providers ATC calculation process
involves a grouping of generation, the ATCID must identify how
these generators participate in the group.
R2. When calculating TTC for ATC Paths, the Transmission Operator shall use a
Transmission model that contains all of the following: [Violation Risk Factor: Lower]
R2.1. Modeling data and topology of its Reliability Coordinators area of
responsibility. Equivalent representation of radial lines and facilities 161 kV or
below is allowed.
R2.2. Modeling data and topology (or equivalent representation) for immediately
adjacent and beyond Reliability Coordination areas.
R2.3. Facility Ratings specified by the Generator Owners and Transmission Owners.
R3. When calculating TTCs for ATC Paths, the Transmission Operator shall include the
following data for the Transmission Service Providers area. The Transmission
Operator shall also include the following data associated with Facilities that are
explicitly represented in the Transmission model, as provided by adjacent
Transmission Service Providers and any other Transmission Service Providers with
which coordination agreements have been executed: [Violation Risk Factor: Lower]
R3.1. For on-peak and off-peak intra-day and next-day TTCs, use the following (as
well as any other values and additional parameters as specified in the ATCID):
R3.1.1. Expected generation and Transmission outages, additions, and
retirements, included as specified in the ATCID.
R3.1.2. Load forecast for the applicable period being calculated.
R3.1.3. Unit commitment and dispatch order, to include all designated
network resources and other resources that are committed or have the
legal obligation to run, (within or out of economic dispatch) as they
are expected to run.
R3.2. For days two through 31 TTCs and for months two through 13 TTCs, use the
following (as well as any other values and internal parameters as specified in
the ATCID):
Retirements, included as specified in the ATCID.
R3.2.2. Daily load forecast for the days two through 31 TTCs being
calculated and monthly forecast for months two through 13 months
TTCs being calculated.
R4. When calculating TTCs for ATC Paths, the Transmission Operator shall meet all of the
following conditions: [Violation Risk Factor: Lower] [Time Horizon: Operations
Planning]
R4.1. Use all Contingencies meeting the criteria described in the ATCID.
R4.2. Respect any contractual allocations of TTC.
R4.3. Include, for each time period, the Firm Transmission Service expected to be
scheduled as specified in the ATCID (filtered to reduce or eliminate duplicate
impacts from transactions using Transmission service from multiple
Transmission Service Providers) for the Transmission Service Provider, all
adjacent Transmission Service Providers, and any Transmission Service
Providers with which coordination agreements have been executed modeling
the source and sink as follows:
- If the source, as specified in the ATCID, has been identified in the
reservation and it is discretely modeled in the Transmission Service
Providers Transmission model, use the discretely modeled point as the
source.
reservation and the point can be mapped to an equivalence or aggregate
representation in the Transmission Service Providers Transmission
model, use the modeled equivalence or aggregate as the source.
reservation and the point cannot be mapped to a discretely modeled point,
an equivalence, or an aggregate representation in the Transmission
Service Providers Transmission model, use the immediately adjacent
Balancing Authority associated with the Transmission Service Provider
from which the power is to be received as the source.
- If the source, as specified in the ATCID, has not been identified in the
reservation, use the immediately adjacent Balancing Authority associated
with the Transmission Service Provider from which the power is to be
received as the source.
- If the sink, as specified in the ATCID, has been identified in the reservation
and it is discretely modeled in the Transmission Service Providers
Transmission model, use the discretely modeled point shall as the sink.
and the point can be mapped to an equivalence or aggregate
model, use the modeled equivalence or aggregate as the sink.
and the point can not be mapped to a discretely modeled point, an
equivalence, or an aggregate representation in the Transmission
Balancing Authority associated with the Transmission Service Provider to
which the power is to be delivered as the sink.
- If the sink, as specified in the ATCID, has not been identified in the
with the Transmission Service Provider to which the power is being
delivered as the sink.
R5. Each Transmission Operator shall establish TTC for each ATC Path as defined below:
R5.1. At least once within the seven calendar days prior to the specified period for
TTCs used in hourly and daily ATC calculations.
R5.2. At least once per calendar month for TTCs used in monthly ATC calculations.
R5.3. Within 24 hours of the unexpected outage of a 500 kV or higher transmission
Facility or a transformer with a low-side voltage of 200 kV or higher for TTCs
in effect during the anticipated duration of the outage, provided such outage is
expected to last 24 hours or longer.
R6. Each Transmission Operator shall establish TTC for each ATC Path using the
following process: [Violation Risk Factor: Lower] [Time Horizon: Operations
Planning]
R6.1. Determine the incremental Transfer Capability for each ATC Path by
increasing generation and/or decreasing load within the source Balancing
Authority area and decreasing generation and/or increasing load within the
sink Balancing Authority area until either:
- A System Operating Limit is reached on the Transmission Service
Providers system, or
- A SOL is reached on any other adjacent system in the Transmission model
that is not on the study path and the distribution factor is 5% or greater
1
.
R6.2. If the limit in step R6.1 can not be reached by adjusting any combination of
load or generation, then set the incremental Transfer Capability by the results
of the case where the maximum adjustments were applied.
R6.3. Use (as the TTC) the lesser of:
The sum of the incremental Transfer Capability and the impacts of Firm
Transmission Services, as specified in the Transmission Service
Providers ATCID, that were included in the study model, or
The sum of Facility Ratings of all ties comprising the ATC Path.
R6.4. For ATC Paths whose capacity uses jointly-owned or allocated Facilities, limit
TTC for each Transmission Service Provider so the TTC does not exceed each
Transmission Service Providers contractual rights.

1
The Transmission operator may honor distribution factors less than 5% if desired.
R7. The Transmission Operator shall provide the Transmission Service Provider of that
ATC Path with the most current value for TTC for that ATC Path no more than:
R7.1. One calendar day after its determination for TTCs used in hourly and daily
ATC calculations.
R7.2. Seven calendar days after its determination for TTCs used in monthly ATC
calculations.
R8. When calculating Existing Transmission Commitments (ETCs) for firm commitments
(ETC
F
) for all time periods for an ATC Path the Transmission Service Provider shall
use the following algorithm: [Violation Risk Factor: Lower] [Time Horizon:
ETC
F
=NITS
F
+GF
F
+PTP
F
+ROR
F
+OS
F

y
ified in the ATCID.

Where:
NITS
F
is the firm capacity set aside for Network Integration Transmission Service
(including the capacity used to serve bundled load within the Transmission
Service Providers area with external sources) on ATC Paths that serve as
interfaces with other Balancing Authorities.
GF
F
is the firm capacity set aside for Grandfathered Firm Transmission Service and
Tariff or safe harbor tariff on ATC Paths that serve as interfaces with other
PTP
F
Service.
ROR
F
is the capacity reserved for roll-over rights for Firm Transmission Service
contracts granting Transmission Customers the right of first refusal to take or
continue to take Transmission Service when the Transmission Customers
Transmission Service contract expires or is eligible for renewal.
OS
F
agreement(s) not specified above using Firm Transmission Service, including an
other firm adjustments to reflect impacts from other ATC Paths of the
Transmission Service Provider as spec
R9. When calculating ETC for non-firm commitments (ETC
NF
) for all time periods for an
ATC Path the Transmission Service Provider shall use the following algorithm:
ETC
NF
=NITS
NF
+GF
NF
+PTP
NF
+OS
NF

Where:
NITS
NF
Service (i.e., secondary service , including the capacity used to serve bundled
load within the Transmission Service Providers area with external sources)
reserved on ATC Paths that serve as interfaces with other Balancing
Authorities.
GF
NF
is the non-firm capacity reserved for Grandfathered Non-Firm Transmission
Service and contracts for energy and/or Transmission Service, where executed
prior to the effective date of a Transmission Service Providers Open Access
Transmission Tariff or safe harbor tariff on ATC Paths that serve as interfaces
with other Balancing Authorities.
PTP
NF
Service.
OS
NF
is the non-firm capacity reserved for any other service(s), contract(s), or
agreement(s) not specified above using Non-Firm Transmission Service,
including any other firm adjustments to reflect impacts from other ATC Paths
of the Transmission Service Provider as specified in the ATCID.
R10. When calculating firm ATC for an ATC Path for a specified period, the Transmission
Service Provider shall utilize the following algorithm: [Violation Risk Factor: Lower]
ATC
F
=TTC ETC
F
CBM TRM +Postbacks
F
+counterflows
F
Where:
ATC
F
is the firm Available Transfer Capability for the ATC Path for that period.
TTC is the Total Transfer Capability of the ATC Path for that period.
ETC
F
is the sum of existing firm Transmission commitments for the ATC Path
during that period.
CBM is the Capacity Benefit Margin for the ATC Path during that period.
TRM is the Transmission Reliability Margin for the ATC Path during that period.
Postbacks
F
are changes to firm ATC due to a change in the use of Transmission
Service for that period, as defined in Business Practices.
counterflows
F
are adjustments to firm ATC as determined by the Transmission
Service Provider and specified in the ATCID.
R11. When calculating non-firm ATC for a ATC Path for a specified period, the
Transmission Service Provider shall use the following algorithm: [Violation Risk
ATC
NF
=TTC ETC
F
- ETC
NF
CBM
S
TRM
U
+Postbacks
NF
+counterflows
NF
Where:
ATC
NF
is the non-firm Available Transfer Capability for the ATC Path for that
period.
ETC
F
during that period.
ETC
NF
is the sum of existing non-firm Transmission commitments for the ATC
Path during that period.
CBM
S
is the Capacity Benefit Margin for the ATC Path that has been scheduled
without a separate reservation during that period.
TRM
U
is the Transmission Reliability Margin for the ATC Path that has not been
released for sale (unreleased) as non-firm capacity by the Transmission Service
Provider during that period.
Postbacks
NF
are changes to non-firm ATC due to a change in the use of
Transmission Service for that period, as defined in Business Practices.
counterflows
NF
are adjustments to non-firm ATC as determined by the
Transmission Service Provider and specified in the ATCID.
C. Measures
M1. Each Transmission Service Provider shall provide its current ATCID that has the
information described in R1 to show compliance with R1. (R1)
M2. Each Transmission Operator shall provide evidence including the model used to
calculate TTC as well as other evidence (such as Facility Ratings provided by facility
owners, written documentation, logs, and data) to show that the modeling requirements
in R2 were met. (R2)
M3. Each Transmission Operator shall provide evidence, including scheduled outages,
facility additions and retirements, (such as written documentation, logs, and data) that
the data described in R3 and R4 were included in the determination of TTC as specified
in the ATCID. (R3)
M4. Each Transmission Operator shall provide the contingencies used in determining TTC
and the ATCID as evidence to show that the contingencies described in the ATCID
were included in the determination of TTC. (R4)
M5. Each Transmission Operator shall provide copies of contracts that contain requirements
to allocate TTCs and TTC values to show that any contractual allocations of TTC were
respected as required in R4.2. (R4)
M6. Each Transmission Operator shall provide evidence (such as copies of coordination
agreements, reservations, interchange transactions, or other documentation) to show
that firm reservations were used to estimate scheduled interchange, the modeling of
scheduled interchange was based on the rules described in R4.3, and that estimated
scheduled interchange was included in the determination of TTC. (R4)
M7. Each Transmission Operator shall provide evidence (such as logs and data and dated
copies of requests from the Transmission Service Provider to establish TTCs at specific
intervals) that TTCs have been established at least once in the calendar week prior to
the specified period for TTCs used in hourly and daily ATC calculations, at least once
per calendar month for TTCs used in monthly ATC calculations, and within 24 hours of
the unexpected outage of a 500 kV or higher transmission Facility or a autotransformer
with a low-side voltage of 200 kV or higher for TTCs in effect during the anticipated
duration of the outage; provided such outage is expected to last 24 hours or longer in
duration per the specifications in R5.(R5)
M8. Each Transmission Operator shall provide evidence (such as written documentation)
that TTCs have been calculated using the process described in R6. (R6)
M9. Each Transmission Operator shall have evidence including a copy of the latest
calculated TTC values along with a dated copy of email notices or other equivalent
evidence to show that it provided its Transmission Service Provider with the most
current values for TTC in accordance with R7. (R7)
M10. The Transmission Service Provider shall demonstrate compliance with R8 by
recalculating firm ETC

for any specific time period as described in (MOD-001 R2),
using the algorithm defined in R8 and with data used to calculate the specified value for
the designated time period. The data used must meet the requirements specified in
MOD-028-1 and the ATCID. To account for differences that may occur when
recalculating the value (due to mixing automated and manual processes), any
recalculated value that is within +/- 15% or 15 MW, whichever is greater, of the
originally calculated value, is evidence that the Transmission Service Provider used the
algorithm in R8 to calculate its firm ETC. (R8)
recalculating non-firm ETC for any specific time period as described in (MOD-001
R2), using the algorithm defined in R9 and with data used to calculate the specified
value for the designated time period. The data used must meet the requirements
specified in MOD-028-1 and the ATCID. To account for differences that may occur
when recalculating the value (due to mixing automated and manual processes), any
algorithm in R8 to calculate its non-firm ETC. (R9)
M12. Each Transmission Service Provider shall produce the supporting documentation for
the processes used to implement the algorithm that calculates firm ATCs, as required in
R10. Such documentation must show that only the variables allowed in R10 were used
to calculate firm ATCs, and that the processes use the current values for the variables as
determined in the requirements or definitions. Note that any variable may legitimately
be zero if the value is not applicable or calculated to be zero (such as counterflows,
TRM, CBM, etc). The supporting documentation may be provided in the same form
and format as stored by the Transmission Service Provider. (R10)
the processes used to implement the algorithm that calculates non-firm ATCs, as
required in R11. Such documentation must show that only the variables allowed in R11
were used to calculate non-firm ATCs, and that the processes use the current values for
the variables as determined in the requirements or definitions. Note that any variable
may legitimately be zero if the value is not applicable or calculated to be zero (such as
counterflows, TRM, CBM, etc). The supporting documentation may be provided in
the same form and format as stored by the Transmission Service Provider. (R11)
D. Compliance
Regional Entity.
Not applicable.
1.3. Data Retention
The Transmission Operator and Transmission Service Provider shall keep data or
- The Transmission Service Provider shall retain its current, in force ATCID and any
prior versions of the ATCID that were in force since the last compliance audit to
show compliance with R1.
- The Transmission Operator shall have its latest model used to calculate TTC and
evidence of the previous version to show compliance with R2.
- The Transmission Operator shall retain evidence to show compliance with R3 for the
most recent 12 months or until the model used to calculate TTC is updated,
- The Transmission Operator shall retain evidence to show compliance with R4, R5,
R6 and R7 for the most recent 12 months.
- The Transmission Service Provider shall retain evidence to show compliance in
calculating hourly values required in R8 and R9 for the most recent 14 days;
evidence to show compliance in calculating daily values required in R8 and R9 for
the most recent 30 days; and evidence to show compliance in calculating monthly
values required in R8 and R9 for the most recent 60 days.
- The Transmission Service Provider shall retain evidence to show compliance with
- If a Transmission Service Provider or Transmission Operator is found non-compliant,
it shall keep information related to the non-compliance until found compliant.
- The Compliance Enforcement Authority shall keep the last audit records and all
- Compliance Audits
- Spot Checking
- Self-Reporting
- Complaints
None.

R1.
Provider has an ATCID but it is
missing one of the following:
R1.1
R1.2
R1.3
R1.4
R1.5 (any one or more of its
sub-subrequirements)

missing two of the following:
R1.1
R1.2
R1.3
R1.4

missing three of the following:
R1.1
R1.2
R1.3
R1.4

has an ATCID but it is missing more
than three of the following:
R1.1
R1.2
R1.3
R1.4

R2.
used one to ten Facility Ratings
that were different from those
specified by a Transmission or
Generator Owner in their
Transmission model.

used eleven to twenty Facility
Ratings that were different from
those specified by a
Transmission or Generator
Owner in their Transmission
model.

used twenty-one to thirty
Facility Ratings that were
different from those specified
by a Transmission or
Transmission model.
did not use a Transmission
model that includes modeling
data and topology (or
equivalent representation)
for one adjacent Reliability
Coordinator Area.

The Transmission Operator used
more than thirty Facility Ratings
Transmission model.
model includes equivalent
representation of non-radial
facilities greater than 161 kV for
its own Reliability Coordinator
Area.
not use a Transmission model
that includes modeling data and
topology (or equivalent
representation) for two or more
adjacent Reliability Coordinator
Areas.

R3.
not include in the TTC process
one to ten expected generation
and Transmission outages,
additions or retirements as
specified in the ATCID.

eleven to twenty-five expected
generation and Transmission
outages, additions or
retirements as specified in the
ATCID.

twenty-six to fifty expected
ATCID.

more than fifty expected
outages, additions or retirements
as specified in the ATCID.
not include the Load forecast or
unit commitment in its TTC
calculation as described in R3.

R4.
not model reservations sources
or sinks as described in R5.3
for more than zero reservations,
but not more than 5% of all
reservations; or 1 reservation,
whichever is greater.
for more than 5%, but not more
than 10% of all reservations; or
2 reservations, whichever is
greater.
for more than 10%, but not
more than 15% of all
reservations; or 3 reservations,
not include in the TTC
calculation the contingencies that
met the criteria described in the
ATCID.
not respect contractual
allocations of TTC.
or sinks as described in R4.3 for
reservations; or more than 3
reservations, whichever is
greater.
not use firm reservations to
estimate interchange or did not
utilize that estimate in the TTC
calculation as described in R4.3.
R5. One or more of the following:
did not establish TTCs for
use in hourly or daily ATCs
within 7 calendar days but
did establish the values
use in monthly ATCs during
a calendar month but did
establish the values within
the next consecutive
calendar month

in 10 calendar days but did
13 calendar days
a two consecutive calendar
month period but did
the third consecutive
calendar month

used in hourly or daily ATCs
16 calendar days
a three consecutive calendar
the fourth consecutive
calendar month

not establish TTCs for used in
hourly or daily ATCs in 16
calendar days
not establish TTCs for use in
monthly ATCs during a four or
more consecutive calendar
month period
not establish TTCs within 24 hrs
of the triggers defined in R5.3

R6.
N/A N/A N/A
calculate TTCs per the process
specified in R6.
R7.
provided its Transmission
Service Provider with its ATC
Path TTCs used in hourly or
daily ATC calculations more
than one calendar day after
their determination, but not
been more than two calendar
days after their
determination.
than two calendar days after
been more than three
calendar days after their
determination.
than three calendar days
after their determination, but
not been more than four
determination.
daily ATC calculations more than
four calendar days after their
determination.
not provide its Transmission
has not provided its
Provider with its ATC Path
TTCs used in monthly ATC
calculations more than seven
determination, but not more
than 14 calendar days since
their determination.
calculations more than 14
determination, but not been
after their determination.
daily ATC calculations.
Path TTCs used in monthly ATC
determination.
calculations.
R8.
For a specified period, the
calculated a firm ETC with an
absolute value different than
that calculated in M10 for the
same period, and the absolute
value difference was more than
15% of the value calculated in
the measure or 15MW,
whichever is greater, but not
more than 25% of the value
calculated in the measure or
25MW, whichever is greater.
absolute value different than that
calculated in M10 for the same
period, and the absolute value
difference was more than 45% of
the value calculated in the measure
or 45MW, whichever is greater.
R9.
calculated a non-firm ETC with
an absolute value different than
calculated a non-firm ETC with an
35MW, whichever is greater...
R10.
Provider did not use all the
elements defined in R10 when
determining firm ATC, or used
additional elements, for more
than zero ATC Paths, but not
more than 5% of all ATC Paths
or 1 ATC Path (whichever is
greater).
than 5% of all ATC Paths or 1
ATC Path (whichever is
greater), but not more than 10%
of all ATC Paths or 2 ATC
Paths (whichever is greater).
ATC Paths (whichever is

did not use all the elements defined
in R10 when determining firm ATC,
or used additional elements, for
more than 15% of all ATC Paths or
more than 3 ATC Paths (whichever
is greater).
R11.
determining non-firm ATC, or
used additional elements, for
more than zero ATC Paths, but
not more than 5% of all ATC
Paths or 1 ATC Path
more than 10% of all ATC
Paths or 2 ATC Paths
(whichever is greater), but not
in R11 when determining non-firm
ATC, or used additional elements,
for more than 15% of all ATC Paths
or more than 3 ATC Paths

Adopted by the Board of Trustees: February 9, 2012 Page 1 of 16
A. Introduction
1. Title: Area Interchange Methodology
documentation of Transfer Capability calculations for short-term use performed by
entities using the Area Interchange Methodology to support analysis and system
operations.
4. Applicability:
4.1. Each Transmission Operator that uses the Area Interchange Methodology to
4.2. Each Transmission Service Provider that uses the Area Interchange Methodology
to calculate Available Transfer Capabilities (ATCs) for ATC Paths.
5. Proposed Effective Date: In those jurisdictions where regulatory approval is required,
this standard shall become effective on the first day of the first calendar quarter after
required, this standard shall become effective on the first day of the first calendar
quarter after Board of Trustees approval.
B. Requirements
R1. Each Transmission Service Provider shall include in its Available Transfer Capability
Implementation Document (ATCID), at a minimum, the following information relative
to its methodology for determining Total Transfer Capability (TTC): [Violation Risk
R1.1. Information describing how the selected methodology has been implemented,
in such detail that, given the same information used by the Transmission
Operator, the results of the TTC calculations can be validated.
R1.2. A description of the manner in which the Transmission Operator will account
for Interchange Schedules in the calculation of TTC.
R1.3. Any contractual obligations for allocation of TTC.
R1.4. A description of the manner in which Contingencies are identified for use in
the TTC process.
accounted for in ATC calculations including:
R1.5.1. Define if the source used for Available Transfer Capability (ATC)
calculations is obtained from the source field or the Point of Receipt
(POR) field of the transmission reservation
R1.5.2. Define if the sink used for ATC calculations is obtained from the sink
field or the Point of Delivery (POD) field of the transmission
reservation
R1.5.3. The source/sink or POR/POD identification and mapping to the
model.
R1.5.4. If the Transmission Service Providers ATC calculation process
involves a grouping of generation, the ATCID must identify how
these generators participate in the group.
R2. When calculating TTC for ATC Paths, the Transmission Operator shall use a
Transmission model that contains all of the following: [Violation Risk Factor: Lower]
R2.1. Modeling data and topology of its Reliability Coordinators area of
responsibility. Equivalent representation of radial lines and facilities 161 kV or
below is allowed.
R2.2. Modeling data and topology (or equivalent representation) for immediately
adjacent and beyond Reliability Coordination areas.
R2.3. Facility Ratings specified by the Generator Owners and Transmission Owners.
R3. When calculating TTCs for ATC Paths, the Transmission Operator shall include the
following data for the Transmission Service Providers area. The Transmission
Operator shall also include the following data associated with Facilities that are
explicitly represented in the Transmission model, as provided by adjacent
Transmission Service Providers and any other Transmission Service Providers with
which coordination agreements have been executed: [Violation Risk Factor: Lower]
R3.1. For TTCs, use the following (as well as any other values and additional
parameters as specified in the ATCID):
retirements, included as specified in the ATCID.
R3.1.2. A daily or hourly load forecast for TTCs used in current-day and next-
day ATC calculations.
R3.1.3. A daily load forecast for TTCs used in ATC calculations for days two
through 31.
R3.1.4. A monthly load forecast for TTCs used in ATC calculations for months
two through 13 months TTCs.
R4. When calculating TTCs for ATC Paths, the Transmission Operator shall meet all of the
following conditions: [Violation Risk Factor: Lower] [Time Horizon: Operations
Planning]
R4.1. Use all Contingencies meeting the criteria described in the ATCID.
R4.2. Respect any contractual allocations of TTC.
R4.3. Include, for each time period, the Firm Transmission Service expected to be
scheduled as specified in the ATCID (filtered to reduce or eliminate duplicate
impacts from transactions using Transmission service from multiple
Transmission Service Providers) for the Transmission Service Provider, all
adjacent Transmission Service Providers, and any Transmission Service
Providers with which coordination agreements have been executed modeling
the source and sink as follows:
reservation and it is discretely modeled in the Transmission Service
Providers Transmission model, use the discretely modeled point as the
source.
reservation and the point can be mapped to an equivalence or aggregate
model, use the modeled equivalence or aggregate as the source.
reservation and the point cannot be mapped to a discretely modeled point,
an equivalence, or an aggregate representation in the Transmission
Balancing Authority associated with the Transmission Service Provider
from which the power is to be received as the source.
- If the source, as specified in the ATCID, has not been identified in the
with the Transmission Service Provider from which the power is to be
received as the source.
and it is discretely modeled in the Transmission Service Providers
Transmission model, use the discretely modeled point shall as the sink.
and the point can be mapped to an equivalence or aggregate
model, use the modeled equivalence or aggregate as the sink.
and the point can not be mapped to a discretely modeled point, an
equivalence, or an aggregate representation in the Transmission
Balancing Authority associated with the Transmission Service Provider to
which the power is to be delivered as the sink.
- If the sink, as specified in the ATCID, has not been identified in the
with the Transmission Service Provider to which the power is being
delivered as the sink.
R5. Each Transmission Operator shall establish TTC for each ATC Path as defined below:
R5.1. At least once within the seven calendar days prior to the specified period for
TTCs used in hourly and daily ATC calculations.
R5.2. At least once per calendar month for TTCs used in monthly ATC calculations.
R5.3. Within 24 hours of the unexpected outage of a 500 kV or higher transmission
Facility or a transformer with a low-side voltage of 200 kV or higher for TTCs
in effect during the anticipated duration of the outage, provided such outage is
expected to last 24 hours or longer.
R6. Each Transmission Operator shall establish TTC for each ATC Path using the
following process: [Violation Risk Factor: Lower] [Time Horizon: Operations
Planning]
R6.1. Determine the incremental Transfer Capability for each ATC Path by
increasing generation and/or decreasing load within the source Balancing
Authority area and decreasing generation and/or increasing load within the
sink Balancing Authority area until either:
- A System Operating Limit is reached on the Transmission Service
Providers system, or
- A SOL is reached on any other adjacent system in the Transmission model
that is not on the study path and the distribution factor is 5% or greater
1
R6.2. If the limit in step R6.1 can not be reached by adjusting any combination of
load or generation, then set the incremental Transfer Capability by the results
of the case where the maximum adjustments were applied.
.
R6.3. Use (as the TTC) the lesser of:
The sum of the incremental Transfer Capability and the impacts of Firm
Transmission Services, as specified in the Transmission Service
Providers ATCID, that were included in the study model, or
The sum of Facility Ratings of all ties comprising the ATC Path.
R6.4. For ATC Paths whose capacity uses jointly-owned or allocated Facilities, limit
TTC for each Transmission Service Provider so the TTC does not exceed each
Transmission Service Providers contractual rights.
R7. The Transmission Operator shall provide the Transmission Service Provider of that
ATC Path with the most current value for TTC for that ATC Path no more than:
R7.1. One calendar day after its determination for TTCs used in hourly and daily
ATC calculations.
R7.2. Seven calendar days after its determination for TTCs used in monthly ATC
calculations.

1
The Transmission operator may honor distribution factors less than 5% if desired.
R8. When calculating Existing Transmission Commitments (ETCs) for firm commitments
(ETC
F
) for all time periods for an ATC Path the Transmission Service Provider shall
use the following algorithm: [Violation Risk Factor: Lower] [Time Horizon:
ETC
F
=NITS
F
+GF
F
+PTP
F
+ROR
F
+OS
F

Where:
NITS
F
is the firm capacity set aside for Network Integration Transmission Service
(including the capacity used to serve bundled load within the Transmission
Service Providers area with external sources) on ATC Paths that serve as
interfaces with other Balancing Authorities.
GF
F
is the firm capacity set aside for Grandfathered Firm Transmission Service and
Tariff or safe harbor tariff on ATC Paths that serve as interfaces with other
PTP
F
Service.
ROR
F
is the capacity reserved for roll-over rights for Firm Transmission Service
contracts granting Transmission Customers the right of first refusal to take or
continue to take Transmission Service when the Transmission Customers
Transmission Service contract expires or is eligible for renewal.
OS
F
is the firm capacity reserved for any other service(s), contract(s), or agreement(s)
not specified above using Firm Transmission Service, including any other firm
adjustments to reflect impacts from other ATC Paths of the Transmission Service
Provider as specified in the ATCID.
R9. When calculating ETC for non-firm commitments (ETC
NF
) for all time periods for an
ATC Path the Transmission Service Provider shall use the following algorithm:
ETC
NF
=NITS
NF
+GF
NF
+PTP
NF
+OS
NF

Where:
NITS
NF
Service (i.e., secondary service , including the capacity used to serve bundled
load within the Transmission Service Providers area with external sources)
reserved on ATC Paths that serve as interfaces with other Balancing
Authorities.
GF
NF
is the non-firm capacity reserved for Grandfathered Non-Firm Transmission
Service and contracts for energy and/or Transmission Service, where executed
prior to the effective date of a Transmission Service Providers Open Access
Transmission Tariff or safe harbor tariff on ATC Paths that serve as interfaces
with other Balancing Authorities.
PTP
NF
Service.
OS
NF
agreement(s) not specified above using Non-Firm Transmission Service,
including any other firm adjustments to reflect impacts from other ATC Paths
of the Transmission Service Provider as specified in the ATCID.
R10. When calculating firm ATC for an ATC Path for a specified period, the Transmission
Service Provider shall utilize the following algorithm: [Violation Risk Factor: Lower]
ATC
F
=TTC ETC
F
CBM TRM +Postbacks
F
+counterflows
F
Where:
ATC
F
ETC
F
during that period.
Postbacks
F
are changes to firm ATC due to a change in the use of Transmission
Service for that period, as defined in Business Practices.
counterflows
F
are adjustments to firm ATC as determined by the Transmission
Service Provider and specified in the ATCID.
R11. When calculating non-firm ATC for a ATC Path for a specified period, the
ATC
NF
=TTC ETC
F
- ETC
NF
CBM
S
TRM
U
+Postbacks
NF
+counterflows
NF
Where:
ATC
NF
period.
ETC
F
during that period.
ETC
NF
is the sum of existing non-firm Transmission commitments for the ATC
Path during that period.
CBM
S
without a separate reservation during that period.
TRM
U
Postbacks
NF
are changes to non-firm ATC due to a change in the use of
Transmission Service for that period, as defined in Business Practices.
counterflows
NF
are adjustments to non-firm ATC as determined by the
Transmission Service Provider and specified in the ATCID.
C. Measures
M1. Each Transmission Service Provider shall provide its current ATCID that has the
information described in R1 to show compliance with R1. (R1)
M2. Each Transmission Operator shall provide evidence including the model used to
calculate TTC as well as other evidence (such as Facility Ratings provided by facility
owners, written documentation, logs, and data) to show that the modeling requirements
in R2 were met. (R2)
M3. Each Transmission Operator shall provide evidence, including scheduled outages,
facility additions and retirements, (such as written documentation, logs, and data) that
the data described in R3 and R4 were included in the determination of TTC as specified
in the ATCID. (R3)
M4. Each Transmission Operator shall provide the contingencies used in determining TTC
and the ATCID as evidence to show that the contingencies described in the ATCID
were included in the determination of TTC. (R4)
M5. Each Transmission Operator shall provide copies of contracts that contain requirements
to allocate TTCs and TTC values to show that any contractual allocations of TTC were
respected as required in R4.2. (R4)
M6. Each Transmission Operator shall provide evidence (such as copies of coordination
agreements, reservations, interchange transactions, or other documentation) to show
that firm reservations were used to estimate scheduled interchange, the modeling of
scheduled interchange was based on the rules described in R4.3, and that estimated
scheduled interchange was included in the determination of TTC. (R4)
M7. Each Transmission Operator shall provide evidence (such as logs and data and dated
copies of requests from the Transmission Service Provider to establish TTCs at specific
intervals) that TTCs have been established at least once in the calendar week prior to
the specified period for TTCs used in hourly and daily ATC calculations, at least once
per calendar month for TTCs used in monthly ATC calculations, and within 24 hours of
the unexpected outage of a 500 kV or higher transmission Facility or a autotransformer
with a low-side voltage of 200 kV or higher for TTCs in effect during the anticipated
duration of the outage; provided such outage is expected to last 24 hours or longer in
duration per the specifications in R5.(R5)
M8. Each Transmission Operator shall provide evidence (such as written documentation)
that TTCs have been calculated using the process described in R6. (R6)
M9. Each Transmission Operator shall have evidence including a copy of the latest
calculated TTC values along with a dated copy of email notices or other equivalent
evidence to show that it provided its Transmission Service Provider with the most
current values for TTC in accordance with R7. (R7)
recalculating firm ETC

for any specific time period as described in (MOD-001 R2),
using the algorithm defined in R8 and with data used to calculate the specified value for
the designated time period. The data used must meet the requirements specified in
MOD-028-2 and the ATCID. To account for differences that may occur when
algorithm in R8 to calculate its firm ETC. (R8)
R2), using the algorithm defined in R9 and with data used to calculate the specified
specified in MOD-028-2 and the ATCID. To account for differences that may occur
when recalculating the value (due to mixing automated and manual processes), any
algorithm in R8 to calculate its non-firm ETC. (R9)
the processes used to implement the algorithm that calculates firm ATCs, as required in
R10. Such documentation must show that only the variables allowed in R10 were used
to calculate firm ATCs, and that the processes use the current values for the variables as
determined in the requirements or definitions. Note that any variable may legitimately
be zero if the value is not applicable or calculated to be zero (such as counterflows,
TRM, CBM, etc). The supporting documentation may be provided in the same form
and format as stored by the Transmission Service Provider. (R10)
were used to calculate non-firm ATCs, and that the processes use the current values for
the variables as determined in the requirements or definitions. Note that any variable
may legitimately be zero if the value is not applicable or calculated to be zero (such as
counterflows, TRM, CBM, etc). The supporting documentation may be provided in
the same form and format as stored by the Transmission Service Provider. (R11)
D. Compliance
For functional entities that work for their Regional Entity, the ERO or a Regional

1.2. Data Retention
the last audit.
The Transmission Operator and Transmission Service Provider shall keep data or
- The Transmission Service Provider shall retain its current, in force ATCID and any
prior versions of the ATCID that were in force since the last compliance audit to
show compliance with R1.
- The Transmission Operator shall have its latest model used to calculate TTC and
evidence of the previous version to show compliance with R2.
- The Transmission Operator shall retain evidence to show compliance with R3 for the
most recent 12 months or until the model used to calculate TTC is updated,
- The Transmission Operator shall retain evidence to show compliance with R4, R5,
calculating hourly values required in R8 and R9 for the most recent 14 days;
evidence to show compliance in calculating daily values required in R8 and R9 for
the most recent 30 days; and evidence to show compliance in calculating monthly
values required in R8 and R9 for the most recent 60 days.
- The Transmission Service Provider shall retain evidence to show compliance with
- If a Transmission Service Provider or Transmission Operator is found non-compliant,
it shall keep information related to the non-compliance until found compliant.
- The Compliance Enforcement Authority shall keep the last audit records and all
- Compliance Audits
- Spot Checking
- Self-Reporting
- Complaints
None.

R1.
missing one of the following:
R1.1
R1.2
R1.3
R1.4

missing two of the following:
R1.1
R1.2
R1.3
R1.4

missing three of the following:
R1.1
R1.2
R1.3
R1.4

has an ATCID but it is missing more
than three of the following:
R1.1
R1.2
R1.3
R1.4

R2.
used one to ten Facility Ratings
Transmission model.

used eleven to twenty Facility
model.

by a Transmission or
Transmission model.
did not use a Transmission
model that includes modeling
data and topology (or
equivalent representation)
for one adjacent Reliability
Coordinator Area.

The Transmission Operator used
more than thirty Facility Ratings
Transmission model.
model includes equivalent
representation of non-radial
facilities greater than 161 kV for
its own Reliability Coordinator
Area.
not use a Transmission model
that includes modeling data and
topology (or equivalent
representation) for two or more
adjacent Reliability Coordinator
Areas.

R3.
one to ten expected generation
additions or retirements as

eleven to twenty-five expected
ATCID.

twenty-six to fifty expected
ATCID.

more than fifty expected
outages, additions or retirements
as specified in the ATCID.
not include the Load forecast or
unit commitment in its TTC
calculation as described in R3.

R4.
for more than zero reservations,
but not more than 5% of all
reservations; or 1 reservation,
for more than 5%, but not more
greater.
for more than 10%, but not
reservations; or 3 reservations,
not include in the TTC
calculation the contingencies that
met the criteria described in the
ATCID.
not respect contractual
allocations of TTC.
or sinks as described in R4.3 for
reservations; or more than 3
reservations, whichever is
greater.
not use firm reservations to
estimate interchange or did not
utilize that estimate in the TTC
calculation as described in R4.3.
within 7 calendar days but
did establish the values
a calendar month but did
the next consecutive
calendar month

13 calendar days
a two consecutive calendar
the third consecutive
calendar month

used in hourly or daily ATCs
16 calendar days
a three consecutive calendar
the fourth consecutive
calendar month

not establish TTCs for used in
hourly or daily ATCs in 16
calendar days
not establish TTCs for use in
monthly ATCs during a four or
more consecutive calendar
month period
not establish TTCs within 24 hrs
of the triggers defined in R5.3

R6.
N/A N/A N/A
calculate TTCs per the process
specified in R6.
R7.
than one calendar day after
been more than two calendar
days after their
determination.
than two calendar days after
been more than three
determination.
than three calendar days
after their determination, but
not been more than four
determination.
daily ATC calculations more than
four calendar days after their
determination.
calculations more than seven
determination, but not more
than 14 calendar days since
their determination.
daily ATC calculations.
determination.
calculations.
R8.
R9.
calculated a non-firm ETC with an
35MW, whichever is greater...
R10.
greater).

in R10 when determining firm ATC,
or used additional elements, for
more than 15% of all ATC Paths or
more than 3 ATC Paths (whichever
is greater).
R11.
Paths or 1 ATC Path
in R11 when determining non-firm
ATC, or used additional elements,
for more than 15% of all ATC Paths
or more than 3 ATC Paths

Version History

2 February 9, 2012 Adopted by the Board of Trustees

Standard MOD-029-1a Rated System Path Methodology

Page 1 of 15

A. Introduction
1. Title: Rated System Path Methodology
2. Number: MOD-029-1a
documentation of transfer capability calculations for short-term use performed by
entities using the Rated System Path Methodology to support analysis and system
operations.
4. Applicability:
4.1. Each Transmission Operator that uses the Rated System Path Methodology to
4.2. Each Transmission Service Provider that uses the Rated System Path
Methodology to calculate Available Transfer Capabilities (ATCs) for ATC
Paths.
5. Proposed Effective Date: Immediately after approval of applicable regulatory authorities.
B. Requirements
R1. When calculating TTCs for ATC Paths, the Transmission Operator shall use a
Transmission model which satisfies the following requirements: [Violation Risk
R1.1. The model utilizes data and assumptions consistent with the
time period being studied and that meets the following
criteria:
R1.1.1. Includes at least:
R1.1.1.1. The Transmission Operator area. Equivalent
representation of radial lines and facilities 161kV or
below is allowed.
R1.1.1.2. All Transmission Operator areas contiguous with its
own Transmission Operator area. (Equivalent
representation is allowed.)
R1.1.1.3. Any other Transmission Operator area linked to the
Transmission Operators area by joint operating
agreement. (Equivalent representation is allowed.)
R1.1.2. Models all system Elements as in-service for the assumed initial
conditions.
R1.1.3. Models all generation (may be either a single generator or multiple
generators) that is greater than 20 MVA at the point of
interconnection in the studied area.
R1.1.4. Models phase shifters in non-regulating mode, unless otherwise
specified in the Available Transfer Capability Implementation
Document (ATCID).

Page 2 of 15

R1.1.5. Uses Load forecast by Balancing Authority.
R1.1.6. Uses Transmission Facility additions and retirements.
R1.1.7. Uses Generation Facility additions and retirements.
R1.1.8. Uses Special Protection System (SPS) models where currently
existing or projected for implementation within the studied time
horizon.
R1.1.9. Models series compensation for each line at the expected operating
level unless specified otherwise in the ATCID.
R1.1.10. Includes any other modeling requirements or criteria specified in
the ATCID.
R1.2. Uses Facility Ratings as provided by the Transmission Owner and Generator
Owner
R2. The Transmission Operator shall use the following process to determine TTC:
R2.1. Except where otherwise specified within MOD-029-1, adjust base case
generation and Load levels within the updated power flow model to determine
the TTC (maximum flow or reliability limit) that can be simulated on the ATC
Path while at the same time satisfying all planning criteria contingencies as
follows:
R2.1.1. When modeling normal conditions, all Transmission Elements will
be modeled at or below 100% of their continuous rating.
R2.1.2. When modeling contingencies the system shall demonstrate
transient, dynamic and voltage stability, with no Transmission
Element modeled above its Emergency Rating.
R2.1.3. Uncontrolled separation shall not occur.
R2.2. Where it is impossible to actually simulate a reliability-limited flow in a
direction counter to prevailing flows (on an alternating current Transmission
line), set the TTC for the non-prevailing direction equal to the TTC in the
prevailing direction. If the TTC in the prevailing flow direction is dependant
on a Special Protection System (SPS), set the TTC for the non-prevailing flow
direction equal to the greater of the maximum flow that can be simulated in
the non-prevailing flow direction or the maximum TTC that can be achieved
in the prevailing flow direction without use of a SPS.
R2.3. For an ATC Path whose capacity is limited by contract, set TTC on the ATC
Path at the lesser of the maximum allowable contract capacity or the reliability
limit as determined by R2.1.
R2.4. For an ATC Path whose TTC varies due to simultaneous interaction with one
or more other paths, develop a nomogram describing the interaction of the
paths and the resulting TTC under specified conditions.
R2.5. The Transmission Operator shall identify when the TTC for the ATC Path
being studied has an adverse impact on the TTC value of any existing path.

Page 3 of 15

Do this by modeling the flow on the path being studied at its proposed new
TTC level simultaneous with the flow on the existing path at its TTC level
while at the same time honoring the reliability criteria outlined in R2.1. The
Transmission Operator shall include the resolution of this adverse impact in
its study report for the ATC Path.
R2.6. Where multiple ownership of Transmission rights exists on an ATC Path,
allocate TTC of that ATC Path in accordance with the contractual agreement
made by the multiple owners of that ATC Path.
R2.7. For ATC Paths whose path rating, adjusted for seasonal variance, was
established, known and used in operation since January 1, 1994, and no action
has been taken to have the path rated using a different method, set the TTC at
that previously established amount.
R2.8. Create a study report that describes the steps above that were undertaken
(R2.1 R2.7), including the contingencies and assumptions used, when
determining the TTC and the results of the study. Where three phase fault
damping is used to determine stability limits, that report shall also identify the
percent used and include justification for use unless specified otherwise in the
ATCID.
R3. Each Transmission Operator shall establish the TTC at the lesser of the value
calculated in R2 or any System Operating Limit (SOL) for that ATC Path. [Violation
R4. Within seven calendar days of the finalization of the study report, the Transmission
Operator shall make available to the Transmission Service Provider of the ATC Path,
the most current value for TTC and the TTC study report documenting the
assumptions used and steps taken in determining the current value for TTC for that
ATC Path. [Violation Risk Factor: Lower] [Time Horizon: Operations Planning]
F
) for a
specified period for an ATC Path, the Transmission Service Provider shall use the
algorithm below: [Violation Risk Factor: Lower] [Time Horizon: Operations
Planning]
ETC
F
= NL
F
+ NITS
F
+ GF
F
+ PTP
F
+ ROR
F
+ OS
F

Where:
NL
F
is the firm capacity set aside to serve peak Native Load forecast
commitments for the time period being calculated, to include losses, and Native
Load growth, not otherwise included in Transmission Reliability Margin or
Capacity Benefit Margin.
NITS
F
is the firm capacity reserved for Network Integration Transmission
Service serving Load, to include losses, and Load growth, not otherwise included
in Transmission Reliability Margin or Capacity Benefit Margin.
GF
F

Page 4 of 15

PTP
F
Service.
ROR
F
OS
F
the ATCID.
NF
)
for all time horizons for an ATC Path the Transmission Service Provider shall use
the following algorithm: [Violation Risk Factor: Lower] [Time Horizon:
ETC
NF
= NITS
NF
+ GF
NF
+ PTP
NF
+ OS
NF

Where:
NITS
NF
Margin.
GF
NF
PTP
NF
Service.
OS
NF
agreement(s) not specified above using non-firm transmission service as specified
in the ATCID.
R7. When calculating firm ATC for an ATC Path for a specified period, the
ATC
F
= TTC ETC
F
CBM TRM + Postbacks
F
+ counterflows
F
Where
ATC
F
ETC
F
is the sum of existing firm commitments for the ATC Path during that
period.

Page 5 of 15

Postbacks
F
are changes to firm Available Transfer Capability due to a change in
the use of Transmission Service for that period, as defined in Business Practices.
counterflows
F
are adjustments to firm Available Transfer Capability as
determined by the Transmission Service Provider and specified in their ATCID.
R8. When calculating non-firm ATC for an ATC Path for a specified period, the
ATC
NF
= TTC ETC
F
ETC
NF
CBM
S
TRM
U
+ Postbacks
NF
+ counterflows
NF
Where:
ATC
NF
period.
ETC
F
is the sum of existing firm commitments for the ATC Path during that
period.
ETC
NF
is the sum of existing non-firm commitments for the ATC Path during
that period.
CBM
S
during that period.
TRM
U
Postbacks
NF
are changes to non-firm Available Transfer Capability due to a
change in the use of Transmission Service for that period, as defined in Business
Practices.
counterflows
NF
are adjustments to non-firm Available Transfer Capability as
determined by the Transmission Service Provider and specified in its ATCID.

Page 6 of 15

C. Measures
M1. Each Transmission Operator that uses the Rated System Path Methodology shall
produce any Transmission model it used to calculate TTC for purposes of calculating
ATC for each ATC Path, as required in R1, for the time horizon(s) to be examined.
(R1)
M1.1. Production shall be in the same form and format used by the Transmission
Operator to calculate the TTC, as required in R1. (R1)
M1.2. The Transmission model produced must include the areas listed in R1.1.1 (or
an equivalent representation, as described in the requirement) (R1.1)
M1.3. The Transmission model produced must show the use of the modeling
parameters stated in R1.1.2 through R1.1.10; except that, no evidence shall
be required to prove: 1) utilization of a Special Protection System where none
was included in the model or 2) that no additions or retirements to the
generation or Transmission system occurred. (R1.1.2 through R1.1.10)
M1.4. The Transmission Operator must provide evidence that the models used to
determine TTC included Facility Ratings as provided by the Transmission
Owner and Generator Owner. (R1.2)
produce the ATCID it uses to show where it has described and used additional
modeling criteria in its ACTID that are not otherwise included in MOD-29 (R1.1.4,
R.1.1.9, and R1.1.10).
M3. Each Transmission Operator that uses the Rated System Path Methodology with paths
with ratings established prior to January 1, 1994 shall provide evidence the path and
its rating were established prior to January 1, 1994. (R2.7)
produce as evidence the study reports, as required in R.2.8, for each path for which it
determined TTC for the period examined. (R2)
M5. Each Transmission Operator shall provide evidence that it used the lesser of the
calculated TTC or the SOL as the TTC, by producing: 1) all values calculated
pursuant to R2 for each ATC Path, 2) Any corresponding SOLs for those ATC Paths,
and 3) the TTC set by the Transmission Operator and given to the Transmission
Service Provider for use in R7and R8 for each ATC Path. (R3)
M6. Each Transmission Operator shall provide evidence (such as logs or data) that it
provided the TTC and its study report to the Transmission Service Provider within
seven calendar days of the finalization of the study report. (R4)
recalculating firm ETC for any specific time period as described in (MOD-001 R2),
using the algorithm defined in R5 and with data used to calculate the specified value
for the designated time period. The data used must meet the requirements specified
in MOD-029-1 and the ATCID. To account for differences that may occur when

Page 7 of 15

originally calculated value, is evidence that the Transmission Service Provider used
the algorithm in R5 to calculate its firm ETC. (R5)
R2), using the algorithm defined in R6 and with data used to calculate this specified
specified in the MOD-029 and the ATCID. To account for differences that may
occur when recalculating the value (due to mixing automated and manual processes),
any recalculated value that is within +/- 15% or 15 MW, whichever is greater, of the
originally calculated value, is evidence that the Transmission Service Provider used
the algorithm in R6 to calculate its non-firm ETC. (R6)
the processes used to implement the algorithm that calculates firm ATCs, as required
in R7. Such documentation must show that only the variables allowed in R7 were
used to calculate firm ATCs, and that the processes use the current values for the
variables as determined in the requirements or definitions. Note that any variable
may legitimately be zero if the value is not applicable or calculated to be zero (such
as counterflows, TRM, CBM, etc). The supporting documentation may be
provided in the same form and format as stored by the Transmission Service Provider.
(R7)
were used to calculate non-firm ATCs, and that the processes use the current values
for the variables as determined in the requirements or definitions. Note that any
variable may legitimately be zero if the value is not applicable or calculated to be
zero (such as counterflows, TRM, CBM, etc). The supporting documentation may
be provided in the same form and format as stored by the Transmission Service
Provider. (R8)
D. Compliance
Regional Entity.
Not applicable.
1.3. Data Retention
- The Transmission Operator and Transmission Service Provider shall keep data
or evidence to show compliance as identified below unless directed by its
period of time as part of an investigation:
- The Transmission Operator shall have its latest models used to determine TTC
for R1. (M1)

Page 8 of 15

- The Transmission Operator shall have the current, in force ATCID(s)
provided by its Transmission Service Provider(s) and any prior versions of the
ATCID that were in force since the last compliance audit to show compliance
with R1. (M2)
- The Transmission Operator shall retain evidence of any path and its rating that
was established prior to January 1, 1994. (M3)
- The Transmission Operator shall retain the latest version and prior version of
the TTC study reports to show compliance with R2. (M4)
- The Transmission Operator shall retain evidence for the most recent three
calendar years plus the current year to show compliance with R3 and R4. (M5
and M6)
- The Transmission Service Provider shall retain evidence to show compliance
in calculating hourly values required in R5 and R6 for the most recent 14
days; evidence to show compliance in calculating daily values required in R5
and R6 for the most recent 30 days; and evidence to show compliance in
calculating daily values required in R5 and R6 for the most recent sixty days.
(M7 and M8)
- The Transmission Service Provider shall retain evidence for the most recent
three calendar years plus the current year to show compliance with R7 and R8.
(M9 and M10)
- If a Transmission Service Provider or Transmission Operator is found non-
compliant.
- Compliance Audits
- Spot Checking
- Self-Reporting
- Complaints
None.

Page 9 of 15
used a model that met all but
one of the modeling
requirements specified in R1.1.
OR
utilized one to ten Facility
Transmission Owner or
Generation Owner in their
Transmission model. (R1.2)
two of the modeling
OR
utilized eleven to twenty Facility
three of the modeling
OR
utilized twenty-one to thirty
by a Transmission Owner or
used a model that did not meet
four or more of the modeling
OR
utilized more than thirty Facility
Ratings that were different
from those specified by a
R2
did not calculate TTC using
one of the items in sub-
requirements R2.1-R2.6.
does not include one
required item in the study
report required in R2.8.
two of the items in sub-
does not include two
required items in the study

three of the items in sub-
does not include three
required items in the study
The Transmission
Operator did not calculate
TTC using four or more of
the items in sub-
The Transmission
Operator did not apply
R2.7.
The Transmission
Operator does not include
four or more required items
in the study report required
in R2.8

Page 10 of 15
R3.
not specify the TTC as the
lesser of the TTC calculated
using the process described in
R2 or any associated SOL for
more than zero ATC Paths,
BUT, not more than 1% of all
ATC Paths or 1 ATC Path
greater), BUT not more than
2% of all ATC Paths or 2 ATC
or 2 ATC Paths (whichever is
greater), BUT not more than
R2 or any associated SOL, for
or 3 ATC Paths (whichever is
greater).
provided the TTC and study
report to the Transmission
Service Provider more than
seven, but not more than 14
calendar days after the report
was finalized.
Service Provider more than 14,
days after the report was
finalized.
Service Provider more than 21,
days after the report was
finalized.
Service Provider more than 28
calendar days after the report
was finalized.
R5. For a specified period, the
an absolute value different
than that calculated in M8 for
the same period, and the

Page 11 of 15
absolute value difference was
R7.
greater).
greater), but not more than
more than 3 ATC Paths
R8.
Paths or 1 ATC Path

Paths or more than 3 ATC


Page 12 of 15

Version History
1 8/26/2008 Adopted by NERC Board of Trustees
1a Board approved
11/05/2009
Interpretation of R5 and R6 Interpretation (Project
2009-15)


Page 13 of 15
Appendix 1

R2. Each Transmission Service Provider shall calculate ATC or AFC values as listed below using
the methodology or methodologies selected by its Transmission Operator(s):

minimum on the following frequency, unless none of the calculated values identified in the ATC
equation have changed:
R8.1. Hourly values, once per hour. Transmission Service Providers are allowed up to
175 hours per calendar year during which calculations are not required to be performed,
despite a change in a calculated value identified in the ATC equation.
Question #1
Is the advisory ATC used under the NYISO tariff subject to the ATC calculation and
recalculation requirements in MOD-001-1 Requirements R2 and R8? If not, is it necessary to
document the frequency of advisory calculations in the responsible entitys Available Transfer
Capability Implementation Document?
Requirements R2 and R8 of MOD-001-1 are both related to Requirement R1, which defines that
ATC methodologies are to be applied to specific ATC Paths. The NERC definition of ATC
Path is Any combination of Point of Receipt and Point of Delivery for which ATC is calculated;
and any Posted Path. Based on a review of the language included in this request, the NYISO
Open Access Transmission Tariff, and other information posted on the NYISO Web site, it
appears that the NYISO does indeed have multiple ATC Paths, which are subject to the
calculation and recalculation requirements in Requirements R2 and R8. It appears from
reviewing this information that ATC is defined in the NYISO tariff in the same manner in which
NERC defines it, making it difficult to conclude that NYISOs advisory ATC is not the same as
ATC. In addition, it appears that pre-scheduling is permitted on certain external paths, making
the calculation of ATC prior to day ahead necessary on those paths.
The second part of NYISOs question is only applicable if the first part was answered in the

Page 14 of 15
negative and therefore will not be addressed.
MOD-029-01 Requirements R5 and R6:
F
) for a specified
period for an ATC Path, the Transmission Service Provider shall use the algorithm below:
ETC
F
= NL
F
+ NITS
F
+ GF
F
+ PTP
F
+ ROR
F
+ OS
F

Where:
NL
F
is the firm capacity set aside to serve peak Native Load forecast commitments
for the time period being calculated, to include losses, and Native Load growth,
Margin.
NITS
F
is the firm capacity reserved for Network Integration Transmission Service
serving Load, to include losses, and Load growth, not otherwise included in
Transmission Reliability Margin or Capacity Benefit Margin.
GF
F
PTP
F
Service.
ROR
F
OS
F
the ATCID.
NF
) for all
time horizons for an ATC Path the Transmission Service Provider shall use the following
algorithm:
ETC
NF
= NITS
NF
+ GF
NF
+ PTP
NF
+ OS
NF

Where:
NITS
NF
Margin.
GF
NF

Page 15 of 15
PTP
NF
Service.
OS
NF
is the non-firm capacity reserved for any other service(s), contract(s), or agreement(s) not
specified above using non-firm transmission service as specified in the ATCID.
Question #2
Could OS
F
in MOD-029-1 Requirement R5 and OS
NF
in MOD-029-1 Requirement R6 be
calculated using Transmission Flow Utilization in the determination of ATC?
This request for interpretation and the NYISO Open Access Transmission Tariff describe the
NYISOs concept of "Transmission Flow Utilization;" however, it is unclear whether or not
any of the other components explicitly defined in Requirements R5 and R6 are incorporated into
"Transmission Flow Utilization." Provided that "Transmission Flow Utilization" does not include
any of the other components explicitly defined in Requirements R5 and R6, it is appropriate to be
included within the "Other Services" term. However, if "Transmission Flow Utilization" does
incorporate those components, then simply including "Transmission Flow Utilization" in Other
Service would be inappropriate.

Standard MOD-030-02 Flowgate Methodology
A. Introduction
1. Title: Flowgate Methodology
3. Purpose: To increase consistency and reliability in the development and documentation of
transfer capability calculations for short-term use performed by entities using the Flowgate
Methodology to support analysis and system operations.
4. Applicability:
4.1.1 Each Transmission Operator that uses the Flowgate Methodology to support the
calculation of Available Flowgate Capabilities (AFCs) on Flowgates.
4.1.2 Each Transmission Service Provider that uses the Flowgate Methodology to calculate
AFCs on Flowgates.
5. Proposed Effective Date: The date upon which MOD-030-01 is currently scheduled to
become effective.
B. Requirements
R1. The Transmission Service Provider shall include in its Available Transfer Capability
Implementation Document (ATCID): [Violation Risk Factor: To Be Determined] [Time
R1.1. The criteria used by the Transmission Operator to identify sets of Transmission
Facilities as Flowgates that are to be considered in Available Flowgate Capability
(AFC) calculations.
accounted for in AFC calculations including:
R1.2.1. Define if the source used for AFC calculations is obtained from the source
field or the Point of Receipt (POR) field of the transmission reservation.
R1.2.2. Define if the sink used for AFC calculations is obtained from the sink field
or the Point of Delivery (POD) field of the transmission reservation.
R1.2.3. The source/sink or POR/POD identification and mapping to the model.
R1.2.4. If the Transmission Service Providers AFC calculation process involves a
grouping of generators, the ATCID must identify how these generators
participate in the group.
R2. The Transmission Operator shall perform the following: [Violation Risk Factor: To Be
Determined] [Time Horizon: Operations Planning]
R2.1. Include Flowgates used in the AFC process based, at a minimum, on the following
criteria:
R2.1.1. Results of a first Contingency transfer analysis for ATC Paths internal to a
Transmission Operators system up to the path capability such that at a
minimum the first three limiting Elements and their worst associated
Contingency combinations with an OTDF of at least 5% and within the
Transmission Operators system are included as Flowgates.
R2.1.1.1. Use first Contingency criteria consistent with those first
Contingency criteria used in planning of operations for the
applicable time periods, including use of Special Protection
Systems.
R2.1.1.2. Only the most limiting element in a series configuration needs to
be included as a Flowgate.
R2.1.1.3. If any limiting element is kept within its limit for its associated
worst Contingency by operating within the limits of another
Flowgate, then no new Flowgate needs to be established for such
limiting elements or Contingencies.
R2.1.2. Results of a first Contingency transfer analysis from all adjacent Balancing
Authority source and sink (as defined in the ATCID) combinations up to
the path capability such that at a minimum the first three limiting Elements
and their worst associated Contingency combinations with an Outage
Transfer Distribution Factor (OTDF) of at least 5% and within the
Transmission Operators system are included as Flowgates unless the
interface between such adjacent Balancing Authorities is accounted for
using another ATC methodology.
R2.1.2.1. Use first Contingency criteria consistent with those first
Contingency criteria used in planning of operations for the
applicable time periods, including use of Special Protection
Systems.
R2.1.2.2. Only the most limiting element in a series configuration needs to
be included as a Flowgate.
R2.1.2.3. If any limiting element is kept within its limit for its associated
worst Contingency by operating within the limits of another
Flowgate, then no new Flowgate needs to be established for such
limiting elements or Contingencies.
R2.1.3. Any limiting Element/Contingency combination at least within its
Reliability Coordinators Area that has been subjected to an
Interconnection-wide congestion management procedure within the last 12
months, unless the limiting Element/Contingency combination is
accounted for using another ATC methodology or was created to address
temporary operating conditions.
R2.1.4. Any limiting Element/Contingency combination within the Transmission
model that has been requested to be included by any other Transmission
Service Provider using the Flowgate Methodology or Area Interchange
Methodology, where:
R2.1.4.1. The coordination of the limiting Element/Contingency
combination is not already addressed through a different
methodology, and
- Any generator within the Transmission Service Providers
area has at least a 5% Power Transfer Distribution Factor
(PTDF) or Outage Transfer Distribution Factor (OTDF)
impact on the Flowgate when delivered to the aggregate
load of its own area, or
- A transfer from any Balancing Area within the
Transmission Service Providers area to a Balancing Area
adjacent has at least a 5% PTDF or OTDF impact on the
Flowgate.
- The Transmission Operator may utilize distribution factors
less than 5% if desired.
R2.1.4.2. The limiting Element/Contingency combination is included in
the requesting Transmission Service Providers methodology.
R2.2. At a minimum, establish a list of Flowgates by creating, modifying, or deleting
Flowgate definitions at least once per calendar year.
R2.3. At a minimum, establish a list of Flowgates by creating, modifying, or deleting
Flowgates that have been requested as part of R2.1.4 within thirty calendar days from
the request.
R2.4. Establish the TFC of each of the defined Flowgates as equal to:
- For thermal limits, the System Operating Limit (SOL) of the Flowgate.
- For voltage or stability limits, the flow that will respect the SOL of the Flowgate.
R2.5. At a minimum, establish the TFC once per calendar year.
R2.5.1. If notified of a change in the Rating by the Transmission Owner that would
affect the TFC of a flowgate used in the AFC process, the TFC should be
updated within seven calendar days of the notification.
R2.6. Provide the Transmission Service Provider with the TFCs within seven calendar days
of their establishment.
R3. The Transmission Operator shall make available to the Transmission Service Provider a
Transmission model to determine Available Flowgate Capability (AFC) that meets the
following criteria: [Violation Risk Factor: To Be Determined] [Time Horizon: Operations
Planning]
R3.1. Contains generation Facility Ratings, such as generation maximum and minimum
output levels, specified by the Generator Owners of the Facilities within the model.
R3.2. Updated at least once per day for AFC calculations for intra-day, next day, and days
two through 30.
R3.3. Updated at least once per month for AFC calculations for months two through 13.
R3.4. Contains modeling data and system topology for the Facilities within its Reliability
Coordinators Area. Equivalent representation of radial lines and Facilities161kV or
below is allowed.
R3.5. Contains modeling data and system topology (or equivalent representation) for
immediately adjacent and beyond Reliability Coordination Areas.
R4. When calculating AFCs, the Transmission Service Provider shall represent the impact of
Transmission Service as follows: [Violation Risk Factor: To Be Determined] [Time Horizon:
- If the source, as specified in the ATCID, has been identified in the reservation and it is
discretely modeled in the Transmission Service Providers Transmission model, use the
discretely modeled point as the source.
- If the source, as specified in the ATCID, has been identified in the reservation and the
point can be mapped to an equivalence or aggregate representation in the
Transmission Service Providers Transmission model, use the modeled equivalence or
aggregate as the source.
- If the source, as specified in the ATCID, has been identified in the reservation and the
point cannot be mapped to a discretely modeled point or an equivalence
representation in the Transmission Service Providers Transmission model, use the
immediately adjacent Balancing Authority associated with the Transmission Service
Provider from which the power is to be received as the source.
- If the source, as specified in the ATCID, has not been identified in the reservation use
the immediately adjacent Balancing Authority associated with the Transmission
Service Provider from which the power is to be received as the source.
- If the sink, as specified in the ATCID, has been identified in the reservation and it is
discretely modeled in the Transmission Service Providers Transmission model, use the
discretely modeled point as the sink.
- If the sink, as specified in the ATCID, has been identified in the reservation and the
point can be mapped to an equivalence or aggregate representation in the
Transmission Service Providers Transmission model, use the modeled equivalence or
aggregate as the sink.
- If the sink, as specified in the ATCID, has been identified in the reservation and the
point cannot be mapped to a discretely modeled point or an equivalence
representation in the Transmission Service Providers Transmission model, use the
Provider receiving the power as the sink.
- If the sink, as specified in the ATCID, has not been identified in the reservation use the
Provider receiving the power as the sink.
R5. When calculating AFCs, the Transmission Service Provider shall: [Violation Risk Factor: To
Be Determined] [Time Horizon: Operations Planning]
R5.1. Use the models provided by the Transmission Operator.
R5.2. Include in the transmission model expected generation and Transmission outages,
additions, and retirements within the scope of the model as specified in the ATCID
and in effect during the applicable period of the AFC calculation for the
Transmission Service Providers area, all adjacent Transmission Service Providers,
and any Transmission Service Providers with which coordination agreements have
been executed.
R5.3. For external Flowgates, identified in R2.1.4, use the AFC provided by the
Transmission Service Provider that calculates AFC for that Flowgate.
R6. When calculating the impact of ETC for firm commitments (ETC
Fi
) for all time periods for a
Flowgate, the Transmission Service Provider shall sum the following: [Violation Risk
Factor: To Be Determined] [Time Horizon: Operations Planning]
R6.1. The impact of firm Network Integration Transmission Service, including the impacts
of generation to load, in the model referenced in R5.2 for the Transmission Service
Providers area, based on:
R6.1.1. Load forecast for the time period being calculated, including Native Load
and Network Service load
R6.1.2. Unit commitment and Dispatch Order, to include all designated network
resources and other resources that are committed or have the legal
obligation to run as specified in the Transmission Service Provider's
ATCID.
R6.2. The impact of any firm Network Integration Transmission Service, including the
impacts of generation to load in the model referenced in R5.2 and has a distribution
factor equal to or greater than the percentage
1
used to curtail in the Interconnection-
wide congestion management procedure used by the Transmission Service Provider,
for all adjacent Transmission Service Providers and any other Transmission Service
Providers with which coordination agreements have been executed based on:
R6.2.1. Load forecast for the time period being calculated, including Native Load
and Network Service load
R6.2.2. Unit commitment and Dispatch Order, to include all designated network
resources and other resources that are committed or have the legal
obligation to run as specified in the Transmission Service Provider's
ATCID.
R6.3. The impact of all confirmed firm Point-to-Point Transmission Service expected to be
scheduled, including roll-over rights for Firm Transmission Service contracts, for the
Transmission Service Providers area.
R6.4. The impact of any confirmed firm Point-to-Point Transmission Service expected to
be scheduled, filtered to reduce or eliminate duplicate impacts from transactions
using Transmission service from multiple Transmission Service Providers, including
roll-over rights for Firm Transmission Service contracts having a distribution factor
equal to or greater than the percentage
2
used to curtail in the Interconnection-wide
congestion management procedure used by the Transmission Service Provider, for all
adjacent Transmission Service Providers and any other Transmission Service
Providers with which coordination agreements have been executed.
R6.5. The impact of any Grandfathered firm obligations expected to be scheduled or
expected to flow for the Transmission Service Providers area.
R6.6. The impact of any Grandfathered firm obligations expected to be scheduled or
expected to flow that have a distribution factor equal to or greater than the
percentage
3
used to curtail in the Interconnection-wide congestion management
procedure used by the Transmission Service Provider, for all adjacent Transmission
Service Providers and any other Transmission Service Providers with which
coordination agreements have been executed.
R6.7. The impact of other firm services determined by the Transmission Service Provider.
R7. When calculating the impact of ETC for non-firm commitments (ETC
NFi
) for all time periods
for a Flowgate the Transmission Service Provider shall sum: [Violation Risk Factor: To Be

1
A percentage less than that used in the Interconnection-wide congestion management procedure may be utilized.
2
3
R7.1. The impact of all confirmed non-firm Point-to-Point Transmission Service expected
to be scheduled for the Transmission Service Providers area.
R7.2. The impact of any confirmed non-firm Point-to-Point Transmission Service expected
to be scheduled, filtered to reduce or eliminate duplicate impacts from transactions
using Transmission service from multiple Transmission Service Providers, that have
a distribution factor equal to or greater than the percentage
4
used to curtail in the
Interconnection-wide congestion management procedure used by the Transmission
Service Provider, for all adjacent Transmission Service Providers and any other
Transmission Service Providers with which coordination agreements have been
executed.
R7.3. The impact of any Grandfathered non-firm obligations expected to be scheduled or
expected to flow for the Transmission Service Providers area.
R7.4. The impact of any Grandfathered non-firm obligations expected to be scheduled or
expected to flow that have a distribution factor equal to or greater than the
percentage
5
used to curtail in the Interconnection-wide congestion management
procedure used by the Transmission Service Provider, for all adjacent Transmission
Service Providers and any other Transmission Service Providers with which
coordination agreements have been executed.
R7.5. The impact of non-firm Network Integration Transmission Service serving Load
within the Transmission Service Providers area (i.e., secondary service), to include
load growth, and losses not otherwise included in Transmission Reliability Margin or
Capacity Benefit Margin.
R7.6. The impact of any non-firm Network Integration Transmission Service (secondary
service) with a distribution factor equal to or greater than the percentage
6
used to
curtail in the Interconnection-wide congestion management procedure used by the
Transmission Service Provider, filtered to reduce or eliminate duplicate impacts from
transactions using Transmission service from multiple Transmission Service
Providers, for all adjacent Transmission Service Providers and any other
Transmission Service Providers with which coordination agreements have been
executed.
R7.7. The impact of other non-firm services determined by the Transmission Service
Provider.
R8. When calculating firm AFC for a Flowgate for a specified period, the Transmission Service
Provider shall use the following algorithm (subject to allocation processes described in the
ATCID): [Violation Risk Factor: To Be Determined] [Time Horizon: Operations Planning]
AFC
F
=TFC ETC
Fi
CBM
i
TRM
i
+Postbacks
Fi
+counterflows
Fi
Where:
AFC
F
is the firm Available Flowgate Capability for the Flowgate for that period.

4
5
6
TFC is the Total Flowgate Capability of the Flowgate.
ETC
Fi
is the sum of the impacts of existing firm Transmission commitments for the
Flowgate during that period.
CBM
i
is the impact of the Capacity Benefit Margin on the Flowgate during that period.
TRM
i
is the impact of the Transmission Reliability Margin on the Flowgate during that
period.
Postbacks
Fi
are changes to firm AFC due to a change in the use of Transmission Service
for that period, as defined in Business Practices.
counterflows
Fi
are adjustments to firm AFC as determined by the Transmission Service
Provider and specified in their ATCID.
R9. When calculating non-firm AFC for a Flowgate for a specified period, the Transmission
Service Provider shall use the following algorithm (subject to allocation processes described
in the ATCID): [Violation Risk Factor: To Be Determined] [Time Horizon: Operations
Planning]
AFC
NF
=TFC ETC
Fi
ETC
NFi
CBM
Si
TRM
Ui
+Postbacks
NFi
+counterflows
Where:
AFC
NF
is the non-firm Available Flowgate Capability for the Flowgate for that period.
TFC is the Total Flowgate Capability of the Flowgate.
ETC
Fi
is the sum of the impacts of existing firm Transmission commitments for the
ETC
NFi
is the sum of the impacts of existing non-firm Transmission commitments for the
CBM
Si
is the impact of any schedules during that period using Capacity Benefit Margin.
TRM
Ui
is the impact on the Flowgate of the Transmission Reliability Margin that has not
been released (unreleased) for sale as non-firm capacity by the Transmission Service
Postbacks
NF
are changes to non-firm Available Flowgate Capability due to a change in
the use of Transmission Service for that period, as defined in Business Practices.
counterflows
NF
are adjustments to non-firm AFC as determined by the Transmission
Service Provider and specified in their ATCID.
R10. Each Transmission Service Provider shall recalculate AFC, utilizing the updated models
described in R3.2, R3.3, and R5, at a minimum on the following frequency, unless none of
the calculated values identified in the AFC equation have changed: [Violation Risk Factor:
To Be Determined] [Time Horizon: Operations Planning]
R10.1. For hourly AFC, once per hour. Transmission Service Providers are allowed up to
175 hours per calendar year during which calculations are not required to be
performed, despite a change in a calculated value identified in the AFC equation.
R10.2. For daily AFC, once per day.
R10.3. For monthly AFC, once per week.
R11. When converting Flowgate AFCs to ATCs for ATC Paths, the Transmission Service Provider
shall convert those values based on the following algorithm: [Violation Risk Factor: To Be
ATC =min(P)
P ={PATC
1
, PATC
2
,PATC
n
}
PATC
n
=
np
n
DF
AFC

Where:
ATC is the Available Transfer Capability.
P is the set of partial Available Transfer Capabilities for all impacted Flowgates
honored by the Transmission Service Provider; a Flowgate is considered impacted by a
path if the Distribution Factor for that path is greater than the percentage
7
used to curtail
in the Interconnection-wide congestion management procedure used by the Transmission
Service Provider on an OTDF Flowgate or PTDF Flowgate.
PATC
n
is the partial Available Transfer Capability for a path relative to a Flowgate n.
AFC
n
is the Available Flowgate Capability of a Flowgate n.
DF
np
is the distribution factor for Flowgate n relative to path p.
C. Measures
M1. Each Transmission Service Provider shall provide its ATCID and other evidence (such as
written documentation) to show that its ATCID contains the criteria used by the Transmission
Operator to identify sets of Transmission Facilities as Flowgates and information on how
sources and sinks are accounted for in AFC calculations. (R1)
M2. The Transmission Operator shall provide evidence (such as studies and working papers) that
all Flowgates that meet the criteria described in R2.1 are considered in its AFC calculations.
(R2.1)
M3. The Transmission Operator shall provide evidence (such as logs) that it updated its list of
Flowgates at least once per calendar year. (R2.2)
M4. The Transmission Operator shall provide evidence (such as logs and dated requests) that it
updated the list of Flowgates within thirty calendar days from a request. (R2.3)
M5. The Transmission Operator shall provide evidence (such as data or models) that it determined
the TFC for each Flowgate as defined in R2.4. (R2.4)
M6. The Transmission Operator shall provide evidence (such as logs) that it established the TFCs
for each Flowgate in accordance with the timing defined in R2.5. (R2.5)
M7. The Transmission Operator shall provide evidence (such as logs and electronic
communication) that it provided the Transmission Service Provider with updated TFCs
within seven calendar days of their determination. (R2.6)

7
M8. The Transmission Operator shall provide evidence (such as written documentation, logs,
models, and data) that the Transmission model used to determine AFCs contains the
information specified in R3. (R3)
M9. The Transmission Service Provider shall provide evidence (such as written documentation
and data) that the modeling of point-to-point reservations was based on the rules described in
R4. (R4)
M10. The Transmission Service Provider shall provide evidence including the models received
from Transmission Operators and other evidence (such as documentation and data) to show
that it used the Transmission Operators models in calculating AFC. (R5.1)
M11. The Transmission Service Provider shall provide evidence (such as written documentation,
electronic communications, and data) that all expected generation and Transmission outages,
additions, and retirements were included in the AFC calculation as specified in the ATCID.
(R5.2)
M12. The Transmission Service Provider shall provide evidence (such as logs, electronic
communications, and data) that AFCs provided by third parties on external Flowgates were
used instead of those calculated by the Transmission Operator. (R5.3)
M13. The Transmission Service Provider shall demonstrate compliance with R6 by recalculating
firm ETC for any specific time period as described in (MOD-001 R2), using the requirements
defined in R6 and with data used to calculate the specified value for the designated time
period. The data used must meet the requirements specified in this standard and the ATCID.
To account for differences that may occur when recalculating the value (due to mixing
automated and manual processes), any recalculated value that is within +/- 15% or 15 MW,
whichever is greater, of the originally calculated value, is evidence that the Transmission
Service Provider used the requirements defined in R6 to calculate its firm ETC. (R6)
M14. The Transmission Service Provider shall demonstrate compliance with R7 by recalculating
non-firm ETC for any specific time period as described in (MOD-001 R2), using the
requirements defined in R7 and with data used to calculate the specified value for the
designated time period. The data used must meet the requirements specified in the standard
and the ATCID. To account for differences that may occur when recalculating the value (due
to mixing automated and manual processes), any recalculated value that is within +/- 15% or
15 MW, whichever is greater, of the originally calculated value, is evidence that the
Transmission Service Provider used the requirements in R7 to calculate its non-firm ETC.
(R7)
M15. Each Transmission Service Provider shall produce the supporting documentation for the
processes used to implement the algorithm that calculates firm AFCs, as required in R8.
Such documentation must show that only the variables allowed in R8 were used to calculate
firm AFCs, and that the processes use the current values for the variables as determined in the
requirements or definitions. Note that any variable may legitimately be zero if the value is
not applicable or calculated to be zero (such as counterflows, TRM, CBM, etc). The
supporting documentation may be provided in the same form and format as stored by the
Transmission Service Provider. (R8)
M16. Each Transmission Service Provider shall produce the supporting documentation for the
processes used to implement the algorithm that calculates non-firm AFCs, as required in R9.
Such documentation must show that only the variables allowed in R9 were used to calculate
non-firm AFCs, and that the processes use the current values for the variables as determined
in the requirements or definitions. Note that any variable may legitimately be zero if the
value is not applicable or calculated to be zero (such as counterflows, TRM, CBM, etc).
The supporting documentation may be provided in the same form and format as stored by the
Transmission Service Provider. (R9)
M17. The Transmission Service Provider shall provide evidence (such as documentation, dated
logs, and data) that it calculated AFC on the frequency defined in R10. (R10)
M18. The Transmission Service Provider shall provide evidence (such as documentation and data)
when converting Flowgate AFCs to ATCs for ATC Paths, it follows the procedure described
in R11. (R11)
D. Compliance
Regional Entity.
Not applicable.
1.3. Data Retention
The Transmission Operator and Transmission Service Provider shall keep data or evidence to
show compliance as identified below unless directed by its Compliance Enforcement
Authority to retain specific evidence for a longer period of time as part of an investigation:
- The Transmission Service Provider shall retain its current, in force ATCID and any prior
versions of the ATCID that were in force since the last compliance audit to show
compliance with R1.
- The Transmission Operator shall have its latest model used to determine flowgates and
TFC and evidence of the previous version to show compliance with R2 and R3.
- The Transmission Operator shall retain evidence to show compliance with R2.1, R2.3 for
the most recent 12 months.
- The Transmission Operator shall retain evidence to show compliance with R2.2, R2.4
and R2.5 for the most recent three calendar years plus current year.
- The Transmission Service Provider shall retain evidence to show compliance with R4 for
12 months or until the model used to calculate AFC is updated, whichever is longer.
- The Transmission Service Provider shall retain evidence to show compliance with R5,
R8, R9, R10, and R11 for the most recent calendar year plus current year.
calculating hourly values required in R6 and R7 for the most recent 14 days; evidence to
show compliance in calculating daily values required in R6 and R7 for the most recent 30
days; and evidence to show compliance in calculating monthly values required in R6 and
R7 for the most recent sixty days.
- If a Transmission Service Provider or Transmission Operator is found non-compliant, it
shall keep information related to the non-compliance until found compliant.
The Compliance Enforcement Authority shall keep the last audit records and all requested
- Compliance Audits
- Spot Checking
- Self-Reporting
- Complaints
None.
Provider does not include in its
ATCID one or two of the sub-
requirements listed under R1.2,
or the sub-requirement is
incomplete.
ATCID three of the sub-
requirements listed under R1.2,
or the sub-requirement is
incomplete.
ATCID the information
described in R1.1.
OR
described in R1.2 (1.2.1, 1.2.2.,
1.2.3, and 1.2.4 are missing).
described in R1.1 and R1.2
(1.2.1, 1.2.2., 1.2.3, and 1.2.4
are missing).
established its list of
Flowgates less frequently
than once per calendar year,
but not more than three
months late as described in
R2.2.
Flowgates more than thirty
days, but not more than sixty
days, following a request to
create, modify or delete a
flowgate as described in
R2.3.
has not updated its Flowgate
TFC when notified by the
Transmission Owner in more
than 7 days, but it has not
been more than 14 days
did not include a Flowgate in
their AFC calculations that
met the criteria described in
R2.1.
Flowgates more than three
months late, but not more
than six months late as
described in R2.2.
Flowgates more than sixty
days, but not more than
ninety days, following a
request to create, modify or
delete a flowgate as
described in R2.3.
did not include two to five
Flowgates in their AFC
calculations that met the
criteria described in R2.1.
Flowgates more than six
months late, but not more
than nine months late as
described in R2.2.
Flowgates more than ninety
days, but not more than 120
days, following a request to
R2.3.
did not include six or more
Flowgates in their AFC
calculations that met the
criteria described in R2.1.
Flowgates more than nine
months late as described in
R2.2.
did not establish its list of
internal Flowgates as
described in R2.2.
Flowgates more than 120
days following a request to
Lower VSL Moderate VSL R # High VSL Severe VSL
since the notification (R2.5.1)
Provider with its Flowgate
TFCs within seven days (one
week) of their determination,
but is has not been more
than 14 days (two weeks)
since their determination.
TFCs at least once within a
calendar year, and it has
been not more than 15
months since the last update.
TFC when notified by the
TFCs in more than 14 days
(two weeks) of their
determination, but is has not
(three weeks) since their
determination.
been more than 15 months
but not more than 18 months
since the last update.
TFCs when notified by the
(three weeks) of their
determination, but is has not
been more than 28 days (four
weeks) since their
determination.
R2.3.
did not establish its list of
external Flowgates following
a request to create, modify or
delete an external flowgate
as described in R2.3.
did not determine the TFC for
a flowgate as described in
R2.4.
been more than 18 months
since the last update. (R2.5)
TFCs when notified by the
(R2.5.1)
(4 weeks) of their
determination.
used one to ten Facility
model.
did not update the model per
R3.2 for one or more
calendar days but not more
did not update the model for
per R3.3 for one or more
months but not more than
six weeks
used eleven to twenty
different from those
specified by a Transmission
or Generator Owner in their
Transmission model.
R3.2 for more than 2
per R3.3 for more than six
weeks but not more than
eight weeks
different from those
specified by a Transmission
or Generator Owner in their
Transmission model.
per R3.3 for more than eight
weeks but not more than ten
weeks
calendar days
per R3.3 for more than ten
weeks
used more than thirty Facility
model.
The Transmission operator
did not include in the
Transmission model detailed
modeling data and topology
for its own Reliability
Coordinator area.
The Transmission operator
did not include in the
Transmission modeling data
and topology for immediately
adjacent and beyond
Reliability Coordinator area.
Provider did not represent the
impact of Transmission Service
as described in R4 for more
than zero, but not more than
than 5%, but not more than
than 10%, but not more than
5% of all reservations; or more
than zero, but not more than 1
reservation, whichever is
greater..
10% of all reservations; or
greater..
15% of all reservations; or
greater..
more than 3 reservations,
whichever is greater..
Provider did not include in the
AFC process one to ten
expected generation or
Transmission outages,
additions or retirements within
the scope of the model as

AFC process eleven to twenty-
five expected generation and

AFC process twenty-six to fifty
expected generation and

Provider did not use the
model provided by the
Provider did not include in
the AFC process more than
fifty expected generation
additions or retirements
within the scope of the
model as specified in the
ATCID.
provider did not use AFC
provided by a third party.
25MW, whichever is greater.. 35MW, whichever is greater. 45MW, whichever is greater.
R8.
determining firm AFC, or used
than zero Flowgates, but not
more than 5% of all Flowgates
or 1 Flowgate (whichever is
greater).
than 5% of all Flowgates or 1
Flowgates (whichever is
10% of all Flowgates or 2
greater).
than 10% of all Flowgates or 2
greater).
than 15% of all Flowgates or
more than 3 Flowgates
R9.
determining non-firm AFC, or
more than zero Flowgates, but
more than 5% of all Flowgates
not more than 5% of all
Flowgates or 1 Flowgate
or 1 Flowgate (whichever is
greater).
Flowgates or 2 Flowgates
Flowgates or 3 Flowgates
Flowgates or more than 3
greater).
R10 One or more of the following:
described in the AFC
equation changed and the
provider did not calculate
for one or more hours but
not more than 15 hours,
and was in excess of the
175-hour per year
requirement.
For Daily, the values
for one or more calendar
days but not more than 3
calendar days.
for seven or more calendar
days, but less than 14
calendar days.
for more than 15 hours but
175-hour per year
requirement.
for more than 3 calendar
calendar days.
for 14 or more calendar
calendar days.
for more than 20 hours but
175-hour per year
requirement.
calendar days.
calendar days.
for more than 25 hours,
175-hour per year
requirement.
days.
days.
R11.
N/A N/A N/A
Provider did not follow the
procedure for converting
Flowgate AFCs to ATCs
described in R11.

A. Regional Differences
None identified.
B. Associated Documents
Version History
2 Modified R2.1.1.3, R2.1.2.3, R2.1.3, R2.2,
R2.3 and R11
Made conforming changes to M18 and
VSLs for R2 and R11
Revised

Standard NUC-001-2 Nuclear Plant Interface Coordination
1
A. Introduction
1. Title: Nuclear Plant Interface Coordination
2. Number: NUC-001-2
3. Purpose: This standard requires coordination between Nuclear Plant Generator Operators
and Transmission Entities for the purpose of ensuring nuclear plant safe operation and
shutdown.
4. Applicability:
4.1. Nuclear Plant Generator Operator.
4.2. Transmission Entities shall mean all entities that are responsible for providing services
related to Nuclear Plant Interface Requirements (NPIRs). Such entities may include one
or more of the following:
4.2.1 Transmission Operators.
4.2.2 Transmission Owners.
4.2.3 Transmission Planners.
4.2.4 Transmission Service Providers.
4.2.5 Balancing Authorities.
4.2.6 Reliability Coordinators.
4.2.7 Planning Coordinators.
4.2.8 Distribution Providers.
4.2.9 Load-serving Entities.
4.2.10 Generator Owners.
4.2.11 Generator Operators.
B. Requirements
R1. The Nuclear Plant Generator Operator shall provide the proposed NPIRs in writing to the
applicable Transmission Entities and shall verify receipt [Risk Factor: Lower]
R2. The Nuclear Plant Generator Operator and the applicable Transmission Entities shall have in
effect one or more Agreements
1
that include mutually agreed to NPIRs and document how the
Nuclear Plant Generator Operator and the applicable Transmission Entities shall address and
implement these NPIRs. [Risk Factor: Medium]
R3. Per the Agreements developed in accordance with this standard, the applicable Transmission
Entities shall incorporate the NPIRs into their planning analyses of the electric system and shall
communicate the results of these analyses to the Nuclear Plant Generator Operator. [Risk
Factor: Medium]
Entities shall: [Risk Factor: High]

1. Agreements may include mutually agreed upon procedures or protocols in effect between entities or between
departments of a vertically integrated system.
2
R4.1. Incorporate the NPIRs into their operating analyses of the electric system.
R4.2. Operate the electric system to meet the NPIRs.
R4.3. Inform the Nuclear Plant Generator Operator when the ability to assess the operation
of the electric system affecting NPIRs is lost.
R5. The Nuclear Plant Generator Operator shall operate per the Agreements developed in
accordance with this standard. [Risk Factor: High]
Entities and the Nuclear Plant Generator Operator shall coordinate outages and maintenance
activities which affect the NPIRs. [Risk Factor: Medium]
R7. Per the Agreements developed in accordance with this standard, the Nuclear Plant Generator
Operator shall inform the applicable Transmission Entities of actual or proposed changes to
nuclear plant design, configuration, operations, limits, protection systems, or capabilities that
may impact the ability of the electric system to meet the NPIRs. [Risk Factor: High]
Entities shall inform the Nuclear Plant Generator Operator of actual or proposed changes to
electric system design, configuration, operations, limits, protection systems, or capabilities that
R9. The Nuclear Plant Generator Operator and the applicable Transmission Entities shall include,
as a minimum, the following elements within the agreement(s) identified in R2: [Risk Factor:
Medium]
R9.1. Administrative elements: (Retirement approved by NERC BOT pending applicable
R9.1.1. Definitions of key terms used in the agreement. (Retirement approved by
NERC BOT pending applicable regulatory approval.)
R9.1.2. Names of the responsible entities, organizational relationships, and
responsibilities related to the NPIRs. (Retirement approved by NERC BOT
R9.1.3. A requirement to review the agreement(s) at least every three years.
(Retirement approved by NERC BOT pending applicable regulatory
approval.)
R9.1.4. A dispute resolution mechanism. (Retirement approved by NERC BOT
R9.2. Technical requirements and analysis:
R9.2.1. Identification of parameters, limits, configurations, and operating scenarios
included in the NPIRs and, as applicable, procedures for providing any
specific data not provided within the agreement.
R9.2.2. Identification of facilities, components, and configuration restrictions that
are essential for meeting the NPIRs.
R9.2.3. Types of planning and operational analyses performed specifically to
support the NPIRs, including the frequency of studies and types of
Contingencies and scenarios required.
R9.3. Operations and maintenance coordination:
3
R9.3.1. Designation of ownership of electrical facilities at the interface between the
electric system and the nuclear plant and responsibilities for operational
control coordination and maintenance of these facilities.
R9.3.2. Identification of any maintenance requirements for equipment not owned or
controlled by the Nuclear Plant Generator Operator that are necessary to
meet the NPIRs.
R9.3.3. Coordination of testing, calibration and maintenance of on-site and off-site
power supply systems and related components.
R9.3.4. Provisions to address mitigating actions needed to avoid violating NPIRs
and to address periods when responsible Transmission Entity loses the
ability to assess the capability of the electric system to meet the NPIRs.
These provisions shall include responsibility to notify the Nuclear Plant
Generator Operator within a specified time frame.
R9.3.5. Provision for considering, within the restoration process, the requirements
and urgency of a nuclear plant that has lost all off-site and on-site AC
power. .
R9.3.6. Coordination of physical and cyber security protection of the Bulk Electric
System at the nuclear plant interface to ensure each asset is covered under at
least one entitys plan.
R9.3.7. Coordination of the NPIRs with transmission system Special Protection
Systems and underfrequency and undervoltage load shedding programs.
R9.4. Communications and training:
R9.4.1. Provisions for communications between the Nuclear Plant Generator
Operator and Transmission Entities, including communications protocols,
notification time requirements, and definitions of terms.
R9.4.2. Provisions for coordination during an off-normal or emergency event
affecting the NPIRs, including the need to provide timely information
explaining the event, an estimate of when the system will be returned to a
normal state, and the actual time the system is returned to normal.
R9.4.3. Provisions for coordinating investigations of causes of unplanned events
affecting the NPIRs and developing solutions to minimize future risk of
such events.
R9.4.4. Provisions for supplying information necessary to report to government
agencies, as related to NPIRs.
R9.4.5. Provisions for personnel training, as related to NPIRs.
C. Measures
M1. The Nuclear Plant Generator Operator shall, upon request of the Compliance Enforcement
Authority, provide a copy of the transmittal and receipt of transmittal of the proposed NPIRs to
the responsible Transmission Entities. (Requirement 1)
M2. The Nuclear Plant Generator Operator and each Transmission Entity shall each have a copy of
the Agreement(s) addressing the elements in Requirement 9 available for inspection upon
request of the Compliance Enforcement Authority. (Requirement 2 and 9)
4
M3. Each Transmission Entity responsible for planning analyses in accordance with the Agreement
shall, upon request of the Compliance Enforcement Authority, provide a copy of the planning
analyses results transmitted to the Nuclear Plant Generator Operator, showing incorporation of
the NPIRs. The Compliance Enforcement Authority shall refer to the Agreements developed
in accordance with this standard for specific requirements. (Requirement 3)
M4. Each Transmission Entity responsible for operating the electric system in accordance with the
Agreement shall demonstrate or provide evidence of the following, upon request of the
Compliance Enforcement Authority:
M4.1 The NPIRs have been incorporated into the current operating analysis of the electric
system. (Requirement 4.1)
M4.2 The electric system was operated to meet the NPIRs. (Requirement 4.2)
M4.3 The Transmission Entity informed the Nuclear Plant Generator Operator when it
became aware it lost the capability to assess the operation of the electric system
affecting the NPIRs. (Requirement 4.3)
Authority, demonstrate or provide evidence that the Nuclear Power Plant is being operated
consistent with the Agreements developed in accordance with this standard. (Requirement 5)
M6. The Transmission Entities and Nuclear Plant Generator Operator shall, upon request of the
Compliance Enforcement Authority, provide evidence of the coordination between the
Transmission Entities and the Nuclear Plant Generator Operator regarding outages and
maintenance activities which affect the NPIRs. (Requirement 6)
M7. The Nuclear Plant Generator Operator shall provide evidence that it informed the applicable
Transmission Entities of changes to nuclear plant design, configuration, operations, limits,
protection systems, or capabilities that would impact the ability of the Transmission Entities to
meet the NPIRs. (Requirement 7)
M8. The Transmission Entities shall each provide evidence that it informed the Nuclear Plant
Generator Operator of changes to electric system design, configuration, operations, limits,
protection systems, or capabilities that would impact the ability of the Nuclear Plant Generator
Operator to meet the NPIRs. (Requirement 8)
D. Compliance
Regional Entity.
Not applicable.
Compliance Audits
Self-Certifications
Spot Checking
Self-Reporting
5
Complaints
1.4. Data Retention
The Responsible Entity shall keep data or evidence to show compliance as identified below
unless directed by its Compliance Enforcement Authority to retain specific evidence for a
For Measure 1, the Nuclear Plant Generator Operator shall keep its latest
transmittals and receipts.
For Measure 2, the Nuclear Plant Generator Operator and each Transmission
Entity shall have its current, in-force agreement.
For Measure 3, the Transmission Entity shall have the latest planning analysis
results.
For Measures 4.3, 6 and 8, the Transmission Entity shall keep evidence for two
years plus current.
For Measures 5, 6 and 7, the Nuclear Plant Generator Operator shall keep
evidence for two years plus current.
If a Responsible Entity is found non-compliant it shall keep information related to the
noncompliance until found compliant.
None.
2.1. Lower: Agreement(s) exist per this standard and NPIRs were identified and
implemented, but documentation described in M1-M8 was not provided.
2.2. Moderate: Agreement(s) exist per R2 and NPIRs were identified and implemented,
but one or more elements of the Agreement in R9 were not met.
2.3. High: One or more requirements of R3 through R8 were not met.
2.4. Severe: No proposed NPIRs were submitted per R1, no Agreement exists per this
standard, or the Agreements were not implemented.
The design basis for Canadian (CANDU) NPPs does not result in the same licensing requirements as
U.S. NPPs. NRC design criteria specifies that in addition to emergency on-site electrical power,
electrical power from the electric network also be provided to permit safe shutdown. This requirement
is specified in such NRC Regulations as 10 CFR 50 Appendix A General Design Criterion 17 and
10 CFR 50.63 Loss of all alternating current power. There are no equivalent Canadian Regulatory
requirements for Station Blackout (SBO) or coping times as they do not form part of the licensing
basis for CANDU NPPs.
Therefore the definition of NPLR for Canadian CANDU units will be as follows:
Nuclear Plant Licensing Requirements (NPLR) are requirements included in the design basis
of the nuclear plant and are statutorily mandated for the operation of the plant; when used in this
6
standard, NPLR shall mean nuclear power plant licensing requirements for avoiding preventable
challenges to nuclear safety as a result of an electric system disturbance, transient, or condition.
Version History
1 May 2, 2007 Approved by Board of Trustees New
2 To be determined Modifications for Order 716 to Requirement R9.3.5
and footnote 1; modifications to bring compliance
elements into conformance with the latest version of
the ERO Rules of Procedure.
Revision
2 J anuary 22, 2010 Approved by FERC on J anuary 21, 2010
Added Effective Date
Update
2 February 7, 2013
R9.1, R9.1.1, R9.1.2, R9.1.3, and R9.1.4 and
associated elements approved by NERC Board of
Trustees for retirement as part of the Paragraph 81
project (Project 2013-02) pending applicable

Standard NUC-001-2.1 Nuclear Plant Interface Coordination
1
A. Introduction
1. Title: Nuclear Plant Interface Coordination
2. Number: NUC-001-2.1
3. Purpose: This standard requires coordination between Nuclear Plant Generator Operators
and Transmission Entities for the purpose of ensuring nuclear plant safe operation and
shutdown.
4. Applicability:
4.1. Nuclear Plant Generator Operator.
4.2. Transmission Entities shall mean all entities that are responsible for providing services
related to Nuclear Plant Interface Requirements (NPIRs). Such entities may include one
or more of the following:
4.2.1 Transmission Operators.
4.2.2 Transmission Owners.
4.2.3 Transmission Planners.
4.2.4 Transmission Service Providers.
4.2.5 Balancing Authorities.
4.2.6 Reliability Coordinators.
4.2.7 Planning Coordinators.
4.2.8 Distribution Providers.
4.2.9 Load-serving Entities.
4.2.10 Generator Owners.
4.2.11 Generator Operators.
B. Requirements
R1. The Nuclear Plant Generator Operator shall provide the proposed NPIRs in writing to the
applicable Transmission Entities and shall verify receipt [Risk Factor: Lower]
R2. The Nuclear Plant Generator Operator and the applicable Transmission Entities shall have in
effect one or more Agreements
1
Entities shall incorporate the NPIRs into their planning analyses of the electric system and shall
communicate the results of these analyses to the Nuclear Plant Generator Operator. [Risk
Factor: Medium]
that include mutually agreed to NPIRs and document how the
Nuclear Plant Generator Operator and the applicable Transmission Entities shall address and
implement these NPIRs. [Risk Factor: Medium]
Entities shall: [Risk Factor: High]

1. Agreements may include mutually agreed upon procedures or protocols in effect between entities or between
departments of a vertically integrated system.
2
R4.1. Incorporate the NPIRs into their operating analyses of the electric system.
R4.2. Operate the electric system to meet the NPIRs.
R4.3. Inform the Nuclear Plant Generator Operator when the ability to assess the operation
of the electric system affecting NPIRs is lost.
R5. The Nuclear Plant Generator Operator shall operate per the Agreements developed in
accordance with this standard. [Risk Factor: High]
Entities and the Nuclear Plant Generator Operator shall coordinate outages and maintenance
activities which affect the NPIRs. [Risk Factor: Medium]
R7. Per the Agreements developed in accordance with this standard, the Nuclear Plant Generator
Operator shall inform the applicable Transmission Entities of actual or proposed changes to
nuclear plant design, configuration, operations, limits, Protection Systems, or capabilities that
Entities shall inform the Nuclear Plant Generator Operator of actual or proposed changes to
electric system design, configuration, operations, limits, Protection Systems, or capabilities that
R9. The Nuclear Plant Generator Operator and the applicable Transmission Entities shall include,
as a minimum, the following elements within the agreement(s) identified in R2: [Risk Factor:
Medium]
R9.1. Administrative elements:
R9.1.1. Definitions of key terms used in the agreement.
R9.1.2. Names of the responsible entities, organizational relationships, and
responsibilities related to the NPIRs.
R9.1.3. A requirement to review the agreement(s) at least every three years.
R9.1.4. A dispute resolution mechanism.
R9.2. Technical requirements and analysis:
R9.2.1. Identification of parameters, limits, configurations, and operating scenarios
included in the NPIRs and, as applicable, procedures for providing any
specific data not provided within the agreement.
R9.2.2. Identification of facilities, components, and configuration restrictions that
are essential for meeting the NPIRs.
R9.2.3. Types of planning and operational analyses performed specifically to
support the NPIRs, including the frequency of studies and types of
Contingencies and scenarios required.
R9.3. Operations and maintenance coordination:
R9.3.1. Designation of ownership of electrical facilities at the interface between the
electric system and the nuclear plant and responsibilities for operational
control coordination and maintenance of these facilities.
R9.3.2. Identification of any maintenance requirements for equipment not owned or
controlled by the Nuclear Plant Generator Operator that are necessary to
meet the NPIRs.
3
R9.3.3. Coordination of testing, calibration and maintenance of on-site and off-site
power supply systems and related components.
R9.3.4. Provisions to address mitigating actions needed to avoid violating NPIRs
and to address periods when responsible Transmission Entity loses the
ability to assess the capability of the electric system to meet the NPIRs.
These provisions shall include responsibility to notify the Nuclear Plant
Generator Operator within a specified time frame.
R9.3.5. Provision for considering, within the restoration process, the requirements
and urgency of a nuclear plant that has lost all off-site and on-site AC
power. .
R9.3.6. Coordination of physical and cyber security protection of the Bulk Electric
System at the nuclear plant interface to ensure each asset is covered under at
least one entitys plan.
R9.3.7. Coordination of the NPIRs with transmission system Special Protection
Systems and underfrequency and undervoltage load shedding programs.
R9.4. Communications and training:
R9.4.1. Provisions for communications between the Nuclear Plant Generator
Operator and Transmission Entities, including communications protocols,
notification time requirements, and definitions of terms.
R9.4.2. Provisions for coordination during an off-normal or emergency event
affecting the NPIRs, including the need to provide timely information
explaining the event, an estimate of when the system will be returned to a
normal state, and the actual time the system is returned to normal.
R9.4.3. Provisions for coordinating investigations of causes of unplanned events
affecting the NPIRs and developing solutions to minimize future risk of
such events.
R9.4.4. Provisions for supplying information necessary to report to government
agencies, as related to NPIRs.
R9.4.5. Provisions for personnel training, as related to NPIRs.
C. Measures
Authority, provide a copy of the transmittal and receipt of transmittal of the proposed NPIRs to
the responsible Transmission Entities. (Requirement 1)
M2. The Nuclear Plant Generator Operator and each Transmission Entity shall each have a copy of
the Agreement(s) addressing the elements in Requirement 9 available for inspection upon
request of the Compliance Enforcement Authority. (Requirement 2 and 9)
M3. Each Transmission Entity responsible for planning analyses in accordance with the Agreement
shall, upon request of the Compliance Enforcement Authority, provide a copy of the planning
analyses results transmitted to the Nuclear Plant Generator Operator, showing incorporation of
the NPIRs. The Compliance Enforcement Authority shall refer to the Agreements developed
in accordance with this standard for specific requirements. (Requirement 3)
M4. Each Transmission Entity responsible for operating the electric system in accordance with the
Agreement shall demonstrate or provide evidence of the following, upon request of the
Compliance Enforcement Authority:
4
M4.1 The NPIRs have been incorporated into the current operating analysis of the electric
system. (Requirement 4.1)
M4.2 The electric system was operated to meet the NPIRs. (Requirement 4.2)
M4.3 The Transmission Entity informed the Nuclear Plant Generator Operator when it
became aware it lost the capability to assess the operation of the electric system
affecting the NPIRs. (Requirement 4.3)
Authority, demonstrate or provide evidence that the Nuclear Power Plant is being operated
consistent with the Agreements developed in accordance with this standard. (Requirement 5)
M6. The Transmission Entities and Nuclear Plant Generator Operator shall, upon request of the
Compliance Enforcement Authority, provide evidence of the coordination between the
Transmission Entities and the Nuclear Plant Generator Operator regarding outages and
maintenance activities which affect the NPIRs. (Requirement 6)
M7. The Nuclear Plant Generator Operator shall provide evidence that it informed the applicable
Transmission Entities of changes to nuclear plant design, configuration, operations, limits,
Protection Systems, or capabilities that would impact the ability of the Transmission Entities to
meet the NPIRs. (Requirement 7)
M8. The Transmission Entities shall each provide evidence that it informed the Nuclear Plant
Generator Operator of changes to electric system design, configuration, operations, limits,
Protection Systems, or capabilities that would impact the ability of the Nuclear Plant Generator
Operator to meet the NPIRs. (Requirement 8)
D. Compliance
Regional Entity.
Not applicable.
Compliance Audits
Self-Certifications
Spot Checking
Self-Reporting
Complaints
1.4. Data Retention
The Responsible Entity shall keep data or evidence to show compliance as identified below
For Measure 1, the Nuclear Plant Generator Operator shall keep its latest
transmittals and receipts.
5
For Measure 2, the Nuclear Plant Generator Operator and each Transmission
Entity shall have its current, in-force agreement.
For Measure 3, the Transmission Entity shall have the latest planning analysis
results.
For Measures 4.3, 6 and 8, the Transmission Entity shall keep evidence for two
years plus current.
For Measures 5, 6 and 7, the Nuclear Plant Generator Operator shall keep
evidence for two years plus current.
If a Responsible Entity is found non-compliant it shall keep information related to the
noncompliance until found compliant.
None.
2.1. Lower: Agreement(s) exist per this standard and NPIRs were identified and
implemented, but documentation described in M1-M8 was not provided.
2.2. Moderate: Agreement(s) exist per R2 and NPIRs were identified and implemented,
but one or more elements of the Agreement in R9 were not met.
2.3. High: One or more requirements of R3 through R8 were not met.
2.4. Severe: No proposed NPIRs were submitted per R1, no Agreement exists per this
standard, or the Agreements were not implemented.
The design basis for Canadian (CANDU) NPPs does not result in the same licensing requirements as
U.S. NPPs. NRC design criteria specifies that in addition to emergency on-site electrical power,
electrical power from the electric network also be provided to permit safe shutdown. This requirement
is specified in such NRC Regulations as 10 CFR 50 Appendix A General Design Criterion 17 and
10 CFR 50.63 Loss of all alternating current power. There are no equivalent Canadian Regulatory
requirements for Station Blackout (SBO) or coping times as they do not form part of the licensing
basis for CANDU NPPs.
Therefore the definition of NPLR for Canadian CANDU units will be as follows:
Nuclear Plant Licensing Requirements (NPLR) are requirements included in the design basis
of the nuclear plant and are statutorily mandated for the operation of the plant; when used in this
standard, NPLR shall mean nuclear power plant licensing requirements for avoiding preventable
challenges to nuclear safety as a result of an electric system disturbance, transient, or condition.

6
Version History
1 May 2, 2007 Approved by Board of Trustees New
2 To be determined Modifications for Order 716 to Requirement R9.3.5
and footnote 1; modifications to bring compliance
elements into conformance with the latest version of
the ERO Rules of Procedure.
Revision
2 J anuary 22, 2010 Approved by FERC on J anuary 21, 2010
Added Effective Date
Update
2.1 April 11, 2012 Errata approved by the Standards Committee;
(Capitalized Protection System in accordance with
Implementation Plan for Project 2007-17 approval of
revised definition of Protection System)
Errata associated with
Project 2007-17

Standard PER-001-0.2 Operating Pers onnel Res pons ibility and Authority
1 of 3
A. Introduction
1. Title: Operating Personnel Responsibility and Authority
2. Number: PER-001-0.2
3. Purpose: Transmission Operator and Balancing Authority operating personnel must have
the responsibility and authority to implement real-time actions to ensure the stable and reliable
4. Applicability
5. Effective Date: December 10, 2009
B. Requirements
R1. Each Transmission Operator and Balancing Authority shall provide operating personnel with
the responsibility and authority to implement real-time actions to ensure the stable and reliable
C. Measures
M1. The Transmission Operator and Balancing Authority provide documentation that operating
personnel have the responsibility and authority to implement real-time actions to ensure the
stable and reliable operation of the Bulk Electric System. These responsibilities and authorities
are understood by the operating personnel. Documentation shall include:
M1.1 A written current job description that states in clear and unambiguous language the
responsibilities and authorities of each operating position of a Transmission Operator
and Balancing Authority. The job description identifies personnel subject to the
authority of the Transmission Operator and Balancing Authority.
M1.2 The current job description is readily accessible in the control room environment to all
operating personnel.
M1.3 A written current job description that states operating personnel are responsible for
complying with the NERC reliability standards.
M1.4 Written operating procedures that state that, during normal and emergency conditions,
operating personnel have the authority to take or direct timely and appropriate real-
time actions. Such actions shall include shedding of firm load to prevent or alleviate
System Operating Limit or Interconnection Reliability Operating Limit violations.
These actions are performed without obtaining approval from higher-level personnel
within the Transmission Operator or Balancing Authority.
D. Compliance
Periodic Review: An on-site review including interviews with Transmission Operator and
Balancing Authority operating personnel and document verification will be conducted every
three years. The job description identifying operating personnel authorities and responsibilities
will be reviewed, as will the written operating procedures or other documents delineating the
authority of the operating personnel to take actions necessary to maintain the reliability of the
Bulk Electric System during normal and emergency conditions.
2 of 3
Self-certification: The Transmission Operator and Balancing Authority shall annually
complete a self-certification form developed by the Regional Reliability Organization
based on measures M1.1 to M1.4.
One calendar year.
1.3. Data Retention
Permanent.
2.1. Level 1: The Transmission Operator or Balancing Authority has written
documentation that includes three of the four items in M1.
documentation that includes two of the four items in M1.
documentation that includes one of the four items in M1.
documentation that includes none of the items in M1, or the personnel interviews indicate
Transmission Operator or Balancing Authority do not have the required authority.
None identified.
Version History
Date
Errata
0.1 April 15, 2009 Replaced position with job on
M1.1
Errata
0.1 April 15, 2009 Errata adopted by Standards Committee

Errata
0.1 December 10, 2009 Approved by FERC added effective
date
Update
3 of 3
0.2 March 8, 2012
Errata adopted by Standards
Committee; (moved the word,
Interconnection in Measure M1.4.
so that it appears as the first word in
the term Interconnection
Reliability Operating Limit rather
than the last word in the phrase,
System Operating Limit
Interconnection)
Errata
0.2 September 13,
2012
FERC approved
Errata

Standard PER-003-1 Operating Personnel Credentials Standard
A. Introduction
1. Title: Operating Personnel Credentials
2. Number: PER-003-1
3. Purpose: To ensure that System Operators performing the reliability-related tasks of
the Reliability Coordinator, Balancing Authority and Transmission Operator are
certified through the NERC System Operator Certification Program when filling a
Real-time operating position responsible for control of the Bulk Electric System.
4. Applicability:
5. Effective Date:
5.1. In those jurisdictions where regulatory approval is required, this standard shall
become effective the first calendar day of the first calendar quarter twelve months
after applicable regulatory approval. In those jurisdictions where no regulatory
approval is required, this standard shall become effective the first calendar day of
the first calendar quarter twelve months after Board of Trustees adoption.
B. Requirements
R1. Each Reliability Coordinator shall staff its Real-time operating positions performing
Reliability Coordinator reliability-related tasks with System Operators who have
demonstrated minimum competency in the areas listed by obtaining and maintaining a
valid NERC Reliability Operator certificate
(1
1.1. Areas of Competency
)
: [Risk Factor: High][Time Horizon:
Real-time Operations]
1.1.1. Resource and demand balancing
1.1.2. Transmission operations
1.1.3. Emergency preparedness and operations
1.1.4. System operations
1.1.5. Protection and control
1.1.6. Voltage and reactive
1.1.7. Interchange scheduling and coordination
1.1.8. Interconnection reliability operations and coordination

1
Non-NERC certified personnel performing any reliability-related task of a real-time operating position must be
under the direct supervision of a NERC Certified System Operator stationed at that operating position; the NERC
Certified System Operator at that operating position has ultimate responsibility for the performance of the reliability-
related tasks.
R2. Each Transmission Operator shall staff its Real-time operating positions performing
Transmission Operator reliability-related tasks with System Operators who have
demonstrated minimum competency in the areas listed by obtaining and maintaining
one of the following valid NERC certificates
(1
)
Real-time Operations]:
2.1.1. Transmission operations
2.1.4. Protection and control
2.1.5. Voltage and reactive
2.2. Certificates
Reliability Operator
Balancing, Interchange and Transmission Operator
Transmission Operator
R3. Each Balancing Authority shall staff its Real-time operating positions performing
Balancing Authority reliability-related tasks with System Operators who have
demonstrated minimum competency in the areas listed by obtaining and maintaining
one of the following valid NERC certificates
(1)
Real-time Operations]:
3.1.1. Resources and demand balancing
3.1.4. Interchange scheduling and coordination
3.2. Certificates
Reliability Operator
Balancing, Interchange and Transmission Operator
Balancing and Interchange Operator
C. Measures
M1. Each Reliability Coordinator, Transmission Operator and Balancing Authority shall
have the following evidence to show that it staffed its Real-time operating positions

1
Non-NERC certified personnel performing any reliability-related task of an operating position must be under the
direct supervision of a NERC Certified System Operator stationed at that operating position; the NERC Certified
System Operator at that operating position has ultimate responsibility for the performance of the reliability-related
tasks.
performing reliability-related tasks with System Operators who have demonstrated the
applicable minimum competency by obtaining and maintaining the appropriate, valid
NERC certificate (R1, R2, R3):
M1.1 A list of Real-time operating positions.
M1.2 A list of System Operators assigned to its Real-time operating positions.
M1.3 A copy of each of its System Operators NERC certificate or NERC certificate
number with expiration date which demonstrates compliance with the
applicable Areas of Competency.
M1.4 Work schedules, work logs, or other equivalent evidence showing which
System Operators were assigned to work in Real-time operating positions.
D. Compliance
1.1. Compliance Monitoring Authority
Compliance Audits
Self-Certifications
Spot Checking
Self-Reporting
Complaints
1.3. Data Retention
Each Reliability Coordinator, Transmission Operator and Balancing Authority
shall keep data or evidence to show compliance for three years or since its last
compliance audit, whichever time frame is the greatest, unless directed by its
of time as part of an investigation.
If a Reliability Coordinator, Transmission Operator or Balancing Authority is
found non-compliant, it shall keep information related to the non-compliance until
found compliant or the time period specified above, whichever is longer.
requested and submitted subsequent records.
None.
2.0 Violation Severity Levels
R# Lower VSL Medium VSL High VSL Severe VSL
R1 The Reliability Coordinator failed
to staff each Real-time operating
position performing Reliability
Coordinator reliability-related tasks
with a System Operator having a
valid NERC certificate as defined in
Requirement R1.
R2 The Transmission Operator failed to
staff each Real-time operating
position performing Transmission
Operator reliability-related tasks
R3 The Balancing Authority failed to
staff each Real-time operating
position performing Balancing
Authority reliability-related tasks

None.
Version History
1 February 17,
2011
Complete revision under
Project 2007-04
Revision
1 February 17,
2011
1 September 15,
2011
FERC Order issued by FERC
approving PER-003-1
(effective date of the Order is
September 15, 2011)

Standard PER-004-2 Reliability Coordination Staffing
A. Introduction
1. Title: Reliability Coordination Staffing
3. Purpose:
Reliability Coordinators must have sufficient, competent staff to perform the
Reliability Coordinator functions.
4. Applicability
5. Effective Date:
Retire Requirement 2 when PER-005-1 Requirement 3 becomes effective.
RetireRequirements 3 and 4 when PER-005-1 Requirements 1 and 2 become
effective.
B. Requirements
R1. Each Reliability Coordinator shall be staffed with adequately trained and NERC-
certified Reliability Coordinator operators, 24 hours per day, seven days per week.
R2. Reliability Coordinator operating personnel shall place particular attention on SOLs
and IROLs and inter-tie facility limits. The Reliability Coordinator shall ensure
protocols are in place to allow Reliability Coordinator operating personnel to have the
best available information at all times.
C. Measures
None
D. Compliance
monitoring.
schedule.)
prepare.)
Standard PER-004-2 Reliability Coordination Staffing
compliance.
1.3. Data Retention
Each Reliability Coordinator shall keep evidence of compliance for the previous
two calendar years plus the current year.
None.
2. Levels of Non-Compliance for a Reliability Coordinator (Replaced with VSLs)
2.1.
None identified.
Version History
Date
Errata
1 November 1,
2006
2
Retire R2 and M1 when PER-005-1
Requirement 3 becomes effective.
Retire R3, R4 and M2 when PER-005 R1
and R2 become effective.
Revised

Standard PER-005-1 System Personnel Training
A. Introduction
1. Title: System Personnel Training
3. Purpose: To ensure that System Operators performing real-time, reliability-related
tasks on the North American Bulk Electric System (BES) are competent to perform those
reliability-related tasks. The competency of System Operators is critical to the reliability
of the North American Bulk Electric System.
4. Applicability:
5. Proposed Effective Date for Regulatory Approvals:
5.1. In those jurisdictions where regulatory approval is required, Requirement R1 and
Requirement R2 shall become effective on the first day of the first calendar quarter,
24 months after applicable regulatory approval. In those jurisdictions where no
regulatory approval is required, Requirement R1 and Requirement R2 shall become
effective on the first day of the first calendar quarter, 24 months after Board of
Trustees adoption.
5.2. In those jurisdictions where regulatory approval is required, Requirement R3 shall
become effective on the first day of the first calendar quarter after applicable
regulatory approval. In those jurisdictions where no regulatory approval is required,
Requirement R3 shall become effective on the first day of the first calendar quarter
5.3. In those jurisdictions where regulatory approval is required Sub-requirement R3.1
shall become effective on the first day of the first calendar quarter, 36 months after
required, the Sub-requirement R3.1 shall become effective on the first day of the first
calendar quarter, 36 months after Board of Trustees adoption.
B. Requirements
R1. Each Reliability Coordinator, Balancing Authority and Transmission Operator shall use a
systematic approach to training to establish a training program for the BES company-specific
reliability-related tasks performed by its System Operators and shall implement the program.
R1.1. Each Reliability Coordinator, Balancing Authority and Transmission Operator shall
create a list of BES company-specific reliability-related tasks performed by its System
Operators.
R1.1.1. Each Reliability Coordinator, Balancing Authority and Transmission
Operator shall update its list of BES company-specific reliability-related
tasks performed by its System Operators each calendar year to identify new
or modified tasks for inclusion in training.
design and develop learning objectives and training materials based on the task list
created in R1.1.
deliver the training established in R1.2.
conduct an annual evaluation of the training program established in R1, to identify
any needed changes to the training program and shall implement the changes
identified.
R2. Each Reliability Coordinator, Balancing Authority and Transmission Operator shall verify each
of its System Operators capabilities to perform each assigned task identified in R1.1 at least
one time. [Violation Risk Factor: High] [Time Horizon: Long-term Planning]
R2.1. Within six months of a modification of the BES company-specific reliability-related
tasks, each Reliability Coordinator, Balancing Authority and Transmission Operator
shall verify each of its System Operators capabilities to perform the new or modified
tasks.
R3. At least every 12 months each Reliability Coordinator, Balancing Authority and Transmission
Operator shall provide each of its System Operators with at least 32 hours of emergency
operations training applicable to its organization that reflects emergency operations topics,
which includes system restoration using drills, exercises or other training required to maintain
qualified personnel. [Violation Risk Factor: Medium] [Time Horizon: Long-term Planning]
R3.1. Each Reliability Coordinator, Balancing Authority and Transmission Operator that
has operational authority or control over Facilities with established IROLs or has
established operating guides or protection systems to mitigate IROL violations shall
provide each System Operator with emergency operations training using simulation
technology such as a simulator, virtual technology, or other technology that replicates
the operational behavior of the BES during normal and emergency conditions.
C. Measures
M1. Each Reliability Coordinator, Balancing Authority and Transmission Operator shall have
available for inspection evidence of using a systematic approach to training to establish and
implement a training program, as specified in R1.
M1.1 Each Reliability Coordinator, Balancing Authority, and Transmission Operator shall
have available for inspection its company-specific reliability-related task list, with the
date of the last review and/or revision, as specified in R1.1.
have available for inspection its learning objectives and training materials, as
specified in R1.2.
have available for inspection System Operator training records showing the names of
the people trained, the title of the training delivered and the dates of delivery to show
that it delivered the training, as specified in R1.3.
have available for inspection evidence (such as instructor observations, trainee
feedback, supervisor feedback, course evaluations, learning assessments, or internal
audit results) that it performed an annual training program evaluation, as specified in
R1.4
available for inspection evidence to show that it verified that each of its System Operators is
capable of performing each assigned task identified in R1.1, as specified in R2. This evidence
can be documents such as training records showing successful completion of tasks with the
employee name and date; supervisor check sheets showing the employee name, date, and task
completed; or the results of learning assessments.
available for inspection training records that provide evidence that each System Operator has
obtained 32 hours of emergency operations training, as specified in R3.
M3.1 Each Reliability Coordinator, Balancing Authority and Transmission Operator shall
have available for inspection training records that provide evidence that each System
Operator received emergency operations training using simulation technology, as
specified in R3.1.
D. Compliance
For Reliability Coordinators and other functional entities that work for their Regional
Entity, the ERO shall serve as the Compliance Enforcement Authority.
For entities that do not work for the Regional Entity, the Regional Entity shall serve as
the Compliance Enforcement Authority.
Not Applicable.
Compliance Audits
Self-Certifications
Spot Checking
Self-Reporting
Complaints
1.4. Data Retention
Each Reliability Coordinator, Balancing Authority and Transmission Operator shall keep
data or evidence to show compliance for three years or since its last compliance audit,
whichever time frame is the greatest, unless directed by its Compliance Enforcement
investigation.
If a Reliability Coordinator, Balancing Authority and Transmission Operator is found
non-compliant, it shall keep information related to the non-compliance until found
compliant.
None.
R1 None The responsible entity failed to provide
evidence that it updated its company-
specific reliability-related task list to
identify new or modified tasks each
calendar year (R1.1.1)
OR
The responsible entity failed to provide
evidence of evaluating its training
program to identify needed changes to its
training program(s). (R1.4)
The responsible entity failed to design
and develop learning objectives and
training materials based on the BES
company specific reliability related tasks.
(R1.2)
The responsible entity failed to prepare a
company-specific reliability-related task
list (R1.1)
OR
The responsible entity failed to deliver
training based on the BES company
specific reliability related tasks. (R1.3)
R2 None The responsible entity verified at least
90% but less than 100% of its System
Operators capabilities to perform each
assigned task from its list of BES
company-specific reliability-related tasks.
(R2)
The responsible entity verified at least
70% but less than 90% of its System
Operators capabilities to perform each
assigned task from its list of BES
company-specific reliability-related tasks
(R2)
OR
The responsible entity failed to verify its
system operators capabilities to perform
each new or modified task within six
months of making a modification to its
BES company-specific reliability-related
task list. (R2.1)
The responsible entity verified less than
70% of its System Operators capabilities
to perform each assigned task from its list
of BES company-specific reliability-
related tasks. (R2)
R3 None

The responsible entity provided at least
32 hours of emergency operations
training to at least 90% but less than
100% of their System Operators. (R3)
The responsible entity provided at least
32 hours of emergency operations
training to at least 70% but less than 90%
of its System Operators. (R3)
The responsible entity provided 32 hours
of emergency operations training to less
than 70% of its System Operators (R3)
OR
The responsible entity did not include
simulation technology replicating the
operational behavior of the BES in its
emergency operations training. (R3.1)
None.
Version History

Standard PRC-001-1 System Protection Coordination
A. Introduction
1. Title: System Protection Coordination
2. Number: PRC-001-1
3. Purpose:
To ensure system protection is coordinated among operating entities.
4. Applicability
B. Requirements
R1. Each Transmission Operator, Balancing Authority, and Generator Operator shall be
familiar with the purpose and limitations of protection system schemes applied in its
area.
R2. Each Generator Operator and Transmission Operator shall notify reliability entities of
relay or equipment failures as follows:
R2.1. If a protective relay or equipment failure reduces system reliability, the
Generator Operator shall notify its Transmission Operator and Host Balancing
Authority. The Generator Operator shall take corrective action as soon as
possible.
Transmission Operator shall notify its Reliability Coordinator and affected
Transmission Operators and Balancing Authorities. The Transmission
Operator shall take corrective action as soon as possible.
R3. A Generator Operator or Transmission Operator shall coordinate new protective
systems and changes as follows.
R3.1. Each Generator Operator shall coordinate all new protective systems and all
protective system changes with its Transmission Operator and Host Balancing
Authority.
R3.2. Each Transmission Operator shall coordinate all new protective systems and
all protective system changes with neighboring Transmission Operators and
R4. Each Transmission Operator shall coordinate protection systems on major transmission
lines and interconnections with neighboring Generator Operators, Transmission
Operators, and Balancing Authorities.
R5. A Generator Operator or Transmission Operator shall coordinate changes in
generation, transmission, load or operating conditions that could require changes in the
protection systems of others:
R5.1. Each Generator Operator shall notify its Transmission Operator in advance of
changes in generation or operating conditions that could require changes in the
Transmission Operators protection systems.
R5.2. Each Transmission Operator shall notify neighboring Transmission Operators
in advance of changes in generation, transmission, load, or operating
conditions that could require changes in the other Transmission Operators
protection systems.
R6. Each Transmission Operator and Balancing Authority shall monitor the status of each
Special Protection System in their area, and shall notify affected Transmission
Operators and Balancing Authorities of each change in status.
C. Measures
M1. Each Generator Operator and Transmission Operator shall have and provide upon
request evidence that could include but is not limited to, revised fault analysis study,
letters of agreement on settings, notifications of changes, or other equivalent evidence
that will be used to confirm that there was coordination of new protective systems or
changes as noted in Requirements 3, 3.1, and 3.2.
request evidence that could include but is not limited to, documentation, electronic
logs, computer printouts, or computer demonstration or other equivalent evidence that
will be used to confirm that it monitors the Special Protection Systems in its area.
request evidence that could include but is not limited to, operator logs, phone records,
electronic-notifications or other equivalent evidence that will be used to confirm that it
notified affected Transmission Operator and Balancing Authorities of changes in status
of one of its Special Protection Systems. (Requirement 6 Part 2)
D. Compliance
monitoring.
schedule.)
prepare.)
compliance.
1.3. Data Retention
Each Generator Operator and Transmission Operator shall have current, in-force
documents available as evidence of compliance for Measure 1.
Each Transmission Operator and Balancing Authority shall keep 90 days of
historical data (evidence) for Measures 2 and 3.
None.
2. Levels of Non-Compliance for Generator Operators:
2.4. Level 4: Failed to provide evidence of coordination when installing new
protective systems and all protective system changes with its Transmission
Operator and Host Balancing Authority as specified in R3.1.
3. Levels of Non-Compliance for Transmission Operators:
3.4.1 Failed to provide evidence of coordination when installing new protective
systems and all protective system changes with neighboring Transmission
Operators and Balancing Authorities as specified in R3.2.
3.4.2 Did not monitor the status of each Special Protection System, or did not
notify affected Transmission Operators, Balancing Authorities of changes
in special protection status as specified in R6.
4. Levels of Non-Compliance for Balancing Authorities:
4.4. Level 4: Did not monitor the status of each Special Protection System, or did not
notify affected Transmission Operators, Balancing Authorities of changes in
special protection status as specified in R6.
None identified.
Version History
Date
Errata
0 August 25,
2005
Fixed Standard number in Introduction
from PRC-001-1 to PRC-001-0
Errata
1 November 1,
2006

Standard PRC-001-1.1 System Protection Coordination
Page 1 of 4
A. Introduction
2. Number: PRC-001-1.1
3. Purpose:
4. Applicability
B. Requirements
familiar with the purpose and limitations of Protection System schemes applied in its
area.
R2. Each Generator Operator and Transmission Operator shall notify reliability entities of
relay or equipment failures as follows:
Generator Operator shall notify its Transmission Operator and Host Balancing
Authority. The Generator Operator shall take corrective action as soon as
possible.
Transmission Operator shall notify its Reliability Coordinator and affected
Transmission Operators and Balancing Authorities. The Transmission
Operator shall take corrective action as soon as possible.
Authority.
R4. Each Transmission Operator shall coordinate Protection Systems on major
transmission lines and interconnections with neighboring Generator Operators,
Transmission Operators, and Balancing Authorities.
R5. A Generator Operator or Transmission Operator shall coordinate changes in
generation, transmission, load or operating conditions that could require changes in the
Protection Systems of others:
Page 2 of 4
R5.1. Each Generator Operator shall notify its Transmission Operator in advance of
changes in generation or operating conditions that could require changes in the
Transmission Operators Protection Systems.
R5.2. Each Transmission Operator shall notify neighboring Transmission Operators
in advance of changes in generation, transmission, load, or operating
conditions that could require changes in the other Transmission Operators
Protection Systems.
R6. Each Transmission Operator and Balancing Authority shall monitor the status of each
Special Protection System in their area, and shall notify affected Transmission
Operators and Balancing Authorities of each change in status.
C. Measures
request evidence that could include but is not limited to, revised fault analysis study,
request evidence that could include but is not limited to, documentation, electronic
logs, computer printouts, or computer demonstration or other equivalent evidence that
will be used to confirm that it monitors the Special Protection Systems in its area.
request evidence that could include but is not limited to, operator logs, phone records,
electronic-notifications or other equivalent evidence that will be used to confirm that it
notified affected Transmission Operator and Balancing Authorities of changes in status
of one of its Special Protection Systems. (Requirement 6 Part 2)
D. Compliance
monitoring.
schedule.)
prepare.)
Page 3 of 4
compliance.
1.3. Data Retention
Each Transmission Operator and Balancing Authority shall keep 90 days of
historical data (evidence) for Measures 2 and 3.
None.
2.4. Level 4: Failed to provide evidence of coordination when installing new
protective systems and all protective system changes with its Transmission
Operator and Host Balancing Authority as specified in R3.1.
3. Levels of Non-Compliance for Transmission Operators:
3.4.1 Failed to provide evidence of coordination when installing new protective
systems and all protective system changes with neighboring Transmission
Operators and Balancing Authorities as specified in R3.2.
Page 4 of 4
3.4.2 Did not monitor the status of each Special Protection System, or did not
notify affected Transmission Operators, Balancing Authorities of changes
in special protection status as specified in R6.
4.4. Level 4: Did not monitor the status of each Special Protection System, or did not
notify affected Transmission Operators, Balancing Authorities of changes in
special protection status as specified in R6.
None identified.
Version History
Date
Errata
0 August 25,
2005
Fixed Standard number in Introduction
Errata
1 November 1,
2006
1.1 April 11, 2012 Errata adopted by the Standards Committee;
(Capitalized Protection System in
accordance with Implementation Plan for
Project 2007-17 approval of revised
definition of Protection System)
Errata associated with
Project 2007-17

Page 1 of 5
A. Introduction
3. Purpose:
4. Applicability
5. Effective Date: All requirements become effective the first day of the first calendar quarter
twelve months following applicable regulatory approval. In those jurisdictions where no
regulatory approval is required, the requirements become effective the first day of the first
calendar quarter twelve months following Board of Trustees adoption.
B. Requirements
familiar with the purpose and limitations of Protection System schemes applied in its
area. [Violation Risk factor: High][Time Horizon: Operations Planning, Same-day
Operations, Real-time Operations]
Authority. [Violation Risk Factor: High][Time Horizon: Operations Planning,
Same-day Operations, Real-time Operations]
Balancing Authorities. [Violation Risk Factor: High] ][Time Horizon:
Operations Planning, Same-day Operations, Real-time Operations]
R3. Each Transmission Operator shall coordinate Protection Systems on major
transmission lines and interconnections with neighboring Generator Operators,
Transmission Operators, and Balancing Authorities. [Violation Risk Factor: High]
][Time Horizon: Operations Planning, Same-day Operations, Real-time Operations]
C. Measures
request evidence that could include, but is not limited to, revised fault analysis study,

Page 2 of 5

D. Compliance
The Regional Entity shall be responsible for compliance monitoring.

1.2. Data Retention
If an entity is found non-compliant, the entity shall keep information related to the
prepare.)
- Triggered Investigations (Notification of an investigation must be made within
60 days of an event or complaint of noncompliance. The entity will have up to 30
days to prepare for the investigation. An entity may request an extension of the
preparation period and the extension will be considered by the Compliance
None.

Page 3 of 5

Reqmt.
#
VRF Time
Horizon
R1 High Operations
Planning,
Same-day
Operations,
Real-time
Operations
N/A N/A The responsible
entity failed to
be familiar with
the limitations
of Protection
System schemes
applied in its
area.
The responsible
entity failed to
be familiar with
the purpose of
Protection
System schemes
applied in its
area.
R2 N/A N/A N/A N/A N/A N/A
R2.1 High Operations
Planning,
Same-day
Operations,
Real-time
Operations
The Generator
Operator failed
to coordinate
one new
protective
system or
protective
System change
with either its
Transmission
Operator or its
Host Balancing
Authority or
both.
The Generator
Operator failed
to coordinate
two new
protective
systems or
protective
System changes
with either its
Transmission
Operator or its
Host Balancing
Authority, or
both.
The Generator
Operator failed
to coordinate
three new
protective
systems or
protective
System changes
with either its
Transmission
Operator or its
Host Balancing
Authority, or
both.
The Generator
Operator failed
to coordinate
more than three
new protective
systems or
protective
System changes
with its
Transmission
Operator or its
Host Balancing
Authority, or
both.
R2.2 High Operations
Planning,
Same-day
Operations,
Real-time
Operations
The
Transmission
Operator failed
to coordinate
one new
protective
system or
protective
System change
with
neighboring
Transmission
Operators or
Balancing
Authorities, or
both.
The
Transmission
Operator failed
to coordinate
two new
protective
systems or
protective
System changes
with
neighboring
Transmission
Operators or
Balancing
Authorities, or
both.
The
Transmission
Operator failed
to coordinate
three new
protective
systems or
protective
System changes
with
neighboring
Transmission
Operators or
Balancing
Authorities, or
both.
The
Transmission
Operator failed
to coordinate
more than three
new protective
systems or
protective
System changes
with
neighboring
Transmission
Operators or
Balancing
Authorities, or
both.
R3 High Operations
Planning,
The
Transmission
The
Transmission
The
Transmission
The
Transmission
Page 4 of 5
Same-day
Operations,
Real-time
Operations
Operator failed
to coordinate
Protection
Systems on
major
transmission
lines and
interconnections
with one of its
neighboring
Generator
Operators,
Transmission
Operators, or
Balancing
Authorities.
Operator failed
to coordinate
Protection
Systems on
major
transmission
lines and
interconnections
with two of its
neighboring
Generator
Operators,
Transmission
Operators, or
Balancing
Authorities.
Operator failed
to coordinate
Protection
Systems on
major
transmission
lines and
interconnections
with three of its
neighboring
Generator
Operators,
Transmission
Operators, or
Balancing
Authorities.
Operator failed
to coordinate
Protection
Systems on
major
transmission
lines and
interconnections
with three or
more of its
neighboring
Generator
Operators,
Transmission
Operators, and
Balancing
Authorities.

Page 5 of 5
None identified.
Version History
Tracking
0 August 25, 2005 Fixed Standard number in Introduction
Errata
2 TBD Delete data requirements as they are now
handled in TOP-003-2.
Deleted
Requirements 2, 5,
and 6.
2 September 20, 2012 Capitalized Protection System to conform
with errata changes made in PRC-001-1.1

Standard PRC-002-1 Define Regional Disturbance Monitoring and Reporting
Requirements
A. Introduction
1. Title: Define Regional Disturbance Monitoring and Reporting Requirements
3. Purpose: Ensure that Regional Reliability Organizations establish requirements for
installation of Disturbance Monitoring Equipment (DME) and reporting of Disturbance data to
facilitate analyses of events and verify system models.
4. Applicability
5. Effective Date: Nine months after BOT adoption.
B. Requirements
R1. The Regional Reliability Organization shall establish the following installation requirements
for sequence of event recording:
R1.1. Location, monitoring and recording requirements, including the following:
R1.1.1. Criteria for equipment location (e.g., by voltage, geographic area, station
size, etc.).
R1.1.2. Devices to be monitored.
for fault recording:
R2.1. Location, monitoring and recording requirements, including the following:
R2.1.1. Criteria for equipment location (e.g., by voltage, geographic area, station
size, etc.).
R2.1.2. Elements to be monitored at each location.
R2.1.3. Electrical quantities to be recorded for each monitored element shall be
sufficient to determine the following:
R2.1.3.1. Three phase to neutral voltages.
R2.1.3.2. Three phase currents and neutral currents.
R2.1.3.3. Polarizing currents and voltages, if used.
R2.1.3.4. Frequency.
R2.1.3.5. Megawatts and megavars.
R2.2. Technical requirements, including the following:
R2.2.1. Recording duration requirements.
R2.2.2. Minimum sampling rate of 16 samples per cycle.
R2.2.3. Event triggering requirements.
Board of Trustees Adoption: August 2, 2006 Page 1 of 4
Effecti ve Date: Nine months after BOT adoption.
Requirements
for dynamic Disturbance recording:
R3.1. Location, monitoring and recording requirements including the following:
R3.1.1. Criteria for equipment location giving consideration to the following:
- Site(s) in or near major load centers
- Site(s) in or near major generation clusters
- Site(s) in or near major voltage sensitive areas
- Site(s) on both sides of major transmission interfaces
- A major transmission junction
- Elements associated with Interconnection Reliability Operating Limits
- Major EHV interconnections between control areas
- Coordination with neighboring regions within the interconnection
R3.1.2. Elements and number of phases to be monitored at each location.
R3.1.3. Electrical quantities to be recorded for each monitored element shall be
sufficient to determine the following:
R3.1.3.1. Voltage, current and frequency.
R3.1.3.2. Megawatts and megavars.
R3.2. Technical requirements, including the following:
R3.2.1. Capability for continuous recording for devices installed after J anuary 1,
2009.
R3.2.2. Each device shall sample data at a rate of at least 960 samples per second
and shall record the RMS value of electrical quantities at a rate of at least 6
records per second.
R4. The Regional Reliability Organization shall establish requirements for facility owners to report
Disturbance data recorded by their DME installations. The Disturbance data reporting
requirements shall include the following:
R4.1. Criteria for events that require the collection of data from DMEs.
R4.2. List of entities that must be provided with recorded Disturbance data.
R4.3. Timetable for response to data request.
R4.4. Provision for reporting Disturbance data in a format which is capable of being viewed,
read and analyzed with a generic COMTRADE
1
analysis tool,
R4.5. Naming of data files in conformance with the IEEE C37.232 Recommended Practice
for Naming Time Sequence Data Files
2
.
R4.6. Data content requirements and guidelines.

1
IEEE C37.111-1999 IEEE Standard Common Format for Transient Data Exchange for Power Systems or its
successor standard
2
Compliance with this requirement is not effective until the IEEE Standard is approved.
Requirements
R5. The Regional Reliability Organization shall provide its requirements (and any revisions to
those requirements) including those for DME installation and Disturbance data reporting to the
affected Transmission Owners and Generator Owners within 30 calendar days of approval of
those requirements.
R6. The Regional Reliability Organization shall periodically (at least every five years) review,
update and approve its Regional requirements for Disturbance monitoring and reporting.
C. Measures
M1. The Regional Reliability Organizations requirements for the installation of Disturbance
Monitoring Equipment shall address Requirements 1 through 3.
M2. The Regional Reliability Organizations Disturbance monitoring data reporting requirements
shall include all elements identified in Requirements 4.
M3. The Regional Reliability Organization shall have evidence it provided its Regional Disturbance
monitoring and reporting requirements as required in Requirement 5.
M4. The Regional Reliability Organization shall have evidence it conducted a review at least once
every five years of its regional requirements for Disturbance monitoring and reporting as
required in Requirement 6.
D. Compliance
NERC.
One calendar year.
1.3. Data Retention
The Regional Reliability Organization shall retain documentation of its DME
requirements for three years.
The Compliance Monitor will retain its audit data for three years.
The Regional Reliability Organization shall demonstrate compliance through providing
its documentation of Disturbance Monitoring and Reporting requirements or self-
certification as determined by the Compliance Monitor.
2.1. Level 1: There shall be a level one non-compliance if either of the following conditions
exist:
2.1.1 Disturbance data reporting requirements were not specified as required in R4.1
through R4.6.
2.1.2 No evidence it conducted a review at least once every five years of its regional
requirements for Disturbance monitoring and reporting as required in R6.
2.2. Level 2: There shall be a level two non-compliance if any of the following conditions
exist:
2.2.1 Technical requirements were not specified for one or more types of DMEs.
Requirements
2.2.2 Requirements do not provide criteria for equipment location or criteria for
monitored elements or monitored quantities as required R1, R2 and R3.
2.4. Level 4: Disturbance monitoring and reporting requirements were not available or were
not provided to Transmission Owners and Generator Owners.
None identified.
Version History

Standard PRC-002-NPCC-01 Disturbance Monitoring
Adopted by NERC Board of Trustees: November 4, 2010 1
A. Introduction
1. Title: Disturbance Monitoring
2. Number: PRC-002-NPCC-01
3. Purpose: Ensure that adequate disturbance data is available to facilitate Bulk
Electric System event analyses. All references to equipment and
facilities herein unless otherwise noted will be to Bulk Electric
System (BES) elements.
4. Applicability:
5. (Proposed) Effective Date: To be established.

B. Requirements
R1. Each Transmission Owner and Generator Owner shall provide Sequence of
Event (SOE) recording capability by installing Sequence of Event recorders or
as part of another device, such as a Supervisory Control And Data Acquisition
(SCADA) Remote Terminal Unit (RTU), a generator plant Digital (or
Distributed) Control System (DCS) or part of Fault recording equipment. This
capability shall: [Violation Risk Factor: Medium] [Time Horizon: Planning and
1.1 Be provided at all substations and at locations where circuit breaker
operation affects continuity of service to radial Loads greater than
300MW, or the operation of which drops 50MVA Nameplate Rating or
greater of Generation, or the operation of which creates a Generation/Load
island.
Be provided at generating units above 50MVA Nameplate Rating or series
of generating units utilizing a control scheme such that the loss of 1 unit
results in a loss of greater than 50MVA Nameplate Capacity, and at
Generating Plants above 300MVA Name Plate Capacity.
1.2 Monitor the following at each location listed in 1.1:
1.2.1 Transmission and Generator circuit breaker positions
1.2.2 Protective Relay tripping for all Protection Groups that operate to
trip circuit breakers identified in 1.2.1.
1.2.3 Teleprotection keying and receive

R2. Each Transmission Owner shall provide Fault recording capability for the following Elements at facilities
where Fault recording equipment is required to be installed as per R3: [Violation Risk Factor: Medium]
[Time Horizon: Planning and Operations Planning]
2.1 All transmission lines.
2.2 Autotransformers or phase-shifters connected to busses.
2.3 Shunt capacitors, shunt reactors.
2.4 Individual generator line interconnections.
2.5 Dynamic VAR Devices.
2.6 HVDC terminals.
R3. Each Transmission Owner shall have Fault recording capability that determines the Current Zero
Time for loss of Bulk Electric System (BES) transmission Elements. [Violation Risk Factor: Medium]
[Time Horizon: Planning and Operations Planning]
R4. Each Generator Owner shall provide Fault recording capability for Generating Plants at and above 200
MVA Capacity and connected through a generator step up (GSU) transformer to a Bulk Electric
System Element unless Fault recording capability is already provided by the Transmission Owner.
[Violation Risk Factor: Medium] [Time Horizon: Planning and Operations Planning]
R5. Each Transmission Owner and Generator Owner shall record for Faults, sufficient electrical quantities
for each monitored Element to determine the following: [Violation Risk Factor: Medium] [Time
Horizon: Planning and Operations Planning]
5.1 Three phase-to-neutral voltages. (Common bus-side voltages may be used for lines.)
5.2 Three phase currents and neutral currents.
5.3 Polarizing currents and voltages, if used.
5.4 Frequency.
5.5 Real and reactive power.
R6. Each Transmission Owner and Generator Owner shall provide Fault recording with the following
capabilities: [Violation Risk Factor: Medium] [Time Horizon: Planning and Operations Planning]
6.1 Each Fault recorder record duration shall be a minimum of one (1) second.
6.2 Each Fault recorder shall have a minimum recording rate of 16 samples per cycle
6.3 Each Fault recorder shall be set to trigger for at least the following:
6.3.1 Monitored phase overcurrents set at 1.5 pu or less of rated CT secondary current or
Protective Relay tripping for all Protection Groups.
6.3.2 Neutral (residual) overcurrent set at 0.2 pu or less of rated CT secondary current.
6.3.3 Monitored phase undervoltage set at 0.85 pu or greater.
6.4 Document additional triggers and deviations from the settings in 6.3.2 and 6.3.3 when local
conditions dictate.
R7. Each Reliability Coordinator shall establish its areas requirements for Dynamic Disturbance
Recording (DDR) capability that: [Violation Risk Factor: Medium] [Time Horizon: Planning and
7.1 Provides a minimum of 1 DDR per 3,000 MW of peak Load.
7.2 Records dynamic disturbance information with consideration of the following
facilities/locations:
7.2.1 Major Load centers.
7.2.2 Major Generation clusters.
7.2.3 Major voltage sensitive areas.
7.2.4 Major transmission interfaces.
7.2.5 Major transmission junctions.
7.2.6 Elements associated with Interconnection Reliability Operating Limits (IROLs).
7.2.7 Major EHV interconnections between operating areas.
R8. Each Reliability Coordinator shall specify that DDRs installed, after the approval of this standard,
function as continuous recorders. [Violation Risk Factor: Medium] [Time Horizon: Planning and
R9. Each Reliability Coordinator shall specify that DDRs are installed with the following capabilities:
[Violation Risk Factor: Medium] [Time Horizon: Planning and Operations Planning]
9.1 A minimum recording time of sixty (60) seconds per trigger event.
9.2 A minimum data sample rate of 960 samples per second, and a minimum data storage rate for
RMS quantities of six (6) data points per second.
9.3 Each DDR shall be set to trigger for at least one of the following (based on manufacturers
equipment capabilities):
9.3.1 Rate of change of Frequency.
9.3.2 Rate of change of Power.
9.3.3 Delta Frequency (recommend 20 mHz change).
9.3.4 Oscillation of Frequency.
R10. Each Reliability Coordinator shall establish requirements such that the following quantities are
monitored or derived where DDRs are installed: [Violation Risk Factor: Medium] [Time Horizon:
Planning and Operations Planning]
10.1 Line currents for most lines such that normal line maintenance activities do not interfere with
DDR functionality.
10.2 Bus voltages such that normal bus maintenance activities do not interfere with DDR
functionality.
10.3 As a minimum, one phase current per monitored Element and two phase-to-neutral voltages of
different Elements. One of the monitored voltages shall be of the same phase as the monitored
current.
10.4 Frequency.
10.5 Real and reactive power.
R11. Each Reliability Coordinator shall document additional settings and deviations from the required
trigger settings described in R9 and the required list of monitored quantities as described in R10, and
report this to the Regional Entity (RE) upon request. [Violation Risk Factor: Lower] [Time Horizon:
R12. Each Reliability Coordinator shall specify its DDR requirements including the DDR setting triggers
established in R9 to the Transmission Owners and Generator Owners. [Violation Risk Factor:
Medium] [Time Horizon: Planning and Operations Planning]
R13. Each Transmission Owner and Generator Owner that receives a request from the Reliability
Coordinator to install a DDR shall acquire and install the DDR in accordance with R12. Reliability
Coordinators, Transmission Owners, and Generator Owners shall mutually agree on an
implementation schedule. [Violation Risk Factor: Medium] [Time Horizon: Planning and
R14. Each Transmission Owner and Generator Owner shall establish a maintenance and testing program for
stand alone DME (equipment whose only purpose is disturbance monitoring) that includes: [Violation
14.1 Maintenance and testing intervals and their basis.
14.2 Summary of maintenance and testing procedures.
14.3 Monthly verification of communication channels used for accessing records remotely (if the
entity relies on remote access and the channel is not monitored to a control center staffed around
the clock, 24 hours a day, 7 days a week (24/7)).
14.4 Monthly verification of time synchronization (if the loss of time synchronization is not
monitored to a 24/7 control center).
14.5 Monthly verification of active analog quantities.
14.6 Verification of DDR and DFR settings in the software every six (6) years.
14.7 A requirement to return failed units to service within 90 days. If a DME device will be out of
service for greater than 90 days the owner shall keep a record of efforts aimed at restoring the
DME to service.
R15. Each Reliability Coordinator, Transmission Owner and Generator Owner shall share data within 30
days upon request. Each Reliability Coordinator, Transmission Owner, and Generator Owner shall
provide recorded disturbance data from DMEs within 30 days of receipt of the request in each of the
following cases: [Violation Risk Factor: Lower] [Time Horizon: Operations]
15.1 NERC, Regional Entity, Reliability Coordinator.
15.2 Request from other Transmission Owners, Generator Owners within NPCC.

R16. Each Reliability Coordinator, Transmission Owner and Generator Owner shall submit the data files
conforming to the following format requirements: [Violation Risk Factor: Lower] [Time Horizon:
Operations]
16.1 The data files shall be capable of being viewed, read, and analyzed with a generic COMTRADE
analysis tool as per the latest revision of IEEE Standard C37.111.
16.2 Disturbance Data files shall be named in conformance with the latest revision of IEEE Standard
C37.232.
16.3 Fault Recorder and DDR Files shall contain all monitored channels. SOE records shall contain
station name, date, time resolved to milliseconds, SOE point name, status.
R17. Each Reliability Coordinator, Transmission Owner and Generator Owner shall maintain, record and
provide to the Regional Entity (RE), upon request, the following data on the DMEs installed to meet
this standard: [Violation Risk Factor: Lower] [Time Horizon: Operations]
17.1 Type of DME.
17.2 Make and model of equipment.
17.3 Installation location.
17.4 Operational Status.
17.5 Date last tested.
17.6 Monitored Elements.
17.7 All identified channels.
17.8 Monitored electrical quantities.

C. Measures
M1. Each Transmission Owner and Generator Owner shall have, and provide upon request, evidence that it
provided Sequence of Event recording capability in accordance with 1.1 and 1.2. (R1)
M2. Each Transmission Owner shall have, and provide upon request, evidence that it provided Fault
recording capability in accordance with 2.1 to 2.6. (R2)
M3. Each Transmission Owner shall have, and provide upon request, evidence that it provided Fault
recording capability that determined the Current Zero Time for loss of Bulk Electric System (BES)
transmission Elements in accordance with R3.
M4. Each Generator Owner shall have, and provide upon request, evidence that it provided Fault recording
capability for its Generating Plants at and above 200 MVA Capacity in accordance with R4.
records for Faults, sufficient electrical quantities for each monitored Element to determine the
parameters listed in 5.1 to 5.5. (R5)
provided Fault recording capability in accordance with 6.1 to 6.4. (R6)
M7. Each Reliability Coordinator shall have, and provide upon request, evidence that it established its
areas requirements for Dynamic Disturbance Recording (DDR) capability in accordance with 7.1 and
.2. (R7)
M8. Each Reliability Coordinator shall have, and provide upon request, evidence that DDRs installed after
the approval of this standard function as continuous recorders. (R8)
M9. Each Reliability Coordinator shall have, and provide upon request, evidence that it developed DDR
setting triggers to include the parameters listed in 9.1 to 9.3. (R9)
M10. Each Reliability Coordinator shall have, and provide upon request, evidence that DDRs monitor the
Elements listed in 10.1 through 10.5. (R10)
M11. Each Reliability Coordinator shall have, and provide upon request, evidence that it documented
additional settings and deviations from the required trigger settings described in R9 and the required
list of monitored quantities as described in R10. (R11)
M12. Each Reliability Coordinator shall have, and provide upon request, evidence that it specified its DDR
requirements which included the DDR setting triggers established in R9 to the Transmission Owners
and Generator Owners in the Reliability Coordinators area. (R12)
M13. Each Transmission Owner and Generator Owner shall have, and provide upon request, evidence that
it acquired and installed the DDRs in accordance with the specifications contained in the Reliability
Coordinators request, and a mutually agreed upon implementation schedule. (R13)
has a maintenance and testing program for stand alone DME
(equipment whose only purpose is disturbance monitoring) that meets the requirements in 14.1
through 14.7. (R14)
M15. Each Reliability Coordinator, Transmission Owner and Generator Owner shall have, and provide
upon request, evidence that it provided recorded disturbance data from DMEs within 30 days of the
receipt of the request from the entities listed in 15.1 and 15.2. (R15)
upon request, evidence that it submitted the data files in a format that meets the requirements in 16.1
through 16.3. (R16)
upon request, evidence that it maintained a record of and provided to NPCC when requested, the data
on DMEs installed meeting the requirements 17.1 through 17.8. (R17)

D. Compliance
NPCC Compliance Committee
Not Applicable
1.3. Data Retention
The Transmission Owner and Generator Owner shall keep evidences for three calendar years for
Measures 1, 5, 6, 13, 16 and 17.

The Transmission Owner shall keep evidence for three years for Measures 2 and 3.

The Generator Owner shall keep evidence for three years for Measure 4.

The Reliability Coordinator shall keep evidence for three years for Measures 7, 8, 9, 10, 11, 12,
16 and 17.

The Transmission Owner and Generator Owner shall keep evidences for twenty-four calendar
months for Measures 14 and 15.

The Reliability Coordinator shall keep evidence for twenty-four calendar months for Measure
15.

If a Transmission Owner, Generator Owner or Reliability Coordinator is found non-compliant, it
shall keep information related to the non-compliance until found compliant.

The Compliance Enforcement Authority shall keep the last audit and all subsequent record.

- Spot Checking
- Compliance Audits
- Self-Reporting
- Complaints
None


R1
The Transmission
Owner or
Generator Owner
provided the
Sequence of
Event recording
capability
meeting the bulk
of R1 but
missed
Up to and
including 10%
of the total set,
which is the
product of the
total number of
locations in 1.1
times the total
number of
parameters in
1.2.

More than 10% and
up to and including
20% of the total set,
which is the product
of the total number
of locations in 1.1
times the total
number of
parameters in 1.2.

More than 20% and
up to and including
which is the product
of the total number
of locations in 1.1
times the total
number of
parameters in 1.2.

More than 30% of the
total set, which is the
product of the total
number of locations in
1.1 times the total
number of parameters in
1.2.

R2
The Transmission
Owner provided
the Fault
recording
capability
meeting the bulk
of R2 but
missed
Up to and
including 10%
of the total set,
which is the
total number of
Elements at all
locations
required to be
installed as per
R3 that meet
the criteria
listed in 2.1
through 2.6.

More than 10% and
up to and including
which is the total
number of Elements
at all locations
required to be
installed as per R3
that meet the criteria
listed in 2.1 through
2.6.

More than 20% and
up to and including
which is the total
number of
Elements at all
locations required
to be installed as
per R3 that meet
the criteria listed in
2.1 through 2.6.

total set, which is the
total number of Elements
at all locations required
to be installed as per R3
that meet the criteria
listed in 2.1 through 2.6.

R3
The Transmission
Not applicable. Not applicable. Not applicable. Fault recording capability
that determines the
Owner failed to
provide

current zero time for loss
of transmission Elements.
R4
The Generator
Owner failed to
provide Fault
recording
capability at

Up to and
including 10%
of its
Generating
Plants at and
above 200
MVA Capacity
and connected
to a Bulk
Electric System
Element if
Fault recording
capability for
that portion of
the system is
inadequate.
More than 10% and
up to and including
20% of its
Generating Plants at
and above 200 MVA
Capacity and
connected to a Bulk
Electric System
Element if Fault
recording capability
for that portion of
the system is
inadequate.
More than 20% and
up to 30% of its
Generating Plants at
and above 200 MVA
Capacity and
connected to a Bulk
Electric System
Element if Fault
for that portion of
the system is
inadequate.
More than 30% of its
Generating Plants at and
above 200 MVA
Capacity and connected
to a Bulk Electric System
Element if Fault
recording capability for
that portion of the system
is inadequate.
R5
The Transmission
Owner or
Generator Owner
failed to record
for the Faults

Up to and
including 10%
of the total set
of parameters,
which is the
product of the
total number of
monitored
Elements and
the number of
parameters
listed in 5.1
through 5.5.

More than 10% and
up to and including
20% of the total set
of parameters, which
is the product of the
total number of
monitored Elements
and the number of
parameters listed in
5.1 through 5.5.

More than 20% and
up to and including
30% of the total set
of parameters, which
total number of
monitored Elements
and the number of
parameters listed in
5.1 through 5.5.
total set of parameters,
which is the product of
the total number of
monitored Elements and
the number of parameters
listed in 5.1 through 5.5.
R6
The Transmission
Owner or
Generator Owner
failed

To provide
Fault recording
capability for
up to and
including 10%
of the total set
of
requirements,
which is the
product of the
total number of
monitored
Elements and
the total
number of
capabilities
identified in 6.1
To provide Fault
for more than 10%
and up to and
including 20% of the
total set of
requirements, which
total number of
monitored Elements
and the total number
of capabilities
identified in 6.1
through 6.2.
OR
Failed to document
additional triggers or
To provide Fault
for more than 20%
and up to and
including 30% of the
total set of
requirements, which
total number of
monitored Elements
and the total number
of 6.1 through 6.2.
OR
Failed to document
deviations from the
settings stipulated in
To provide Fault
recording capability for
more than 30% of the
total set of requirements,
which is the product of
the total number of
monitored Elements and
the total number of
capabilities identified in
6.1 through 6.2.
OR
Failed to document
deviations from the
settings stipulated in 6.3
through 6.4 for more than
ten (10) locations.
through 6.2.
OR
Failed to
document
additional
triggers or
deviations from
the settings
stipulated in 6.3
through 6.4 for
up to 2
locations.
deviations from the
settings stipulated in
6.3 through 6.4 for
more than two (2)
and up to and
including five (5)
locations.
6.3 through 6.4 for
more than five (5)
and up to and
including ten (10)
locations.

R7
The Reliability
Coordinator
failed to establish
its areas
requirements
for

Up to and
including 10%
of the required
DDR coverage
for its area as
per 7.1and 7.2.

More than 10% and
up to and including
20% of the required
DDR coverage for
its area as per 7.1
and 7.2.
More than 20% and
up to and including
30% of the required
DDR coverage for
its area as per 7.1
and 7.2.
required DDR coverage
for its area as per 7.1 and
7.2.

R8
The Reliability
Coordinator failed
to specify
that DDRs
installed

Not applicable.

Not applicable.

Not applicable.

Function as continuous
recorders.

R9
The Reliability
Coordinator failed
to specify that
DDRs are
installed
without

Not
applicable.

Not applicable. Not applicable. The capabilities listed in
9.1 through 9.3.
R10
The Reliability
Coordinator failed
to ensure that the
quantities listed in 10.1 through 10.5
are monitored or
derived

Not applicable.

Not applicable. Not applicable.

Where DDRs are
installed.

R11
The Reliability
Coordinator failed
to document and
report to the
Regional Entity
upon request
additional settings and deviations
from the required
trigger settings
described in R9
Up to two (2)
facilities within
the Reliability
Coordinators
area that have a
DDR.
More than two (2)
and up to five (5)
facilities within the
Reliability
Coordinators area
that have a DDR.

More than five (5)
and up to ten (10)
Reliability
Coordinators area
that have a DDR.

More than ten (10)
area that have a DDR.
and the required
list of monitored
quantities as
described in R10
for

R12
The Reliability
Coordinator failed
to specify to the
Transmission
Owners and
Generator Owners
its DDR
requirements
including the DDR setting
triggers
established in R9
but missed

Not applicable. Not applicable.

Not applicable. Established setting
triggers.
R13
The Transmission
Owner or
Generator Owner
failed to comply
with the
Reliability
Coordinators
request installing
the DDR in
accordance with
R12 for

Up to and
including 10%
of the
requirement set
of the
Reliability
Coordinators
request to
install DDRs,
with the
requirement set
being the total
number of
DDRs
requested times
the number of
setting triggers
specified for
each DDR.
More than 10% and
up to 20% of the
requirement set
requested by the
Reliability
Coordinator for
installing DDRs,
with the requirement
set being the total
number of DDRs
requested times the
number of setting
triggers specified for
each DDR.
More than 20% and
up to 30% of the
requirement set
requested by the
Reliability
Coordinator for
installing DDRs,
with the requirement
set being the total
number of DDRs
requested times the
number of setting
triggers specified for
each DDR.

requirement set requested
by the Reliability
Coordinator and
installing DDRs, with the
requirement set being the
total number of DDRs
requested times the
number of setting triggers
specified for each DDR
OR
The Reliability
Coordinator,
Transmission Owners,
and Generator Owners
failed to mutually agree
on an implementation
schedule.
R14
The Transmission
Owner or
Generator
Owner

Established a
maintenance
and testing
program for
stand alone
DME but
provided
incomplete data
for any one (1)
of 14.1 through
Established a
maintenance and
testing program for
stand alone DME
but provided
incomplete data for
more than one (1)
and up to and
including three (3)
of 14.1 through 14.7.
Established a
maintenance and
testing program for
stand alone DME
but provided
incomplete data for
more than three (3)
and up to and
including six (6) of
14.1 through 14.7.
Did not establish any
maintenance and testing
program for DME;
OR
or Generator Owner
established a
maintenance and testing
program for DME but did
not provide any data that

VersionHistory

1 November 4,
2010
1 October 20,
2011
FERC Order issued approving PRC-
002-NPCC-01 (FERCs Order became
effective on October 20, 2011)

14.7.

meets all of 14.1 through
14.7.

R15
The Reliability
Coordinator,
Transmission
Owner or
Generator Owner
provided recorded
disturbance data
from DMEs but
was late for

Up to and
including
fifteen (15)
days in meeting
the requests of
an entity, or
entities in 15.1,
or 15.2.

More than fifteen
(15) days but less
than and including
thirty (30) days in
meeting the requests
of an entity, or
entities in 15.1 or
15.2.

More than 30 days
but less than and
including forty-five
(45) days in meeting
the requests of an
entity, or entities in
15.1 or 15.2.
More than forty-five (45)
days in meeting the
requests of an entity, or
entities in 15.1 or 15.2.
R16
The Reliability
Coordinator,
Transmission
Owner or
Generator Owner
failed to submit

Up to and
including two
(2) data files in
a format that
meets the
applicable
format
requirements in
16.1 through
16.3.
More than two (2)
and up to and
including five (5)
data files in a format
that meets the
applicable format
requirements in 16.1
through 16.3.
More than five (5)
and up to and
including ten (10)
data files in a format
that meets the
applicable format
requirements in 16.1
through 16.3.
More than ten (10) data
files in a format that
meets the applicable
format requirements in
16.1 through 16.3.

R17
The Reliability
Coordinator,
Transmission
Owner or
Generator Owner
failed to maintain
or provide to
the Regional
Entity , upon
request

Up to and
including two
(2) of the items
in 17.1 through
17.8.
More than two (2)
and up to and
including four (4) of
the items in 17.1 to
17.8.
More than four (4)
and up to and
including six (6) of
the items in 17.1
through 17.8.

More than six (6) of the
items in 17.1 through
17.8.
Standard PRC-003-1 Regional Procedure for Analysis of Misoperations of Transmission and
Generation Protection Systems

Effecti ve Date: May 1, 2006
A. Introduction
1. Title: Regional Procedure for Analysis of Misoperations of Transmission and
3. Purpose: To ensure all transmission and generation Protection System Misoperations
affecting the reliability of the Bulk Electric System (BES) are analyzed and mitigated.
4. Applicability
5. Effective Date: May 1, 2006.
B. Requirements
R1. Each Regional Reliability Organization shall establish, document and maintain its procedures
for, review, analysis, reporting and mitigation of transmission and generation Protection
System Misoperations. These procedures shall include the following elements:
R1.1. The Protection Systems to be reviewed and analyzed for Misoperations (due to their
potential impact on BES reliability).
R1.2. Data reporting requirements (periodicity and format) for Misoperations.
R1.3. Process for review, analysis follow up, and documentation of Corrective Action Plans
for Misoperations.
R1.4. Identification of the Regional Reliability Organization group responsible for the
procedures and the process for approval of the procedures.
R2. Each Regional Reliability Organization shall maintain and periodically update documentation
of its procedures for review, analysis, reporting, and mitigation of transmission and generation
Protection System Misoperations.
R3. Each Regional Reliability Organization shall distribute procedures in Requirement 1 and any
changes to those procedures, to the affected Transmission Owners, Distribution Providers that
own transmission Protection Systems, and Generator Owners within 30 calendar days of
approval of those procedures.
C. Measures
M1. The Regional Reliability Organization shall have procedures for the review, analysis, reporting
and mitigation of transmission and generation Protection System Misoperations as defined in
R1.
M2. The Regional Reliability Organization shall have evidence it maintained and periodically
updated its procedures for review, analysis, reporting and mitigation of transmission and
generation Protection System Misoperations as defined in Requirement 2.
M3. The Regional Reliability Organization shall have evidence it provided its procedures for the
review, analysis, reporting and mitigation of transmission and generation Protection System
Misoperations to the affected Transmission Owners, Distribution Providers that own
transmission Protection Systems, and Generator Owners as defined in Requirement 3.
D. Compliance
Standard PRC-003-1 Regional Procedure for Analysis of Misoperations of Transmission and

Effecti ve Date: May 1, 2006
NERC.
One calendar year.
1.3. Data Retention
The Regional Reliability Organization shall retain documentation of its procedures for
analysis of transmission and generation Protection System Misoperations and any
changes to those procedures for three years.
The Regional Reliability Organization shall demonstrate compliance through self-
certification or audit (periodic, as part of targeted monitoring or initiated by complaint or
event), as determined by the Compliance Monitor.
2.1. Level 1: Procedures were not reviewed and updated within the review cycle period as
required in R2.
2.2. Level 2: Procedures did not include one of the elements defined in R1.1 through R1.4.
2.3. Level 3: Procedures did not include two or more of the elements defined in R1.1
through R1.4.
2.4. Level 4: There shall be a level four non-compliance if either of the following
conditions exist:
2.4.1 No evidence of Procedures.
2.4.2 Procedures were not provided to the affected Transmission Owners, Distribution
Providers that own transmission Protection Systems, and Generator Owners as
defined in R3.
None identified.
Version History
1 December 1,
2005
dash ().
appropriate.
in item D, 1.2.
01/20/06

Standard PRC-004-2a Anal ysis and Mitigation of Transmission and Generation
Protection System Misoperations
1 of 4
A. Introduction
1. Title: Analysis and Mitigation of Transmission and Generation Protection System
Misoperations
2. Number: PRC-004-2a
3. Purpose: Ensure all transmission and generation Protection System Misoperations
4. Applicability
4.2. Distribution Provider that owns a transmission Protection System.
B. Requirements
R1. The Transmission Owner and any Distribution Provider that owns a transmission Protection
System shall each analyze its transmission Protection System Misoperations and shall develop
and implement a Corrective Action Plan to avoid future Misoperations of a similar nature
according to the Regional Entitys procedures.
R2. The Generator Owner shall analyze its generator Protection System Misoperations, and shall
develop and implement a Corrective Action Plan to avoid future Misoperations of a similar
nature according to the Regional Entitys procedures.
R3. The Transmission Owner, any Distribution Provider that owns a transmission Protection
System, and the Generator Owner shall each provide to its Regional Entity, documentation of
its Misoperations analyses and Corrective Action Plans according to the Regional Entitys
procedures.
C. Measures
M1. The Transmission Owner, and any Distribution Provider that owns a transmission Protection
System shall each have evidence it analyzed its Protection System Misoperations and
developed and implemented Corrective Action Plans to avoid future Misoperations of a similar
M2. The Generator Owner shall have evidence it analyzed its Protection System Misoperations and
M3. Each Transmission Owner, and any Distribution Provider that owns a transmission Protection
System, and each Generator Owner shall have evidence it provided documentation of its
Protection System Misoperations, analyses and Corrective Action Plans according to the
Regional Entitys procedures.
D. Compliance
Regional Entity.
2 of 4
Not applicable.
Compliance Audits
Self-Certifications
Spot Checking
Self-Reporting
Complaints
1.4. Data Retention
The Transmission Owner, and Distribution Provider that own a transmission Protection
System and the Generator Owner that owns a generation Protection System shall each
retain data on its Protection System Misoperations and each accompanying Corrective
Action Plan until the Corrective Action Plan has been executed or for 12 months,
whichever is later.
The Transmission Owner, and any Distribution Provider that owns a transmission
Protection System and the Generator Owner shall demonstrate compliance through self-
None identified.
Version History
1 December 1, 2005 1. Changed incorrect use of certain hyphens (-)
to en dash () and em dash ().
appropriate.
Changed Timeframe to Time Frame in
item D, 1.2.

2 August 5, 2010 Adopted by the NERC Board of Trustees
1a February 17, 2011 Added Appendix 1 - Interpretation regarding
applicability of standard to protection of radially
connected transformers
Project 2009-17
interpretation
1a February 17, 2011 Adopted by the NERC Board of Trustees
3 of 4
1a September 26,
2011
FERC Order issued approving the interpretation
of R1 and R3 (FERCs Order is effective as of
September 26, 2011)

2a September 26,
2011
Appended FERC-approved interpretation of R1
and R3 to version 2

4 of 4

Appendix 1
according to the Regional Reliability Organizations procedures developed for Reliability
Standard PRC-003 Requirement 1.
R3. The Transmission Owner, any Distribution Provider that owns a transmission Protection System,
and the Generator Owner shall each provide to its Regional Reliability Organization,
documentation of its Misoperations analyses and Corrective Action Plans according to the
Regional Reliability Organizations procedures developed for PRC-003 R1.

Question:
Is protection for a radially-connected transformer protection system energized from the BES considered a
transmission Protection System subject to this standard?
Response:
The request for interpretation of PRC-004-1 Requirements R1 and R3 focuses on the applicability of the
term transmission Protection System. The NERC Glossary of Terms Used in Reliability Standards
contains a definition of Protection System but does not contain a definition of transmission Protection
System. In these two standards, use of the phrase transmission Protection System indicates that the
requirements using this phrase are applicable to any Protection System that is installed for the purpose of
detecting faults on transmission elements (lines, buses, transformers, etc.) identified as being included in
the Bulk Electric System (BES) and trips an interrupting device that interrupts current supplied directly
from the BES.
A Protection System for a radially connected transformer energized from the BES would be considered a
transmission Protection System and subject to these standards only if the protection trips an interrupting
device that interrupts current supplied directly from the BES and the transformer is a BES element.

Standard PRC-004-2.1a Analysis and Mitigation of Transmission and Generation
1 of 4

A. Introduction
1. Title: Analysis and Mitigation of Transmission and Generation Protection System
Misoperations
2. Number: PRC-004-2.1a
3. Purpose: Ensure all transmission and generation Protection System Misoperations
4. Applicability
5. (Proposed) Effective Date: In those jurisdictions where regulatory approval is required, all
requirements become effective upon approval. In those jurisdictions where no regulatory
approval is required, all requirements become effective upon Board of Trustees adoption.
B. Requirements
according to the Regional Entitys procedures.
R2. The Generator Owner shall analyze its generator and generator interconnection Facility
Protection System Misoperations, and shall develop and implement a Corrective Action Plan to
avoid future Misoperations of a similar nature according to the Regional Entitys procedures.
R3. The Transmission Owner, any Distribution Provider that owns a transmission Protection
System, and the Generator Owner shall each provide to its Regional Entity, documentation of
its Misoperations analyses and Corrective Action Plans according to the Regional Entitys
procedures.
C. Measures
M1. The Transmission Owner, and any Distribution Provider that owns a transmission Protection
System shall each have evidence it analyzed its Protection System Misoperations and
M2. The Generator Owner shall have evidence it analyzed its Protection System Misoperations and
M3. Each Transmission Owner, and any Distribution Provider that owns a transmission Protection
System, and each Generator Owner shall have evidence it provided documentation of its
Protection System Misoperations, analyses and Corrective Action Plans according to the
Regional Entitys procedures.
D. Compliance
Regional Entity.
2 of 4

Not applicable.
Compliance Audits
Self-Certifications
Spot Checking
Self-Reporting
Complaints
1.4. Data Retention
The Transmission Owner, and Distribution Provider that own a transmission Protection
System and the Generator Owner that owns a generation or generator interconnection
Facility Protection System shall each retain data on its Protection System Misoperations
and each accompanying Corrective Action Plan until the Corrective Action Plan has been
executed or for 12 months, whichever is later.
The Transmission Owner, and any Distribution Provider that owns a transmission
Protection System and the Generator Owner shall demonstrate compliance through self-
None identified.

Version History
1 December 1, 2005 1. Changed incorrect use of certain hyphens (-)
appropriate.
Changed Timeframe to Time Frame in
item D, 1.2.
01/20/06
2 Modified to address Order No. 693 Directives
contained in paragraph 1469.
Revised
2 August 5, 2010 Adopted by NERC Board of Trustees
3 of 4

1a February 17, 2011 Added Appendix 1 - Interpretation regarding
applicability of standard to protection of radially
connected transformers
Project 2009-17
interpretation
1a February 17, 2011 Adopted by the Board of Trustees
1a September 26,
2011
FERC Order issued approving the interpretation
of R1 and R3 (FERCs Order is effective as of
September 26, 2011)

2a September 26,
2011
Appended FERC-approved interpretation of R1
and R3 to version 2

2.1a Errata change: Edited R2 to add and
generator interconnection Facility
2010-07
2.1a February 9, 2012 Errata change adopted by the Board of Trustees

4 of 4

Appendix 1
1

according to the Regional Reliability Organizations procedures developed for Reliability
Standard PRC-003 Requirement 1.
R3. The Transmission Owner, any Distribution Provider that owns a transmission Protection System,
and the Generator Owner shall each provide to its Regional Reliability Organization,
documentation of its Misoperations analyses and Corrective Action Plans according to the
Regional Reliability Organizations procedures developed for PRC-003 R1.

Question:
Response:
from the BES.

1
When the request for interpretation was made, it was for a previous version of the standard. Although the
interpretation references a previous version of the standard, because it is still applicable in this case, it is appended to
this version of the standard.
WECC Standard PRC-004-WECC-1 Protection Sys tem and Remedial Action Scheme Mis operation
A. Introduction
1. Title: Protection System and Remedial Action Scheme Misoperation
2. Number: PRC-004-WECC-1
3. Purpose: Regional Reliability Standard to ensure all transmission and generation Protection
System and Remedial Action Scheme (RAS) Misoperations on Transmission Paths
and RAS defined in section 4 are analyzed and/or mitigated.
4. Applicability
4.1. Transmission Owners of selected WECC major transmission path facilities and RAS listed in
tables titled Major WECC Transfer Paths in the Bulk Electric System provided at
http://www.wecc.biz/Standards/Approved%20Standards/Supporting%20Tables/Table%20M
ajor%20Paths%204-28-08.pdf and Major WECC Remedial Action Schemes (RAS)
provided at
ajor%20RAS%204-28-08.pdf.
4.2. Generator Owners that own RAS listed in the Table titled Major WECC Remedial Action
Schemes (RAS) provided at
4.3. Transmission Operators that operate major transmission path facilities and RAS listed in
Tables titled Major WECC Transfer Paths in the Bulk Electric System provided at
ajor%20Paths%204-28-08.pdf and Major WECC Remedial Action Schemes (RAS)
provided at
5. Effective Date: On the first day of the second quarter following applicable regulatory approval.

B. Requirements
The requirements below only apply to the major transmission paths facilities and RAS listed in the
tables titled Major WECC Transfer Paths in the Bulk Electric System and Major WECC
Remedial Action Schemes (RAS).
R.1. System Operators and System Protection personnel of the Transmission Owners and
Generator Owners shall analyze all Protection System and RAS operations. [Violation Risk
Factor: Lower] [Time Horizon: Operations Assessment]
R1.1. System Operators shall review all tripping of transmission elements and RAS
operations to identify apparent Misoperations within 24 hours.
R1.2. System Protection personnel shall analyze all operations of Protection Systems and
RAS within 20 business days for correctness to characterize whether a Misoperation
has occurred that may not have been identified by System Operators.
R.2. Transmission Owners and Generator Owners shall perform the following actions for each
Misoperation of the Protection System or RAS. It is not intended that Requirements R2.1
through R2.4 apply to Protection System and/or RAS actions that appear to be entirely
reasonable and correct at the time of occurrence and associated system performance is fully
compliant with NERC Reliability Standards. If the Transmission Owner or Generator Owner
later finds the Protection System or RAS operation to be incorrect through System Protection
personnel analysis, the requirements of R2.1 through R2.4 become applicable at the time the
Transmission Owner or Generator Owner identifies the Misoperation:
R2.1. If the Protection System or RAS has a Security-Based Misoperation and two or more
Functionally Equivalent Protection Systems (FEPS) or Functionally Equivalent RAS
(FERAS) remain in service to ensure Bulk Electric System (BES) reliability, the
Transmission Owners or Generator Owners shall remove from service the Protection
System or RAS that misoperated within 22 hours following identification of the
Misoperation. Repair or replacement of the failed Protection System or RAS is at the
Transmission Owners and Generator Owners discretion. [Violation Risk Factor:
High] [Time Horizon: Same-day Operations]
R2.2. If the Protection System or RAS has a Security-Based Misoperation and only one
FEPS or FERAS remains in service to ensure BES reliability, the Transmission
Owner or Generator Owner shall perform the following. [Violation Risk Factor:
High] [Time Horizon: Same-day Operations]
R2.2.1. Following identification of the Protection System or RAS Misoperation,
Transmission Owners and Generator Owners shall remove from service
within 22 hours for repair or modification the Protection System or RAS
that misoperated.
R2.2.2. The Transmission Owner or Generator Owner shall repair or replace any
Protection System or RAS that misoperated with a FEPS or FERAS within
20 business days of the date of removal. The Transmission Owner or
Generator Owner shall remove the Element from service or disable the
RAS if repair or replacement is not completed within 20 business days.
R2.3. If the Protection System or RAS has a Security-Based or Dependability-Based
Misoperation and a FEPS and FERAS is not in service to ensure BES reliability,
Transmission Owners or Generator Owners shall repair and place back in service
within 22 hours the Protection System or RAS that misoperated. If this cannot be
done, then Transmission Owners and Generator Owners shall perform the following.
[Violation Risk Factor: High] [Time Horizon: Same-day Operations]
R2.3.1. When a FEPS is not available, the Transmission Owners shall remove the
associated Element from service.
R2.3.2. When FERAS is not available, then
2.3.2.1. The Generator Owners shall adjust generation to a reliable
operating level, or
2.3.2.2. Transmission Operators shall adjust the SOL and operate the
facilities within established limits.
R2.4. If the Protection System or RAS has a Dependability-Based Misoperation but has
one or more FEPS or FERAS that operated correctly, the associated Element or
transmission path may remain in service without removing from service the
Protection System or RAS that failed, provided one of the following is performed.
R2.4.1. Transmission Owners or Generator Owners shall repair or replace any
Protection System or RAS that misoperated with FEPS and FERAS within
20 business days of the date of the Misoperation identification, or
R2.4.2. Transmission Owners or Generator Owners shall remove from service the
associated Element or RAS. [Violation Risk Factor: Lower] [Time
Horizon: Operations Assessment]
R.3. Transmission Owners and Generation Owners shall submit Misoperation incident reports to
WECC within 10 business days for the following. [Violation Risk Factor: Lower] [Time
R3.1. Identification of a Misoperation of a Protection System and/or RAS,
R3.2. Completion of repairs or the replacement of Protection System and/or RAS that
misoperated.

C. Measures
Each measure below applies directly to the requirement by number.
M1. Transmission Owners and Generation Owners shall have evidence that they reported and
analyzed all Protection System and RAS operations.
M1.1 Transmission Owners and Generation Owners shall have evidence that System
Operating personnel reviewed all operations of Protection System and RAS
within 24 hours.
M1.2 Transmission Owners and Generation Owners shall have evidence that System
Protection personnel analyzed all operations of Protection System and RAS for
correctness within 20 business days.
M2. Transmission Owners and Generation Owners shall have evidence for the following.
M2.1 Transmission Owners and Generation Owners shall have evidence that they
removed the Protection System or RAS that misoperated from service within 22
hours following identification of the Protection System or RAS Misoperation.
removed from service and repaired the Protection System or RAS that
misoperated per measurements M2.2.1 through M2.2.2.
M2.2.1 Transmission Owners and Generation Owners shall have evidence that
they removed the Protection System or RAS that misoperated from
service within 22 hours following identification of the Protection System
or RAS Misoperation.
they repaired or replaced the Protection System or RAS that misoperated
within 20 business days or either removed the Element from service or
disabled the RAS.
M2.3 The Transmission Owners and Generation Owners shall have evidence that they
repaired the Protection System or RAS that misoperated within 22 hours
following identification of the Protection System or RAS Misoperation.
M2.3.1 The Transmission Owner shall have evidence that it removed the
associated Element from service.
M2.3.2 The Generator Owners and Transmission Operators shall have
documentation describing all actions taken that adjusted generation or
SOLs and operated facilities within established limits.
repaired or replaced the Protection System or RAS that misoperated including
documentation that describes the actions taken.
they repaired or replaced the Protection System or RAS that misoperated
within 20 business days of the misoperation identification.
they removed the associated Element or RAS from service.
M3. Transmission Owners and Generation Owners shall have evidence that they reported the
following within 10 business days.
M3.1 Identification of all Protection System and RAS Misoperations and corrective
actions taken or planned.
M3.2 Completion of repair or replacement of Protection System and/or RAS that
misoperated.

D. Compliance
Compliance Enforcement Authority may use one or more of the following methods to
assess compliance:
- Misoperation Reports
- Reports submitted quarterly
- Investigations
1.2.1 The Performance-reset Period is one calendar month.
1.3 Data Retention
Reliability Coordinators, Transmission Owners, and Generation Owners shall keep
evidence for Measures M1 and M2 for five calendar years plus year to date.
None.


R1
System Operating personnel
of the Transmission Owner
or Generator Owner did not
review the Protection
System Operation or RAS
operation within 24 hours
but did review the
Protection System
Operation or RAS operation
within six business days.
System Operating personnel of
the Transmission Owner or
Generator Owner did not
review the Protection System
operation or RAS operation
within six business days.
System Protection personnel
of the Transmission Owner
and Generator Owner did
not analyze the Protection
System operation or RAS
operation within 20 business
days but did analyze the
Protection System operation
or RAS operation within 25
business days.

System Protection
personnel of the
analyze the Protection
System operation or RAS
operation within 25
business days.

R2.1 and R2.2.1
not remove from service,
repair, or implement other
compliance measures for the
Protection System or RAS
that misoperated as required
within 22 hours but did
perform the requirements
within 24 hours.
The Transmission Owner and
remove from service, repair,
or implement other
compliance measures for the
Protection System or RAS that
misoperated as required in less
than 24 hours but did perform
the requirements within 28
hours.
not perform the removal
from service, repair, or
implement other compliance
measures for the Protection
System or RAS that
misoperated as required in
less than 28 hours but did
within 32 hours.

not perform the removal
from service, repair, or
implement other
compliance measures for
the Protection System or
RAS that misoperated as
required within 32 hours.

R2.3
not adjust generation to a
reliable operating level,
adjust the SOL and operate
the facilities within
established limits or
System or RAS that
misoperated as required
within 22 hours but did
within 24 hours.
and Generator Owner did not
adjust generation to a reliable
operating level, adjust the
SOL and operate the facilities
within established limits or
System or RAS that
misoperated as required in less
than 24 hours but did perform
hours.
not adjust generation to a
reliable operating level,
adjust the SOL and operate
the facilities within
System or RAS that
misoperated as required in
less than 28 hours but did
within 32 hours.

The Transmission
Operator and Generator
Owner did not adjust
generation to a reliable
operating level, adjust the
SOL and operate the
facilities within
implement other
compliance measures for
the Protection System or
RAS that misoperated as
required within 32 hours.

R2.2.2 and R2.4
not perform the required
repairs, replacement, or
system operation
adjustments to comply with
business days but did
perform the required
activities within 25 business
days.
perform the required repairs,
replacement, or system
operation adjustment to
comply with the requirements
within 25 business days but
did perform the required
days.
system operation adjustment
to comply with the
requirements within 28
days.

system operation
adjustments to comply
within 30 business days.

R3.1
not report the Misoperation
and corrective actions taken
or planned to comply with
days.
report the Misoperation and
corrective actions taken or
planned to comply with the
business days but did perform
the required activities within
20 business days.
not report the Misoperation
and corrective actions taken
or planned to comply with
days.

not report the
Misoperation and
corrective actions taken or
planned to comply with
the requirements within
25 business days.

R3.2
not report the completion of
repair or replacement of
Protection System and/or
RAS that misoperated to
comply with the
business days of the
completion but did perform
15 business days.
report the completion of repair
or replacement of Protection
System and/or RAS that
misoperated to comply with
20 business days.
not report the completion of
repair or replacement of
Protection System and/or
RAS that misoperated to
comply with the
25 business days.

not report the completion
of repair or replacement
of Protection System
and/or RAS that
misoperated to comply
within 25 business days of
the completion.


PRC-STD-001-1 and PRC-STD-003-1

1 April 21, 2011 FERC Order issued approving PRC-
27, 2011)

Standard PRC-005-1b Transmission and Generation Protection System Maintenance and
Testing

1 of 6
A. Introduction
1. Title: Transmission and Generation Protection System Maintenance and Testing

2. Number: PRC-005-1b
3. Purpose: To ensure all transmission and generation Protection Systems affecting the
reliability of the Bulk Electric System (BES) are maintained and tested.
4. Applicability
5. Effective Date: To be determined
B. Requirements
R1. Each Transmission Owner and any Distribution Provider that owns a transmission Protection
System and each Generator Owner that owns a generation Protection System shall have a
Protection System maintenance and testing program for Protection Systems that affect the
reliability of the BES. The program shall include:
R1.1. Maintenance and testing intervals and their basis.
R1.2. Summary of maintenance and testing procedures.
System and each Generator Owner that owns a generation Protection System shall provide
documentation of its Protection System maintenance and testing program and the implementation
of that program to its Regional Reliability Organization on request (within 30 calendar days).
The documentation of the program implementation shall include:
R2.1. Evidence Protection System devices were maintained and tested within the defined
intervals.
R2.2. Date each Protection System device was last tested/maintained.
C. Measures
M1. Each Transmission Owner and any Distribution Provider that owns a transmission Protection
System and each Generator Owner that owns a generation Protection System that affects the
reliability of the BES, shall have an associated Protection System maintenance and testing
program as defined in Requirement 1.
System and each Generator Owner that owns a generation Protection System that affects the
reliability of the BES, shall have evidence it provided documentation of its associated
Protection System maintenance and testing program and the implementation of its program as
defined in Requirement 2.
D. Compliance
Testing

2 of 6
One calendar year.
1.3. Data Retention
The Transmission Owner and any Distribution Provider that owns a transmission
Protection System and each Generator Owner that owns a generation Protection System,
shall retain evidence of the implementation of its Protection System maintenance and
testing program for three years.
Protection System and the Generator Owner that owns a generation Protection System,
shall each demonstrate compliance through self-certification or audit (periodic, as part of
targeted monitoring or initiated by complaint or event), as determined by the Compliance
Monitor.
2.1. Level 1: Documentation of the maintenance and testing program provided was
incomplete as required in R1, but records indicate maintenance and testing did occur
within the identified intervals for the portions of the program that were documented.
2.2. Level 2: Documentation of the maintenance and testing program provided was complete
as required in R1, but records indicate that maintenance and testing did not occur within
the defined intervals.
2.3. Level 3: Documentation of the maintenance and testing program provided was
incomplete, and records indicate implementation of the documented portions of the
maintenance and testing program did not occur within the identified intervals.
2.4. Level 4: Documentation of the maintenance and testing program, or its implementation,
was not provided.
None identified.
Version History
1 December 1,
2005
dash ().
appropriate.
in item D, 1.2.
01/20/05
Testing

3 of 6
1 February 7,
2006
1a November 5,
2009
Interpretation of R1, R1.1, and R1.2
adopted by the NERC Board of Trustees
Project 2009-10
Interpretation
1a February 17,
2011
Interpretation regarding applicability of
standard to protection of radially
connected transformers adopted by the
NERC Board of Trustees (adopted and
filed as -1a instead of -1b)
Project 2009-17
Interpretation
1a September 26,
2011
interpretation regarding applicability of
standard to protection of radially
connected transformers (FERCs Order
is effective as of September 26, 2011)
Project 2009-17
Interpretation

1b February 3,
2012
interpretation of R1, R1.1, and R1.2
(FERCs Order is effective as of March
14, 2012). Updated version from 1a to
1b.
Project 2009-10
Interpretation

Testing

4 of 6
Appendix 1
documentation of its Protection System maintenance and testing program and the implementation
of that program to its Regional Reliability Organization on request (within 30 calendar days).
The documentation of the program implementation shall include:
R2.1 Evidence Protection System devices were maintained and tested within the defined intervals.
R2.2 Date each Protection System device was last tested/maintained.
Question:
Response:
from the BES.

Testing

5 of 6
Appendix 2
1

Question #1
Does R1 require a maintenance and testing program for the battery chargers for the station
batteries that are considered part of the Protection System?
While battery chargers are vital for ensuring station batteries are available to support
Protection System functions, they are not identified within the definition of Protection
Systems. Therefore, PRC-005-1 does not require maintenance and testing of battery chargers.
Question #2
Does R1 require a maintenance and testing program for auxiliary relays and sensing devices? If
so, what types of auxiliary relays and sensing devices? (i.e. transformer sudden pressure relays)
The existing definition of Protection System does not include auxiliary relays; therefore,
maintenance and testing of such devices is not explicitly required. Maintenance and testing of
such devices is addressed to the degree that an entitys maintenance and testing program for DC
control circuits involves maintenance and testing of imbedded auxiliary relays. Maintenance and
testing of devices that respond to quantities other than electrical quantities (for example, sudden
pressure relays) are not included within Requirement R1.
Question #3
Does R1 require maintenance and testing of transmission line re-closing relays?
No. Protective Relays refer to devices that detect and take action for abnormal conditions.
Automatic restoration of transmission lines is not a protective function.
Question #4
Does R1 require a maintenance and testing program for the DC circuitry that is just the circuitry
with relays and devices that control actions on breakers, etc., or does R1 require a program for
the entire circuit from the battery charger to the relays to circuit breakers and all associated

1
According to the FERC Order issued approving a modified definition of Protection System (RD11-13-000), this
interpretation will be superseded by the modified definition of Protection System when the modified definition
becomes effective. The modified definition of Protection System becomes effective on April 1, 2013.
Testing

6 of 6
wiring?
PRC-005-1 requires that entities 1) address DC control circuitry within their program, 2) have a
basis for the way they address this item, and 3) execute the program. PRC-005-1 does not
establish specific additional requirements relative to the scope and/or methods included within
the program.
Question #5
For R1, what are examples of "associated communications systems" that are part of Protection
Systems that require a maintenance and testing program?
Associated communication systems refer to communication systems used to convey essential
Protection System tripping logic, sometimes referred to as pilot relaying or teleprotection.
Examples include the following:
communications equipment involved in power-line-carrier relaying
communications equipment involved in various types of permissive protection system
applications
direct transfer-trip systems
digital communication systems (which would include the protection system
communications
functions of standard IEC 618501 as well as various proprietary systems)

Standard PRC-005-1.1b Transmission and Generation Protection System Maintenance and
Testing

Page 1 of 6

A. Introduction
1. Title: Transmission and Generation Protection System Maintenance and Testing

2. Number: PRC-005-1.1b
3. Purpose: To ensure all transmission and generation Protection Systems affecting the
reliability of the Bulk Electric System (BES) are maintained and tested.
4. Applicability
5. Effective Date: In those jurisdictions where regulatory approval is required, all
requirements become effective upon approval. In those jurisdictions where no regulatory
approval is required, all requirements become effective upon Board of Trustees adoption or as
otherwise made effective pursuant to the laws applicable to such ERO governmental
authorities.
B. Requirements
System and each Generator Owner that owns a generation or generator interconnection Facility
Protection System shall have a Protection System maintenance and testing program for
Protection Systems that affect the reliability of the BES. The program shall include:
Protection System shall provide documentation of its Protection System maintenance and
testing program and the implementation of that program to its Regional Entity on request
(within 30 calendar days). The documentation of the program implementation shall include:
R2.1. Evidence Protection System devices were maintained and tested within the defined
intervals.
R2.2. Date each Protection System device was last tested/maintained.
C. Measures
Protection System that affects the reliability of the BES, shall have an associated Protection
System maintenance and testing program as defined in Requirement 1.
Protection System that affects the reliability of the BES, shall have evidence it provided
documentation of its associated Protection System maintenance and testing program and the
implementation of its program as defined in Requirement 2.
Testing

Page 2 of 6

D. Compliance
Regional Entity.
One calendar year.
1.3. Data Retention
Protection System and each Generator Owner that owns a generation or generator
interconnection Facility Protection System, shall retain evidence of the implementation of
its Protection System maintenance and testing program for three years.
Protection System and the Generator Owner that owns a generation or generator
interconnection Facility Protection System, shall each demonstrate compliance through
self-certification or audit (periodic, as part of targeted monitoring or initiated by
complaint or event), as determined by the Compliance Monitor.
None identified.
Version History
1 December 1,
2005
dash ().
appropriate.
in item D, 1.2.
01/20/05
1a February 17,
2011
Added Appendix 1 - Interpretation
regarding applicability of standard to
protection of radially connected
Project 2009-17
interpretation
Testing

Page 3 of 6

transformers
1a February 17,
2011
1a September 26,
2011
FERC Order issued approving interpretation
of R1 and R2 (FERCs Order is effective as
of September 26, 2011)

1.1a February 1,
2012
Errata change: Clarified inclusion of
generator interconnection Facility in
Generator Owners responsibility
2010-07
1b February 3,
2012
(FERCs Order dated March 14, 2012).
Updated version from 1a to 1b.
Project 2009-10
Interpretation
1.1b April 23, 2012 Updated standard version to 1.1b to reflect
FERC approval of PRC-005-1b.
2010-07
1.1b May 9, 2012 Adopted by Board of Trustees

Testing

Page 4 of 6

Appendix 1
documentation of its Protection System maintenance and testing program and the
implementation of that program to its Regional Reliability Organization on request (within 30
calendar days). The documentation of the program implementation shall include:
R2.1 Evidence Protection System devices were maintained and tested within the defined intervals.
R2.2 Date each Protection System device was last tested/maintained.
Question:
Response:
from the BES.

Testing

Page 5 of 6

Appendix 2

Question:
1. Does R1 require a maintenance and testing program for the battery chargers for the station batteries
that are considered part of the Protection System?
2. Does R1 require a maintenance and testing program for auxiliary relays and sensing devices? If so,
what types of auxiliary relays and sensing devices? (i.e transformer sudden pressure relays)
3. Does R1 require maintenance and testing of transmission line re-closing relays?
4. Does R1 require a maintenance and testing program for the DC circuitry that is just the circuitry with
relays and devices that control actions on breakers, etc., or does R1 require a program for the entire
circuit from the battery charger to the relays to circuit breakers and all associated wiring?
5. For R1, what are examples of "associated communications systems" that are part of Protection
Systems that require a maintenance and testing program?
Response:
1. While battery chargers are vital for ensuring station batteries are available to support Protection
System functions, they are not identified within the definition of Protection Systems. Therefore,
PRC-005-1 does not require maintenance and testing of battery chargers.
2. The existing definition of Protection System does not include auxiliary relays; therefore,
maintenance and testing of such devices is not explicitly required. Maintenance and testing of such
devices is addressed to the degree that an entitys maintenance and testing program for 3 DC control
circuits involves maintenance and testing of imbedded auxiliary relays. Maintenance and testing of
devices that respond to quantities other than electrical quantities (for example, sudden pressure
relays) are not included within Requirement R1.
3. No. Protective Relays refer to devices that detect and take action for abnormal conditions.
Automatic restoration of transmission lines is not a protective function.
4. PRC-005-1 requires that entities 1) address DC control circuitry within their program, 2) have a basis
for the way they address this item, and 3) execute the program. PRC-005-1 does not establish specific
additional requirements relative to the scope and/or methods included within the program.
5. Associated communication systems refer to communication systems used to convey essential
Protection System tripping logic, sometimes referred to as pilot relaying or teleprotection. Examples
include the following:
communications equipment involved in power-line-carrier relaying
communications equipment involved in various types of permissive protection system
Testing

Page 6 of 6

applications
direct transfer-trip systems
digital communication systems (which would include the protection system communications
functions of standard IEC 618501 as well as various proprietary systems)

Standard PRC-005-2 Protection System Maintenance
1
A. Introduction
1. Title: Protection System Maintenance
3. Purpose: To document and implement programs for the maintenance of all Protection
Systems affecting the reliability of the Bulk Electric System (BES) so that these Protection
Systems are kept in working order.
4. Applicability:
4.1.3 Distribution Provider
4.2. Facilities:
4.2.1 Protection Systems that are installed for the purpose of detecting Faults on BES
Elements (lines, buses, transformers, etc.)
4.2.2 Protection Systems used for underfrequency load-shedding systems installed per
ERO underfrequency load-shedding requirements.
4.2.3 Protection Systems used for undervoltage load-shedding systems installed to
prevent system voltage collapse or voltage instability for BES reliability.
4.2.4 Protection Systems installed as a Special Protection System (SPS) for BES
reliability.
4.2.5 Protection Systems for generator Facilities that are part of the BES, including:
4.2.5.1 Protection Systems that act to trip the generator either directly or via lockout
or auxiliary tripping relays.
4.2.5.2 Protection Systems for generator step-up transformers for generators that are
part of the BES.
4.2.5.3 Protection Systems for transformers connecting aggregated generation,
where the aggregated generation is part of the BES (e.g., transformers
connecting facilities such as wind-farms to the BES).
4.2.5.4 Protection Systems for station service or excitation transformers connected to
the generator bus of generators which are part of the BES, that act to trip the
generator either directly or via lockout or tripping auxiliary relays.
5. Effective Date: See Implementation Plan

B. Requirements
R1. Each Transmission Owner, Generator Owner, and Distribution Provider shall establish a
Protection System Maintenance Program (PSMP) for its Protection Systems identified in
Section 4.2. [Violation Risk Factor: Medium] [Time Horizon: Operations Planning]

2
The PSMP shall:
1.1. Identify which maintenance method (time-based,
performance-based per PRC-005 Attachment A, or a
combination) is used to address each Protection
System Component Type. All batteries associated
with the station dc supply Component Type of a Protection System shall be included in a
time-based program as described in Table 1-4 and Table 3.
1.2. Include the applicable monitored
Component attributes applied to each
Protection System Component Type
consistent with the maintenance intervals
specified in Tables 1-1 through 1-5,
Table 2, and Table 3 where monitoring is
used to extend the maintenance intervals
beyond those specified for unmonitored
Protection System Components.
R2. Each Transmission Owner, Generator Owner,
and Distribution Provider that uses
performance-based maintenance intervals in its
PSMP shall follow the procedure established in
PRC-005 Attachment A to establish and
maintain its performance-based intervals.
[Violation Risk Factor: Medium] [Time
R3. Each Transmission Owner, Generator Owner,
and Distribution Provider that utilizes time-
based maintenance program(s) shall maintain
its Protection System Components that are included within the time-based maintenance
program in accordance with the minimum maintenance activities and maximum maintenance
intervals prescribed within Tables 1-1 through 1-5, Table 2, and Table 3. [Violation Risk
Factor: High] [Time Horizon: Operations Planning]
R4. Each Transmission Owner, Generator Owner, and Distribution Provider that utilizes
performance-based maintenance program(s) in accordance with Requirement R2 shall
implement and follow its PSMP for its Protection
System Components that are included within the
performance-based program(s). [Violation Risk
Factor: High] [Time Horizon: Operations
Planning]
R5. Each Transmission Owner, Generator Owner, and
Distribution Provider shall demonstrate efforts to
correct identified Unresolved Maintenance Issues.
[Violation Risk Factor: Medium] [Time Horizon:
Unresolved Maintenance Issue - A
deficiency identified during a
maintenance activity that causes the
component to not meet the intended
performance, cannot be corrected
during the maintenance interval, and
requires follow-up corrective action.
Component Type - Any one of
the five specific elements of the
Protection System definition.
Component A component is any individual
discrete piece of equipment included in a
Protection System, including but not limited to
a protective relay or current sensing device.
The designation of what constitutes a control
circuit component is very dependent upon how
an entity performs and tracks the testing of the
control circuitry. Some entities test their
control circuits on a breaker basis whereas
others test their circuitry on a local zone of
protection basis. Thus, entities are allowed
the latitude to designate their own definitions
of control circuit components. Another
example of where the entity has some
discretion on determining what constitutes a
single component is the voltage and current
sensing devices, where the entity may choose
either to designate a full three-phase set of
such devices or a single device as a single
component.
3
C. Measures
M1. Each Transmission Owner, Generator Owner and Distribution Provider shall have a
documented Protection System Maintenance Programin accordance with Requirement R1.
For each Protection System Component Type, the documentation shall include the type of
maintenance method applied (time-based, performance-based, or a combination of these
maintenance methods), and shall include all batteries associated with the station dc supply
Component Types in a time-based program as described in Table 1-4 and Table 3. (Part 1.1)
For Component Types that use monitoring to extend the maintenance intervals, the responsible
entity(s) shall have evidence for each protection Component Type (such as manufacturers
specifications or engineering drawings) of the appropriate monitored Component attributes as
specified in Tables 1-1 through 1-5, Table 2, and Table 3. (Part 1.2)
M2. Each Transmission Owner, Generator Owner, and Distribution Provider that uses performance-
based maintenance intervals shall have evidence that its current performance-based
maintenance program(s) is in accordance with Requirement R2, which may include but is not
limited to Component lists, dated maintenance records, and dated analysis records and results.
M3. Each Transmission Owner, Generator Owner, and Distribution Provider that utilizes time-
based maintenance program(s) shall have evidence that it has maintained its Protection System
Components included within its time-based program in accordance with Requirement R3. The
evidence may include but is not limited to dated maintenance records, dated maintenance
summaries, dated check-off lists, dated inspection records, or dated work orders.
M4. Each Transmission Owner, Generator Owner, and Distribution Provider that utilizes
performance-based maintenance intervals in accordance with Requirement R2 shall have
evidence that it has implemented the Protection System Maintenance Program for the
Protection System Components included in its performance-based program in accordance with
Requirement R4. The evidence may include but is not limited to dated maintenance records,
dated maintenance summaries, dated check-off lists, dated inspection records, or dated work
orders.
M5. Each Transmission Owner, Generator Owner, and Distribution Provider shall have evidence
that it has undertaken efforts to correct identified Unresolved Maintenance Issues in
accordance with Requirement R5. The evidence may include but is not limited to work orders,
replacement Component orders, invoices, project schedules with completed milestones, return
material authorizations (RMAs) or purchase orders.

D. Compliance
Regional Entity
Compliance Audit
Self-Certification
Spot Checking
Self-Reporting
Complaint
4


The Transmission Owner, Generator Owner, and Distribution Provider shall each keep
data or evidence to show compliance as identified below unless directed by its
Compliance Enforcement Authority to retain specific evidence for a longer period of time
as part of an investigation.

For Requirement R1, the Transmission Owner, Generator Owner, and Distribution
Provider shall each keep its current dated Protection System Maintenance Program, as
well as any superseded versions since the preceding compliance audit, including the
documentation that specifies the type of maintenance program applied for each Protection
System Component Type.

For Requirement R2, Requirement R3, Requirement R4, and Requirement R5, the
Transmission Owner, Generator Owner, and Distribution Provider shall each keep
documentation of the two most recent performances of each distinct maintenance activity
for the Protection System Component, or all performances of each distinct maintenance
activity for the Protection System Component since the previous scheduled audit date,

None.
5

Requirement
Number
R1 The responsible entitys PSMP failed
to specify whether one Component
Type is being addressed by time-
based or performance-based
maintenance, or a combination of
both. (Part 1.1)
OR
The responsible entitys PSMP failed
to include applicable station batteries
in a time-based program. (Part 1.1)
The responsible entitys PSMP
failed to specify whether two
Component Types are being
addressed by time-based or
performance-based maintenance, or
a combination of both. (Part 1.1)
The responsible entitys PSMP
failed to include the applicable
monitoring attributes applied to each
Protection System Component Type
consistent with the maintenance
intervals specified in Tables 1-1
through 1-5, Table 2, and Table 3
where monitoring is used to extend
the maintenance intervals beyond
those specified for unmonitored
Protection System Components.
(Part 1.2).
establish a PSMP.
OR
specify whether three or more
Component Types are being
addressed by time-based or
performance-based maintenance, or
a combination of both. (Part 1.1).
R2 The responsible entity uses
performance-based maintenance
intervals in its PSMP but failed to
reduce Countable Events to no more
than 4% within three years.
NA The responsible entity uses
intervals in its PSMP but failed to
reduce Countable Events to no more
than 4% within four years.
The responsible entity uses
intervals in its PSMP but:
1) Failed to establish the technical
justification described within
Requirement R2 for the initial
use of the performance-based
PSMP
OR
2) Failed to reduce Countable
Events to no more than 4%
within five years
OR
3) Maintained a Segment with
less than 60 Components
OR
4) Failed to:
Annually update the list of
Components,
OR
6

Requirement
Number
Annually perform
maintenance on the greater
of 5% of the segment
population or 3
Components,
OR
Annually analyze the
program activities and
results for each Segment.
R3 For Protection System Components
included within a time-based
maintenance program, the
responsible entity failed to maintain
5% or less of the total Components
included within a specific Protection
System Component Type, in
accordance with the minimum
maintenance activities and maximum
maintenance intervals prescribed
within Tables 1-1 through 1-5, Table
2, and Table 3.
For Protection System Components
more than 5% but 10% or less of the
total Components included within a
specific Protection System
Component Type, in accordance
with the minimum maintenance
activities and maximum
within Tables 1-1 through 1-5,
Table 2, and Table 3.
more than 10% but 15% or less of
the total Components included
within a specific Protection System
within Tables 1-1 through 1-5, Table
2, and Table 3.
more than 15% of the total
Components included within a
within Tables 1-1 through 1-5,
Table 2, and Table 3.
R4 For Protection System Components
included within a performance-based
5% or less of the annual scheduled
maintenance for a specific Protection
System Component Type in
accordance with their performance-
based PSMP.
included within a performance-
based maintenance program, the
more than 5% but 10% or less of the
annual scheduled maintenance for a
Component Type in accordance
with their performance-based
PSMP.
included within a performance-based
more than 10% but 15% or less of
the annual scheduled maintenance
for a specific Protection System
Component Type in accordance with
their performance-based PSMP.
included within a performance-
based maintenance program, the
more than 15% of the annual
scheduled maintenance for a
Component Type in accordance
with their performance-based
PSMP.
R5 The responsible entity failed to
undertake efforts to correct 5 or
fewer identified Unresolved
undertake efforts to correct greater
than 5, but less than or equal to 10
than 10, but less than or equal to 15
than 15 identified Unresolved
7

Requirement
Number
Maintenance Issues. identified Unresolved Maintenance
Issues.
identified Unresolved Maintenance
Issues.
Maintenance Issues.
8
None

F. Supplemental Reference Document
The following documents present a detailed discussion about determination of maintenance intervals
and other useful information regarding establishment of a maintenance program.
1. PRC-005-2 Protection System Maintenance Supplementary Reference and FAQ J uly 2012.

Version History
1 December 1,
2005
dash ().
appropriate.
in item D, 1.2.
01/20/05
1a February 17,
2011
Added Appendix 1 - Interpretation
regarding applicability of standard to
protection of radially connected
transformers
Project 2009-17
interpretation
1a February 17,
2011
1a September 26,
2011
FERC Order issued approving interpretation
of R1 and R2 (FERCs Order is effective as
of September 26, 2011)

1.1a February 1,
2012
Errata change: Clarified inclusion of
generator interconnection Facility in
Generator Owners responsibility
2010-07
1b February 3,
2012
(FERCs Order dated March 14, 2012).
Updated version from 1a to 1b.
Project 2009-10
Interpretation
1.1b April 23, 2012 Updated standard version to 1.1b to reflect
FERC approval of PRC-005-1b.
2010-07
9
1.1b
May 9, 2012
PRC-005-1.1b was adopted by the Board of
Trustees as part of Project 2010-07
(GOTO).

2
November 7,
2012
Adopted by Board of Trustees Complete revision,
absorbing maintenance
requirements from PRC-
005-1b, PRC-008-0,
PRC-011-0, PRC-017-0

10
Table 1-1
Component Type - Protective Relay
Excluding distributed UFLS and distributed UVLS (see Table 3)

Component Attributes
Maximum
Maintenance
Interval
1

Maintenance Activities
Any unmonitored protective relay not having all the monitoring attributes
of a category below.
6 calendar
years
For all unmonitored relays:
Verify that settings are as specified
For non-microprocessor relays:
Test and, if necessary calibrate
For microprocessor relays:
Verify operation of the relay inputs and outputs that are essential
to proper functioning of the Protection System.
Verify acceptable measurement of power system input values.
Monitored microprocessor protective relay with the following:
Internal self-diagnosis and alarming (see Table 2).
Voltage and/or current waveform sampling three or more times per
power cycle, and conversion of samples to numeric values for
measurement calculations by microprocessor electronics.
Alarming for power supply failure (see Table 2).
12 calendar
years
Verify:
Settings are as specified.
Operation of the relay inputs and outputs that are essential to
proper functioning of the Protection System.
Acceptable measurement of power system input values.

1
For the tables in this standard, a calendar year starts on the first day of a new year (J anuary 1) after a maintenance activity has been completed.
For the tables in this standard, a calendar month starts on the first day of the first month after a maintenance activity has been completed.
11
Table 1-1
Component Type - Protective Relay

Maximum
Maintenance
Interval
1

Monitored microprocessor protective relay with preceding row attributes
and the following:
Ac measurements are continuously verified by comparison to an
independent ac measurement source, with alarming for excessive error
(See Table 2).
Some or all binary or status inputs and control outputs are monitored
by a process that continuously demonstrates ability to perform as
designed, with alarming for failure (See Table 2).
Alarming for change of settings (See Table 2).
12 calendar
years
Verify only the unmonitored relay inputs and outputs that are
essential to proper functioning of the Protection System.

12

Table 1-2
Component Type - Communications Systems

Maximum
Maintenance
Interval
Any unmonitored communications system necessary for correct operation of
protective functions, and not having all the monitoring attributes of a category
below.
4 calendar
months
Verify that the communications system is functional.
6 calendar
years
Verify that the communications system meets performance
criteria pertinent to the communications technology applied (e.g.
signal level, reflected power, or data error rate).
Verify operation of communications system inputs and outputs
that are essential to proper functioning of the Protection System.
Any communications system with continuous monitoring or periodic
automated testing for the presence of the channel function, and alarming for
loss of function (See Table 2).
12 calendar
years
Verify that the communications system meets performance
criteria pertinent to the communications technology applied (e.g.
signal level, reflected power, or data error rate).
Verify operation of communications system inputs and outputs
that are essential to proper functioning of the Protection System.
Any communications system with all of the following:
Continuous monitoring or periodic automated testing for the performance
of the channel using criteria pertinent to the communications technology
applied (e.g. signal level, reflected power, or data error rate, and alarming
for excessive performance degradation). (See Table 2)
Some or all binary or status inputs and control outputs are monitored by a
process that continuously demonstrates ability to perform as designed,
with alarming for failure (See Table 2).
12 calendar
years
Verify only the unmonitored communications system inputs and
outputs that are essential to proper functioning of the Protection
System

13

Table 1-3
Component Type - Voltage and Current Sensing Devices Providing Inputs to Protective Relays

Maximum
Maintenance
Interval
Any voltage and current sensing devices not having monitoring
attributes of the category below.
12 calendar years
Verify that current and voltage signal values are provided to the
protective relays.
Voltage and Current Sensing devices connected to microprocessor
relays with AC measurements are continuously verified by comparison
of sensing input value, as measured by the microprocessor relay, to an
independent ac measurement source, with alarming for unacceptable
error or failure (see Table 2).
No periodic
maintenance
specified
None.
14

Table 1-4(a)
Component Type Protection System Station dc Supply Using Vented Lead-Acid (VLA) Batteries

Protection System Station dc supply used only for non-BES interrupting devices for SPS, non-distributed UFLS systems, or non-distributed UVLS systems is
excluded (see Table 1-4(e)).
Maximum
Maintenance
Interval
Protection System Station dc supply using Vented Lead-Acid
(VLA) batteries not having monitoring attributes of Table 1-
4(f).
4 Calendar Months
Verify:
Station dc supply voltage
Inspect:
Electrolyte level
For unintentional grounds
18 Calendar
Months
Verify:
Float voltage of battery charger
Battery continuity
Battery terminal connection resistance
Battery intercell or unit-to-unit connection resistance
Inspect:
Cell condition of all individual battery cells where cells are visible
or measure battery cell/unit internal ohmic values where the cells are
not visible
Physical condition of battery rack
15
Table 1-4(a)
Component Type Protection System Station dc Supply Using Vented Lead-Acid (VLA) Batteries

Maximum
Maintenance
Interval
18 Calendar
Months
-or-
6 Calendar Years
Verify that the station battery can perform as manufactured by
evaluating cell/unit measurements indicative of battery performance
(e.g. internal ohmic values or float current) against the station battery
baseline.
-or-
conducting a performance or modified performance capacity test of the
entire battery bank.

16

Table 1-4(b)
Component Type Protection System Station dc Supply Using Valve-Regulated Lead-Acid (VRLA) Batteries

Maximum
Maintenance
Interval
Protection System Station dc supply with Valve Regulated
Lead-Acid (VRLA) batteries not having monitoring attributes
of Table 1-4(f).
4 Calendar Months
Verify:
Inspect:
6 Calendar Months

Inspect:
Condition of all individual units by measuring battery cell/unit
internal ohmic values.
18 Calendar
Months
Verify:
Battery continuity
Inspect:
17
Table 1-4(b)
Component Type Protection System Station dc Supply Using Valve-Regulated Lead-Acid (VRLA) Batteries

Maximum
Maintenance
Interval
6 Calendar Months
-or-
3 Calendar Years
evaluating cell/unit measurements indicative of battery performance
(e.g. internal ohmic values or float current) against the station battery
baseline.
-or-

18

Table 1-4(c)
Component Type Protection System Station dc Supply Using Nickel-Cadmium (NiCad) Batteries

Protection System Station dc supply used only for non-BES interrupting devices for SPS, non-distributed UFLS system, or non-distributed UVLS systems is
Maximum
Maintenance
Interval
Protection System Station dc supply Nickel-Cadmium
(NiCad) batteries not having monitoring attributes of Table 1-
4(f).
4 Calendar Months
Verify:
Inspect:
Electrolyte level
18 Calendar
Months
Verify:
Battery continuity
Inspect:
Cell condition of all individual battery cells.
6 Calendar Years

19

Table 1-4(d)
Component Type Protection System Station dc Supply Using Non Battery Based Energy Storage

Protection System Station dc supply used only for non-BES interrupting devices for SPS, non-distributed UFLS system, or non-distributed UVLS systems is
Maximum
Maintenance
Interval
Any Protection System station dc supply not using a battery
and not having monitoring attributes of Table 1-4(f).
4 Calendar Months
Verify:
Inspect:
18 Calendar Months
Inspect:
Condition of non-battery based dc supply
6 Calendar Years
Verify that the dc supply can perform as manufactured when ac power
is not present.

20

Table 1-4(e)
Component Type Protection System Station dc Supply for non-BES Interrupting Devices for SPS, non-distributed UFLS, and non-
distributed UVLS systems
Maximum
Maintenance
Interval
Any Protection System dc supply used for tripping only non-
BES interrupting devices as part of a SPS, non-distributed
UFLS, or non-distributed UVLS system and not having
monitoring attributes of Table 1-4(f).
When control
circuits are verified
(See Table 1-5)
Verify Station dc supply voltage.

21

Table 1-4(f)
Exclusions for Protection System Station dc Supply Monitoring Devices and Systems
Maximum Maintenance
Interval
Any station dc supply with high and low voltage monitoring
and alarming of the battery charger voltage to detect charger
overvoltage and charger failure (See Table 2).
No periodic maintenance
specified

No periodic verification of station dc supply voltage is
required.
Any battery based station dc supply with electrolyte level
monitoring and alarming in every cell (See Table 2).
No periodic inspection of the electrolyte level for each cell is
required.
Any station dc supply with unintentional dc ground monitoring
and alarming (See Table 2).
No periodic inspection of unintentional dc grounds is
required.
Any station dc supply with charger float voltage monitoring
and alarming to ensure correct float voltage is being applied on
the station dc supply (See Table 2).
No periodic verification of float voltage of battery charger is
required.
Any battery based station dc supply with monitoring and
alarming of battery string continuity (See Table 2).
No periodic verification of the battery continuity is required.
Any battery based station dc supply with monitoring and
alarming of the intercell and/or terminal connection detail
resistance of the entire battery (See Table 2).
No periodic verification of the intercell and terminal
connection resistance is required.
Any Valve Regulated Lead-Acid (VRLA) or Vented Lead-
Acid (VLA) station battery with internal ohmic value or float
current monitoring and alarming, and evaluating present values
relative to baseline internal ohmic values for every cell/unit
(See Table 2).
No periodic evaluation relative to baseline of battery cell/unit
measurements indicative of battery performance is required to
verify the station battery can perform as manufactured.
Any Valve Regulated Lead-Acid (VRLA) or Vented Lead-
Acid (VLA) station battery with monitoring and alarming of
each cell/unit internal ohmic value (See Table 2).
No periodic inspection of the condition of all individual units
by measuring battery cell/unit internal ohmic values of a
station VRLA or Vented Lead-Acid (VLA) battery is
required.

22

Table 1-5
Component Type - Control Circuitry Associated With Protective Functions
Note: Table requirements apply to all Control Circuitry Components of Protection Systems, and SPSs except as noted.
Maximum
Maintenance
Interval
Trip coils or actuators of circuit breakers, interrupting devices, or mitigating
devices (regardless of any monitoring of the control circuitry).
6 calendar
years
Verify that each trip coil is able to operate the circuit
breaker, interrupting device, or mitigating device.
Electromechanical lockout devices which are directly in a trip path from the
protective relay to the interrupting device trip coil (regardless of any
monitoring of the control circuitry).
6 calendar
years
Verify electrical operation of electromechanical lockout
devices.
Unmonitored control circuitry associated with SPS.
12 calendar
years
Verify all paths of the control circuits essential for proper
operation of the SPS.
Unmonitored control circuitry associated with protective functions inclusive of
all auxiliary relays.
12 calendar
years
Verify all paths of the trip circuits inclusive of all auxiliary
relays through the trip coil(s) of the circuit breakers or other
interrupting devices.
Control circuitry associated with protective functions and/or SPS whose
integrity is monitored and alarmed (See Table 2).
No periodic
maintenance
specified
None.
23

Table 2 Alarming Paths and Monitoring
In Tables 1-1 through 1-5 and Table 3, alarm attributes used to justify extended maximum maintenance intervals and/or reduced maintenance
activities are subject to the following maintenance requirements
Maximum
Maintenance
Interval
Any alarm path through which alarms in Tables 1-1 through 1-5 and Table 3 are
conveyed from the alarm origin to the location where corrective action can be
initiated, and not having all the attributes of the Alarm Path with monitoring
category below.
Alarms are reported within 24 hours of detection to a location where corrective
action can be initiated.
12 Calendar Years
Verify that the alarm path conveys alarm signals to
a location where corrective action can be initiated.
Alarm Path with monitoring:
The location where corrective action is taken receives an alarm within 24 hours
for failure of any portion of the alarming path from the alarm origin to the
location where corrective action can be initiated.
No periodic
maintenance
specified
None.

24

Table 3
Maintenance Activities and Intervals for distributed UFLS and distributed UVLS Systems
Maximum
Maintenance
Interval
Any unmonitored protective relay not having all the monitoring attributes of a
category below.
6 calendar
years
Verify that settings are as specified
For non-microprocessor relays:
Test and, if necessary calibrate
For microprocessor relays:
Verify operation of the relay inputs and outputs that are
Verify acceptable measurement of power system input
values.
Monitored microprocessor protective relay with the following:
Internal self diagnosis and alarming (See Table 2).
Voltage and/or current waveform sampling three or more times per power
cycle, and conversion of samples to numeric values for measurement
calculations by microprocessor electronics.
Alarming for power supply failure (See Table 2).
12 calendar
years
Verify:
Settings are as specified.
Operation of the relay inputs and outputs that are essential to
proper functioning of the Protection System.
Acceptable measurement of power system input values
Monitored microprocessor protective relay with preceding row attributes and
the following:
Ac measurements are continuously verified by comparison to an
independent ac measurement source, with alarming for excessive error
(See Table 2).
Some or all binary or status inputs and control outputs are monitored by a
process that continuously demonstrates ability to perform as designed,
with alarming for failure (See Table 2).
12 calendar
years
Verify only the unmonitored relay inputs and outputs that are
25
Table 3
Maintenance Activities and Intervals for distributed UFLS and distributed UVLS Systems
Maximum
Maintenance
Interval
Alarming for change of settings (See Table 2).
Voltage and/or current sensing devices associated with UFLS or UVLS
systems.
12 calendar
years
Verify that current and/or voltage signal values are provided to
the protective relays.
Protection System dc supply for tripping non-BES interrupting devices used
only for a UFLS or UVLS system.
12 calendar
years
Verify Protection System dc supply voltage.
Control circuitry between the UFLS or UVLS relays and electromechanical
lockout and/or tripping auxiliary devices (excludes non-BES interrupting
device trip coils).
12 calendar
years
Verify the path from the relay to the lockout and/or tripping
auxiliary relay (including essential supervisory logic).
Electromechanical lockout and/or tripping auxiliary devices associated only
with UFLS or UVLS systems (excludes non-BES interrupting device trip
coils).
12 calendar
years
Verify electrical operation of electromechanical lockout and/or
tripping auxiliary devices.
Control circuitry between the electromechanical lockout and/or tripping
auxiliary devices and the non-BES interrupting devices in UFLS or UVLS
systems, or between UFLS or UVLS relays (with no interposing
electromechanical lockout or auxiliary device) and the non-BES interrupting
devices (excludes non-BES interrupting device trip coils).
No periodic
maintenance
specified
None.
Trip coils of non-BES interrupting devices in UFLS or UVLS systems.
No periodic
maintenance
specified
None.
26
PRC-005 Attachment A
Criteria for a Performance-Based Protection System Maintenance Program

Purpose: To establish a technical basis for initial and continued use of a performance-based
Protection System Maintenance Program (PSMP).

To establish the technical justification for the initial use of a performance-based PSMP:
1. Develop a list with a description of
Components included in each designated
Segment of the Protection System
Component population, with a minimum
Segment population of 60 Components.
2. Maintain the Components in each
Segment according to the time-based
maximum allowable intervals established
in Tables 1-1 through 1-5 and Table 3
until results of maintenance activities for
the Segment are available for a minimum of 30 individual Components of the Segment.
3. Document the maintenance program activities and results for each Segment, including
maintenance dates and Countable Events
for each included Component.
4. Analyze the maintenance program
activities and results for each Segment to
determine the overall performance of the
Segment and develop maintenance
intervals.
5. Determine the maximum allowable
maintenance interval for each Segment
such that the Segment experiences
Countable Events on no more than 4% of
the Components within the Segment, for
the greater of either the last 30
Components maintained or all Components maintained in the previous year.
To maintain the technical justification for the ongoing use of a performance-based PSMP:
1. At least annually, update the list of Protection System Components and Segments and/or
description if any changes occur within the Segment.
2. Perform maintenance on the greater of 5% of the Components (addressed in the
performance based PSMP) in each Segment or 3 individual Components within the
Segment in each year.
3. For the prior year, analyze the maintenance program activities and results for each
Segment to determine the overall performance of the Segment.
Countable Event A failure of a component
requiring repair or replacement, any condition
discovered during the maintenance activities in
Tables 1-1 through 1-5 and Table 3 which requires
corrective action, or a Misoperation attributed to
hardware failure or calibration failure.
Misoperations due to product design errors,
software errors, relay settings different from
specified settings, Protection System component
configuration errors, or Protection System
application errors are not included in Countable
Events.
Segment Protection Systems or components
of a consistent design standard, or a
particular model or type from a single
manufacturer that typically share other
common elements. Consistent performance is
expected across the entire population of a
Segment. A Segment must contain at least
sixty (60) individual components.
27
4. Using the prior years data, determine the maximum allowable maintenance interval for
each Segment such that the Segment experiences Countable Events on no more than 4%
of the Components within the Segment, for the greater of either the last 30 Components
maintained or all Components maintained in the previous year.
5. If the Components in a Protection System Segment maintained through a performance-
based PSMP experience 4% or more Countable Events, develop, document, and
implement an action plan to reduce the Countable Events to less than 4% of the Segment
population within 3 years.

Standard PRC-006-0 Development and Documentation of Regional UFLS Programs


A. Introduction
1. Title: Development and Documentation of Regional Reliability Organizations
Underfrequency Load Shedding Programs
3. Purpose: Provide last resort system preservation measures by implementing an Under
Frequency Load Shedding (UFLS) program.
4. Applicability:
B. Requirements
R1. Each Regional Reliability Organization shall develop, coordinate, and document an UFLS
program, which shall include the following:
R1.1. Requirements for coordination of UFLS programs within the subregions, Regional
Reliability Organization and, where appropriate, among Regional Reliability
Organizations.
R1.2. Design details shall include, but are not limited to:
R1.2.1. Frequency set points.
R1.2.2. Size of corresponding load shedding blocks (% of connected loads.)
R1.2.3. Intentional and total tripping time delays.
R1.2.4. Generation protection.
R1.2.5. Tie tripping schemes.
R1.2.6. Islanding schemes.
R1.2.7. Automatic load restoration schemes.
R1.2.8. Any other schemes that are part of or impact the UFLS programs.
R1.3. A Regional Reliability Organization UFLS program database. This database shall be
updated as specified in the Regional Reliability Organization program (but at least
every five years) and shall include sufficient information to model the UFLS program
in dynamic simulations of the interconnected transmission systems.
R1.4. Assessment and documentation of the effectiveness of the design and implementation
of the Regional UFLS program. This assessment shall be conducted periodically and
shall (at least every five years or as required by changes in system conditions) include,
but not be limited to:
R1.4.1. A review of the frequency set points and timing, and
R1.4.2. Dynamic simulation of possible Disturbance that cause the Region or
portions of the Region to experience the largest imbalance between Demand
(Load) and generation.
R2. The Regional Reliability Organization shall provide documentation of its UFLS program and
its database information to NERC on request (within 30 calendar days).


R3. The Regional Reliability Organization shall provide documentation of the assessment of its
UFLS program to NERC on request (within 30 calendar days).
C. Measures
M1. The Regional Reliability Organization shall have documentation of the UFLS program and
current UFLS database.
M2. The Regional Reliability Organization shall have evidence it provided documentation of its
UFLS program and its database information to NERC as specified in Reliability Standard
PRC-006-0_R2.
assessment of its UFLS program to NERC as specified in Reliability Standard PRC-006-0_R3.
D. Compliance
On request (within 30 calendar days) for the program, database, and results of
assessments.
1.3. Data Retention
None specified.
None.
2.1. Level 1: Documentation demonstrating the coordination of the Regional Reliability
Organizations UFLS program was incomplete in one of the elements in Reliability
Standard PRC-006-0_R1.
2.4. Level 4: Documentation demonstrating the coordination of the Regional Reliability
Organizations UFLS program was incomplete in two or more requirements or
documentation demonstrating the coordination of the Regional Reliability Organizations
UFLS program was not provided, or an assessment was not completed in the last five
years.


1. None identified.
Version History

Standard PRC-006-1 Automatic Underfrequency Load Shedding
Page 1 of 29

A. Introduction
1. Title: Automatic Underfrequency Load Shedding
3. Purpose: To establish design and documentation requirements for automatic
underfrequency load shedding (UFLS) programs to arrest declining frequency, assist
recovery of frequency following underfrequency events and provide last resort system
preservation measures.
4. Applicability:
4.1. Planning Coordinators
4.2. UFLS entities shall mean all entities that are responsible for the ownership,
operation, or control of UFLS equipment as required by the UFLS program
established by the Planning Coordinators. Such entities may include one or more
of the following:
4.2.2 Distribution Providers
4.3 Transmission Owners that own Elements identified in the UFLS program
established by the Planning Coordinators.
5. (Proposed) Effective Date:
5.1. The standard, with the exception of Requirement R4, Parts 4.1 through 4.6, is
effective the first day of the first calendar quarter one year after applicable
regulatory approvals.
5.2. Parts 4.1 through 4.6 of Requirement R4 shall become effective and enforceable
one year following the receipt of generation data as required in PRC-024-1, but no
sooner than one year following the first day of the first calendar quarter after
applicable regulatory approvals of PRC-006-1.
B. Requirements
R1. Each Planning Coordinator shall develop and document criteria, including
consideration of historical events and system studies, to select portions of the Bulk
Electric System (BES), including interconnected portions of the BES in adjacent
Planning Coordinator areas and Regional Entity areas that may form islands. [VRF:
Medium][Time Horizon: Long-term Planning]
R2. Each Planning Coordinator shall identify one or more islands to serve as a basis for
designing its UFLS program including: [VRF: Medium][Time Horizon: Long-term
Planning]
2.1. Those islands selected by applying the criteria in Requirement R1, and
Page 2 of 29

2.2. Any portions of the BES designed to detach from the Interconnection (planned
islands) as a result of the operation of a relay scheme or Special Protection
System, and
2.3. A single island that includes all portions of the BES in either the Regional Entity
area or the Interconnection in which the Planning Coordinators area resides. If a
Planning Coordinators area resides in multiple Regional Entity areas, each of
those Regional Entity areas shall be identified as an island. Planning
Coordinators may adjust island boundaries to differ from Regional Entity area
boundaries by mutual consent where necessary for the sole purpose of producing
contiguous regional islands more suitable for simulation.
R3. Each Planning Coordinator shall develop a UFLS program, including notification of
and a schedule for implementation by UFLS entities within its area, that meets the
following performance characteristics in simulations of underfrequency conditions
resulting from an imbalance scenario, where an imbalance =[(load actual
generation output) / (load)], of up to 25 percent within the identified island(s). [VRF:
High][Time Horizon: Long-term Planning]
3.1. Frequency shall remain above the Underfrequency Performance Characteristic
curve in PRC-006-1 - Attachment 1, either for 60 seconds or until a steady-state
condition between 59.3 Hz and 60.7 Hz is reached, and
3.2. Frequency shall remain below the Overfrequency Performance Characteristic
curve in PRC-006-1 - Attachment 1, either for 60 seconds or until a steady-state
condition between 59.3 Hz and 60.7 Hz is reached, and
3.3. Volts per Hz (V/Hz) shall not exceed 1.18 per unit for longer than two seconds
cumulatively per simulated event, and shall not exceed 1.10 per unit for longer
than 45 seconds cumulatively per simulated event at each generator bus and
generator step-up transformer high-side bus associated with each of the following:
3.3.1. Individual generating units greater than 20 MVA (gross nameplate rating)
directly connected to the BES
3.3.2. Generating plants/facilities greater than 75 MVA (gross aggregate
nameplate rating) directly connected to the BES
3.3.3. Facilities consisting of one or more units connected to the BES at a
common bus with total generation above 75 MVA gross nameplate rating.
R4. Each Planning Coordinator shall conduct and document a UFLS design assessment at
least once every five years that determines through dynamic simulation whether the
UFLS program design meets the performance characteristics in Requirement R3 for
each island identified in Requirement R2. The simulation shall model each of the
following: [VRF: High][Time Horizon: Long-term Planning]
Page 3 of 29

4.1. Underfrequency trip settings of individual generating units greater than 20 MVA
(gross nameplate rating) directly connected to the BES that trip above the
Generator Underfrequency Trip Modeling curve in PRC-006-1 - Attachment 1.
4.2. Underfrequency trip settings of generating plants/facilities greater than 75 MVA
(gross aggregate nameplate rating) directly connected to the BES that trip above
the Generator Underfrequency Trip Modeling curve in PRC-006-1 - Attachment
1.
4.3. Underfrequency trip settings of any facility consisting of one or more units
connected to the BES at a common bus with total generation above 75 MVA
(gross nameplate rating) that trip above the Generator Underfrequency Trip
Modeling curve in PRC-006-1 - Attachment 1.
4.4. Overfrequency trip settings of individual generating units greater than 20 MVA
(gross nameplate rating) directly connected to the BES that trip below the
Generator Overfrequency Trip Modeling curve in PRC-006-1 Attachment 1.
4.5. Overfrequency trip settings of generating plants/facilities greater than 75 MVA
(gross aggregate nameplate rating) directly connected to the BES that trip below
the Generator Overfrequency Trip Modeling curve in PRC-006-1 Attachment
1.
4.6. Overfrequency trip settings of any facility consisting of one or more units
connected to the BES at a common bus with total generation above 75 MVA
(gross nameplate rating) that trip below the Generator Overfrequency Trip
Modeling curve in PRC-006-1 Attachment 1.
4.7. Any automatic Load restoration that impacts frequency stabilization and operates
within the duration of the simulations run for the assessment.
R5. Each Planning Coordinator, whose area or portions of whose area is part of an island
identified by it or another Planning Coordinator which includes multiple Planning
Coordinator areas or portions of those areas, shall coordinate its UFLS program design
with all other Planning Coordinators whose areas or portions of whose areas are also
part of the same identified island through one of the following: [VRF: High][Time
Develop a common UFLS program design and schedule for implementation per
Requirement R3 among the Planning Coordinators whose areas or portions of
whose areas are part of the same identified island, or
Conduct a joint UFLS design assessment per Requirement R4 among the
Planning Coordinators whose areas or portions of whose areas are part of the
same identified island, or
Conduct an independent UFLS design assessment per Requirement R4 for the
identified island, and in the event the UFLS design assessment fails to meet
Requirement R3, identify modifications to the UFLS program(s) to meet
Page 4 of 29

Requirement R3 and report these modifications as recommendations to the other
Planning Coordinators whose areas or portions of whose areas are also part of the
same identified island and the ERO.
R6. Each Planning Coordinator shall maintain a UFLS database containing data necessary
to model its UFLS program for use in event analyses and assessments of the UFLS
program at least once each calendar year, with no more than 15 months between
maintenance activities. [VRF: Lower][Time Horizon: Long-term Planning]
R7. Each Planning Coordinator shall provide its UFLS database containing data necessary
to model its UFLS program to other Planning Coordinators within its Interconnection
within 30 calendar days of a request. [VRF: Lower][Time Horizon: Long-term
Planning]
R8. Each UFLS entity shall provide data to its Planning Coordinator(s) according to the
format and schedule specified by the Planning Coordinator(s) to support maintenance
of each Planning Coordinators UFLS database. [VRF: Lower][Time Horizon: Long-
term Planning]
R9. Each UFLS entity shall provide automatic tripping of Load in accordance with the
UFLS program design and schedule for application determined by its Planning
Coordinator(s) in each Planning Coordinator area in which it owns assets. [VRF:
R10. Each Transmission Owner shall provide automatic switching of its existing capacitor
banks, Transmission Lines, and reactors to control over-voltage as a result of
underfrequency load shedding if required by the UFLS program and schedule for
application determined by the Planning Coordinator(s) in each Planning Coordinator
area in which the Transmission Owner owns transmission. [VRF: High][Time Horizon:
Long-term Planning]
R11. Each Planning Coordinator, in whose area a BES islanding event results in system
frequency excursions below the initializing set points of the UFLS program, shall
conduct and document an assessment of the event within one year of event actuation to
evaluate: [VRF: Medium][Time Horizon: Operations Assessment]
11.1. The performance of the UFLS equipment,
11.2. The effectiveness of the UFLS program.
R12. Each Planning Coordinator, in whose islanding event assessment (per R11) UFLS
program deficiencies are identified, shall conduct and document a UFLS design
assessment to consider the identified deficiencies within two years of event actuation.
[VRF: Medium][Time Horizon: Operations Assessment]
R13. Each Planning Coordinator, in whose area a BES islanding event occurred that also
included the area(s) or portions of area(s) of other Planning Coordinator(s) in the same
islanding event and that resulted in system frequency excursions below the initializing
set points of the UFLS program, shall coordinate its event assessment (in accordance
Page 5 of 29

with Requirement R11) with all other Planning Coordinators whose areas or portions
of whose areas were also included in the same islanding event through one of the
following: [VRF: Medium][Time Horizon: Operations Assessment]
Conduct a joint event assessment per Requirement R11 among the Planning
Coordinators whose areas or portions of whose areas were included in the same
islanding event, or
Conduct an independent event assessment per Requirement R11 that reaches
conclusions and recommendations consistent with those of the event assessments
of the other Planning Coordinators whose areas or portions of whose areas were
included in the same islanding event, or
Conduct an independent event assessment per Requirement R11 and where the
assessment fails to reach conclusions and recommendations consistent with those
of the event assessments of the other Planning Coordinators whose areas or
portions of whose areas were included in the same islanding event, identify
differences in the assessments that likely resulted in the differences in the
conclusions and recommendations and report these differences to the other
Planning Coordinators whose areas or portions of whose areas were included in
the same islanding event and the ERO.
R14. Each Planning Coordinator shall respond to written comments submitted by UFLS
entities and Transmission Owners within its Planning Coordinator area following a
comment period and before finalizing its UFLS program, indicating in the written
response to comments whether changes will be made or reasons why changes will not
be made to the following [VRF: Lower][Time Horizon: Long-term Planning]:
14.1. UFLS program, including a schedule for implementation
14.2. UFLS design assessment
14.3. Format and schedule of UFLS data submittal
C. Measures
M1. Each Planning Coordinator shall have evidence such as reports, or other documentation
of its criteria to select portions of the Bulk Electric System that may form islands
including how system studies and historical events were considered to develop the
criteria per Requirement R1.
M2. Each Planning Coordinator shall have evidence such as reports, memorandums,
e-mails, or other documentation supporting its identification of an island(s) as a basis
for designing a UFLS program that meet the criteria in Requirement R2, Parts 2.1
through 2.3.
M3. Each Planning Coordinator shall have evidence such as reports, memorandums,
e-mails, program plans, or other documentation of its UFLS program, including the
notification of the UFLS entities of implementation schedule, that meet the criteria in
Requirement R3, Parts 3.1 through 3.3.
Page 6 of 29

M4. Each Planning Coordinator shall have dated evidence such as reports, dynamic
simulation models and results, or other dated documentation of its UFLS design
assessment that demonstrates it meets Requirement R4, Parts 4.1 through 4.7.
M5. Each Planning Coordinator, whose area or portions of whose area is part of an island
identified by it or another Planning Coordinator which includes multiple Planning
Coordinator areas or portions of those areas, shall have dated evidence such as joint
UFLS program design documents, reports describing a joint UFLS design assessment,
letters that include recommendations, or other dated documentation demonstrating that
it coordinated its UFLS program design with all other Planning Coordinators whose
areas or portions of whose areas are also part of the same identified island per
Requirement R5.
M6. Each Planning Coordinator shall have dated evidence such as a UFLS database, data
requests, data input forms, or other dated documentation to show that it maintained a
UFLS database for use in event analyses and assessments of the UFLS program per
Requirement R6 at least once each calendar year, with no more than 15 months
between maintenance activities.
M7. Each Planning Coordinator shall have dated evidence such as letters, memorandums, e-
mails or other dated documentation that it provided their UFLS database to other
Planning Coordinators within their Interconnection within 30 calendar days of a
request per Requirement R7.
M8. Each UFLS Entity shall have dated evidence such as responses to data requests,
spreadsheets, letters or other dated documentation that it provided data to its Planning
Coordinator according to the format and schedule specified by the Planning
Coordinator to support maintenance of the UFLS database per Requirement R8.
M9. Each UFLS Entity shall have dated evidence such as spreadsheets summarizing feeder
load armed with UFLS relays, spreadsheets with UFLS relay settings, or other dated
documentation that it provided automatic tripping of load in accordance with the UFLS
program design and schedule for application per Requirement R9.
M10. Each Transmission Owner shall have dated evidence such as relay settings, tripping
logic or other dated documentation that it provided automatic switching of its existing
capacitor banks, Transmission Lines, and reactors in order to control over-voltage as a
result of underfrequency load shedding if required by the UFLS program and schedule
for application per Requirement R10.
M11. Each Planning Coordinator shall have dated evidence such as reports, data gathered
from an historical event, or other dated documentation to show that it conducted an
event assessment of the performance of the UFLS equipment and the effectiveness of
the UFLS program per Requirement R11.
M12. Each Planning Coordinator shall have dated evidence such as reports, data gathered
from an historical event, or other dated documentation to show that it conducted a
Page 7 of 29

UFLS design assessment per Requirements R12 and R4 if UFLS program deficiencies
are identified in R11.
M13. Each Planning Coordinator, in whose area a BES islanding event occurred that also
included the area(s) or portions of area(s) of other Planning Coordinator(s) in the same
islanding event and that resulted in system frequency excursions below the initializing
set points of the UFLS program, shall have dated evidence such as a joint assessment
report, independent assessment reports and letters describing likely reasons for
differences in conclusions and recommendations, or other dated documentation
demonstrating it coordinated its event assessment (per Requirement R11) with all other
Planning Coordinator(s) whose areas or portions of whose areas were also included in
the same islanding event per Requirement R13.
M14. Each Planning Coordinator shall have dated evidence of responses, such as e-mails and
letters, to written comments submitted by UFLS entities and Transmission Owners
within its Planning Coordinator area following a comment period and before finalizing
its UFLS program per Requirement R14.

D. Compliance
Regional Entity
1.2. Data Retention
Each Planning Coordinator and UFLS entity shall keep data or evidence to show
investigation:
Each Planning Coordinator shall retain the current evidence of Requirements
R1, R2, R3, R4, R5, R12, and R14, Measures M1, M2, M3, M4, M5, M12,
and M14 as well as any evidence necessary to show compliance since the last
compliance audit.
Each Planning Coordinator shall retain the current evidence of UFLS database
update in accordance with Requirement R6, Measure M6, and evidence of the
prior years UFLS database update.
Each Planning Coordinator shall retain evidence of any UFLS database
transmittal to another Planning Coordinator since the last compliance audit in
accordance with Requirement R7, Measure M7.
Each UFLS entity shall retain evidence of UFLS data transmittal to the
Planning Coordinator(s) since the last compliance audit in accordance with
Page 8 of 29

Each UFLS entity shall retain the current evidence of adherence with the
UFLS program in accordance with Requirement R9, Measure M9, and
evidence of adherence since the last compliance audit.
Transmission Owner shall retain the current evidence of adherence with the
UFLS program in accordance with Requirement R10, Measure M10, and
evidence of adherence since the last compliance audit.
Each Planning Coordinator shall retain evidence of Requirements R11, and
R13, and Measures M11, and M13 for 6 calendar years.
If a Planning Coordinator or UFLS entity is found non-compliant, it shall keep
information related to the non-compliance until found compliant or for the
retention period specified above, whichever is longer.
Compliance Audit
Self-Certification
Spot Checking
Self-Reporting
Complaint
Not applicable.
Page 9 of 29

R1 N/A

developed and documented criteria
but failed to include the
consideration of historical events,
to select portions of the BES,
including interconnected portions
of the BES in adjacent Planning
Coordinator areas and Regional
Entity areas that may form islands.
OR
consideration of system studies, to
select portions of the BES,
Entity areas, that may form islands.
consideration of historical events
and system studies, to select
portions of the BES, including
interconnected portions of the BES
in adjacent Planning Coordinator
areas and Regional Entity areas,
that may form islands.
The Planning Coordinator failed to
develop and document criteria to
select portions of the BES,
Entity areas, that may form islands.
R2 N/A The Planning Coordinator
identified an island(s) to serve as
a basis for designing its UFLS
program but failed to include one
(1) of the Parts as specified in
2.3.
program but failed to include two
(2) of the Parts as specified in
2.3.
program but failed to include all of
the Parts as specified in
2.3.
OR
identify any island(s) to serve as a
basis for designing its UFLS
program.
Page 10 of 29

R3 N/A

developed a UFLS program,
including notification of and a
schedule for implementation by
UFLS entities within its area where
imbalance = [(load actual
generation output) / (load)], of up to
25 percent within the identified
island(s)., but failed to meet one
(1) of the performance
characteristic in Requirement R3,
Parts 3.1, 3.2, or 3.3 in simulations
of underfrequency conditions.
developed a UFLS program
island(s)., but failed to meet two (2)
of the performance characteristic in
3.3 in simulations of
underfrequency conditions.
developed a UFLS program
island(s).,but failed to meet all the
performance characteristic in
Requirement R3, Parts 3.1, 3.2,
and 3.3 in simulations of
underfrequency conditions.
OR
develop a UFLS program including
notification of and a schedule for
implementation by UFLS entities
within its area
conducted and documented a
UFLS assessment at least once
every five years that determined
through dynamic simulation
whether the UFLS program design
met the performance
characteristics in Requirement R3
for each island identified in
Requirement R2 but the simulation
failed to include one (1) of the
items as specified in Requirement
R4, Parts 4.1 through 4.7.

met the performance
failed to include two (2) of the
met the performance
failed to include three (3) of the
met the performance
but simulation failed to include four
(4) or more of the items as
Parts 4.1 through 4.7.
OR
Page 11 of 29

conduct and document a UFLS
assessment at least once every
five years that determines through
dynamic simulation whether the
UFLS program design meets the
performance characteristics in
Requirement R3 for each island
R5 N/A N/A N/A

The Planning Coordinator, whose
area or portions of whose area is
part of an island identified by it or
another Planning Coordinator
which includes multiple Planning
Coordinator areas or portions of
those areas, failed to coordinate its
UFLS program design through one
of the manners described in
Requirement R5.
R6 N/A

N/A N/A The Planning Coordinator failed to
maintain a UFLS database for use
in event analyses and
assessments of the UFLS program
at least once each calendar year,
with no more than 15 months
between maintenance activities.
R7 The Planning Coordinator provided
its UFLS database to other
Planning Coordinators more than
30 calendar days and up to and
including 40 calendar days
following the request.
The Planning Coordinator provided
40 calendar days but less than and

50 calendar days but less than and

60 calendar days following the
request.
OR
Page 12 of 29

provide its UFLS database to other
Planning Coordinators.
R8 The UFLS entity provided data to
its Planning Coordinator(s) less
following the schedule specified by
the Planning Coordinator(s) to
support maintenance of each
Planning Coordinators UFLS
database.

The UFLS entity provided data to
its Planning Coordinator(s) more
database.
OR
its Planning Coordinator(s) but the
data was not according to the
format specified by the Planning
Coordinator(s) to support
maintenance of each Planning
Coordinators UFLS database.
database.

than 20 calendar days following the
schedule specified by the Planning
Coordinator(s) to support
maintenance of each Planning
Coordinators UFLS database.
OR
The UFLS entity failed to provide
data to its Planning Coordinator(s)
to support maintenance of each
database.

R9 The UFLS entity provided less than
100% but more than (and
including) 95% of automatic
tripping of Load in accordance with
the UFLS program design and
schedule for application
determined by the Planning
Coordinator(s) area in which it
owns assets.
The UFLS entity provided less than
95% but more than (and including)
90% of automatic tripping of Load
in accordance with the UFLS
program design and schedule for
application determined by the
Planning Coordinator(s) area in
which it owns assets.
90% but more than (and including)
R10 The Transmission Owner provided
less than 100% but more than (and
including) 95% automatic switching
of its existing capacitor banks,
The Transmission Owner provided
less than 85% automatic switching
Transmission Lines, and reactors
Page 13 of 29

to control over-voltage if required
by the UFLS program and
Coordinator(s) in each Planning
Coordinator area in which the
Transmission Owner owns
transmission
transmission
transmission
transmission

R11 The Planning Coordinator, in
whose area a BES islanding event
resulting in system frequency
excursions below the initializing set
points of the UFLS program,
conducted and documented an
assessment of the event and
evaluated the parts as specified in
Requirement R11, Parts 11.1 and
11.2 within a time greater than one
year but less than or equal to 13
months of actuation.

The Planning Coordinator, in
11.2 within a time greater than 13
months but less than or equal to 14

OR
whose area an islanding event
assessment of the event within one
year of event actuation but failed to
evaluate one (1) of the Parts as
Parts11.1 or 11.2.
OR
points of the UFLS program, failed
to conduct and document an
evaluate the Parts as specified in
11.2.
OR
Page 14 of 29

assessment of the event within one
year of event actuation but failed to
evaluate all of the Parts as
Parts 11.1 and 11.2.
R12 N/A The Planning Coordinator, in which
UFLS program deficiencies were
identified per Requirement R11,
UFLS design assessment to
consider the identified deficiencies
greater than two years but less
than or equal to 25 months of
event actuation.

The Planning Coordinator, in which
greater than 25 months but less
than or equal to 26 months of
event actuation.

greater than 26 months of event
actuation.
OR
failed to conduct and document a
consider the identified deficiencies.
R13 N/A N/A N/A The Planning Coordinator, in
occurred that also included the
area(s) or portions of area(s) of
other Planning Coordinator(s) in
the same islanding event and that
resulted in system frequency
Page 15 of 29

points of the UFLS program, failed
to coordinate its UFLS event
assessment with all other Planning
Coordinators whose areas or
portions of whose areas were also
included in the same islanding
event in one of the manners
described in Requirement R13
R14 N/A N/A N/A The Planning Coordinator failed to
respond to written comments
submitted by UFLS entities and
Transmission Owners within its
Planning Coordinator area
following a comment period and
before finalizing its UFLS program,
indicating in the written response to
comments whether changes were
made or reasons why changes
were not made to the items in
Parts 14.1 through 14.3.

Page 16 of 29

E.A. Regional Variance for the Quebec Interconnection
The following Interconnection-wide variance shall be applicable in the Quebec
Interconnection and replaces, in their entirety, Requirements R3 and R4 and the
violation severity levels associated with Requirements R3 and R4.
E.A.3. Each Planning Coordinator shall develop a UFLS program, including a schedule
for implementation by UFLS entities within its area, that meets the following
performance characteristics in simulations of underfrequency conditions
resulting from an imbalance scenario, where an imbalance =[(load actual
generation output) / (load)], of up to 25 percent within the identified island(s).
[VRF: High][Time Horizon: Long-term Planning]
E.A.3.1. Frequency shall remain above the Underfrequency Performance
Characteristic curve in PRC-006-1 - Attachment 1A, either for 30
seconds or until a steady-state condition between 59.3 Hz and 60.7 Hz
is reached, and
E.A.3.2. Frequency shall remain below the Overfrequency Performance
Characteristic curve in PRC-006-1 - Attachment 1A, either for 30
seconds or until a steady-state condition between 59.3 Hz and 60.7 Hz
is reached, and
E.A.3.3. Volts per Hz (V/Hz) shall not exceed 1.18 per unit for longer than two
seconds cumulatively per simulated event, and shall not exceed 1.10
per unit for longer than 45 seconds cumulatively per simulated event at
each generator bus and generator step-up transformer high-side bus
associated with each of the following:
EA.3.3.1. Individual generating unit greater than 50 MVA (gross
EA.3.3.2. Generating plants/facilities greater than 50 MVA (gross
aggregate nameplate rating) directly connected to the BES
EA.3.3.3. Facilities consisting of one or more units connected to the
BES at a common bus with total generation above 50 MVA
gross nameplate rating.
E.A.4. Each Planning Coordinator shall conduct and document a UFLS design
assessment at least once every five years that determines through dynamic
simulation whether the UFLS program design meets the performance
characteristics in Requirement E.A.3 for each island identified in Requirement
R2. The simulation shall model each of the following; [VRF: High][Time
E.A.4.1 Underfrequency trip settings of individual generating units that are
part of plants/facilities with a capacity of 50 MVA or more
individually or cumulatively (gross nameplate rating), directly
Page 17 of 29

connected to the BES that trip above the Generator Underfrequency
Trip Modeling curve in PRC-006-1 - Attachment 1A, and
E.A.4.2 Overfrequency trip settings of individual generating units that are part
of plants/facilities with a capacity of 50 MVA or more individually or
cumulatively (gross nameplate rating), directly connected to the BES
that trip below the Generator Overfrequency Trip Modeling curve in
PRC-006-1 - Attachment 2A, and
E.A.4.3 Any automatic Load restoration that impacts frequency stabilization
and operates within the duration of the simulations run for the
assessment.
M.E.A.3. Each Planning Coordinator shall have evidence such as reports, memorandums,
e-mails, program plans, or other documentation of its UFLS program, including
the notification of the UFLS entities of implementation schedule, that meet the
criteria in Requirement E.A.3 Parts E.A.3.1 through EA3.3.
M.E.A.4. Each Planning Coordinator shall have dated evidence such as reports, dynamic
simulation models and results, or other dated documentation of its UFLS design
assessment that demonstrates it meets Requirement E.A.4 Parts E.A.4.1 through
E.A.4.3.
Page 18 of 29

E # Lower VSL Moderate VSL High VSL Severe VSL
EA3 N/A

The Planning Coordinator developed
a UFLS program, including a
UFLS entities within its area, but
failed to meet one (1) of the
performance characteristic in Parts
E.A.3.1, E.A.3.2, or E.A.3.3 in
simulations of underfrequency
conditions
a UFLS program including a
failed to meet two (2) of the
performance characteristic in Parts
E.A.3.1, E.A.3.2, or E.A.3.3 in
simulations of underfrequency
conditions
a UFLS program including a
failed to meet all the performance
characteristic in Parts E.A.3.1,
E.A.3.2, and E.A.3.3 in simulations
of underfrequency conditions
OR
develop a UFLS program.
EA4 N/A The Planning Coordinator conducted
and documented a UFLS
assessment at least once every five
years that determines through
Requirement E.A.3 but simulation
failed to include one (1) of the items
as specified in Parts E.A.4.1, E.A.4.2
or E.A.4.3.
The Planning Coordinator conducted
Requirement E3 but simulation failed
to include two (2) of the items as
specified in Parts E.A.4.1, E.A.4.2 or
E.A.4.3.
The Planning Coordinator conducted
Requirement E3 but simulation failed
to include all of the items as
specified in Parts E.A.4.1, E.A.4.2
and E.A.4.3.
OR
conduct and document a UFLS
Requirement E.A.3

Page 19 of 29

E.B. Regional Variance for the Western Electricity Coordinating Council
The following Interconnection-wide variance shall be applicable in the Western
Electricity Coordinating Council (WECC) and replaces, in their entirety, Requirements
R1, R2, R3, R4, R5, R11, R12, and R13.
E.B.1. Each Planning Coordinator shall participate in a joint regional review with the
other Planning Coordinators in the WECC Regional Entity area that develops and
documents criteria, including consideration of historical events and system
studies, to select portions of the Bulk Electric System (BES) that may form
islands. [VRF: Medium][Time Horizon: Long-term Planning]
E.B.2. Each Planning Coordinator shall identify one or more islands from the regional
review (per E.B.1) to serve as a basis for designing a region-wide coordinated
UFLS program including: [VRF: Medium][Time Horizon: Long-term Planning]
E.B.2.1. Those islands selected by applying the criteria in Requirement E.B.1,
and
E.B.2.2. Any portions of the BES designed to detach from the Interconnection
(planned islands) as a result of the operation of a relay scheme or Special
Protection System.
EB.3. Each Planning Coordinator shall adopt a UFLS program, coordinated across the
WECC Regional Entity area, including notification of and a schedule for
implementation by UFLS entities within its area, that meets the following
performance characteristics in simulations of underfrequency conditions resulting
from an imbalance scenario, where an imbalance =[(load actual generation
output) / (load)], of up to 25 percent within the identified island(s). [VRF:
E.B.3.1. Frequency shall remain above the Underfrequency Performance
Characteristic curve in PRC-006-1 - Attachment 1, either for 60 seconds
or until a steady-state condition between 59.3 Hz and 60.7 Hz is reached,
and
E.B.3.2. Frequency shall remain below the Overfrequency Performance
Characteristic curve in PRC-006-1 - Attachment 1, either for 60 seconds
or until a steady-state condition between 59.3 Hz and 60.7 Hz is reached,
and
E.B.3.3. Volts per Hz (V/Hz) shall not exceed 1.18 per unit for longer than two
seconds cumulatively per simulated event, and shall not exceed 1.10 per
unit for longer than 45 seconds cumulatively per simulated event at each
generator bus and generator step-up transformer high-side bus associated
with each of the following:
E.B.3.3.1. Individual generating units greater than 20 MVA (gross
E.B.3.3.2. Generating plants/facilities greater than 75 MVA (gross
aggregate nameplate rating) directly connected to the BES
Page 20 of 29

E.B.3.3.3. Facilities consisting of one or more units connected to the
BES at a common bus with total generation above 75 MVA
gross nameplate rating.
E.B.4. Each Planning Coordinator shall participate in and document a coordinated UFLS
design assessment with the other Planning Coordinators in the WECC Regional
Entity area at least once every five years that determines through dynamic
simulation whether the UFLS program design meets the performance
characteristics in Requirement E.B.3 for each island identified in Requirement
E.B.2. The simulation shall model each of the following: [VRF: High][Time
E.B.4.1. Underfrequency trip settings of individual generating units greater than
20 MVA (gross nameplate rating) directly connected to the BES that trip
above the Generator Underfrequency Trip Modeling curve in PRC-006-
1 - Attachment 1.
E.B.4.2. Underfrequency trip settings of generating plants/facilities greater than
75 MVA (gross aggregate nameplate rating) directly connected to the
BES that trip above the Generator Underfrequency Trip Modeling curve
in PRC-006-1 - Attachment 1.
E.B.4.3. Underfrequency trip settings of any facility consisting of one or more
units connected to the BES at a common bus with total generation above
75 MVA (gross nameplate rating) that trip above the Generator
Underfrequency Trip Modeling curve in PRC-006-1 - Attachment 1.
E.B.4.4. Overfrequency trip settings of individual generating units greater than 20
MVA (gross nameplate rating) directly connected to the BES that trip
below the Generator Overfrequency Trip Modeling curve in PRC-006-1
Attachment 1.
E.B.4.5. Overfrequency trip settings of generating plants/facilities greater than 75
MVA (gross aggregate nameplate rating) directly connected to the BES
that trip below the Generator Overfrequency Trip Modeling curve in
PRC-006-1 Attachment 1.
E.B.4.6. Overfrequency trip settings of any facility consisting of one or more
units connected to the BES at a common bus with total generation above
75 MVA (gross nameplate rating) that trip below the Generator
Overfrequency Trip Modeling curve in PRC-006-1 Attachment 1.
E.B.4.7. Any automatic Load restoration that impacts frequency stabilization and
operates within the duration of the simulations run for the assessment.
E.B.11. Each Planning Coordinator, in whose area a BES islanding event results in
system frequency excursions below the initializing set points of the UFLS
program, shall participate in and document a coordinated event assessment with
all affected Planning Coordinators to conduct and document an assessment of the
Page 21 of 29

event within one year of event actuation to evaluate: [VRF: Medium][Time
E.B.11.1. The performance of the UFLS equipment,
E.B.11.2 The effectiveness of the UFLS program
E.B.12.Each Planning Coordinator, in whose islanding event assessment (per E.B.11)
UFLS program deficiencies are identified, shall participate in and document a
coordinated UFLS design assessment of the UFLS program with the other
Planning Coordinators in the WECC Regional Entity area to consider the
identified deficiencies within two years of event actuation. [VRF: Medium][Time

M.E.B.1. Each Planning Coordinator shall have evidence such as reports, or other
documentation of its criteria, developed as part of the joint regional review with other
Planning Coordinators in the WECC Regional Entity area to select portions of the
Bulk Electric System that may form islands including how system studies and
historical events were considered to develop the criteria per Requirement E.B.1.
M.E.B.2. Each Planning Coordinator shall have evidence such as reports, memorandums,
e-mails, or other documentation supporting its identification of an island(s), from the
regional review (per E.B.1), as a basis for designing a region-wide coordinated UFLS
program that meet the criteria in Requirement E.B.2 Parts E.B.2.1 and E.B.2.2.
M.E.B.3. Each Planning Coordinator shall have evidence such as reports, memorandums,
e-mails, program plans, or other documentation of its adoption of a UFLS program,
coordinated across the WECC Regional Entity area, including the notification of the
UFLS entities of implementation schedule, that meet the criteria in Requirement E.B.3
Parts E.B.3.1 through E.B.3.3.
M.E.B.4. Each Planning Coordinator shall have dated evidence such as reports, dynamic
simulation models and results, or other dated documentation of its participation in a
coordinated UFLS design assessment with the other Planning Coordinators in the
WECC Regional Entity area that demonstrates it meets Requirement E.B.4 Parts
E.B.4.1 through E.B.4.7.
M.E.B.11.Each Planning Coordinator shall have dated evidence such as reports, data gathered
from an historical event, or other dated documentation to show that it participated in a
coordinated event assessment of the performance of the UFLS equipment and the
effectiveness of the UFLS program per Requirement E.B.11.
M.E.B.12.Each Planning Coordinator shall have dated evidence such as reports, data gathered
from an historical event, or other dated documentation to show that it participated in a
UFLS design assessment per Requirements E.B.12 and E.B.4 if UFLS program
deficiencies are identified in E.B.11.

Page 22 of 29

E.B.1 N/A

participated in a joint regional review
with the other Planning Coordinators
in the WECC Regional Entity area
that developed and documented
criteria but failed to include the
consideration of historical events, to
select portions of the BES, including
areas, that may form islands
OR
consideration of system studies, to
select portions of the BES, including
areas, that may form islands
consideration of historical events and
system studies, to select portions of
the BES, including interconnected
portions of the BES in adjacent
Planning Coordinator areas, that
may form islands
participate in a joint regional review
criteria to select portions of the BES,
including interconnected portions of
the BES in adjacent Planning
Coordinator areas that may form
islands
E.B.2 N/A
N/A

The Planning Coordinator identified
an island(s) from the regional review
to serve as a basis for designing its
UFLS program but failed to include
one (1) of the parts as specified in
Requirement E.B.2, Parts E.B.2.1 or
E.B.2.2
The Planning Coordinator identified
an island(s) from the regional review
to serve as a basis for designing its
UFLS program but failed to include
all of the parts as specified in
Requirement E.B.2, Parts E.B.2.1 or
E.B.2.2
OR
Page 23 of 29

identify any island(s) from the
regional review to serve as a basis
for designing its UFLS program.
E.B.3 N/A

The Planning Coordinator adopted a
UFLS program, coordinated across
the WECC Regional Entity area that
included notification of and a
failed to meet one (1) of the
Requirement E.B.3, Parts E.B.3.1,
E.B.3.2, or E.B.3.3 in simulations of
underfrequency conditions
failed to meet two (2) of the
Requirement E.B.3, Parts E.B.3.1,
E.B.3.2, or E.B.3.3 in simulations of
underfrequency conditions
failed to meet all the performance
characteristic in Requirement E.B.3,
Parts E.B.3.1, E.B.3.2, and E.B.3.3
in simulations of underfrequency
conditions
OR
adopt a UFLS program, coordinated
across the WECC Regional Entity
area, including notification of and a
UFLS entities within its area.
E.B.4 The Planning Coordinator
participated in and documented a
coordinated UFLS assessment with
the other Planning Coordinators in
the WECC Regional Entity area at
least once every five years that
determines through dynamic
simulation whether the UFLS
program design meets the
Requirement E.B.3 for each island
Page 24 of 29

identified in Requirement E.B.2 but
the simulation failed to include one
(1) of the items as specified in
Requirement E.B.4, Parts E.B.4.1
through E.B.4.7.

the simulation failed to include two
through E.B.4.7.
the simulation failed to include three
through E.B.4.7.
the simulation failed to include four
(4) or more of the items as specified
in Requirement E.B.4, Parts E.B.4.1
through E.B.4.7.
OR
participate in and document a
identified in Requirement E.B.2
E.B.11 The Planning Coordinator, in whose
area a BES islanding event resulting
in system frequency excursions
below the initializing set points of the
UFLS program, participated in and
documented a coordinated event
assessment with all Planning
included in the same islanding event
and evaluated the parts as specified
in Requirement E.B.11, Parts
E.B.11.1 and E.B.11.2 within a time
greater than one year but less than
or equal to 13 months of actuation.
The Planning Coordinator, in whose
greater than 13 months but less than
greater than 14 months but less than
greater than 15 months of actuation.
OR
Page 25 of 29


OR
area an islanding event resulting in
system frequency excursions below
the initializing set points of the UFLS
program, participated in and
within one year of event actuation
but failed to evaluate one (1) of the
parts as specified in Requirement
E.B.11, Parts E.B.11.1 or E.B.11.2.

program, failed to participate in and
document a coordinated event
Coordinators whose areas or portion
of whose areas were also included in
the same island event and evaluate
the parts as specified in
and E.B.11.2.

OR
program, participated in and
within one year of event actuation
but failed to evaluate all of the parts
as specified in Requirement E.B.11,
Parts E.B.11.1 and E.B.11.2.
E.B.12 N/A The Planning Coordinator, in which
identified per Requirement E.B.11,
coordinated UFLS design
Page 26 of 29

assessment of the coordinated UFLS
program with the other Planning
Coordinators in the WECC Regional
Entity area to consider the identified
deficiencies in greater than two
years but less than or equal to 25
months of event actuation.

deficiencies in greater than 25

deficiencies in greater than 26
OR
failed to participate in and document
a coordinated UFLS design
deficiencies
Page 27 of 29

Associated Documents
Version History
1 May 25, 2010 Completed revision, merging and
updating PRC-006-0, PRC-007-0 and
PRC-009-0.

1 November 4,
2010
Adopted by the Board of Trustees

1
May 7, 2012 FERC Order issued approving PRC-006-1
(approval becomes effective J uly 10, 2012)

1
November 9,
2012
FERC Letter Order issued accepting the
modification of the VRF in R5 from
(Medium to High) and the modification of
the VSL language in R8.

Page 28 of 29

PRC-006-1 Attachment 1
Underfrequency Load Shedding Program
Design Performance and Modeling Curves for
Requirements R3 Parts 3.1-3.2 and R4 Parts 4.1-4.6

Simulated Frequency Must
Remain Between the
Overfrequency and
Underfrequency Performance
Characteristic Curves
Overfrequency Trip Settings
Must Be Modeled for Generators
That Trip Below the Generator
Overfrequency Trip Modeling
Curve
Underfrequency Trip Settings
That Trip Above the Generator
Underfrequency Trip Modeling
Curve

Curve Definitions
Generator Overfrequency Trip Modeling Overfrequency Performance Characteristic
t 2 s t > 2 s t 4 s 4 s < t 30 s t > 30 s
f = 62.2 Hz f = -0.686log(t) + 62.41 Hz f = 61.8 Hz f = -0.686log(t) + 62.21 Hz f = 60.7 Hz

Generator Underfrequency Trip Modeling Underfrequency Performance Characteristic
t 2 s t > 2 s t 2 s 2 s < t 60 s t > 60 s
f = 57.8 Hz f = 0.575log(t) + 57.63 Hz f = 58.0 Hz f = 0.575log(t) + 57.83 Hz f = 59.3 Hz
Generator Overfrequency Trip Modeling (Requirement R4 Parts 4.4-4.6)
Overfrequency Performance Characteristic (Requirement R3 Part 3.2)
Underfrequency Performance Characteristic (Requirement R3 Part 3.1)
Generator Underfrequency Trip Modeling (Requirement R4 Parts 4.1-4.3)
Page 29 of 29

PRC-006-1 Attachment 1A (Quebec)
Underfrequency Load Shedding Program
Design Performance and Modeling Curves for
Regional Variances E3 Parts E3.1-E3.3 and E4 Parts E4.1-E4.4
55
56
57
58
59
60
61
62
63
64
65
66
67
0.1 1 10 100
Time (sec)
Frequency (Hz)
Quebec OverFrequency Generator Trip Modeling (Requirement E4.2) OverFrequency Performance Characteristic (Requirement E3.2)
UnderFrequency Performance Characteristic (Requirement E3.1) Quebec UnderFrequency Generator Trip Modeling (Requirement E4.1)
Simulated Frequency Must
Remain Between the
Overfrequency and
Underfrequency Performance
Characteristic Curves
Underfrequency Trip Settings
That Trip Above the Generator
Underfrequency Trip Modeling Curve
Overfrequency Trip Settings
That Trip Below the Generator
Overfrequency Trip Modeling Curve
(.35 ; 56.7)
(30 ; 59.3)
(30 ; 60.7)

Regional Variances EA3, Parts EA3.1-EA3.3 and EA4, Parts EA4.1-EA4.4
Standard PRC-006-NPCC-1 Automatic Underfrequency Load Shedding

Adopted by Board of Trustees: February 9, 2012

1

A. Introduction
1. Title: Automatic Underfrequency Load Shedding
2. Number: PRC-006-NPCC-1
3. Purpose: To provide a regional reliability standard that ensures the development of
an effective automatic underfrequency load shedding (UFLS) program in order to
preserve the security and integrity of the bulk power system during declining system
frequency events in coordination with the NERC UFLS reliability standard
characteristics.
4. Applicability:
4.2. Planning Coordinator
5. Effective Date: For the Eastern Interconnection & Qubec Interconnection portions
of NPCC excluding the Independent Electricity System Operator (IESO) Planning
Coordinator area of NPCC in Ontario, Canada:
The effective date for Requirements R1, R2, R3, R4, R5, R6, and R7 is the first
day of the first calendar quarter following applicable regulatory approval but no
earlier than J anuary 1, 2016 The effective date for Requirements R8 through R23
is the first day of the first calendar quarter two years following applicable
governmental and regulatory approval.
For the Independent Electricity System Operator (IESO) Planning Coordinators area
of NPCC in Ontario, Canada:
All requirements are effective the first day of the first calendar quarter following
applicable governmental and regulatory approval but no earlier than April 1,
2017.

B. Requirements

R1 Each Planning Coordinator shall establish requirements for entities aggregating their
UFLS programs for each anticipated island and requirements for compensatory load
shedding based on islanding criteria (required by the NERC PRC Standard on UFLS).
[Violation Risk Factor: Medium] [Time Horizon: Long Term Planning]



2

R2 Each Planning Coordinator shall, within 30 days of completion of its system studies
required by the NERC PRC Standard on UFLS, identify to the Regional Entity the
generation facilities within its Planning Coordinator Area necessary to support the
UFLS program performance characteristics. [Violation Risk Factor: Medium] [Time
Horizon: Long Term Planning]

R3 Each Planning Coordinator shall provide to the Transmission Owner, Distribution
Provider, and Generator Owner within 30 days upon written request the requirements
for entities aggregating the UFLS programs and requirements for compensatory load
shedding program derived from each Planning Coordinators system studies as
determined by Requirement R1. [Violation Risk Factor: Low] [Time Horizon: Long
Term Planning]

R4 Each Distribution Provider and Transmission Owner in the Eastern Interconnection
portion of NPCC shall implement an automatic UFLS program reflecting normal
operating conditions excluding outages for its Facilities based on frequency thresholds,
total nominal operating time and amounts specified in Attachment C, Tables 1 through
3, or shall collectively implement by mutual agreement with one or more Distribution
Providers and Transmission Owners within the same island identified in Requirement
R1 and acting as a single entity, provide an aggregated automatic UFLS program that
sheds their coincident peak aggregated net Load, based on frequency thresholds, total
nominal operating time and amounts specified in Attachment C, Tables 1 through 3.
[Violation Risk Factor: High] [Time Horizon: Long Term Planning]

R5 Each Distribution Provider or Transmission Owner that must arm its load to trip on
underfrequency in order to meet its requirements as specified and by doing so exceeds
the tolerances and/or deviates from the number of stages and frequency set points of
the UFLS program as specified in the tables contained in Requirement R4 above, as
applicable depending on its total peak net Load shall: [Violation Risk Factor: High]
[Time Horizon: Long Term Planning]

5.1 Inform its Planning Coordinator of the need to exceed the stated tolerances
or the number of stages as shown in UFLS Attachment C, Table 1 if
applicable and

5.2 Provide its Planning Coordinator with a technical study that demonstrates
that the Distribution Providers or Transmission Owners specific deviations


3

from the requirements of UFLS Attachment C, Table 1 will not have a
significant adverse impact on the bulk power system.

5.3 Inform its Planning Coordinator of the need to exceed the stated tolerances
of UFLS Attachment C, Table 2 or Table 3, and in the case of Attachment
C, Table 2 only, the need to deviate from providing two stages of UFLS, if
applicable, and

5.4 Provide its Planning Coordinator with an analysis demonstrating that no
alternative load shedding solution is available that would allow the
Distribution Provider or Transmission Owner to comply with UFLS
Attachment C Table 2 or Attachment C Table 3.

R6 Each Distribution Provider and Transmission Owner in the Qubec Interconnection
portion of NPCC shall implement an automatic UFLS program for its Facilities based
on the frequency thresholds, slopes, total nominal operating time and amounts
specified in Attachment C, Table 4 or shall collectively implement by mutual
agreement with one or more Distribution Providers and Transmission Owners within
the same island, identified in Requirement R1, an aggregated automatic UFLS program
that sheds Load based on the frequency thresholds, slopes, total nominal operating
time and amounts specified in Attachment C, Table 4. [Violation Risk Factor: High]

R7 Each Distribution Provider and Transmission Owner shall set each underfrequency
relay that is part of its regions UFLS program with the following minimum time
delay:
7.1 Eastern Interconnection 100 ms
7.2 Qubec Interconnection 200 ms

R8 Each Planning Coordinator shall develop and review once per calendar year settings for
inhibit thresholds (such as but not limited to voltage, current and time) to be utilized
within its region's UFLS program. [Violation Risk Factor: Medium] [Time Horizon:
Long Term Planning]



4

R9 Each Planning Coordinator shall provide each Transmission Owner and Distribution
Provider within its Planning Coordinator area the applicable inhibit thresholds within
30 days of the initial determination of those inhibit thresholds and within 30 days of
any changes to those thresholds. [Violation Risk Factor: Medium] [Time Horizon:

R10 Each Distribution Provider and Transmission Owner shall implement the inhibit
threshold settings based on the notification provided by the Planning Coordinator in
accordance with Requirement R9. [Violation Risk Factor: High] [Time Horizon:

R11 Each Distribution Provider and Transmission Owner shall develop and submit an
implementation plan within 90 days of the request from the Planning Coordinator for
approval by the Planning Coordinator in accordance with R9. [Violation Risk Factor:

R12 Each Transmission Owner and Distribution Provider shall annually provide
documentation, with no more than 15 months between updates, to its Planning
Coordinator of the actual net Load that would have been shed by the UFLS relays at
each UFLS stage coincident with their integrated hourly peak net Load during the
previous year, as determined by measuring actual metered Load through the switches
that would be opened by the UFLS relays. [Violation Risk Factor: Lower] [Time

R13 Each Generator Owner shall set each generator underfrequency trip relay, if so
equipped, below the appropriate generator underfrequency trip protection settings
threshold curve in Figure 1, except as otherwise exempted in Requirements R16 and
R19. [Violation Risk Factor: High] [Time Horizon: Long Term Planning]

R14 Each Generator Owner shall transmit the generator underfrequency trip setting and
time delay to its Planning Coordinator within 45 days of the Planning Coordinators
request. [Violation Risk Factor: High] [Time Horizon: Operations Planning]

R15 Each Generator Owner with a new generating unit, scheduled to be in service on or
after the effective date of this Standard, or an existing generator increasing its net


5

capability by greater than 10% shall: [Violation Risk Factor: High] [Time Horizon:
Long Term Planning]

15.1 Design measures to prevent the generating unit from tripping directly or
indirectly for underfrequency conditions above the appropriate generator
tripping threshold curve in Figure 1.

15.2 Design auxiliary system(s) or devices used for the control and protection of
auxiliary system(s), necessary for the generating unit operation such that
they will not trip the generating unit during underfrequency conditions
above the appropriate generator underfrequency trip protection settings
threshold curve in Figure 1.

R16 Each Generator Owner of existing non-nuclear units in service prior to the effective
date of this standard that have underfrequency protections set to trip above the
appropriate curve in Figure 1 shall: [Violation Risk Factor: High] [Time Horizon: Long
Term Planning]

16.1 Set the underfrequency protection to operate at the lowest frequency
allowed by the plant design and licensing limitations.

16.2 Transmit the existing underfrequency settings and any changes to the
underfrequency settings along with the technical basis for the settings to the
Planning Coordinator.

16.3 Have compensatory load shedding, as provided by a Distribution Provider
or Transmission Owner that is adequate to compensate for the loss of their
generator due to early tripping.

R17 Each Planning Coordinator in Ontario, Quebec and the Maritime provinces shall apply
the criteria described in Attachment A to determine the compensatory load shedding
that is required in Requirement R16.3 for generating units in its respective NPCC area.

R18 Each Generator Owner, Distribution Provider or Transmission Owner within the
Planning Coordinator area of ISO-NE or the New York ISO shall apply the criteria
described in Attachment B to determine the compensatory load shedding that is


6

required in Requirement R16.3 for generating units in its respective NPCC area.

R19 Each Generator Owner of existing nuclear generating plants with units that have
underfrequency relay threshold settings above the Eastern Interconnection generator
tripping curve in Figure 1, based on their licensing design basis, shall: [Violation Risk
Factor: High] [Time Horizon: Long Term Planning]

19.1 Set the underfrequency protection to operate at as low a frequency as
possible in accordance with the plant design and licensing limitations but
not greater than 57.8Hz.
19.2 Set the frequency trip setting upper tolerance to no greater than +0.1 Hz.
19.3 Transmit the initial frequency trip setting and any changes to the setting
and the technical basis for the settings to the Planning Coordinator.

R20 The Planning Coordinator shall update its UFLS program database as specified by the
NERC PRC Standard on UFLS. This database shall include the following
information: [Violation Risk Factor: Lower] [Time Horizon: Operations Planning]

20.1 For each UFLS relay, including those used for compensatory load
shedding, the amount and location of load shed at peak, the corresponding
frequency threshold and time delay settings.
20.2 The buses at which the Load is modeled in the NPCC library power flow
case.
20.3 A list of all generating units that may be tripped for underfrequency
conditions above the appropriate generator underfrequency trip protection
settings threshold curve in Figure 1, including the frequency trip threshold
and time delay for each protection system.
20.4 The location and amount of additional elements to be switched for voltage
control that are coordinated with UFLS program tripping.
20.5 A list of all UFLS relay inhibit functions along with the corresponding
settings and locations of these relays.

R21 Each Planning Coordinator shall notify each Distribution Provider, Transmission
Owner, and Generator Owner within its Planning Coordinator area of changes to load


7

distribution needed to satisfy UFLS program performance characteristics as specified
by the NERC PRC Standard on UFLS.[Violation Risk Factor: High] [Time Horizon:
Long Term Planning]

R22 Each Distribution Provider, Transmission Owner and Generator Owner shall
implement the load distribution changes based on the notification provided by the
Planning Coordinator in accordance with Requirement R21. [Violation Risk Factor:
High] [Time Horizon: Long Term Planning]

R23 Each Distribution Provider, Transmission Owner and Generator Owner shall develop
and submit an implementation plan within 90 days of the request from the Planning
Coordinator for approval by the Planning Coordinator in accordance with Requirement
R21. [Violation Risk Factor: Lower] [Time Horizon: Operations Planning]



8

Figure 1
Threshol ds for Setti ng Underfrequency Tri p Protecti on for Generators
55
55.5
56
56.5
57
57.5
58
58.5
59
59.5
60
0.1 1 10 100 1000 10000
Ti me (sec)
Frequency (Hz)
Eastern Interconnection Generator Tripping
Quebec Interconnection Generator Tripping



9

C. Measures

M1 Each Planning Coordinator shall have evidence such as reports, system studies and/or
real time power flow data captured from actual system events and other dated
documentation that demonstrates it meets Requirement R1.

M2. Each Planning Coordinator shall have evidence such as dated documentation that
demonstrates that it meets requirement R2.

M3 Each Planning Coordinator shall have evidence such as dated documentation that
demonstrates that it meets Requirement R3.

M4 Each Distribution Provider and Transmission Owner in the Eastern Interconnection
portion of NPCC shall have evidence such as documentation or reports containing the
location and amount of load to be tripped, and the corresponding frequency thresholds,
on those circuits included in its UFLS program to achieve the individual and
cumulative percentages identified in Requirement R4. (Attachment C Tables 1-3).

M5 Each Distribution Provider or Transmission Owner shall have evidence such as reports,
analysis, system studies and dated documentation that demonstrates that it meets
Requirement R5.

M6 Each Distribution Provider and Transmission Owner in the Qubec Interconnection
shall have evidence such as documentation or reports containing the location and
amount of load to be tripped and the corresponding frequency thresholds on those
circuits included in its UFLS program to achieve the load values identified in Table 4
of Requirement R6. (Attachment C Table 4).

M7 Each Distribution Provider and Transmission Owner shall have evidence such as
documentation or reports that their underfrequency relays have been set with the
minimum time delay, in accordance with Requirement R7.

M8 Each Planning Coordinator shall have evidence such as reports, system studies or
analysis that demonstrates that it meets Requirement R8.



10

M9 Each Planning Coordinator shall provide evidence such as letters, emails, or other
dated documentation that demonstrates that it meets Requirement R9.

M10 Each Distribution Provider and Transmission Owner shall provide evidence such as
test reports, data sheets or other documentation that demonstrates that it meets
Requirement R10.

letters, emails or other dated documentation that demonstrates that it meets
Requirement R11.

reports, spreadsheets or other dated documentation submitted to its Planning
Coordinator that indicates the frequency set point, the net amount of load shed and the
percentage of its peak load at each stage of its UFLS program coincident with the
integrated hourly peak of the previous year that demonstrates that it meets Requirement
R12.

M13 Each Generator Owner shall provide evidence such as reports, data sheets,
spreadsheets or other documentation that demonstrates that it meets Requirement R13.

M14 Each Generator Owner shall provide evidence such as emails, letters or other dated
documentation that demonstrates that it meets Requirement R14.

M15 Each Generator Owner shall provide evidence such as reports, data sheets,
specifications, memorandum or other documentation that demonstrates that it meets
Requirement R15.

M16 Each Generator Owner with existing non-nuclear units in service prior to the effective
date of this Standard which have underfrequency tripping that is not compliant with
Requirement R13 shall provide evidence such as reports, spreadsheets, memorandum
or dated documentation demonstrating that it meets Requirement R16.

M17 Each Planning Coordinator in Ontario, Quebec and the Maritime provinces shall
provide evidence such as emails, memorandum or other documentation that


11

demonstrates that it followed the methodology described in Attachment A and meets
Requirement R17.

M18 Each Generator Owner, Distribution Provider or Transmission Owner within the
Planning Coordinator area of ISO-NE or the New York ISO shall provide evidence
such as emails, memorandum, or other documentation that demonstrates that it
followed the methodology described in Attachment B and meets Requirement R18.

M19 Each Generator Owner of nuclear units that have been specifically identified by NPCC
as having generator trip settings above the generator trip curve in Figure 1 shall
provide evidence such as letters, reports and dated documentation that demonstrates
that it meets Requirement R19.

M20 Each Planning Coordinator shall provide evidence such as spreadsheets, system
studies, or other documentation that demonstrates that it meets the requirements of
Requirement R20.

M21 Each Planning Coordinator shall provide evidence such as emails, memorandum or
other dated documentation that it meets Requirement R21.

M22 Each Distribution Provider, Transmission Owner and Generator Owner shall provide
evidence such as reports, spreadsheets or other documentation that demonstrates that it
meets Requirement R22.

M23 Each Distribution Provider, Transmission Owner and Generator Owner shall provide
evidence such as letters, emails or other dated documentation that demonstrates it
meets Requirement 23.

D. Compliance

NPCC Compliance Committee


12

Not Applicable
1.3. Data Retention
The Distribution Provider and Transmission Owner shall keep evidences for three
calendar years for Measures 4, 5, 6,7,10, 11, and 12.

The Planning Coordinator shall keep evidence for three calendar years for
Measures 1, 2, 3, 8, 9, 20, and 21.

The Planning Coordinator in Ontario, Quebec, and the Maritime Provinces shall
keep evidence for three calendar years for Measure 17.

The Distribution Provider, Transmission Owner, and Generator Owner shall keep
evidences for three calendar years for Measures 18, 22, and 23.

The Generator Owner shall keep evidence for three calendar years for Measures
13, 14, 15, 16, and 19.

Self -Certifications.
Spot Checking.
Compliance Audits.
Self- Reporting.
Compliance Violation Investigations.
Complaints.

None.


13


Requirement Lower VSL Moderate VSL High VSL Severe VSL
R1 N/A N/A Planning Coordinator did not
establish requirements for entities
aggregating their UFLS programs.
or
Did not establish requirements for
compensatory load shedding.

Planning Coordinator did not
establish requirements for entities
aggregating their UFLS programs
and did not establish requirements
for compensatory load shedding.

identified the generation
facilities within its Planning
Coordinator Area necessary to
support the UFLS program, but
did so more than 30 days but less
than 41 days after completion of
the system studies.
identified the generation
facilities within its Planning
Coordinator Area necessary to
support the UFLS program, but
did so more than 40 days but less
the system studies.
identified the generation facilities
within its Planning Coordinator
Area necessary to support the
UFLS program, but did so more
than 50 days but less than 61 days
after completion of the system
studies.
identified the generation facilities
UFLS program, but did so more
the system studies.
or
The Planning Coordinator did not
identify the generation facilities
UFLS program.
provided the requested
information, but did so more than
30 days but less than 41 days to
the requesting entity.
information, but did so more
than 40 days but less than 51
days to the requesting entity.
50 days but less than 61 days to the
requesting entity.
60 days after the request.
or
to provide the requested

14

information.

R4 N/A N/A N/A The Distribution Provider or
Transmission Owner failed to
implement an automatic UFLS
program reflecting normal
operating conditions excluding
outages, for its Facilities or
collectively implemented by
mutual agreement with one or
more Distribution Providers and
Transmission Owners within the
same island identified in
Requirement R1, an aggregated
automatic UFLS program that
sheds Load based on frequency
thresholds, total nominal
operating time, and amounts
specified in the appropriate
included tables.
R5 N/A The Distribution Provider or
Transmission Owner armed its
load to trip on underfrequency in
order to meet its minimum
obligations and by doing so
exceeded the tolerances and/or
deviated from the number of
stages and frequency set points
of the UFLS program as
specified in the tables contained
in Attachment C, as applicable
depending on their total peak net
Load, but did not inform the
Planning Coordinator of the
need to exceed the stated
Transmission Owner armed its
load to trip on underfrequency in
order to meet its minimum
obligations and by doing so
exceeded the tolerances and/or
deviated from the number of stages
and frequency set points of the
UFLS program as specified in the
tables contained in Attachment C,
as applicable depending on their
total peak net Load, but did not
provide the Planning Coordinator
with an analysis demonstrating that
no alternative load shedding
Transmission Owner did not arm
its load to trip on
underfrequency in order to meet
its minimum obligations and in
doing so exceeded the tolerances
and/or deviated from the number
of stages and frequency set
points of the UFLS program as
specified in the tables contained
in Attachment C, as applicable
depending on their total peak net
Load.


15

tolerances of UFLS Table 2 or
Table 3, and in the case of Table
2 only, the need to deviate from
providing two stages of UFLS.

solution is available that would
allow the Distribution Provider or
Transmission Owner to comply
with the appropriate table.
Transmission Owner in the
Qubec Interconnection portion
of NPCC did not implement an
automatic UFLS program for its
Facilities based on the
frequency thresholds, slopes,
total nominal operating time and
amounts specified in Attachment
C, Table 4 or did not collectively
implement by mutual agreement
with one or more Distribution
Providers and Transmission
Owners within the same island,
identified in Requirement R1, an
aggregated automatic UFLS
program that sheds Load based
on the frequency thresholds,
slopes, total nominal operating
time and amounts specified in
Attachment C, Table 4.

Transmission Owner failed to set

16

an underfrequency relay that is
part of its regions UFLS
program as specified in
Requirement R7.
R8 N/A N/A The Planning Coordinator
developed inhibit thresholds as
specified in Requirement R8 but
did not perform the review once
per calendar year.
not develop inhibit thresholds as

provided to a Transmission
Owner or Distribution Provider
area the applicable inhibit
thresholds more than 30 days but
less than 41 days of the initial
determination or any subsequent
change to the inhibit thresholds.
thresholds more than 40 days but
less than 51 days of the initial
determination or any subsequent
change to the inhibit thresholds.
provided to a Transmission Owner
or Distribution Provider within its
Planning Coordinator area the
applicable inhibit thresholds more
than 50 days but less than 61 days
of the initial determination or any
subsequent change to the inhibit
thresholds.
thresholds more than 60 days
after the initial determination or
any subsequent change to the
inhibit thresholds.
or
not provide to a Transmission
thresholds.

Transmission Owner did not
implement the inhibit threshold
based on the notification
provided by the Planning
Coordinator in accordance with

17

Requirement R9.

R11 The Distribution Provider or
Transmission Owner developed
and submitted its implementation
plan more than 90 days but less
than 101 days after the request
from the Planning Coordinator.
and submitted its
implementation plan more than
100 days but less than 111 days
after the request from the
and submitted its implementation
and submitted its
120 days after the request from
the Planning Coordinator.
or
develop its implementation plan.

R12 N/A N/A N/A The Transmission Owner or
Distribution Provider did not
provide documentation to its
Planning Coordinator of actual
net load data or updates to the
data that would be shed by the
UFLS relays, as determined by
measuring actual metered load
through the switches that would
be opened by the UFLS relays,
that were armed to shed at each
UFLS stage coincident with their
integrated hourly peak during
the previous year.
R13 N/A N/A N/A The Generator Owner did not set
each generator underfrequency
trip relay, if so equipped, below
the appropriate generator
underfrequency trip protection
settings threshold curve in

18

Figure 1, except as otherwise
exempted.

R14 The Generator Owner transmitted
the generator underfrequency trip
setting and time delay to its
Planning Coordinator more than
45 days and less than 56 days of
the Planning Coordinators
request.
The Generator Owner
transmitted the generator
underfrequency trip setting and
time delay to its Planning
Coordinator more than 55 days
and less than 66 days of the
Planning Coordinators request.
The Generator Owner transmitted
the generator underfrequency trip
setting and time delay to its
Planning Coordinator more than 65
days and less than 76 days of the
Planning Coordinators request.
The Generator Owner
transmitted the generator
Coordinator more than 75days
after the Planning
Coordinators request.
or

The Generator Owner did not
transmit the generator
Coordinator.
R15 N/A N/A The Generator Owner did not
fulfill the obligation of
Requirement R15; Part 15.1 OR
did not fulfill the obligation of

Requirement R15, Part 15.1 and

R16 N/A The Generator Owner did not

19



R17 N/A N/A N/A The Planning Coordinator did
not apply the methodology
described in Attachment A to
determine the compensatory load
shedding that is required.
R18 N/A N/A N/A The Generator Owner,
Distribution Provider, or
apply the methodology described
in Attachment B to determine
the compensatory load shedding
that is required.
R19 N/A The Generator Owner did not


R20 The Planning Coordinator did not
have data in its database for one
of the parameters listed in
Requirement 20, Parts 20.1
through 20.5.
not have data in its database for
two of the parameters listed in
through 20.5.

The Planning Coordinator did not
have data in its database for three
of the parameters listed in
through 20.5.

not have data in its database for
four or more of the parameters
listed in Requirement 20, Parts
20.1 through 20.5.


20

R21 N/A N/A N/A The Planning Coordinator did
not notify a Distribution
Provider, Transmission Owner,
or Generator Owner within its
Planning Coordinator area of
changes to load distribution
needed to satisfy UFLS program
requirements.
R22 N/A N/A N/A The Distribution Provider,
Transmission Owner, or
implement the load distribution
changes based on the
notification provided by the
R23 The Distribution Provider.
Transmission Owner or Generator
Owner developed and submitted
its implementation plan more than
after the request from the
The Distribution Provider.
Generator Owner developed and
submitted its implementation
Transmission Owner or Generator
Owner developed and submitted its
after the request from the Planning
Coordinator.

Generator Owner developed and
submitted its implementation
plan more than 120 days after
the request from the Planning
Coordinator.
or
develop its implementation plan.


21

Version History

1 November 20,
2011
Region BOD Approval
1 February 9,
2012
1 February 21,
2013
Order issued by FERC approving PRC-006-
NPCC-1 (approval effective April 29, 2013)

Adopted by Board of Trustees: February 9, 2012 22

PRC-006-NPCC-1 Attachment A

Compensatory Load Shedding Criteria for Ontario, Quebec, and the Maritime Provinces:

The Planning Coordinator in Ontario, Quebec and the Maritime provinces is responsible for
establishing the compensatory load shedding requirements for all existing non-nuclear units in its
NPCC area with underfrequency protections set to trip above the appropriate curve in Figure 1.
In addition, it is the Planning Coordinators responsibility to communicate these requirements to
the appropriate Distribution Provider or Transmission Owner and to ensure that adequate
compensatory load shedding is provided in all islands identified in Requirement R1 in which the
unit may operate.
The methodology below provides a set of criteria for the Planning Coordinator to follow for
determining compensatory load shedding requirements:
1. The Planning Coordinator shall identify, compile and maintain an updated list of all
existing non-nuclear generating units in service prior to the effective date of this standard
that have underfrequency protections set to trip above the appropriate curve in Figure 1.
The list shall include the following information for each unit:

1.1 Generator name and generating capacity
1.2 Underfrequency protection trip settings, including frequency trip set points and
time delays
1.3 Physical and electrical location of the unit
1.4 All islands within which the unit may operate, as identified in Requirement R1

2. For each generating unit identified in (1) above, the Planning Coordinator shall establish
the requirements for compensatory load shedding based on criteria outlined below:

2.1 Arrange for a Distribution Provider or Transmission Owner that owns UFLS
relays within the island(s) identified by the Planning Coordinator in Requirement
R1 within which the generator may operate to provide compensatory load
shedding.

2.2 The compensatory load shedding that is provided by the Distribution Provider or
Transmission Owner shall be in addition to the amount that the Distribution
Provider or Transmission Owner is required to shed as specified in Requirement
R4..

2.3 The compensatory load shedding shall be provided at the UFLS program stage (or
threshold stage for Quebec) with a frequency threshold setting that corresponds to
the highest frequency at which the subject generator will trip above the
appropriate curve in Figure 1 during an underfrequency event. If the highest
frequency at which the subject generator will trip above the appropriate curve in
Figure 1 does not correspond to a specific UFLS program stage threshold setting,

the compensatory load shedding shall be provided at the UFLS program stage
with a frequency threshold setting that is higher than the highest frequency at
which the subject generator will trip above the appropriate curve in Figure 1.
2.4 The amount of compensatory load shedding shall be equivalent (5%) to the
average net generator megawatt output for the prior two calendar years, as
specified by the Planning Coordinator, plus expected station loads to be
transferred to the system upon loss of the facility. The net generation output
should only include those hours when the unit was a net generator to the electric
system.
In the specific instance of a generating unit that has been interconnected to the
electric system for less than two calendar years, the amount of compensatory load
shedding shall be equivalent (5%) to the maximum claimed seasonal capability
of the generator over two calendar years, plus expected station loads to be
transferred to the system upon loss of the facility.


PRC-006-NPCC-1 Attachment B

Compensatory Load Shedding Criteria for ISO-NE and NYISO:

The Generator Owner in the New England states or New York State are responsible for
establishing a compensatory load shedding program for all existing non-nuclear units with
underfrequency protection set to trip above the appropriate curve in Figure 1 of this standard.
The Generator Owner shall follow the methodology below to determine compensatory load
shedding requirements:
1. The Generator Owner shall identify and compile a list of all existing non-nuclear
generating units in service prior to the effective date of this standard that has
underfrequency protection set to trip above the appropriate curve in Figure 1. The list
shall include the following information associated with each unit:

1.1 Generator name and generating capacity
1.2 Underfrequency protection trip settings, including frequency trip set points and
time delays
1.3 Physical and electrical location of the unit
1.4 Smallest island within which the unit may operate as identified by the Planning
Coordinator in Requirement R1 of this Standard.

2. For each generating unit identified in (1) above, the Generator Owner shall establish the
requirements for compensatory load shedding based on criteria outlined below:

2.1 In cases where a Distribution Provider or Transmission Owner has coordinated
protection settings with the Generator Owner to cause the generator to trip above
the appropriate curve in Figure 1, the Distribution Provider or Transmission
Owner is responsible to provide the appropriate amount of compensatory load to
be shed within the smallest island identified by the Planning Coordinator in
Requirement R1 of this standard.

2.2 In cases where a Generator Owner has a generator that cannot physically meet the
set points defined by the appropriate curve in Figure 1, the Generator Owner shall
arrange for a Distribution Provider or Transmission Owner to provide the
appropriate amount of compensatory load to be shed within the smallest island
identified by the Planning Coordinator in Requirement R1 of this standard.

2.3 The compensatory load shedding that is provided by the Distribution Provider or
Transmission Owner shall be in addition to the amount that the Distribution
Provider or Transmission Owner is required to shed as specified in Requirement
R4.


2.4 The compensatory load shedding shall be provided at the UFLS program stage
with the frequency threshold setting at or closest to but above the frequency at
which the subject generator will trip.
2.5 The amount of compensatory load shedding shall be equivalent (5%) to the
average net generator megawatt output for the prior two calendar years, as
specified by the Planning Coordinator, plus expected station loads to be
transferred to the system upon loss of the facility. The net generation output
should only include those hours when the unit was a net generator to the electric
system.
In the specific instance of a generating unit that has been interconnected to the
electric system for less than two calendar years, the amount of compensatory load
shedding shall be equivalent (5%) to the maximum claimed seasonal capability
of the generator over two calendar years, plus expected station loads to be
transferred to the system upon loss of the facility.


PRC-006-NPCC-1 Attachment C

UFLS Table 1: Eastern Interconnection
Distribution Providers and Transmission Owners with 100 MW or more of peak net Load shall
implement a UFLS program with the following attributes:
Frequency
Threshold
(Hz)
Total Nominal
Operating
Time (s)
1

Load Shed at Stage as
% of TO or DP
Load
Cumulative Load Shed as % of
TO or DP Load
59.5 0.30 6.5 7.5 6.5 7.5
59.3 0.30 6.5 7.5 13.5 14.5
59.1 0.30 6.5 7.5 20.5 21.5
58.9 0.30 6.5 7.5 27.5 28.5
59.5 10.0 2 3
29.5
31.5

Distribution Providers and Transmission Owners with 50 MW or more and less than 100 MW
of peak net Load shall implement a UFLS program with the following attributes:
UFLS Stage
Frequency
Threshold (Hz)
Total Nominal
Operating Time(s)
1
Load Shed at
Stage as % of TO
or DP Load
Cumulative Load
Shed as % of TO
or DP Load
1 59.5 0.30 14-25 14-25
2 59.1 0.30 14-25 28-50

1. The total nominal operating time includes the underfrequency relay operating time plus any interposing
auxiliary relay operating times, communication times, and the rated breaker interrupting time. The
underfrequency relay operating time is measured from the time when frequency passes through the frequency
threshold setpoint, using a test rate of frequency decay of 0.2 Hz per second. If the relay operating time is
dependent on the rate of frequency decay, the underfrequency relay operating time and any subsequent testing of
the UFLS relays shall utilize a test rate of linear frequency decay of 0.2 Hz per second.


Distribution Providers and Transmission Owners with 25 MW or more and less than 50 MW of
peak net Load shall implement a UFLS program with the following attributes:
UFLS Stage
Frequency
Threshold (Hz)
Total Nominal
Operating Time
(s)
1

Load Shed at
Stage as % of TO
or DP Load
Cumulative Load
Shed as % of TO
or DP Load
1 59.5 0.30 28-50 28-50

auxiliary relay operating times, communication times, and the rated breaker interrupting time. The
underfrequency relay operating time is measured from the time when frequency passes through the frequency
threshold setpoint, using a test rate of frequency decay of 0.2 Hz per second. If the relay operating time is
dependent on the rate of frequency decay, the underfrequency relay operating time and any subsequent testing of
the UFLS relays shall utilize a test rate of linear frequency decay of 0.2 Hz per second.


UFLS Table 4: Quebec Interconnection

Rate
Frequency
(Hz)
MW
at peak
(*Load must
be fixed at all
times when
above 60% of
peak load..)
Mvar
at peak
Total
Nominal
Operating
Time (s)
2

Threshold Stage 1 58.5 1000* 1000 0.30
Threshold Stage 2 58.0 800* 800 0.30
Threshold Stage 3 57.5 800 800 0.30
Threshold Stage 4 57.0 800 800 0.30
Threshold Stage 5
(anti-stall)
59.0 500 500 20.0
Slope Stage 1 -0.3 Hz/s 58.5 400 400 0.30
Slope Stage 2 -0.4 Hz/s 59.8 800* 800 0.30
Slope Stage 3 -0.6 Hz/s 59.8 800* 800 0.30
Slope Stage 4 -0.9 Hz/s 59.8 800 800 0.30

auxiliary relay operating times, communications time, and the rated breaker interrupting time. The
underfrequency relay operating time shall be measured from the time when the frequency passes through the
frequency threshold set point.

SERC UFLS Standard: PRC-006-SERC-01
Page 1 of 15
Effective Dates

Requirement R1 shall become effective 12 months after the first day of the first quarter following regulatory approval, but no sooner
than 12 months following regulatory approval of NERC PRC-006-1. This 12-month period is consistent with the effective date of R2 of
PRC-006-1.
Requirement R2 shall become effective 12 months after the first day of the first quarter following regulatory approval. This 12-
month period is needed to allow time for entities to ensure a minimum time delay of six cycles on existing UFLS relays as specified in
part 2.6.
Requirement Jurisdiction
Alberta British
Columbia
Manitoba New
Brunswick
Newfound-
land
Nova
Scotia
Ontario Quebec Saskatch-
ewan
USA
R1

NA NA NA NA NA NA NA NA NA
4/1/14

R2
4/1/14

R3
10/1/14

R4, R5, and R6
10/1/15

R7
4/1/14

R8
4/1/14

Page 2 of 15
Requirements R3 shall become effective 18 months after the first day of the first quarter following regulatory approval. This
additional six-month period is needed to allow time to perform and coordinate studies necessary to assess the overall effectiveness
of the UFLS schemes in the SERC Region.
Requirements R4, R5, and R6 shall become effective 30 months after the first day of the first quarter following regulatory approval.
This additional 18 months is needed to allow time for any necessary changes to be made to the existing UFLS schemes in the SERC
Region.
Requirement R7 shall become effective six months following the effective date of R8 of the NERC standard PRC-006-1, but no sooner
than one year following the first day of the first calendar quarter after applicable regulatory approval of PRC-006-SERC-01. R8 of the
NERC standard requires each UFLS entity to provide UFLS data to the Planning Coordinator (PC). R7 of the SERC standard requires
the PC to provide this data to SERC.
Requirement R8 shall become effective 12 months after the first day of the first quarter following regulatory approval. This 12-
month period is needed to allow time for Generator Owners (GO) to collect and make an initial data filing.

Page 3 of 15

Introduction

1. Title: Automatic Underfrequency Load Shedding Requirements

2. Number: PRC-006-SERC01

3. Purpose: To establish consistent and coordinated requirements for the design,
implementation, and analysis of automatic underfrequency load shedding (UFLS)
programs among all SERC applicable entities.

4. Applicability:
4.1 Planning Coordinators
4.2 UFLS entities shall mean all entities that are responsible for the ownership,
of the following:
4.2.2 Distribution Providers
4.3 Generator Owners

5. Background
The SERC UFLS Standard: PRC-006-SERC-1 (SERC UFLS Standard) was developed to
provide regional UFLS requirements to entities in SERC. UFLS requirements have been
in place at a continent-wide level and within SERC for many years prior to
implementation of federally mandated reliability compliance standards in 2007.

When reliability standards were implemented in 2007, the Federal Energy Regulatory
Commission (FERC), which is the government body with regulatory responsibility for
electric reliability, issued FERC Order 693, recognizing 83 NERC Reliability Standards as
enforceable by FERC and applicable to users, owners, and operators of the bulk power
system (BPS). FERC did not approve the NERC UFLS standard, PRC-006-0 in Order 693.
FERCs reason for not approving PRC-006-0 was that it recognized PRC-006-0 as a fill-in
the blank standard, and regional procedures associated with the standard were not
submitted along with the standard. FERCs ruling in Order 693 required Regional
Entities to provide the regional requirements necessary for completing the UFLS
standard.

In 2008, SERC commenced work on PRC-006-SERC-01. NERC also began work on
revising PRC-006-0 at a continent-wide level. The SERC standard has been developed to
be consistent with the NERC UFLS standard.

PRC-006-1 clearly defines the roles and responsibilities of parties to whom the standard
applies. The standard identifies the Planning Coordinator (PC) as the entity
responsible for developing UFLS schemes within their PC area. The regional standard
adds specificity not contained in the NERC standard for development and
implementation of a UFLS scheme in the SERC Region that effectively mitigates the
consequences of an underfrequency event.

Page 4 of 15


R1. Each Planning Coordinator shall include its SERC subregion as an identified island in the
criteria (required by the NERC PRC standard on UFLS) for selecting portions of the BPS
that may form islands. [Violation Risk Factor: Medium] [Time Horizon: Long-term
Planning]

1.1 A Planning Coordinator may adjust island boundaries to differ from subregional
boundaries where necessary for the sole purpose of producing a contiguous
subregional island more suitable for simulation.

M1. Each Planning Coordinator shall have evidence such as a methodology,
procedure, report, or other documentation indicating that its criteria included
selection of its SERC subregion(s) as an island per Requirement R1.

R2. Each Planning Coordinator shall select or develop an automatic UFLS scheme (percent
of load to be shed, frequency set points, and time delays) for implementation by UFLS
entities within its area that meets the following minimum requirements: [Violation Risk
Factor: Medium] [Time Horizon: Long-term Planning ]

2.1. Have the capability of shedding at least 30 percent of the Peak Demand (MW)
served from the Planning Coordinators transmission system.

2.2. Shed load with a minimum of three frequency set points.

2.3. The highest frequency set point for relays used to arrest frequency decline shall
be no lower than 59.3 Hz and not higher than 59.5 Hz.

2.3.1 This does not apply to UFLS relays with time delay of one second or longer
and a higher frequency setpoint applied to prevent the frequency from
stalling at less than 60 Hz when recovering from an underfrequency event.

2.4. The lowest frequency set point shall be no lower than 58.4 Hz.

2.5. The difference between frequency set points shall be at least 0.2 Hz but no
greater than 0.5 Hz.

2.6. Time delay (from frequency reaching the set point to the trip signal) shall be at
least six cycles.

M2. Each Planning Coordinator shall have evidence such as reports or other
documentation that the UFLS scheme for its area meets the design requirements
Page 5 of 15

R3. Each Planning Coordinator, when performing design assessments specified in the NERC
PRC standard on UFLS, shall conduct simulations of its UFLS scheme for an imbalance
between load and generation of 13%, 22%, and 25% for all identified island(s) where
such imbalance equals [(load minus actual generation output) / load]. [Violation Risk
Factor: High] [Time Horizon: Long-term Planning]

documentation that it performed the simulations of its UFLS scheme as required
in Requirement R3.

R4. Each UFLS entity that has a total load of 100 MW or greater in a Planning Coordinator
area in the SERC Region shall implement the UFLS scheme developed by their Planning
Coordinator. UFLS entities may implement the UFLS scheme developed by the Planning
Coordinator by coordinating with other UFLS entities. The UFLS scheme shall meet the
following requirements on May 1 of each calendar year. [Violation Risk Factor:
Medium] [Time Horizon: Operations Planning]

4.1. The percent of load shedding to be implemented shall be based on the actual or
estimated distribution substation or feeder demand (including losses) of the UFLS
entities at the time coincident with the previous year actual Peak Demand.

4. 2. The amount of load in each load shedding step shall be within -1.0 and +3.0 of
the percentage specified by the Planning Coordinator (for example, if the
specified percentage step load shed is 12%, the allowable range is 11 to 15%).

4. 3. The amount of total UFLS load of all steps combined shall be within -1.0 and +5.0
of the percentage specified by the Planning Coordinator for the total UFLS load in
the UFLS scheme.

M4. Each UFLS entity that has a total load of 100 MW or greater in a Planning
Coordinator area in the SERC Region shall have evidence such as reports or other
documentation demonstrating that its implementation of the UFLS scheme on
May 1 of each calendar year meets the requirements of Requirement R4
(including all the data elements in Parts 4.1, 4.2, and 4.3) unless scheme changes
per Requirement R6 are in process.

R5. Each UFLS entity that has a total load less than 100 MW in a Planning Coordinator area
in the SERC Region shall implement the UFLS scheme developed by their Planning
Coordinator, but shall not be required to have more than one UFLS step. UFLS entities
may implement the UFLS scheme developed by the Planning Coordinator by
coordinating with other UFLS entities. The UFLS scheme shall meet the following
requirements on May 1 of each calendar year. [Violation Risk Factor: Medium] [Time
Horizon: Operations Planning].
Page 6 of 15

5.1. The percent of load shedding to be implemented shall be based on the actual or
estimated distribution substation or feeder demand (including losses) of the UFLS
entities at the time coincident with the previous year actual Peak Demand.

5.2. The amount of total UFLS load shall be within 5.0 of the percentage specified by
the Planning Coordinator for the total UFLS load in the UFLS scheme.

M5. Each UFLS entity that has a total load less than 100 MW in a Planning Coordinator
area in the SERC Region shall have evidence such as reports or other
documentation demonstrating that its implementation of the UFLS scheme on
May 1 of each calendar year meets the requirements of Requirement R5
(including all the data elements in Parts 5.1and 5.2) unless scheme changes per
Requirement R6 are in process.

R6. Each UFLS entity shall implement changes to the UFLS scheme which involve frequency
settings, relay time delays, or changes to the percentage of load in the scheme within
18 months of notification by the Planning Coordinator. [Violation Risk Factor: High]
[Time Horizon: Long-term Planning]

M6. Each UFLS entity shall have evidence such as reports or other documentation
demonstrating that it has made the appropriate scheme changes within 18
months per Requirement R6. Such evidence is only required if the Planning
Coordinator makes changes to the UFLS scheme as specified in Requirement R6.

R7. Each Planning Coordinator shall provide the following information to SERC according to
the schedule specified by SERC. [Violation Risk Factor: Lower] [Time Horizon: Long-
term Planning]

7.1. Underfrequency trip set points (Hz)

7.2. Total clearing time associated with each set point (sec). This includes the time
from when frequency reaches the set point and ends when the breaker opens.

7.3. Amount of previous year actual or estimated load associated with each set point,
both in percent and in MW. The percentage and the Load demand (MW) shall be
based on the time coincident with the previous year actual Peak Demand.

documentation that data specified in Requirement R7 was provided to SERC in
accordance with the schedule.

Page 7 of 15
R8. Each Generator Owner shall provide the following information within 30 days of a
request by SERC to facilitate post-event analysis of frequency disturbances. [Violation
Risk Factor: Lower] [Time Horizon: Long-term Planning]

8.1. Generator protection automatic underfrequency and overfrequency trip set
points (Hz).

8.2. Total clearing time associated with each set point (sec). This is defined as the
time that begins when frequency reaches the set point and ends when the
breaker opens. If inverse time underfrequency relays are used, provide the total
clearing time at 59.0, 58.5, 58.0, and 57.0 Hz.

8.3. Maximum generator net MW that could be tripped automatically due to an
underfrequency or overfrequency condition.

M8. Each Generator Owner shall have evidence such as reports or other
documentation that data specified in Requirement R8 was provided to SERC as
requested.

Page 8 of 15
Compliance

Compliance enforcement authority
SERC Reliability Corporation
Compliance monitoring and assessment process
Compliance Audit
Self-Certification
Spot Checking
Self-Reporting
Complaint
Evidence retention
Each Planning Coordinator, UFLS Entity and Generator Owner shall keep data or
evidence to show compliance as identified below unless directed by SERC to
retain specific evidence for a longer period of time as part of an investigation.
Each Planning Coordinator, UFLS Entity and Generator Owner shall retain the
current evidence of each Requirement and Measure as well as any evidence
necessary to show compliance since the last compliance audit.
If a Planning Coordinator, UFLS Entity or Generator Owner is found non-
compliant or for the retention period specified above, whichever is longer.
The compliance enforcement authority shall keep the last audit records and all

Page 9 of 15
Time Horizons, Violation Risk Factors, and Violation Severity Levels

Table 1
R#
Time
Horizon
VRF
Violation Severity Level
R1 Long-term
Planning

Medium
N/A N/A

N/A The Planning
Coordinator did not have
evidence that its criteria
included selection of its
SERC subregion(s) as an
island, with or without
adjusted boundaries.
R2 Long-term
Planning

Medium
The Planning
Coordinator's scheme
did not meet one of the
UFLS system design
requirements identified
in 2.2 through 2.6
The Planning
did not meet two of the
UFLS system design
in 2.2 through 2.6.
The Planning
did not meet three of
the UFLS system design
in 2.2 through 2.6.
The Planning
did not meet 2.1
OR
Four or more of the UFLS
system design
in 2.2 through 2.6.
R3 Long-term
Planning

High
N/A The Planning
conduct one of the
required simulations of
its UFLS scheme.
N/A The Planning
conduct two of the
required simulations of
its UFLS scheme.
R4 Operations
Planning

Medium
The UFLS entitys
implemented UFLS
scheme had one load
shedding step outside
the range specified in 4.
The UFLS entitys
implemented UFLS
scheme had two load
shedding steps outside
the range specified in 4.
The UFLS entitys
implemented UFLS
scheme had three or
more load shedding
steps outside the range
The UFLS entitys
implemented UFLS
scheme had three or
more load shedding
steps outside the range
Page 10 of 15
Table 1
R#
Time
Horizon
VRF
2.

2.

specified in 4.2.
OR
The UFLS entity's
implemented UFLS
scheme had a total load
outside the range
specified in 4.3.
specified in 4.2.
AND
The UFLS entity's
implemented UFLS
outside the range
specified in 4.3.
R5 Operations
Planning

Medium
N/A N/A N/A The UFLS entity's
implemented UFLS
outside the range
specified in 5.2.
R6 Long-term
Planning

High
The UFLS entity
implemented required
scheme changes but
made them 1 to 30 days
after the scheduled
date.
The UFLS entity
scheme changes but
made them 31 to 40
days after the scheduled
date.
The UFLS entity
scheme changes but
made them 41 to 50
date.
The UFLS entity
scheme changes but
made them more than
50 days after the
scheduled date
OR
The UFLS entity failed to
implement the required
scheme changes.
R7 Long-term
Planning

Lower
The Planning
Coordinator provided
the data required in R7
to SERC 1 to 10 days
The Planning
The Planning
The Planning
to SERC more than 30
Page 11 of 15
Table 1
R#
Time
Horizon
VRF
after the scheduled
submittal date.

after the scheduled
submittal date.
OR
The Planning
Coordinator did not
provide to SERC one
piece of information
listed in R7.
after the scheduled
submittal date.
OR
The Planning
Coordinator did not
provide to SERC two
pieces of information
listed in R7.
submittal date.
OR
The Planning
Coordinator did not
provide to SERC any of
the information listed in
R7.
R8 Long-term
Planning

Lower
The Generator Owner
provided the data
required in R8 to SERC 1
to 10 days after the
requested submittal
date.

The Generator Owner
provided the data
required in R8 to SERC
11 to 20 days after the
requested submittal
date.
OR
The Generator Owner
did not provide to SERC
one piece of information
listed in R8.
The Generator Owner
provided the data
21 to 30 days after the
requested submittal
date.
OR
The Generator Owner
two pieces of
information listed in R8.
The Generator Owner
provided the data
more than 30 days after
the requested submittal
date.
OR
The Generator Owner
any of the information
listed in R8.

Page 12 of 15
Regional Variances
None

Interpretations
None


1. Existing UFLS schemes
Each Planning Coordinator should consider the existing UFLS programs which are in place
and should consider input from the UFLS entities in developing the UFLS scheme.
2. Basis for SERC standard requirements
SERC Standard PRC-006-SERC-01 is not a stand-alone standard, but was written to be
followed in conjunction with NERC Standard PRC-006-1. The primary focus of SERC Standard
PRC-006-SERC-01 was to provide region-specific requirements for the implementation of
the higher tier NERC standard requirements with the goals of a) adding clarity and b)
providing for consistency and a coordinated UFLS scheme for the SERC Region as a whole.
Generally speaking, requirements already in the NERC standard were not repeated in the
SERC standard. Therefore, both the NERC and SERC standards must be followed to ensure
full compliance.
3. Basis for applying a percentage load shedding value to Forecast Load versus Actual Load
The Planning Coordinator will develop a UFLS scheme to meet the performance
requirements of NERC Standard PRC-006-1 Requirement R3 and SERC Standard PRC-006-
SERC-01 Requirement R2. This development will result in certain percentages of load for
each UFLS entity in the Planning Coordinators area for which automatic under frequency
load shedding must be implemented. The Planning Coordinator develops these percentages
based on forecast peak load demand. However, the UFLS entity implements these
percentages based on the previous years actual peak demand. Applying the same
percentage to these different base values was intentional to ensure that both the Planning
Coordinator and UFLS entities had a clear, measurable value to use in performing their
respective roles in meeting the standard. Planning Coordinators typically use forecast
demands in their work. Whereas the previous years actual (or estimated) demand is
typically more available to UFLS entities. Additionally, the use of percentages based on
these different base values tends to minimize the error due to the time lag between design
and actual field implementation. Since a percentage is provided by the Planning Coordinator
to the UFLS entities, any differences between the design values (i.e., forecast load) and the
implemented values (i.e., previous years actual) would naturally tend to match up
reasonably well. For example, if the total planning area load in MW for which UFLS was
installed during the time of implementation was slightly higher or lower than the MW value
used in the design by the Planning Coordinator, multiplying by the specified percentage
would result in an implemented load shedding scheme that also had a reasonably similar
higher or lower MW value.
Page 13 of 15
4. Basis for May 1 and 18 month time frames
Each UFLS entity must annually review that the amount of UFLS load shedding implemented
is within a certain tolerance as specified by SERC Standard PRC-006-SERC-01 Requirement
R4 or Requirement R5 by May 1 of the current year. May 1 was chosen to allow sufficient
time after the previous years peak occurred to make adjustments in the field to the
implementation if necessary to meet the tolerances specified in Requirement R4 or
Requirement R5. Therefore, the May 1 date applies only to implementation of the existing
percentages of load shedding specified by the Planning Coordinator. On the other hand, the
18-month time frame specified in PRC-006-SERC-01 Requirement R6 is intended to allow
sufficient budgeting, procurement, and installation time for additional equipment, or for
significant setting changes to existing equipment necessary to meet a revised load shedding
scheme design that has been specified by the Planning Coordinator. During this 18-month
transition period, the May 1 measurement of R4 or Requirement R5 would not apply.
5. Basis for smaller entity threshold of 100 MW
Most distribution substations have transformers rated in the range of 10 to 40 MVA. Usually
most transformers would serve 1 to 4 feeders and each feeder will normally carry between
8 and 10 MVA. In general, assuming that each feeder would carry 10 MW, an entity with a
load slightly greater than 100 MW would have at least 10 feeders available. For a program
with three 10 % steps, only 3 feeders would be required to have under frequency load shed
capabilities. The 100 MW threshold seems to provide adequate flexibility for implementing
load shedding in three steps for entities slightly greater than 100 MW.

Rationale:
the rationale for various parts of the standard. Upon BOT approval, the text from each of the
rationale text boxes was moved to this section.

Rationale for R1:
Studying the Region as an island is required by the NERC standard. Most regions have only one
or a few different UFLS schemes. Where there is more than one scheme, studying this island
demonstrates that the schemes are coordinated and performing adequately. Because there
are so many different UFLS schemes in SERC (18 different schemes were represented in the
2007 SERC UFLS study), the SDT believes that applying the schemes to each subregion as an
island is a necessary additional test of the coordination of the various UFLS schemes. Without
this additional test, a poorly performing scheme may be masked by the large number of good
performing schemes in the Region. A subregion island study, which would have a smaller
number of schemes, would be more likely to uncover the poorly performing scheme and
therefore get it fixed. This approach will result in a much better overall performance of the
UFLS programs in SERC. The SDT recognized that there may be simulation problems due to
opening the ties to utilities outside the subregion. Therefore, the subregion island boundaries
are allowed to be adjusted to produce an island more suitable for simulation.
Page 14 of 15
(Note: The SERC Subregions are identified in paragraph 4.2 of the SERC Reliability Corporation
Bylaws: The Region is currently geographically divided into five subregions that are identified
as Southeastern, Central, VACAR, Delta, and Gateway.)

Rationale for R2:
These requirements for the UFLS schemes in SERC have been in place for many years (except
2.6). The SDT believes that these requirements are still needed to ensure consistency for the
various schemes which are used in SERC. Part 2.6 is designed to prevent spurious operations
due to transient frequency swings.

Rationale for R3:
R4 of the NERC standard PRC-006-1 requires the PC to conduct assessments of UFLS schemes
through dynamic simulations to verify that they meet performance requirements for
generation/load imbalances of up to 25%. This requirement defines specific imbalances that are
to be studied within SERC. The 13% and 22% levels were determined from simulations of the
worst case frequency overshoot for the UFLS schemes in SERC.

Rationale for R4:
The SDT believes it is necessary to put a requirement on how well the UFLS scheme is
implemented. This requirement specifies how close the actual load shedding amounts must be
to the percentage of load called for in the scheme. A 4 percentage point range is allowed for
each individual step, but the allowed range for all steps combined is 6 percentage points.

Rationale for R5:
The SDT believes it is necessary to put a requirement on how well the UFLS scheme is
implemented. This requirement specifies how close the actual load shedding amounts must be
to the percentage of load called for in the scheme. The SDT recognizes that UFLS entities with a
load of less than 100 MW may have difficulty in implementing more than one UFLS step and in
meeting a tight tolerance. The basis of the 100 MW comes from typical feeder load dropped by
UFLS relays, and the use of a 100 MW threshold in other regional UFLS standards.

Rationale for R6:
The SDT believes it is necessary to put a requirement on how quickly changes to the scheme
should be implemented. This requirement specifies that changes must be implemented within
18 months of notification by the PC. The 18 month interval was chosen to give a reasonable
amount of time for making changes in the field. All of the SERC Region has existing UFLS
schemes which, based on periodic simulations, have provided reliable protection for years.
Events which result in islanding and an activation of the UFLS schemes are extremely rare in
SERC. Therefore, the SDT does not believe that changes to an existing UFLS scheme will be
needed in less than 18 months. However, if a PC determines there is a need for changing the UFLS
scheme faster than 18 months, then the PC may require the implementation to be done sooner as
allowed by NERC Reliability Standard PRC-006-1.

Page 15 of 15
Rationale for R7:
The NERC standard requires that a UFLS database be maintained by the Planning Coordinator.
This requirement specifies what data must be reported to SERC. A SERC UFLS database is
needed to facilitate data sharing across the SERC Region, with other regions, and with NERC.

Rationale for R8:
The SDT believes that generator over and under frequency tripping data is needed to
supplement the UFLS data provided by the Planning Coordinator for post-event analysis of
frequency disturbances. This requirement states what data must be reported to SERC by the
Generator Owners.
Since the inverse time curve cannot easily be placed into the SERC database, four clearing times
based on data from the curve are requested. These clearing times are intended to cover a
range of frequencies needed for event replication as well as provide information about
generators that trip at a higher frequency than is allowed by the NERC standard.

Version History

1 September 19,
2011
SERC Board Approved

1 November 3,
2011

1 December 20,
2012
FERC Order issued approving PRC-006-SERC01

1 March 11, 2013 Modified the Rationale and changed the VRF for
Requirement R6 from Medium to High per a
compliance filing (Filed on 3/11/13)

SPP Standard PRC-006-SPP-01 Automatic Underfrequency Load Shedding

Page 1 of 16
A. Introduction

1. Title: Southwest Power Pool (SPP) Automatic Underfrequency Load Shedding

2. Number: PRC-006-SPP-01

3. Purpose: To develop, coordinate and document requirements for automatic
underfrequency load shedding (UFLS) programs to arrest declining frequency and
assist recovery of frequency following underfrequency events.

4. Applicability:

4.1. Planning Coordinator

4.2. UFLS entities shall mean all entities that are responsible for the ownership,
of the following:

4.2.1. Transmission Owners
4.2.2. Distribution Providers

4.3. Generator Owners

5. Effective Date: Requirements R4, R5, and R6 shall become effective the first day of
the first calendar quarter one year after regulatory approval.

The remaining requirements shall become effective the first day of the first calendar
quarter three years after regulatory approval.

6. Basis for Standard Development: UFLS entitys planning data for the upcoming
calendar year.


R1. Each UFLS entity that has a total forecasted peak Load greater than or equal to 100
MW shall develop and implement an automatic UFLS program that meets the
following requirements: [VRF: High][Time Horizon: Long-term Planning]

1.1. A minimum of 10% shall be shed at each UFLS step in accordance with the
table below.

Page 2 of 16

1.2. The intentional relay time delay for UFLS shall be less than or equal to 30
cycles.

1.3. Undervoltage inhibit setting shall be less than or equal to 85 percent of
nominal voltage.

M1. Each UFLS entity shall have evidence such as reports, program plans, or other
documentation of its UFLS program that demonstrates it meets requirement
R1 Parts 1.1 through 1.3.

R2. Each UFLS entity that has a total forecasted peak Load less than 100 MW shall
develop and implement an automatic UFLS program that meets the following
requirements: [VRF: Medium][Time Horizon: Long-term Planning]

2.1. A minimum of one UFLS step with the frequency set point as assigned by the

2.2. The minimum accumulated Load relief shall be at least 30% of the forecasted
peak Load.

2.3. The intentional relay time delay for UFLS shall be less than or equal to 30
cycles.

2.4. Undervoltage inhibit setting shall be less than or equal to 85 percent of
nominal voltage.

M2. Each UFLS entity shall have evidence such as reports, program plans, or other
documentation of its UFLS program that demonstrates it meets requirement
R2 Parts 2.1 through 2.4.

(1)
UFLS
Step
(2)
Frequency
(hertz)
(3)
Minimum
accumulated load
relief as percentage
of forecasted peak
Load
(%)
(4)
Maximum
accumulated load
relief as percentage
of forecasted peak
Load
(%)
1 59.3 10 25
2 59.0 20 35
3 58.7 30 45

Page 3 of 16
R3. Each UFLS entity electing to use underfrequency islanding schemes shall design those
islanding schemes to operate after all 3 steps of UFLS have been exhausted and the
frequency continues to fall to 58.5 Hz or below. For islanding schemes designed to
operate at or between 58.5 Hz and 58.0 Hz, the minimum time delay shall be 2
seconds. For islanding schemes designed to operate below 58.0 Hz, no time delay is
required. [VRF: Lower][Time Horizon: Long-term Planning]

M3. Each UFLS entity electing to use islanding schemes shall have evidence such as
reports, program plans, or other documentation of its UFLS program that
demonstrates it meets requirement R3.

R4. The Planning Coordinator shall perform and document a UFLS technical assessment
within one year after the occurrence of any of the following situations: [VRF:
Medium][Time Horizon: Long-term Planning]

Performance characteristic changes to PRC-006 or the SPP UFLS standard.
Changes to the boundaries of a specified island are identified.

M4. The Planning Coordinator shall have evidence that it performed a technical
assessment per requirement R4.

R5. Each UFLS entity shall maintain and submit the following UFLS data based on the
forecasted peak Load to the Planning Coordinator within (30) calendar days upon
request from the Planning Coordinator: [VRF: Lower][Time Horizon: Long-term
Planning]

5.1. Location of installed UFLS equipment

5.2. Trip frequency(s) for each location

5.3. Total relay operating time of each location (time required for the relay to
reliably sense the frequency + intentional delay time (if any))

5.4. Breaker operating time (nameplate) of each location

5.5. Percentage and/or MW of bus load to be shed at the location

5.6. Total amount of load shed by each trip frequency and the total forecasted
peak Load

5.7. Tie tripping schemes and the frequency and time delay at which they operate

5.8. Islanding schemes and the frequency and time delay at which they operate


Page 4 of 16
M5. Each UFLS entity shall have evidence that the information was supplied to the
Planning Coordinator per requirement R5.

R6. Each Generator Owner shall maintain and submit the following data to the Planning
Coordinator within (30) calendar days upon request from the Planning Coordinator:
[VRF: Lower][Time Horizon: Long-term Planning]

6.1. Location of underfrequency and overfrequency equipment

6.2. Trip frequency(s) for each location

6.3. Total relay operating time of each location (time required for the relay to
reliably sense the frequency + intentional delay time (if any))

6.4. Breaker operating time (nameplate) of each location

6.5. MW of generation shed at each location

M6. Each Generator Owner shall have evidence that the information was supplied
to the Planning Coordinator per requirement R6.

R7. Each Generator Owner shall verify that their generating unit(s) will not trip above the
Generator underfrequency curve in Attachment 1 and will not trip below the
Generator overfrequency curve in Attachment 2 as a result of the unit(s) frequency
protective relay settings. [VRF: Medium][Time Horizon: Long-term Planning]

7.1. For generating units with operating characteristics that limit the units ability
to perform in accordance with R7, the Generator Owner shall provide to the
Planning Coordinator technical evidence demonstrating that the unit cannot
operate within the specified frequency range without causing equipment
damage or violating manufacturers published equipment ratings.

M7. Each Generator Owner shall have evidence that it complies with R7 or that the
information was supplied to the Planning Coordinator, if appropriate, as
required in R7.1.

R8. The Planning Coordinator shall determine if the Generator Owner has provided
technical evidence demonstrating that the unit cannot operate within the specified
frequency range without causing equipment damage or violating manufacturers
published equipment ratings. [VRF: Medium][Time Horizon: Long-term Planning]

8.1. The Planning Coordinator shall determine if the UFLS program performance is
degraded due to the removal of any generation identified in accordance with
R7.1 and verified in accordance with R8.

Page 5 of 16

8.1.1. If the Planning Coordinator determines the UFLS program is degraded
in accordance with R8.1 and that supplementary load shedding is,
therefore, required, the Planning Coordinator shall notify the
Generator Owner or UFLS entity(s) in accordance with the following:

Where the Generator Owner is a UFLS Entity and has the
required amount of supplementary Load available, the Planning
Coordinator shall notify the Generator Owner of Load the entity
is required to shed (in addition to that required in accordance
with R1 and R2)

Where the Generator Owner is not a UFLS Entity, or does not
have the required supplementary Load available for shedding,
the Planning Coordinator shall notify any other UFLS Entity(s)
within the Planning Coordinator Area of Load the entity(s) is
required to shed (in addition to that required in accordance with
R1 and R2)

M8. The Planning Coordinator shall have evidence that it complies with the
requirements in R8.

R9. The Generator Owner or other UFLS entity(s) shall implement supplementary
shedding of Load required by the Planning Coordinator in accordance with R8.1.1.
[VRF: Medium][Time Horizon: Long-term Planning]

M9. The Generator Owner or other UFLS entity shall have evidence that it
complies with the requirements in R9.

C. Compliance



SPP Regional Entity
SERC (for Planning Coordinator only)

1.2. Data Retention

The Planning Coordinator and each UFLS entity and Generator Owner shall keep
data or dated evidence to show compliance as identified below unless directed

Page 6 of 16
by SPP Regional Entity to retain specific evidence for a longer period of time as

Each UFLS entity shall retain the current evidence of Requirements R1 or R2,
and R3, Measures M1 or M2, and M3, as well as any evidence necessary to
show compliance since the last compliance audit.

Each UFLS entity shall retain evidence of UFLS data transmittal to the
Planning Coordinator since the last compliance audit in accordance with

The Planning Coordinator shall retain the current evidence of Requirement
R4, Measure M4 as well as any evidence necessary to show compliance
since the last compliance audit.

Each Generator Owner shall retain evidence of UFLS data transmittal to the
Planning Coordinator since the last compliance audit in accordance with

Each Generator Owner shall retain evidence of Requirements R7, Measures
M7 as well as any evidence necessary to show compliance since the last
compliance audit.

If the Planning Coordinator, UFLS entity or Generator Owner is found non-
compliant or for the retention period specified above, whichever is longer.

1.3. Compliance Monitoring and Assessment Process

Compliance Audit
Self-Certification
Spot Checking
Self-Reporting
Complaint


UFLS entities may implement an aggregated UFLS program with other UFLS
entities. In R1 and R2, the 100 MW limit refers to the aggregated UFLS program,
if one exists.


Page 7 of 16


R
#
Time
Horizon
R1 Long-
Term
Planning
High N/A UFLS entity developed a
program, but failed to
meet any one (1) of the
following 5 requirements:

Part 1.1 (Step1-3)
Part 1.2
Part 1.3
UFLS entity developed a
meet any two (2) of the
following 5
requirements:

Part 1.1 (Step1-3)
Part 1.2
Part 1.3
meet three (3) or more of
the following 5
requirements:

Part 1.1 (Step1-3)
Part 1.2
Part 1.3
OR
Failed to develop a UFLS
program
R2 Long-
Term
Planning
Medium UFLS entity developed
a program, but failed to
meet one (1) of the
requirements in Parts
2.1 through 2.4
meet two (2) of the
requirements in Parts 2.1
through 2.4
meet three (3) of the
requirements in parts 2.1
through 2.4
meet all four (4) of the
requirements in Parts 2.1
through 2.4
OR
Failed to develop a UFLS
program
R3 Long- Lower N/A N/A N/A UFLS entity, electing to

Page 8 of 16
R
#
Time
Horizon
Term
Planning
use underfrequency
islanding schemes, failed
to develop an islanding
scheme per the
requirement
R4 Long-
Term
Planning
Medium The Planning
Coordinator performed
a technical assessment
within five years and
three months or within
one year and three
months after one of
the situations listed in
R4
performed a technical
assessment within five
years and six months or
within one year and six
months after one of the
situations listed in R4
assessment within five
years and nine months or
within one year and nine
months after one of the
assessment within six
years or within two years
after one of the
OR
The Planning
perform a technical
assessment
R5 Long-
Term
Planning
Lower UFLS entity provided
required data more
and up to and including
45 calendar days
following the request
UFLS entity provided
required data more than
45 calendar days and up
to and including 60
calendar days following
the request
OR
UFLS entity did not
provide one piece of
information listed in R5
60 calendar days and up
to and including 75
calendar days following
the request
OR
UFLS entity did not
provide two pieces of
75 calendar days
OR
UFLS entity did not
provide required data
after the request was
made

Page 9 of 16
R
#
Time
Horizon
(e.g., 5.1.) (e.g., 5.1. and 5.2.) OR
UFLS entity did not
provide three or more
listed in R5 (e.g., 5.1. and
5.2. and 5.3.)
R6 Long-
Term
Planning
Lower Generator Owner
provided required data
days and up to and
including 45 calendar
days following the
request
Generator Owner
days and up to and
OR
provide one piece of
(e.g., 6.1.)
Generator Owner
days and up to and
including 75 calendar
days following the
request
OR
provide two pieces of
(e.g., 6.1. and 6.2.)
Generator Owner
days following the
request
OR
provide required data
after the request was
made
OR
provide three or more
listed in R6 (e.g., 6.1. and
6.2. and 6.3.)

Page 10 of 16
R
#
Time
Horizon
R7 Long-
Term
Planning
Medium N/A N/A The Generator Owner did
not provide technical
evidence to the Planning
Coordinator
demonstrating that the
unit cannot operate
within the specified
frequency range without
causing equipment
damage or violating
manufacturers
published equipment
ratings for their
generating units with
operating characteristics
that limit the units
ability to perform in
accordance with R7.
The Generator Owner did
not verify that their
generating unit(s) will not
trip above the Generator
underfrequency curve in
Attachment 1 and will
not trip below the
Generator overfrequency
curve in Attachment 2
due to the generator unit
frequency protective
relay settings.
R8 Long-
Term
Planning
Medium N/A N/A The Planning Coordinator
determined that the
UFLS program was
degraded in accordance
with R8.1, but did not
notify the Generator
Owner or the UFLS entity
of the Load that they
were required to shed.
did not determine if the
UFLS program
performance was
degraded due to the
removal of any
generation identified in
accordance with R7.1 and
verified in accordance

Page 11 of 16
R
#
Time
Horizon
with R8.
R9 Long-
Term
Planning
Medium N/A N/A N/A The Generator Owner or
other UFLS entity did not
implement
supplementary shedding
of Load required by the
Planning Coordinator in
accordance with R8.1.1.

Page 12 of 16

D. Associated Documents

Rationale:

Note:
UFLS program performance will be measured based on the entitys planning values and not the
one-minute average of the entitys load prior to the first underfrequency relay action. This has
changed from the current SPP Criteria.

Rationale for R1:
The current SPP UFLS program includes three separate UFLS steps with a minimum load
shedding percentage of 10%, 20%, and 30%, cumulatively, for each of the three steps. These
have remained unchanged from the SPP Criteria. The SDT believed that it was reasonable to
increase the maximum load shedding percentages in steps 1 and 2. The maximum load
shedding percentages in steps 1 and 2 were increased from 15% and 30%, respectively, to 25%
and 35%, allowing more flexibility for those steps.

Total forecasted peak Load is the projected planning value of an entitys end-use customers
coincident system peak load for the upcoming calendar year.

Rationale for R2:
The SDT realized that some small UFLS entities may experience difficulty in achieving more than
one UFLS step due to a smaller arrangement of loads and meeting the tolerances set forth in
the load shedding table of R1.1. The basis for selecting 100 MW as the threshold comes from
the use of this same value in other regional UFLS standards and a reasonable judgment that the
total forecasted load served by most smaller electric utilities is less than 100 MW. R2 was
structured to accommodate these small entities and its inclusion within this standard indicates
the importance of having all entities participate in the UFLS program.

Rationale for R3:
UFLS entities may elect to implement schemes following operation of all three underfrequency
steps should the frequency continue to decay. The SDT believes that a time delay on initiation
of islanding for frequencies slightly below the third step of load shedding is necessary to allow
time for system recovery and to accommodate some frequency overshoot. The SPP UFLS study,
conducted by Powertech, showed that frequency excursions between 58.5 and 58.0 Hz would
recover in less than 2 seconds. Therefore, having a 2 second time delay may avoid islanding.

This Requirement does not include Out-of-Step trip relaying designed to isolate portions of the
power grid for unstable power swings.

Page 13 of 16
Rationale for R4:
Assessment and documentation of the effectiveness of the design and implementation of the
Regional UFLS is required by NERC PRC-006-0 R1.3 to be conducted periodically (at least every
five years or required by changes in system conditions). The purpose of the SPP UFLS
requirement R4 is to expand upon NERC PRC-006-0 R1.3. Changes in system conditions
includes performance characteristic changes in PRC-006 or this SPP UFLS document. This also
includes changes to the boundaries of a specified island, for example when Nebraska was
brought into the SPP specified island. The SDT believes after such changes it is imperative to
perform a new assessment to ensure UFLS program effectiveness.

Rationale for R5:
The NERC standard requires that; Each Planning Coordinator shall maintain a UFLS database
containing data necessary to model its UFLS program for use in event analyses and assessments
of the UFLS. The information requested in R5 is the data required by the Planning Coordinator
to model the UFLS program and maintain compliance to the NERC standard.

Rationale for R6:
The SDT believes this generator data is needed by the Planning Coordinator for the following
reasons:
1.) better modeling for UFLS technical assessments,
2.) performing routine UFLS studies, and
3.) post-event analysis.

This data will enable the Planning Coordinator to evaluate whether the generator can meet the
R7 requirement and determine if additional load shedding is required on the part of the UFLS
entities.

Rationale for R7:
In order to effectively study and evaluate the performance of the UFLS system the generator
relay protection trip values must be known. The ultimate goal is to balance the generation and
load so that a total collapse does not occur. Therefore, the generator trip values are critical to
evaluating the performance of the UFLS system. With this information the system can then be
studied.

Rationale for R8:
The Planning Coordinator is required to verify the Generator Owners technical justification for
not being able to operate throughout the Attachment 1 and 2 curves and to review the
consequences to the UFLS program performance for the loss of that additional generation after
the initiation of an under frequency event. It also provides a mechanism for the Planning
Coordinator to resolve the detrimental effects of the loss of this additional generation if it
determines that the performance of the UFLS program is degraded.


Page 14 of 16

Rationale for R9:
The SDTs decision to include R9 is to prevent blackouts caused by early removal of generating
units from the system. In a real time load shedding event, if the UFLS is degraded in accordance
with R8.1.1, removal of units will make the system condition worse. This is the main reason for
the supplementary shedding of loads to compromise the loss of generation. This action is
critical to bring back the unstable system to stable.

Version History

1 July 30, 2012 SPP Board of Directors approved
1 November 7,
2012


Page 15 of 16

57.8
58
58.2
58.4
58.6
58.8
59
59.2
59.4
0.1 1 10 100 1000
F
r
e
q
u
e
n
c
y

(
H
z
)

Time (sec)
PRC-006-SPP-1 - Attachment 1
Underfrequency Curves for Requirement R7

Generator Underfrequency Trip Modeling

Page 16 of 16

60.6
60.8
61
61.2
61.4
61.6
61.8
62
0.1 1 10 100 1000
F
r
e
q
u
e
n
c
y

(
H
z
)

Time (sec)
PRC-006-SPP-1 - Attachment 2
Overfrequency Curves for Requirement R7
Generator Overfrequency Trip Modeling
Standard PRC-007-0 Assuring Consistency with Regional UFLS Program Requirements


A. Introduction
1. Title: Assuring Consistency of Entity Underfrequency Load Shedding Programs
with Regional Reliability Organizations Underfrequency Load Shedding Program
Requirements
3. Purpose: Provide last resort System preservation measures by implementing an Under
4. Applicability:
4.1. Transmission Owner required by its Regional Reliability Organization to own a UFLS
program
4.2. Transmission Operator required by its Regional Reliability Organization to operate a
UFLS program
4.3. Distribution Provider required by its Regional Reliability Organization to own or operate
a UFLS program
4.4. Load-Serving Entity required by its Regional Reliability Organization to operate a UFLS
program
B. Requirements
R1. The Transmission Owner and Distribution Provider, with a UFLS program (as required by its
Regional Reliability Organization) shall ensure that its UFLS program is consistent with its
Regional Reliability Organizations UFLS program requirements.
R2. The Transmission Owner, Transmission Operator, Distribution Provider, and Load-Serving
Entity that owns or operates a UFLS program (as required by its Regional Reliability
Organization) shall provide, and annually update, its underfrequency data as necessary for its
Regional Reliability Organization to maintain and update a UFLS program database.
R3. The Transmission Owner and Distribution Provider that owns a UFLS program (as required by
its Regional Reliability Organization) shall provide its documentation of that UFLS program to
its Regional Reliability Organization on request (30 calendar days).
C. Measures
M1. Each Transmission Owners and Distribution Providers UFLS program shall be consistent
with its associated Regional Reliability Organizations UFLS program requirements.
M2. Each Transmission Owner, Transmission Operator, Distribution Provider, and Load-Serving
Entity that owns or operates a UFLS program shall have evidence that it provided its associated
Regional Reliability Organization and NERC with documentation of the UFLS program on
request (30 calendar days).
D. Compliance
Standard PRC-007-0 Assuring Consistency with Regional UFLS Program Requirements


1.3. Data Retention
None specified.
None.
2.1. Level 1: Theevaluation of the entitys UFLS program for consistency with its
Regional Reliability Organizations UFLS program is incomplete or inconsistent in one
or more requirements of Reliability Standard PRC-006-0_R1, but is consistent with the
required amount of Load shedding.
2.2. Level 2: The amount of Load shedding is less than 95percent of the Regional
requirement in any of the Load steps.
2.3. Level 3: The amount of Load shedding is less than 90percent of the Regional
requirement in any of the Load steps.
2.4. Level 4: The evaluation of the entitys UFLS program for consistency with its
Regional Reliability Organizations UFLS program was not provided or the amount of
Load shedding is less than 85 percent of the Regional requirement on any of the Load
steps.
1. None identified.
Version History

Standard PRC-008-0 Underfrequency Load Shedding Equipment Maintenance Programs

A. Introduction
1. Title: Implementation and Documentation of Underfrequency Load Shedding
Equipment Maintenance Program
3. Purpose: Provide last resort system preservation measures by implementing an Under
4. Applicability:
4.1. Transmission Owner required by its Regional Reliability Organization to have a UFLS
program
4.2. Distribution Provider required by its Regional Reliability Organization to have a UFLS
program
B. Requirements
R1. The Transmission Owner and Distribution Provider with a UFLS program (as required by its
Regional Reliability Organization) shall have a UFLS equipment maintenance and testing
program in place. This UFLS equipment maintenance and testing program shall include UFLS
equipment identification, the schedule for UFLS equipment testing, and the schedule for UFLS
equipment maintenance.
R2. The Transmission Owner and Distribution Provider with a UFLS program (as required by its
Regional Reliability Organization) shall implement its UFLS equipment maintenance and
testing program and shall provide UFLS maintenance and testing program results to its
Regional Reliability Organization and NERC on request (within 30 calendar days).
C. Measures
M1. Each Transmission Owners and Distribution Providers UFLS equipment maintenance and
testing program contains the elements specified in Reliability Standard PRC-008-0_R1.
M2. Each Transmission Owner and Distribution Provider shall have evidence that it provided the
results of its UFLS equipment maintenance and testing programs implementation to its
Regional Reliability Organization and NERC on request (within 30 calendar days).
D. Compliance
1.3. Data Retention
None specified.
None.
Standard PRC-008-0 Underfrequency Load Shedding Equipment Maintenance Programs

2.1. Level 1: Documentation of the maintenance and testing program was incomplete, but
records indicate implementation was on schedule.
2.2. Level 2: Complete documentation of the maintenance and testing program was provided,
but records indicate that implementation was not on schedule.
2.3. Level 3: Documentation of the maintenance and testing program was incomplete, and
records indicate implementation was not on schedule.
2.4. Level 4: Documentation of the maintenance and testing program, or its implementation
was not provided.
1. None identified.
Version History
0 September 26, 2005 Fixed reference in M1 from PRC-007-
0_R1 to PRC-008-0_R1.
Errata

Standard PRC-009-0 UFLS Performance Following an Underfrequency Event


A. Introduction
1. Title: Analysis and Documentation of Underfrequency Load Shedding
Performance Following an Underfrequency Event
3. Purpose: Provide last resort System preservation measures by implementing an Under
4. Applicability:
4.1. Transmission Owner required by its Regional Reliability Organization to own a UFLS
program
4.2. Transmission Operator required by its Regional Reliability Organization to operate a
UFLS program
4.3. Load-Serving Entity required by the Regional Reliability Organization to operate a UFLS
program
4.4. Distribution Provider required by the Regional Reliability Organization to own or operate
a UFLS program
B. Requirements
R1. The Transmission Owner, Transmission Operator, Load-Serving Entity and Distribution
Provider that owns or operates a UFLS program (as required by its Regional Reliability
Organization) shall analyze and document its UFLS program performance in accordance with
its Regional Reliability Organizations UFLS program. The analysis shall address the
performance of UFLS equipment and program effectiveness following system events resulting
in system frequency excursions below the initializing set points of the UFLS program. The
analysis shall include, but not be limited to:
R1.1. A description of the event including initiating conditions.
R1.2. A review of the UFLS set points and tripping times.
R1.3. A simulation of the event.
R1.4. A summary of the findings.
R2. The Transmission Owner, Transmission Operator, Load-Serving Entity, and Distribution
Provider that owns or operates a UFLS program (as required by its Regional Reliability
Organization) shall provide documentation of the analysis of the UFLS program to its Regional
Reliability Organization and NERC on request 90 calendar days after the system event.
C. Measures
M1. Each Transmission Owners, Transmission Operators, Load-Serving Entitys and Distribution
Providers documentation of the UFLS program performance following an underfrequency
event includes all elements identified in Reliability Standard PRC-009-0_R1.
M2. Each Transmission Owner, Transmission Operator, Load-Serving Entity and Distribution
Provider that owns or operate a UFLS program, shall have evidence it provided documentation
of the analysis of the UFLS program performance following an underfrequency event as
specified in Reliability Standard PRC-009-0_R1.
Standard PRC-009-0 UFLS Performance Following an Underfrequency Event


D. Compliance
On request 90 calendar days after the system event.
1.3. Data Retention
None specified.
None.
2.1. Level 1: Analysis of UFLS program performance following an actual underfrequency
event below the UFLS set point(s) was incomplete in one or more elements in Reliability
2.4. Level 4: Analysis of UFLS program performance following an actual underfrequency
event below the UFLS set point(s) was not provided.
1. None identified.
Version History

Standard PRC-010-0 Assessment of the Design and Effectiveness of UVLS Program
1 of 2

A. Introduction
1. Title: Technical Assessment of the Design and Effectiveness of Undervoltage Load
Shedding Program.
3. Purpose: Provide System preservation measures in an attempt to prevent system voltage
collapse or voltage instability by implementing an Undervoltage Load Shedding (UVLS)
program.
4. Applicability:
4.1. Load-Serving Entity that operates a UVLS program
4.2. Transmission Owner that owns a UVLS program
4.3. Transmission Operator that operates a UVLS program
4.4. Distribution Provider that owns or operates a UVLS program
B. Requirements
R1. The Load-Serving Entity, Transmission Owner, Transmission Operator, and Distribution
Provider that owns or operates a UVLS program shall periodically (at least every five years or
as required by changes in system conditions) conduct and document an assessment of the
effectiveness of the UVLS program. This assessment shall be conducted with the associated
Transmission Planner(s) and Planning Authority(ies).
R1.1. This assessment shall include, but is not limited to:
R1.1.1. Coordination of the UVLS programs with other protection and control
systems in the Region and with other Regional Reliability Organizations, as
appropriate.
R1.1.2. Simulations that demonstrate that the UVLS programs performance is
consistent with Reliability Standards TPL-001-0, TPL-002-0, TPL-003-0
and TPL-004-0.
R1.1.3. A review of the voltage set points and timing.
R2. The Load-Serving Entity, Transmission Owner, Transmission Operator, and Distribution
Provider that owns or operates a UVLS program shall provide documentation of its current
UVLS program assessment to its Regional Reliability Organization and NERC on request (30
calendar days). (Retirement approved by NERC BOT pending applicable regulatory approval.)
C. Measures
M1. Each Transmission Owners and Distribution Providers UVLS program shall include the
elements identified in Reliability Standard PRC-010-0_R1.
M2. Each Load-Serving Entity, Transmission Owner, Transmission Operator, and Distribution
Provider that owns or operates a UVLS program shall have evidence it provided
documentation of its current UVLS program assessment to its Regional Reliability
Organization and NERC as specified in Reliability Standard PRC-010-0_R2. (Retirement
Standard PRC-010-0 Assessment of the Design and Effectiveness of UVLS Program
2 of 2

D. Compliance
Compliance Monitor: Regional Reliability Organizations. Each Regional Reliability
Organization shall report compliance and violations to NERC via the NERC Compliance
Reporting process.
Assessments every five years or as required by System changes.
Current assessment on request (30 calendar days.)
1.3. Data Retention
None specified.
None.
2.4. Level 4: An assessment of the UVLS program did not address one of the three
requirements listed in Reliability Standard PRC-010-0_R1.1 or an assessment of the
UVLS program was not provided.
1. None identified.
Version History
0 February 8,
2005
0 February 7,
2013
approval.

Standard PRC-011-0 UVLS System Maintenance and Testing


A. Introduction
1. Title: Undervoltage Load Shedding System Maintenance and Testing
3. Purpose: Provide system preservation measures in an attempt to prevent system voltage
collapse or voltage instability by implementing an Undervoltage Load Shedding (UVLS)
program.
4. Applicability:
4.1. Transmission Owner that owns a UVLS system
4.2. Distribution Provider that owns a UVLS system
B. Requirements
R1. The Transmission Owner and Distribution Provider that owns a UVLS system shall have a
UVLS equipment maintenance and testing program in place. This program shall include:
R1.1. The UVLS system identification which shall include but is not limited to:
R1.1.1. Relays.
R1.1.2. Instrument transformers.
R1.1.3. Communications systems, where appropriate.
R1.1.4. Batteries.
R1.2. Documentation of maintenance and testing intervals and their basis.
R1.3. Summary of testing procedure.
R1.4. Schedule for system testing.
R1.5. Schedule for system maintenance.
R1.6. Date last tested/maintained.
R2. The Transmission Owner and Distribution Provider that owns a UVLS system shall provide
documentation of its UVLS equipment maintenance and testing program and the
implementation of that UVLS equipment maintenance and testing program to its Regional
Reliability Organization and NERC on request (within 30 calendar days).
C. Measures
M1. Each Transmission Owner and Distribution Provider that owns a UVLS system shall have
documentation that its UVLS equipment maintenance and testing program conforms with
Reliability Standard PRC-011-0_R1.
M2. Each Transmission Owner and Distribution Provider that owns a UVLS system shall have
evidence it provided documentation of its UVLS equipment maintenance and testing program
and the implementation of that UVLS equipment maintenance and testing program as specified
in Reliability Standard PRC-011-0_R2.
D. Compliance
Standard PRC-011-0 UVLS System Maintenance and Testing


On request (30 calendar days).
1.3. Data Retention
None specified.
None.
2.1. Level 1: Documentation of the maintenance and testing program was complete, but
2.4. Level 4: Documentation of the maintenance and testing program, or its
implementation, was not provided.
1. None identified.
Version History
0 October 12, 2005 Level 2 Non-Compliance: Changed
incomplete to complete and inserted
not between was and on.
Errata

Standard PRC-012-0 Special Protection System Review Procedure

A. Introduction
1. Title: Special Protection System Review Procedure
3. Purpose: To ensure that all Special Protection Systems (SPS) are properly designed, meet
performance requirements, and are coordinated with other protection systems. To ensure that
maintenance and testing programs are developed and misoperations are analyzed and corrected.
4. Applicability:
B. Requirements
Reliability Organization SPS review procedure to ensure that SPSs comply with Regional
criteria and NERC Reliability Standards. The Regional SPS review procedure shall include:
R1.1. Description of the process for submitting a proposed SPS for Regional Reliability
Organization review.
R1.2. Requirements to provide data that describes design, operation, and modeling of an
SPS.
component failure, when the SPS was intended to operate, does not prevent the
interconnected transmission system from meeting the performance requirements
defined in Reliability Standards TPL-001-0, TPL-002-0, and TPL-003-0.
R1.4. Requirements to demonstrate that the inadvertent operation of an SPS shall meet the
same performance requirement (TPL-001-0, TPL-002-0, and TPL-003-0) as that
required of the contingency for which it was designed, and not exceed TPL-003-0.
R1.5. Requirements to demonstrate the proposed SPS will coordinate with other protection
and control systems and applicable Regional Reliability Organization Emergency
procedures.
R1.6. Regional Reliability Organization definition of misoperation.
R1.7. Requirements for analysis and documentation of corrective action plans for all SPS
misoperations.
R1.8. Identification of the Regional Reliability Organization group responsible for the
Regional Reliability Organizations review procedure and the process for Regional
Reliability Organization approval of the procedure.
R1.9. Determination, as appropriate, of maintenance and testing requirements.
R2. The Regional Reliability Organization shall provide affected Regional Reliability
Organizations and NERC with documentation of its SPS review procedure on request (within
30 calendar days).
Standard PRC-012-0 Special Protection System Review Procedure

C. Measures
M1. The Regional Reliability Organization with a Transmission Owner, Generator Owner, or
Distribution Provider using or planning to use an SPS shall have a documented Regional
review procedure as defined in Reliability Standard PRC-012-0_R1.
M2. The Regional Reliability Organization shall have evidence it provided affected Regional
Reliability Organizations and NERC with documentation of its SPS review procedure on
request (within 30 calendar days).
D. Compliance
On request (within 30 calendar days.)
1.3. Data Retention
None specified.
None.
2.1. Level 1: Documentation of the Regional Reliability Organizations procedure is
missing one of the items listed in Reliability Standard PRC-012-0_R1.
missing two of the items listed in Reliability Standard PRC-012-0_R1.
missing three of the items listed in Reliability Standard PRC-012-0_R1.
2.4. Level 4: Documentation of the Regional Reliability Organizations procedure was
not provided or is missing four or more of the items listed in Reliability Standard PRC-
012-0_R1.
1. None identified.
Version History

Standard PRC-013-0 Special Protection System Database

A. Introduction
1. Title: Special Protection System Database.
3. Purpose: To ensure that all Special Protection Systems (SPSs) are properly designed, meet
performance requirements, and are coordinated with other protection systems.
4. Applicability:
B. Requirements
R1. The Regional Reliability Organization that has a Transmission Owner, Generator Owner, or
Distribution Provider with an SPS installed shall maintain an SPS database. The database shall
include the following types of information:
R1.1. Design Objectives Contingencies and system conditions for which the SPS was
designed,
R1.2. Operation The actions taken by the SPS in response to Disturbance conditions, and
R1.3. Modeling Information on detection logic or relay settings that control operation of
the SPS.
R2. The Regional Reliability Organization shall provide to affected Regional Reliability
Organization(s) and NERC documentation of its database or the information therein on request
(within 30 calendar days).
C. Measures
M1. The Regional Reliability Organization that has a Transmission Owner, Generator Owner, or
Distribution Providers with an SPS installed, shall have an SPS database as defined in PRC-
013-0_R1 of this Reliability Standard.
database or the information therein, to affected Regional Reliability Organization(s) and NERC
on request (within 30 calendar days).
D. Compliance
1.3. Data Retention
None specified.
None.
Standard PRC-013-0 Special Protection System Database

2.1. Level 1: The Regional Reliability Organizations database is missing one of the items
listed in Reliability Standard PRC-013-0_R1.
2.2. Level 2: The Regional Reliability Organizations database is missing two of the
items listed in Reliability Standard PRC-013-9_R1.
2.4. Level 4: The Regional Reliability Organizations database was not provided or is
missing all of the elements listed in Reliability Standard PRC-013-0_R1.
1. None identified.
Version History
0 April 1, 2005 Effective Dave New

Standard PRC-014-0 Special Protection System Assessment

A. Introduction
1. Title: Special Protection System Assessment
4. Applicability:
B. Requirements
R1. The Regional Reliability Organization shall assess the operation, coordination, and
effectiveness of all SPSs installed in its Region at least once every five years for compliance
with NERC Reliability Standards and Regional criteria.
R2. The Regional Reliability Organization shall provide either a summary report or a detailed
report of its assessment of the operation, coordination, and effectiveness of all SPSs installed in
its Region to affected Regional Reliability Organizations or NERC on request (within 30
calendar days).
R3. The documentation of the Regional Reliability Organizations SPS assessment shall include the
following elements:
R3.1. Identification of group conducting the assessment and the date the assessment was
performed.
R3.2. Study years, system conditions, and contingencies analyzed in the technical studies on
which the assessment is based and when those technical studies were performed.
R3.3. Identification of SPSs that were found not to comply with NERC standards and
Regional Reliability Organization criteria.
R3.4. Discussion of any coordination problems found between a SPS and other protection
and control systems.
R3.5. Provide corrective action plans for non-compliant SPSs.
C. Measures
M1. The Regional Reliability Organization shall assess the operation, coordination, and
effectiveness of all SPSs installed in its Region at least once every five years for compliance
with NERC standards and Regional criteria.
M2. The Regional Reliability Organization shall provide either a summary report or a detailed
report of this assessment to affected Regional Reliability Organizations or NERC on request
M3. The Regional Reliability Organizations documentation of the SPS assessment shall include all
elements as defined in Reliability Standard PRC-014-0_R3.
Standard PRC-014-0 Special Protection System Assessment

D. Compliance
1.3. Data Retention
None specified.
None.
2.1. Level 1: The summary (or detailed) Regional SPS assessment is missing one of the
2.2. Level 2: The summary (or detailed) Regional SPS assessment is missing two of the
items listed in Reliability Standard PRC-014-0_3.
2.3. Level 3: The summary (or detailed) Regional SPS assessment is missing three of the
2.4. Level 4: The summary (or detailed) Regional SPS assessment is missing more than
three of the items listed in Reliability Standard PRC-014-0_R3 or was not provided.
1. None identified.
Version History

Standard PRC-015-0 Special Protection System Data and Documentation

A. Introduction
1. Title: Special Protection System Data and Documentation
4. Applicability:
4.1. Transmission Owner that owns an SPS
4.2. Generator Owner that owns an SPS
4.3. Distribution Provider that owns an SPS
B. Requirements
R1. The Transmission Owner, Generator Owner, and Distribution Provider that owns an SPS shall
maintain a list of and provide data for existing and proposed SPSs as specified in Reliability
have evidence it reviewed new or functionally modified SPSs in accordance with the Regional
Reliability Organizations procedures as defined in Reliability Standard PRC-012-0_R1 prior
to being placed in service.
provide documentation of SPS data and the results of Studies that show compliance of new or
functionally modified SPSs with NERC Reliability Standards and Regional Reliability
Organization criteria to affected Regional Reliability Organizations and NERC on request
C. Measures
M1. The Transmission Owner, Generator Owner, and Distribution Provider that owns an SPS shall
have evidence it maintains a list of and provides data for existing and proposed SPSs as defined
in Reliability Standard PRC-013-0_R1.
have evidence it reviewed new or functionally modified SPSs in accordance with the Regional
Reliability Organizations procedures as defined in Reliability Standard PRC-012-0_R1 prior
to being placed in service.
have evidence it provided documentation of SPS data and the results of studies that show
compliance of new or functionally modified SPSs with NERC standards and Regional
Reliability Organization criteria to affected Regional Reliability Organizations and NERC on
request (within 30 calendar days).
D. Compliance
Standard PRC-015-0 Special Protection System Data and Documentation

1.3. Data Retention
None specified.
None.
2.1. Level 1: SPS owners provided SPS data, but was incomplete according to the
Regional Reliability Organization SPS database requirements.
2.2. Level 2: SPS owners provided results of studies that show compliance of new or
functionally modified SPSs with the NERC Planning Standards and Regional Reliability
Organization criteria, but were incomplete according to the Regional Reliability
Organization procedures for Reliability Standard PRC-012-0_R1.
2.4. Level 4: No SPS data was provided in accordance with Regional Reliability
Organization SPS database requirements for Standard PRC-012-0_R1, or the results of
studies that show compliance of new or functionally modified SPSs with the NERC
Reliability Standards and Regional Reliability Organization criteria were not provided in
accordance with Regional Reliability Organization procedures for Reliability Standard
PRC-012-0_R1.
1. None identified.
Version History

Standard PRC-016-0.1 Special Protection Sys tem Mis operations
Page 1 of 2
A. Introduction
1. Title: Special Protection System Misoperations
2. Number: PRC-016-0.1
3. Purpose: To ensure that all Special Protection Systems (SPS) are properly designed,
meet performance requirements, and are coordinated with other protection systems. To
ensure that maintenance and testing programs are developed and misoperations are
analyzed and corrected.
4. Applicability:
4.1. Transmission Owner that owns an SPS.
4.2. Generator Owner that owns an SPS.
4.3. Distribution Provider that owns an SPS.
B. Requirements
R1. The Transmission Owner, Generator Owner, and Distribution Provider that owns an
SPS shall analyze its SPS operations and maintain a record of all misoperations in
accordance with the Regional SPS review procedure specified in Reliability Standard
PRC-012-0_R1.
SPS shall take corrective actions to avoid future misoperations.
SPS shall provide documentation of the misoperation analyses and the corrective action
plans to its Regional Reliability Organization and NERC on request (within 90
calendar days).
C. Measures
M1. The Transmission Owner, Generator Owner, and Distribution Provider that owns an
SPS shall have evidence it analyzed SPS operations and maintained a record of all
misoperations in accordance with the Regional SPS review procedure specified in
Reliability Standard PRC-012-0_R1.
SPS shall have evidence it took corrective actions to avoid future misoperations.
SPS shall have evidence it provided documentation of the misoperation analyses and
the corrective action plans to the affected Regional Reliability Organization and NERC
on request (within 90 calendar days).
D. Compliance
Standard PRC-016-0.1 Special Protection Sys tem Mis operations
Page 2 of 2
On request [within 90 calendar days of the incident or on request (within 30
calendar days) if requested more than 90 calendar days after the incident.]
1.3. Data Retention
None specified.
None.
2.1. Level 1: Documentation of SPS misoperations is complete but
documentation of corrective actions taken for all identified SPS misoperations is
incomplete.
2.2. Level 2: Documentation of corrective actions taken for SPS misoperations
is complete but documentation of SPS misoperations is incomplete.
2.3. Level 3: Documentation of SPS misoperations and corrective actions is
incomplete.
2.4. Level 4: No documentation of SPS misoperations or corrective actions.
None identified.

Version History
0 February 8,
2005
0 July 3, 2007 Change reference in Measure 1 from
PRC-016-0_R1 to PRC-012-1_R1.
Errata
0.1 October 29,
2008
Errata
Date
Revised

Standard PRC-017-0 Special Protection System Maintenance and Testing

A. Introduction
1. Title: Special Protection System Maintenance and Testing
4. Applicability:
4.1. Transmission Owner that owns an SPS
4.2. Generator Owner that owns an SPS
4.3. Distribution Provider that owns an SPS
B. Requirements
have a system maintenance and testing program(s) in place. The program(s) shall include:
R1.1. SPS identification shall include but is not limited to:
R1.1.1. Relays.
R1.1.2. Instrument transformers.
R1.1.3. Communications systems, where appropriate.
R1.1.4. Batteries.
R1.2. Documentation of maintenance and testing intervals and their basis.
R1.3. Summary of testing procedure.
R1.4. Schedule for system testing.
R1.5. Schedule for system maintenance.
R1.6. Date last tested/maintained.
provide documentation of the program and its implementation to the appropriate Regional
Reliability Organizations and NERC on request (within 30 calendar days).
C. Measures
have a system maintenance and testing program(s) in place that includes all items in Reliability
have evidence it provided documentation of the program and its implementation to the
appropriate Regional Reliability Organizations and NERC on request (within 30 calendar
days).
Standard PRC-017-0 Special Protection System Maintenance and Testing

D. Compliance
Compliance Monitor: Regional Reliability Organization. Each Region shall report
compliance and violations to NERC via the NERC Compliance Reporting process.
Timeframe:
On request (30 calendar days.)
1.3. Data Retention
None specified.
None.
2.2. Level 2: Complete documentation of the maintenance and testing program was
provided, but records indicate that implementation was not on schedule.
2.4. Level 4: Documentation of the maintenance and testing program, or its
implementation, was not provided.
1. None identified.
Version History

Standard PRC-018-1 Disturbance Monitoring Equipment Installation and Data Reporting
Effective Dates: Phased in over four years after BOT adoption.
A. Introduction
1. Title: Disturbance Monitoring Equipment Installation and Data Reporting
3. Purpose: Ensure that Disturbance Monitoring Equipment (DME) is installed and that
Disturbance data is reported in accordance with regional requirements to facilitate analyses of
events.
4. Applicability
5. Effective Dates: Phased in over four years after BOT adoption:
Requirements 1 and 2:
50% compliant two years after initial issuance of regional requirements per
RELIABILITY STANDARD PRC-002 Requirement 5.
75% compliant three years after initial issuance of regional requirements per reliability
standard PRC-002 R5.
100% compliant four years after initial issuance of regional requirements per reliability
standard PRC-002 R5.
Requirements 3 through 6:
100% compliant six months after BOT adoption for already installed DME.
100% compliant six months after installation for DMEs installed to meet Regional
Reliability Organization requirements per reliability standard PRC-002 Requirements 1, 2
and 3.
B. Requirements
R1. Each Transmission Owner and Generator Owner required to install DMEs by its Regional
Reliability Organization (reliability standard PRC-002 Requirements 1-3) shall have DMEs
installed that meet the following requirements:
R1.1. Internal Clocks in DME devices shall be synchronized to within 2 milliseconds or
less of Universal Coordinated Time scale (UTC)
R1.2. Recorded data from each Disturbance shall be retrievable for ten calendar days..
R2. The Transmission Owner and Generator Owner shall each install DMEs in accordance
with its Regional Reliability Organizations installation requirements (reliability standard
PRC-002 Requirements 1 through 3).
R3. The Transmission Owner and Generator Owner shall each maintain, and report to its
Regional Reliability Organization on request, the following data on the DMEs installed to
meet that regions installation requirements (reliability standard PRC-002
Requirements1.1, 2.1 and 3.1):
R3.1. Type of DME (sequence of event recorder, fault recorder, or dynamic disturbance
recorder).
R3.2. Make and model of equipment.
R3.3. Installation location.
R3.4. Operational status.
R3.5. Date last tested.
R3.6. Monitored elements, such as transmission circuit, bus section, etc.
R3.7. Monitored devices, such as circuit breaker, disconnect status, alarms, etc.
R3.8. Monitored electrical quantities, such as voltage, current, etc.
R4. The Transmission Owner and Generator Owner shall each provide Disturbance data
(recorded by DMEs) in accordance with its Regional Reliability Organizations
requirements (reliability standard PRC-002 Requirement 4).
R5. The Transmission Owner and Generator Owner shall each archive all data recorded by
DMEs for Regional Reliability Organization-identified events for at least three years.
R6. Each Transmission Owner and Generator Owner that is required by its Regional Reliability
Organization to have DMEs shall have a maintenance and testing program for those DMEs
that includes:
C. Measures
M1. The Transmission Owner and Generator Owner shall each have evidence that DMEs it is
required to have meet the functional requirements specified in Requirement 1 and are installed
in accordance with its associated Regional Reliability Organizations requirements (R2).
M2. The Transmission Owner and Generator Owner shall each maintain the data listed in
Requirements 3.1 through 3.8 for the DMEs installed to meet its Regional Reliability
Organizations DME installation requirements.
M2.1 The Transmission Owner and Generator Owner shall each have evidence it provided
this DME data to its Regional Reliability Organization within 30 calendar days of a
request.
M3. The Transmission Owner and Generator Owner shall each have evidence it retained and
provided recorded Disturbance data to entities in accordance with its associated Regional
Reliability Organizations Disturbance data reporting requirements. (R4 R5)
M4. Each Transmission Owner and Generator Owner that is required to install DMEs to meet its
Regional Reliability Organizations DME installation requirements, shall have an associated
DME maintenance and testing program as defined in Requirement 6.
D. Compliance
One calendar year.
1.3. Data Retention
The Transmission Owner and Generator Owner shall each retain any Disturbance data
provided to the Regional Reliability Organization (Requirement 4) for three years.
The Transmission Owner and Generator Owner shall demonstrate compliance through

2.1. Level 1: There shall be a level one non-compliance if any of the following conditions is
present:
2.1.1 DMEs that meet all the Regional Reliability Organizations installation
requirements (in accordance with Requirement 2) were installed at 90% or more
but not all of the required locations.
2.1.2 Recorded Disturbance data that meets all Regional Reliability Organizations
Disturbance data requirements (in accordance with Requirement 4) was provided
for 90% or more but not all of the required locations.
2.1.3 Data on required DMEs was incomplete (in accordance with R3)
2.1.4 Documentation of the DME maintenance and testing program provided was
incomplete as required in R6, but records indicate maintenance and testing did
occur within the identified intervals for the portions of the program that were
documented.
2.2. Level 2: There shall be a level two non-compliance if any of the following conditions is
present:
2.2.1 DMEs that meet all Regional Reliability Organizations installation requirements
(in accordance with R2) were installed at 80% or more but less than 90% of the
required locations.
Disturbance data requirements (in accordance with R4) was provided for 80% or
more but less than 90% of the required locations.
2.2.3 Recorded Disturbance data was not provided to all required entities (in
accordance with R4)
2.2.4 Archived data was not retained for three years (in accordance with Requirement
5).
complete as required in R6, but records indicate that maintenance and testing did
not occur within the defined intervals.
2.3. Level 3: There shall be a level three non-compliance if any of the following conditions is
present:
(in accordance with R2) were installed at 70% or more but less than 80% of the
required locations.
Disturbance data requirements (in accordance with R4) was provided for 70% or
more but less than 80% of the required locations.
incomplete as required in R6, and records indicate implementation of the
documented portions of the maintenance and testing program did not occur
within the identified intervals.
2.4. Level 4: There shall be a level four non-compliance if any one of the following
(in accordance with R2) were installed at less than 70% of the required locations.
Disturbance data requirements (in accordance with R4) was provided for less
than 70% of the required locations.
2.4.3 DMEs that meet all functional requirements (in accordance with R1) were not
installed at all required locations.
2.4.4 Documentation of the DME maintenance and testing program was not provided,
or no evidence that the testing program did occur within the identified intervals
None identified.
Version History

Standard PRC-019-1 Coordination of Generating Unit or Plant Capabilities, Voltage
Regulating Controls, and Protection
Page 1 of 10

A. Introduction
1. Title: Coordination of Generating Unit or Plant Capabilities, Voltage Regulating
Controls, and Protection
3. Purpose: To verify coordination of generating unit Facility or synchronous
condenser voltage regulating controls, limit functions, equipment capabilities and
Protection System settings.
4. Applicability:
4.1.2 Transmission Owner that owns synchronous condenser(s)
4.2. Facilities
For the purpose of this standard, the term, applicable Facility shall mean any
one of the following:
4.2.1 Individual generating unit greater than 20 MVA (gross nameplate rating)
4.2.2 Individual synchronous condenser greater than 20 MVA (gross nameplate
rating) directly connected to the Bulk Electric System.
4.2.3 Generating plant/ Facility consisting of one or more units that are
connected to the Bulk Electric System at a common bus with total
generation greater than 75 MVA (gross aggregate nameplate rating).
4.2.4 Any generator, regardless of size, that is a blackstart unit material to and
designated as part of a Transmission Operators restoration plan.
5. Effective Date:
5.1. In those jurisdictions where regulatory approval is required:
applicable regulatory, or as otherwise made effective pursuant to the laws
applicable to such ERO governmental authorities, approval each
Page 2 of 10

Generator Owner and Transmission Owner shall have verified at least 80
percent of its applicable Facilities.
5.2. In those jurisdictions where regulatory approval is not required:
Board of Trustees approval, or as otherwise made effective pursuant to the
laws applicable to such ERO governmental authorities, each Generator

B. Requirements
R1. At a maximum of every five calendar years, each Generator Owner and Transmission
Owner with applicable Facilities shall coordinate the voltage regulating system
controls, (including in-service
1
limiters and protection functions) with the applicable
equipment capabilities and settings of the applicable Protection System devices and
functions. [Violation Risk Factor: Medium] [Time Horizon: Long-term Planning]
1.1. Assuming the normal automatic voltage regulator control loop and steady-state
system operating conditions, verify the following coordination items for each
applicable Facility:

1
Limiters or protection functions that are installed and activated on the generator or synchronous condenser.
Page 3 of 10

1.1.1. The in-service limiters are set to operate before the Protection System of
the applicable Facility in order to avoid disconnecting the generator
unnecessarily.
1.1.2. The applicable in-service Protection System devices are set to operate to
isolate or de-energize equipment in order to limit the extent of damage
when operating conditions exceed equipment capabilities or stability
limits.
R2. Within 90 calendar days following the identification or implementation of systems,
equipment or setting changes that will affect the coordination described in Requirement
R1, each Generator Owner and Transmission Owner with applicable Facilities shall
perform the coordination as described in Requirement R1. These possible systems,
equipment or settings changes include, but are not limited to the following [Violation
Risk Factor: Medium] [Time Horizon: Long-term Planning]:
Voltage regulating settings or equipment changes;
Protection System settings or component changes;
Generating or synchronous condenser equipment capability changes; or
Generator or synchronous condenser step-up transformer changes.
C. Measures
M1. Each Generator Owner and Transmission Owner with applicable Facilities will have
evidence (such as examples provided in PRC-019 Section G) that it coordinated the
voltage regulating system controls, including in-service
2
limiters and protection
functions, with the applicable equipment capabilities and settings of the applicable
Protection System devices and functions as specified in Requirement R1. This
evidence should include dated documentation that demonstrates the coordination was
performed.
M2. Each Generator Owner and Transmission Owner with applicable Facilities will have
evidence of the coordination required by the events listed in Requirement R2. This
evidence should include dated documentation that demonstrates the specified intervals
in Requirement R2 have been met.

D. Compliance
The Regional Entity shall serve as the Compliance enforcement authority unless

2
Limiters or protection functions that are installed and activated on the generator or synchronous condenser.
Page 4 of 10

The following evidence retention periods identify a period of time an entity is
where the evidence retention specified below is shorter than the time since the last
compliance audit, the Compliance Enforcement Authority may ask an entity to
the last audit.

The Generator Owner and Transmission Owner shall retain evidence of
compliance with Requirements R1 and R2, Measures M1 and M2 for six years.

If a Generator Owner or Transmission Owner is found non-compliant, the entity
shall keep information related to the non-compliance until mitigation is complete
and approved or for the time period specified above, whichever is longer.

The Compliance Enforcement Authority shall keep the last periodic audit report
and all requested and submitted subsequent audit records.
Compliance Audit
Self-Certification
Spot Checking
Self-Reporting
Complaint
None

R1 The Generator
Owner or
Transmission Owner
coordinated
equipment
capabilities, limiters,
and protection
specified in
Requirement R1
The Generator
Owner or
Transmission Owner
coordinated
equipment
and protection
specified in
Requirement R1
The Generator
Owner or
Transmission Owner
coordinated
equipment
and protection
specified in
Requirement R1
The Generator
Owner or
Transmission Owner
equipment
and protection
specified in
Requirement R1
within 5 calendar
Page 5 of 10

years but less than or
equal to 5 calendar
years plus 4 months
after the previous
coordination.
years plus 4 months
to 5 calendar years
plus 8 months after
the previous
coordination.
years plus 8 months
to 5 calendar years
plus 12 months after
the previous
coordination.
years plus 12 months
after the previous
coordination.
R2 The Generator
Owner or
Transmission Owner
coordinated
equipment
and protection
specified in
Requirement R1
more than 90
calendar days but
less than or equal to
100 calendar days
following the
identification or
implementation of a
change in equipment
or settings that
affected the
coordination.

The Generator
Owner or
Transmission Owner
coordinated
equipment
and protection
specified in
Requirement R1
more than 100
calendar days but
110 calendar days
following the
identification or
implementation of a
change in equipment
or settings that
affected the
coordination.

The Generator
Owner or
Transmission Owner
coordinated
equipment
and protection
specified in
Requirement R1
more than 110
calendar days but
120 calendar days
following the
identification or
implementation of a
change in equipment
or settings that
affected the
coordination.

The Generator
Owner or
Transmission Owner
equipment
and protection
specified in
Requirement R1
within 120 calendar
days following the
identification or
implementation of a
change in equipment
or settings that
affected the
coordination.

None.
Underexcited Operation of Turbo Generators, AIEE Proceedings T Section 881, Volume
67, 1948, Appendix 1, C. G. Adams and J . B. McClure.
,Protective Relaying For Power Generation Systems, Boca Raton, FL, Taylor & Francis,
2006, Reimert, Donald
Coordination of Generator Protection with Generator Excitation Control and Generator
Capability, a report of Working Group J 5 of the IEEE PSRC Rotating Machinery
Subcommittee
IEEE C37.102-2006 IEEE Guide for AC Generator Protection
IEEE C50.13-2005 IEEE Standard for Cylindrical-Rotor 50 Hz and 60 Hz Synchronous
Generators Rated 10 MVA and Above

Page 6 of 10

Version History

G. Reference
Examples of Coordination
The evidence of coordination associated with Requirement R1 may be in the form of:
P-Q Diagram (Example in Attachment 1), or
R-X Diagram (Example in Attachment 2), or
Inverse Time Diagram (Example in Attachment 3) or,
Equivalent tables or other evidence

This evidence should include the equipment capabilities and the operating region for the
limiters and protection functions

Equipment limits, types of limiters and protection functions which could be coordinated
include (but are not limited to):
Field over-excitation limiter and associated protection functions.
Inverter over current limit and associated protection functions.
Field under-excitation limiter and associated protection functions.
Generator or synchronous condenser reactive capabilities.
Volts per hertz limiter and associated protection functions.
Stator over-voltage protection system settings.
Generator and transformer volts per hertz capability.
Time vs. field current or time vs. stator current.

NOTE: This listing is for reference only. This standard does not require the installation or
activation of any of the above limiter or protection functions.

Page 7 of 10

For this example, the Steady State Stability Limit (SSSL) is the limit to synchronous
stability in the under-excited region with fixed field current.

On a P-Q diagram using X
d
as the direct axis saturated synchronous reactance of the
generator, X
s
as the equivalent reactance between the generator terminals and the
infinite bus including the reactance of the generator step-up transformer and V
g
as the
generator terminal voltage (all values in per-unit), the SSSL can be calculated as an arc
with the center on the Q axis with the magnitude of the center and radius described by the
following equations

C =V
2
g
/2*(1/X
s
-1/X
d
)
R =V
2
g
/2*(1/X
s
+1/X
d
)

On an R-X diagram using X
d
as the direct axis saturated synchronous reactance of the
generator, and X
s
as the equivalent reactance between the generator terminals and the
infinite bus including the reactance of the generator step-up transformer the SSSL
is an arc with the center on the X axis with the center and radius described by the
following equations:

C =(X
d
-X
s
)/2
R =(X
d
+X
s
)/2
Standard PRC-019-1 Coordination of Generating Unit or Plant Capabilities, Voltage Regulating Controls, and
Protection
Page 8 of 10

Section G Attachment 1 Example of Capabilities, Limiters and Protection on a P-Q Diagram at nominal voltage and
frequency

Protection
Page 9 of 10

Section G Attachment 2 Example of Capabilities, Limiters, and Protection on an R-X Diagram at nominal voltage and
frequency

Protection
Page 10 of 10

Section G Attachment 3 - Example of Capabilities, Limiters, and Protection on an Inverse Time Characteristic Plot

Standard PRC-020-1 Under-Voltage Load Shedding Program Database
Effective Date: May 1, 2006
A. Introduction
1. Title: Under-Voltage Load Shedding Program Database
3. Purpose: Ensure that a regional database is maintained for Under-Voltage Load Shedding
(UVLS) programs implemented by entities within the Region to mitigate the risk of voltage
collapse or voltage instability in the Bulk Electric System (BES). Ensure the UVLS database is
available for Regional studies and for dynamic studies and simulations of the BES.
4. Applicability
4.1. Regional Reliability Organization with entities that own or operate a UVLS program.
B. Requirements
R1. The Regional Reliability Organization shall establish, maintain and annually update a
database for UVLS programs implemented by entities within the region to mitigate the risk
of voltage collapse or voltage instability in the BES. This database shall include the
following items:
R1.1. Owner and operator of the UVLS program.
R1.2. Size and location of customer load, or percent of connected load, to be interrupted.
R1.3. Corresponding voltage set points and overall scheme clearing times.
R1.4. Time delay from initiation to trip signal.
R1.5. Breaker operating times.
R1.6. Any other schemes that are part of or impact the UVLS programs such as related
generation protection, islanding schemes, automatic load restoration schemes, UFLS
and Special Protection Systems.
R2. The Regional Reliability Organization shall provide the information in its UVLS database to
the Planning Authority, the Transmission Planner, or other Regional Reliability
Organizations and to NERC within 30 calendar days of a request.
C. Measures
M1. The Regional Reliability Organization shall have evidence that it established and annually
updated its UVLS database to include all elements in Requirement 1.1 through 1.6.
M2. The Regional Reliability Organization shall have evidence that it provided the information in
its UVLS database to the requesting entities and to NERC in accordance with Requirement 2.
D. Compliance
NERC
One calendar year.
1.3. Data Retention
Standard PRC-020-1 Under-Voltage Load Shedding Program Database
Effective Date: May 1, 2006
The Regional Reliability Organization shall retain the current and prior annual updated
database. The Compliance Monitor shall retain all audit data for three years.
The Regional Reliability Organization shall demonstrate compliance through self
certification or audit (periodic, as part of targeted monitoring or initiated by complaint
or event), as determined by the Compliance Monitor.
2.1. Level 1: Did not update its UVLS database annually.
2.2. Level 2: UVLS program database information provided, but did not include all of the
items identified in R1.1 through R1.6.
2.4. Level 4: Did not provide information from its UVLS program database.
None identified.
Version History
1 12/01/05 1. Removed comma after 2004 in
dash ().
3. Lower cased the word region,
board, and regional throughout
document where appropriate.
4. Added or removed periods where
appropriate.
01/20/06

Standard PRC-021-1 Under-Voltage Load Shedding Program Data
Effective Date: August 1, 2006
A. Introduction
1. Title: Under-Voltage Load Shedding Program Data
3. Purpose: Ensure data is provided to support the Regional database maintained for Under-
Voltage Load Shedding (UVLS) programs that were implemented to mitigate the risk of
voltage collapse or voltage instability in the Bulk Electric System (BES).
4. Applicability
4.1. Transmission Owner that owns a UVLS program.
4.2. Distribution Provider that owns a UVLS program.
5. Effective Date: August 1, 2006
B. Requirements
R1. Each Transmission Owner and Distribution Provider that owns a UVLS program to mitigate
the risk of voltage collapse or voltage instability in the BES shall annually update its UVLS
data to support the Regional UVLS program database. The following data shall be provided to
the Regional Reliability Organization for each installed UVLS system:
R1.1. Size and location of customer load, or percent of connected load, to be interrupted.
R1.2. Corresponding voltage set points and overall scheme clearing times.
R1.3. Time delay from initiation to trip signal.
R1.4. Breaker operating times.
R1.5. Any other schemes that are part of or impact the UVLS programs such as related
generation protection, islanding schemes, automatic load restoration schemes, UFLS
and Special Protection Systems.
R2. Each Transmission Owner and Distribution Provider that owns a UVLS program shall provide
its UVLS program data to the Regional Reliability Organization within 30 calendar days of a
request.
C. Measures
M1. Each Transmission Owner and Distribution Provider that owns a UVLS program shall have
documentation that its UVLS data was updated annually and includes all items specified in
Requirement 1.1 through 1.5.
M2. Each Transmission Owner and Distribution Provider that owns a UVLS program shall have
evidence it provided the Regional Reliability Organization with its UVLS program data within
30 calendar days of a request.
D. Compliance
One calendar year.
1.3. Data Retention
Standard PRC-021-1 Under-Voltage Load Shedding Program Data
Effective Date: August 1, 2006
Each Transmission Owner and Distribution Provider that owns a UVLS program shall
retain a copy of the data submitted over the past two years.
The Compliance Monitor shall retain all audit data for three years.
Transmission Owner and Distribution Provider shall demonstrate compliance through
2.1. Level 1: Did not update its UVLS data annually.
2.2. Level 2: UVLS data was provided, but did not address one of the items identified in
R1.1 through R1.5.
2.3. Level 3: UVLS data was provided, but did not address two or more of the items
identified in R1.1 through R1.5.
2.4. Level 4: Did not provide any UVLS data.
None identified.
Version History
1 12/01/05 1. Removed comma after 2004 in
dash ().
3. Added heading above table Future
Development Plan.
4. Lower cased the word region,
board, and regional throughout
document where appropriate.
appropriate.
01/20/05

Standard PRC-022-1 Under-Voltage Load Shedding Program Performance
1 of 3
A. Introduction
1. Title: Under-Voltage Load Shedding Program Performance
3. Purpose: Ensure that Under Voltage Load Shedding (UVLS) programs perform as
intended to mitigate the risk of voltage collapse or voltage instability in the Bulk Electric
System (BES).
4. Applicability
4.1. Transmission Operator that operates a UVLS program.
4.2. Distribution Provider that operates a UVLS program.
4.3. Load-Serving Entity that operates a UVLS program.
B. Requirements
R1. Each Transmission Operator, Load-Serving Entity, and Distribution Provider that operates a
UVLS program to mitigate the risk of voltage collapse or voltage instability in the BES shall
analyze and document all UVLS operations and Misoperations. The analysis shall include:
R1.1. A description of the event including initiating conditions.
R1.2. A review of the UVLS set points and tripping times.
R1.3. A simulation of the event, if deemed appropriate by the Regional Reliability
Organization. For most events, analysis of sequence of events may be sufficient and
dynamic simulations may not be needed.
R1.4. A summary of the findings.
R1.5. For any Misoperation, a Corrective Action Plan to avoid future Misoperations of a
similar nature.
R2. Each Transmission Operator, Load-Serving Entity, and Distribution Provider that operates a
UVLS program shall provide documentation of its analysis of UVLS program performance to
its Regional Reliability Organization within 90 calendar days of a request. (Retirement
C. Measures
M1. Each Transmission Operator, Load-Serving Entity, and Distribution Provider that operates a
UVLS program shall have documentation of its analysis of UVLS operations and
Misoperations in accordance with Requirement 1.1 through 1.5.
M2. Each Transmission Operator, Load-Serving Entity, and Distribution Provider that operates a
UVLS program shall have evidence that it provided documentation of its analysis of UVLS
program performance within 90 calendar days of a request by the Regional Reliability
Organization. (Retirement approved by NERC BOT pending applicable regulatory approval.)
D. Compliance
2 of 3
One calendar year.
1.3. Data Retention
Each Transmission Operator, Load-Serving Entity, and Distribution Provider that
operates a UVLS program shall retain documentation of its analyses of UVLS operations
and Misoperations for two years. The Compliance Monitor shall retain any audit data for
three years.
Transmission Operator, Load-Serving Entity, and Distribution Provider shall demonstrate
2.2. Level 2: Documentation of the analysis of UVLS performance was provided but did not
include one of the five requirements in R1.
2.3. Level 3: Documentation of the analysis of UVLS performance was provided but did not
include two or more of the five requirements in R1.
2.4. Level 4: Documentation of the analysis of UVLS performance was not provided.
None identified.
Version History
1 December 1, 2005 1. Removed comma after 2004 in
2. Changed incorrect use of certain hyphens (-)
3. Lower cased the word region, board,
and regional throughout document where
appropriate.
appropriate.
item D, 1.2.
J anuary 20, 2006
1 February 7, 2006 Adopted by the NERC Board of Trustees
1 February 7, 2013 R2 and associated elements approved by NERC

3 of 3

Standard PRC-023-1 Transmission Relay Loadability
Approved by Board of Trustees: February 12, 2008 1
A. Introduction
1. Title: Transmission Relay Loadability
3. Purpose: Protective relay settings shall not limit transmission loadability; not interfere with
system operators ability to take remedial action to protect system reliability and; be set to
reliably detect all fault conditions and protect the electrical network from these faults.
4. Applicability:
4.1. Transmission Owners with load-responsive phase protection systems as described in
Attachment A, applied to facilities defined below:
4.1.1 Transmission lines operated at 200 kV and above.
4.1.2 Transmission lines operated at 100 kV to 200 kV as designated by the Planning
Coordinator as critical to the reliability of the Bulk Electric System.
4.1.3 Transformers with low voltage terminals connected at 200 kV and above.
4.1.4 Transformers with low voltage terminals connected at 100 kV to 200 kV as
designated by the Planning Coordinator as critical to the reliability of the Bulk
Electric System.
4.2. Generator Owners with load-responsive phase protection systems as described in
Attachment A, applied to facilities defined in 4.1.1 through 4.1.4.
4.3. Distribution Providers with load-responsive phase protection systems as described in
Attachment A, applied according to facilities defined in 4.1.1 through 4.1.4., provided that
those facilities have bi-directional flow capabilities.
4.4. Planning Coordinators.
5. Effective Dates
1
5.1. Requirement 1, Requirement 2:
:
5.1.1 For circuits described in 4.1.1 and 4.1.3 above (except for switch-on-to-fault
schemes) the beginning of the first calendar quarter following applicable
regulatory approvals.
5.1.2 For circuits described in 4.1.2 and 4.1.4 above (including switch-on-to-fault
schemes) at the beginning of the first calendar quarter 39 months following
applicable regulatory approvals.
5.1.3 Each Transmission Owner, Generator Owner, and Distribution Provider shall have
24 months after being notified by its Planning Coordinator pursuant to R3.3 to
comply with R1 (including all sub-requirements) for each facility that is added to
the Planning Coordinators critical facilities list determined pursuant to R3.1.
5.2. Requirement 3: 18 months following applicable regulatory approvals.

1 Temporary Exceptions that have already been approved by the NERC Planning Committee via the NERC System
Protection and Control Task Force prior to the approval of this standard shall not result in either findings of non-
compliance or sanctions if all of the following apply: (1) the approved requests for Temporary Exceptions include a
mitigation plan (including schedule) to come into full compliance, and (2) the non-conforming relay settings are
mitigated according to the approved mitigation plan.
B. Requirements
R1. Each Transmission Owner, Generator Owner, and Distribution Provider shall use any one of
the following criteria (R1.1 through R1.13) for any specific circuit terminal to prevent its phase
protective relay settings from limiting transmission system loadability while maintaining
reliable protection of the Bulk Electric System for all fault conditions. Each Transmission
Owner, Generator Owner, and Distribution Provider shall evaluate relay loadability at 0.85 per
unit voltage and a power factor angle of 30 degrees: [Violation Risk Factor: High] [Mitigation
Time Horizon: Long Term Planning].
R1.1. Set transmission line relays so they do not operate at or below 150% of the highest
seasonal Facility Rating of a circuit, for the available defined loading duration nearest
4 hours (expressed in amperes).
R1.2. Set transmission line relays so they do not operate at or below 115% of the highest
seasonal 15-minute Facility Rating
2
R1.3. Set transmission line relays so they do not operate at or below 115% of the maximum
theoretical power transfer capability (using a 90-degree angle between the sending-
end and receiving-end voltages and either reactance or complex impedance) of the
circuit (expressed in amperes) using one of the following to perform the power
transfer calculation:
of a circuit (expressed in amperes).
R1.3.1. An infinite source (zero source impedance) with a 1.00 per unit bus voltage
at each end of the line.
R1.3.2. An impedance at each end of the line, which reflects the actual system
source impedance with a 1.05 per unit voltage behind each source
impedance.
R1.4. Set transmission line relays on series compensated transmission lines so they do not
operate at or below the maximum power transfer capability of the line, determined as
the greater of:
- 115% of the highest emergency rating of the series capacitor.
- 115% of the maximum power transfer capability of the circuit (expressed in
amperes), calculated in accordance with R1.3, using the full line inductive
reactance.
R1.5. Set transmission line relays on weak source systems so they do not operate at or below
170% of the maximum end-of-line three-phase fault magnitude (expressed in
amperes).
R1.6. Set transmission line relays applied on transmission lines connected to generation
stations remote to load so they do not operate at or below 230% of the aggregated
generation nameplate capability.
R1.7. Set transmission line relays applied at the load center terminal, remote from
generation stations, so they do not operate at or below 115% of the maximum current
flow from the load to the generation source under any system configuration.

2
When a 15-minute rating has been calculated and published for use in real-time operations, the 15-minute rating
can be used to establish the loadability requirement for the protective relays.
R1.8. Set transmission line relays applied on the bulk system-end of transmission lines that
serve load remote to the system so they do not operate at or below 115% of the
maximum current flow from the system to the load under any system configuration.
R1.9. Set transmission line relays applied on the load-end of transmission lines that serve
load remote to the bulk system so they do not operate at or below 115% of the
maximum current flow from the load to the system under any system configuration.
R1.10. Set transformer fault protection relays and transmission line relays on transmission
lines terminated only with a transformer so that they do not operate at or below the
greater of:
- 150% of the applicable maximum transformer nameplate rating (expressed in
amperes), including the forced cooled ratings corresponding to all installed
supplemental cooling equipment.
- 115% of the highest operator established emergency transformer rating.
R1.11. For transformer overload protection relays that do not comply with R1.10 set the
relays according to one of the following:
- Set the relays to allow the transformer to be operated at an overload level of at
least 150% of the maximum applicable nameplate rating, or 115% of the highest
operator established emergency transformer rating, whichever is greater. The
protection must allow this overload for at least 15 minutes to allow for the
operator to take controlled action to relieve the overload.
- Install supervision for the relays using either a top oil or simulated winding hot
spot temperature element. The setting should be no less than 100 C for the top
oil or 140 C for the winding hot spot temperature
3
R1.12. When the desired transmission line capability is limited by the requirement to
adequately protect the transmission line, set the transmission line distance relays to a
maximum of 125% of the apparent impedance (at the impedance angle of the
transmission line) subject to the following constraints:
.
R1.12.1. Set the maximum torque angle (MTA) to 90 degrees or the highest
supported by the manufacturer.
R1.12.2. Evaluate the relay loadability in amperes at the relay trip point at 0.85 per
unit voltage and a power factor angle of 30 degrees.
R1.12.3. Include a relay setting component of 87% of the current calculated in
R1.12.2 in the Facility Rating determination for the circuit.
R1.13. Where other situations present practical limitations on circuit capability, set the phase
protection relays so they do not operate at or below 115% of such limitations.
R2. The Transmission Owner, Generator Owner, or Distribution Provider that uses a circuit
capability with the practical limitations described in R1.6, R1.7, R1.8, R1.9, R1.12, or R1.13
shall use the calculated circuit capability as the Facility Rating of the circuit and shall obtain
the agreement of the Planning Coordinator, Transmission Operator, and Reliability Coordinator

3
IEEE standard C57.115, Table 3, specifies that transformers are to be designed to withstand a winding hot spot
temperature of 180 degrees C, and cautions that bubble formation may occur above 140 degrees C.
with the calculated circuit capability. [Violation Risk Factor: Medium] [Time Horizon: Long
Term Planning]
R3. The Planning Coordinator shall determine which of the facilities (transmission lines operated at
100 kV to 200 kV and transformers with low voltage terminals connected at 100 kV to 200 kV)
in its Planning Coordinator Area are critical to the reliability of the Bulk Electric System to
identify the facilities from 100 kV to 200 kV that must meet Requirement 1 to prevent potential
cascade tripping that may occur when protective relay settings limit transmission loadability.
[Violation Risk Factor: Medium] [Time Horizon: Long Term Planning]
R3.1. The Planning Coordinator shall have a process to determine the facilities that are
critical to the reliability of the Bulk Electric System.
R3.1.1. This process shall consider input from adjoining Planning Coordinators and
affected Reliability Coordinators.
R3.2. The Planning Coordinator shall maintain a current list of facilities determined
according to the process described in R3.1.
R3.3. The Planning Coordinator shall provide a list of facilities to its Reliability
Coordinators, Transmission Owners, Generator Owners, and Distribution Providers
within 30 days of the establishment of the initial list and within 30 days of any
changes to the list.
C. Measures
M1. The Transmission Owner, Generator Owner, and Distribution Provider shall each have
evidence to show that each of its transmission relays are set according to one of the criteria in
R1.1 through R1.13. (R1)
M2. The Transmission Owner, Generator Owner, and Distribution Provider with transmission
relays set according to the criteria in R1.6, R1.7, R1.8, R1.9, R1.12, or R.13 shall have
evidence that the resulting Facility Rating was agreed to by its associated Planning
Coordinator, Transmission Operator, and Reliability Coordinator. (R2)
M3. The Planning Coordinator shall have a documented process for the determination of facilities
as described in R3. The Planning Coordinator shall have a current list of such facilities and
shall have evidence that it provided the list to the approriate Reliability Coordinators,
Transmission Operators, Generator Operators, and Distribution Providers. (R3)
D. Compliance
1.1.1 Compliance Enforcement Authority
One calendar year.
1.3. Data Retention
The Transmission Owner, Generator Owner, and Distribution Provider shall each retain
documentation for three years.
The Planning Coordinator shall retain documentation of the most recent review process
required in R3. The Planning Coordinator shall retain the most recent list of facilities that are
critical to the reliability of the electric system determined per R3.
The Compliance Monitor shall retain its compliance documentation for three years.
The Transmission Owner, Generator Owner, Planning Coordinator, and Distribution Provider
shall each demonstrate compliance through annual self-certification, or compliance audit
(periodic, as part of targeted monitoring or initiated by complaint or event), as determined by

R1 Evidence that relay settings comply
with criteria in R1.1 though 1.13
exists, but evidence is incomplete
or incorrect for one or more of the
subrequirements.
Relay settings do not comply with
any of the sub requirements R1.1
through R1.13
OR
Evidence does not exist to support
that relay settings comply with one
of the criteria in subrequirements
R1.1 through R1.13.
R2 Criteria described in R1.6, R1.7.
R1.8. R1.9, R1.12, or R.13 was
used but evidence does not exist
that agreement was obtained in
accordance with R2.

R3 Provided the list of facilities critical
to the reliability of the Bulk Electric
System to the appropriate
Reliability Coordinators,
Transmission Owners, Generator
Owners, and Distribution Providers
between 31 days and 45 days after
the list was established or updated.
Provided the list of facilities critical
System to the appropriate
Owners, and Distribution Providers
list was established or updated.
Does not have a process in place to
determine facilities that are critical
System.
OR
Does not maintain a current list of
facilities critical to the reliability of
the Bulk Electric System,
OR
Did not provide the list of facilities
critical to the reliability of the Bulk
Electric System to the appropriate
Owners, and Distribution Providers,
or provided the list more than 60
days after the list was established
or updated.
None
F. Supplemental Technical Reference Document
1. The following document is an explanatory supplement to the standard. It provides the technical
rationale underlying the requirements in this standard. The reference document contains
methodology examples for illustration purposes it does not preclude other technically comparable
methodologies
Determination and Application of Practical Relaying Loadability Ratings, Version 1.0, January
9, 2007, prepared by the System Protection and Control Task Force of the NERC Planning
Committee, available at: http://www.nerc.com/~filez/reports.html.
Version History
1 February 12, 2008 Approved by Board of Trustees New
1 March 19, 2008 Corrected typo in last sentence of Severe VSL
for Requirement 3 then should be than.
Errata
Attachment A
1. This standard includes any protective functions which could trip with or without time delay, on
load current, including but not limited to:
1.1. Phase distance.
1.2. Out-of-step tripping.
1.3. Switch-on-to-fault.
1.4. Overcurrent relays.
1.5. Communications aided protection schemes including but not limited to:
1.5.1 Permissive overreach transfer trip (POTT).
1.5.2 Permissive under-reach transfer trip (PUTT).
1.5.3 Directional comparison blocking (DCB).
1.5.4 Directional comparison unblocking (DCUB).
2. This standard includes out-of-step blocking schemes which shall be evaluated to ensure that they
do not block trip for faults during the loading conditions defined within the requirements.
3. The following protection systems are excluded from requirements of this standard:
3.1. Relay elements that are only enabled when other relays or associated systems fail. For
example:
Overcurrent elements that are only enabled during loss of potential conditions.
Elements that are only enabled during a loss of communications.
3.2. Protection systems intended for the detection of ground fault conditions.
3.3. Protection systems intended for protection during stable power swings.
3.4. Generator protection relays that are susceptible to load.
3.5. Relay elements used only for Special Protection Systems applied and approved in
accordance with NERC Reliability Standards PRC-012 through PRC-017.
3.6. Protection systems that are designed only to respond in time periods which allow operators
15 minutes or greater to respond to overload conditions.
3.7. Thermal emulation relays which are used in conjunction with dynamic Facility Ratings.
3.8. Relay elements associated with DC lines.
3.9. Relay elements associated with DC converter transformers.

1
A. Introduction
1. Title: Transmission Relay Loadability
3. Purpose: Protective relay settings shall not limit transmission loadability; not interfere with
system operators ability to take remedial action to protect system reliability and; be set to
reliably detect all fault conditions and protect the electrical network from these faults.
4. Applicability
4.1.1 Transmission Owners with load-responsive phase protection systems as described in
PRC-023-2 - Attachment A, applied to circuits defined in 4.2.1 (Circuits Subject to
Requirements R1 R5).
4.1.2 Generator Owners with load-responsive phase protection systems as described in
PRC-023-2 - Attachment A, applied to circuits defined in 4.2.1 (Circuits Subject to
Requirements R1 R5).
4.1.3 Distribution Providers with load-responsive phase protection systems as described in
PRC-023-2 - Attachment A, applied to circuits defined in 4.2.1(Circuits Subject to
Requirements R1 R5), provided those circuits have bi-directional flow capabilities.
4.1.4 Planning Coordinators
4.2. Circuits
4.2.1 Circuits Subject to Requirements R1 R5
4.2.1.1 Transmission lines operated at 200 kV and above.
4.2.1.2 Transmission lines operated at 100 kV to 200 kV selected by the Planning
Coordinator in accordance with R6.
4.2.1.3 Transmission lines operated below 100 kV that are part of the BES and
selected by the Planning Coordinator in accordance with R6.
4.2.1.4 Transformers with low voltage terminals connected at 200 kV and above.
4.2.1.5 Transformers with low voltage terminals connected at 100 kV to 200 kV
selected by the Planning Coordinator in accordance with R6.
4.2.1.6 Transformers with low voltage terminals connected below 100 kV that are part
of the BES and selected by the Planning Coordinator in accordance with R6.
4.2.2 Circuits Subject to Requirement R6
4.2.2.1 Transmission lines operated at 100 kV to 200 kV and transformers with low
voltage terminals connected at 100 kV to 200 kV
4.2.2.2 Transmission lines operated below100 kV and transformers with low voltage
terminals connected below 100 kV that are part of the BES
5. Effective Dates
The effective dates of the requirements in the PRC-023-2 standard corresponding to the applicable
Functional Entities and circuits are summarized in the following table:
2

Requirement Applicability
Effective Date
Jurisdictions where
Regulatory Approval is
Required
Jurisdictions where
No Regulatory
Approval is Required
R1
Each Transmission Owner, Generator
Owner, and Distribution Provider with
transmission lines operating at 200 kV
and above and transformers with low
voltage terminals connected at 200 kV
and above, except as noted below.
First day of the first
calendar quarter, after
approvals
First calendar quarter
after Board of
Trustees adoption
For Requirement R1, criterion 10.1,
to set transformer fault protection
relays on transmission lines
terminated only with a transformer
such that the protection settings do
not expose the transformer to fault
level and duration that exceeds its
mechanical withstand capability
calendar quarter 12
months after applicable
regulatory approvals
calendar quarter 12
months after Board
of Trustees adoption
For supervisory elements as
described in PRC-023-2 - Attachment
A, Section 1.6
calendar quarter 24
calendar quarter 24
months after Board
For switch-on-to-fault schemes as
described in PRC-023-2 - Attachment
A, Section 1.3
Later of the first day of
the first calendar
quarter after applicable
regulatory approvals of
PRC-023-2 or the first
day of the first
calendar quarter 39
months following
approvals of PRC-023-1
(October 1, 2013)
Later of the first day
of the first calendar
quarter after Board
of PRC-023-2 or July
1, 2011
1
circuits identified by the Planning
Coordinator pursuant to Requirement R6

the first calendar
quarter 39 months
following notification
by the Planning
Coordinator of a
circuits inclusion on a
quarter 39 months
by the Planning
Coordinator of a
circuits inclusion on

1 July 1, 2011 is the first day of the first calendar quarter 39 months following the Board of Trustees February 12,
2008 approval of PRC-023-1.

3
Effective Date
Jurisdictions where
Required
Jurisdictions where
No Regulatory
list of circuits subject to
PRC-023-2 per
application of
Attachment B, or the
first day of the first
calendar year in which
any criterion in
Attachment B applies,
unless the Planning
Coordinator removes
the circuit from the list
before the applicable
effective date
a list of circuits
subject to PRC-023-2
per application of
calendar year in
which any criterion in
Attachment B
applies, unless the
Planning Coordinator
removes the circuit
from the list before
the applicable
effective date

R2 and R3
transmission lines operating at 200 kV
and above and transformers with low
voltage terminals connected at 200 kV
and above
calendar quarter after
approvals
calendar quarter
after Board of
Trustees adoption
circuits identified by the Planning
Coordinator pursuant to Requirement R6
the first calendar
quarter 39 months
by the Planning
Coordinator of a
circuits inclusion on a
list of circuits subject to
PRC-023-2 per
application of
calendar year in which
any criterion in
Attachment B applies,
unless the Planning
Coordinator removes
the circuit from the list
before the applicable
effective date
quarter 39 months
by the Planning
Coordinator of a
circuits inclusion on
a list of circuits
subject to PRC-023-2
per application of
calendar year in
which any criterion in
Attachment B
applies, unless the
removes the circuit
from the list before
the applicable
effective date
4
Effective Date
Jurisdictions where
Required
Jurisdictions where
No Regulatory

R4 Each Transmission Owner, Generator
Owner, and Distribution Provider that
chooses to use Requirement R1 criterion
2 as the basis for verifying transmission
line relay loadability
calendar quarter six
months after Board

R5 Each Transmission Owner, Generator
Owner, and Distribution Provider that
sets transmission line relays according to
Requirement R1 criterion 12
months after Board

R6 Each Planning Coordinator shall conduct
an assessment by applying the criteria in
Attachment B to determine the circuits in
its Planning Coordinator area for which
Owners, and Distribution Providers must
comply with Requirements R1 through R5
calendar quarter 18
calendar quarter 18
months after Board

5

B. Requirements
R1. Each Transmission Owner, Generator Owner, and Distribution Provider shall use any one of
the following criteria (Requirement R1, criteria 1 through 13) for any specific circuit terminal
to prevent its phase protective relay settings from limiting transmission system loadability
while maintaining reliable protection of the BES for all fault conditions. Each Transmission
Owner, Generator Owner, and Distribution Provider shall evaluate relay loadability at 0.85 per
unit voltage and a power factor angle of 30 degrees. [Violation Risk Factor: High] [Time
Horizon: Long Term Planning].
Criteria:
1. Set transmission line relays so they do not operate at or below 150% of the highest seasonal
Facility Rating of a circuit, for the available defined loading duration nearest 4 hours
(expressed in amperes).
2. Set transmission line relays so they do not operate at or below 115% of the highest seasonal
15-minute Facility Rating
2
3. Set transmission line relays so they do not operate at or below 115% of the maximum
theoretical power transfer capability (using a 90-degree angle between the sending-end and
receiving-end voltages and either reactance or complex impedance) of the circuit
(expressed in amperes) using one of the following to perform the power transfer
calculation:
of a circuit (expressed in amperes).
An infinite source (zero source impedance) with a 1.00 per unit bus voltage at each
end of the line.
An impedance at each end of the line, which reflects the actual system source
impedance with a 1.05 per unit voltage behind each source impedance.
4. Set transmission line relays on series compensated transmission lines so they do not operate
at or below the maximum power transfer capability of the line, determined as the greater of:
115% of the highest emergency rating of the series capacitor.
115% of the maximum power transfer capability of the circuit (expressed in
amperes), calculated in accordance with Requirement R1, criterion 3, using the full
line inductive reactance.
5. Set transmission line relays on weak source systems so they do not operate at or below
170% of the maximum end-of-line three-phase fault magnitude (expressed in amperes).
6. Set transmission line relays applied on transmission lines connected to generation stations
remote to load so they do not operate at or below 230% of the aggregated generation
nameplate capability.
7. Set transmission line relays applied at the load center terminal, remote from generation
stations, so they do not operate at or below 115% of the maximum current flow from the
load to the generation source under any system configuration.

2
When a 15-minute rating has been calculated and published for use in real-time operations, the 15-minute rating
can be used to establish the loadability requirement for the protective relays.
6
8. Set transmission line relays applied on the bulk system-end of transmission lines that serve
load remote to the system so they do not operate at or below 115% of the maximum current
flow from the system to the load under any system configuration.
9. Set transmission line relays applied on the load-end of transmission lines that serve load
remote to the bulk system so they do not operate at or below 115% of the maximum current
flow from the load to the system under any system configuration.
10. Set transformer fault protection relays and transmission line relays on transmission lines
terminated only with a transformer so that the relays do not operate at or below the greater
of:
150% of the applicable maximum transformer nameplate rating (expressed in
amperes), including the forced cooled ratings corresponding to all installed
supplemental cooling equipment.
115% of the highest operator established emergency transformer rating

10.1 Set load responsive transformer fault protection relays, if used, such that the
protection settings do not expose the transformer to a fault level and duration that
exceeds the transformers mechanical withstand capability
3
11. For transformer overload protection relays that do not comply with the loadability
component of Requirement R1, criterion 10 set the relays according to one of the
following:
.
Set the relays to allow the transformer to be operated at an overload level of at least
150% of the maximum applicable nameplate rating, or 115% of the highest operator
established emergency transformer rating, whichever is greater, for at least 15
minutes to provide time for the operator to take controlled action to relieve the
overload.
Install supervision for the relays using either a top oil or simulated winding hot spot
temperature element set no less than 100 C for the top oil temperature or no less
than 140 C for the winding hot spot temperature
4
12. When the desired transmission line capability is limited by the requirement to adequately
protect the transmission line, set the transmission line distance relays to a maximum of
125% of the apparent impedance (at the impedance angle of the transmission line) subject
to the following constraints:
.
a. Set the maximum torque angle (MTA) to 90 degrees or the highest supported by the
manufacturer.
b. Evaluate the relay loadability in amperes at the relay trip point at 0.85 per unit
voltage and a power factor angle of 30 degrees.

3
As illustrated by the dotted line in IEEE C57.109-1993 - IEEE Guide for Liquid-Immersed Transformer
Through-Fault-Current Duration, Clause 4.4, Figure 4
4
IEEE standard C57.91, Tables 7 and 8, specify that transformers are to be designed to withstand a winding hot spot
temperature of 180 degrees C, and Annex A cautions that bubble formation may occur above 140 degrees C.
7
c. Include a relay setting component of 87% of the current calculated in Requirement
R1, criterion 12 in the Facility Rating determination for the circuit.
13. Where other situations present practical limitations on circuit capability, set the phase
protection relays so they do not operate at or below 115% of such limitations.
R2. Each Transmission Owner, Generator Owner, and Distribution Provider shall set its out-of-step
blocking elements to allow tripping of phase protective relays for faults that occur during the
loading conditions used to verify transmission line relay loadability per Requirement R1.
R3. Each Transmission Owner, Generator Owner, and Distribution Provider that uses a circuit
capability with the practical limitations described in Requirement R1, criterion 6, 7, 8, 9, 12, or
13 shall use the calculated circuit capability as the Facility Rating of the circuit and shall obtain
the agreement of the Planning Coordinator, Transmission Operator, and Reliability Coordinator
with the calculated circuit capability. [Violation Risk Factor: Medium] [Time Horizon: Long
Term Planning]
R4. Each Transmission Owner, Generator Owner, and Distribution Provider that chooses to use
Requirement R1 criterion 2 as the basis for verifying transmission line relay loadability shall
provide its Planning Coordinator, Transmission Operator, and Reliability Coordinator with an
updated list of circuits associated with those transmission line relays at least once each calendar
year, with no more than 15 months between reports. [Violation Risk Factor: Lower] [Time
R5. Each Transmission Owner, Generator Owner, and Distribution Provider that sets transmission
line relays according to Requirement R1 criterion 12 shall provide an updated list of the
circuits associated with those relays to its Regional Entity at least once each calendar year, with
no more than 15 months between reports, to allow the ERO to compile a list of all circuits that
have protective relay settings that limit circuit capability. [Violation Risk Factor: Lower]
R6. Each Planning Coordinator shall conduct an assessment at least once each calendar year, with
no more than 15 months between assessments, by applying the criteria in Attachment B to
determine the circuits in its Planning Coordinator area for which Transmission Owners,
Generator Owners, and Distribution Providers must comply with Requirements R1 through R5.
The Planning Coordinator shall: [Violation Risk Factor: High] [Time Horizon: Long Term
Planning]
6.1 Maintain a list of circuits subject to PRC-023-2 per application of Attachment B,
including identification of the first calendar year in which any criterion in Attachment
B applies.
6.2 Provide the list of circuits to all Regional Entities, Reliability Coordinators,
Transmission Owners, Generator Owners, and Distribution Providers within its
Planning Coordinator area within 30 calendar days of the establishment of the initial
list and within 30 calendar days of any changes to that list.
C. Measures
such as spreadsheets or summaries of calculations to show that each of its transmission relays
is set according to one of the criteria in Requirement R1, criterion 1 through 13 and shall have
evidence such as coordination curves or summaries of calculations that show that relays set per
criterion 10 do not expose the transformer to fault levels and durations beyond those indicated
in the standard. (R1)
8
such as spreadsheets or summaries of calculations to show that each of its out-of-step blocking
elements is set to allow tripping of phase protective relays for faults that occur during the
loading conditions used to verify transmission line relay loadability per Requirement R1. (R2)
M3. Each Transmission Owner, Generator Owner, and Distribution Provider with transmission
relays set according to Requirement R1, criterion 6, 7, 8, 9, 12, or 13 shall have evidence such
as Facility Rating spreadsheets or Facility Rating database to show that it used the calculated
circuit capability as the Facility Rating of the circuit and evidence such as dated
correspondence that the resulting Facility Rating was agreed to by its associated Planning
Coordinator, Transmission Operator, and Reliability Coordinator. (R3)
M4. Each Transmission Owner, Generator Owner, or Distribution Provider that sets transmission
line relays according to Requirement R1, criterion 2 shall have evidence such as dated
correspondence to show that it provided its Planning Coordinator, Transmission Operator, and
Reliability Coordinator with an updated list of circuits associated with those transmission line
relays within the required timeframe. The updated list may either be a full list, a list of
incremental changes to the previous list, or a statement that there are no changes to the
previous list. (R4)
M5. Each Transmission Owner, Generator Owner, or Distribution Provider that sets transmission
line relays according to Requirement R1, criterion 12 shall have evidence such as dated
correspondence that it provided an updated list of the circuits associated with those relays to its
Regional Entity within the required timeframe. The updated list may either be a full list, a list
of incremental changes to the previous list, or a statement that there are no changes to the
previous list. (R5)
M6. Each Planning Coordinator shall have evidence such as power flow results, calculation
summaries, or study reports that it used the criteria established within Attachment B to
determine the circuits in its Planning Coordinator area for which applicable entities must
comply with the standard as described in Requirement R6. The Planning Coordinator shall
have a dated list of such circuits and shall have evidence such as dated correspondence that it
provided the list to the Regional Entities, Reliability Coordinators, Transmission Owners,
Generator Owners, and Distribution Providers within its Planning Coordinator area within the
required timeframe.

D. Compliance
For functional entities that work for their Regional Entity, the ERO shall serve as the

1.2. Data Retention
The Transmission Owner, Generator Owner, Distribution Provider and Planning Coordinator
shall keep data or evidence to show compliance as identified below unless directed by its
Compliance Enforcement Authority to retain specific evidence for a longer period of time as
9
The Transmission Owner, Generator Owner, and Distribution Provider shall each retain
documentation to demonstrate compliance with Requirements R1 through R5 for three
calendar years.
The Planning Coordinator shall retain documentation of the most recent review process
required in R6. The Planning Coordinator shall retain the most recent list of circuits in its
Planning Coordinator area for which applicable entities must comply with the standard, as
determined per R6.
If a Transmission Owner, Generator Owner, Distribution Provider or Planning Coordinator is
found non-compliant, it shall keep information related to the non-compliance until found
compliant or for the time specified above, whichever is longer.
The Compliance Monitor shall keep the last audit record and all requested and submitted
Compliance Audit
Self-Certification
Spot Checking
Self-Reporting
Complaint
None.
10

R1 N/A N/A N/A The responsible entity did not use
any one of the following criteria
(Requirement R1 criterion 1
through 13) for any specific circuit
terminal to prevent its phase
protective relay settings from
limiting transmission system
loadability while maintaining
reliable protection of the Bulk
Electric System for all fault
conditions.
OR
evaluate relay loadability at 0.85
per unit voltage and a power factor
angle of 30 degrees.
R2 N/A N/A N/A The responsible entity failed to
ensure that its out-of-step blocking
elements allowed tripping of phase
protective relays for faults that
occur during the loading
conditions used to verify
transmission line relay loadability
per Requirement R1.
R3 N/A N/A N/A The responsible entity that uses a
circuit capability with the practical
limitations described in
Requirement R1 criterion 6, 7, 8,
9, 12, or 13 did not use the
calculated circuit capability as the
Facility Rating of the circuit.
OR
11
obtain the agreement of the
Planning Coordinator,
Transmission Operator, and
Reliability Coordinator with the
calculated circuit capability.
R4 N/A N/A N/A The responsible entity did not
provide its Planning Coordinator,
Transmission Operator, and
Reliability Coordinator with an
updated list of circuits that have
transmission line relays set
according to the criteria
established in Requirement R1
criterion 2 at least once each
calendar year, with no more than
15 months between reports.
R5 N/A N/A N/A The responsible entity did not
provide its Regional Entity, with
an updated list of circuits that have
transmission line relays set
according to the criteria
established in Requirement R1
criterion 12 at least once each
15 months between reports.
R6 N/A The Planning Coordinator used the
criteria established within
Attachment B to determine the
circuits in its Planning Coordinator
area for which applicable entities
must comply with the standard and
met parts 6.1 and 6.2, but more
than 15 months and less than 24
months lapsed between
assessments.
The Planning Coordinator used the
must comply with the standard and
met parts 6.1 and 6.2, but 24
months or more lapsed between
assessments.
use the criteria established within
must comply with the standard.
OR
12
OR
Attachment B at least once each
15 months between assessments to
determine the circuits in its
Planning Coordinator area for
which applicable entities must
comply with the standard and met
6.1 and 6.2 but failed to include
the calendar year in which any
criterion in Attachment B first
applies.
OR
6.1 and 6.2 but provided the list of
circuits to the Reliability
Coordinators, Transmission
Owners, Generator Owners, and
Distribution Providers within its
the list was established or updated.
(part 6.2)

OR
6.1 and 6.2 but provided the list of
list was established or updated.
(part 6.2)

Attachment B, at least once each
comply with the standard but
failed to meet parts 6.1 and 6.2.
OR
comply with the standard but
failed to maintain the list of
circuits determined according to
the process described in
Requirement R6. (part 6.1)
OR

6.1 but failed to provide the list of
13
Planning Coordinator area or
provided the list more than 60 days
after the list was established or
updated. (part 6.2)

OR

comply with the standard.

14
None
F. Supplemental Technical Reference Document
1. The following document is an explanatory supplement to the standard. It provides the technical
rationale underlying the requirements in this standard. The reference document contains
methodology examples for illustration purposes it does not preclude other technically comparable
methodologies
Determination and Application of Practical Relaying Loadability Ratings, Version 1.0, June
2008, prepared by the System Protection and Control Task Force of the NERC Planning
Committee, available at:
http://www.nerc.com/fileUploads/File/Standards/Relay_Loadability_Reference_Doc_Clean_Fina
l_2008July3.pdf
.
Version History
1 February 12, 2008 Approved by Board of Trustees New
1 March 19, 2008 Corrected typo in last sentence of Severe VSL
for Requirement 3 then should be than.
Errata
1 Filed for approval
April 19, 2010
Changed VRF for R3 from Medium to High;
changed VSLs for R1, R2, R3 to binary Severe
to comply with Order 733
Revision
2 March 10, 2011
approved by Board
of Trustees
Revised to address initial set of directives from
Order 733
Revision (Project
2010-13)
2 March 15, 2012 FERC order issued approving PRC-023-2
(approval becomes effective May 7, 2012)

15
PRC-023 Attachment A
1. This standard includes any protective functions which could trip with or without time delay, on load
current, including but not limited to:
1.1. Phase distance.
1.2. Out-of-step tripping.
1.3. Switch-on-to-fault.
1.4. Overcurrent relays.
1.5. Communications aided protection schemes including but not limited to:
1.5.1 Permissive overreach transfer trip (POTT).
1.5.2 Permissive under-reach transfer trip (PUTT).
1.5.3 Directional comparison blocking (DCB).
1.5.4 Directional comparison unblocking (DCUB).
1.6. Phase overcurrent supervisory elements (i.e., phase fault detectors) associated with current-
based, communication-assisted schemes (i.e., pilot wire, phase comparison, and line current
differential) where the scheme is capable of tripping for loss of communications.
2. The following protection systems are excluded from requirements of this standard:
2.1. Relay elements that are only enabled when other relays or associated systems fail. For
example:
Overcurrent elements that are only enabled during loss of potential conditions.
Elements that are only enabled during a loss of communications except as noted in
section 1.6
2.2. Protection systems intended for the detection of ground fault conditions.
2.3. Protection systems intended for protection during stable power swings.
2.4. Generator protection relays that are susceptible to load.
2.5. Relay elements used only for Special Protection Systems applied and approved in accordance
with NERC Reliability Standards PRC-012 through PRC-017 or their successors.
2.6. Protection systems that are designed only to respond in time periods which allow 15 minutes or
greater to respond to overload conditions.
2.7. Thermal emulation relays which are used in conjunction with dynamic Facility Ratings.
2.8. Relay elements associated with dc lines.
2.9. Relay elements associated with dc converter transformers.
16
PRC-023 Attachment B
Circuits to Evaluate
Transmission lines operated at 100 kV to 200 kV and transformers with low voltage terminals
connected at 100 kV to 200 kV.
Transmission lines operated below 100 kV and transformers with low voltage terminals
connected below 100 kV that are part of the BES.
Criteria
If any of the following criteria apply to a circuit, the applicable entity must comply with the standard for
that circuit.
B1. The circuit is a monitored Facility of a permanent flowgate in the Eastern Interconnection, a
major transfer path within the Western Interconnection as defined by the Regional Entity, or a
comparable monitored Facility in the Qubec Interconnection, that has been included to address
reliability concerns for loading of that circuit, as confirmed by the applicable Planning
Coordinator.
B2. The circuit is a monitored Facility of an IROL, where the IROL was determined in the planning
horizon pursuant to FAC-010.
B3. The circuit forms a path (as agreed to by the Generator Operator and the transmission entity) to
supply off-site power to a nuclear plant as established in the Nuclear Plant Interface
Requirements (NPIRs) pursuant to NUC-001.
B4. The circuit is identified through the following sequence of power flow analyses
5
a. Simulate double contingency combinations selected by engineering judgment, without
manual system adjustments in between the two contingencies (reflects a situation where a
System Operator may not have time between the two contingencies to make appropriate
system adjustments).

performed by the
Planning Coordinator for the one-to-five-year planning horizon:
b. For circuits operated between 100 kV and 200 kV evaluate the post-contingency loading, in
consultation with the Facility owner, against a threshold based on the Facility Rating assigned
for that circuit and used in the power flow case by the Planning Coordinator.
c. When more than one Facility Rating for that circuit is available in the power flow case, the
threshold for selection will be based on the Facility Rating for the loading duration nearest
four hours.
d. The threshold for selection of the circuit will vary based on the loading duration assumed in
the development of the Facility Rating.

5
Past analyses may be used to support the assessment if no material changes to the system have occurred since the
last assessment
17
i. If the Facility Rating is based on a loading duration of up to and including four hours,
the circuit must comply with the standard if the loading exceeds 115% of the Facility
Rating.
ii. If the Facility Rating is based on a loading duration greater than four and up to and
including eight hours, the circuit must comply with the standard if the loading
exceeds 120% of the Facility Rating.
iii. If the Facility Rating is based on a loading duration of greater than eight hours, the
circuit must comply with the standard if the loading exceeds 130% of the Facility
Rating.
e. Radially operated circuits serving only load are excluded.
B5. The circuit is selected by the Planning Coordinator based on technical studies or assessments,
other than those specified in criteria B1 through B4, in consultation with the Facility owner.
B6. The circuit is mutually agreed upon for inclusion by the Planning Coordinator and the Facility
owner.

Standard PRC-024-1 Generator Frequency and Voltage Protective Relay Settings
Page 1 of 12

A. Introduction
1. Title: Generator Frequency and Voltage Protective Relay Settings
3. Purpose: Ensure Generator Owners set their generator protective relays such that
generating units remain connected during defined frequency and voltage excursions.
4. Applicability:
5. Effective Date:
5.1. In those jurisdictions where regulatory approval is required:
Owner shall have verified at least 40 percent of its Facilities are fully
compliant with Requirements R1, R2, R3, and R4.
Owner shall have verified 100 percent of its Facilities are fully compliant
with Requirements R1, R2, R3, and R4.
5.2. In those jurisdictions where regulatory approval is not required:
Board of Trustees approval, each Generator Owner shall have verified at
least 40 percent of its Facilities are fully compliant with Requirements R1,
R2, R3, and R4.
R2, R3, and R4.
Page 2 of 12

R2, R3, and R4.
Board of Trustees approval, each Generator Owner shall have verified 100
percent of its Facilities are fully compliant with Requirements R1, R2, R3,
and R4.

Page 3 of 12

B. Requirements
R1. Each Generator Owner that has generator frequency protective relaying
1
Generating unit(s) may trip if the protective functions (such as out-of-step functions
or loss-of-field functions) operate due to an impending or actual loss of synchronism
or, for asynchronous generating units, due to instability in power conversion control
equipment.
activated to trip
its applicable generating unit(s) shall set its protective relaying such that the generator
frequency protective relaying does not trip the applicable generating unit(s) within the
no trip zone of PRC-024 Attachment 1, subject to the following exceptions: [Violation
Risk Factor: Medium] [Time Horizon: Long-term Planning]
Generating unit(s) may trip if clearing a system fault necessitates disconnecting (a)
generating unit(s).
Generating unit(s) may trip within a portion of the no trip zone of PRC-024
Attachment 1 for documented and communicated regulatory or equipment
limitations in accordance with Requirement R3.
R2. Each Generator Owner that has generator voltage protective relaying
1
activated to trip its
applicable generating unit(s) shall set its protective relaying such that the generator
voltage protective relaying does not trip the applicable generating unit(s) as a result of a
voltage excursion (at the point of interconnection
2
Generating unit(s) may trip in accordance with a Special Protection System (SPS) or
Remedial Action Scheme (RAS).
) caused by an event on the
transmission system external to the generating plant that remains within the no trip
zone of PRC-024 Attachment 2. If the Transmission Planner allows less stringent
voltage relay settings than those required to meet PRC-024 Attachment 2, then the
Generator Owner shall set its protective relaying within the voltage recovery
characteristics of a location-specific Transmission Planners study. Requirement R2 is
subject to the following exceptions: [Violation Risk Factor: Medium] [Time Horizon:
Long-term Planning]
Generating unit(s) may trip if clearing a system fault necessitates disconnecting (a)
generating unit(s).
Generating unit(s) may trip by action of protective functions (such as out-of-step
functions or loss-of-field functions) that operate due to an impending or actual loss
of synchronism or, for asynchronous generating units, due to instability in power
conversion control equipment.

1
Each Generator Owner is not required to have frequency or voltage protective relaying (including but not limited to
frequency and voltage protective functions for discrete relays, volts per hertz relays evaluated at nominal frequency,
multi-function protective devices or protective functions within control systems that directly trip or provide tripping
signals to the generator based on frequency or voltage inputs) installed or activated on its unit.
2
For the purposes of this standard, point of interconnection means the transmission (high voltage) side of the generator
step-up or collector transformer.
Page 4 of 12

Generating unit(s) may trip within a portion of the no trip zone of PRC-024
Attachment 2 for documented and communicated regulatory or equipment
limitations in accordance with Requirement R3.
R3. Each Generator Owner shall document each known regulatory or equipment limitation
3
3.1. The Generator Owner shall communicate the documented regulatory or equipment
limitation, or the removal of a previously documented regulatory or equipment
limitation, to its Planning Coordinator and Transmission Planner within 30 calendar
days of any of the following:

that prevents an applicable generating unit with generator frequency or voltage protective
relays from meeting the relay setting criteria in Requirements R1 or R2 including (but not
limited to) study results, experience from an actual event, or manufacturers advice.
[Violation Risk Factor: Lower] [Time Horizon: Long-term Planning]
Identification of a regulatory or equipment limitation.
Repair of the equipment causing the limitation that removes the limitation.
Replacement of the equipment causing the limitation with equipment that
removes the limitation.
Creation or adjustment of an equipment limitation caused by consumption of the
cumulative turbine life-time frequency excursion allowance.
R4. Each Generator Owner shall provide its applicable generator protection trip settings
associated with Requirements R1 and R2 to the Planning Coordinator or Transmission
Planner that models the associated unit within 60 calendar days of receipt of a written
request for the data and within 60 calendar days of any change to those previously
requested trip settings unless directed by the requesting Planning Coordinator or
Transmission Planner that the reporting of relay setting changes is not required.

C. Measures
M1. Each Generator Owner shall have evidence that generator frequency protective relays
have been set in accordance with Requirement R1 such as dated setting sheets, calibration
sheets or other documentation.
M2. Each Generator Owner shall have evidence that generator voltage protective relays have
been set in accordance with Requirement R2 such as dated setting sheets, voltage-time
curves, calibration sheets, coordination plots, dynamic simulation studies or other
documentation.
M3. Each Generator Owner shall have evidence that it has documented and communicated any
known regulatory or equipment limitations (excluding limitations noted in footnote 3)
that resulted in an exception to Requirements R1 or R2 in accordance with Requirement

3
Excludes limitations that are caused by the setting capability of the generator frequency and voltage protective relays
themselves but does not exclude limitations originating in the equipment that they protect.
Page 5 of 12

R3 such as a dated email or letter that contains such documentation as study results,
experience from an actual event, or manufacturers advice.
M4. Each Generator Owner shall have evidence that it communicated applicable generator
protective relay trip settings in accordance with Requirement R4, such as dated e-mails,
correspondence or other evidence and copies of any requests it has received for that
information.
D. Compliance
unless the applicable entity is owned, operated, or controlled by the Regional Entity.
In such cases, the ERO or a Regional Entity approved by FERC or other applicable
1.2. Data Retention
required to retain specific evidence to demonstrate compliance. For instances where
the evidence retention period specified below is shorter than the time since the last
audit, the Compliance Enforcement Authority may ask an entity to provide other
evidence to show that it was compliant for the full time period since the last audit.
The Generator Owner shall retain evidence of compliance with Requirement R1
through R4; for 3 years or until the next audit, whichever is longer.
If a Generator Owner is found non-compliant, the Generator Owner shall keep
information related to the non-compliance until mitigation is complete and approved
for the time period specified above, whichever is longer.
Compliance Audit
Self-Certification
Spot Checking
Self-Reporting
Complaint
None

Page 6 of 12

R1
N/A N/A N/A The Generator Owner
that has frequency
protection activated to
trip a generating unit,
failed to set its
generator frequency
protective relaying so
that it does not trip
within the criteria
R1 unless there is a
documented and
communicated
regulatory or
equipment limitation
per Requirement R3.
R2
N/A N/A N/A The Generator Owner
with voltage protective
relaying activated to
trip a generating unit,
failed to set its voltage
protective relaying so
that it does not trip as a
result of a voltage
excursion at the point
of interconnection,
caused by an event
external to the plant
per the criteria
specified in
Requirement R2 unless
there is a documented
and communicated
regulatory or
equipment limitation
per Requirement R3.
R3
The Generator Owner
documented the
known non-protection
system equipment
limitation that
prevented it from
meeting the criteria in
Requirement R1 or R2
and communicated the
documented limitation
to its Planning
Coordinator and
The Generator Owner
documented the
system equipment
limitation that
prevented it from
to its Planning
Coordinator and
The Generator Owner
documented the
system equipment
limitation that
prevented it from
to its Planning
Coordinator and
The Generator Owner
failed to document any
system equipment
limitation that
prevented it from
Requirement R1 or R2.

OR
The Generator Owner
failed to communicate

Page 7 of 12

days of identifying the
limitation.

limitation.
limitation.

the documented
limitation to its
and Transmission
Planner within 120
calendar days of
identifying the
limitation.

R4
The Generator Owner
provided its generator
protection trip settings
days of any change to
those trip settings.
OR
The Generator Owner
provided trip settings
days of a written
request.
The Generator Owner
days of any change to
those trip settings.

OR
The Generator Owner
days of a written
request.
The Generator Owner
more than 120
calendar days but less
calendar days of any
change to those trip
settings.

OR
The Generator Owner
more than 120
calendar days but less
calendar days of a
written request.
The Generator Owner
failed to provide its
generator protection
trip settings within 150
calendar days of any
change to those trip
settings.

OR

The Generator Owner
failed to provide trip
settings within 150
calendar days of a
written request.

None
None
Version History
1 May 9, 2013 Adopted by the NERC Board of
Trustees


Page 8 of 12

G. References
1. The Technical J ustification for the New WECC Voltage Ride-Through (VRT) Standard,
A White Paper Developed by the Wind Generation Task Force (WGTF), dated J une 13,
2007, a guideline approved by WECC Technical Studies Subcommittee.


Page 9 of 12

PRC-024 Attachment 1

Curve Data Points:
Eastern Interconnection
High Frequency Duration
Low Frequency Duration
Frequency (Hz) Time (Sec) Frequency (Hz) Time (sec)
61.8 Instantaneous trip 57.8 Instantaneous trip
60.5 10
(90.935-1.45713*f)
59.5 10
(1.7373*f-100.116)

<60.5 Continuous operation > 59.5 Continuous operation

54
56
58
60
62
64
66
68
0.1 1 10 100 1000 10000
F
r
e
q
u
e
n
c
y

(
H
z
)

Time (sec)
OFF NOMINAL FREQUENCY CAPABILITY CURVE
No Trip Zone
(not including the
lines)
Western
Western
Eastern
Eastern Interconnection
Quebec
Quebec
ERCOT
ERCOT

Page 10 of 12

Western Interconnection
61.6 30 57.3 0.75
60.6 180 57.8 7.5
<60.6 Continuous operation 58.4 30
59.4 180
>59.4 Continuous operation

Quebec Interconnection
Frequency (Hz) Time (Sec) Frequency (Hz) Time (Sec)
>66.0 Instantaneous trip <55.5 Instantaneous trip
63.0 5 56.5 0.35
61.5 90 57.0 2
60.6 660 57.5 10
59.4 660

ERCOT Interconnection
61.6 30 58.0 2
60.6 540 58.4 30

Page 11 of 12

PRC-024 Attachment 2

Ride Through Duration:
High Voltage Ride Through Duration
Low Voltage Ride Through Duration
Voltage (pu) Time (sec) Voltage (pu) Time (sec)
1.200 Instantaneous trip <0.45 0.15
1.175 0.20 <0.65 0.30
1.15 0.50 <0.75 2.00
1.10 1.00 <0.90 3.00

0.00
0.05
0.10
0.15
0.20
0.25
0.30
0.35
0.40
0.45
0.50
0.55
0.60
0.65
0.70
0.75
0.80
0.85
0.90
0.95
1.00
1.05
1.10
1.15
1.20
1.25
1.30
0 0.5 1 1.5 2 2.5 3 3.5 4
P
O
I

V
o
l
t
a
g
e

(
p
e
r

u
n
i
t
)

Time (sec)
Voltage Ride-Through
Time Duration Curve
High Voltage Duration Low Voltage Duration
No Trip Zone

Page 12 of 12

Voltage Ride-Through Curve Clarifications
Curve Details:
1. The per unit voltage base for these curves is the nominal operating voltage specified by the
Transmission Planner in the analysis of the reliability of the Interconnected Transmission
Systems at the point of interconnection to the Bulk Electric System (BES).
2. The curves depicted were derived based on three-phase transmission system zone 1 faults
with Normal Clearing not exceeding 9 cycles. The curves apply to voltage excursions
regardless of the type of initiating event.
3. The envelope within the curves represents the cumulative voltage duration at the point of
interconnection with the BES. For example, if the voltage first exceeds 1.15 pu at 0.3
seconds after a fault, does not exceed 1.2 pu voltage, and returns below 1.15 pu at 0.4
seconds, then the cumulative time the voltage is above 1.15 pu voltage is 0.1 seconds and is
within the no trip zone of the curve.
4. The curves depicted assume system frequency is 60 Hertz. When evaluating Volts/Hertz
protection, you may adjust the magnitude of the high voltage curve in proportion to
deviations of frequency below 60 Hz.
5. Voltages in the curve assume minimum fundamental frequency phase-to-ground or phase-
to-phase voltage for the low voltage duration curve and the greater of maximum RMS or
crest phase-to-phase voltage for the high voltage duration curve.
Evaluating Protective Relay Settings:
1. Use either the following assumptions or loading conditions that are believed to be the most
probable for the unit under study to evaluate voltage protection relay setting calculations on
the static case for steady state initial conditions:
a. All of the units connected to the same transformer are online and operating.
b. All of the units are at full nameplate real-power output.
c. Power factor is 0.95 lagging (i.e. supplying reactive power to the system) as
measured at the generator terminals.
d. The automatic voltage regulator is in automatic voltage control mode.
2. Evaluate voltage protection relay settings assuming that additional installed generating plant
reactive support equipment (such as static VAr compensators, synchronous condensers, or
capacitors) is available and operating normally.
3. Evaluate voltage protection relay settings accounting for the actual tap settings of
transformers between the generator terminals and the point of interconnection.

Standard TOP-001-1a Reliabil ity Responsibiliti es and Authorities
Page 1 of 7

A. Introduction
1. Title: Reliability Responsibilities and Authorities
2. Number: TOP-001-1a
Purpose: To ensure reliability entities have clear decision-making authority and
capabilities to take appropriate actions or direct the actions of others to return the
transmission system to normal conditions during an emergency.
3. Applicability
3.4. Distribution Providers
3.5. Load Serving Entities
4. Effective Date: Immediately after approval of applicable regulatory
authorities.
B. Requirements
R1. Each Transmission Operator shall have the responsibility and clear decision-making
authority to take whatever actions are needed to ensure the reliability of its area and
shall exercise specific authority to alleviate operating emergencies.
R2. Each Transmission Operator shall take immediate actions to alleviate operating
emergencies including curtailing transmission service or energy schedules, operating
equipment (e.g., generators, phase shifters, breakers), shedding firm load, etc.
R3. Each Transmission Operator, Balancing Authority, and Generator Operator shall
comply with reliability directives issued by the Reliability Coordinator, and each
Balancing Authority and Generator Operator shall comply with reliability directives
issued by the Transmission Operator, unless such actions would violate safety,
equipment, regulatory or statutory requirements. Under these circumstances the
Transmission Operator, Balancing Authority or Generator Operator shall immediately
inform the Reliability Coordinator or Transmission Operator of the inability to perform
the directive so that the Reliability Coordinator or Transmission Operator can
implement alternate remedial actions.
R4. Each Distribution Provider and Load Serving Entity shall comply with all reliability
directives issued by the Transmission Operator, including shedding firm load, unless
such actions would violate safety, equipment, regulatory or statutory requirements.
Under these circumstances, the Distribution Provider or Load Serving Entity shall
immediately inform the Transmission Operator of the inability to perform the directive
so that the Transmission Operator can implement alternate remedial actions.
R5. Each Transmission Operator shall inform its Reliability Coordinator and any other
potentially affected Transmission Operators of real time or anticipated emergency
conditions, and take actions to avoid, when possible, or mitigate the emergency.
Page 2 of 7

R6. Each Transmission Operator, Balancing Authority, and Generator Operator shall render
all available emergency assistance to others as requested, provided that the requesting
entity has implemented its comparable emergency procedures, unless such actions
would violate safety, equipment, or regulatory or statutory requirements.
R7. Each Transmission Operator and Generator Operator shall not remove Bulk Electric
System facilities from service if removing those facilities would burden neighboring
systems unless:
R7.1. For a generator outage, the Generator Operator shall notify and coordinate with
the Transmission Operator. The Transmission Operator shall notify the
Reliability Coordinator and other affected Transmission Operators, and
coordinate the impact of removing the Bulk Electric System facility.
R7.2. For a transmission facility, the Transmission Operator shall notify and
coordinate with its Reliability Coordinator. The Transmission Operator shall
notify other affected Transmission Operators, and coordinate the impact of
removing the Bulk Electric System facility.
R7.3. When time does not permit such notifications and coordination, or when
immediate action is required to prevent a hazard to the public, lengthy
customer service interruption, or damage to facilities, the Generator Operator
shall notify the Transmission Operator, and the Transmission Operator shall
notify its Reliability Coordinator and adjacent Transmission Operators, at the
earliest possible time.
R8. During a system emergency, the Balancing Authority and Transmission Operator shall
immediately take action to restore the Real and Reactive Power Balance. If the
Balancing Authority or Transmission Operator is unable to restore Real and Reactive
Power Balance it shall request emergency assistance from the Reliability Coordinator.
If corrective action or emergency assistance is not adequate to mitigate the Real and
Reactive Power Balance, then the Reliability Coordinator, Balancing Authority, and
Transmission Operator shall implement firm load shedding.
C. Measures
M1. Each Transmission Operator shall have and provide upon request evidence that could
include, but is not limited to, signed agreements, an authority letter signed by an officer
of the company, or other equivalent evidence that will be used to confirm that it has the
authority, and has exercised the authority, to alleviate operating emergencies as
described in Requirement 1.
M2. If an operating emergency occurs the Transmission Operator that experienced the
emergency shall have and provide upon request evidence that could include, but is not
limited to, operator logs, voice recordings or transcripts of voice recordings, electronic
communications, or other equivalent evidence that will be used to determine if it took
immediate actions to alleviate the operating emergency including curtailing
transmission service or energy schedules, operating equipment (e.g., generators, phase
shifters, breakers), shedding firm load, etc. (Requirement 2)
M3. Each Transmission Operator, Balancing Authority, and Generator Operator shall have
and provide upon request evidence such as operator logs, voice recordings or
Page 3 of 7

transcripts of voice recordings, electronic communications, or other equivalent
evidence that will be used to determine if it complied with its Reliability Coordinators
reliability directives. If the Transmission Operator, Balancing Authority or Generator
Operator did not comply with the directive because it would violate safety, equipment,
regulatory or statutory requirements, it shall provide evidence such as operator logs,
equivalent evidence that it immediately informed the Reliability Coordinator of its
inability to perform the directive. (Requirement 3)
M4. Each Balancing Authority, Generator Operator, Distribution Provider and Load
Serving Entity shall have and provide upon request evidence such as operator logs,
equivalent evidence that will be used to determine if it complied with its Transmission
Operators reliability directives. If the Balancing Authority, Generator Operator,
Distribution Provider and Load Serving Entity did not comply with the directive
because it would violate safety, equipment, regulatory or statutory requirements, it
shall provide evidence such as operator logs, voice recordings or transcripts of voice
recordings, electronic communications, or other equivalent evidence that it
immediately informed the Transmission Operator of its inability to perform the
directive. (Requirements 3 and 4)
M5. The Transmission Operator shall have and provide upon request evidence that could
include, but is not limited to, operator logs, voice recordings or transcripts of voice
recordings, electronic communications, or other equivalent evidence that will be used
to determine if it informed its Reliability Coordinator and any other potentially affected
Transmission Operators of real time or anticipated emergency conditions, and took
actions to avoid, when possible, or to mitigate an emergency. (Requirement 5)
M6. The Transmission Operator, Balancing Authority, and Generator Operator shall each
have and provide upon request evidence that could include, but is not limited to,
operator logs, voice recordings or transcripts of voice recordings, electronic
communications, or other equivalent evidence that will be used to determine if it
rendered assistance to others as requested, provided that the requesting entity had
implemented its comparable emergency procedures, unless such actions would violate
safety, equipment, or regulatory or statutory requirements. (Requirement 6)
M7. The Transmission Operator and Generator Operator shall each have and provide upon
request evidence that could include, but is not limited to, operator logs, voice
recordings or transcripts of voice recordings, electronic communications, or other
equivalent evidence that will be used to determine if it notified either their
Transmission Operator in the case of the Generator Operator, or other Transmission
Operators, and the Reliability Coordinator when it removed Bulk Electric System
facilities from service if removing those facilities would burden neighboring systems.
(Requirement 7)
D. Compliance
Page 4 of 7

monitoring.
schedule.)
prepare.)
compliance.
1.3. Data Retention
Each Transmission Operator shall have the current in-force document to show
that it has the responsibility and clear decision-making authority to take whatever
actions are needed to ensure the reliability of its area. (Measure 1)
Each Transmission Operator shall keep 90 days of historical data (evidence) for
Measures 1 through 7, including evidence of directives issued for Measures 3 and
4.
Each Balancing Authority shall keep 90 days of historical data (evidence) for
Measures 3, 4 and 6 including evidence of directives issued for Measures 3 and 4.
Each Generator Operator shall keep 90 days of historical data (evidence) for
Measures 3, 4, 6 and 7 including evidence of directives issued for Measures 3 and
4.
Each Distribution Provider and Load-serving Entity shall keep 90 days of
historical data (evidence) for Measure 4.
The Compliance Monitor shall keep the last periodic audit report and all
supporting compliance data
Page 5 of 7

None.
2. Levels of Non-Compliance for a Balancing Authority:
2.4.1 Did not comply with a Reliability Coordinators or Transmission
Operators reliability directive or did not immediately inform the
Reliability Coordinator or Transmission Operator of its inability to
perform that directive (R3)
2.4.2 Did not render emergency assistance to others as requested, in accordance
with R6.
3. Levels of Non-Compliance for a Transmission Operator
3.4.1 Does not have the documented authority to act as specified in R1.
3.4.2 Does not have evidence it acted with the authority specified in R1.
3.4.3 Did not take immediate actions to alleviate operating emergencies as
specified in R2.
3.4.4 Did not comply with its Reliability Coordinators reliability directive or
did not immediately inform the Reliability Coordinator of its inability to
perform that directive, as specified in R3.
3.4.5 Did not inform its Reliability Coordinator and other potentially affected
Transmission Operators of real time or anticipated emergency conditions
as specified in R5.
3.4.6 Did not take actions to avoid, when possible, or to mitigate an emergency
as specified in R5.
3.4.7 Did not render emergency assistance to others as requested, as specified in
R6.
3.4.8 Removed Bulk Electric System facilities from service under conditions
other than those specified in R7.1, 7.2, and 7.3, and removing those
facilities burdened a neighbor system.
4. Levels of Non-Compliance for a Generator Operator:
Page 6 of 7

4.4.1 Did not comply with a Reliability Coordinator or Transmission Operators
reliability directive or did not immediately inform the Reliability
Coordinator or Transmission Operator of its inability to perform that
directive, as specified in R3.
4.4.2 Did not render all available emergency assistance to others as requested,
unless such actions would violate safety, equipment, or regulatory or
statutory requirements as specified in R6.
4.4.3 Removed Bulk Electric System facilities from service under conditions
other than those specified in R7.1, 7.2, and 7.3, and burdened a neighbor
system.
5. Levels of Non-Compliance for a Distribution Provider or Load Serving Entity
5.4. Level 4: Did not comply with a Transmission Operators reliability directive or
immediately inform the Transmission Operator of its inability to perform that
directive, as specified in R4.
None identified.
Version History
Date
Errata
1a May 12, 2010 Added Appendix 1 Interpretation of
R8 approved by BOT on May 12, 2010
Interpretation
1a September 15,
2011
FERC Order issued approved the
Interpretation of R8 (FERC Order
became effective November 21, 2011)
Interpretation
Page 7 of 7

Appendix 1

R8. During a system emergency, the Balancing Authority and Transmission Operator shall
immediately take action to restore the Real and Reactive Power Balance. If the Balancing
Authority or Transmission Operator is unable to restore Real and Reactive Power Balance it shall
request emergency assistance from the Reliability Coordinator. If corrective action or
emergency assistance is not adequate to mitigate the Real and Reactive Power Balance, then the
Reliability Coordinator, Balancing Authority, and Transmission Operator shall implement firm
load shedding.
Question
For Requirement R8 is the Balancing Authority responsibility to immediately take corrective
action to restore Real Power Balance and is the TOP responsibility to immediately take
corrective action to restore Reactive Power Balance?
Response
The answer to both questions is yes. According to the NERC Glossary of Terms Used in
Reliability Standards, the Transmission Operator is responsible for the reliability of its local
transmission system, and operates or directs the operations of the transmission facilities.
Similarly, the Balancing Authority is responsible for maintaining load-interchange-generation
balance, i.e., real power balance. In the context of this requirement, the Transmission Operator
is the functional entity that balances reactive power. Reactive power balancing can be
accomplished by issuing instructions to the Balancing Authority or Generator Operators to alter
reactive power injection. Based on NERC Reliability Standard BAL-005-1b Requirement R6,
the Transmission Operator has no requirement to compute an Area Control Error (ACE) signal or
to balance real power. Based on NERC Reliability Standard VAR-001-1 Requirement R8, the
Balancing Authority is not required to resolve reactive power balance issues. According to TOP-
001-1 Requirement R3, the Balancing Authority is only required to comply with Transmission
Operator or Reliability Coordinator instructions to change injections of reactive power.

Standard TOP-001-2 Transmission Operations
Page 1 of 10

A. Introduction
1. Title: Transmission Operations
2. Number: TOP-001-2
adversely impact the reliability of the Interconnection by ensuring prompt action to prevent or
mitigate such occurrences.
4. Applicability
5. Effective Date: All requirements become effective the first day of the first calendar
quarter twelve months following applicable regulatory approval. In those jurisdictions where
no regulatory approval is required, the requirements become effective the first day of the first
calendar quarter twelve months following Board of Trustees adoption, or as otherwise made
effective pursuant to the laws applicable to such ERO governmental authorities.
B. Requirements
R1. Each Balancing Authority, Generator Operator, Distribution Provider, and Load-Serving Entity
shall comply with each Reliability Directive issued and identified as such by its Transmission
Operator(s), unless such action would violate safety, equipment, regulatory, or statutory
requirements. [Violation Risk Factor: High] [Time Horizon: Same-day Operations, Real-
Time Operations]
R2. Each Balancing Authority, Generator Operator, Distribution Provider, and Load-Serving Entity
shall inform its Transmission Operator of its inability to perform an identified Reliability
Directive issued by that Transmission Operator. [Violation Risk Factor: High] [Time Horizon:
Operations Planning, Same Day Operations, Real-time Operations]
R3. Each Transmission Operator shall inform its Reliability Coordinator and Transmission
Operator(s) that are known or expected to be affected by each actual and anticipated
Emergency based on its assessment of its Operational Planning Analysis. [Violation Risk
Factor: High] [Time Horizon: Operations Planning,]
R4. Each Transmission Operator shall render emergency assistance to other Transmission
Operators, as requested and available, provided that the requesting entity has implemented its
comparable emergency procedures, unless such actions would violate safety, equipment,
regulatory, or statutory requirements. [Violation Risk Factor: High] [Time Horizon: Real-Time
Operations]
R5. Each Transmission Operator shall inform its Reliability Coordinator and other Transmission
Operators of its operations known or expected to result in an Adverse Reliability Impact on
those respective Transmission Operator Areas unless conditions do not permit such
communications. Examples of such operations are relay or equipment failures, and changes in
generation, Transmission, or Load. [Violation Risk Factor: High] [Time Horizon: Same-day
Operations, Real-Time Operations]
Page 2 of 10

R6. Each Balancing Authority and Transmission Operator shall notify its Reliability Coordinator
and negatively impacted interconnected NERC registered entities of planned outages of
telemetering equipment, control equipment and associated communication channels between
the affected entities. [Violation Risk Factor: Medium] [Time Horizon: Operations Planning,
Same-day Operations, Real-Time Operations]
R7. Each Transmission Operator shall not operate outside any identified Interconnection Reliability
Operating Limit (IROL) for a continuous duration exceeding its associated IROL T
v
.
R8. Each Transmission Operator shall inform its Reliability Coordinator of each SOL which, while
not an IROL, has been identified by the Transmission Operator as supporting reliability
internal to its Transmission Operator Area based on its assessment of its Operational Planning
Analysis. [Violation Risk Factor: Medium] [Time Horizon: Operations Planning]

R9. Each Transmission Operator shall not operate outside any System Operating Limit (SOL)
identified in Requirement R8 for a continuous duration that would cause a violation of the
Facility Rating or Stability criteria upon which it is based. [Violation Risk Factor: Medium]
R10. Each Transmission Operator shall inform its Reliability Coordinator of its actions to return the
system to within limits when an IROL, or an SOL identified in Requirement R8, has been
exceeded. [Violation Risk Factor: Medium] [Time Horizon: Real-Time Operations]
R11. Each Transmission Operator shall act or direct others to act, to mitigate both the magnitude and
duration of exceeding an IROL within the IROLs T
v
, or of an SOL identified in Requirement
R8. [Violation Risk Factor: High] [Time Horizon: Real-time Operations]
C. Measures
M1. Each Balancing Authority, Generator Operator, Distribution Provider, and Load-Serving Entity
shall make available, upon request, evidence that it complied with each Reliability Directive
issued and identified as such by the Transmission Operator(s) unless such action would violate
safety, equipment, regulatory, or statutory requirements, in accordance with Requirement R1.
Such evidence could include, but is not limited to, dated operator logs, voice recordings or
transcripts of voice recordings, electronic communications, or other equivalent evidence in
electronic or hard copy format. If no event has occurred, the Balancing Authority, Generator
Operator, Distribution Provider, or Load-Serving Entity may provide an attestation that an
event has not occurred.
M2. Each Balancing Authority, Generation Operator, Distribution Provider, and Load-Serving
Entity shall make available, upon request, evidence which may include, but is not limited to
dated operator logs, voice recordings or transcripts of voice recordings, electronic
communications, or equivalent evidence in electronic or hard copy format, that it informed its
Transmission Operator of its inability to comply with identified, Reliability Directive(s) issued
in accordance with Requirement R2. If no event has occurred, the Balancing Authority,
Generator Operator, Distribution Provider, or Load-Serving Entity may provide an attestation
that an event has not occurred.
Rationale: The class of SOL included in Requirements R8, R9, and R11 was created in
response to industry comments that there were SOLs that deserved increased attention.
Examples of such SOLs include WECC Path SOLs, SOLs on transmission facilities maintaining
service to significant events or buildings, such as the stadium for major nationally televised
events, prominent government buildings, and military installations.
Page 3 of 10

M3. Each Transmission Operator shall make available, upon request, evidence that it has informed
its Reliability Coordinator and Transmission Operators that it knew or expected to be affected
by each actual and anticipated Emergency based on its assessment of its Operational Planning
Analysis in accordance with Requirement R3. Such evidence could include, but is not limited
to, dated operator logs, voice recordings or transcripts of voice recordings, electronic
communications, or other equivalent evidence in electronic or hard copy format. If no event
has occurred, the Transmission Operator may provide an attestation that an event has not
occurred.
M4. Each Transmission Operator shall make available, upon request, evidence that requested and
available emergency assistance was rendered to other Transmission Operators in accordance
with Requirement R4, unless such actions would violate safety, equipment, regulatory, or
statutory requirements. Such evidence could include, but is not limited to, dated operator logs,
equivalent evidence in electronic or hard copy format. If no event has occurred, the
Transmission Operator may provide an attestation that an event has not occurred.
M5. Each Transmission Operator shall make available, upon request, evidence that it informed its
Reliability Coordinator and other Transmission Operators of its operations known or expected
to result in an Adverse Reliability Impact on those respective Transmission Operator Areas in
accordance with Requirement R5, unless conditions did not permit such communications.
transcripts of voice recordings, electronic communications, or other equivalent evidence. If no
event has occurred, the Transmission Operator may provide an attestation that an event has not
occurred.
M6. Each Balancing Authority and Transmission Operator shall make available, upon request,
evidence that it notified its Reliability Coordinator and negatively impacted interconnected
NERC registered entities of planned outages of telemetering equipment, control equipment,
and associated communication channels in accordance with Requirement R6. Such evidence
could include, but is not limited to, dated operator logs, voice recordings or transcripts of voice
recordings, electronic communications, or other equivalent evidence. If no event has occurred,
the Balancing Authority or Transmission Operator may provide an attestation that an event has
not occurred.
M7. Each Transmission Operator shall make available evidence for any occasion in which it has
operated outside any identified Interconnection Reliability Operating Limit (IROL) for a
continuous duration exceeding its associated IROL T
v
as


Such
evidence

could include, but is not limited to, dated computer logs or reports in electronic or
hard copy format specifying the date, time, duration, and details of the excursion. If no event
has occurred, the Transmission Operator may provide an attestation that an event has not
occurred.
M8. Each Transmission Operator shall make available evidence that it has informed its Reliability
Coordinator of each SOL which, while not an IROL, has been identified by the Transmission
Operator as supporting reliability internal to its Transmission Operator Area based on its
assessment of its Operational Planning Analysis in accordance with Requirement R8. Such
evidence could include, but is not limited to, an electronic or hard copy of information from the
Operational Planning Analysis used in its assessment, dated operator logs, voice recordings or
transcripts of voice recordings, or dated computer printouts. If no event has occurred, the
M9. Each Transmission Operator shall make available evidence for any occasion in which it has
operated outside an SOL for a continuous duration that would cause a violation of the Facility
Page 4 of 10

Rating or Stability criteria upon which it is based, as specified in Requirement R8 and in
Requirement R9.

Such evidence

could include, but is not limited to, dated computer logs or
reports in electronic or hard copy format specifying the date, time, duration, and details of the
excursion. If no event has occurred, the Transmission Operator may provide an attestation that
an event has not occurred.
M10. Each Transmission Operator shall make available evidence that it has informed its Reliability
Coordinator of actions being taken to return the system to within limits when an IROL, or an
SOL identified in Requirement R8, has been exceeded in accordance with Requirement R10.
transcripts of voice recordings, or dated computer printouts. If no event has occurred, the
M11. Each Transmission Operator shall make available evidence of when it acted or directed others
to mitigate both the magnitude and duration of exceeding an IROL within the IROLs T
v
, or of
an SOL identified in Requirement R8, in accordance with Requirement R11. Such evidence
could include, but is not limited to, dated operator logs, voice recordings or transcripts of voice
recordings, or dated computer printouts. If no event has occurred, the Transmission Operator
may provide an attestation that an event has not occurred.
D. Compliance
For functional entities that work for their Regional Entity, the ERO shall serve
Compliance Audit
Self-Certification
Spot Checking
Self-Reporting
Complaint
Exception Reporting
1.3. Data Retention
Each Balancing Authority, Transmission Operator, Generator Operator, Distribution
Provider, and Load-Serving Entity shall each keep data or evidence for each applicable
Requirement R1 through R6, R8, and R10 through R11 and Measure M1 through M6,
Page 5 of 10

M8, and M10 through M11 for the current calendar year and one previous calendar year,
with the exception of voice recordings which shall be retained for a minimum of 90
calendar days, unless directed by its Compliance Enforcement Authority to retain specific
Each Transmission Operator shall retain evidence for three calendar years of any
occasion in which it has exceeded an identified IROL and its associated IROL T
v
or SOL
identified in Requirement R8 as

specified in Requirements R7 and R9 and Measurements
M7 and M9.
If a Balancing Authority, Transmission Operator, Generator Operator, Distribution
Provider, or Load-Serving Entity is found non-compliant, it shall keep information
related to the non-compliance until mitigation is complete and approved or the time
period specified above, whichever is longer.
None.
Page 6 of 10

R1 N/A N/A N/A The responsible entity did not comply
with an identified Reliability Directive
issued by the Transmission Operator,
and such action would not have
violated safety, equipment, regulatory,
or statutory requirements.
R2 N/A N/A N/A The responsible entity did not inform
its Transmission Operator of its
inability to perform an identified
Reliability Directive issued by that
For the Requirement R3, R5, R6, and R8 VSLs only, the intent of the SDT is to start with the Severe VSL first and then to work your way to the left until you find
the situation that fits. In this manner, the VSL will not be discriminatory by size of entity. If a small entity has just one affected reliability entity to inform, the
intent is that that situation would be a Severe violation.
R3 The Transmission Operator did not
inform one other Transmission
Operator, or 5% or less of the
affected Transmission Operators,
whichever is less, that are known
or expected to be affected by an
actual or anticipated Emergency
based on its assessment of its
Operational Planning Analysis.
inform two other Transmission
Operators, or more than 5% and
less than or equal to 10% of the
inform three other Transmission
inform its Reliability Coordinator of an
actual Emergency or an anticipated
Emergency condition based on its
assessment of its Operational
Planning Analysis.
OR
inform four or more other
Transmission Operators, or more than
15% of the affected Transmission
Operators, whichever is less, that are
known or expected to be affected by
an actual or anticipated Emergency
R4 N/A N/A N/A The Transmission Operator did not
render emergency assistance to other
Transmission Operators, as requested
and available, when the requesting
Page 7 of 10

entity had implemented its comparable
emergency procedures, and such
actions would not have violated safety,
equipment, regulatory, or statutory
requirements.
inform one other Transmission
Operator, or 5% or less of the
whichever is less, of its operations
known or expected to result in an
Adverse Reliability Impact on
respective Transmission Operator
Areas when conditions did permit
such communications.
inform two other Transmission
inform three other Transmission
inform its Reliability Coordinator of its
operations known or expected to result
in an Adverse Reliability Impact on
those respective Transmission
Operator Areas when conditions did
permit such communications.
OR
inform four or more other
Transmission Operators, or more than
15% of the affected Transmission
Operators, whichever is less, of its
operations known or expected to result
in an Adverse Reliability Impact on
those respective Transmission
Operator Areas when conditions did
permit such communications.
R6 The responsible entity did not notify
one negatively-impacted
interconnected NERC-registered
entity, or 5% or less of the
negatively impacted NERC
registered entities, whichever is
less, of a planned outage of
telemetering equipment, control
equipment, and associated
communication channels between
the affected entities.
The responsible entity did not notify
two negatively-impacted
entities, or more than 5% and less
equipment, and associated
three negatively-impacted
equipment and associated
The responsible entity did not notify its
Reliability Coordinator of a planned
outage of telemetering equipment,
control equipment, and associated
communication channels.
OR,
four or more negatively-impacted
entities, or more than 15% of the
negatively impacted NERC registered
entities, whichever is less, of a
planned outage of telemetering and
Page 8 of 10

control equipment and associated
communication channels between the
affected entities.
R7 N/A N/A N/A The Transmission Operator exceeded
an identified Interconnection Reliability
Operating Limit (IROL) for a
continuous duration greater than its
associated IROL T
v
.
inform its Reliability Coordinator of
one SOL, or 5% or less of the
SOLs, whichever is less, which,
while not an IROL, has been
identified by the Transmission
Operator as supporting reliability
internal to its Transmission
Operator Area based on its
Planning Analysis.
two SOLs, or more than 5% and
SOLs whichever is less, which,
while not IROLs, have been
identified by the Transmission
Operator as supporting reliability
internal to its Transmission
Operator Area based on its
Planning Analysis.
three SOLs, or more than 10% and
Sols whichever is less, which, while
not IROLs, have been identified by
the Transmission Operator as
supporting reliability internal to its
Transmission Operator Area based
on its assessment of its
inform its Reliability Coordinator of four
or more SOLs, or more than 15% of
the SOLs whichever is less, which,
while not IROLs, have been identified
by the Transmission Operator as
supporting reliability internal to its
Transmission Operator Area based on
its assessment of its Operational
Planning Analysis.
R9 N/A N/A N/A The Transmission Operator exceeded
a System Operating Limit (SOL), as
identified in Requirement R8, for a
continuous duration that would cause
a violation of the Facility Rating or
Stability criteria upon which it is based.
actions being taken to return the
system to within limits when an IROL,
or an SOL identified in Requirement
R8, had been exceeded.
act, or direct others to act, to mitigate
both the magnitude and duration of
Page 9 of 10

exceeding an IROL within the IROLs
T
v,
or of an SOL identified in
Requirement R8.

Page 10 of 10

None identified.
Version History
2 May 9, 2012 Adopted by Board of Trustees; Revisions
pursuant to Project 2007-03
Revised

Standard TOP-002-2.1b Normal Operations Planning

Page 1 of 8

A. Introduction
1. Title: Normal Operations Planning
2. Number: TOP-002-2.1b
3. Purpose: Current operations plans and procedures are essential to being prepared for
reliable operations, including response for unplanned events.
4. Applicability
4.4. Load Serving Entity.

B. Requirements
R1. Each Balancing Authority and Transmission Operator shall maintain a set of current plans that
are designed to evaluate options and set procedures for reliable operation through a reasonable
future time period. In addition, each Balancing Authority and Transmission Operator shall be
responsible for using available personnel and system equipment to implement these plans to
ensure that interconnected system reliability will be maintained.
R2. Each Balancing Authority and Transmission Operator shall ensure its operating personnel
participate in the system planning and design study processes, so that these studies contain the
operating personnel perspective and system operating personnel are aware of the planning
purpose.
R3. Each Load Serving Entity and Generator Operator shall coordinate (where confidentiality
agreements allow) its current-day, next-day, and seasonal operations with its Host Balancing
Authority and Transmission Service Provider. Each Balancing Authority and Transmission
Service Provider shall coordinate its current-day, next-day, and seasonal operations with its
R4. Each Balancing Authority and Transmission Operator shall coordinate (where confidentiality
agreements allow) its current-day, next-day, and seasonal planning and operations with
neighboring Balancing Authorities and Transmission Operators and with its Reliability
Coordinator, so that normal Interconnection operation will proceed in an orderly and consistent
manner.
R5. Each Balancing Authority and Transmission Operator shall plan to meet scheduled system
configuration, generation dispatch, interchange scheduling and demand patterns.
R6. Each Balancing Authority and Transmission Operator shall plan to meet unscheduled changes
in system configuration and generation dispatch (at a minimum N-1 Contingency planning) in
accordance with NERC, Regional Reliability Organization, subregional, and local reliability
requirements.
R7. Each Balancing Authority shall plan to meet capacity and energy reserve requirements,
including the deliverability/capability for any single Contingency.

Page 2 of 8

R8. Each Balancing Authority shall plan to meet voltage and/or reactive limits, including the
deliverability/capability for any single contingency.
R9. Each Balancing Authority shall plan to meet Interchange Schedules and ramps.
R10. Each Balancing Authority and Transmission Operator shall plan to meet all System Operating
Limits (SOLs) and Interconnection Reliability Operating Limits (IROLs).
R11. The Transmission Operator shall perform seasonal, next-day, and current-day Bulk Electric
System studies to determine SOLs. Neighboring Transmission Operators shall utilize identical
SOLs for common facilities. The Transmission Operator shall update these Bulk Electric
System studies as necessary to reflect current system conditions; and shall make the results of
Bulk Electric System studies available to the Transmission Operators, Balancing Authorities
(subject to confidentiality requirements), and to its Reliability Coordinator.
R12. The Transmission Service Provider shall include known SOLs or IROLs within its area and
neighboring areas in the determination of transfer capabilities, in accordance with filed tariffs
and/or regional Total Transfer Capability and Available Transfer Capability calculation
processes.
R13. At the request of the Balancing Authority or Transmission Operator, a Generator Operator shall
perform generating real and reactive capability verification that shall include, among other
variables, weather, ambient air and water conditions, and fuel quality and quantity, and provide
the results to the Balancing Authority or Transmission Operator operating personnel as
requested.
R14. Generator Operators shall, without any intentional time delay, notify their Balancing Authority
and Transmission Operator of changes in capabilities and characteristics including but not
limited to:
R14.1. Changes in real output capabilities.
R15. Generation Operators shall, at the request of the Balancing Authority or Transmission
Operator, provide a forecast of expected real power output to assist in operations planning
(e.g., a seven-day forecast of real output).
R16. Subject to standards of conduct and confidentiality agreements, Transmission Operators shall,
without any intentional time delay, notify their Reliability Coordinator and Balancing
Authority of changes in capabilities and characteristics including but not limited to:
R16.1. Changes in transmission facility status.
R16.2. Changes in transmission facility rating.
R17. Balancing Authorities and Transmission Operators shall, without any intentional time delay,
communicate the information described in the requirements R1 to R16 above to their
R18. Neighboring Balancing Authorities, Transmission Operators, Generator Operators,
Transmission Service Providers and Load Serving Entities shall use uniform line identifiers
when referring to transmission facilities of an interconnected network.
R19. Each Balancing Authority and Transmission Operator shall maintain accurate computer models
utilized for analyzing and planning system operations.
C. Measures
M1. Each Balancing Authority and Transmission Operator shall have and provide upon request
evidence that could include, but is not limited to, documented planning procedures, copies of

Page 3 of 8

current day plans, copies of seasonal operations plans, or other equivalent evidence that will be
used to confirm that it maintained a set of current plans. (Requirement 1 Part 1).
M2. Each Balancing Authority and Transmission Operator shall have and provide upon request
evidence that could include, but is not limited to, copies of current day plans or other
equivalent evidence that will be used to confirm that its plans address Requirements 5, 6, and
10.
M3. Each Balancing Authority shall have and provide upon request evidence that could include, but
is not limited to, copies of current day plans or other equivalent evidence that will be used to
confirm that its plans address Requirements 7, 8, and 9.
M4. Each Transmission Operator shall have and provide upon request evidence that could include,
but is not limited to, its next-day, and current-day Bulk Electric System studies used to
determine SOLs or other equivalent evidence that will be used to confirm that its studies reflect
current system conditions. (Requirement 11 Part 1)
M5. Each Transmission Operator shall have and provide upon request evidence that could include,
communications, or other equivalent evidence that will be used to confirm that the results of
Bulk Electric System studies were made available to the Transmission Operators, Balancing
Authorities (subject to confidentiality requirements), and to its Reliability Coordinator.
M6. Each Generator Operator shall have and provide upon request evidence that, when requested by
either a Transmission Operator or Balancing Authority, it performed a generating real and
reactive capability verification and provided the results to the requesting entity in accordance
with Requirement 13.
M7. Each Generator Operator shall have and provide upon request evidence that could include, but
is not limited to, voice recordings or transcripts of voice recordings, electronic
communications, or other equivalent evidence that will be used to confirm that without any
intentional time delay, it notified its Balancing Authority and Transmission Operator of
changes in real capabilities. (Requirement 14)
M8. Each Generator Operator shall have and provide upon request evidence that could include, but
is not limited to, voice recordings or transcripts of voice recordings, electronic
communications, or other equivalent evidence that will be used to confirm that, on request, it
provided a forecast of expected real power output to assist in operations planning.
(Requirement 15)
M9. Each Transmission Operators shall have and provide upon request evidence that could include,
communications, or other equivalent evidence that will be used to confirm that, without any
intentional time delay, it notified its Balancing Authority and Reliability Coordinator of
changes in capabilities and characteristics. (Requirement16)
M10. Each Balancing Authority, Transmission Operator, Generator Operator, Transmission Service
Provider and Load Serving Entity shall have and provide upon request evidence that could
include, but is not limited to, a list of interconnected transmission facilities and their line
identifiers at each end or other equivalent evidence that will be used to confirm that it used
uniform line identifiers when referring to transmission facilities of an interconnected network.
(Requirement 18)
D. Compliance

Page 4 of 8

days of an event or complaint of noncompliance. The entity will have up to 30
calendar days to prepare for the investigation. An entity may request an extension of
compliance.
1.3. Data Retention
For Measures 1 and 2, each Transmission Operator shall have its current plans and a
rolling 6 months of historical records (evidence).
For Measures 1, 2, and 3 each Balancing Authority shall have its current plans and a
rolling 6 months of historical records (evidence).
For Measure 4, each Transmission Operator shall keep its current plans (evidence).
For Measures 5 and 9, each Transmission Operator shall keep 90 days of historical data
(evidence).
For Measures 6, 7 and 8, each Generator Operator shall keep 90 days of historical data
(evidence).
For Measure 10, each Balancing Authority, Transmission Operator, Generator Operator,
Transmission Service Provider, and Load-serving Entity shall have its current list
interconnected transmission facilities and their line identifiers at each end or other
equivalent evidence as evidence.
longer.
The Compliance Monitor shall keep the last periodic audit report and all supporting
compliance data
None.

Page 5 of 8

2.1. Level 1: Did not use uniform line identifiers when referring to transmission facilities of
an interconnected network as specified in R18.
2.4. Level 4: There shall be a separate Level 4 non-compliance, for every one of the following
requirements that is in violation:
2.4.1 Did not maintain an updated set of current-day plans as specified in R1.
2.4.2 Plans did not meet one or more of the requirements specified in R5 through R10.
3. Levels of Non-Compliance for Transmission Operators
3.3. Level 3: One or more of Bulk Electric System studies were not made available as
specified in R11.
3.4.1 Did not maintain an updated set of current-day plans as specified in R1.
3.4.2 Plans did not meet one or more of the requirements in R5, R6, and R10.
3.4.3 Studies not updated to reflect current system conditions as specified in R11.
3.4.4 Did not notify its Balancing Authority and Reliability Coordinator of changes in
capabilities and characteristics as specified in R16.
4.4.1 Did not verify and provide a generating real and reactive capability verification
and provide the results to the requesting entity as specified in R13.
4.4.2 Did not notify its Balancing Authority and Transmission Operator of changes in
capabilities and characteristics as specified in R14.
4.4.3 Did not provide a forecast of expected real power output to assist in operations
planning as specified in R15.
5. Levels of Non-Compliance for Transmission Service Providers and Load-serving Entities:

Page 6 of 8

None identified.
Version History
2 June 14, 2007 Fixed typo in R11., (subject to Errata )
2a February 10, 2009 Added Appendix 1 Interpretation of R11
approved by BOT on February 10, 2009
Interpretation
2a December 2, 2009 Interpretation of R11 approved by FERC on
December 2, 2009
Same Interpretation
2b November 4, 2010 Added Appendix 2 Interpretation of R10
adopted by the Board of Trustees

2b October 20, 2011 FERC Order issued approving the
Interpretation of R10 (FERCs Order
became effective on October 20, 2011)

2.1b March 8, 2012
(Removed unnecessary language from the
Effective Date section. Deleted retired sub-
requirements from Requirement R14)
Errata
2.1b April 11, 2012
Additional errata adopted by Standards
Committee; (Deleted language from retired
sub-requirement from Measure M7)

Errata
2.1b September 13, 2012
FERC approved
Errata

Page 7 of 8

Appendix 1
Interpretation of Requirement R11
Requirement R11: The Transmission Operator shall perform seasonal, next-day, and current-day Bulk
Electric System studies to determine SOLs. Neighboring Transmission Operators shall utilize identical
SOLs for common facilities. The Transmission Operator shall update these Bulk Electric System studies
as necessary to reflect current system conditions; and shall make the results of Bulk Electric System
studies available to the Transmission Operators, Balancing Authorities (subject to confidentiality
requirements), and to its Reliability Coordinator.
Question #1
Is the Transmission Operator required to conduct a unique study for each operating day, even when the
actual or expected system conditions are identical to other days already studied? In other words, can a
study be used for more than one day?

Requirement R11 mandates that each Transmission Operator review (i.e., study) the state of its
Transmission Operator area both in advance of each day and during each day. Each day must have a
study that can be applied to it, but it is not necessary to generate a unique study for each day. Therefore,
it is acceptable for a Transmission Operator to use a particular study for more than one day.

Question #2
Are there specific actions required to implement a study? In other words, what constitutes a study?

The requirement does not mandate a particular type of review or study. The review or study may be based
on complex computer studies or a manual reasonability review of previously existing study results. The
requirement is designed to ensure the Transmission Operator maintains sensitivity to what is happening or
what is about to happen.

Question #3
Does the term, to determine SOLs as used in the first sentence of Requirement R11 mean the
determination of system operating limits or does it mean the identification of potential SOL
violations?

TOP-002-2 covers real-time and near-real-time studies. Requirement R11 is meant to include both
determining new limits and identifying potential exceedances of pre-defined SOLs. If system
conditions indicate to the Transmission Operator that prior studies and SOLs may be outdated, TOP-002-
2 mandates the Transmission Operator to conduct a study to identify SOLs for the new conditions. If the
Transmission Operator determines that system conditions do not warrant a new study, the primary
purpose of the review is to check that the previously defined (i.e., defined from the current SOLs in use,
or the set defined by the planners) SOLs are not expected to be exceeded. As written, the standard
provides the Transmission Operator discretion regarding when to look for new SOLs and when to rely on
its current set of SOLs.


Page 8 of 8

Appendix 2

R10. Each Balancing Authority and Transmission Operator shall plan to meet all System
Operating Limits (SOLs) and Interconnection Reliability Operating Limits (IROLs).
Clarification needed:
Requirement 10 is proposed to be eliminated in Project 2007-03 because it is redundant
with TOP-004-0 R1, which only applies to TOP not to BA. However, that will not be effective
for more than two years. In the meantime, in Requirement 10 is the requirement of the BA
to plan to maintain load-interchange-generation balance under the direction of the TOPs
meeting all SOLs and IROLs?

Project 2009-27: Response to Request for an Interpretation of TOP-002-2a,
Requirement R10, for Florida Municipal Power Pool
The following interpretation of TOP-002-2a Normal Operations Planning, Requirement R10, was
developed by the Real-time Operations Standard Drafting Team.
R10. Each Balancing Authority and Transmission Operator shall plan to meet all System
Operating Limits (SOLs) and Interconnection Reliability Operating Limits (IROLs).
Question
In Requirement 10, is the requirement of the BA to plan to maintain load-interchange-
generation balance under the direction of the TOPs meeting all SOLs and IROLs?
Response
Yes. As stated in the NERC Glossary of Terms used in Reliability Standards, the Balancing
Authority is responsible for integrating resource plans ahead of time, maintaining load-
interchange-generation balance within a Balancing Authority Area, and supporting
Interconnection frequency in real time. The Balancing Authority does not possess the Bulk
Electric System information necessary to manage transmission flows (MW, MVAR or Ampere) or
voltage. Therefore, the Balancing Authority must follow the directions of the Transmission
Operator to meet all SOLs and IROLs.

Standard TOP-002-3 Operations Planning
Page 1 of 5

A. Introduction
1. Title: Operations Planning
3. Purpose: To ensure that Transmission Operators have plans for operating within specified
limits.
4. Applicability
5. Effective Date: All requirements will become effective the first day of the first calendar
quarter twelve months following applicable regulatory approval. In those jurisdictions where
no regulatory approval is required, the requirements become effective the first day of the first
calendar quarter twelve months following Board of Trustees adoption.
B. Requirements
R1. Each Transmission Operator shall have an Operational Planning Analysis that represents
projected System conditions that will allow it to assess whether the planned operations for
the next day within its Transmission Operator Area will exceed any of its Facility Ratings
or Stability Limits during anticipated normal and Contingency event conditions. [Violation
R2. Each Transmission Operator shall develop a plan to operate within each Interconnection
Reliability Operating Limit (IROL) and each System Operating Limit (SOL) which, while not
an IROL, has been identified by the Transmission Operator as supporting reliability internal to
its Transmission Operator Area, identified as a result of the Operational Planning Analysis
performed in Requirement R1. [Violation Risk Factor: Medium] [Time Horizon: Operations
Planning]
R3. Each Transmission Operator shall notify all NERC registered entities identified in the plan(s)
cited in Requirement R2 as to their role in those plan(s). [Violation Risk Factor: Medium]

C. Measures
M1. Each Transmission Operator shall have evidence of a completed Operational Planning Analysis
in accordance with Requirement R1. Such evidence could include, but is not limited to, dated
power flow study results.
M2. Each Transmission Operator shall have evidence that it has developed a plan to operate within
each IROL and each SOL which, while not an IROL, has been identified by the Transmission
Operator as supporting its internal area reliability, identified as a result of the Operational
Planning Analysis performed in Requirement R1 in accordance with Requirement R2. Such
evidence could include, but it is not limited to, plans for precluding operating in excess of each
IROL and each SOL which, while not an IROL, was identified as a result of the Operational
Planning Analysis.
M3. Each Transmission Operator shall have evidence that it notified all NERC registered entities
identified in the plan(s) cited in Requirement R2 as to their role in the plan(s) in accordance
with Requirement R3. Such evidence could include but is not limited to dated operator logs,
voice recordings, or e-mail records.
Page 2 of 5

D. Compliance
Compliance Audits
Self-Certifications
Spot Checking
Compliance Investigations
Self-Reporting
Complaints
1.3. Data Retention
Each Transmission Operator shall keep data or evidence to show compliance for each
Requirement for a rolling six-month period for analyses, the most recent 90 calendar days
for voice recordings, and 12 months for operating logs and e-mail records, unless directed
by its Compliance Enforcement Authority to retain specific evidence for a longer period
of time as part of an investigation.
If a Transmission Operator is found non-compliant, it shall keep information related to
the non-compliance until found compliant or the time period specified above, whichever
is longer.
None.

Page 3 of 5

not have an Operational Planning
Analysis that represented
projected System conditions
allowing it to assess whether the
planned operations for the next
day within its Transmission
Operator Area will exceed any
of its Facility Ratings or
Stability Limits during
anticipated normal and
Contingency event conditions.
not develop a plan to operate
within those IROLs and each
SOL which, while not an
IROL, has been identified by the
Transmission Operator as
supporting its internal area
reliability, identified as a result
of the Operational Planning
Analysis performed in
Requirement R1.
For the Requirement R3 VSL only, the intent of the SDT is to start with the Severe VSL first and then to work your way to the left until you find the situation
that fits. In this manner, the VSL will not be discriminatory by size of entity. If a small entity has just one affected reliability entity to inform, the intent is that
that situation would be a Severe violation.
R3 The Transmission Operator did
not notify one NERC-registered
entity, or 5% or less of the
not notify two NERC-registered
entities, or more than 5%, and
not notify three NERC-registered
entities, or more than 10% and
not notify four or more NERC-
registered entities, or more
Page 4 of 5

NERC-registered entities,
whichever is less identified in the
plan(s) cited, as to their role in
the plan(s).
whichever is less, identified in
the plan(s) as to their role in the
plan(s).
whichever is less, identified in
the plan(s) as to their role in the
plan(s).
than15% of the NERC-registered
entities identified in the plan(s) as
to their role in the plan(s).
Page 5 of 5

None identified.
Version History
2 May 9, 2012 Changes pursuant to Project 2007-03 Revised

Standard-TOP-003-1 Planned Outage Coordination
Page 1 of 3
A. Introduction
1. Title: Planned Outage Coordination
3. Purpose: Scheduled generator and transmission outages that may affect the reliability of
interconnected operations must be planned and coordinated among Balancing Authorities,
Transmission Operators, and Reliability Coordinators.
4. Applicability
In those jurisdictions where no regulatory approval is required, the standard shall become
months after BOT adoption.
B. Requirements
R1. Generator Operators and Transmission Operators shall provide planned outage information.
R1.1. Each Generator Operator shall provide outage information daily to its Transmission
Operator for scheduled generator outages planned for the next day (any foreseen
outage of a generator greater than 50 MW). The Transmission Operator shall
establish the outage reporting requirements.
R1.2. Each Transmission Operator shall provide outage information daily to affected
Balancing Authorities and Transmission Operators for scheduled generator and bulk
transmission outages planned for the next day (any foreseen outage of a transmission
line or transformer greater than 100 kV or generator greater than 50 MW) that may
collectively cause or contribute to an SOL or IROL violation or a regional operating
area limitation.
R1.3. Such information shall be available by 1200 Central Standard Time for the Eastern
Interconnection and 1200 Pacific Standard Time for the Western Interconnection.
R2. Each Transmission Operator, Balancing Authority, and Generator Operator shall plan and
coordinate scheduled outages of system voltage regulating equipment, such as automatic
voltage regulators on generators, supplementary excitation control, synchronous condensers,
shunt and series capacitors, reactors, etc., among affected Balancing Authorities and
Transmission Operators as required.
R3. Each Transmission Operator, Balancing Authority, and Generator Operator shall plan and
coordinate scheduled outages of telemetering and control equipment and associated
communication channels between the affected areas.
R4. Each Reliability Coordinator shall resolve any scheduling of potential reliability conflicts.
Page 2 of 3
C. Measures
M1. Evidence that the Generator Operator, Transmission Operator, and Balancing Authority
reported and coordinated scheduled outage information as indicated in the requirements above.
D. Compliance
Each Regional Reliability Organization shall conduct a review every three years to ensure that
each responsible entity has a process in place to provide planned generator and/or bulk
transmission outage information to their Reliability Coordinator, and with neighboring
Transmission Operators and Balancing Authorities.
Investigation: At the discretion of the Regional Reliability Organization or NERC, an
investigation may be initiated to review the planned outage process of a monitored entity due
to a complaint of non-compliance by another entity. Notification of an investigation must be
made by the Regional Reliability Organization to the entity being investigated as soon as
possible, but no later than 60 days after the event. The form and manner of the investigation
will be set by NERC and/or the Regional Reliability Organization.
A Reliability Coordinator makes a request for an outage to not be taken because of a
reliability impact on the grid and the outage is still taken. The Reliability Coordinator
must provide all its documentation within three business days to the Regional Reliability
Organization. Each Regional Reliability Organization shall report compliance and
violations to NERC via the NERC Compliance Reporting process.
One calendar year without a violation from the time of the violation.
1.3. Data Retention
One calendar year.
Not specified.
(TBD)
None identified.

Version History
1 Modified R1.2
Modified M1
Revised
Page 3 of 3
Replaced Levels of Non-compliance with the
Feb 28, BOT approved Violation Severity Levels
(VSLs)
1 October 17, 2008 Adopted by NERC Board of Trustees
1 March 17, 2011 Order issued by FERC approving TOP-003-1

Standard TOP-003-2 Operational Reliability Data
Page 1 of 7

A. Introduction
1. Title: Operational Reliability Data
3. Purpose: To ensure that the Transmission Operator and Balancing Authority have the data
needed to fulfill their operational planning and Real-time monitoring responsibilities.
4. Applicability
4.8. Distribution Provider.
5. Effective Date: All requirements, except Requirement R5, will become effective the first
day of the first calendar quarter ten months following applicable regulatory approval. In those
jurisdictions where no regulatory approval is required, all the requirements, except
Requirement R5, become effective the first day of the first calendar quarter ten months
following Board of Trustees adoption. Requirement R5 will become effective the first day of
the first calendar quarter twelve months following applicable regulatory approval. In those
jurisdictions where no regulatory approval is required, Requirement R5 becomes effective the
first day of the first calendar quarter twelve months following Board of Trustees adoption, or
as otherwise made effective pursuant to the laws applicable to such ERO governmental
authorities.

B. Requirements
R1. Each Transmission Operator shall create a documented specification for the data necessary for
it to perform its Operational Planning Analyses and Real-time monitoring. The specification
shall include: [Violation Risk Factor: Low] [Time Horizon: Operations Planning]
1.1. A list of data and information needed by the Transmission Operator to support its
Operational Planning Analyses and Real-time monitoring.
1.2. A mutually-agreeable format.
1.3. A periodicity for providing data.
1.4. The deadline by which the respondent is to provide the indicated data.
R2. Each Balancing Authority shall create a documented specification for the data necessary for it
to perform its analysis functions and Real-time monitoring. The specification shall include:
[Violation Risk Factor: Low] [Time Horizon: Operations Planning]
2.1. A list of data and information needed by the Balancing Authority to support its
analysis functions and Real-time monitoring.
2.2. A mutually-agreeable format.
Page 2 of 7

2.3. A periodicity for providing data.
2.4. The deadline by which the respondent is to provide the indicated data.
R3. Each Transmission Operator shall distribute its data specification, as developed in Requirement
R1,to entities that have data required by the Transmission Operators Operational Planning
Analysis and Real-time monitoring process used in meeting its NERC-mandated reliability
requirements. [Violation Risk Factor: Low] [Time Horizon: Operations Planning]
R4. Each Balancing Authority shall distribute its data specification, as developed in Requirement
R2, to entities that have data required by the Balancing Authoritys analysis functions and
Real-time monitoring process used in meeting its NERC-mandated reliability requirements.
[Violation Risk Factor: Low] [Time Horizon: Operations Planning]
R5. Each Transmission Operator, Balancing Authority, Generator Owner, Generator Operator,
Interchange Authority, Load-Serving Entity, Transmission Owner, and Distribution Provider
receiving a data specification in Requirement R3 or R4 shall satisfy the obligations of the
documented specifications for data. [Violation Risk Factor: Medium] [Time Horizon:

C. Measures
M1. Each Transmission Operator shall make available its dated, current, in-force documented
specification for data in accordance with Requirement R1.
M2. Each Balancing Authority shall make available its dated, current, in-force documented
specification for data in accordance with Requirement R2.
M3. Each Transmission Operator shall make available evidence that it has distributed its data
specification, as developed in Requirement R1, to entities that have data required by the
Transmission Operators Operational Planning Analysis and Real-time monitoring process
used in meeting its NERC-mandated reliability requirements in accordance with Requirement
R3. Such evidence could include, but is not limited to, web postings with an electronic
notice of the posting, dated operator logs, voice recordings, postal receipts showing the
recipient, date and contents, or e-mail records.
M4. Each Balancing Authority shall make available evidence that it has distributed its data
specification, as developed in Requirement R2, to entities that have data required by the
Balancing Authoritys analysis functions and Real-time monitoring process used in meeting its
NERC-mandated reliability requirements, in accordance with Requirement R4. Such evidence
could include, but is not limited to, web postings with an electronic notice of the posting,
dated operator logs, voice recordings, postal receipts showing the recipient, or e-mail records.
M5. Each Transmission Operator, Balancing Authority, Generator Owner, Generator Operator,
Interchange Authority, Load-Serving Entity, Transmission Owner, and Distribution Provider
receiving a data specification in Requirement R3 or R4 shall make available evidence that it
has satisfied the obligations of the documented specifications for data, in accordance with
Requirement R5. Such evidence could include, but is not limited to, electronic or hard copies
of data transmittals or attestations of receiving entities.

D. Compliance
Page 3 of 7

1.1. Compliance Monitoring Process
Compliance Audit
Self-Certification
Spot Checking
Self-Reporting
Complaint
1.3. Data Retention
Each responsible entity shall keep data or evidence to show compliance, as identified
below, unless directed by its Compliance Enforcement Authority to retain specific
Each Transmission Operator shall retain its dated, current, in-force, documented
specification for the data necessary for it to perform their Operational Planning
Analyses and Real-time monitoring, in accordance with Requirement R1 and
Measurement M1, as well as any documents in force since the last compliance
audit.
Each Balancing Authority shall retain its dated, current, in-force, documented
specification for the data necessary for it to perform their analysis functions and
Real-time monitoring, in accordance with Requirement R2 and Measurement
M2, as well as any documents in force since the last compliance audit.
Each Transmission Operator shall retain evidence for three calendar years that it
has distributed its data specification as developed in Requirement R1 to entities
that have data required by the Transmission Operators Operational Planning
Analysis and Real-time monitoring process used in meeting its NERC-mandated
reliability requirements, in accordance with Requirement R3 and Measurement
M3.
Each Balancing Authority shall retain evidence for three calendar years that it has
distributed its data specification as developed in Requirement R2 to entities that
have data required by the Balancing Authoritys analysis functions and Real-time
monitoring process used in meeting its NERC-mandated reliability requirements,
in accordance with Requirement R4 and Measurement M4.
Page 4 of 7

Each Balancing Authority, Generator Owner, Generator Operator, Interchange
Authority, Load-Serving Entity, Transmission Operator, Transmission Owner,
and Distribution Provider receiving a data specification in Requirement R3 or R4
shall retain evidence for the most recent 90 calendar days that it has satisfied the
obligations of the documented specifications for data, in accordance with
Requirement R5 and Measurement M5.

If a responsible entity is found non-compliant, it shall keep information related to the
non-compliance until mitigation is complete and approved or the time period specified
above, whichever is longer.
None

Page 5 of 7

include one of the parts (Part 1.1
through Part 1.4) of the documented
specification for the data necessary
for it to perform its Operational
Planning Analyses and Real-time
monitoring.
include two of the parts (Part 1.1
for it to perform its Operational
monitoring.
not include three of the parts (Part
1.1 through Part 1.4) of the
documented specification for the
data necessary for them to
perform their Operational
monitoring.
include four of the parts (Part 1.1
specification for the data necessary for
them to perform their Operational
monitoring.
OR,
include a documented specification for
the data necessary for it to perform its
Operational Planning Analyses and
Real-time monitoring.
R2 The Balancing Authority did not
include one of the parts (Part 2.1
for it to perform its analysis functions
and Real-time monitoring.
The Balancing Authority did not
include two of the parts (Part 2.1
for it to perform its analysis functions
include three of the parts (Part 2.1
through Part 2.4) of the
documented specification for the
data necessary for them to
perform their analysis functions
The Balancing Authority did not include
four of the parts (Part 2.1 through Part
2.4) of the documented specification for
the data necessary for them to perform
their analysis functions and Real-time
monitoring.
OR,
The Balancing Authority did not include
a documented specification for the data
necessary for it to perform its analysis
functions and Real-time monitoring.
For the Requirement R3 VSL only, the intent of the SDT is to start with the Severe VSL first and then to work your way to the left until you find the situation that fits.
In this manner, the VSL will not be discriminatory by size of entity. If a small entity has just one affected reliability entity to inform, the intent is that that situation
would be a Severe violation.
distribute its data specification, as
developed in Requirement R1 to one
entity, or 5% or less of the entities,
whichever is less, that have data
required by the Transmission
Operators Operational Planning
Analysis and Real-time monitoring
developed in requirement R1 to two
than or equal to10% of the reliability
entities, whichever is less, that have
data required by the Transmission
not distribute its data
specification, as developed in
Requirement R1 to three entities,
or more than 10% and less than
or equal to 15% of the reliability
entities, whichever is less, that
have data required by the
developed in Requirement R1 to four or
more entities, or more than 15% of the
entities, whichever is less, that have
data required by the Transmission
Page 6 of 7

process used in meeting its NERC-
mandated reliability requirements.
Operational Planning Analysis
and Real-time monitoring process
used in meeting its NERC-
For the Requirement R4 VSL only, the intent of the SDT is to start with the Severe VSL first and then to work your way to the left until you find the situation that fits.
In this manner, the VSL will not be discriminatory by size of entity. If a small entity has just one affected reliability entity to inform, the intent is that that situation
would be a Severe violation.
R4 The Balancing Authority did not
developed in Requirement R2 to one
entity, or 5% or less of the entities,
required by the Balancing Authoritys
analysis functions and Real-time
monitoring process used in meeting
its NERC-mandated reliability
requirements.
developed in Requirement R2 to two
than or equal to 10% of the entities,
required by the Balancing Authoritys
analysis functions and Real-time
monitoring process used in meeting
its NERC-mandated reliability
requirements.
developed in Requirement R2 to
three entities, or more than 10%
and less than or equal to 15% of
the entities, whichever is less,
that have data required by the
Balancing Authoritys analysis
functions and Real-time
monitoring process used in
meeting its NERC-mandated
reliability requirements .
developed in Requirement R2 to four or
more entities, or more than 15% of the
entities, whichever is less,that have
data required by the Balancing
Authoritys analysis functions and Real-
time monitoring process used in
meeting its NERC-mandated reliability
requirements.
R5 N/A N/A N/A The responsible entity receiving a data
specification in Requirement R3 or R4
did not satisfy the obligations of the
documented specifications for data.

Page 7 of 7

None identified.

Version History

1 May 9, 2012 Changes pursuant to Project 2007-03 Revised

Effective Date: October 1, 2007
A. Introduction
1. Title: Transmission Operations
3. Purpose: To ensure that the transmission system is operated so that instability,
uncontrolled separation, or cascading outages will not occur as a result of the most severe
single Contingency and specified multiple Contingencies.
4. Applicability:
5. Proposed Effective Date: Twelve months after BOT adoption of FAC-014.
B. Requirements
R1. Each Transmission Operator shall operate within the Interconnection Reliability Operating
Limits (IROLs) and System Operating Limits (SOLs).
R2. Each Transmission Operator shall operate so that instability, uncontrolled separation, or
cascading outages will not occur as a result of the most severe single contingency.
R3. Each Transmission Operator shall operate to protect against instability, uncontrolled
separation, or cascading outages resulting from multiple outages, as specified by its
R4. If a Transmission Operator enters an unknown operating state (i.e. any state for which valid
operating limits have not been determined), it will be considered to be in an emergency and
shall restore operations to respect proven reliable power system limits within 30 minutes.
R5. Each Transmission Operator shall make every effort to remain connected to the
Interconnection. If the Transmission Operator determines that by remaining
interconnected, it is in imminent danger of violating an IROL or SOL, the Transmission
Operator may take such actions, as it deems necessary, to protect its area.
R6. Transmission Operators, individually and jointly with other Transmission Operators, shall
develop, maintain, and implement formal policies and procedures to provide for
transmission reliability. These policies and procedures shall address the execution and
coordination of activities that impact inter- and intra-Regional reliability, including:
R6.1. Monitoring and controlling voltage levels and real and reactive power flows.
R6.2. Switching transmission elements.
R6.3. Planned outages of transmission elements.
R6.4. Responding to IROL and SOL violations.
C. Measures
M1. Each Transmission Operator that enters an unknown operating state for which valid limits
have not been determined, shall have and provide upon request evidence that could include,
electronic communications, alarm program printouts, or other equivalent evidence that will
be used to determine if it restored operations to respect proven reliable power system limits
within 30 minutes as specified in Requirement 4.
M2. Each Transmission Operator shall have and provide upon request current policies and
procedures that address the execution and coordination of activities that impact inter- and
intra-Regional reliability for each of the topics listed in Requirements 6.1 through 6.6.
D. Compliance
compliance.
1.3. Data Retention
Each Transmission Operator shall keep 90 days of historical data for Measure 1.
Each Transmission Operator shall have current, in-force policies and procedures, as
evidence of compliance to Measure 2.
longer.
compliance data
None.
2.2. Level 2: Did not have formal policies and procedures to address one of the topics listed
in R6.1 through R6.4.
2.3. .Level 3: Did not have formal policies and procedures to address two of the topics listed
in R6.1 through R6.4.
2.4.1 Did not restore operations to respect proven reliable power system limits within
30 minutes as specified in R4.
2.4.2 Did not have formal policies and procedures to address three or all of the topics
listed in R6.1 through R6.4.
None identified.
Version History
1 November 1, 2006 Added language from Missing Measures and
Compliance Elements adopted by Board of
Trustees on November 1, 2006
Revised
2 December 19, 2007 Revised to reflect merging of both sets of
changes approved by BOT on November 1,
2006 (Addition of measures and compliance
elements and revisions to R3 and R6 with
conforming changes made as errata to Levels
of Non-compliance)
Revised
Errata

Standard TOP-005-2a Operational Reliability Information
Page 1 of 8
A. Introduction
1. Title: Operational Reliability Information
2. Number: TOP-005-2a
3. Purpose: To ensure reliability entities have the operating data needed to monitor system
conditions within their areas.
4. Applicability
4.3. Purchasing Selling Entities.
5. Proposed Effective Date: In those jurisdictions where no regulatory approval is required,
the standard shall become effective on the latter of either April 1, 2009 or the first day of the
first calendar quarter, three months after BOT adoption.
B. Requirements
R1. As a condition of receiving data from the Interregional Security Network (ISN), each ISN data
recipient shall sign the NERC Confidentiality Agreement for Electric System Reliability
Data.
R2. Upon request, each Balancing Authority and Transmission Operator shall provide to other
Balancing Authorities and Transmission Operators with immediate responsibility for
operational reliability, the operating data that are necessary to allow these Balancing
Authorities and Transmission Operators to perform operational reliability assessments and to
coordinate reliable operations. Balancing Authorities and Transmission Operators shall
provide the types of data as listed in Attachment 1-TOP-005 Electric System Reliability
Data, unless otherwise agreed to by the Balancing Authorities and Transmission Operators
with immediate responsibility for operational reliability.
R3. Each Purchasing-Selling Entity shall provide information as requested by its Host Balancing
Authorities and Transmission Operators to enable them to conduct operational reliability
assessments and coordinate reliable operations.
C. Measures
M1. Evidence that the Balancing Authority, Transmission Operator, and Purchasing-Selling Entity
is providing the information required, within the time intervals specified, and in a format
agreed upon by the requesting entities.
D. Compliance
Self-Certification: Entities shall annually self-certify compliance to the measures as
required by its Regional Reliability Organization.
Exception Reporting: Each Region shall report compliance and violations to NERC via
the NERC compliance reporting process.
Page 2 of 8
Periodic Review: Entities will be selected for operational reviews at least every three
years. One calendar year without a violation from the time of the violation.
1.3. Data Retention
Not specified.
Not specified.

Page 3 of 8
R1 N/A N/A N/A The ISN data recipient failed to
sign the NERC Confidentiality
Agreement for Electric System
Reliability Data.
provide any of the data
requested by other Balancing
Authorities or Transmission
Operators.
N/A N/A The responsible entity failed to
provide all of the data
requested by its host Balancing
Authority or Transmission
Operator.
provide any of the data
requested by other Balancing
Authorities or Transmission
Operators.
provide all of the data
requested by its host Balancing
Authority or Transmission
Operator.
Page 4 of 8
None identified.
Version History
1 Removed the Reliability Coordinator from the
list of responsible functional entities
Deleted R1 and R1.1
Modified M1 to omit the reference to the
Deleted VSLs for R1 and R1.1
Revised
2 October 17,
2008

2a April 21, 2011 Added FERC approved Interpretation
Page 5 of 8
Attachment 1-TOP-005
Electric System Reliability Data
This Attachment lists the types of data that Balancing Authorities, and Transmission Operators are
expected to share with other Balancing Authorities and Transmission Operators.
1. The following information shall be updated at least every ten minutes:
1.1. Transmission data. Transmission data for all Interconnections plus all other facilities
considered key, from a reliability standpoint:
1.1.1 Status.
1.1.2 MW or ampere loadings.
1.1.3 MVA capability.
1.1.4 Transformer tap and phase angle settings.
1.1.5 Key voltages.
1.2. Generator data.
1.2.1 Status.
1.2.2 MW and MVAR capability.
1.2.3 MW and MVAR net output.
1.2.4 Status of automatic voltage control facilities.
1.3. Operating reserve.
1.3.1 MW reserve available within ten minutes.
1.4. Balancing Authority demand.
1.4.1 Instantaneous.
1.5. Interchange.
1.5.1 Instantaneous actual interchange with each Balancing Authority.
1.5.2 Current Interchange Schedules with each Balancing Authority by individual
Interchange Transaction, including Interchange identifiers, and reserve
responsibilities.
1.5.3 Interchange Schedules for the next 24 hours.
1.6. Area Control Error and frequency.
1.6.1 Instantaneous area control error.
1.6.2 Clock hour area control error.
1.6.3 System frequency at one or more locations in the Balancing Authority.
2. Other operating information updated as soon as available.
2.1. Interconnection Reliability Operating Limits and System Operating Limits in effect.
2.2. Forecast of operating reserve at peak, and time of peak for current day and next day.
2.3. Forecast peak demand for current day and next day.
2.4. Forecast changes in equipment status.
Page 6 of 8
2.5. New facilities in place.
2.6. New or degraded special protection systems.
2.7. Emergency operating procedures in effect.
2.8. Severe weather, fire, or earthquake.
2.9. Multi-site sabotage.
Page 7 of 8
Appendix 2

TOP-005-1 Requirement R3
1
Upon request, each Balancing Authority and Transmission Operator shall provide to other Balancing
Authorities and Transmission Operators with immediate responsibility for operational reliability, the
operating data that are necessary to allow these Balancing Authorities and Transmission Operators to
perform operational reliability assessments and to coordinate reliable operations. Balancing Authorities
and Transmission Operators shall provide the types of data as listed in Attachment 1-TOP-005-0 Electric
System Reliability Data, unless otherwise agreed to by the Balancing Authorities and Transmission
Operators with immediate responsibility for operational reliability.

The above-referenced Attachment 1 TOP-005-0 specifies the following data as item 2.6: New or
degraded special protection systems. [Underline added for emphasis.]
IRO-005-1 Requirement R12
Transmission Operator impact (e.g., could potentially affect transmission flows resulting in a SOL or
IROL violation) is armed, the Reliability Coordinators shall be aware of the impact of the operation of
that Special Protection System on inter-area flows. The Transmission Operator shall immediately inform
the Reliability Coordinator of the status of the Special Protection System including any degradation or
potential failure to operate as expected. [Underline added for emphasis.]
PRC-012-0 Requirements R1 and R1.3
Reliability Organization SPS review procedure to ensure that SPSs comply with Regional criteria and
NERC Reliability Standards. The Regional SPS review procedure shall include:
component failure, when the SPS was intended to operate, does not prevent the interconnected
transmission system from meeting the performance requirements defined in Reliability Standards
TPL-001-0, TPL-002-0, and TPL-003-0.
The TOP-005-1 standard focuses on two key obligations. The first key obligation (Requirement R1) is a
responsibility mandate. Requirement R1 establishes who is responsible for the obligation to provide
operating data required by a Reliability Coordinator within the framework of the Reliability
Coordinator requirements defined in the IRO standards. The second key obligation (Requirement R3) is a
performance mandate. Requirement R3 defines the obligation to provide data requested by other
reliability entities that is needed to perform assessments and to coordinate operations.
The Attachment to TOP-005-1 is provided as a guideline of what can be shared. The Attachment is not
an obligation of what must be shared. Enforceable NERC Requirements must be explicitly contained
within a given Standards approved requirements. In this case, the standard only requires data upon
request. If a Reliability Coordinator or other reliability entity were to request data such as listed in the

1
In the current version of the Standard (TOP-005-2a), this requirement is R2.
Page 8 of 8
Attachment, then the entity being asked would be mandated by Requirements R1 and R3 to provide that
data (including item 2.6, whether it is or is not in some undefined degraded state).
IRO-002-1 requires the Reliability Coordinator to have processes in place to support its reliability
obligations (Requirement R2). Requirement R4 mandates that the Reliability Coordinator have
communications processes in place to meet its reliability obligations, and Requirement R5 et al mandate
the Reliability Coordinator to have the tools to carry out these reliability obligations.
IRO-003-2 (Requirements R1 and R2) requires the Reliability Coordinator to monitor the state of its
system.
IRO-004-1 requires that the Reliability Coordinator carry out studies to identify Interconnection
Reliability Operating Limits (Requirement R1) and to be aware of system conditions via monitoring tools
and information exchange.
IRO-005-1 mandates that each Reliability Coordinator monitor predefined base conditions (Requirement
R1), collect additional data when operating limits are or may be exceeded (Requirement R3), and identify
actual or potential threats (Requirement R5). The basis for that request is left to each Reliability
Coordinator. The Purpose statement of IRO-005-1 focuses on the Reliability Coordinators obligation to
be aware of conditions that may have a significant impact upon its area and to communicate that
information to others (Requirements R7 and R9). Please note: it is from this communication that
Transmission Operators and Balancing Authorities would either obtain or would know to ask for SPS
information from another Transmission Operator.
The IRO-005-1 (Requirement R12) standard implies that degraded is a condition that will result in a
failure to operate as designed. If the loss of a communication channel will result in the failure of an SPS
to operate as designed then the Transmission Operator would be mandated to report that information. On
Conclusion
The TOP-005-1 standard does not provide, nor does it require, a definition for the term degraded.
The IRO-005-1 (R12) standard implies that degraded is a condition that will result in a failure of an SPS
to operate as designed. If the loss of a communication channel will result in the failure of an SPS to
operate as designed, then the Transmission Operator would be mandated to report that information. On
To request a formal definition of the term degraded, the Reliability Standards Development Procedure
requires the submittal of a Standards Authorization Request.

Standard TOP-006-2 Monitoring System Conditions
Page 1 of 6
A. Introduction
1. Title: Monitoring System Conditions
3. Purpose: To ensure critical reliability parameters are monitored in real-time.
4. Applicability
5. Proposed Effective Date: In those jurisdictions where no regulatory approval is required,
the standard shall become effective on the latter of either April 1, 2009 or the first day of the
first calendar quarter, three months after BOT adoption.
B. Requirements
R1. Each Transmission Operator and Balancing Authority shall know the status of all generation
and transmission resources available for use.
R1.1. Each Generator Operator shall inform its Host Balancing Authority and the
Transmission Operator of all generation resources available for use.
R1.2. Each Transmission Operator and Balancing Authority shall inform the Reliability
Coordinator and other affected Balancing Authorities and Transmission Operators of
all generation and transmission resources available for use.
R2. Each Reliability Coordinator, Transmission Operator, and Balancing Authority shall monitor
applicable transmission line status, real and reactive power flows, voltage, load-tap-changer
settings, and status of rotating and static reactive resources.
R3. Each Reliability Coordinator, Transmission Operator, and Balancing Authority shall provide
appropriate technical information concerning protective relays to their operating personnel.
R4. Each Transmission Operator, and Balancing Authority shall have information, including
weather forecasts and past load patterns, available to predict the systems near-term load
pattern.
R5. Each Reliability Coordinator, Transmission Operator, and Balancing Authority shall use
monitoring equipment to bring to the attention of operating personnel important deviations in
operating conditions and to indicate, if appropriate, the need for corrective action.
R6. Each Balancing Authority and Transmission Operator shall use sufficient metering of suitable
range, accuracy and sampling rate (if applicable) to ensure accurate and timely monitoring of
operating conditions under both normal and emergency situations.
R7. Each Reliability Coordinator, Transmission Operator, and Balancing Authority shall monitor
system frequency.
C. Measures
Page 2 of 6
M1. The Generator Operator shall have and provide upon request evidence that could include but is
not limited to, operator logs, voice recordings, electronic communications, or other equivalent
evidence that will be used to confirm that it informed its Host Balancing Authority and
Transmission Operator of all generation resources available for use. (Requirement 1.1)
M2. Each Transmission Operator and Balancing Authority shall have and provide upon request
evidence that could include but is not limited to, operator logs, voice recordings, electronic
communications, or other equivalent evidence that will be used to confirm that it informed its
Reliability Coordinator and other affected Balancing Authorities and Transmission Operators
of all generation and transmission resources available for use. (Requirement 1.2)
provide upon request evidence that could include but is not limited to, computer printouts or
other equivalent evidence that will be used to confirm that it monitored each of the applicable
items listed in Requirement 2.
M4. Each Transmission Operator and Balancing Authority shall have and provide upon request
evidence that could include but is not limited to, printouts, training documents, description
documents or other equivalent evidence that will be used to confirm that it has weather
forecasts and past load patterns, available to predict the systems near-term load pattern.
(Requirement 4)
provide upon request evidence that could include but is not limited to, a description of its EMS
alarm capability, training documents, or other equivalent evidence that will be used to confirm
that important deviations in operating conditions and the need for corrective actions will be
brought to the attention of its operators. (Requirement 5)
provide upon request evidence that could include but is not limited to, a list of the frequency
monitoring points available to the shift-operators or other equivalent evidence that will be used to
confirm that it monitors system frequency. (Requirement 7)
D. Compliance
compliance.
Page 3 of 6
1.3. Data Retention
Each Generator Operator shall keep 90 days of historical data (evidence) for Measure 1.
Each Transmission Operator and Balancing Authority shall keep 90 days of historical
data (evidence) for Measure 2.
Each Reliability Coordinator, Transmission Operator and Balancing Authority shall have
current documents as evidence for Measure 3, 5 and 6.
Each Transmission Operator and Balancing Authority shall have current documents as
longer.
compliance data
None.
Page 4 of 6
know the status of all generation
and transmission resources
available for use, even though
said information was reported by
the Generator Operator,
R1.1 N/A N/A N/A The Generator Operator failed to
inform its Host Balancing
Authority and the Transmission
Operator of all generation
resources available for use.
R1.2 N/A N/A N/A The responsible entity failed to
inform the Reliability Coordinator
and other affected Balancing
Authorities and Transmission
Operators of all generation and
transmission resources available
for use.
R2 N/A The responsible entity monitors
the applicable transmission line
status, real and reactive power
flows, voltage, load-tap-changer
settings, but is not aware of the
status of rotating and static
reactive resources.
The responsible entity fails to
monitor all of the applicable
transmission line status, real and
reactive power flows, voltage,
load-tap-changer settings, and
status of all rotating and static
reactive resources.
The responsible entity fails to
monitor any of the applicable
transmission line status, real and
reactive power flows, voltage,
load-tap-changer settings, and
reactive resources.
provide any of the appropriate
technical information concerning
protective relays to their operating
personnel.
provide all of the appropriate
technical information concerning
protective relays to their operating
personnel.
Page 5 of 6
R4 N/A N/A The responsible entity has either
weather forecasts or past load
patterns, available to predict the
systems near-term load pattern,
but not both.
have both weather forecasts and
past load patterns, available to
predict the systems near-term
load pattern.
R5 N/A N/A The responsible entity used
monitoring equipment to bring to
the attention of operating
personnel important deviations in
operating conditions, but does not
have indication of the need for
corrective action.
use monitoring equipment to bring
to the attention of operating
personnel important deviations in
operating conditions.
use sufficient metering of suitable
range, accuracy and sampling
rate (if applicable) to ensure
accurate and timely monitoring of
operating conditions under both
normal and emergency situations.
monitor system frequency.
Page 6 of 6
None identified.
Version History
1 November 1,
2006
2 Modified R4
Modified M4
Modified Data Retention for M4
Replaced Levels of Non-compliance with the
Feb 28, BOT approved Violation Severity
Levels (VSLs)
Revised
2 October 17,
2008

Page 1 of 8
A. Introduction
1. Title: Monitoring System Conditions
3. Purpose: To ensure critical reliability parameters are monitored in real-time.
4. Applicability:
4.1.1 Transmission Operators
4.1.2 Balancing Authorities
4.1.3 Generator Operators
4.1.4 Reliability Coordinators
5. (Proposed) Effective Date: All requirements become effective the first day of the first calendar
quarter following applicable regulatory approval. In those jurisdictions where no regulatory
approval is required, the requirements become effective the first day of the first calendar
quarter following Board of Trustees adoption, or as otherwise made effective pursuant to the
laws applicable to such ERO governmental authorities.
B. Requirements
R1. Each Transmission Operator and Balancing Authority shall know the status of all
generation and transmission resources available for use. [Violation Risk Factor:
Medium] [Time Horizon: Real-time Operations]
R1.1. Each Generator Operator shall inform its Host Balancing Authority and the
Transmission Operator of all generation resources available for use. [Violation
R1.2. Each Transmission Operator shall inform the Reliability Coordinator and other
affected Transmission Operators of all transmission resources available for
use. [Violation Risk Factor: Medium] [Time Horizon: Real-time Operations]

R1.3. Each Balancing Authority shall inform its Reliability Coordinator of all
generation resources available for use. [Violation Risk Factor: Medium] [Time
monitor applicable transmission line status, real and reactive power flows, voltage,
load-tap-changer settings, and status of rotating and static reactive resources. [Violation
provide its operating personnel with appropriate technical information concerning
protective relays within the Reliability Coordinator Area, the Transmission Operator
Transmission Operators deal with
transmission information while
Balancing Authorities deal with
generation information as detailed in
Functional Model v5.
Page 2 of 8
Area, and the Balancing Authority Area, respectively. [Violation Risk Factor: Medium]

R4. Each Transmission Operator, and Balancing Authority shall have information,
including weather forecasts and past load patterns, available to predict the systems
near-term load pattern. [Violation Risk Factor: Medium] [Time Horizon: Real-time
Operations]
use monitoring equipment to bring to the attention of operating personnel important
deviations in operating conditions and to indicate, if appropriate, the need for
corrective action. [Violation Risk Factor: Medium] [Time Horizon: Real-time
Operations]
R6. Each Balancing Authority and Transmission Operator shall use sufficient metering of
suitable range, accuracy and sampling rate (if applicable) to ensure accurate and timely
monitoring of operating conditions under both normal and emergency situations.
monitor system frequency. [Violation Risk Factor: High] [Time Horizon: Real-time
Operations]
C. Measures
M1. The Generator Operator shall have and provide upon request evidence that could
include but is not limited to, operator logs, voice recordings, electronic
communications, or other equivalent evidence that will be used to confirm that it
informed its Host Balancing Authority and Transmission Operator of all generation
resources available for use. (Requirement R1.1)
M2. Each Transmission Operator shall have and provide upon request evidence that could
informed its Reliability Coordinator and other affected Transmission Operators of all
transmission resources available for use. (Requirement R1.2)
M3. Each Balancing Authority shall have and provide upon request evidence that could
informed its Reliability Coordinator of all generation resources available for use.
(Requirement R1.3)
have and provide upon request evidence that could include but is not limited to,
computer printouts or other equivalent evidence that will be used to confirm that it
monitored each of the applicable items listed in Requirement R2.
Entities can only provide information
related to items for which they have
responsibility.
Page 3 of 8
have and provide upon request evidence that could include but is not limited to,
operator logs, voice recordings, electronic communications, operating instructions,
training materials, or other equivalent evidence that will be used to confirm that it
informed its operating personnel of appropriate technical information concerning
protective relays within the Reliability Coordinator Area, the Transmission Operator
Area, and the Balancing Authority Area, respectively. (Requirement R3)
request evidence that could include but is not limited to, printouts, training documents,
description documents or other equivalent evidence that will be used to confirm that it
has weather forecasts and past load patterns, available to predict the systems near-term
load pattern. (Requirement R4)
have and provide upon request evidence that could include but is not limited to, a
description of its EMS alarm capability, training documents, or other equivalent
evidence that will be used to confirm that important deviations in operating conditions
and the need for corrective actions will be brought to the attention of its operators.
(Requirement R5)
have and provide upon request evidence that could include but is not limited to, a list of
the frequency monitoring points available to the shift-operators or other equivalent
evidence that will be used to confirm that it monitors system frequency. (Requirement
R7)
D. Compliance
The Regional Entity shall serve as the Compliance Enforcement Authority (CEA) unless
the applicable entity is owned, operated, or controlled by the Regional Entity. In such
cases the ERO or a Regional Entity approved by FERC or other applicable governmental
authority shall serve as the CEA.
1.2. Data Retention
Each Generator Operator shall keep 90 days of historical data (evidence) for Measure 1.
Each Transmission Operator shall keep 90 days of historical data (evidence) for Measure
2.
Each Balancing Authority shall keep 90 days of historical data (evidence) for Measure 3.
Each Reliability Coordinator, Transmission Operator and Balancing Authority shall have
current documents as evidence for Measure 4, 5, 7 and 8
Each Transmission Operator and Balancing Authority shall have current documents as
longer.
Page 4 of 8
compliance data.
Compliance Audit
Self-Certification
Spot Checking
Self-Reporting
- Complaint
None.
Page 5 of 8

R # Time
Horizon
R1 Real-time
Operations
Medium
N/A N/A N/A The responsible entity
failed to know the status of
all generation and
transmission resources
available for use, even
though said information
was reported by the
Generator Operator,

OR

The Generator Operator
failed to informits Host
Balancing Authority and
the Transmission Operator
of all generation resources
available for use.

OR

failed to informthe
Reliability Coordinator and
other affected Balancing
Authorities and
Transmission Operators of
all generation and
transmission resources
available for use.
Page 6 of 8

R1.1 Real-time
Operations
Medium
N/A N/A N/A N/A
R1.2 Real-time
Operations
Medium
N/A N/A N/A N/A
R1.3 Real-time
Operations
Medium
N/A N/A N/A
failed to inform its
Reliability Coordinator of
all generation resources
available for use.

R2 Real-time
Operations
High
failed to monitor 5% or less
of applicable transmission
line status, real and reactive
power flows, voltage, load-
tap-changer settings, and
reactive resources.
5% up to (and including)
10% of applicable
transmission line status,
real and reactive power
flows, voltage, load-tap-
changer settings, and status
of rotating and static
reactive resources.
15% of applicable
reactive resources.
15% of applicable
reactive resources.
R3 Operations
Planning
Medium
failed to provide 5% or less
of the appropriate technical
information concerning
protective relays to its
operating personnel.
failed to provide more than
10% of the appropriate
technical information
concerning protective
relays to its operating
personnel.
personnel.
personnel.
R4 Operations
Planning,
Same-day
Operations,
Real-time
Medium
N/A N/A The responsible entity has
either weather forecasts or
past load patterns, available
to predict the systems
near-termload pattern, but
not both.
neither weather forecasts
nor past load patterns
available to predict the
systems near-termload
pattern.
Page 7 of 8

Operations
R5 Real-time
Operations
Medium
N/A N/A The responsible entity used
monitoring equipment to
bring to the attention of
operating personnel
important deviations in
operating conditions, but it
does not have indication of
the need for corrective
action.
failed to use monitoring
equipment to bring to the
attention of operating
personnel important
deviations in operating
conditions.
R6 Real-time
Operations
High
failed to use sufficient
metering of suitable range,
accuracy and sampling rate
(if applicable) to ensure
accurate and timely
monitoring of operating
conditions under both
normal and emergency
situations.
R7 Real-time
Operations
High
failed to monitor system
frequency.

8
None.
Version History
1 November 1,
2006
2 Modified R4
Modified M4
Modified Data Retention for M4
the Feb 28, BOT approved Violation
Severity Levels (VSLs)
Revised
2 October 17,
2008
2 March 23, 2011 Order issued by FERC approving TOP-006-
2 (approval effective 5/23/11)

3 November 7,
2012
Adopted by NERC Board of Trustees Changes to bring
document format to new
guidelines.
Added Time Horizons.
Rapid revision to
accommodate
interpretation request for
Requirements R1.2 &
R3. Updates made to the
VSL table.

Standard TOP-007-0 Reporting SOL and IROL Violations
A. Introduction
1. Title: Reporting System Operating Limit (SOL) and Interconnection Reliability
Operating Limit (IROL) Violations
3. Purpose:
This standard ensures SOL and IROL violations are being reported to the Reliability
Coordinator so that the Reliability Coordinator may evaluate actions being taken and direct
additional corrective actions as needed.
4. Applicability:
B. Requirements
R1. A Transmission Operator shall inform its Reliability Coordinator when an IROL or SOL has
been exceeded and the actions being taken to return the system to within limits.
R2. Following a Contingency or other event that results in an IROL violation, the Transmission
Operator shall return its transmission system to within IROL as soon as possible, but not
longer than 30 minutes.
R3. A Transmission Operator shall take all appropriate actions up to and including shedding firm
load, or directing the shedding of firm load, in order to comply with Requirement R2.
R4. The Reliability Coordinator shall evaluate actions taken to address an IROL or SOL violation
and, if the actions taken are not appropriate or sufficient, direct actions required to return the
system to within limits.
C. Measures
M1. Evidence that the Transmission Operator informed the Reliability Coordinator when an IROL
or SOL was exceeded and the actions taken to return the system to within limits.
M2. Evidence that the Transmission Operator returned the system to within IROL within 30
minutes for each incident that an IROL, or SOL that became an IROL due to changed system
conditions, was exceeded.
M3. Evidence that the Reliability Coordinator evaluated actions and provided direction required to
return the system to within limits.
D. Compliance
The Reliability Coordinator shall report any IROL violation exceeding 30 minutes to
the Regional Reliability Organization and NERC within 72 hours. Each Regional
Reliability Organization shall report any such violations to NERC via the NERC
compliance reporting process. The Reliability Coordinator shall report any SOL
violation that has become an IROL violation because of changed system conditions;
i.e. exceeding the limit will require action to prevent:
1.1.1. System instability.
1.1.2. Unacceptable system dynamic response or equipment tripping.
1.1.3. Voltage levels in violation of applicable emergency limits.
1.1.4. Loadings on transmission facilities in violation of applicable emergency
limits.
1.1.5. Unacceptable loss of load based on regional and/or NERC criteria.
The reset period is monthly.
1.3. Data Retention
The data retention period is three months.
2.1. The Transmission Operator did not inform the Reliability Coordinator of an IROL or
an SOL that has become an IROL because of changed system conditions, and the
actions they are taking to return the system to within limits, or
2.2. The Transmission Operator did not take corrective actions as directed by the
Reliability Coordinator to return the system to within the IROL within 30 minutes.
(See Table 1-TOP-007-0 below.)
2.3. The limit violation was reported to the Reliability Coordinator, who did not provide
appropriate direction to the Transmission Operator, resulting in an IROL violation in
excess of 30 minutes duration.

Table 1-TOP-007-0 IROL and SOL Reporting Levels of Non-Compliance
Percentage by which IROL or
SOL that has become an IROL
is exceeded*
Limit exceeded for
more than 30
minutes, up to 35
minutes.
Limit exceeded for
more than 35
minutes, up to 40
minutes.
Limit exceeded for
more than 40
minutes, up to 45
minutes.
Limit exceeded for
more than 45
minutes.
Greater than 0%, up to and
including 5%
Level 1 Level 2 Level 2 Level 3
including 10%
including 15%
including 20%
including 25%
Greater than 25% Level 4 Level 4 Level 4 Level 4
*Percentage used in the left column is the flow measured at the end of the time period (30, 35, 40, or
45 minutes).
None identified.

Version History

WECC Standard TOP-007-WECC-1 System Operating Limits
1
A. Introduction
1. Title: System Operating Limits
2. Number: TOP-007-WECC-1
3. Purpose: When actual flows on Major WECC Transfer Paths exceed System Operating
Limits (SOL), their associated schedules and actual flows are not exceeded for
longer than a specified time.
4. Applicability
4.1. Transmission Operators for the transmission paths in the most current Table
titled Major WECC Transfer Paths in the Bulk Electric System provided at:
http://www.wecc.biz/Standards/Approved%20Standards/Supporting%20Tables/T
able%20Major%20Paths%204-28-08.pdf

B. Requirements
R1. When the actual power flow exceeds an SOL for a Transmission path, the Transmission
Operators shall take immediate action to reduce the actual power flow across the path such
that at no time shall the power flow for the Transmission path exceed the SOL for more than
30 minutes. [Violation Risk Factor: High] [Time Horizon: Real-time Operations]
R2. The Transmission Operator shall not have the Net Scheduled Interchange for power flow over
an interconnection or Transmission path above the paths SOL when the Transmission
Operator implements its real-time schedules for the next hour. For paths internal to a
Transmission Operator Area that are not scheduled, this requirement does not apply. [Violation
R2.1. If the path SOL decreases within 20 minutes before the start of the hour, the
Transmission Operator shall adjust the Net Scheduled Interchange within 30 minutes
to the new SOL value. Net Scheduled Interchange exceeding the new SOL during
this 30-minute period will not be a violation of R2.
C. Measures
M1. Evidence that actual power flow has not exceeded the SOL for the specified time limit in R1.
M2. Evidence that Net Scheduled Interchange has not exceeded the SOL when the Transmission
Operator implements real-time schedules as required by R2.
M2.1. Evidence that Net Scheduled Interchange was at or below the new SOL within 30-
minutes of when the SOL decreased.
D. Compliance
2
Compliance Enforcement Authority may use one or more of the following methods to
assess compliance:
- Self-report for each incident within three-business day
- Self-report quarterly
- Investigations
Reset Period: One calendar month.
1.3 Data Retention
The Transmission Operators shall keep evidence for Measure M.1 through M2 for three
years plus current, or since the last audit, whichever is longer.
For Requirement R1:
2.1. Lower: There shall be a Lower Level of non-compliance for Transmission Operators as
set forth in the table in Attachment 1 TOP-007-WECC-1.
2.2. Moderate: There shall be a Moderate Level of non-compliance for Transmission Operators
as set forth in the table in Attachment 1 TOP-007-WECC-1.
2.3. High: There shall be a High Level of non-compliance for Transmission Operators as set
forth in the table in Attachment 1 TOP-007-WECC-1.
2.4. Severe: There shall be a Severe Level of non-compliance for Transmission Operators as
set forth in the table in Attachment 1 TOP-007-WECC-1.
For Requirement R2:
2.1. Lower: There shall be a Lower Level of non-compliance for Transmission Operators
when the net schedule for power flow over an interconnection or Transmission path is
above the paths SOL but is less than or equal to 105% of the paths SOL.
2.2. Moderate: There shall be a Moderate Level of non-compliance for Transmission Operators
when the net schedule for power flow over an interconnection or Transmission path is
above 105% of the paths SOL but less than or equal to 110% of the paths SOL.
2.3. High: There shall be a High Level of non-compliance for Transmission Operators when
the net schedule for power flow over an interconnection or Transmission path is above
110% of the paths SOL.
2.4 Severe: None

3

TOP-STD-007-0

1 October 29, 2008 Adopted by the Board of Trustees
1 April 21, 2011 Order issued by FERC approving TOP-
27, 2011)

1 June 10, 2013 Modified the VRF for Requirement R1
from "Medium" to "High" and the VRF
for Requirement R2 from "Low" to
"Medium"

4
Attachment 1 TOP-007-WECC-1
Violation Severity Level Table
Percentage by which
SOL is exceeded*
Limit exceeded for
more than 30
minutes, up to 35
minutes
Limit exceeded for
more than 35
minutes, up to 40
minutes
Limit exceeded for
more than 40
minutes, up to 45
minutes
Limit exceeded for
more than 45
minutes
greater than 0%,
up to and
including 5%
Lower Moderate Moderate High
greater than 5%,
up to and
including 10%
Moderate Moderate High High
greater than 10%,
up to and
including 15%
Moderate High High Severe
greater than 15%,
up to and
including 20%
High High Severe Severe
greater than 20%,
up to and
including 25%
High Severe Severe Severe
greater than 25% Severe Severe Severe Severe
Measured after 30 continuous minutes of actual flows in excess of SOL.

Standard TOP-008-1 Response to Transmission Limit Violations
A. Introduction
1. Title: Response to Transmission Limit Violations
3. Purpose: To ensure Transmission Operators take actions to mitigate SOL and IROL
violations.
4. Applicability
B. Requirements
R1. The Transmission Operator experiencing or contributing to an IROL or SOL violation shall
take immediate steps to relieve the condition, which may include shedding firm load.
R2. Each Transmission Operator shall operate to prevent the likelihood that a disturbance, action,
or inaction will result in an IROL or SOL violation in its area or another area of the
Interconnection. In instances where there is a difference in derived operating limits, the
Transmission Operator shall always operate the Bulk Electric System to the most limiting
parameter.
R3. The Transmission Operator shall disconnect the affected facility if the overload on a
transmission facility or abnormal voltage or reactive condition persists and equipment is
endangered. In doing so, the Transmission Operator shall notify its Reliability Coordinator and
all neighboring Transmission Operators impacted by the disconnection prior to switching, if
time permits, otherwise, immediately thereafter.
R4. The Transmission Operator shall have sufficient information and analysis tools to determine
the cause(s) of SOL violations. This analysis shall be conducted in all operating timeframes.
The Transmission Operator shall use the results of these analyses to immediately mitigate the
SOL violation.
C. Measures
M1. The Transmission Operator involved in an SOL or IROL violation shall have and provide upon
request evidence that could include, but is not limited to, operator logs, voice recordings,
electronic communications, alarm program printouts, or other equivalent evidence that will be
used to determine if it took immediate steps to relieve the condition. (Requirement 1)
M2. The Transmission Operator that disconnects an overloaded facility shall have and provide upon
request evidence that could include, but is not limited to, operator logs, voice recordings,
electronic communications, alarm program print outs, or other equivalent evidence that will be
used to determine if it disconnected an overloaded facility in accordance with Requirement 3
Part 1
M3. The Transmission Operator that disconnects an overloaded facility shall have and provide upon
request evidence that could include, but is not limited to, operator logs, voice recordings or
transcripts of voice recordings, electronic communications, or other equivalent evidence that
will be used to determine if it notified its Reliability Coordinator and all neighboring
Transmission Operators impacted by the disconnection prior to switching, if time permitted,
otherwise, immediately thereafter. (Requirement 3 Part 2)
M4. The Transmission Operator shall have and provide upon request evidence that could include,
but is not limited to, computer facilities documents, computer printouts, training documents,
copies of analysis program results, operator logs or other equivalent evidence that will be used
to confirm that it has sufficient information and analysis tools to determine the cause(s) of SOL
violations. (Requirement 4 Part 1)
M5. The Transmission Operator that violates an SOL shall have and provide upon request evidence
that could include, but is not limited to, operator logs, voice recordings or transcripts of voice
recordings, electronic communications, or other equivalent evidence that will be used to
confirm that it used the results of these analyses to immediately mitigate the SOL violation.
D. Compliance
compliance.
1.3. Data Retention
Each Transmission Operator shall keep 90 days of historical data (evidence) for Measure
1, 2 and 3.
Each Transmission Operator shall have current documents as evidence of compliance to
Measures 4 and 5.
longer.
submitted subsequent compliance data
None.
2. Levels of Non-Compliance for Transmission Operator
2.2. Level 2: Disconnected an overloaded facility as specified in R3 but did not notify its
Reliability Coordinator and all neighboring Transmission Operators impacted by the
disconnection prior to switching, or immediately thereafter.
2.4.1 Did not take immediate steps to relieve an IROL or SOL violation in accordance
with R1.
2.4.2 Did not disconnect an overloaded facility as specified in R3.
2.4.3 Does not have sufficient information and analysis tools to determine the cause(s)
of SOL violations. (R4 Part 1)
2.4.4 Did not use the results of analyses to immediately mitigate an SOL violation. (R4
Part 3)
None identified.
Version History
Vers ion Date Action Change Tracking
1 November 1,
2006

Standard TPL-001-0.1 System Performance Under Normal Conditions
Page 1 of 5
A. Introduction
1. Title: System Performance Under Normal (No Contingency) Conditions (Category A)
2. Number: TPL-001-0.1
3. Purpose: System simulations and associated assessments are needed periodically to
ensure that reliable systems are developed that meet specified performance
requirements with sufficient lead time, and continue to be modified or upgraded as
necessary to meet present and future system needs.
4. Applicability:
B. Requirements
R1. The Planning Authority and Transmission Planner shall each demonstrate through a
valid assessment that its portion of the interconnected transmission system is planned
such that, with all transmission facilities in service and with normal (pre-contingency)
operating procedures in effect, the Network can be operated to supply projected
customer demands and projected Firm (non- recallable reserved) Transmission
Services at all Demand levels over the range of forecast system demands, under the
conditions defined in Category A of Table I. To be considered valid, the Planning
Authority and Transmission Planner assessments shall:
R1.1. Be made annually.
R1.2. Be conducted for near-term (years one through five) and longer-term (years six
through ten) planning horizons.
R1.3. Be supported by a current or past study and/or system simulation testing that
addresses each of the following categories, showing system performance
following Category A of Table 1 (no contingencies). The specific elements
selected (from each of the following categories) shall be acceptable to the
associated Regional Reliability Organization(s).
R1.3.1. Cover critical system conditions and study years as deemed
appropriate by the entity performing the study.
R1.3.2. Be conducted annually unless changes to system conditions do not
warrant such analyses.
R1.3.3. Be conducted beyond the five-year horizon only as needed to address
identified marginal conditions that may have longer lead-time
solutions.
R1.3.4. Have established normal (pre-contingency) operating procedures in
place.
R1.3.5. Have all projected firm transfers modeled.
Page 2 of 5
R1.3.6. Be performed for selected demand levels over the range of forecast
system demands.
R1.3.7. Demonstrate that system performance meets Table 1 for Category A
(no contingencies).
R1.3.8. Include existing and planned facilities.
R1.3.9. Include Reactive Power resources to ensure that adequate reactive
resources are available to meet system performance.
R1.4. Address any planned upgrades needed to meet the performance requirements
of Category A.
R2. When system simulations indicate an inability of the systems to respond as prescribed
in Reliability Standard TPL-001-0_R1, the Planning Authority and Transmission
Planner shall each:
R2.1. Provide a written summary of its plans to achieve the required system
performance as described above throughout the planning horizon.
R2.1.1. Including a schedule for implementation.
R2.1.2. Including a discussion of expected required in-service dates of
facilities.
R2.1.3. Consider lead times necessary to implement plans.
R2.2. Review, in subsequent annual assessments, (where sufficient lead time exists),
the continuing need for identified system facilities. Detailed implementation
plans are not needed.
R3. The Planning Authority and Transmission Planner shall each document the results of
these reliability assessments and corrective plans and shall annually provide these to its
respective NERC Regional Reliability Organization(s), as required by the Regional
Reliability Organization.
C. Measures
M1. The Planning Authority and Transmission Planner shall have a valid assessment and
corrective plans as specified in Reliability Standard TPL-001-0_R1 and TPL-001-
0_R2.
M2. The Planning Authority and Transmission Planner shall have evidence it reported
documentation of results of its Reliability Assessments and corrective plans per
Reliability Standard TPL-001-0_R3.
D. Compliance
Each Compliance Monitor shall report compliance and violations to NERC via the NERC
Compliance Reporting Process.
Page 3 of 5
Annually
1.3. Data Retention
None specified.
2.2. Level 2: A valid assessment and corrective plan for the longer-term planning
horizon is not available.
2.4. Level 4: A valid assessment and corrective plan for the near-term planning
1. None identified.

Version History
0
April 1, 2005 Effective Date New
0
February 8, 2005 BOT Approval Revised
0
J une 3, 2005 Fixed reference in M1 to read TPL-001-0 R2.1
and TPL-001-0 R2.2
Errata
0
J uly 24, 2007 Corrected reference in M1. to read TPL-001-0
R1 and TPL-001-0 R2.
Errata
0.1
October 29, 2008 BOT adopted errata changes; updated version
number to 0.1
Errata
0.1
May 13, 2009 FERC Approved Updated Effective Date Revised

Page 4 of 5
Table I. Transmission System Standards Normal and Emergency Conditions

Category
Contingencies System Limits or Impacts

Initiating Event(s) and Contingency
Element(s)
System
Stable and
both Thermal
and Voltage
Limits within
Applicable
Rating
a

Loss of
Demand or
Curtailed Firm
Transfers
Cascading
Outages

A
No Contingencies

All Facilities in Service

Yes

No

No

B
Event resulting in
the loss of a single
element.
Single Line Ground (SLG) or 3-Phase (3)
Fault, with Normal Clearing:
1. Generator
2. Transmission Circuit
3. Transformer
Loss of an Element without a Fault

Yes
Yes
Yes
Yes

No
b

No
b

No
b

No
b

No
No
No
No
Single Pole Block, Normal Clearing
e
:
4. Single Pole (dc) Line

Yes

No
b

No

C
Event(s) resulting
in the loss of two
or more (multiple)
elements.
SLG Fault, with Normal Clearing
e
:
1. Bus Section

2. Breaker (failure or internal Fault)

Yes

Yes

Planned/
Controlled
c

Planned/
Controlled
c

No

No
SLG or 3 Fault, with Normal Clearing
e
,
Manual SystemAdjustments, followed by
another SLG or 3 Fault, with Normal
Clearing
e
:
3. Category B (B1, B2, B3, or B4)
contingency, manual system
adjustments, followed by another
Category B (B1, B2, B3, or B4)
contingency

Yes

Planned/
Controlled
c

No
Bipolar Block, with Normal Clearing
e
:
4. Bipolar (dc) Line Fault (non 3), with
Normal Clearing
e
:

5. Any two circuits of a multiple circuit
towerline
f

Yes

Yes

Planned/
Controlled
c

Planned/
Controlled
c

No

No
SLG Fault, with Delayed Clearing
e
(stuck
breaker or protection systemfailure):
6. Generator

7. Transformer


9. Bus Section

Yes

Yes

Yes

Yes

Planned/
Controlled
c

Planned/
Controlled
c

Planned/
Controlled
c

Planned/
Controlled
c

No

No

No

No
Page 5 of 5

D
d

Extreme event resulting in
two or more (multiple)
elements removed or
Cascading out of service.
3 Fault, with Delayed Clearing
e
(stuck breaker or protection system
failure):
1. Generator 3. Transformer
2. Transmission Circuit 4. Bus Section

3 Fault, with Normal Clearing
e
:

6. Loss of towerline with three or more circuits
7. All transmission lines on a common right-of way
8. Loss of a substation (one voltage level plus transformers)
9. Loss of a switching station (one voltage level plus
transformers)
10. Loss of all generating units at a station
11. Loss of a large Load or major Load center
12. Failure of a fully redundant Special Protection System(or
remedial action scheme) to operate when required
13. Operation, partial operation, or misoperation of a fully
redundant Special Protection System(or Remedial Action
Scheme) in response to an event or abnormal system
condition for which it was not intended to operate
14. Impact of severe power swings or oscillations from
Disturbances in another Regional Reliability Organization.

Evaluate for risks and
consequences.
May involve substantial loss of
customer Demand and
generation in a widespread
area or areas.
Portions or all of the
interconnected systems may
or may not achieve a new,
stable operating point.
Evaluation of these events may
require joint studies with
neighboring systems.

a) Applicable rating refers to the applicable Normal and Emergency facility thermal Rating or systemvoltage limit
as determined and consistently applied by the systemor facility owner. Applicable Ratings may include
Emergency Ratings applicable for short durations as required to permit operating steps necessary to maintain
systemcontrol. All Ratings must be established consistent with applicable NERC Reliability Standards
addressing Facility Ratings.
b) Planned or controlled interruption of electric supply to radial customers or some local Network customers,
connected to or supplied by the Faulted element or by the affected area, may occur in certain areas without
impacting the overall reliability of the interconnected transmission systems. To prepare for the next
contingency, systemadjustments are permitted, including curtailments of contracted Firm(non-recallable
reserved) electric power Transfers.
c) Depending on systemdesign and expected systemimpacts, the controlled interruption of electric supply to
customers (load shedding), the planned removal fromservice of certain generators, and/or the curtailment of
contracted Firm(non-recallable reserved) electric power Transfers may be necessary to maintain the overall
reliability of the interconnected transmission systems.
d) A number of extreme contingencies that are listed under Category D and judged to be critical by the
transmission planning entity(ies) will be selected for evaluation. It is not expected that all possible facility
outages under each listed contingency of Category D will be evaluated.
e) Normal clearing is when the protection systemoperates as designed and the Fault is cleared in the time
normally expected with proper functioning of the installed protection systems. Delayed clearing of a Fault is
due to failure of any protection systemcomponent such as a relay, circuit breaker, or current transformer, and
not because of an intentional design delay.
f) Systemassessments may exclude these events where multiple circuit towers are used over short distances (e.g.,
station entrance, river crossings) in accordance with Regional exemption criteria.
Standard TPL-001-2 Transmission System Planning Performance Requi rements
Adopted by NERC Board of Trustees: August 4, 2011 1
A. Introduction
1. Title: Transmission System Planning Performance Requirements
2. Number: TPL-001-2
3. Purpose: Establish Transmission system planning performance requirements within the
planning horizon to develop a Bulk Electric System (BES) that will operate reliably over a
broad spectrum of System conditions and following a wide range of probable Contingencies.
4. Applicability:
4.1.1. Planning Coordinator.
4.1.2. Transmission Planner.
5. Effective Date: Requirements R1 and R7 as well as the definitions shall become
effective on the first day of the first calendar quarter, 12 months after applicable regulatory
approval. In those jurisdictions where no regulatory approval is required, Requirements R1
and R7 become effective on the first day of the first calendar quarter, 12 months after Board of
Trustees adoption.
Except as indicated below, Requirements R2 through R6 and Requirement R8 shall become
approval. In those jurisdictions where no regulatory approval is required, all requirements,
except as noted below, go into effect on the first day of the first calendar quarter, 24 months
For 84 calendar months beginning the first day of the first calendar quarter following applicable
regulatory approval, or in those jurisdictions where no regulatory approval is required on the
first day of the first calendar quarter 84 months after Board of Trustees adoption, Corrective
Action Plans applying to the following categories of Contingencies and events identified in
TPL-001-2, Table 1 are allowed to include Non-Consequential Load Loss and curtailment of
Firm Transmission Service (in accordance with Requirement R2, Part 2.7.3.) that would not
otherwise be permitted by the requirements of TPL-001-2:
P1-2 (for controlled interruption of electric supply to local network customers
connected to or supplied by the Faulted element)
P2-1
P2-2 (above 300 kV)
P2-3 (above 300 kV)
P3-1 through P3-5
P4-1 through P4-5 (above 300 kV)
P5 (above 300 kV)
B. Requirements
R1. Each Transmission Planner and Planning Coordinator shall maintain System models within its
respective area for performing the studies needed to complete its Planning Assessment. The
models shall use data consistent with that provided in accordance with the MOD-010 and
MOD-012 standards, supplemented by other sources as needed, including items represented in
the Corrective Action Plan, and shall represent projected System conditions. This establishes
Category P0 as the normal System condition in Table 1. [Violation Risk Factor: Medium]
1.1. System models shall represent:
1.1.1. Existing Facilities
1.1.2. Known outage(s) of generation or Transmission Facility(ies) with a duration
of at least six months.
1.1.3. New planned Facilities and changes to existing Facilities
1.1.4. Real and reactive Load forecasts
1.1.5. Known commitments for Firm Transmission Service and Interchange
1.1.6. Resources (supply or demand side) required for Load
R2. Each Transmission Planner and Planning Coordinator shall prepare an annual Planning
Assessment of its portion of the BES. This Planning Assessment shall use current or qualified
past studies (as indicated in Requirement R2, Part 2.6), document assumptions, and document
summarized results of the steady state analyses, short circuit analyses, and Stability analyses.
[Violation Risk Factor: High] [Time Horizon: Long-term Planning]
2.1. For the Planning Assessment, the Near-Term Transmission Planning Horizon portion
of the steady state analysis shall be assessed annually and be supported by current
annual studies or qualified past studies as indicated in Requirement R2, Part 2.6.
Qualifying studies need to include the following conditions:
2.1.1. System peak Load for either Year One or year two, and for year five.
2.1.2. System Off-Peak Load for one of the five years.
2.1.3. P1 events in Table 1, with known outages modeled as in Requirement R1,
Part 1.1.2, under those System peak or Off-Peak conditions when known
outages are scheduled.
2.1.4. For each of the studies described in Requirement R2, Parts 2.1.1 and 2.1.2,
sensitivity case(s) shall be utilized to demonstrate the impact of changes to
the basic assumptions used in the model. To accomplish this, the sensitivity
analysis in the Planning Assessment must vary one or more of the following
conditions by a sufficient amount to stress the System within a range of
credible conditions that demonstrate a measurable change in System
response :
Real and reactive forecasted Load.
Expected transfers.
Expected in service dates of new or modified Transmission Facilities.
Reactive resource capability.
Generation additions, retirements, or other dispatch scenarios.
Controllable Loads and Demand Side Management.
Duration or timing of known Transmission outages.
2.1.5. When an entitys spare equipment strategy could result in the unavailability
of major Transmission equipment that has a lead time of one year or more
(such as a transformer), the impact of this possible unavailability on System
performance shall be studied. The studies shall be performed for the P0, P1,
and P2 categories identified in Table 1 with the conditions that the System is
expected to experience during the possible unavailability of the long lead
time equipment.
2.2. For the Planning Assessment, the Long-Term Transmission Planning Horizon portion
of the steady state analysis shall be assessed annually and be supported by the
following annual current study, supplemented with qualified past studies as indicated
in Requirement R2, Part 2.6:
2.2.1. A current study assessing expected System peak Load conditions for one of
the years in the Long-Term Transmission Planning Horizon and the rationale
for why that year was selected.
2.3. The short circuit analysis portion of the Planning Assessment shall be conducted
annually addressing the Near-Term Transmission Planning Horizon and can be
supported by current or past studies as qualified in Requirement R2, Part 2.6. The
analysis shall be used to determine whether circuit breakers have interrupting
capability for Faults that they will be expected to interrupt using the System short
circuit model with any planned generation and Transmission Facilities in service
which could impact the study area.
of the Stability analysis shall be assessed annually and be supported by current or past
studies as qualified in Requirement R2, Part2.6. The following studies are required:
2.4.1. System peak Load for one of the five years. System peak Load levels shall
include a Load model which represents the expected dynamic behavior of
Loads that could impact the study area, considering the behavior of induction
motor Loads. An aggregate System Load model which represents the overall
dynamic behavior of the Load is acceptable.
credible conditions that demonstrate a measurable change in performance:
Load level, Load forecast, or dynamic Load model assumptions.
Expected transfers.
of the Stability analysis shall be assessed to address the impact of proposed material
generation additions or changes in that timeframe and be supported by current or past
studies as qualified in Requirement R2, Part2.6 and shall include documentation to
support the technical rationale for determining material changes.
2.6. Past studies may be used to support the Planning Assessment if they meet the
following requirements:
2.6.1. For steady state, short circuit, or Stability analysis: the study shall be five
calendar years old or less, unless a technical rationale can be provided to
demonstrate that the results of an older study are still valid.
2.6.2. For steady state, short circuit, or Stability analysis: no material changes have
occurred to the System represented in the study. Documentation to support
the technical rationale for determining material changes shall be included.
2.7. For planning events shown in Table 1, when the analysis indicates an inability of the
System to meet the performance requirements in Table 1, the Planning Assessment
shall include Corrective Action Plan(s) addressing how the performance requirements
will be met. Revisions to the Corrective Action Plan(s) are allowed in subsequent
Planning Assessments but the planned System shall continue to meet the performance
requirements in Table 1. Corrective Action Plan(s) do not need to be developed solely
to meet the performance requirements for a single sensitivity case analyzed in
accordance with Requirements R2, Parts 2.1.4 and 2.4.3. The Corrective Action
Plan(s) shall:
2.7.1. List System deficiencies and the associated actions needed to achieve
required System performance. Examples of such actions include:
Installation, modification, retirement, or removal of Transmission and
generation Facilities and any associated equipment.
Installation, modification, or removal of Protection Systems or Special
Protection Systems
Installation or modification of automatic generation tripping as a
response to a single or multiple Contingency to mitigate Stability
performance violations.
Installation or modification of manual and automatic generation
runback/tripping as a response to a single or multiple Contingency to
mitigate steady state performance violations.
Use of Operating Procedures specifying how long they will be needed
as part of the Corrective Action Plan.
Use of rate applications, DSM, new technologies, or other initiatives.
2.7.2. Include actions to resolve performance deficiencies identified in multiple
sensitivity studies or provide a rationale for why actions were not necessary.
2.7.3. If situations arise that are beyond the control of the Transmission Planner or
Planning Coordinator that prevent the implementation of a Corrective Action
Plan in the required timeframe, then the Transmission Planner or Planning
Coordinator is permitted to utilize Non-Consequential Load Loss and
curtailment of Firm Transmission Service to correct the situation that would
normally not be permitted in Table 1, provided that the Transmission Planner
or Planning Coordinator documents that they are taking actions to resolve the
situation. The Transmission Planner or Planning Coordinator shall
document the situation causing the problem, alternatives evaluated, and the
use of Non-Consequential Load Loss or curtailment of Firm Transmission
Service.
2.7.4. Be reviewed in subsequent annual Planning Assessments for continued
validity and implementation status of identified System Facilities and
Operating Procedures.
2.8. For short circuit analysis, if the short circuit current interrupting duty on circuit
breakers determined in Requirement R2, Part 2.3 exceeds their Equipment Rating, the
Planning Assessment shall include a Corrective Action Plan to address the Equipment
Rating violations. The Corrective Action Plan shall:
required System performance.
R3. For the steady state portion of the Planning Assessment, each Transmission Planner and
Planning Coordinator shall perform studies for the Near-Term and Long-Term Transmission
Planning Horizons in Requirement R2, Parts 2.1, and 2.2. The studies shall be based on
computer simulation models using data provided in Requirement R1. [Violation Risk Factor:
3.1. Studies shall be performed for planning events to determine whether the BES meets
the performance requirements in Table 1 based on the Contingency list created in
3.2. Studies shall be performed to assess the impact of the extreme events which are
identified by the list created in Requirement R3, Part 3.5.
3.3. Contingency analyses for Requirement R3, Parts 3.1 & 3.2 shall:
3.3.1. Simulate the removal of all elements that the Protection System and other
automatic controls are expected to disconnect for each Contingency without
operator intervention. The analyses shall include the impact of subsequent:
3.3.1.1. Tripping of generators where simulations show generator bus
voltages or high side of the generation step up (GSU) voltages
are less than known or assumed minimum generator steady state
or ride through voltage limitations. Include in the assessment
any assumptions made.
3.3.1.2. Tripping of Transmission elements where relay loadability limits
are exceeded.
3.3.2. Simulate the expected automatic operation of existing and planned devices
designed to provide steady state control of electrical system quantities when
such devices impact the study area. These devices may include equipment
such as phase-shifting transformers, load tap changing transformers, and
switched capacitors and inductors.
3.4. Those planning events in Table 1, that are expected to produce more severe System
impacts on its portion of the BES, shall be identified and a list of those Contingencies
to be evaluated for System performance in Requirement R3, Part 3.1 created. The
rationale for those Contingencies selected for evaluation shall be available as
supporting information.
3.4.1. The Planning Coordinator and Transmission Planner shall coordinate with
adjacent Planning Coordinators and Transmission Planners to ensure that
Contingencies on adjacent Systems which may impact their Systems are
included in the Contingency list.
3.5. Those extreme events in Table 1 that are expected to produce more severe System
impacts shall be identified and a list created of those events to be evaluated in
Requirement R3, Part 3.2. The rationale for those Contingencies selected for
evaluation shall be available as supporting information. If the analysis concludes
there is Cascading caused by the occurrence of extreme events, an evaluation of
possible actions designed to reduce the likelihood or mitigate the consequences and
adverse impacts of the event(s) shall be conducted.
R4. For the Stability portion of the Planning Assessment, as described in Requirement R2, Parts 2.4
and 2.5, each Transmission Planner and Planning Coordinator shall perform the Contingency
analyses listed in Table 1. The studies shall be based on computer simulation models using
data provided in Requirement R1. [Violation Risk Factor: Medium] [Time Horizon: Long-
term Planning]
4.1.1. For planning event P1: No generating unit shall pull out of synchronism. A
generator being disconnected from the System by fault clearing action or by
a Special Protection System is not considered pulling out of synchronism.
4.1.2. For planning events P2 through P7: When a generator pulls out of
synchronism in the simulations, the resulting apparent impedance swings
shall not result in the tripping of any Transmission system elements other
than the generating unit and its directly connected Facilities.
4.1.3. For planning events P1 through P7: Power oscillations shall exhibit
acceptable damping as established by the Planning Coordinator and
4.3. Contingency analyses for Requirement R4, Parts 4.1 and 4.2 shall :
4.3.1.1. Successful high speed (less than one second) reclosing and
unsuccessful high speed reclosing into a Fault where high speed
reclosing is utilized.
voltages or high side of the GSU voltages are less than known or
assumed generator low voltage ride through capability. Include
in the assessment any assumptions made.
4.3.1.3. Tripping of Transmission lines and transformers where transient
swings cause Protection System operation based on generic or
actual relay models.
designed to provide dynamic control of electrical system quantities when
such as generation exciter control and power system stabilizers, static var
compensators, power flow controllers, and DC Transmission controllers.
4.4. Those planning events in Table 1 that are expected to produce more severe System
impacts on its portion of the BES, shall be identified, and a list created of those
Contingencies to be evaluated in Requirement R4, Part 4.1. The rationale for those
Contingencies selected for evaluation shall be available as supporting information.
4.4.1. Each Planning Coordinator and Transmission Planner shall coordinate with
possible actions designed to reduce the likelihood or mitigate the consequences of the
event(s) shall be conducted.
R5. Each Transmission Planner and Planning Coordinator shall have criteria for acceptable System
steady state voltage limits, post-Contingency voltage deviations, and the transient voltage
response for its System. For transient voltage response, the criteria shall at a minimum, specify
a low voltage level and a maximum length of time that transient voltages may remain below
that level. [Violation Risk Factor: Medium] [Time Horizon: Long-term Planning]
R6. Each Transmission Planner and Planning Coordinator shall define and document, within their
Planning Assessment, the criteria or methodology used in the analysis to identify System
instability for conditions such as Cascading, voltage instability, or uncontrolled islanding.
[Violation Risk Factor: Lower] [Time Horizon: Long-term Planning]
R7. Each Planning Coordinator, in conjunction with each of its Transmission Planners, shall
determine and identify each entitys individual and joint responsibilities for performing the
required studies for the Planning Assessment. [Violation Risk Factor: Lower] [Time Horizon:
Long-term Planning]
R8. Each Planning Coordinator and Transmission Planner shall distribute its Planning Assessment
results to adjacent Planning Coordinators and adjacent Transmission Planners within 90
calendar days of completing its Planning Assessment, and to any functional entity that has a
reliability related need and submits a written request for the information within 30 days of such
a request. [Violation Risk Factor: Medium] [Time Horizon: Long-term Planning]
8.1. If a recipient of the Planning Assessment results provides documented comments on
the results, the respective Planning Coordinator or Transmission Planner shall provide
a documented response to that recipient within 90 calendar days of receipt of those
comments.

Table 1 Steady State & Stability Performance Planning Events
Steady State & Stabi lity:
a. The System shall remain stable. Cascading and uncontrolled islanding shall not occur.
b. Consequential Load Loss as well as generation loss is acceptable as a consequence of any event excluding P0.
c. Simulate the removal of all elements that Protection Systems and other controls are expected to automatically disconnect for each event.
d. Simulate Normal Clearing unless otherwise specified.
e. Planned System adjustments such as Transmission configuration changes and re-dispatch of generation are allowed if such adjustments are executable within the time
duration applicable to the Facility Ratings.
Steady State Onl y:
f. Applicable Facility Ratings shall not be exceeded.
g. System steady state voltages and post-Contingency voltage deviations shall be within acceptable limits as established by the Planning Coordinator and the Transmission
Planner.
h. Planning event P0 is applicable to steady state only.
i. The response of voltage sensitive Load that is disconnected from the System by end-user equipment associated with an event shall not be used to meet steady state
performance requirements.
Stability Onl y:
j. Transient voltage response shall be within acceptable limits established by the Planning Coordinator and the Transmission Planner.
Category Initial Condition Event
1
Fault Type
2
BES Level
3

Interruption of Firm
Transmission
Service Allowed
4

Non-Consequential
Load Loss Allowed
P0
No Contingency
Normal System None N/A EHV, HV No No
P1
Single
Contingency
Normal System
Loss of one of the following:
1. Generator
3. Transformer
5

4. Shunt Device
6

3
EHV, HV No
9
No
12

5. Single Pole of a DC line SLG
P2
Single
Contingency
Normal System
1. Opening of a line section w/o a fault
7
N/A EHV, HV No
9
No
12

2. Bus Section Fault SLG
EHV No
9
No
HV Yes Yes
3. Internal Breaker Fault
8

(non-Bus-tie Breaker)
SLG
EHV No
9
No
HV Yes Yes
4. Internal Breaker Fault (Bus-tie Breaker)
8
SLG EHV, HV Yes Yes
Category Initial Condition

Event
1

Fault Type
2
BES Level
3

Transmission
Service Allowed
4

Non-Consequential
Load Loss Allowed
P3
Multiple
Contingency
Loss of generator unit
followed by System
adjustments
9

1. Generator
3. Transformer
5

4. Shunt Device
6

3
EHV, HV

No
9

No
12

5. Single pole of a DC line SLG
P4
Multiple
Contingency
(Fault plus stuck
breaker
10
)
Normal System
Loss of multiple elements caused by a stuck
breaker
10
(non-Bus-tie Breaker) attempting to
clear a Fault on one of the following:
1. Generator
3. Transformer
5

4. Shunt Device
6

5. Bus Section
SLG

EHV No
9
No
HV Yes Yes
6. Loss of multiple elements caused by a
stuck breaker
10
(Bus-tie Breaker)
attempting to clear a Fault on the
associated bus
SLG EHV, HV Yes Yes
P5
Multiple
Contingency
(Fault plus relay
failure to
operate)
Normal System
Delayed Fault Clearing due to the failure of a
non-redundant relay
13
protecting the Faulted
element to operate as designed, for one of
the following:
1. Generator
3. Transformer
5

4. Shunt Device
6

5. Bus Section
SLG

EHV No
9
No
HV Yes Yes
P6
Multiple
Contingency
(Two
overlapping
singles)
Loss of one of the
following followed by
System adjustments.
9

2. Transformer
5

3. Shunt Device
6

4. Single pole of a DC line
2. Transformer
5

3. Shunt Device
6

3
EHV, HV Yes Yes
SLG EHV, HV Yes Yes

Event
1

Fault Type
2
BES Level
3

Transmission
Service Allowed
4

Non-Consequential
Load Loss Allowed
P7
Multiple
Contingency
(Common
Structure)
Normal System
The loss of:
1. Any two adjacent (vertically or
horizontally) circuits on common
structure
11

2. Loss of a bipolar DC line
SLG EHV, HV Yes Yes


Table 1 Steady State & Stability Performance Extreme Events
Steady State & Stabi lity
For all extreme events evaluated:
a. Simulate the removal of all elements that Protection Systems and automatic controls are expected to disconnect for each Contingency.
b. Simulate Normal Clearing unless otherwise specified.
Steady State
1. Loss of a single generator, Transmission Circuit, single pole of a DC
Line, shunt device, or transformer forced out of service followed by
another single generator, Transmission Circuit, single pole of a
different DC Line, shunt device, or transformer forced out of service
prior to System adjustments.
2. Local area events affecting the Transmission System such as:
a. Loss of a tower line with three or more circuits.
11

b. Loss of all Transmission lines on a common Right-of-Way
11
.
c. Loss of a switching station or substation (loss of one voltage
level plus transformers).
d. Loss of all generating units at a generating station.
e. Loss of a large Load or major Load center.
3. Wide area events affecting the Transmission System based on
System topology such as:
a. Loss of two generating stations resulting from conditions such
as:
i. Loss of a large gas pipeline into a region or multiple
regions that have significant gas-fired generation.
ii. Loss of the use of a large body of water as the cooling
source for generation.
iii. Wildfires.
iv. Severe weather, e.g., hurricanes, tornadoes, etc.
v. A successful cyber attack.
vi. Shutdown of a nuclear power plant(s) and related
facilities for a day or more for common causes such
as problems with similarly designed plants.
b. Other events based upon operating experience that may
result in wide area disturbances.
Stability
1. With an initial condition of a single generator, Transmission circuit,
single pole of a DC line, shunt device, or transformer forced out of
service, apply a 3 fault on another single generator, Transmission
circuit, single pole of a different DC line, shunt device, or transformer
2. Local or wide area events affecting the Transmission System such as:
a. 3 fault on generator with stuck breaker
10
or a relay failure
13

resulting in Delayed Fault Clearing.
b. 3 fault on Transmission circuit with stuck breaker
10
or a relay
failure
13
c. 3 fault on transformer with stuck breaker
10
or a relay failure
13

d. 3 fault on bus section with stuck breaker
10
or a relay failure
13

e. 3 internal breaker fault.
f. Other events based upon operating experience, such as
consideration of initiating events that experience suggests may
result in wide area disturbances


Table 1 Steady State & Stability Performance Footnotes
(Planning Events and Extreme Events)
1. If the event analyzed involves BES elements at multiple System voltage levels, the lowest System voltage level of the element(s) removed for the analyzed
event determines the stated performance criteria regarding allowances for interruptions of Firm Transmission Service and Non-Consequential Load Loss.
2. Unless specified otherwise, simulate Normal Clearing of faults. Single line to ground (SLG) or three-phase (3) are the fault types that must be evaluated in
Stability simulations for the event described. A 3 or a double line to ground fault study indicating the criteria are being met is sufficient evidence that a SLG
condition would also meet the criteria.
3. Bulk Electric System (BES) level references include extra-high voltage (EHV) Facilities defined as greater than 300kV and high voltage (HV) Facilities defined
as the 300kV and lower voltage Systems. The designation of EHV and HV is used to distinguish between stated performance criteria allowances for
interruption of Firm Transmission Service and Non-Consequential Load Loss.
4. Curtailment of Conditional Firm Transmission Service is allowed when the conditions and/or events being studied formed the basis for the Conditional Firm
5. For non-generator step up transformer outage events, the reference voltage, as used in footnote 1, applies to the low-side winding (excluding tertiary
windings). For generator and Generator Step Up transformer outage events, the reference voltage applies to the BES connected voltage (high-side of the
Generator Step Up transformer). Requirements which are applicable to transformers also apply to variable frequency transformers and phase shifting
transformers.
6. Requirements which are applicable to shunt devices also apply to FACTS devices that are connected to ground.
7. Opening one end of a line section without a fault on a normally networked Transmission circuit such that the line is possibly serving Load radial from a single
source point.
8. An internal breaker fault means a breaker failing internally, thus creating a System fault which must be cleared by protection on both sides of the breaker.
9. An objective of the planning process should be to minimize the likelihood and magnitude of interruption of Firm Transmission Service following Contingency
events. Curtailment of Firm Transmission Service is allowed both as a System adjustment (as identified in the column entitled Initial Condition) and a
corrective action when achieved through the appropriate re-dispatch of resources obligated to re-dispatch, where it can be demonstrated that Facilities,
internal and external to the Transmission Planners planning region, remain within applicable Facility Ratings and the re-dispatch does not result in any Non-
Consequential Load Loss. Where limited options for re-dispatch exist, sensitivities associated with the availability of those resources should be considered.
10. A stuck breaker means that for a gang-operated breaker, all three phases of the breaker have remained closed. For an independent pole operated (IPO) or
an independent pole tripping (IPT) breaker, only one pole is assumed to remain closed. A stuck breaker results in Delayed Fault Clearing.
11. Excludes circuits that share a common structure (Planning event P7, Extreme event steady state 2a) or common Right-of-Way (Extreme event, steady state
2b) for 1 mile or less.
12. An objective of the planning process should be to minimize the likelihood and magnitude of Non-Consequential Load Loss following Contingency events.
However, in limited circumstances Non-Consequential Load Loss may be needed to address BES performance requirements. When Non-Consequential
Load Loss is utilized within the planning process to address BES performance requirements, such interruption is limited to circumstances where the Non-
Consequential Load Loss is documented, including alternatives evaluated; and where the utilization of Non-Consequential Load Loss is subject to review in
an open and transparent stakeholder process that includes addressing stakeholder comments.
13. Applies to the following relay functions or types: pilot (#85), distance (#21), differential (#87), current (#50, 51, and 67), voltage (#27 & 59), directional (#32, &
67), and tripping (#86, & 94).
Adopted by NERC Board of Trustees: August 4, 2011

C. Measures
M1. Each Transmission Planner and Planning Coordinator shall provide evidence, in electronic or
hard copy format, that it is maintaining System models within their respective area, using data
consistent with MOD-010 and MOD-012, including items represented in the Corrective Action
Plan, representing projected System conditions, and that the models represent the required
information in accordance with Requirement R1.
M2. Each Transmission Planner and Planning Coordinator shall provide dated evidence, such as
electronic or hard copies of its annual Planning Assessment, that it has prepared an annual
Planning Assessment of its portion of the BES in accordance with Requirement R2.
electronic or hard copies of the studies utilized in preparing the Planning Assessment, in
electronic or hard copies of the studies utilized in preparing the Planning Assessment in
M5. Each Transmission Planner and Planning Coordinator shall provide dated evidence such as
electronic or hard copies of the documentation specifying the criteria for acceptable System
response for its System in accordance with Requirement R5.
electronic or hard copies of documentation specifying the criteria or methodology used in the
analysis to identify System instability for conditions such as Cascading, voltage instability, or
uncontrolled islanding that was utilized in preparing the Planning Assessment in accordance
M7. Each Planning Coordinator, in conjunction with each of its Transmission Planners, shall
provide dated documentation on roles and responsibilities, such as meeting minutes,
agreements, and e-mail correspondence that identifies that agreement has been reached on
individual and joint responsibilities for performing the required studies and Assessments in
M8. Each Planning Coordinator and Transmission Planner shall provide evidence, such as email
notices, documentation of updated web pages, postal receipts showing recipient and date; or a
demonstration of a public posting, that it has distributed its Planning Assessment results to
adjacent Planning Coordinators and adjacent Transmission Planners within 90 days of having
completed its Planning Assessment, and to any functional entity who has indicated a reliability
need within 30 days of a written request and that the Planning Coordinator or Transmission
Planner has provided a documented response to comments received on Planning Assessment
results within 90 calendar days of receipt of those comments in accordance with Requirement
R8.
D. Compliance
Regional Entity
1.2 Compliance Monitoring Period and Reset Timeframe
Not applicable.
Adopted by NERC Board of Trustees: August 4, 2011
Compliance Audits
Self-Certifications
Spot Checking
Self-Reporting
Complaints
1.4 Data Retention
The Transmission Planner and Planning Coordinator shall each retain data or evidence to
show compliance as identified unless directed by its Compliance Enforcement Authority
to retain specific evidence for a longer period of time as part of an investigation:
The models utilized in the current in-force Planning Assessment and one
previous Planning Assessment in accordance with Requirement R1 and Measure
M1.
The Planning Assessments performed since the last compliance audit in
accordance with Requirement R2 and Measure M2.
The studies performed in support of its Planning Assessments since the last
compliance audit in accordance with Requirement R3 and Measure M3.
The documentation specifying the criteria for acceptable System steady state
voltage limits, post-Contingency voltage deviations, and transient voltage
response since the last compliance audit in accordance with Requirement R5 and
Measure M5.
The documentation specifying the criteria or methodology utilized in the analysis
to identify System instability for conditions such as Cascading, voltage
instability, or uncontrolled islanding in support of its Planning Assessments since
the last compliance audit in accordance with Requirement R6 and Measure M6.
The current, in force documentation for the agreement(s) on roles and
responsibilities, as well as documentation for the agreements in force since the
last compliance audit, in accordance with Requirement R7 and Measure M7.
The Planning Coordinator shall retain data or evidence to show compliance as identified
Three calendar years of the notifications employed in accordance with
Requirement R8 and Measure M8.
If a Transmission Planner or Planning Coordinator is found non-compliant, it shall keep
information related to the non-compliance until found compliant or the time periods

None
R1 The responsible entitys System
model failed to represent one of the
Requirement R1, Parts 1.1.1
through 1.1.6.
The responsible entitys System
model failed to represent two of the
Requirement R1, Parts 1.1.1 through
1.1.6.

model failed to represent three of the
1.1.6.

The responsible entitys System model
failed to represent four or more of the
1.1.6.
OR
did not represent projected System
conditions as described in Requirement
R1.
OR
did not use data consistent with that
provided in accordance with the MOD-
010 and MOD-012 standards and other
sources, including items represented in
the Corrective Action Plan.
comply with Requirement R2, Part
2.6.
comply with Requirement R2, Part 2.3
or Part 2.8.
comply with one of the following
Parts of Requirement R2: Part 2.1,
Part 2.2, Part 2.4, Part 2.5, or Part
2.7.
The responsible entity failed to comply
with two or more of the following Parts
of Requirement R2: Part 2.1, Part 2.2,
Part 2.4, or Part 2.7.
OR
The responsible entity does not have a
completed annual Planning
Assessment.
R3 The responsible entity did not
identify planning events as
described in Requirement R3, Part
3.4 or extreme events as described
in Requirement R3, Part 3.5.
The responsible entity did not perform
studies as specified in Requirement
R3, Part 3.1 to determine that the
BES meets the performance
requirements for one of the categories
(P2 through P7) in Table 1.
perform studies as specified in
determine that the BES meets the
performance requirements for two of
the categories (P2 through P7) in
studies as specified in Requirement R3,
Part 3.1 to determine that the BES
meets the performance requirements
for three or more of the categories (P2
through P7) in Table 1.
OR
R3, Part 3.2 to assess the impact of
extreme events.

Table 1.
OR
perform Contingency analysis as
3.3.
OR
studies to determine that the BES
for the P0 or P1 categories in Table 1.
OR
The responsible entity did not base its
studies on computer simulation models
using data provided in Requirement R1.
OR
extreme events.
Table 1.
OR
4.3.
OR
R5 N/A N/A N/A The responsible entity does not have
criteria for acceptable System steady
state voltage limits, post-Contingency
voltage deviations, or the transient
voltage response for its System.
R6 N/A N/A N/A The responsible entity failed to define
and document the criteria or
methodology for System instability used
within its analysis as described in
Requirement R6.
conjunction with each of its
Transmission Planners, failed to
determine and identify individual or joint
responsibilities for performing required
studies.
R8 The responsible entity distributed its
Planning Assessment results to
adjacent Planning Coordinators and
adjacent Transmission Planners but
it was more than 90 days but less
than or equal to 120 days following
its completion.
OR,
The responsible entity distributed its
functional entities having a reliability
related need who requested the
Planning Assessment in writing but
the request.
adjacent Transmission Planners but it
was more than 120 days but less than
or equal to 130 days following its
completion.
OR,
Planning Assessment in writing but it
or equal to 50 days following the
request.
its completion.
OR,
request.
was more than 140 days following its
completion.
OR
The responsible entity did not distribute
its Planning Assessment results to
adjacent Transmission Planners.
OR
was more than 60 days following the
request.
OR
Planning Assessment in writing.

None.

Version History
0 June 3, 2005 Fixed reference in M1 to read TPL-001-0 R2.1
and TPL-001-0 R2.2
Errata
0 July 24, 2007 Corrected reference in M1. to read TPL-001-0
Errata
0.1 October 29, 2008 BOT adopted errata changes; updated version number
to 0.1
Errata
0.1 May 13, 2009 FERC Approved Updated Effective Date and Footer Revised
1 Approved by
Board of Trustees
February 17, 2011
Revised footnote b pursuant to FERC Order RM06-
16-009
Revised (Project 2010-
11)
2 August 4, 2011 Revision of TPL-001-1; includes merging and
upgrading requirements of TPL-001-0, TPL-002-0,
TPL-003-0, and TPL-004-0 into one, single,
comprehensive, coordinated standard: TPL-001-2; and
retirement of TPL-005-0 and TPL-006-0.
Project 2006-02
complete revision

Standard TPL-001-3 System Performance Under Normal Conditions
Page 1 of 10
A. Introduction
1. Title: System Performance Under Normal (No Contingency) Conditions (Category A)
3. Purpose: System simulations and associated assessments are needed periodically to ensure
that reliable systems are developed that meet specified performance requirements with
sufficient lead time, and continue to be modified or upgraded as necessary to meet present
and future system needs.
4. Applicability:
5. Effective Date: The application of revised Footnote b in Table 1 will take effect on the
first day of the first calendar quarter, 60 months after approval by applicable regulatory
authorities. In those jurisdictions where regulatory approval is not required, the effective
date will be the first day of the first calendar quarter, 60 months after Board of Trustees
adoption or as otherwise made effective pursuant to the laws applicable to such ERO
governmental authorities. All other requirements remain in effect per previous approvals.
The existing Footnote b remains in effect until the revised Footnote b becomes
effective.
B. Requirements
R1. The Planning Authority and Transmission Planner shall each demonstrate through a
valid assessment that its portion of the interconnected transmission system is planned
such that, with all transmission facilities in service and with normal (pre-contingency)
operating procedures in effect, the Network can be operated to supply projected
customer demands and projected Firm (non- recallable reserved) Transmission
Services at all Demand levels over the range of forecast system demands, under the
conditions defined in Category A of Table I. To be considered valid, the Planning
Authority and Transmission Planner assessments shall:
addresses each of the following categories, showing system performance
following Category A of Table 1 (no contingencies). The specific elements
selected (from each of the following categories) shall be acceptable to the
associated Regional Reliability Organization(s).
R1.3.1. Cover critical system conditions and study years as deemed
appropriate by the entity performing the study.
R1.3.2. Be conducted annually unless changes to system conditions do not
warrant such analyses.
Page 2 of 10
identified marginal conditions that may have longer lead-time
solutions.
R1.3.4. Have established normal (pre-contingency) operating procedures in
place.
R1.3.6. Be performed for selected demand levels over the range of forecast
system demands.
R1.3.7. Demonstrate that system performance meets Table 1 for Category A
(no contingencies).
R1.3.9. Include Reactive Power resources to ensure that adequate reactive
resources are available to meet system performance.
R1.4. Address any planned upgrades needed to meet the performance requirements
of Category A.
R2. When system simulations indicate an inability of the systems to respond as prescribed
in Reliability Standard TPL-001-3_R1, the Planning Authority and Transmission
Planner shall each:
R2.1. Provide a written summary of its plans to achieve the required system
performance as described above throughout the planning horizon.
R2.1.2. Including a discussion of expected required in-service dates of
facilities.
R2.2. Review, in subsequent annual assessments, (where sufficient lead time exists),
the continuing need for identified system facilities. Detailed implementation
plans are not needed.
R3. The Planning Authority and Transmission Planner shall each document the results of
these reliability assessments and corrective plans and shall annually provide these to its
respective NERC Regional Reliability Organization(s), as required by the Regional
Reliability Organization.
C. Measures
corrective plans as specified in Reliability Standard TPL-001-3_R1 and TPL-001-
3_R2.
documentation of results of its Reliability Assessments and corrective plans per
Reliability Standard TPL-001-3_R3.

Page 3 of 10
D. Compliance
Each Compliance Monitor shall report compliance and violations to NERC via
the NERC
Annually
1.3. Data Retention
None specified.
2.2. Level 2: A valid assessment and corrective plan for the longer-term planning
2.4. Level 4: A valid assessment and corrective plan for the near-term planning
1. None identified.

Version History

0 J une 3, 2005 Fixed reference in M1 to read TPL-001-0 R2.1
and TPL-001-0 R2.2
Errata
0 J uly 24, 2007 Corrected reference in M1. to read TPL-001-0
Errata
0.1 October 29, 2008 BOT adopted errata changes; updated version
number to 0.1
Errata
0.1 May 13, 2009 FERC Approved Updated Effective Date and
Footer
Revised
Page 4 of 10
1 Approved by
Board of
Trustees
February 17,
2011
Revised footnote b pursuant to FERC Order
RM06-16-009
11)
upgrading requirements of TPL-001-0, TPL-002-
0, TPL-003-0, and TPL-004-0 into one, single,
comprehensive, coordinated standard: TPL-001-2;
and retirement of TPL-005-0 and TPL-006-0.
Project 2006-02
complete revision
1 April 19, 2012 FERC issued Order 762 remanding TPL-001-1,
TPL-002-1b, TPL-003-1a, and TPL-004-1. FERC
also issued a NOPR proposing to remand TPL-
001-2. NERC has been directed to revise footnote
'b' in accordance with the directives of Order Nos.
762 and 693.

3 February 7, 2013 Adopted by the NERC Board of Trustees.
TPL-001-3 was created after the Board of Trustees
approved the revised footnote b in TPL-002-2b,
which was balloted and appended to: TPL-001-
0.1, TPL-002-0b, TPL-003-0a, and TPL-004-0.

Page 5 of 10

Category

Element(s)
System
Stable and
both Thermal
and Voltage
Limits within
Applicable
Rating
a

Loss of
Demand or
Curtailed Firm
Transfers
Cascading
Outages

A
No Contingencies


Yes

No

No

B
Event resulting in
element.
Single Line Ground (SLG) or 3-Phase (3)
Fault, with Normal Clearing:
1. Generator
3. Transformer
Loss of an Element without a Fault

Yes
Yes
Yes
Yes

No
b

No
b

No
b

No
b

No
No
No
No
e
:

Yes

No
b

No

C
Event(s) resulting
in the loss of two
or more (multiple)
elements.
e
:
1. Bus Section


Yes

Yes

Planned/
Controlled
c

Planned/
Controlled
c

No

No
e
,
Manual SystemAdjustments, followed by
another SLG or 3 Fault, with Normal
Clearing
e
:
contingency, manual system
adjustments, followed by another
Category B (B1, B2, B3, or B4)
contingency

Yes

Planned/
Controlled
c

No
e
:
Normal Clearing
e
:

towerline
f

Yes

Yes

Planned/
Controlled
c

Planned/
Controlled
c

No

No
e
(stuck
breaker or protection systemfailure):
6. Generator

7. Transformer


9. Bus Section

Yes

Yes

Yes

Yes

Planned/
Controlled
c

Planned/
Controlled
c

Planned/
Controlled
c

Planned/
Controlled
c

No

No

No

No
Page 6 of 10

D
d

elements removed or
Cascading out of service.
e
failure):

e
:

9. Loss of a switching station (one voltage level plus
transformers)
13. Operation, partial operation, or misoperation of a fully
redundant Special Protection System(or Remedial Action
Scheme) in response to an event or abnormal system
condition for which it was not intended to operate
14. Impact of severe power swings or oscillations from
Disturbances in another Regional Reliability Organization.

consequences.
customer Demand and
area or areas.

a) Applicable rating refers to the applicable Normal and Emergency facility thermal Rating or system voltage limit
as determined and consistently applied by the system or facility owner. Applicable Ratings may include
Emergency Ratings applicable for short durations as required to permit operating steps necessary to maintain
system control. All Ratings must be established consistent with applicable NERC Reliability Standards
addressing Facility Ratings.
b) An objective of the planning process is to minimize the likelihood and magnitude of interruption of firm
transfers or Firm Demand following Contingency events. Curtailment of firm transfers is allowed when
achieved through the appropriate re-dispatch of resources obligated to re-dispatch, where it can be demonstrated
that Facilities, internal and external to the Transmission Planners planning region, remain within applicable
Facility Ratings and the re-dispatch does not result in the shedding of any Firm Demand. For purposes of this
footnote, the following are not counted as Firm Demand: (1) Demand directly served by the Elements removed
from service as a result of the Contingency, and (2) Interruptible Demand or Demand-Side Management Load.
In limited circumstances, Firm Demand may be interrupted throughout the planning horizon to ensure that BES
performance requirements are met. However, when interruption of Firm Demand is utilized within the Near-
Term Transmission Planning Horizon to address BES performance requirements, such interruption is limited to
circumstances where the use of Firm Demand interruption meets the conditions shown in Attachment 1. In no
case can the planned Firm Demand interruption under footnote b exceed 75 MW for US registered entities.
The amount of planned Non-Consequential Load Loss for a non-US Registered Entity should be implemented
in a manner that is consistent with, or under the direction of, the applicable governmental authority or its agency
in the non-US jurisdiction.
c)Depending on system design and expected system impacts, the controlled interruption of electric supply to
customers (load shedding), the planned removal from service of certain generators, and/or the curtailment of
contracted Firm (non-recallable reserved) electric power Transfers may be necessary to maintain the overall
reliability of the interconnected transmission systems.
d) A number of extreme contingencies that are listed under Category D and judged to be critical by the
transmission planning entity(ies) will be selected for evaluation. It is not expected that all possible facility
outages under each listed contingency of Category D will be evaluated.
Page 7 of 10
e) Normal clearing is when the protection system operates as designed and the Fault is cleared in the time
normally expected with proper functioning of the installed protection systems. Delayed clearing of a Fault is
due to failure of any protection system component such as a relay, circuit breaker, or current transformer, and
not because of an intentional design delay.
f) System assessments may exclude these events where multiple circuit towers are used over short distances (e.g.,
station entrance, river crossings) in accordance with Regional exemption criteria.
Page 8 of 10
Attachment 1
I. Stakeholder Process

During each Planning Assessment before the use of Firm Demand interruption under
footnote b is allowed as an element of a Corrective Action Plan in the Near-Term
Transmission Planning Horizon of the Planning Assessment, the Transmission Planner or
Planning Coordinator shall ensure that the utilization of footnote b is reviewed through
an open and transparent stakeholder process. The responsible entity can utilize an
existing process or develop a new process. The process must include the following:

1. Meetings must be open to affected stakeholders including applicable regulatory
authorities or governing bodies responsible for retail electric service issues
2. Notice must be provided in advance of meetings to affected stakeholders
including applicable regulatory authorities or governing bodies responsible for
retail electric service issues and include an agenda with:
a. Date, time, and location for the meeting
b. Specific location(s) of the planned Firm Demand interruption under
footnote b
c. Provisions for a stakeholder comment period
3. Information regarding the intended purpose and scope of the proposed Firm
Demand interruption under footnote b (as shown in Section II below) must be
made available to meeting participants
4. A procedure for stakeholders to submit written questions or concerns and to
receive written responses to the submitted questions and concerns
5. A dispute resolution process for any question or concern raised in #4 above that is
not resolved to the stakeholders satisfaction
An entity does not have to repeat the stakeholder process for a specific application of
footnote b utilization with respect to subsequent Planning Assessments unless
conditions spelled out in Section II below have materially changed for that specific
application.

II. Information for Inclusion in Item #3 of the Stakeholder Process
The responsible entity shall document the planned use of Firm Demand interruption
under footnote b which must include the following:
1. Conditions under which Firm Demand interruption under footnote b would be
necessary:
a. System Load level and estimated annual hours of exposure at or above that
Load level
b. Applicable Contingencies and the Facilities outside their applicable rating
due to that Contingency
Page 9 of 10
2. Amount of Firm Demand MW to be interrupted with:
a. The estimated number and type of customers affected
b. An explanation of the effect of the use of Firm Demand interruption under
footnote b on the health, safety, and welfare of the community
3. Estimated frequency of Firm Demand interruption under footnote b based on
historical performance
4. Expected duration of Firm Demand interruption under footnote b based on
5. Future plans to alleviate the need for Firm Demand interruption under footnote b
6. Verification that TPL Reliability Standards performance requirements will be met
following the application of footnote b
7. Alternatives to Firm Demand interruption considered and the rationale for not
selecting those alternatives under footnote b
8. Assessment of potential overlapping uses of footnote b including overlaps with
adjacent Transmission Planners and Planning Coordinators

III. Instances for which Regulatory Review of Interruptions of Firm Demand under
Footnote b is Required
Before a Firm Demand interruption under footnote b is allowed as an element of a
Corrective Action Plan in Year One of the Planning Assessment, the Transmission
Planner or Planning Coordinator must ensure that the applicable regulatory authorities or
governing bodies responsible for retail electric service issues do not object to the use of
Firm Demand interruption under footnote b if either:
1. The voltage level of the Contingency is greater than 300 kV
a. If the Contingency analyzed involves BES Elements at multiple System
voltage levels, the lowest System voltage level of the element(s) removed
for the analyzed Contingency determines the stated performance criteria
regarding allowances for Firm Demand interruptions under footnote b,
or
b. For a non-generator step up transformer outage Contingency, the 300 kV
limit applies to the low-side winding (excluding tertiary windings). For a
generator or generator step up transformer outage Contingency, the 300
kV limit applies to the BES connected voltage (high-side of the Generator
Step Up transformer)
2. The planned Firm Demand interruption under footnote b is greater than or equal
to 25 MW

Once assurance has been received that the applicable regulatory authorities or governing
bodies responsible for retail electric service issues do not object to the use of Firm
Page 10 of 10
Demand interruption under footnote b, the Planning Coordinator or Transmission
Planner must submit the information outlined in items II.1 through II.8 above to the ERO
for a determination of whether there are any Adverse Reliability Impacts caused by the
request to utilize footnote b for Firm Demand interruption.

Standard TPL-001-4 Transmission System Planning Performance Requirements
1
A. Introduction
1. Title: Transmission System Planning Performance Requirements
3. Purpose: Establish Transmission system planning performance requirements within the
planning horizon to develop a Bulk Electric System (BES) that will operate reliably over a
broad spectrum of System conditions and following a wide range of probable Contingencies.
4. Applicability:
4.1.1. Planning Coordinator.
4.1.2. Transmission Planner.
5. Effective Date: Requirements R1 and R7 as well as the definitions shall become effective on
the first day of the first calendar quarter, 12 months after applicable regulatory approval. In
those jurisdictions where regulatory approval is not required, Requirements R1 and R7 become
effective on the first day of the first calendar quarter, 12 months after Board of Trustees
adoption or as otherwise made effective pursuant to the laws applicable to such ERO
Except as indicated below, Requirements R2 through R6 and Requirement R8 shall become
approval. In those jurisdictions where regulatory approval is not required, all requirements,
except as noted below, go into effect on the first day of the first calendar quarter, 24 months
after Board of Trustees adoption or as otherwise made effective pursuant to the laws
applicable to such ERO governmental authorities.
For 84 calendar months beginning the first day of the first calendar quarter following applicable
regulatory approval, or in those jurisdictions where regulatory approval is not required on the
first day of the first calendar quarter 84 months after Board of Trustees adoption or as
otherwise made effective pursuant to the laws applicable to such ERO governmental
authorities, Corrective Action Plans applying to the following categories of Contingencies and
events identified in TPL-001-4, Table 1 are allowed to include Non-Consequential Load Loss
and curtailment of Firm Transmission Service (in accordance with Requirement R2, Part 2.7.3.)
that would not otherwise be permitted by the requirements of TPL-001-4:
P2-1
P2-2 (above 300 kV)
P2-3 (above 300 kV)
P3-1 through P3-5
P4-1 through P4-5 (above 300 kV)
P5 (above 300 kV)

2
B. Requirements
R1. Each Transmission Planner and Planning Coordinator shall maintain System models within its
respective area for performing the studies needed to complete its Planning Assessment. The
models shall use data consistent with that provided in accordance with the MOD-010 and
MOD-012 standards, supplemented by other sources as needed, including items represented in
the Corrective Action Plan, and shall represent projected System conditions. This establishes
Category P0 as the normal System condition in Table 1. [Violation Risk Factor: Medium]
1.1. System models shall represent:
1.1.1. Existing Facilities
1.1.2. Known outage(s) of generation or Transmission Facility(ies) with a duration
of at least six months.
1.1.3. New planned Facilities and changes to existing Facilities
1.1.4. Real and reactive Load forecasts
1.1.5. Known commitments for Firm Transmission Service and Interchange
1.1.6. Resources (supply or demand side) required for Load
R2. Each Transmission Planner and Planning Coordinator shall prepare an annual Planning
Assessment of its portion of the BES. This Planning Assessment shall use current or qualified
past studies (as indicated in Requirement R2, Part 2.6), document assumptions, and document
summarized results of the steady state analyses, short circuit analyses, and Stability analyses.
[Violation Risk Factor: High] [Time Horizon: Long-term Planning]
of the steady state analysis shall be assessed annually and be supported by current
annual studies or qualified past studies as indicated in Requirement R2, Part 2.6.
Qualifying studies need to include the following conditions:
2.1.1. System peak Load for either Year One or year two, and for year five.
2.1.3. P1 events in Table 1, with known outages modeled as in Requirement R1,
Part 1.1.2, under those System peak or Off-Peak conditions when known
outages are scheduled.
credible conditions that demonstrate a measurable change in System
response :
Real and reactive forecasted Load.
Expected transfers.
3
Controllable Loads and Demand Side Management.
Duration or timing of known Transmission outages.
2.1.5. When an entitys spare equipment strategy could result in the unavailability
of major Transmission equipment that has a lead time of one year or more
(such as a transformer), the impact of this possible unavailability on System
performance shall be studied. The studies shall be performed for the P0, P1,
and P2 categories identified in Table 1 with the conditions that the System is
expected to experience during the possible unavailability of the long lead
time equipment.
of the steady state analysis shall be assessed annually and be supported by the
following annual current study, supplemented with qualified past studies as indicated
in Requirement R2, Part 2.6:
2.2.1. A current study assessing expected System peak Load conditions for one of
the years in the Long-Term Transmission Planning Horizon and the rationale
for why that year was selected.
2.3. The short circuit analysis portion of the Planning Assessment shall be conducted
annually addressing the Near-Term Transmission Planning Horizon and can be
supported by current or past studies as qualified in Requirement R2, Part 2.6. The
analysis shall be used to determine whether circuit breakers have interrupting
capability for Faults that they will be expected to interrupt using the System short
circuit model with any planned generation and Transmission Facilities in service
which could impact the study area.
of the Stability analysis shall be assessed annually and be supported by current or past
studies as qualified in Requirement R2, Part2.6. The following studies are required:
2.4.1. System peak Load for one of the five years. System peak Load levels shall
include a Load model which represents the expected dynamic behavior of
Loads that could impact the study area, considering the behavior of induction
motor Loads. An aggregate System Load model which represents the overall
dynamic behavior of the Load is acceptable.
credible conditions that demonstrate a measurable change in performance:
Load level, Load forecast, or dynamic Load model assumptions.
Expected transfers.
4
of the Stability analysis shall be assessed to address the impact of proposed material
generation additions or changes in that timeframe and be supported by current or past
studies as qualified in Requirement R2, Part2.6 and shall include documentation to
support the technical rationale for determining material changes.
2.6. Past studies may be used to support the Planning Assessment if they meet the
following requirements:
2.6.1. For steady state, short circuit, or Stability analysis: the study shall be five
calendar years old or less, unless a technical rationale can be provided to
demonstrate that the results of an older study are still valid.
2.6.2. For steady state, short circuit, or Stability analysis: no material changes have
occurred to the System represented in the study. Documentation to support
the technical rationale for determining material changes shall be included.
2.7. For planning events shown in Table 1, when the analysis indicates an inability of the
System to meet the performance requirements in Table 1, the Planning Assessment
shall include Corrective Action Plan(s) addressing how the performance requirements
will be met. Revisions to the Corrective Action Plan(s) are allowed in subsequent
Planning Assessments but the planned System shall continue to meet the performance
requirements in Table 1. Corrective Action Plan(s) do not need to be developed solely
to meet the performance requirements for a single sensitivity case analyzed in
accordance with Requirements R2, Parts 2.1.4 and 2.4.3. The Corrective Action
Plan(s) shall:
required System performance. Examples of such actions include:
Installation, modification, retirement, or removal of Transmission and
generation Facilities and any associated equipment.
Installation, modification, or removal of Protection Systems or Special
Protection Systems
Installation or modification of automatic generation tripping as a
response to a single or multiple Contingency to mitigate Stability
performance violations.
Installation or modification of manual and automatic generation
runback/tripping as a response to a single or multiple Contingency to
mitigate steady state performance violations.
Use of Operating Procedures specifying how long they will be needed
as part of the Corrective Action Plan.
Use of rate applications, DSM, new technologies, or other initiatives.
2.7.2. Include actions to resolve performance deficiencies identified in multiple
sensitivity studies or provide a rationale for why actions were not necessary.
2.7.3. If situations arise that are beyond the control of the Transmission Planner or
Planning Coordinator that prevent the implementation of a Corrective Action
Plan in the required timeframe, then the Transmission Planner or Planning
Coordinator is permitted to utilize Non-Consequential Load Loss and
curtailment of Firm Transmission Service to correct the situation that would
normally not be permitted in Table 1, provided that the Transmission Planner
5
or Planning Coordinator documents that they are taking actions to resolve the
situation. The Transmission Planner or Planning Coordinator shall
document the situation causing the problem, alternatives evaluated, and the
use of Non-Consequential Load Loss or curtailment of Firm Transmission
Service.
2.8. For short circuit analysis, if the short circuit current interrupting duty on circuit
breakers determined in Requirement R2, Part 2.3 exceeds their Equipment Rating, the
Planning Assessment shall include a Corrective Action Plan to address the Equipment
Rating violations. The Corrective Action Plan shall:
required System performance.
R3. For the steady state portion of the Planning Assessment, each Transmission Planner and
Planning Coordinator shall perform studies for the Near-Term and Long-Term Transmission
Planning Horizons in Requirement R2, Parts 2.1, and 2.2. The studies shall be based on
computer simulation models using data provided in Requirement R1. [Violation Risk Factor:
3.3. Contingency analyses for Requirement R3, Parts 3.1 & 3.2 shall:
voltages or high side of the generation step up (GSU) voltages
are less than known or assumed minimum generator steady state
or ride through voltage limitations. Include in the assessment
any assumptions made.
3.3.1.2. Tripping of Transmission elements where relay loadability limits
are exceeded.
designed to provide steady state control of electrical system quantities when
such as phase-shifting transformers, load tap changing transformers, and
switched capacitors and inductors.
3.4. Those planning events in Table 1, that are expected to produce more severe System
impacts on its portion of the BES, shall be identified and a list of those Contingencies
6
to be evaluated for System performance in Requirement R3, Part 3.1 created. The
rationale for those Contingencies selected for evaluation shall be available as
supporting information.
3.4.1. The Planning Coordinator and Transmission Planner shall coordinate with
possible actions designed to reduce the likelihood or mitigate the consequences and
adverse impacts of the event(s) shall be conducted.
R4. For the Stability portion of the Planning Assessment, as described in Requirement R2, Parts 2.4
and 2.5, each Transmission Planner and Planning Coordinator shall perform the Contingency
analyses listed in Table 1. The studies shall be based on computer simulation models using
data provided in Requirement R1. [Violation Risk Factor: Medium] [Time Horizon: Long-
term Planning]
4.1.1. For planning event P1: No generating unit shall pull out of synchronism. A
generator being disconnected from the System by fault clearing action or by
a Special Protection System is not considered pulling out of synchronism.
4.1.2. For planning events P2 through P7: When a generator pulls out of
synchronism in the simulations, the resulting apparent impedance swings
shall not result in the tripping of any Transmission system elements other
than the generating unit and its directly connected Facilities.
4.1.3. For planning events P1 through P7: Power oscillations shall exhibit
acceptable damping as established by the Planning Coordinator and
4.3. Contingency analyses for Requirement R4, Parts 4.1 and 4.2 shall :
4.3.1.1. Successful high speed (less than one second) reclosing and
unsuccessful high speed reclosing into a Fault where high speed
reclosing is utilized.
voltages or high side of the GSU voltages are less than known or
assumed generator low voltage ride through capability. Include
in the assessment any assumptions made.
7
4.3.1.3. Tripping of Transmission lines and transformers where transient
swings cause Protection System operation based on generic or
actual relay models.
designed to provide dynamic control of electrical system quantities when
such as generation exciter control and power system stabilizers, static var
compensators, power flow controllers, and DC Transmission controllers.
4.4. Those planning events in Table 1 that are expected to produce more severe System
impacts on its portion of the BES, shall be identified, and a list created of those
Contingencies to be evaluated in Requirement R4, Part 4.1. The rationale for those
Contingencies selected for evaluation shall be available as supporting information.
4.4.1. Each Planning Coordinator and Transmission Planner shall coordinate with
possible actions designed to reduce the likelihood or mitigate the consequences of the
event(s) shall be conducted.
R5. Each Transmission Planner and Planning Coordinator shall have criteria for acceptable System
response for its System. For transient voltage response, the criteria shall at a minimum, specify
a low voltage level and a maximum length of time that transient voltages may remain below
that level. [Violation Risk Factor: Medium] [Time Horizon: Long-term Planning]
R6. Each Transmission Planner and Planning Coordinator shall define and document, within their
Planning Assessment, the criteria or methodology used in the analysis to identify System
instability for conditions such as Cascading, voltage instability, or uncontrolled islanding.
R7. Each Planning Coordinator, in conjunction with each of its Transmission Planners, shall
determine and identify each entitys individual and joint responsibilities for performing the
required studies for the Planning Assessment. [Violation Risk Factor: Low] [Time Horizon:
Long-term Planning]
R8. Each Planning Coordinator and Transmission Planner shall distribute its Planning Assessment
results to adjacent Planning Coordinators and adjacent Transmission Planners within 90
calendar days of completing its Planning Assessment, and to any functional entity that has a
reliability related need and submits a written request for the information within 30 days of such
a request. [Violation Risk Factor: Medium] [Time Horizon: Long-term Planning]
8.1. If a recipient of the Planning Assessment results provides documented comments on
the results, the respective Planning Coordinator or Transmission Planner shall provide
a documented response to that recipient within 90 calendar days of receipt of those
comments.
8
Table 1 Steady State & Stability Performance Planning Events
Steady State & Stability:
a. The System shall remain stable. Cascading and uncontrolled islanding shall not occur.
b. Consequential Load Loss as well as generation loss is acceptable as a consequence of any event excluding P0.
c. Simulate the removal of all elements that Protection Systems and other controls are expected to automatically disconnect for each event.
d. Simulate Normal Clearing unless otherwise specified.
e. Planned System adjustments such as Transmission configuration changes and re-dispatch of generation are allowed if such adjustments are executable within the time
duration applicable to the Facility Ratings.
Steady State Only:
f. Applicable Facility Ratings shall not be exceeded.
g. System steady state voltages and post-Contingency voltage deviations shall be within acceptable limits as established by the Planning Coordinator and the Transmission
Planner.
h. Planning event P0 is applicable to steady state only.
i. The response of voltage sensitive Load that is disconnected from the System by end-user equipment associated with an event shall not be used to meet steady state
performance requirements.
Stability Only:
j. Transient voltage response shall be within acceptable limits established by the Planning Coordinator and the Transmission Planner.
Category Initial Condition Event
1
Fault Type
2
BES Level
3

Transmission
Service Allowed
4

Non-Consequential
Load Loss Allowed
P0
No Contingency
Normal System None N/A EHV, HV No No
P1
Single
Contingency
Normal System
1. Generator
3. Transformer
5

4. Shunt Device
6

3
EHV, HV No
9
No
12

5. Single Pole of a DC line SLG
P2
Single
Contingency
Normal System
1. Opening of a line section w/o a fault
7
N/A EHV, HV No
9
No
12

2. Bus Section Fault SLG
EHV No
9
No
HV Yes Yes
3. Internal Breaker Fault
8

(non-Bus-tie Breaker)
SLG
EHV No
9
No
HV Yes Yes
4. Internal Breaker Fault (Bus-tie Breaker)
8
SLG EHV, HV Yes Yes
9

Event
1

Fault Type
2
BES Level
3

Transmission
Service Allowed
4

Non-Consequential
Load Loss Allowed
P3
Multiple
Contingency
Loss of generator unit
followed by System
adjustments
9

1. Generator
3. Transformer
5

4. Shunt Device
6

3
EHV, HV

No
9

No
12

5. Single pole of a DC line SLG
P4
Multiple
Contingency
(Fault plus stuck
breaker
10
)
Normal System
Loss of multiple elements caused by a stuck
breaker
10
(non-Bus-tie Breaker) attempting to
clear a Fault on one of the following:
1. Generator
3. Transformer
5

4. Shunt Device
6

5. Bus Section
SLG

EHV No
9
No
HV Yes Yes
6. Loss of multiple elements caused by a
stuck breaker
10
(Bus-tie Breaker)
attempting to clear a Fault on the
associated bus
SLG EHV, HV Yes Yes
P5
Multiple
Contingency
(Fault plus relay
failure to
operate)
Normal System
Delayed Fault Clearing due to the failure of a
non-redundant relay
13
protecting the Faulted
element to operate as designed, for one of
the following:
1. Generator
3. Transformer
5

4. Shunt Device
6

5. Bus Section
SLG

EHV No
9
No
HV Yes Yes
P6
Multiple
Contingency
(Two
overlapping
singles)
Loss of one of the
following followed by
System adjustments.
9

2. Transformer
5

3. Shunt Device
6

2. Transformer
5

3. Shunt Device
6

3
EHV, HV Yes Yes
SLG EHV, HV Yes Yes
10

Event
1

Fault Type
2
BES Level
3

Transmission
Service Allowed
4

Non-Consequential
Load Loss Allowed
P7
Multiple
Contingency
(Common
Structure)
Normal System
The loss of:
1. Any two adjacent (vertically or
horizontally) circuits on common
structure
11

2. Loss of a bipolar DC line
SLG EHV, HV Yes Yes

11

Table 1 Steady State & Stability Performance Extreme Events
Steady State & Stability
For all extreme events evaluated:
a. Simulate the removal of all elements that Protection Systems and automatic controls are expected to disconnect for each Contingency.
b. Simulate Normal Clearing unless otherwise specified.
Steady State
1. Loss of a single generator, Transmission Circuit, single pole of a DC
Line, shunt device, or transformer forced out of service followed by
another single generator, Transmission Circuit, single pole of a
different DC Line, shunt device, or transformer forced out of service
2. Local area events affecting the Transmission System such as:
a. Loss of a tower line with three or more circuits.
11

b. Loss of all Transmission lines on a common Right-of-Way
11
.
c. Loss of a switching station or substation (loss of one voltage
level plus transformers).
d. Loss of all generating units at a generating station.
e. Loss of a large Load or major Load center.
3. Wide area events affecting the Transmission System based on
System topology such as:
a. Loss of two generating stations resulting from conditions such
as:
i. Loss of a large gas pipeline into a region or multiple
regions that have significant gas-fired generation.
ii. Loss of the use of a large body of water as the cooling
source for generation.
iii. Wildfires.
iv. Severe weather, e.g., hurricanes, tornadoes, etc.
v. A successful cyber attack.
vi. Shutdown of a nuclear power plant(s) and related
facilities for a day or more for common causes such
as problems with similarly designed plants.
b. Other events based upon operating experience that may
result in wide area disturbances.
Stability
1. With an initial condition of a single generator, Transmission circuit,
single pole of a DC line, shunt device, or transformer forced out of
service, apply a 3 fault on another single generator, Transmission
circuit, single pole of a different DC line, shunt device, or transformer
2. Local or wide area events affecting the Transmission System such as:
a. 3 fault on generator with stuck breaker
10
or a relay failure
13

b. 3 fault on Transmission circuit with stuck breaker
10
or a relay
failure
13
c. 3 fault on transformer with stuck breaker
10
or a relay failure
13

d. 3 fault on bus section with stuck breaker
10
or a relay failure
13

e. 3 internal breaker fault.
f. Other events based upon operating experience, such as
consideration of initiating events that experience suggests may
result in wide area disturbances

12

1. If the event analyzed involves BES elements at multiple System voltage levels, the lowest System voltage level of the element(s) removed for the analyzed
event determines the stated performance criteria regarding allowances for interruptions of Firm Transmission Service and Non-Consequential Load Loss.
2. Unless specified otherwise, simulate Normal Clearing of faults. Single line to ground (SLG) or three-phase (3) are the fault types that must be evaluated in
Stability simulations for the event described. A 3 or a double line to ground fault study indicating the criteria are being met is sufficient evidence that a SLG
condition would also meet the criteria.
3. Bulk Electric System (BES) level references include extra-high voltage (EHV) Facilities defined as greater than 300kV and high voltage (HV) Facilities defined
as the 300kV and lower voltage Systems. The designation of EHV and HV is used to distinguish between stated performance criteria allowances for
interruption of Firm Transmission Service and Non-Consequential Load Loss.
4. Curtailment of Conditional Firm Transmission Service is allowed when the conditions and/or events being studied formed the basis for the Conditional Firm
5. For non-generator step up transformer outage events, the reference voltage, as used in footnote 1, applies to the low-side winding (excluding tertiary
windings). For generator and Generator Step Up transformer outage events, the reference voltage applies to the BES connected voltage (high-side of the
Generator Step Up transformer). Requirements which are applicable to transformers also apply to variable frequency transformers and phase shifting
transformers.
6. Requirements which are applicable to shunt devices also apply to FACTS devices that are connected to ground.
7. Opening one end of a line section without a fault on a normally networked Transmission circuit such that the line is possibly serving Load radial from a single
source point.
8. An internal breaker fault means a breaker failing internally, thus creating a System fault which must be cleared by protection on both sides of the breaker.
9. An objective of the planning process should be to minimize the likelihood and magnitude of interruption of Firm Transmission Service following Contingency
events. Curtailment of Firm Transmission Service is allowed both as a System adjustment (as identified in the column entitled Initial Condition) and a
corrective action when achieved through the appropriate re-dispatch of resources obligated to re-dispatch, where it can be demonstrated that Facilities,
internal and external to the Transmission Planners planning region, remain within applicable Facility Ratings and the re-dispatch does not result in any Non-
Consequential Load Loss. Where limited options for re-dispatch exist, sensitivities associated with the availability of those resources should be considered.
10. A stuck breaker means that for a gang-operated breaker, all three phases of the breaker have remained closed. For an independent pole operated (IPO) or
an independent pole tripping (IPT) breaker, only one pole is assumed to remain closed. A stuck breaker results in Delayed Fault Clearing.
11. Excludes circuits that share a common structure (Planning event P7, Extreme event steady state 2a) or common Right-of-Way (Extreme event, steady state
2b) for 1 mile or less.
12. An objective of the planning process is to minimize the likelihood and magnitude of Non-Consequential Load Loss following planning events. In limited
circumstances, Non-Consequential Load Loss may be needed throughout the planning horizon to ensure that BES performance requirements are met.
However, when Non-Consequential Load Loss is utilized under footnote 12 within the Near-Term Transmission Planning Horizon to address BES
performance requirements, such interruption is limited to circumstances where the Non-Consequential Load Loss meets the conditions shown in Attachment
1. In no case can the planned Non-Consequential Load Loss under footnote 12 exceed 75 MW for US registered entities. The amount of planned Non-
Consequential Load Loss for a non-US Registered Entity should be implemented in a manner that is consistent with, or under the direction of, the applicable
governmental authority or its agency in the non-US jurisdiction.
13. Applies to the following relay functions or types: pilot (#85), distance (#21), differential (#87), current (#50, 51, and 67), voltage (#27 & 59), directional (#32, &
13
67), and tripping (#86, & 94).

Attachment 1

During each Planning Assessment before the use of Non-Consequential Load Loss under
footnote 12 is allowed as an element of a Corrective Action Plan in the Near-Term Transmission
Planning Horizon of the Planning Assessment, the Transmission Planner or Planning
Coordinator shall ensure that the utilization of footnote 12 is reviewed through an open and
transparent stakeholder process. The responsible entity can utilize an existing process or develop
a new process. .The process must include the following:
2. Notice must be provided in advance of meetings to affected stakeholders including
applicable regulatory authorities or governing bodies responsible for retail electric service
issues and include an agenda with:
b. Specific location(s) of the planned Non-Consequential Load Loss under footnote
12
3. Information regarding the intended purpose and scope of the proposed Non-
Consequential Load Loss under footnote 12 (as shown in Section II below) must be made
available to meeting participants
4. A procedure for stakeholders to submit written questions or concerns and to receive
written responses to the submitted questions and concerns
5. A dispute resolution process for any question or concern raised in #4 above that is not
resolved to the stakeholders satisfaction
An entity does not have to repeat the stakeholder process for a specific application of footnote 12
utilization with respect to subsequent Planning Assessments unless conditions spelled out in
Section II below have materially changed for that specific application.

The responsible entity shall document the planned use of Non-Consequential Load Loss under
footnote 12 which must include the following:
1. Conditions under which Non-Consequential Load Loss under footnote 12 would be
necessary:
a. System Load level and estimated annual hours of exposure at or above that Load
level
b. Applicable Contingencies and the Facilities outside their applicable rating due to
that Contingency
2. Amount of Non-Consequential Load Loss with:

b. An explanation of the effect of the use of Non-Consequential Load Loss under
footnote 12 on the health, safety, and welfare of the community
3. Estimated frequency of Non-Consequential Load Loss under footnote 12 based on
4. Expected duration of Non-Consequential Load Loss under footnote 12 based on historical
performance
5. Future plans to alleviate the need for Non-Consequential Load Loss under footnote 12
following the application of footnote 12
7. Alternatives to Non-Consequential Load Loss considered and the rationale for not
selecting those alternatives under footnote 12
8. Assessment of potential overlapping uses of footnote 12 including overlaps with adjacent
Transmission Planners and Planning Coordinators

III. Instances for which Regulatory Review of Non-Consequential Load Loss under Footnote 12
is Required
Before a Non-Consequential Load Loss under footnote 12 is allowed as an element of a
Corrective Action Plan in Year One of the Planning Assessment, the Transmission Planner or
Planning Coordinator must ensure that the applicable regulatory authorities or governing bodies
responsible for retail electric service issues do not object to the use of Non-Consequential Load
Loss under footnote 12 if either:
a. If the Contingency analyzed involves BES Elements at multiple System voltage
levels, the lowest System voltage level of the element(s) removed for the
analyzed Contingency determines the stated performance criteria regarding
allowances for Non-Consequential Load Loss under footnote 12, or
b. For a non-generator step up transformer outage Contingency, the 300 kV limit
applies to the low-side winding (excluding tertiary windings). For a generator or
generator step up transformer outage Contingency, the 300 kV limit applies to the
BES connected voltage (high-side of the Generator Step Up transformer)
2. The planned Non-Consequential Load Loss under footnote 12 is greater than or equal to
25 MW

Once assurance has been received that the applicable regulatory authorities or governing bodies
responsible for retail electric service issues do not object to the use of Non-Consequential Load
Loss under footnote 12, the Planning Coordinator or Transmission Planner must submit the
information outlined in items II.1 through II.8 above to the ERO for a determination of whether
there are any Adverse Reliability Impacts caused by the request to utilize footnote 12 for Non-
Consequential Load Loss.

C. Measures
M1. Each Transmission Planner and Planning Coordinator shall provide evidence, in electronic or
hard copy format, that it is maintaining System models within their respective area, using data
consistent with MOD-010 and MOD-012, including items represented in the Corrective Action
Plan, representing projected System conditions, and that the models represent the required
information in accordance with Requirement R1.
electronic or hard copies of its annual Planning Assessment, that it has prepared an annual
Planning Assessment of its portion of the BES in accordance with Requirement R2.
electronic or hard copies of the studies utilized in preparing the Planning Assessment, in
electronic or hard copies of the studies utilized in preparing the Planning Assessment in
M5. Each Transmission Planner and Planning Coordinator shall provide dated evidence such as
electronic or hard copies of the documentation specifying the criteria for acceptable System
response for its System in accordance with Requirement R5.
electronic or hard copies of documentation specifying the criteria or methodology used in the
analysis to identify System instability for conditions such as Cascading, voltage instability, or
uncontrolled islanding that was utilized in preparing the Planning Assessment in accordance
M7. Each Planning Coordinator, in conjunction with each of its Transmission Planners, shall
provide dated documentation on roles and responsibilities, such as meeting minutes,
agreements, and e-mail correspondence that identifies that agreement has been reached on
individual and joint responsibilities for performing the required studies and Assessments in
M8. Each Planning Coordinator and Transmission Planner shall provide evidence, such as email
notices, documentation of updated web pages, postal receipts showing recipient and date; or a
demonstration of a public posting, that it has distributed its Planning Assessment results to
adjacent Planning Coordinators and adjacent Transmission Planners within 90 days of having
completed its Planning Assessment, and to any functional entity who has indicated a reliability
need within 30 days of a written request and that the Planning Coordinator or Transmission
Planner has provided a documented response to comments received on Planning Assessment
results within 90 calendar days of receipt of those comments in accordance with Requirement
R8.
D. Compliance
Regional Entity
1.2 Compliance Monitoring Period and Reset Timeframe
Not applicable.

Compliance Audits
Self-Certifications
Spot Checking
Self-Reporting
Complaints
1.4 Data Retention
The Transmission Planner and Planning Coordinator shall each retain data or evidence to
show compliance as identified unless directed by its Compliance Enforcement Authority
to retain specific evidence for a longer period of time as part of an investigation:
The models utilized in the current in-force Planning Assessment and one
previous Planning Assessment in accordance with Requirement R1 and Measure
M1.
The Planning Assessments performed since the last compliance audit in
accordance with Requirement R2 and Measure M2.
The documentation specifying the criteria for acceptable System steady state
voltage limits, post-Contingency voltage deviations, and transient voltage
response since the last compliance audit in accordance with Requirement R5 and
Measure M5.
The documentation specifying the criteria or methodology utilized in the analysis
to identify System instability for conditions such as Cascading, voltage
instability, or uncontrolled islanding in support of its Planning Assessments since
the last compliance audit in accordance with Requirement R6 and Measure M6.
The current, in force documentation for the agreement(s) on roles and
responsibilities, as well as documentation for the agreements in force since the
last compliance audit, in accordance with Requirement R7 and Measure M7.
The Planning Coordinator shall retain data or evidence to show compliance as identified
Three calendar years of the notifications employed in accordance with
Requirement R8 and Measure M8.
If a Transmission Planner or Planning Coordinator is found non-compliant, it shall keep
information related to the non-compliance until found compliant or the time periods

None
18
R1 The responsible entitys System
model failed to represent one of the
Requirement R1, Parts 1.1.1
through 1.1.6.
model failed to represent two of the
1.1.6.

model failed to represent three of the
1.1.6.

failed to represent four or more of the
1.1.6.
OR
did not represent projected System
conditions as described in Requirement
R1.
OR
did not use data consistent with that
provided in accordance with the MOD-
010 and MOD-012 standards and other
sources, including items represented in
the Corrective Action Plan.
comply with Requirement R2, Part
2.6.
comply with Requirement R2, Part 2.3
or Part 2.8.
comply with one of the following
Parts of Requirement R2: Part 2.1,
Part 2.2, Part 2.4, Part 2.5, or Part
2.7.
The responsible entity failed to comply
with two or more of the following Parts
of Requirement R2: Part 2.1, Part 2.2,
Part 2.4, or Part 2.7.
OR
The responsible entity does not have a
completed annual Planning
Assessment.
19
OR
extreme events.

Table 1.
OR
3.3.
OR
studies to determine that the BES
for the P0 or P1 categories in Table 1.
OR
OR
extreme events.
Table 1.
OR
4.3.
OR
R5 N/A N/A N/A The responsible entity does not have
criteria for acceptable System steady
state voltage limits, post-Contingency
voltage deviations, or the transient
voltage response for its System.
R6 N/A N/A N/A The responsible entity failed to define
and document the criteria or
methodology for System instability used
within its analysis as described in
Requirement R6.
20
conjunction with each of its
Transmission Planners, failed to
determine and identify individual or joint
responsibilities for performing required
studies.
R8 The responsible entity distributed its
its completion.
OR,
Planning Assessment in writing but
the request.
or equal to 130 days following its
completion.
OR,
request.
its completion.
OR,
request.
was more than 140 days following its
completion.
OR
adjacent Transmission Planners.
OR
was more than 60 days following the
request.
OR
Planning Assessment in writing.


None.

Version History
0 J une 3, 2005 Fixed reference in M1 to read TPL-001-0 R2.1
and TPL-001-0 R2.2
Errata
0 J uly 24, 2007 Corrected reference in M1. to read TPL-001-0
Errata
0.1 October 29, 2008 BOT adopted errata changes; updated version number
to 0.1
Errata
0.1 May 13, 2009 FERC Approved Updated Effective Date and Footer Revised
1 Approved by
Board of Trustees
February 17, 2011
Revised footnote b pursuant to FERC Order RM06-
16-009
11)
upgrading requirements of TPL-001-0, TPL-002-0,
TPL-003-0, and TPL-004-0 into one, single,
comprehensive, coordinated standard: TPL-001-2; and
retirement of TPL-005-0 and TPL-006-0.
Project 2006-02
complete revision
1 April 19, 2012 FERC issued Order 762 remanding TPL-001-1, TPL-
002-1b, TPL-003-1a, and TPL-004-1. FERC also
issued a NOPR proposing to remand TPL-001-2.
NERC has been directed to revise footnote 'b' in
accordance with the directives of Order Nos. 762 and
693.

TPL-001-3 was created after the Board of Trustees
approved the revised footnote b in TPL-002-2b,
which was balloted and appended to: TPL-001-0.1,
TPL-002-0b, TPL-003-0a, and TPL-004-0.

TPL-001-4 was adopted by the Board of Trustees as
TPL-001-3, but a discrepancy in numbering was
identified and corrected prior to filing with the
regulatory agencies.

Standard TPL-002-0b System Performance Following Loss of a Single BES Element
Page 1 of 10
A. Introduction
1. Title: System Performance Following Loss of a Single Bulk Electric System
Element (Category B)
2. Number: TPL-002-0b
that reliable systems are developed that meet specified performance requirements
with sufficient lead time, and continue to be modified or upgraded as necessary
to meet present and future system needs.
4. Applicability:
B. Requirements
R1. The Planning Authority and Transmission Planner shall each demonstrate through a valid
assessment that its portion of the interconnected transmission system is planned such that the
Network can be operated to supply projected customer demands and projected Firm (non-
recallable reserved) Transmission Services, at all demand levels over the range of forecast
system demands, under the contingency conditions as defined in Category B of Table I. To be
valid, the Planning Authority and Transmission Planner assessments shall:
addresses each of the following categories,, showing system performance following
Category B of Table 1 (single contingencies). The specific elements selected (from
each of the following categories) for inclusion in these studies and simulations shall
be acceptable to the associated Regional Reliability Organization(s).
R1.3.1. Be performed and evaluated only for those Category B contingencies that
would produce the more severe System results or impacts. The rationale for
the contingencies selected for evaluation shall be available as supporting
information. An explanation of why the remaining simulations would
produce less severe system results shall be available as supporting
information.
R1.3.2. Cover critical system conditions and study years as deemed appropriate by
the responsible entity.
R1.3.3. Be conducted annually unless changes to system conditions do not warrant
such analyses.
identified marginal conditions that may have longer lead-time solutions.
R1.3.6. Be performed and evaluated for selected demand levels over the range of
forecast system Demands.
Page 2 of 10
R1.3.7. Demonstrate that system performance meets Category B contingencies.
R1.3.9. Include Reactive Power resources to ensure that adequate reactive resources
are available to meet system performance.
R1.3.10. Include the effects of existing and planned protection systems, including any
backup or redundant systems.
R1.3.11. Include the effects of existing and planned control devices.
R1.3.12. Include the planned (including maintenance) outage of any bulk electric
equipment (including protection systems or their components) at those
demand levels for which planned (including maintenance) outages are
performed.
R1.4. Address any planned upgrades needed to meet the performance requirements of
Category B of Table I.
R1.5. Consider all contingencies applicable to Category B.
R2. When System simulations indicate an inability of the systems to respond as prescribed in
Reliability Standard TPL-002-0_R1, the Planning Authority and Transmission Planner shall
each:
R2.1.2. Including a discussion of expected required in-service dates of facilities.
R2.2. Review, in subsequent annual assessments, (where sufficient lead time exists), the
continuing need for identified system facilities. Detailed implementation plans are not
needed.
R3. The Planning Authority and Transmission Planner shall each document the results of its
Reliability Assessments and corrective plans and shall annually provide the results to its
respective Regional Reliability Organization(s), as required by the Regional Reliability
Organization.
C. Measures
M1. The Planning Authority and Transmission Planner shall have a valid assessment and corrective
plans as specified in Reliability Standard TPL-002-0_R1 and TPL-002-0_R2.
documentation of results of its reliability assessments and corrective plans per Reliability
Standard TPL-002-0_R3.
D. Compliance
Page 3 of 10
Annually.

1.3. Data Retention
None specified.
None.
2.2. Level 2: A valid assessment and corrective plan for the longer-term planning horizon is
not available.
2.4. Level 4: A valid assessment and corrective plan for the near-term planning horizon is not
available.
1. None identified.
Version History
0 February 8,
2005
0a J uly 30, 2008 Adopted by NERC Board of Trustees New
0a October 23,
2008
Added Appendix 1 Interpretation of TPL-
002-0 Requirements R1.3.2 and R1.3.12
and TPL-003-0 Requirements R1.3.2 and
R1.3.12 for Ameren and MISO

Revised
0b November 5,
2009
Added Appendix 2 Interpretation of
R1.3.10 approved by BOT on November 5,
2009
Interpretation
0b September 15,
2011
FERC Order issued approving the
Interpretation of R1.3.10 (FERC Order
becomes effective October 24, 2011)
Interpretation

Page 4 of 10

Category

Element(s)
System Stable
and both
Thermal and
Voltage
Limits within
Applicable
Rating
a

Loss of Demand
or
Curtailed Firm
Transfers
Cascading

Outages

A
No Contingencies


Yes

No

No

B
Event resulting in
element.
Single Line Ground (SLG) or 3-Phase (3) Fault,
with Normal Clearing:
1. Generator
3. Transformer
Loss of an Element without a Fault.

Yes
Yes
Yes
Yes

No
b

No
b

No
b

No
b

No
No
No
No
e
:

Yes

No
b

No

C
Event(s) resulting in
the loss of two or
more (multiple)
elements.
e
:
1. Bus Section


Yes

Yes

Planned/
Controlled
c

Planned/
Controlled
c

No

No
e
, Manual
SystemAdjustments, followed by another SLG or
e
:
contingency, manual systemadjustments,
followed by another Category B (B1, B2,
B3, or B4) contingency

Yes

Planned/
Controlled
c

No
e
:
Normal Clearing
e
:

towerline
f

Yes

Yes

Planned/
Controlled
c

Planned/
Controlled
c

No

No
e
(stuck breaker
or protection systemfailure):
6. Generator

7. Transformer


9. Bus Section

Yes

Yes

Yes

Yes

Planned/
Controlled
c

Planned/
Controlled
c

Planned/
Controlled
c

Planned/
Controlled
c

No

No

No

No

Page 5 of 10
D
d

elements removed or
Cascading out of service
e
failure):
e
:

9. Loss of a switching station (one voltage level plus transformers)
13. Operation, partial operation, or misoperation of a fully redundant
Special Protection System(or Remedial Action Scheme) in
response to an event or abnormal systemcondition for which it
was not intended to operate
14. Impact of severe power swings or oscillations fromDisturbances
in another Regional Reliability Organization.
consequences.
customer Demand and
area or areas.

a) Applicable rating refers to the applicable Normal and Emergency facility thermal Rating or systemvoltage limit as
determined and consistently applied by the systemor facility owner. Applicable Ratings may include Emergency Ratings
applicable for short durations as required to permit operating steps necessary to maintain systemcontrol. All Ratings
must be established consistent with applicable NERC Reliability Standards addressing Facility Ratings.
b) Planned or controlled interruption of electric supply to radial customers or some local Network customers, connected to or
supplied by the Faulted element or by the affected area, may occur in certain areas without impacting the overall
reliability of the interconnected transmission systems. To prepare for the next contingency, systemadjustments are
permitted, including curtailments of contracted Firm(non-recallable reserved) electric power Transfers.
c) Depending on systemdesign and expected systemimpacts, the controlled interruption of electric supply to customers
(load shedding), the planned removal fromservice of certain generators, and/or the curtailment of contracted Firm(non-
recallable reserved) electric power Transfers may be necessary to maintain the overall reliability of the interconnected
d) A number of extreme contingencies that are listed under Category D and judged to be critical by the transmission
planning entity(ies) will be selected for evaluation. It is not expected that all possible facility outages under each listed
contingency of Category D will be evaluated.
e) Normal clearing is when the protection systemoperates as designed and the Fault is cleared in the time normally expected
with proper functioning of the installed protection systems. Delayed clearing of a Fault is due to failure of any protection
systemcomponent such as a relay, circuit breaker, or current transformer, and not because of an intentional design delay.
f) Systemassessments may exclude these events where multiple circuit towers are used over short distances (e.g., station
entrance, river crossings) in accordance with Regional exemption criteria.
Page 6 of 10
Appendix 1
Interpretation of TPL-002-0 Requirements R1.3.2 and R1.3.12 and
TPL-003-0 Requirements R1.3.2 and R1.3.12 for Ameren and MISO
NERC received two requests for interpretation of identical requirements (Requirements R1.3.2 and
R1.3.12) in TPL-002-0 and TPL-003-0 from the Midwest ISO and Ameren. These requirements state:

Requirement R1.3.2

Request for Interpretation of TPL-002-0 and TPL-003-0 Requirement R1.3.2
Received from Ameren on July 25, 2007:
Ameren specifically requests clarification on the phrase, critical system conditions in R1.3.2. Ameren
asks if compliance with R1.3.2 requires multiple contingent generating unit Outages as part of possible
generation dispatch scenarios describing critical system conditions for which the system shall be planned
and modeled in accordance with the contingency definitions included in Table 1.

TPL-003-0:
[To be valid, the Planning Authority and Transmission Planner assessments shall:]
R1.3 Be supported by a current or past study and/or system simulation testing that addresses each
of the following categories, showing system performance following Category C of Table 1
(multiple contingencies). The specific elements selected (from each of the following
categories) for inclusion in these studies and simulations shall be acceptable to the associated
Regional Reliability Organization(s).
R1.3.2 Cover critical system conditions and study years as deemed appropriate by the
responsible entity.
R1.3.12 Include the planned (including maintenance) outage of any bulk electric equipment
(including protection systems or their components) at those demand levels for which
planned (including maintenance) outages are performed.
TPL-002-0:
of the following categories, showing system performance following Category B of Table 1
(single contingencies). The specific elements selected (from each of the following categories)
for inclusion in these studies and simulations shall be acceptable to the associated Regional
Reliability Organization(s).
responsible entity.
Page 7 of 10
Received from MISO on August 9, 2007:
MISO asks if the TPL standards require that any specific dispatch be applied, other than one that is
representative of supply of firm demand and transmission service commitments, in the modeling of system
contingencies specified in Table 1 in the TPL standards.
MISO then asks if a variety of possible dispatch patterns should be included in planning analyses
including a probabilistically based dispatch that is representative of generation deficiency scenarios,
would it be an appropriate application of the TPL standard to apply the transmission contingency
conditions in Category B of Table 1 to these possible dispatch pattern.
The following interpretation of TPL-002-0 and TPL-003-0 Requirement R1.3.2 was developed by
the NERC Planning Committee on March 13, 2008:
The selection of a credible generation dispatch for the modeling of critical system conditions is within the
discretion of the Planning Authority. The Planning Authority was renamed Planning Coordinator (PC)
in the Functional Model dated February 13, 2007. (TPL -002 and -003 use the former Planning
Authority name, and the Functional Model terminology was a change in name only and did not affect
responsibilities.)
Under the Functional Model, the Planning Coordinator Provides and informs Resource Planners,
Transmission Planners, and adjacent Planning Coordinators of the methodologies and tools for the
simulation of the transmission system while the Transmission Planner Receives from the Planning
Coordinator methodologies and tools for the analysis and development of transmission expansion
plans. A PCs selection of critical system conditions and its associated generation dispatch falls
within the purview of methodology.
Furthermore, consistent with this interpretation, a Planning Coordinator would formulate critical system
conditions that may involve a range of critical generator unit outages as part of the possible generator
dispatch scenarios.
Both TPL-002-0 and TPL-003-0 have a similar measure M1:
corrective plans as specified in Reliability Standard TPL-002-0_R1 [or TPL-003-0_R1]
and TPL-002-0_R2 [or TPL-003-0_R2].
The Regional Reliability Organization (RRO) is named as the Compliance Monitor in both standards.
Pursuant to Federal Energy Regulatory Commission (FERC) Order 693, FERC eliminated the RRO as the
appropriate Compliance Monitor for standards and replaced it with the Regional Entity (RE). See
paragraph 157 of Order 693. Although the referenced TPL standards still include the reference to the
RRO, to be consistent with Order 693, the RRO is replaced by the RE as the Compliance Monitor for this
interpretation. As the Compliance Monitor, the RE determines what a valid assessment means when
evaluating studies based upon specific sub-requirements in R1.3 selected by the Planning Coordinator and
the Transmission Planner. If a PC has Transmission Planners in more than one region, the REs must
coordinate among themselves on compliance matters.

Page 8 of 10
Requirement R1.3.12

Ameren also asks how the inclusion of planned outages should be interpreted with respect to the
contingency definitions specified in Table 1 for Categories B and C. Specifically, Ameren asks if R1.3.12
requires that the system be planned to be operated during those conditions associated with planned
outages consistent with the performance requirements described in Table 1 plus any unidentified outage.
MISO asks if the term planned outages means only already known/scheduled planned outages that may
continue into the planning horizon, or does it include potential planned outages not yet scheduled that
may occur at those demand levels for which planned (including maintenance) outages are performed?
If the requirement does include not yet scheduled but potential planned outages that could occur in the
planning horizon, is the following a proper interpretation of this provision?
The system is adequately planned and in accordance with the standard if, in order for a system operator
to potentially schedule such a planned outage on the future planned system, planning studies show that a
system adjustment (load shed, re-dispatch of generating units in the interconnection, or system
reconfiguration) would be required concurrent with taking such a planned outage in order to prepare for
a Category B contingency (single element forced out of service)? In other words, should the system in
effect be planned to be operated as for a Category C3 n-2 event, even though the first event is a planned
base condition?
If the requirement is intended to mean only known and scheduled planned outages that will occur or may
continue into the planning horizon, is this interpretation consistent with the original interpretation by
NERC of the standard as provided by NERC in response to industry questions in the Phase I development
of this standard1?
This provision was not previously interpreted by NERC since its approval by FERC and other regulatory
authorities. TPL-002-0 and TPL-003-0 explicitly provide that the inclusion of planned (including
maintenance) outages of any bulk electric equipment at demand levels for which the planned outages are
required. For studies that include planned outages, compliance with the contingency assessment for TPL-
002-0 and TPL-003-0 as outlined in Table 1 would include any necessary system adjustments which
might be required to accommodate planned outages since a planned outage is not a contingency as
defined in the NERC Glossary of Terms Used in Standards.

Page 9 of 10
Appendix 2
R1.3. Be supported by a current or past study and/or system simulation testing that addresses each of the
following categories, showing system performance following Category B of Table 1 (single
contingencies). The specific elements selected (from each of the following categories) for inclusion in
these studies and simulations shall be acceptable to the associated Regional Reliability Organization(s).
R1.3.10. Include the effects of existing and planned protection systems, including any backup or
redundant systems.
Requirement R1.3 and sub-requirement R1.3.10 of standard TPL-002-0acontain three key obligations:
1. That the assessment is supported by study and/or system simulation testing that addresses each
the following categories, showing system performance following Category B of Table 1 (single
contingencies).
2. these studies and simulations shall be acceptable to the associated Regional Reliability
Organization(s).
3. Include the effects of existing and planned protection systems, including any backup or
redundant systems.
Category B of Table 1 (single Contingencies) specifies:
Single Line Ground (SLG) or 3-Phase (3) Fault, with Normal Clearing:
1. Generator
3. Transformer
e
:
Note e specifies:
e) Normal Clearing is when the protection system operates as designed and the Fault is cleared in the time
normally expected with proper functioning of the installed protection systems. Delayed clearing of a Fault
is due to failure of any protection system component such as a relay, circuit breaker, or current
transformer, and not because of an intentional design delay.
The NERC Glossary of Terms defines Normal Clearing as A protection system operates as designed and
the fault is cleared in the time normally expected with proper functioning of the installed protection
systems.
Conclusion
TPL-002-0a requires that System studies or simulations be made to assess the impact of single
Contingency operation with Normal Clearing. TPL-002-0a R1.3.10 does require that all elements
expected to be removed from service through normal operations of the Protection Systems be removed in
simulations.
This standard does not require an assessment of the Transmission System performance due to a Protection
System failure or Protection System misoperation. Protection System failure or Protection System
misoperation is addressed in TPL-003-0 System Performance following Loss of Two or More Bulk
Page 10 of 10
Electric System Elements (Category C) and TPL-004-0 System Performance Following Extreme
Events Resulting in the Loss of Two or More Bulk Electric System Elements (Category D).
TPL-002-0a R1.3.10 does not require simulating anything other than Normal Clearing when assessing the
impact of a Single Line Ground (SLG) or 3-Phase (3) Fault on the performance of the Transmission
System.
In regards to PacifiCorps comments on the material impact associated with this interpretation, the
interpretation team has the following comment:
Requirement R2.1 requires a written summary of plans to achieve the required system performance,
including a schedule for implementation and an expected in-service date that considers lead times
necessary to implement the plan. Failure to provide such summary may lead to noncompliance that could
result in penalties and sanctions.

Page 1 of 13
A. Introduction
1. Title: System Performance Following Loss of a Single Bulk Electric System
Element (Category B)
that reliable systems are developed that meet specified performance requirements
with sufficient lead time, and continue to be modified or upgraded as necessary
to meet present and future system needs.
4. Applicability:
5. Effective Date: The application of revised Footnote b in Table 1 will take effect on the first day
of the first calendar quarter, 60 months after approval by applicable regulatory authorities. In those
jurisdictions where regulatory approval is not required, the effective date will be the first day of the
first calendar quarter, 60 months after Board of Trustees adoption or as otherwise made effective
pursuant to the laws applicable to such ERO governmental authorities. All other requirements
remain in effect per previous approvals. The existing Footnote b remains in effect until the
revised Footnote b becomes effective.
B. Requirements
assessment that its portion of the interconnected transmission system is planned such that the
Network can be operated to supply projected customer demands and projected Firm (non-
recallable reserved) Transmission Services, at all demand levels over the range of forecast
system demands, under the contingency conditions as defined in Category B of Table I. To be
valid, the Planning Authority and Transmission Planner assessments shall:
addresses each of the following categories, showing system performance following
Category B of Table 1 (single contingencies). The specific elements selected (from
R1.3.1. Be performed and evaluated only for those Category B contingencies that
would produce the more severe System results or impacts. The rationale for
information.
such analyses.
Page 2 of 13
forecast system Demands.
R1.3.7. Demonstrate that system performance meets Category B contingencies.
demand levels for which planned (including maintenance) outages are
performed.
Category B of Table I.
R1.5. Consider all contingencies applicable to Category B.
R2. When System simulations indicate an inability of the systems to respond as prescribed in
Reliability Standard TPL-002-1_R1, the Planning Authority and Transmission Planner shall
each:
needed.
Reliability Assessments and corrective plans and shall annually provide the results to its
respective Regional Reliability Organization(s), as required by the Regional Reliability
Organization.
C. Measures
D. Compliance
Page 3 of 13
Annually.

1.3. Data Retention
None specified.
None.
2.2. Level 2: A valid assessment and corrective plan for the longer-term planning horizon is
not available.
2.4. Level 4: A valid assessment and corrective plan for the near-term planning horizon is not
available.
1. None identified.
Version History

0a J uly 30, 2008 Adopted by NERC Board of Trustees New
0a October 23, 2008 Added Appendix 1 Interpretation of TPL-
002-0 Requirements R1.3.2 and R1.3.12
and TPL-003-0 Requirements R1.3.2 and
R1.3.12 for Ameren and MISO

Revised
0b November 5, 2009 Added Appendix 2 Interpretation of
R1.3.10 approved by BOT on November 5,
2009
Interpretation
0b September 15,
2011
FERC Order issued approving the
Interpretation of R1.3.10 (FERC Order
becomes effective October 24, 2011)
Interpretation
1b April 2010 Revised footnote b pursuant to FERC Revised
Page 4 of 13
Order RM06-16-009.
1b
February 17, 2011

Approved by the Board of Trustees; revised
footnote b pursuant to FERC Order
RM06-16-009

11)

1b April 19, 2012 FERC issued Order 762 remanding TPL-
001-1, TPL-002-1b, TPL-003-1a, and TPL-
004-1. FERC also issued a NOPR
proposing to remand TPL-001-2. NERC has
been directed to revise footnote 'b' in
accordance with the directives of Order
Nos. 762 and 693.

2b February 7, 2013 Adopted by NERC Board of Trustees.
Revised footnote b.

Page 5 of 13

Category

Element(s)
System Stable
and both
Thermal and
Voltage
Limits within
Applicable
Rating
a

Loss of Demand
or
Curtailed Firm
Transfers
Cascading

Outages

A
No Contingencies


Yes

No

No

B
Event resulting in
element.
1. Generator
3. Transformer

Yes
Yes
Yes
Yes

No
b

No
b

No
b

No
b

No
No
No
No
e
:

Yes

No
b

No

C
the loss of two or
more (multiple)
elements.
e
:
1. Bus Section


Yes

Yes

Planned/
Controlled
c

Planned/
Controlled
c

No

No
e
, Manual
e
:

Yes

Planned/
Controlled
c

No
e
:
Normal Clearing
e
:

towerline
f

Yes

Yes

Planned/
Controlled
c

Planned/
Controlled
c

No

No
e
(stuck breaker
6. Generator

7. Transformer


9. Bus Section

Yes

Yes

Yes

Yes

Planned/
Controlled
c

Planned/
Controlled
c

Planned/
Controlled
c

Planned/
Controlled
c

No

No

No

No

Page 6 of 13

D
d

elements removed or
e
failure):
e
:

consequences.
customer Demand and
area or areas.

a) Applicable rating refers to the applicable Normal and Emergency facility thermal Rating or system voltage limit as
determined and consistently applied by the system or facility owner. Applicable Ratings may include Emergency Ratings
applicable for short durations as required to permit operating steps necessary to maintain system control. All Ratings
b) An objective of the planning process is to minimize the likelihood and magnitude of interruption of firm transfers or Firm
Demand following Contingency events. Curtailment of firm transfers is allowed when achieved through the appropriate
re-dispatch of resources obligated to re-dispatch, where it can be demonstrated that Facilities, internal and external to the
Transmission Planners planning region, remain within applicable Facility Ratings and the re-dispatch does not result in
the shedding of any Firm Demand. For purposes of this footnote, the following are not counted as Firm Demand: (1)
Demand directly served by the Elements removed from service as a result of the Contingency, and (2) Interruptible
Demand or Demand-Side Management Load. In limited circumstances, Firm Demand may be interrupted throughout
the planning horizon to ensure that BES performance requirements are met. However, when interruption of Firm
Demand is utilized within the Near-Term Transmission Planning Horizon to address BES performance requirements,
such interruption is limited to circumstances where the use of FirmDemand interruption meets the conditions shown in
Attachment 1. In no case can the planned Firm Demand interruption under footnote b exceed 75 MW for US
registered entities. The amount of planned Non-Consequential Load Loss for a non-US Registered Entity should be
implemented in a manner that is consistent with, or under the direction of, the applicable governmental authority or its
agency in the non-US jurisdiction.
c) Depending on system design and expected system impacts, the controlled interruption of electric supply to customers
(load shedding), the planned removal from service of certain generators, and/or the curtailment of contracted Firm (non-
e) Normal clearing is when the protection system operates as designed and the Fault is cleared in the time normally expected
system component such as a relay, circuit breaker, or current transformer, and not because of an intentional design delay.
f) System assessments may exclude these events where multiple circuit towers are used over short distances (e.g., station

Page 7 of 13

Attachment 1

During each Planning Assessment before the use of Firm Demand interruption under footnote b
is allowed as an element of a Corrective Action Plan in the Near-Term Transmission Planning
Horizon of the Planning Assessment, the Transmission Planner or Planning Coordinator shall
ensure that the utilization of footnote b is reviewed through an open and transparent
stakeholder process. The responsible entity can utilize an existing process or develop a new
process. The process must include the following:

b. Specific location(s) of the planned Firm Demand interruption under footnote b
3. Information regarding the intended purpose and scope of the proposed Firm Demand
interruption under footnote b (as shown in Section II below) must be made available to
meeting participants
An entity does not have to repeat the stakeholder process for a specific application of footnote
b utilization with respect to subsequent Planning Assessments unless conditions spelled out in

The responsible entity shall document the planned use of Firm Demand interruption under
footnote b which must include the following:
necessary:
level
that Contingency
Page 8 of 13

3. Estimated frequency of Firm Demand interruption under footnote b based on historical
performance
4. Expected duration of Firm Demand interruption under footnote b based on historical
performance
7. Alternatives to Firm Demand interruption considered and the rationale for not selecting
those alternatives under footnote b
8. Assessment of potential overlapping uses of footnote b including overlaps with adjacent

III. Instances for which Regulatory Review of Interruptions of Firm Demand under Footnote b
is Required
Before a Firm Demand interruption under footnote b is allowed as an element of a Corrective
Action Plan in Year One of the Planning Assessment, the Transmission Planner or Planning
Coordinator must ensure that the applicable regulatory authorities or governing bodies
responsible for retail electric service issues do not object to the use of Firm Demand interruption
under footnote b if either:
allowances for Firm Demand interruptions under footnote b, or
2. The planned Firm Demand interruption under footnote b is greater than or equal to 25
MW

under footnote b, the Planning Coordinator or Transmission Planner must submit the
there are any Adverse Reliability Impacts caused by the request to utilize footnote b for Firm
Demand interruption.
Page 9 of 13

Appendix 1
Interpretation of TPL-002-0 Requirements R1.3.2 and R1.3.12 and
TPL-003-0 Requirements R1.3.2 and R1.3.12 for Ameren and MISO

Requirement R1.3.2


TPL-003-0:
responsible entity.
TPL-002-0:
responsible entity.
Page 10 of 13

responsibilities.)
dispatch scenarios.
and TPL-002-0_R2 [or TPL-003-0_R2].

Page 11 of 13

Requirement R1.3.12

base condition?
of this standard1?

Page 12 of 13

Appendix 2
R1.3. Be supported by a current or past study and/or system simulation testing that addresses each of the
following categories, showing system performance following Category B of Table 1 (single
contingencies). The specific elements selected (from each of the following categories) for inclusion in
these studies and simulations shall be acceptable to the associated Regional Reliability Organization(s).
R1.3.10. Include the effects of existing and planned protection systems, including any backup or
redundant systems.
Requirement R1.3 and sub-requirement R1.3.10 of standard TPL-002-0acontain three key obligations:
1. That the assessment is supported by study and/or system simulation testing that addresses each
the following categories, showing system performance following Category B of Table 1 (single
contingencies).
2. these studies and simulations shall be acceptable to the associated Regional Reliability
Organization(s).
3. Include the effects of existing and planned protection systems, including any backup or
redundant systems.
Category B of Table 1 (single Contingencies) specifies:
Single Line Ground (SLG) or 3-Phase (3) Fault, with Normal Clearing:
1. Generator
3. Transformer
e
:
Note e specifies:
e) Normal Clearing is when the protection system operates as designed and the Fault is cleared in the time
normally expected with proper functioning of the installed protection systems. Delayed clearing of a Fault
is due to failure of any protection system component such as a relay, circuit breaker, or current
transformer, and not because of an intentional design delay.
The NERC Glossary of Terms defines Normal Clearing as A protection system operates as designed and
the fault is cleared in the time normally expected with proper functioning of the installed protection
systems.
Conclusion
TPL-002-0a requires that System studies or simulations be made to assess the impact of single
Contingency operation with Normal Clearing. TPL-002-0a R1.3.10 does require that all elements
expected to be removed from service through normal operations of the Protection Systems be removed in
simulations.
This standard does not require an assessment of the Transmission System performance due to a Protection
System failure or Protection System misoperation. Protection System failure or Protection System
misoperation is addressed in TPL-003-0 System Performance following Loss of Two or More Bulk
Page 13 of 13

Electric System Elements (Category C) and TPL-004-0 System Performance Following Extreme
Events Resulting in the Loss of Two or More Bulk Electric System Elements (Category D).
TPL-002-0a R1.3.10 does not require simulating anything other than Normal Clearing when assessing the
impact of a Single Line Ground (SLG) or 3-Phase (3) Fault on the performance of the Transmission
System.
In regards to PacifiCorps comments on the material impact associated with this interpretation, the
interpretation team has the following comment:
Requirement R2.1 requires a written summary of plans to achieve the required system performance,
including a schedule for implementation and an expected in-service date that considers lead times
necessary to implement the plan. Failure to provide such summary may lead to noncompliance that could
result in penalties and sanctions.

Standard TPL-003-0b System Performance Following Loss of Two or More BES Elements
Page 1 of 13
A. Introduction
1. Title: System Performance Following Loss of Two or More Bulk Electric System
Elements (Category C)
that reliable systems are developed that meet specified performance requirements, with
sufficient lead time and continue to be modified or upgraded as necessary to meet present and
future System needs.
4. Applicability:
B. Requirements
assessment that its portion of the interconnected transmission systems is planned such that the
network can be operated to supply projected customer demands and projected Firm (non-
recallable reserved) Transmission Services, at all demand Levels over the range of forecast
system demands, under the contingency conditions as defined in Category C of Table I
(attached). The controlled interruption of customer Demand, the planned removal of
generators, or the Curtailment of firm (non-recallable reserved) power transfers may be
necessary to meet this standard. To be valid, the Planning Authority and Transmission Planner
assessments shall:
Category C of Table 1 (multiple contingencies). The specific elements selected (from
R1.3.1. Be performed and evaluated only for those Category C contingencies that
would produce the more severe system results or impacts. The rationale for
information.
such analyses.
Page 2 of 13
forecast system demands.
R1.3.7. Demonstrate that System performance meets Table 1 for Category C
contingencies.
are available to meet System performance.
Demand levels for which planned (including maintenance) outages are
performed.
Category C.
R1.5. Consider all contingencies applicable to Category C.
R2. When system simulations indicate an inability of the systems to respond as prescribed in
Reliability Standard TPL-003-0_R1, the Planning Authority and Transmission Planner shall each:
needed.
R3. The Planning Authority and Transmission Planner shall each document the results of these
Reliability Assessments and corrective plans and shall annually provide these to its respective
NERC Regional Reliability Organization(s), as required by the Regional Reliability
Organization.
C. Measures
D. Compliance
Page 3 of 13
Annually.
1.3. Data Retention
None specified.
None.
2.2. Level 2: A valid assessment and corrective plan for the longer-term planning horizon
is not available.
2.4. Level 4: A valid assessment and corrective plan for the near-term planning horizon is
not available.
1. None identified.
Version History
0 April 1, 2005 Add parenthesis to item e on page 8. Errata
0a July 30, 2008 Adopted by NERC Board of Trustees
0a October 23, 2008 Added Appendix 1 Interpretation of TPL-
002-0 Requirements R1.3.2 and R1.3.12 and
TPL-003-0 Requirements R1.3.2 and R1.3.12
for Ameren and MISO
Revised
0a April 23, 2010 FERC approval of interpretation of TPL-003-
0 R1.3.12
Interpretation
0b February 7, 2013 Interpretation adopted by NERC Board of
Trustees

0b June 20, 2013 FERC order issued approving Interpretation

Page 4 of 13
Table I. Trans mis s ion Sys tem Standards Normal and Emergency Conditions

Category

Element(s)
System Stable
and both
Thermal and
Voltage
Limits within
Applicable
Rating
a

Loss of Demand
or
Curtailed Firm
Transfers
Cascading
c
Outages

A
No Contingencies


Yes

No

No

B
Event resulting in
element.
1. Generator
3. Transformer

Yes
Yes
Yes
Yes

No
b

No
b

No
b

No
b

No
No
No
No
e
:

Yes

No
b

No

C
the loss of two or
more (multiple)
elements.
e
:
1. Bus Section


Yes

Yes

Planned/
Controlled
c

Planned/
Controlled
c

No

No
e
, Manual
System Adjustments, followed by another SLG or
e
:
contingency, manual system adjustments,

Yes

Planned/
Controlled
c

No
e
:
Normal Clearing
e
:

towerline
f

Yes

Yes

Planned/
Controlled
c

Planned/
Controlled
c

No

No
e
(stuck breaker
or protection system failure):
6. Generator

7. Transformer


9. Bus Section

Yes

Yes

Yes

Yes

Planned/
Controlled
c

Planned/
Controlled
c

Planned/
Controlled
c

Planned/
Controlled
c

No

No

No

No

Standard TPL-003-0b System Performance Following Loss of Two or More BES
Elements
Page 5 of 13

D
d

elements removed or
e
failure):

e
:

12. Failure of a fully redundant Special Protection System (or
Special Protection System (or Remedial Action Scheme) in
response to an event or abnormal system condition for which it
14. Impact of severe power swings or oscillations from Disturbances

consequences.
customer Demand and
area or areas.

b) Planned or controlled interruption of electric supply to radial customers or some local Network customers, connected to or
reliability of the interconnected transmission systems. To prepare for the next contingency, system adjustments are
permitted, including curtailments of contracted Firm (non-recallable reserved) electric power Transfers.
recallable reserved) electric power transfers may be necessary to maintain the overall reliability of the interconnected
Elements
Page 6 of 13

Appendix 1
Interpretation of TPL-002-0 Requirements R1.3.2 and R1.3.12 and TPL-003-0
Requirements R1.3.2 and R1.3.12 for Ameren and MISO

Requirement R1.3.2


TPL-003-0:
responsible entity.
TPL-002-0:
responsible entity.
Elements
Page 7 of 13

responsibilities.)
dispatch scenarios.
and TPL-002-0_R2 [or TPL-003-0_R2].
Elements
Page 8 of 13

Requirement R1.3.12

base condition?
of this standard1?
Elements
Page 9 of 13

Appendix 2

Interpretation 2012-INT-02: Response to Request for Interpretation of TPL-003-0a,
Requirements R1.3.1, R1.3.10 and R1.5 and TPL-004-0, Requirements R1.3.1, R1.3.7 and R1.4
for the System Protection and Control Subcommittee
Date submitted: December 12, 2011
The following interpretations of TPL-003-0a, System Performance Following Loss of Two or More Bulk
Electric System Elements (Category C), Requirements R1.3.1, R1.3.10 and R1.5 and TPL-004-0, System
Performance Following Extreme Events Resulting in the Loss of Two or More Bulk Electric System
Elements (Category D), Requirements R1.3.1, R1.37 and R1.4 were developed by members of the Assess
Transmission Future Needs Standard Drafting Team (ATFNSTD), Protection System Misoperations
Standard Development Team (PSMSDT), and Protection System Maintenance and Testing Standard
Drafting Team (PSMTSDT).
Standard Requirement (and text)
TPL-003-0a R1.3.1 Be performed and evaluated only for those Category C contingencies that
would produce the more severe system results or impacts. The rationale for the
contingencies selected for evaluation shall be available as supporting information.
An explanation of why the remaining simulations would produce less severe system
results shall be available as supporting information.
TPL-003-0a R1.3.10. Include the effects of existing and planned protection systems, including
any backup or redundant systems.
TPL-003-0a R1.5. Consider all contingencies applicable to Category C.
TPL-004-0 R1.3.1. Be performed and evaluated only for those Category D contingencies that
TPL-004-0 R1.3.7. Include the effects of existing and planned protection systems, including any
TPL-004-0 R1.4. Consider all contingencies applicable to Category D.
Please explain the clarification needed (as submitted).
This interpretation request has been developed to address Commission concerns related to the term
Single Point of Failure and how it relates to system performance and contingency planning
Elements
Page 10 of 13

clarification regarding the following questions about the listed standards, requirements and terms.
More specifically, clarification is needed about the comprehensive study of system performance
relating to Table 1s, Category C and D contingency of a protection system failure and specifically the
impact of failed components (i.e., Single Point of Failure). It is not entirely clear whether a valid
assessment of a protection system failure includes evaluation of shared or non-redundant protection
system components. Protection systems that have a shared protection system component are not two
independent protection systems, because both protection systems will be mutually impacted for a
failure of a single shared component. A protection system component evaluation would include the
evaluation of the consequences on system performance for the failure of any protection system
component that is integral to the operation of the protection system being evaluated and to the
operation of another protection system.
On March 30, 2009, NERC issued an Industry Advisory Protection System Single Point of Failure
1
Question 1: For the parenthetical (stuck breaker or protection system failure) in TPL-003-0a (Category
C contingencies 6-9) and TPL-004-0 (Category D contingencies 1-4), does an entity have the option of
evaluating the effects
(i.e.,
NERC Alert) for three significant events. One of which, the Westwing outage (June 14, 2004) was
caused by failure of a single auxiliary relay that initiated both breaker tripping and the breaker failure
protection. Since breaker tripping and breaker failure protection both shared the same auxiliary relay,
there was no independence between breaker tripping and breaker failure protection systems, therefore
causing both protection systems to not operate for the single component failure of the auxiliary relay.
The failure of this auxiliary relay is known as a single point of failure. It is not clear whether this
situation is comprehensively addressed by the applicable entities when making a valid assessment of
system performance for both Category C and D contingencies.
2
of either stuck breaker or protection system failure contingency
3
There is a lack of clarity whether R1.3.1
, or does an
applicable entity have to evaluate the contingency that produces the more severe system results or
impacts as identified in R1.3.1 of both standards?
4

1
NERC Website: (
requires an entity to assess which contingency causes the most
severe system results or impacts (R1.3.1) and this ambiguity could result in a potential reliability gap.
Whether the simulation of a stuck breaker or protection system failure will produce the worst result
depends on the protection system design. For example when a protection system is fully redundant, a
protection system failure will not affect fault clearing; therefore, a stuck breaker would result in more
severe system results or impacts. However, when a protection system failure affects fault clearing, the
fault clearing time may be longer than the breaker failure protection clearing time for a stuck breaker
contingency and may result in tripping of additional system elements, resulting in a more severe system
http://www.nerc.com/fileUploads/File/Events%20Analysis/A-2009-03-30-01.pdf)
2
As required by NERC Reliability Standard TPL-003-0a, Requirement R1.3.10. and/or TPL-004-0, Requirement
R1.3.7.
3
As required by NERC Reliability Standard TPL-003-0a, Requirement R1.5. and/or TPL-004-0, Requirement R1.4.
4
Be performed and evaluated only for those Category (TPL-003-0a Category C and TPL-004-0 Category D)
contingencies that would produce the more severe system results or impacts.
Elements
Page 11 of 13

response.
Question 2: For the phrase Delayed Clearing
5
used in Category C
6
contingencies 6-9 and Category D
7

contingencies 1-4, to what extent does the description in Table 1, footnote (e)
8

require an entity to
model a single point of failure of a protection system component that may prevent correct operation of
a protection system, including other protection systems impacted by that failed component based on
the as-built design of that protection system?
There is a lack of clarity whether footnote (e) in Table 1 requires the study and/or simulation of a failure
of a protection system component (i.e., single point of failure) that may prevent correct operation of
the protection system(s) impacted by the component failure. Protection systems that share a
protection system component are fully dependent upon the correct operation of that single shared
component and do not perform as two independent protection systems. This lack of clarity may result
in a potential reliability gap.

Clarity is necessary as to whether (1) a valid assessment should include evaluation of delayed clearing
due to failure of the protection system component (i.e., single point of failure), such as the failure of a
shared protection system component, that produces the more severe system results or impacts; and (2)
the study and/or simulation of the fault clearing sequence and protection system(s) operation should
be based on the protection system(s) as-built design.

The lack of clarity is compounded by the similarity between the phrase Delayed Clearing used in TPL-
003-0a and TPL-004-0, footnote (e), and the NERC glossary term Delayed Fault Clearing. While TPL-
003-0a and TPL-004-0 do not use the glossary term, the similarity may lead to confusion and
inconsistency in how entities apply footnote (e) to stuck breaker or protection system failure
contingency assessments.

Question 1
For the parenthetical (stuck breaker or protection system failure) in TPL-003-0a (Category C
contingencies 6-9) and TPL-004-0 (Category D contingencies 1-4), does an entity have the option of
9
10

5
, or does
an applicable entity have to evaluate the contingency that produces the more severe system results or
6
As required by NERC Reliability Standard TPL-003-0a, Requirement R1.5.
7
As required by NERC Reliability Standard TPL-004-0, Requirement R1.4.
8
Footnote (e) Delayed Clearing: failure of any protection system component such as a relay, circuit breaker, or
current transformer, and not because of an intentional design delay,
9
R1.3.7.
10
Elements
Page 12 of 13

Response 1
The interpretation drafting team concludes that the Planning Authority and Transmission Planner must
evaluate the situation that produces the more severe system results or impacts (i.e., TPL-003-0a, R1.3.1
and TPL-004-0, R1.3.1) due to a delayed clearing condition regardless of whether the condition resulted
from a stuck breaker or protection system failure. The Reliability Standards TPL-003-0a (Table I,
Category C contingencies 6-9) and TPL-004-0 (Table I, Category D contingencies 1-4) involve an
assessment of the effects of either a stuck breaker or a protection system failure. The single line
ground (SLG) (TPL-003-0a, Table I, Category C) Fault and 3-phase (3) (TPL-004-0, Table I, Category D)
Fault contingencies with delayed clearing are further defined by footnote (e) and the parenthetical
phrase (stuck breaker or protection system failure). Footnote (e) explains that Delayed clearing of a
Fault is due to failure of any protection system component such as a relay, circuit breaker, or current
transformer, and not because of an intentional design delay. The parenthetical further emphasizes
that the failure may be a stuck breaker or protection system failure that causes the delayed clearing
of the fault. The text in Table 1 in either standard explains that when selecting delayed clearing
contingencies to evaluate, both conditions (stuck breaker or protection system failure) must be
considered.
Question 2
For the phrase Delayed Clearing
11
used in Category C
12
13

14
Response 2
The term Delayed Clearing that is described in Table I, footnote (e) refers to fault clearing that results
from a failure to achieve the protection systems normally expected clearing time. For Category C or D
contingencies, each Planning Authority and Transmission Planner is permitted engineering judgment in
its selection of the protection system component failures for evaluation that would produce the more
severe system results or impact (i.e., TPL-003-0a, R1.3.1 and TPL-004-0, R1.3.1). The evaluation would
include addressing all protection systems affected by the selected component.
A protection system component failure that impacts one or more protection systems and increases the
total fault clearing time requires the Planning Authority and Transmission Planner to simulate the full

11
12
13
14
Elements
Page 13 of 13

impact (clearing time and facilities removed) on the Bulk Electric System performance.
The interpretation drafting team bases this conclusion on the footnote (e) example any protection
system component such as, relay, circuit breaker, or current transformer... because the component
circuit breaker is not addressed in the current or previously defined NERC glossary term. The
interpretation drafting team initially believed the lowercase usage of protection system inferred the
NERC glossary term and the components described therein; however, based on the interpretation
drafting teams further assessment of footnote (e), it concludes that the existing TPL standards (TPL-
003-0a and TPL-004-0) do not implicitly use the NERC glossary term. Without an explicit reference to
the NERC glossary term, Protection System, the two standards do not prescribe the specific
protection system components that must be addressed by the Planning Authority and Transmission
Planner in performing the studies required in TPL-003-0a and TPL-004-0.

Standard TPL-003-2a System Performance Following Loss of Two or More BES Elements
Page 1 of 11
A. Introduction
2. Number: TPL-003-2a
4. Applicability:
authorities. In those jurisdictions where regulatory approval is not required, the effective date
will be the first day of the first calendar quarter, 60 months after Board of Trustees adoption or
authorities. All other requirements remain in effect per previous approvals. The existing
Footnote b remains in effect until the revised Footnote b becomes effective.
B. Requirements
assessments shall:
information.
Page 2 of 11
such analyses.
contingencies.
performed.
Category C.
needed.
Organization.
B. Measures
Page 3 of 11
C. Compliance
Annually.
1.3. Data Retention
None specified.
None.
is not available.
not available.
1. None identified.
Version History
0a J uly 30, 2008 Adopted by NERC Board of Trustees
0a October 23, 2008 Added Appendix 1 Interpretation of
TPL-002-0 Requirements R1.3.2 and
R1.3.12 and TPL-003-0 Requirements
R1.3.2 and R1.3.12 for Ameren and
MISO
Revised
0a April 23, 2010 FERC approval of interpretation of TPL-
003-0 R1.3.12
Interpretation
Page 4 of 11
1a February 17,
2011
Approved by the Board of Trustees;
revised footnote b pursuant to FERC
Order RM06-16-009.
11)
1a April 19, 2012 FERC issued Order 762 remanding TPL-
001-1, TPL-002-1b, TPL-003-1a, and
TPL-004-1. FERC also issued a NOPR
proposing to remand TPL-001-2. NERC
has been directed to revise footnote 'b' in
Nos. 762 and 693.

2a February 7, 2013 Adopted by NERC Board of Trustees.
Revised footnote b.

Page 5 of 11


Category

Element(s)
System Stable
and both
Thermal and
Voltage
Limits within
Applicable
Rating
a

Loss of Demand
or
Curtailed Firm
Transfers
Cascading
c
Outages

A
No Contingencies


Yes

No

No

B
Event resulting in
element.
1. Generator
3. Transformer

Yes
Yes
Yes
Yes

No
b

No
b

No
b

No
b

No
No
No
No
e
:

Yes

No
b

No

C
the loss of two or
more (multiple)
elements.
e
:
1. Bus Section


Yes

Yes

Planned/
Controlled
c

Planned/
Controlled
c

No

No
e
, Manual
e
:

Yes

Planned/
Controlled
c

No
e
:
Normal Clearing
e
:

towerline
f

Yes

Yes

Planned/
Controlled
c

Planned/
Controlled
c

No

No
e
(stuck breaker
6. Generator

7. Transformer


9. Bus Section

Yes

Yes

Yes

Yes

Planned/
Controlled
c

Planned/
Controlled
c

Planned/
Controlled
c

Planned/
Controlled
c

No

No

No

No

Standard TPL-003-2a System Performance Following Loss of Two or More BES
Elements
Page 6 of 11

D
d

elements removed or
e
failure):

e
:


consequences.
customer Demand and
area or areas.

Demand or Demand-Side Management Load. In limited circumstances, Firm Demand may be interrupted throughout the
planning horizon to ensure that BES performance requirements are met. However, when interruption of Firm Demand is
utilized within the Near-Term Transmission Planning Horizon to address BES performance requirements, such
interruption is limited to circumstances where the use of Firm Demand interruption meets the conditions shown in
Attachment 1. In no case can the planned Firm Demand interruption under footnote b exceed 75 MW for US registered
entities. The amount of planned Non-Consequential Load Loss for a non-US Registered Entity should be implemented in
a manner that is consistent with, or under the direction of, the applicable governmental authority or its agency in the non-
US jurisdiction.
Elements
Page 7 of 11

Attachment 1



necessary:
level
that Contingency
Elements
Page 8 of 11

performance
performance

is Required
MW

Elements
Page 9 of 11

Appendix 1

Requirement R1.3.2


TPL-003-0:
responsible entity.
TPL-002-0:
responsible entity.
Elements
Page 10 of 11

responsibilities.)
dispatch scenarios.
and TPL-002-0_R2 [or TPL-003-0_R2].
Elements
Page 11 of 11

Requirement R1.3.12

base condition?
of this standard1?
Page 1 of 16
A. Introduction
4. Applicability:
B. Requirements
assessments shall:
information.
Page 2 of 16
such analyses.
contingencies.
performed.
Category C.
needed.
Organization.
B. Measures
Page 3 of 16
C. Compliance
Annually.
1.3. Data Retention
None specified.
None.
is not available.
not available.
1. None identified.
Version History
0a J uly 30, 2008 Adopted by NERC Board of Trustees
0a October 23, 2008 Added Appendix 1 Interpretation of
TPL-002-0 Requirements R1.3.2 and
R1.3.12 and TPL-003-0 Requirements
R1.3.2 and R1.3.12 for Ameren and
MISO
Revised
0a April 23, 2010 FERC approval of interpretation of TPL-
003-0 R1.3.12
Interpretation
Page 4 of 16
1a February 17,
2011
Order RM06-16-009.
11)
1a April 19, 2012 FERC issued Order 762 remanding TPL-
001-1, TPL-002-1b, TPL-003-1a, and
TPL-004-1. FERC also issued a NOPR
proposing to remand TPL-001-2. NERC
has been directed to revise footnote 'b' in
Nos. 762 and 693.

2a February 7, 2013 Adopted by NERC Board of Trustees.
Revised footnote b.

2b February 7, 2013 Interpretation adopted by NERC Board of
Trustees.

Page 5 of 16


Category

Element(s)
System Stable
and both
Thermal and
Voltage
Limits within
Applicable
Rating
a

Loss of Demand
or
Curtailed Firm
Transfers
Cascading
c
Outages

A
No Contingencies


Yes

No

No

B
Event resulting in
element.
1. Generator
3. Transformer

Yes
Yes
Yes
Yes

No
b

No
b

No
b

No
b

No
No
No
No
e
:

Yes

No
b

No

C
the loss of two or
more (multiple)
elements.
e
:
1. Bus Section


Yes

Yes

Planned/
Controlled
c

Planned/
Controlled
c

No

No
e
, Manual
e
:

Yes

Planned/
Controlled
c

No
e
:
Normal Clearing
e
:

towerline
f

Yes

Yes

Planned/
Controlled
c

Planned/
Controlled
c

No

No
e
(stuck breaker
6. Generator

7. Transformer


9. Bus Section

Yes

Yes

Yes

Yes

Planned/
Controlled
c

Planned/
Controlled
c

Planned/
Controlled
c

Planned/
Controlled
c

No

No

No

No

Elements
Page 6 of 16

D
d

elements removed or
e
failure):

e
:


consequences.
customer Demand and
area or areas.

US jurisdiction.
Elements
Page 7 of 16

Attachment 1



necessary:
level
that Contingency
Elements
Page 8 of 16

performance
performance

is Required
MW

Elements
Page 9 of 16

Appendix 1

Requirement R1.3.2


TPL-003-0:
responsible entity.
TPL-002-0:
responsible entity.
Elements
Page 10 of 16

responsibilities.)
dispatch scenarios.
and TPL-002-0_R2 [or TPL-003-0_R2].
Elements
Page 11 of 16

Requirement R1.3.12

base condition?
of this standard1?

Elements
Page 12 of 16

Appendix 2

Datesubmitted: December12,2011
ThefollowinginterpretationsofTPL0030a,SystemPerformanceFollowingLossofTwoorMoreBulk
ElectricSystemElements(CategoryC),RequirementsR1.3.1,R1.3.10andR1.5andTPL0040,System
PerformanceFollowingExtremeEventsResultingintheLossofTwoorMoreBulkElectricSystem
Elements(CategoryD),RequirementsR1.3.1,R1.37andR1.4weredevelopedbymembersoftheAssess
TransmissionFutureNeedsStandardDraftingTeam(ATFNSTD),ProtectionSystemMisoperations
StandardDevelopmentTeam(PSMSDT),andProtectionSystemMaintenanceandTestingStandard
DraftingTeam(PSMTSDT).
TPL0030a R1.3.1BeperformedandevaluatedonlyforthoseCategoryCcontingenciesthat
wouldproducethemoreseveresystemresultsorimpacts.Therationaleforthe
contingenciesselectedforevaluationshallbeavailableassupportinginformation.
Anexplanationofwhytheremainingsimulationswouldproducelessseveresystem
resultsshallbeavailableassupportinginformation.
TPL0030a R1.3.10.Includetheeffectsofexistingandplannedprotectionsystems,including
anybackuporredundantsystems.
TPL0030a R1.5.ConsiderallcontingenciesapplicabletoCategoryC.
TPL0040 R1.3.1.BeperformedandevaluatedonlyforthoseCategoryDcontingenciesthat
TPL0040 R1.3.7.Includetheeffectsofexistingandplannedprotectionsystems,includingany
backuporredundantsystems.
TPL0040 R1.4.ConsiderallcontingenciesapplicabletoCategoryD.
ThisinterpretationrequesthasbeendevelopedtoaddressCommissionconcernsrelatedtotheterm
Elements
Page 13 of 16

SinglePointofFailureandhowitrelatestosystemperformanceandcontingencyplanning
clarificationregardingthefollowingquestionsaboutthelistedstandards,requirementsandterms.
Morespecifically,clarificationisneededaboutthecomprehensivestudyofsystemperformance
relatingtoTable1s,CategoryCandDcontingencyofaprotectionsystemfailureandspecificallythe
impactoffailedcomponents(i.e.,SinglePointofFailure).Itisnotentirelyclearwhetheravalid
assessmentofaprotectionsystemfailureincludesevaluationofsharedornonredundantprotection
systemcomponents.Protectionsystemsthathaveasharedprotectionsystemcomponentarenottwo
independentprotectionsystems,becausebothprotectionsystemswillbemutuallyimpactedfora
failureofasinglesharedcomponent.Aprotectionsystemcomponentevaluationwouldincludethe
evaluationoftheconsequencesonsystemperformanceforthefailureofanyprotectionsystem
componentthatisintegraltotheoperationoftheprotectionsystembeingevaluatedandtothe
operationofanotherprotectionsystem.
OnMarch30,2009,NERCissuedanIndustryAdvisoryProtectionSystemSinglePointofFailure
1
(i.e.,
NERCAlert)forthreesignificantevents.Oneofwhich,theWestwingoutage(June14,2004)was
causedbyfailureofasingleauxiliaryrelaythatinitiatedbothbreakertrippingandthebreakerfailure
protection.Sincebreakertrippingandbreakerfailureprotectionbothsharedthesameauxiliaryrelay,
therewasnoindependencebetweenbreakertrippingandbreakerfailureprotectionsystems,therefore
causingbothprotectionsystemstonotoperateforthesinglecomponentfailureoftheauxiliaryrelay.
Thefailureofthisauxiliaryrelayisknownasasinglepointoffailure.Itisnotclearwhetherthis
situationiscomprehensivelyaddressedbytheapplicableentitieswhenmakingavalidassessmentof
systemperformanceforbothCategoryCandDcontingencies.
Question1:Fortheparenthetical(stuckbreakerorprotectionsystemfailure)inTPL0030a(Category
Ccontingencies69)andTPL0040(CategoryDcontingencies14),doesanentityhavetheoptionof
evaluatingtheeffects
2
ofeitherstuckbreakerorprotectionsystemfailurecontingency
3
,ordoesan
applicableentityhavetoevaluatethecontingencythatproducesthemoreseveresystemresultsor
impactsasidentifiedinR1.3.1ofbothstandards?
ThereisalackofclaritywhetherR1.3.1
4
requiresanentitytoassesswhichcontingencycausesthemost
severesystemresultsorimpacts(R1.3.1)andthisambiguitycouldresultinapotentialreliabilitygap.
Whetherthesimulationofastuckbreakerorprotectionsystemfailurewillproducetheworstresult
dependsontheprotectionsystemdesign.Forexamplewhenaprotectionsystemisfullyredundant,a
protectionsystemfailurewillnotaffectfaultclearing;therefore,astuckbreakerwouldresultinmore
severesystemresultsorimpacts.However,whenaprotectionsystemfailureaffectsfaultclearing,the
faultclearingtimemaybelongerthanthebreakerfailureprotectionclearingtimeforastuckbreaker
contingencyandmayresultintrippingofadditionalsystemelements,resultinginamoreseveresystem

1
NERCWebsite:(http://www.nerc.com/fileUploads/File/Events%20Analysis/A2009033001.pdf)
2
AsrequiredbyNERCReliabilityStandardTPL0030a,RequirementR1.3.10.and/orTPL0040,Requirement
R1.3.7.
3
AsrequiredbyNERCReliabilityStandardTPL0030a,RequirementR1.5.and/orTPL0040,RequirementR1.4.
4
BeperformedandevaluatedonlyforthoseCategory(TPL0030aCategoryCandTPL0040CategoryD)
contingenciesthatwouldproducethemoreseveresystemresultsorimpacts.
Elements
Page 14 of 16

response.
Question2:ForthephraseDelayedClearing
5
usedinCategoryC
6
contingencies69andCategoryD
7
contingencies14,towhatextentdoesthedescriptioninTable1,footnote(e)
8
requireanentityto
modelasinglepointoffailureofaprotectionsystemcomponentthatmaypreventcorrectoperationof
aprotectionsystem,includingotherprotectionsystemsimpactedbythatfailedcomponentbasedon
theasbuiltdesignofthatprotectionsystem?
Thereisalackofclaritywhetherfootnote(e)inTable1requiresthestudyand/orsimulationofafailure
ofaprotectionsystemcomponent(i.e.,singlepointoffailure)thatmaypreventcorrectoperationof
theprotectionsystem(s)impactedbythecomponentfailure.Protectionsystemsthatsharea
protectionsystemcomponentarefullydependentuponthecorrectoperationofthatsingleshared
componentanddonotperformastwoindependentprotectionsystems.Thislackofclaritymayresult
inapotentialreliabilitygap.
Clarityisnecessaryastowhether(1)avalidassessmentshouldincludeevaluationofdelayedclearing
duetofailureoftheprotectionsystemcomponent(i.e.,singlepointoffailure),suchasthefailureofa
sharedprotectionsystemcomponent,thatproducesthemoreseveresystemresultsorimpacts;and(2)
thestudyand/orsimulationofthefaultclearingsequenceandprotectionsystem(s)operationshould
bebasedontheprotectionsystem(s)asbuiltdesign.
ThelackofclarityiscompoundedbythesimilaritybetweenthephraseDelayedClearingusedinTPL
0030aandTPL0040,footnote(e),andtheNERCglossarytermDelayedFaultClearing.WhileTPL
0030aandTPL0040donotusetheglossaryterm,thesimilaritymayleadtoconfusionand
inconsistencyinhowentitiesapplyfootnote(e)tostuckbreakerorprotectionsystemfailure
contingencyassessments.
Question 1
Fortheparenthetical(stuckbreakerorprotectionsystemfailure)inTPL0030a(CategoryC
contingencies69)andTPL0040(CategoryDcontingencies14),doesanentityhavetheoptionof
9
10
,ordoes
anapplicableentityhavetoevaluatethecontingencythatproducesthemoreseveresystemresultsor
Response 1

5
6
AsrequiredbyNERCReliabilityStandardTPL0030a,RequirementR1.5.
7
AsrequiredbyNERCReliabilityStandardTPL0040,RequirementR1.4.
8
Footnote(e)DelayedClearing:failureofanyprotectionsystemcomponentsuchasarelay,circuitbreaker,or
currenttransformer,andnotbecauseofanintentionaldesigndelay,
9
R1.3.7.
10
Elements
Page 15 of 16

TheinterpretationdraftingteamconcludesthatthePlanningAuthorityandTransmissionPlannermust
evaluatethesituationthatproducesthemoreseveresystemresultsorimpacts(i.e.,TPL0030a,R1.3.1
andTPL0040,R1.3.1)duetoadelayedclearingconditionregardlessofwhethertheconditionresulted
fromastuckbreakerorprotectionsystemfailure.TheReliabilityStandardsTPL0030a(TableI,
CategoryCcontingencies69)andTPL0040(TableI,CategoryDcontingencies14)involvean
assessmentoftheeffectsofeitherastuckbreakeroraprotectionsystemfailure.Thesingleline
ground(SLG)(TPL0030a,TableI,CategoryC)Faultand3phase(3)(TPL0040,TableI,CategoryD)
Faultcontingencieswithdelayedclearingarefurtherdefinedbyfootnote(e)andtheparenthetical
phrase(stuckbreakerorprotectionsystemfailure).Footnote(e)explainsthatDelayedclearingofa
Faultisduetofailureofanyprotectionsystemcomponentsuchasarelay,circuitbreaker,orcurrent
transformer,andnotbecauseofanintentionaldesigndelay.Theparentheticalfurtheremphasizes
thatthefailuremaybeastuckbreakerorprotectionsystemfailurethatcausesthedelayedclearing
ofthefault.ThetextinTable1ineitherstandardexplainsthatwhenselectingdelayedclearing
contingenciestoevaluate,bothconditions(stuckbreakerorprotectionsystemfailure)mustbe
considered.
Question 2
ForthephraseDelayedClearing
11
usedinCategoryC
12
13
14
requireanentityto
Response 2
ThetermDelayedClearingthatisdescribedinTableI,footnote(e)referstofaultclearingthatresults
fromafailuretoachievetheprotectionsystemsnormallyexpectedclearingtime.ForCategoryCorD
contingencies,eachPlanningAuthorityandTransmissionPlannerispermittedengineeringjudgmentin
itsselectionoftheprotectionsystemcomponentfailuresforevaluationthatwouldproducethemore
severesystemresultsorimpact(i.e.,TPL0030a,R1.3.1andTPL0040,R1.3.1).Theevaluationwould
includeaddressingallprotectionsystemsaffectedbytheselectedcomponent.
Aprotectionsystemcomponentfailurethatimpactsoneormoreprotectionsystemsandincreasesthe
totalfaultclearingtimerequiresthePlanningAuthorityandTransmissionPlannertosimulatethefull
impact(clearingtimeandfacilitiesremoved)ontheBulkElectricSystemperformance.
Theinterpretationdraftingteambasesthisconclusiononthefootnote(e)exampleanyprotection

11
12
13
14
Elements
Page 16 of 16

systemcomponentsuchas,relay,circuitbreaker,orcurrenttransformer...becausethecomponent
circuitbreakerisnotaddressedinthecurrentorpreviouslydefinedNERCglossaryterm.The
interpretationdraftingteaminitiallybelievedthelowercaseusageofprotectionsysteminferredthe
NERCglossarytermandthecomponentsdescribedtherein;however,basedontheinterpretation
draftingteamsfurtherassessmentoffootnote(e),itconcludesthattheexistingTPLstandards(TPL
0030aandTPL0040)donotimplicitlyusetheNERCglossaryterm.Withoutanexplicitreferenceto
theNERCglossaryterm,ProtectionSystem,thetwostandardsdonotprescribethespecific
protectionsystemcomponentsthatmustbeaddressedbythePlanningAuthorityandTransmission
PlannerinperformingthestudiesrequiredinTPL0030aandTPL0040.

Standard TPL-004-0a System Performance Following Extreme BES Events
1 of 10
A. Introduction
1. Title: System Performance Following Extreme Events Resulting in the Loss of Two or
More Bulk Electric System Elements (Category D)
3. Purpose: System simulations and associated assessments are needed periodically to ensure that
reliable systems are developed that meet specified performance requirements, with sufficient
lead time and continue to be modified or upgraded as necessary to meet present and future
System needs.
4. Applicability:
B. Requirements
assessment that its portion of the interconnected transmission system is evaluated for the risks
and consequences of a number of each of the extreme contingencies that are listed under
Category D of Table I. To be valid, the Planning Authoritys and Transmission Planners
assessment shall:
R1.2. Be conducted for near-term (years one through five).
Category D contingencies of Table I. The specific elements selected (from within
R1.3.1. Be performed and evaluated only for those Category D contingencies that would
produce the more severe system results or impacts. The rationale for the
contingencies selected for evaluation shall be available as supporting
information. An explanation of why the remaining simulations would produce
less severe system results shall be available as supporting information.
R1.3.2. Cover critical system conditions and study years as deemed appropriate by the
responsible entity.
such analyses.
2 of 10
equipment (including protection systems or their components) at those demand
levels for which planned (including maintenance) outages are performed.
R1.4. Consider all contingencies applicable to Category D.
reliability assessments and shall annually provide the results to its entities respective NERC
Regional Reliability Organization(s), as required by the Regional Reliability Organization.
C. Measures
M1. The Planning Authority and Transmission Planner shall have a valid assessment for its system
responses as specified in Reliability Standard TPL-004-0_R1.
M2. The Planning Authority and Transmission Planner shall provide evidence to its Compliance
Monitor that it reported documentation of results of its reliability assessments per Reliability
D. Compliance
Each Compliance Monitor shall report compliance and violations to NERC via the
NERC Compliance Reporting Process.
Annually.
1.3. Data Retention
None specified.
None.
2.1. Level 1: A valid assessment, as defined above, for the near-term planning horizon
is not available.
1. None identified.

Version History
0a February 7, 2013 Interpretation adopted by NERC Board of
Trustees

3 of 10
0a June 20, 2013 Interpretation approved in FERC order
4 of 10

Category

Element(s)
System Stable
and both
Thermal and
Voltage
Limits within
Applicable
Rating
a

Loss of Demand
or
Curtailed Firm
Transfers
Cascading

Outages

A
No Contingencies


Yes

No

No

B
Event resulting in
element.
1. Generator
3. Transformer

Yes
Yes
Yes
Yes

No
b

No
b

No
b

No
b

No
No
No
No
e
:

Yes

No
b

No

C
the loss of two or
more (multiple)
elements.
e
:
1. Bus Section


Yes

Yes

Planned/
Controlled
c

Planned/
Controlled
c

No

No
e
, Manual
System Adjustments, followed by another SLG or
e
:
contingency, manual system adjustments,

Yes

Planned/
Controlled
c

No
e
:
Normal Clearing
e
:

towerline
f

Yes

Yes

Planned/
Controlled
c

Planned/
Controlled
c

No

No
e
(stuck breaker
or protection system failure):
6. Generator

7. Transformer


9. Bus Section

Yes

Yes

Yes

Yes

Planned/
Controlled
c

Planned/
Controlled
c

Planned/
Controlled
c

Planned/
Controlled
c

No

No

No

No

5 of 10
D
d

elements removed or
e
failure):

e
:

12. Failure of a fully redundant Special Protection System (or
Special Protection System (or Remedial Action Scheme) in
response to an event or abnormal system condition for which it
14. Impact of severe power swings or oscillations from Disturbances

consequences.
customer Demand and
area or areas.

a) Applicable rating refers to the applicable Normal and Emergency facility thermal Rating or System Voltage Limit as
b) Planned or controlled interruption of electric supply to radial customers or some local network customers, connected to or
reliability of the interconnected transmission systems. To prepare for the next contingency, system adjustments are
permitted, including curtailments of contracted Firm (non-recallable reserved) electric power Transfers.
6 of 10
Appendix 1

Date submitted: December 12, 2011
The following interpretations of TPL-003-0a, System Performance Following Loss of Two or More Bulk
Electric System Elements (Category C), Requirements R1.3.1, R1.3.10 and R1.5 and TPL-004-0, System
Performance Following Extreme Events Resulting in the Loss of Two or More Bulk Electric System
Elements (Category D), Requirements R1.3.1, R1.37 and R1.4 were developed by members of the Assess
Transmission Future Needs Standard Drafting Team (ATFNSTD), Protection System Misoperations
Standard Development Team (PSMSDT), and Protection System Maintenance and Testing Standard
Drafting Team (PSMTSDT).
TPL-003-0a R1.3.1 Be performed and evaluated only for those Category C contingencies that
TPL-003-0a R1.3.10. Include the effects of existing and planned protection systems, including
any backup or redundant systems.
TPL-003-0a R1.5. Consider all contingencies applicable to Category C.
TPL-004-0 R1.3.1. Be performed and evaluated only for those Category D contingencies that
TPL-004-0 R1.3.7. Include the effects of existing and planned protection systems, including any
TPL-004-0 R1.4. Consider all contingencies applicable to Category D.
This interpretation request has been developed to address Commission concerns related to the term
Single Point of Failure and how it relates to system performance and contingency planning
clarification regarding the following questions about the listed standards, requirements and terms.
7 of 10
More specifically, clarification is needed about the comprehensive study of system performance
relating to Table 1s, Category C and D contingency of a protection system failure and specifically the
impact of failed components (i.e., Single Point of Failure). It is not entirely clear whether a valid
assessment of a protection system failure includes evaluation of shared or non-redundant protection
system components. Protection systems that have a shared protection system component are not two
independent protection systems, because both protection systems will be mutually impacted for a
failure of a single shared component. A protection system component evaluation would include the
evaluation of the consequences on system performance for the failure of any protection system
component that is integral to the operation of the protection system being evaluated and to the
operation of another protection system.
On March 30, 2009, NERC issued an Industry Advisory Protection System Single Point of Failure
1
Question 1: For the parenthetical (stuck breaker or protection system failure) in TPL-003-0a (Category
C contingencies 6-9) and TPL-004-0 (Category D contingencies 1-4), does an entity have the option of
(i.e.,
NERC Alert) for three significant events. One of which, the Westwing outage (June 14, 2004) was
caused by failure of a single auxiliary relay that initiated both breaker tripping and the breaker failure
protection. Since breaker tripping and breaker failure protection both shared the same auxiliary relay,
there was no independence between breaker tripping and breaker failure protection systems, therefore
causing both protection systems to not operate for the single component failure of the auxiliary relay.
The failure of this auxiliary relay is known as a single point of failure. It is not clear whether this
situation is comprehensively addressed by the applicable entities when making a valid assessment of
system performance for both Category C and D contingencies.
2
3
There is a lack of clarity whether R1.3.1
, or does an
applicable entity have to evaluate the contingency that produces the more severe system results or
4
Question 2: For the phrase Delayed Clearing
requires an entity to assess which contingency causes the most
severe system results or impacts (R1.3.1) and this ambiguity could result in a potential reliability gap.
Whether the simulation of a stuck breaker or protection system failure will produce the worst result
depends on the protection system design. For example when a protection system is fully redundant, a
protection system failure will not affect fault clearing; therefore, a stuck breaker would result in more
severe system results or impacts. However, when a protection system failure affects fault clearing, the
fault clearing time may be longer than the breaker failure protection clearing time for a stuck breaker
contingency and may result in tripping of additional system elements, resulting in a more severe system
response.
5
used in Category C
6
7

8

1
NERC Website: (
http://www.nerc.com/fileUploads/File/Events%20Analysis/A-2009-03-30-01.pdf)
2
R1.3.7.
3
4
Be performed and evaluated only for those Category (TPL-003-0a Category C and TPL-004-0 Category D)
contingencies that would produce the more severe system results or impacts.
5
8 of 10

There is a lack of clarity whether footnote (e) in Table 1 requires the study and/or simulation of a failure
of a protection system component (i.e., single point of failure) that may prevent correct operation of
the protection system(s) impacted by the component failure. Protection systems that share a
protection system component are fully dependent upon the correct operation of that single shared
component and do not perform as two independent protection systems. This lack of clarity may result
in a potential reliability gap.

Clarity is necessary as to whether (1) a valid assessment should include evaluation of delayed clearing
due to failure of the protection system component (i.e., single point of failure), such as the failure of a
shared protection system component, that produces the more severe system results or impacts; and (2)
the study and/or simulation of the fault clearing sequence and protection system(s) operation should
be based on the protection system(s) as-built design.

The lack of clarity is compounded by the similarity between the phrase Delayed Clearing used in TPL-
003-0a and TPL-004-0, footnote (e), and the NERC glossary term Delayed Fault Clearing. While TPL-
003-0a and TPL-004-0 do not use the glossary term, the similarity may lead to confusion and
inconsistency in how entities apply footnote (e) to stuck breaker or protection system failure
contingency assessments.

Question 1
For the parenthetical (stuck breaker or protection system failure) in TPL-003-0a (Category C
contingencies 6-9) and TPL-004-0 (Category D contingencies 1-4), does an entity have the option of
9
10
Response 1
, or does
an applicable entity have to evaluate the contingency that produces the more severe system results or
The interpretation drafting team concludes that the Planning Authority and Transmission Planner must
evaluate the situation that produces the more severe system results or impacts (i.e., TPL-003-0a, R1.3.1
and TPL-004-0, R1.3.1) due to a delayed clearing condition regardless of whether the condition resulted

6
7
8
9
R1.3.7.
10
9 of 10
from a stuck breaker or protection system failure. The Reliability Standards TPL-003-0a (Table I,
Category C contingencies 6-9) and TPL-004-0 (Table I, Category D contingencies 1-4) involve an
assessment of the effects of either a stuck breaker or a protection system failure. The single line
ground (SLG) (TPL-003-0a, Table I, Category C) Fault and 3-phase (3) (TPL-004-0, Table I, Category D)
Fault contingencies with delayed clearing are further defined by footnote (e) and the parenthetical
phrase (stuck breaker or protection system failure). Footnote (e) explains that Delayed clearing of a
Fault is due to failure of any protection system component such as a relay, circuit breaker, or current
transformer, and not because of an intentional design delay. The parenthetical further emphasizes
that the failure may be a stuck breaker or protection system failure that causes the delayed clearing
of the fault. The text in Table 1 in either standard explains that when selecting delayed clearing
contingencies to evaluate, both conditions (stuck breaker or protection system failure) must be
considered.
Question 2
For the phrase Delayed Clearing
11
used in Category C
12
13

14
Response 2
The term Delayed Clearing that is described in Table I, footnote (e) refers to fault clearing that results
from a failure to achieve the protection systems normally expected clearing time. For Category C or D
contingencies, each Planning Authority and Transmission Planner is permitted engineering judgment in
its selection of the protection system component failures for evaluation that would produce the more
severe system results or impact (i.e., TPL-003-0a, R1.3.1 and TPL-004-0, R1.3.1). The evaluation would
include addressing all protection systems affected by the selected component.
A protection system component failure that impacts one or more protection systems and increases the
total fault clearing time requires the Planning Authority and Transmission Planner to simulate the full
impact (clearing time and facilities removed) on the Bulk Electric System performance.
The interpretation drafting team bases this conclusion on the footnote (e) example any protection
system component such as, relay, circuit breaker, or current transformer... because the component
circuit breaker is not addressed in the current or previously defined NERC glossary term. The
interpretation drafting team initially believed the lowercase usage of protection system inferred the

11
12
13
14
10 of 10
NERC glossary term and the components described therein; however, based on the interpretation
drafting teams further assessment of footnote (e), it concludes that the existing TPL standards (TPL-
003-0a and TPL-004-0) do not implicitly use the NERC glossary term. Without an explicit reference to
the NERC glossary term, Protection System, the two standards do not prescribe the specific
protection system components that must be addressed by the Planning Authority and Transmission
Planner in performing the studies required in TPL-003-0a and TPL-004-0.

Standard TPL-004-2 System Performance Following Extreme BES Events
1 of 7
A. Introduction
System needs.
4. Applicability:
B. Requirements
assessment shall:
responsible entity.
such analyses.
2 of 7
B. Measures
C. Compliance
Annually.
1.3. Data Retention
None specified.
None.
is not available.
1. None identified.

3 of 7
Version History
1 February 17,
2011
Order RM06-16-009.
11)
1 April 19, 2012 FERC issued Order 762 remanding
TPL-001-1, TPL-002-1b, TPL-003-1a,
and TPL-004-1. FERC also issued a
NOPR proposing to remand TPL-001-2.
NERC has been directed to revise
footnote 'b' in accordance with the
directives of Order Nos. 762 and 693.

2 February 7,
2013
Adopted by NERC Board of Trustees.
Revised footnote b.

4 of 7

Category

Element(s)
System Stable
and both
Thermal and
Voltage
Limits within
Applicable
Rating
a

Loss of Demand
or
Curtailed Firm
Transfers
Cascading

Outages

A
No Contingencies


Yes

No

No

B
Event resulting in
element.
1. Generator
3. Transformer

Yes
Yes
Yes
Yes

No
b

No
b

No
b

No
b

No
No
No
No
e
:

Yes

No
b

No

C
the loss of two or
more (multiple)
elements.
e
:
1. Bus Section


Yes

Yes

Planned/
Controlled
c

Planned/
Controlled
c

No

No
e
, Manual
e
:

Yes

Planned/
Controlled
c

No
e
:
Normal Clearing
e
:

towerline
f

Yes

Yes

Planned/
Controlled
c

Planned/
Controlled
c

No

No
e
(stuck breaker
6. Generator

7. Transformer


9. Bus Section

Yes

Yes

Yes

Yes

Planned/
Controlled
c

Planned/
Controlled
c

Planned/
Controlled
c

Planned/
Controlled
c

No

No

No

No

5 of 7
D
d

elements removed or
e
failure):

e
:


consequences.
customer Demand and
area or areas.

US jurisdiction.
6 of 7
Attachment 1



necessary:
level
that Contingency
7 of 7
performance
performance

is Required
MW

1 of 12
A. Introduction
System needs.
4. Applicability:
B. Requirements
assessment shall:
responsible entity.
such analyses.
2 of 12
B. Measures
C. Compliance
Annually.
1.3. Data Retention
None specified.
None.
is not available.
1. None identified.

3 of 12
Version History
1 February 17,
2011
Order RM06-16-009.
11)
1 April 19, 2012 FERC issued Order 762 remanding
TPL-001-1, TPL-002-1b, TPL-003-1a,
and TPL-004-1. FERC also issued a
NOPR proposing to remand TPL-001-2.
NERC has been directed to revise
footnote 'b' in accordance with the
directives of Order Nos. 762 and 693.

2 February 7,
2013
Adopted by NERC Board of Trustees.
Revised footnote b.

2a February 7,
2013
Interpretation adopted by NERC Board
of Trustees.

4 of 12

Category

Element(s)
System Stable
and both
Thermal and
Voltage
Limits within
Applicable
Rating
a

Loss of Demand
or
Curtailed Firm
Transfers
Cascading

Outages

A
No Contingencies


Yes

No

No

B
Event resulting in
element.
1. Generator
3. Transformer

Yes
Yes
Yes
Yes

No
b

No
b

No
b

No
b

No
No
No
No
e
:

Yes

No
b

No

C
the loss of two or
more (multiple)
elements.
e
:
1. Bus Section


Yes

Yes

Planned/
Controlled
c

Planned/
Controlled
c

No

No
e
, Manual
e
:

Yes

Planned/
Controlled
c

No
e
:
Normal Clearing
e
:

towerline
f

Yes

Yes

Planned/
Controlled
c

Planned/
Controlled
c

No

No
e
(stuck breaker
6. Generator

7. Transformer


9. Bus Section

Yes

Yes

Yes

Yes

Planned/
Controlled
c

Planned/
Controlled
c

Planned/
Controlled
c

Planned/
Controlled
c

No

No

No

No

5 of 12
D
d

elements removed or
e
failure):

e
:


consequences.
customer Demand and
area or areas.

US jurisdiction.
6 of 12
Attachment 1



necessary:
level
that Contingency
7 of 12
performance
performance

is Required
MW

8 of 12
Appendix 1
Datesubmitted: December12,2011
ThefollowinginterpretationsofTPL0030a,SystemPerformanceFollowingLossofTwoorMoreBulk
ElectricSystemElements(CategoryC),RequirementsR1.3.1,R1.3.10andR1.5andTPL0040,System
PerformanceFollowingExtremeEventsResultingintheLossofTwoorMoreBulkElectricSystem
Elements(CategoryD),RequirementsR1.3.1,R1.37andR1.4weredevelopedbymembersoftheAssess
TransmissionFutureNeedsStandardDraftingTeam(ATFNSTD),ProtectionSystemMisoperations
StandardDevelopmentTeam(PSMSDT),andProtectionSystemMaintenanceandTestingStandard
DraftingTeam(PSMTSDT).
TPL0030a R1.3.1BeperformedandevaluatedonlyforthoseCategoryCcontingenciesthat
TPL0030a R1.3.10.Includetheeffectsofexistingandplannedprotectionsystems,including
anybackuporredundantsystems.
TPL0030a R1.5.ConsiderallcontingenciesapplicabletoCategoryC.
TPL0040 R1.3.1.BeperformedandevaluatedonlyforthoseCategoryDcontingenciesthat
TPL0040 R1.3.7.Includetheeffectsofexistingandplannedprotectionsystems,includingany
backuporredundantsystems.
TPL0040 R1.4.ConsiderallcontingenciesapplicabletoCategoryD.
ThisinterpretationrequesthasbeendevelopedtoaddressCommissionconcernsrelatedtotheterm
SinglePointofFailureandhowitrelatestosystemperformanceandcontingencyplanning
clarificationregardingthefollowingquestionsaboutthelistedstandards,requirementsandterms.
Morespecifically,clarificationisneededaboutthecomprehensivestudyofsystemperformance
9 of 12
relatingtoTable1s,CategoryCandDcontingencyofaprotectionsystemfailureandspecificallythe
impactoffailedcomponents(i.e.,SinglePointofFailure).Itisnotentirelyclearwhetheravalid
assessmentofaprotectionsystemfailureincludesevaluationofsharedornonredundantprotection
systemcomponents.Protectionsystemsthathaveasharedprotectionsystemcomponentarenottwo
independentprotectionsystems,becausebothprotectionsystemswillbemutuallyimpactedfora
failureofasinglesharedcomponent.Aprotectionsystemcomponentevaluationwouldincludethe
evaluationoftheconsequencesonsystemperformanceforthefailureofanyprotectionsystem
componentthatisintegraltotheoperationoftheprotectionsystembeingevaluatedandtothe
operationofanotherprotectionsystem.
OnMarch30,2009,NERCissuedanIndustryAdvisoryProtectionSystemSinglePointofFailure
1
(i.e.,
NERCAlert)forthreesignificantevents.Oneofwhich,theWestwingoutage(June14,2004)was
causedbyfailureofasingleauxiliaryrelaythatinitiatedbothbreakertrippingandthebreakerfailure
protection.Sincebreakertrippingandbreakerfailureprotectionbothsharedthesameauxiliaryrelay,
therewasnoindependencebetweenbreakertrippingandbreakerfailureprotectionsystems,therefore
causingbothprotectionsystemstonotoperateforthesinglecomponentfailureoftheauxiliaryrelay.
Thefailureofthisauxiliaryrelayisknownasasinglepointoffailure.Itisnotclearwhetherthis
situationiscomprehensivelyaddressedbytheapplicableentitieswhenmakingavalidassessmentof
systemperformanceforbothCategoryCandDcontingencies.
Question1:Fortheparenthetical(stuckbreakerorprotectionsystemfailure)inTPL0030a(Category
Ccontingencies69)andTPL0040(CategoryDcontingencies14),doesanentityhavetheoptionof
2
3
,ordoesan
applicableentityhavetoevaluatethecontingencythatproducesthemoreseveresystemresultsor
ThereisalackofclaritywhetherR1.3.1
4
requiresanentitytoassesswhichcontingencycausesthemost
severesystemresultsorimpacts(R1.3.1)andthisambiguitycouldresultinapotentialreliabilitygap.
Whetherthesimulationofastuckbreakerorprotectionsystemfailurewillproducetheworstresult
dependsontheprotectionsystemdesign.Forexamplewhenaprotectionsystemisfullyredundant,a
protectionsystemfailurewillnotaffectfaultclearing;therefore,astuckbreakerwouldresultinmore
severesystemresultsorimpacts.However,whenaprotectionsystemfailureaffectsfaultclearing,the
faultclearingtimemaybelongerthanthebreakerfailureprotectionclearingtimeforastuckbreaker
contingencyandmayresultintrippingofadditionalsystemelements,resultinginamoreseveresystem
response.
Question2:ForthephraseDelayedClearing
5
usedinCategoryC
6
7
8
requireanentityto

1
NERCWebsite:(http://www.nerc.com/fileUploads/File/Events%20Analysis/A2009033001.pdf)
2
R1.3.7.
3
4
BeperformedandevaluatedonlyforthoseCategory(TPL0030aCategoryCandTPL0040CategoryD)
contingenciesthatwouldproducethemoreseveresystemresultsorimpacts.
5
6
10 of 12
Thereisalackofclaritywhetherfootnote(e)inTable1requiresthestudyand/orsimulationofafailure
ofaprotectionsystemcomponent(i.e.,singlepointoffailure)thatmaypreventcorrectoperationof
theprotectionsystem(s)impactedbythecomponentfailure.Protectionsystemsthatsharea
protectionsystemcomponentarefullydependentuponthecorrectoperationofthatsingleshared
componentanddonotperformastwoindependentprotectionsystems.Thislackofclaritymayresult
inapotentialreliabilitygap.
Clarityisnecessaryastowhether(1)avalidassessmentshouldincludeevaluationofdelayedclearing
duetofailureoftheprotectionsystemcomponent(i.e.,singlepointoffailure),suchasthefailureofa
sharedprotectionsystemcomponent,thatproducesthemoreseveresystemresultsorimpacts;and(2)
thestudyand/orsimulationofthefaultclearingsequenceandprotectionsystem(s)operationshould
bebasedontheprotectionsystem(s)asbuiltdesign.
ThelackofclarityiscompoundedbythesimilaritybetweenthephraseDelayedClearingusedinTPL
0030aandTPL0040,footnote(e),andtheNERCglossarytermDelayedFaultClearing.WhileTPL
0030aandTPL0040donotusetheglossaryterm,thesimilaritymayleadtoconfusionand
inconsistencyinhowentitiesapplyfootnote(e)tostuckbreakerorprotectionsystemfailure
contingencyassessments.
Question1
Fortheparenthetical(stuckbreakerorprotectionsystemfailure)inTPL0030a(CategoryC
contingencies69)andTPL0040(CategoryDcontingencies14),doesanentityhavetheoptionof
9
10
,ordoes
anapplicableentityhavetoevaluatethecontingencythatproducesthemoreseveresystemresultsor
Response1
TheinterpretationdraftingteamconcludesthatthePlanningAuthorityandTransmissionPlannermust
evaluatethesituationthatproducesthemoreseveresystemresultsorimpacts(i.e.,TPL0030a,R1.3.1
andTPL0040,R1.3.1)duetoadelayedclearingconditionregardlessofwhethertheconditionresulted
fromastuckbreakerorprotectionsystemfailure.TheReliabilityStandardsTPL0030a(TableI,

7
8
9
R1.3.7.
10
11 of 12
CategoryCcontingencies69)andTPL0040(TableI,CategoryDcontingencies14)involvean
assessmentoftheeffectsofeitherastuckbreakeroraprotectionsystemfailure.Thesingleline
ground(SLG)(TPL0030a,TableI,CategoryC)Faultand3phase(3)(TPL0040,TableI,CategoryD)
Faultcontingencieswithdelayedclearingarefurtherdefinedbyfootnote(e)andtheparenthetical
phrase(stuckbreakerorprotectionsystemfailure).Footnote(e)explainsthatDelayedclearingofa
Faultisduetofailureofanyprotectionsystemcomponentsuchasarelay,circuitbreaker,orcurrent
transformer,andnotbecauseofanintentionaldesigndelay.Theparentheticalfurtheremphasizes
thatthefailuremaybeastuckbreakerorprotectionsystemfailurethatcausesthedelayedclearing
ofthefault.ThetextinTable1ineitherstandardexplainsthatwhenselectingdelayedclearing
contingenciestoevaluate,bothconditions(stuckbreakerorprotectionsystemfailure)mustbe
considered.
Question2
ForthephraseDelayedClearing
11
usedinCategoryC
12
13
14
requireanentityto
Response2
ThetermDelayedClearingthatisdescribedinTableI,footnote(e)referstofaultclearingthatresults
fromafailuretoachievetheprotectionsystemsnormallyexpectedclearingtime.ForCategoryCorD
contingencies,eachPlanningAuthorityandTransmissionPlannerispermittedengineeringjudgmentin
itsselectionoftheprotectionsystemcomponentfailuresforevaluationthatwouldproducethemore
severesystemresultsorimpact(i.e.,TPL0030a,R1.3.1andTPL0040,R1.3.1).Theevaluationwould
includeaddressingallprotectionsystemsaffectedbytheselectedcomponent.
Aprotectionsystemcomponentfailurethatimpactsoneormoreprotectionsystemsandincreasesthe
totalfaultclearingtimerequiresthePlanningAuthorityandTransmissionPlannertosimulatethefull
impact(clearingtimeandfacilitiesremoved)ontheBulkElectricSystemperformance.
Theinterpretationdraftingteambasesthisconclusiononthefootnote(e)exampleanyprotection
systemcomponentsuchas,relay,circuitbreaker,orcurrenttransformer...becausethecomponent
circuitbreakerisnotaddressedinthecurrentorpreviouslydefinedNERCglossaryterm.The
interpretationdraftingteaminitiallybelievedthelowercaseusageofprotectionsysteminferredthe
NERCglossarytermandthecomponentsdescribedtherein;however,basedontheinterpretation

11
12
13
14
12 of 12
draftingteamsfurtherassessmentoffootnote(e),itconcludesthattheexistingTPLstandards(TPL
0030aandTPL0040)donotimplicitlyusetheNERCglossaryterm.Withoutanexplicitreferenceto
theNERCglossaryterm,ProtectionSystem,thetwostandardsdonotprescribethespecific
protectionsystemcomponentsthatmustbeaddressedbythePlanningAuthorityandTransmission
PlannerinperformingthestudiesrequiredinTPL0030aandTPL0040.
Standard TPL-005-0 Regional and Interregional Self-Assessment Reliability Reports

A. Introduction
1. Title: Regional and Interregional Self-Assessment Reliability Reports
3. Purpose: To ensure that each Regional Reliability Organization complies with planning
criteria, for assessing the overall reliability (Adequacy and Security) of the interconnected
Bulk Electric Systems, both existing and as planned.
4. Applicability:
B. Requirements
R1. Each Regional Reliability Organization shall annually conduct reliability assessments of its
respective existing and planned Regional Bulk Electric System (generation and transmission
facilities) for:
R1.1. Current year:
R1.1.1. Winter.
R1.1.2. Summer.
R1.1.3. Other system conditions as deemed appropriate by the Regional Reliability
Organization.
R1.2. Near-term planning horizons (years one through five). Detailed assessments shall be
conducted.
R1.3. Longer-term planning horizons (years six through ten). Assessment shall focus on the
analysis of trends in resources and transmission Adequacy, other industry trends and
developments, and reliability concerns.
R1.4. Inter-Regional reliability assessments to demonstrate that the performance of these
systems is in compliance with NERC Reliability Standards TPL-001-0, TPL-002-0,
TPL-003-0, TPL-004-0 and respective Regional transmission and generation criteria.
These assessments shall also identify key reliability issues and the risks and
uncertainties affecting Adequacy and Security.
R2. The Regional Reliability Organization shall provide its Regional and Inter-Regional seasonal,
near-term, and longer-term reliability assessments to NERC on an annual basis.
R3. The Regional Reliability Organization shall perform special reliability assessments as
requested by NERC or the NERC Board of Trustees under their specific directions and
criteria. Such assessments may include, but are not limited to:
R3.1. Security assessments.
R3.2. Operational assessments.
R3.3. Evaluations of emergency response preparedness.
R3.4. Adequacy of fuel supply and hydro conditions.
R3.5. Reliability impacts of new or proposed environmental rules and regulations.
Standard TPL-005-0 Regional and Interregional Self-Assessment Reliability Reports
R3.6. Reliability impacts of new or proposed legislation that affects, has affected, or has the
potential to affect the Adequacy of the interconnected Bulk Electric Systems in North
America.
C. Measures
M1. The Regional Reliability Organization shall provide evidence to its Compliance Monitor that
annual Regional and Inter-Regional assessments of reliability for seasonal, near-term, and
longer-term planning horizons, and special assessments, were developed and provided as
requested by other Regional Reliability Organizations or NERC.
D. Compliance
Annually.
1.3. Data Retention
None specified.
None.
2.1. Level 1: Regional, Inter-Regional, and/or special reliability assessments were
provided as requested, but were incomplete.
2.4. Level 4: Regional, Inter-Regional, and/or special reliability assessments were not
provided.
1. None identified.

Version History

Standard TPL-006-0 Assessment Data from Regional Reliability Organizations
A. Introduction
1. Title: Data From the Regional Reliability Organization Needed to Assess
Reliability
4. Applicability:
B. Requirements
R1. Each Regional Reliability Organization shall provide, as requested (seasonally, annually, or as
otherwise specified) by NERC, system data, including past, existing, and future facility and
Bulk Electric System data, reports, and system performance information, necessary to assess
reliability and compliance with the NERC Reliability Standards and the respective Regional
planning criteria.
The facility and Bulk Electric System data, reports, and system performance information shall
include, but not be limited to, one or more of the following types of information as outlined
below:
R1.1. Electric Demand and Net Energy for Load (actual and projected demands and Net
Energy for Load, forecast methodologies, forecast assumptions and uncertainties, and
treatment of Demand-Side Management.)
R1.2. Resource Adequacy and supporting information (Regional assessment reports, existing
and planned resource data, resource availability and characteristics, and fuel types and
requirements.)
R1.3. Demand-Side resources and their characteristics (program ratings, effects on annual
system loads and load shapes, contractual arrangements, and program durations.)
R1.4. Supply-side resources and their characteristics (existing and planned generator units,
Ratings, performance characteristics, fuel types and availability, and real and reactive
capabilities.)
R1.5. Transmission system and supporting information (thermal, voltage, and Stability
Limits, contingency analyses, system restoration, system modeling and data
requirements, and protection systems.)
R1.6. System operations and supporting information (extreme weather impacts, Interchange
Transactions, and Congestion impacts on the reliability of the interconnected Bulk
Electric Systems.)
R1.7. Environmental and regulatory issues and impacts (air and water quality issues, and
impacts of existing, new, and proposed regulations and legislation.)
Standard TPL-006-0 Assessment Data from Regional Reliability Organizations
Measures
it provided Regional system data, reports, and system performance information per Reliability
C. Compliance
Annually.
1.3. Data Retention
None specified.
None.
2.1. Level 1: Requested Regional system data, reports, or system performance
information were incomplete.
information were not provided.
1. None identified.
Version History

Standard TPL-006-0.1 Assessment Data from Regional Reliability Organizations
1 of 2
A. Introduction
1. Title: Data From the Regional Reliability Organization Needed to Assess
Reliability
2. Number: TPL-006-0.1
4. Applicability:
B. Requirements
R1. Each Regional Reliability Organization shall provide, as requested (seasonally, annually, or as
otherwise specified) by NERC, system data, including past, existing, and future facility and
Bulk Electric System data, reports, and system performance information, necessary to assess
reliability and compliance with the NERC Reliability Standards and the respective Regional
planning criteria.
The facility and Bulk Electric System data, reports, and system performance information shall
include, but not be limited to, one or more of the following types of information as outlined
below:
R1.1. Electric Demand and Net Energy for Load (actual and projected demands and Net
Energy for Load, forecast methodologies, forecast assumptions and uncertainties, and
treatment of Demand-Side Management.)
R1.2. Resource Adequacy and supporting information (Regional assessment reports, existing
and planned resource data, resource availability and characteristics, and fuel types and
requirements.)
R1.3. Demand-Side resources and their characteristics (program ratings, effects on annual
system loads and load shapes, contractual arrangements, and program durations.)
R1.4. Supply-side resources and their characteristics (existing and planned generator units,
Ratings, performance characteristics, fuel types and availability, and real and reactive
capabilities.)
R1.5. Transmission system and supporting information (thermal, voltage, and Stability
Limits, contingency analyses, system restoration, system modeling and data
requirements, and protection systems.)
R1.6. System operations and supporting information (extreme weather impacts, Interchange
Transactions, and Congestion impacts on the reliability of the interconnected Bulk
Electric Systems.)
R1.7. Environmental and regulatory issues and impacts (air and water quality issues, and
impacts of existing, new, and proposed regulations and legislation.)
Standard TPL-006-0.1 Assessment Data from Regional Reliability Organizations
2 of 2
Measures
it provided Regional system data, reports, and system performance information per Reliability
C. Compliance
Annually.
1.3. Data Retention
None specified.
None.
information were incomplete.
information were not provided.
1. None identified.
Version History
0 February 8,
2005
0.1 April 15, 2009 Adopted by NERC Board of Trustees;
corrected formatting for M1.
Errata

Standard VAR-001-2 Voltage and Reactive Control
Page 1 of 4
A. Introduction
1. Title: Voltage and Reactive Control
2. Number: VAR-001-2
3. Purpose: To ensure that voltage levels, reactive flows, and reactive resources are
monitored, controlled, and maintained within limits in real time to protect equipment and the
reliable operation of the Interconnection.
4. Applicability:
adoption.
B. Requirements
R1. Each Transmission Operator, individually and jointly with other Transmission Operators,
shall ensure that formal policies and procedures are developed, maintained, and
implemented for monitoring and controlling voltage levels and Mvar flows within their
individual areas and with the areas of neighboring Transmission Operators.
R2. Each Transmission Operator shall acquire sufficient reactive resources which may
include, but is not limited to, reactive generation scheduling; transmission line and reactive
resource switching;, and controllable load within its area to protect the voltage levels
under normal and Contingency conditions. This includes the Transmission Operators
share of the reactive requirements of interconnecting transmission circuits.
R3. The Transmission Operator shall specify criteria that exempts generators from compliance
with the requirements defined in Requirement 4, and Requirement 6.1.
R3.1. Each Transmission Operator shall maintain a list of generators in its area that are
exempt from following a voltage or Reactive Power schedule.
R3.2. For each generator that is on this exemption list, the Transmission Operator shall
notify the associated Generator Owner.
R4. Each Transmission Operator shall specify a voltage or Reactive Power schedule
1
at the
interconnection between the generator facility and the Transmission Owner's facilities to be
maintained by each generator. The Transmission Operator shall provide the voltage or
Reactive Power schedule to the associated Generator Operator and direct the Generator
Operator to comply with the schedule in automatic voltage control mode (AVR in service
and controlling voltage).
R5. Each Purchasing-Selling Entity and Load Serving Entity shall arrange for (self-provide or
purchase) reactive resources which may include, but is not limited to, reactive generation
scheduling; transmission line and reactive resource switching;, and controllable load to
satisfy its reactive requirements identified by its Transmission Service Provider.

1
The voltage schedule is a target voltage to be maintained within a tolerance band during a specified period.
Page 2 of 4
R6. The Transmission Operator shall know the status of all transmission Reactive Power
resources, including the status of voltage regulators and power system stabilizers.
R6.1. When notified of the loss of an automatic voltage regulator control, the
Transmission Operator shall direct the Generator Operator to maintain or change
either its voltage schedule or its Reactive Power schedule.
R7. The Transmission Operator shall be able to operate or direct the operation of devices
necessary to regulate transmission voltage and reactive flow.
R8. Each Transmission Operator shall operate or direct the operation of capacitive and
inductive reactive resources within its area which may include, but is not limited to,
reactive generation scheduling; transmission line and reactive resource switching;
controllable load; and, if necessary, load shedding to maintain system and
Interconnection voltages within established limits.
R9. Each Transmission Operator shall maintain reactive resources which may include, but is
not limited to, reactive generation scheduling; transmission line and reactive resource
switching;, and controllable load to support its voltage under first Contingency
conditions.
R9.1. Each Transmission Operator shall disperse and locate the reactive resources so
that the resources can be applied effectively and quickly when Contingencies
occur.
R10. Each Transmission Operator shall correct IROL or SOL violations resulting from reactive
resource deficiencies (IROL violations must be corrected within 30 minutes) and complete
the required IROL or SOL violation reporting.
R11. After consultation with the Generator Owner regarding necessary step-up transformer tap
changes, the Transmission Operator shall provide documentation to the Generator Owner
specifying the required tap changes, a timeframe for making the changes, and technical
justification for these changes.
R12. The Transmission Operator shall direct corrective action, including load reduction,
necessary to prevent voltage collapse when reactive resources are insufficient.
C. Measures
M1. The Transmission Operator shall have evidence it provided a voltage or Reactive Power
schedule as specified in Requirement 4 to each Generator Operator it requires to follow such a
schedule.
M2. The Transmission Operator shall have evidence to show that, for each generating unit in its
area that is exempt from following a voltage or Reactive Power schedule, the associated
Generator Owner was notified of this exemption in accordance with Requirement 3.2.
M3. The Transmission Operator shall have evidence to show that it issued directives as specified in
Requirement 6.1 when notified by a Generator Operator of the loss of an automatic voltage
regulator control.
M4. The Transmission Operator shall have evidence that it provided documentation to the
Generator Owner when a change was needed to a generating units step-up transformer tap in
accordance with Requirement 11.
D. Compliance
Page 3 of 4
Regional Entity.
One calendar year.
Compliance Audits
Self-Certifications
Spot Checking
Self-Reporting
Complaints
1.4. Data Retention
The Transmission Operator shall retain evidence for Measures 1 through 4 for 12 months.
The Transmission Operator shall demonstrate compliance through self-certification or
audit (periodic, as part of targeted monitoring or initiated by complaint or event), as
determined by the Compliance Monitor.
None identified.

Version History
1 August 2, 2006 BOT Adoption Revised
1 J uly 3, 2007 Added Generator Owners and Generator
Operators to Applicability section.
Errata
1 August 23, 2007 Removed Generator Owners and Generator
Errata
2 TBD Modified to address Order No. 693 Directives
contained in paragraphs 1858 and 1879.
Revised.
2 August 5, 2010 Adopted by the NERC Board of Trustees
2 February 7, 2013 R5 and associated elements approved by NERC

Page 4 of 4


Page 1 of 7

A. Introduction
1. Title: Voltage and Reactive Control
2. Number: VAR-001-3
3. Purpose: To ensure that voltage levels, reactive flows, and reactive resources are
monitored, controlled, and maintained within limits in real time to protect equipment and the
reliable operation of the Interconnection.
4. Applicability:
4.4. Generator Operators within the Western Interconnection.
adoption.
B. Requirements
R1. Each Transmission Operator, individually and jointly with other Transmission Operators,
shall ensure that formal policies and procedures are developed, maintained, and
implemented for monitoring and controlling voltage levels and Mvar flows within their
individual areas and with the areas of neighboring Transmission Operators.
R2. Each Transmission Operator shall acquire sufficient reactive resources which may
include, but is not limited to, reactive generation scheduling; transmission line and reactive
resource switching;, and controllable load within its area to protect the voltage levels
under normal and Contingency conditions. This includes the Transmission Operators
share of the reactive requirements of interconnecting transmission circuits.
R3. The Transmission Operator shall specify criteria that exempts generators from compliance
with the requirements defined in Requirement 4, and Requirement 6.1.
R3.1. Each Transmission Operator shall maintain a list of generators in its area that are
exempt from following a voltage or Reactive Power schedule.
R3.2. For each generator that is on this exemption list, the Transmission Operator shall
notify the associated Generator Owner.
R4. Each Transmission Operator shall specify a voltage or Reactive Power schedule
1
R5. Each Purchasing-Selling Entity and Load Serving Entity shall arrange for (self-provide or
purchase) reactive resources which may include, but is not limited to, reactive generation
scheduling; transmission line and reactive resource switching;, and controllable load to
at the
interconnection between the generator facility and the Transmission Owner's facilities to be
maintained by each generator. The Transmission Operator shall provide the voltage or
Reactive Power schedule to the associated Generator Operator and direct the Generator
Operator to comply with the schedule in automatic voltage control mode (AVR in service
and controlling voltage).

1
The voltage schedule is a target voltage to be maintained within a tolerance band during a specified period.

Page 2 of 7

satisfy its reactive requirements identified by its Transmission Service Provider.
R6. The Transmission Operator shall know the status of all transmission Reactive Power
resources, including the status of voltage regulators and power system stabilizers.
R6.1. When notified of the loss of an automatic voltage regulator control, the
Transmission Operator shall direct the Generator Operator to maintain or change
either its voltage schedule or its Reactive Power schedule.
R7. The Transmission Operator shall be able to operate or direct the operation of devices
necessary to regulate transmission voltage and reactive flow.
R8. Each Transmission Operator shall operate or direct the operation of capacitive and
inductive reactive resources within its area which may include, but is not limited to,
reactive generation scheduling; transmission line and reactive resource switching;
controllable load; and, if necessary, load shedding to maintain system and
Interconnection voltages within established limits.
R9. Each Transmission Operator shall maintain reactive resources which may include, but is
not limited to, reactive generation scheduling; transmission line and reactive resource
switching; and controllable load to support its voltage under first Contingency conditions.
R9.1. Each Transmission Operator shall disperse and locate the reactive resources so
that the resources can be applied effectively and quickly when Contingencies
occur.
R10. Each Transmission Operator shall correct IROL or SOL violations resulting from reactive
resource deficiencies (IROL violations must be corrected within 30 minutes) and complete
the required IROL or SOL violation reporting.
R11. After consultation with the Generator Owner regarding necessary step-up transformer tap
changes, the Transmission Operator shall provide documentation to the Generator Owner
specifying the required tap changes, a timeframe for making the changes, and technical
justification for these changes.
R12. The Transmission Operator shall direct corrective action, including load reduction,
necessary to prevent voltage collapse when reactive resources are insufficient.
C. Measures
M1. The Transmission Operator shall have evidence it provided a voltage or Reactive Power
schedule as specified in Requirement 4 to each Generator Operator it requires to follow
such a schedule.
M2. The Transmission Operator shall have evidence to show that, for each generating unit in its
area that is exempt from following a voltage or Reactive Power schedule, the associated
Generator Owner was notified of this exemption in accordance with Requirement 3.2.
M3. The Transmission Operator shall have evidence to show that it issued directives as
specified in Requirement 6.1 when notified by a Generator Operator of the loss of an
automatic voltage regulator control.
M4. The Transmission Operator shall have evidence that it provided documentation to the
Generator Owner when a change was needed to a generating units step-up transformer tap
in accordance with Requirement 11.


Page 3 of 7

D. Compliance
Regional Entity.
One calendar year.
Compliance Audits
Self-Certifications
Spot Checking
Self-Reporting
Complaints
1.4. Data Retention
The Transmission Operator shall retain evidence for Measures 1 through 4 for 12 months.
The Transmission Operator shall demonstrate compliance through self-certification or
audit (periodic, as part of targeted monitoring or initiated by complaint or event), as
determined by the Compliance Monitor.
E.A. Regional Variance for the Western Electricity Coordinating Council
The following Interconnection-wide variance shall be applicable in the Western Electricity
Coordinating Council (WECC) and replaces, in their entirety, Requirements R3 and R4.
Please note that Requirement R3 is deleted and R4 is replaced with the following
requirements.
Requirements
E.A.13. Each Transmission Operator shall issue any one of the following types of voltage
schedules to the Generator Operators for each of their generation resources that are
on-line and part of the Bulk Electric System within the Transmission Operator
Area: [Violation Risk Factor: Medium] [Time Horizon: Operations Planning and
Same-day Operations]

A voltage set point with a voltage tolerance band and a specified period.

An initial volt-ampere reactive output or initial power factor output with a
voltage tolerance band for a specified period that the Generator Operator uses to

Page 4 of 7

establish a generator bus voltage set point.

A voltage band for a specified period.

E.A.14. Each Transmission Operator shall provide one of the following voltage schedule
reference points for each generation resource in its Area to the Generator Operator.
[Violation Risk Factor: Medium] [Time Horizon: Operations Planning and Same-
day Operations]:
The generator terminals.
The high side of the generator step-up transformer.
The point of interconnection.
A location designated by mutual agreement between the Transmission Operator
and Generator Operator.

E.A.15. Each Generator Operator shall convert each voltage schedule specified in
Requirement E.A.13 into the voltage set point for the generator excitation
system. [Violation Risk Factor: Medium] [Time Horizon: Operations Planning and
Same-day Operations]

E.A.16. Each Generator Operator shall provide its voltage set point conversion
methodology from the point in Requirement E.A.14 to the generator
terminals within 30 calendar days of request by its Transmission Operator.

E.A.17. Each Transmission Operator shall provide to the Generator Operator,
within 30 calendar days of a request for data by the Generator Operator, its
transmission equipment data and operating data that supports development
of the voltage set point conversion methodology. [Violation Risk Factor:

E.A.18. Each Generator Operator shall meet the following control loop specifications if the
Generator Operator uses control loops external to the Automatic Voltage
Regulators (AVR) to manage MVar loading: [Violation Risk Factor: Medium]

E.A.18.1. Each control loops design incorporates the AVRs automatic voltage
controlled response to voltage deviations during System Disturbances.
E.A.18.2. Each control loop is only used by mutual agreement between the
Generator Operator and the Transmission Operator affected by the
control loop.

Measures
2

M.E.A.13. Each Transmission Operator shall have and provide upon request, evidence that it

2
The number for each measure corresponds with the number for each requirement, i.e. M.E.A.13 means the measure
for Requirement E.A.13.

Page 5 of 7

provided the voltage schedules to the Generator Operator. Dated spreadsheets,
reports, voice recordings, or other documentation containing the voltage schedule
including set points, tolerance bands, and specified periods as required in
Requirement E.A.13 are acceptable as evidence.
M.E.A.14. The Transmission Operator shall have and provide upon request, evidence that it
provided one of the voltage schedule reference points in Requirement E.A.14 for
each generation resource in its Area to the Generator Operator. Dated letters, e-
mail, or other documentation that contains notification to the Generator Operator
of the voltage schedule reference point for each generation resource are
acceptable as evidence.
M.E.A.15. Each Generator Operator shall have and provide upon request, evidence that
it converted a voltage schedule as described in Requirement E.A.13 into a
voltage set point for the AVR. Dated spreadsheets, logs, reports, or other
documentation are acceptable as evidence.
M.E.A.16. The Generator Operator shall have and provide upon request, evidence that
within 30 calendar days of request by its Transmission Operator it
provided its voltage set point conversion methodology from the point in
Requirement E.A.14 to the generator terminals. Dated reports,
spreadsheets, or other documentation are acceptable as evidence.
M.E.A.17. The Transmission Operator shall have and provide upon request, evidence
that within 30 calendar days of request by its Generator Operator it
provided data to support development of the voltage set point conversion
methodology. Dated reports, spreadsheets, or other documentation are
acceptable as evidence.
M.E.A.18. If the Generator Operator uses outside control loops to manage MVar loading,
the Generator Operator shall have and provide upon request, evidence that it met
the control loop specifications in sub-parts E.A.18.1 through E.A.18.2. Design
specifications with identified agreed-upon control loops, system reports, or other
dated documentation are acceptable as evidence.


E.A.13 For the specified
period, the
Transmission
Operator did not
issue one of the
voltage schedules
listed in E.A.13 to at
least one generation
resource but less
than or equal to 5%
of the generation
resources that are
For the specified
period, the
Transmission
Operator did not
issue one of the
voltage schedules
listed in E.A.13 to
more than 5% but
10% of the
generation
resources that are
For the specified
period, the
Transmission
Operator did not
issue one of the
voltage schedules
listed in E.A.13 to
more than 10% but
15% of the
generation
resources that are
For the specified
period, the
Transmission
Operator did not
issue one of the
voltage schedules
listed in E.A.13 to
more than 15% of
the generation
resources that are
on-line and part of
the BES in the

Page 6 of 7

on-line and part of
the BES in the
Transmission
Operator Area.
on-line and part of
the BES in the
Transmission
Operator Area.
on-line and part of
the BES in the
Transmission
Operator Area.
Transmission
Operator Area.
E.A.14 The Transmission
Operator did not
provide a voltage
schedule reference
point for at least one
but less than or
equal to 5% of the
generation
resources in the
Transmission
Operator area.
The Transmission
Operator did not
provide a voltage
schedule reference
point for more than
5% but less than or
equal to 10% of the
generation
resources in the
Transmission
Operator Area.
The Transmission
Operator did not a
voltage schedule
reference point for
more than 10% but
15% of the
generation
resources in the
Transmission
Operator Area.
The Transmission
Operator did not
provide a voltage
schedule reference
point for more than
15% of the
generation
resources in the
Transmission
Operator Area.
E.A.15 The Generator
Operator failed to
convert at least one
voltage schedule in
Requirement E.A.13
into the voltage set
point for the AVR for
less than 25% of the
voltage schedules.
The Generator
Operator failed to
convert the voltage
schedules in
Requirement E.A.13
25% or more but
voltage schedules.
The Generator
Operator failed to
convert the voltage
schedules in
Requirement E.A.13
50% or more but
voltage schedules.
The Generator
Operator failed to
convert the voltage
schedules in
Requirement E.A.13
75% or more of the
voltage schedules.
E.A.16 The Generator
Operator provided
its voltage set
point conversion
methodology
greater than 30
days but less than
or equal to 60
days of a request
by the
Transmission
Operator.
The Generator
Operator provided
its voltage set
point conversion
methodology
greater than 60
days but less than
or equal to 90
days of a request
by the
Transmission
Operator.
The Generator
Operator provided
its voltage set
point conversion
methodology
greater than 90
days but less than
or equal to 120
days of a request
by the
Transmission
Operator.
The Generator
Operator did not
provide its voltage
set point
conversion
methodology
within 120 days of
a request by the
Transmission
Operator.
E.A.17 The Transmission
Operator provided
its data to support
development of
the voltage set
point conversion
methodology than
30 days but less
than or equal to
60 days of a
request by the
Generator
The Transmission
Operator provided
its data to support
development of
the voltage set
point conversion
methodology
greater than 60
days but less than
or equal to 90
days of a request
by the Generator.
The Transmission
Operator provided
its data to support
development of
the voltage set
point conversion
methodology
greater than 90
days but less than
or equal to 120
days of a request
by the Generator.
The Transmission
Operator did not
provide its data to
support
development of
the voltage set
point conversion
methodology
within 120 days of
a request by the
Generator

Page 7 of 7

Operator. Operator. Operator. Operator.
E.A.18 N/A

The Generator
Operator did not
meet the control
loop specifications
in EA18.2 when the
Generator Operator
uses control loop
external to the AVR
to manage Mvar
loading.
The Generator
Operator did not
meet the control
loop specifications
in EA18.1 when the
Generator Operator
uses control loop
external to the AVR
to manage Mvar
loading.
The Generator
Operator did not
meet the control
loop specifications in
EA18.1 through
EA18.2 when the
Generator Operator
uses control loop
external to the AVR
to manage Mvar
loading.

Version History
1 August 2, 2006 BOT Adoption Revised
1 July 3, 2007 Added Generator Owners and Generator
Errata
1 August 23, 2007 Removed Generator Owners and Generator
Errata
2 August 5, 2010 Adopted by Board of Trustees; Modified to
address Order No. 693 Directives contained in
paragraphs 1858 and 1879.
Revised.
3 May 9, 2012 Adopted by Board of Trustees; Modified to
add a WECC region variance

3 June 20, 2013 FERC issued order approving VAR-001-3

Standard VAR-002-2b Generator Operation for Maintaining Network Voltage Schedules
Page 1 of 10
A. Introduction
1. Title: Generator Operation for Maintaining Network Voltage Schedules
2. Number: VAR-002-2b
3. Purpose: To ensure generators provide reactive and voltage control necessary to ensure
voltage levels, reactive flows, and reactive resources are maintained within applicable Facility
Ratings to protect equipment and the reliable operation of the Interconnection.
4. Applicability
5. Effective Date: In those jurisdictions where regulatory approval is required, this standard
shall become effective on the first day of the first calendar quarter after applicable regulatory
approval or as otherwise made effective pursuant to the laws applicable to such ERO
governmental authorities. In those jurisdictions where no regulatory approval is required, this
standard shall become effective on the first day of the first calendar quarter after Board of
Trustees approval.
B. Requirements
R1. The Generator Operator shall operate each generator connected to the interconnected
transmission system in the automatic voltage control mode (automatic voltage regulator in
service and controlling voltage) unless the Generator Operator has notified the Transmission
Operator of one of the following: [Violation Risk Factor: Medium] [Time Horizon: Real-time
Operations]
That the generator is being operated in start-up
1
or shutdown
2
That the generator is not being operated in the automatic voltage control mode for a reason
other than start-up or shutdown.
mode pursuant to a Real-
time communication or a procedure that was previously provided to the Transmission
Operator; or
R2. Unless exempted by the Transmission Operator, each Generator Operator shall maintain the
generator voltage or Reactive Power schedule
3
(within applicable Facility Ratings
4
R2.1. When a generators automatic voltage regulator is out of service, the Generator
Operator shall use an alternative method to control the generator voltage and reactive
) as directed
by the Transmission Operator. [Violation Risk Factor: Medium] [Time Horizon: Real-time
Operations]

1
Start-up is deemed to have ended when the generator is ramped up to its minimum continuously sustainable load
and the generator is prepared for continuous operation.
2
Shutdown is deemed to begin when the generator is ramped down to its minimum continuously sustainable load
and the generator is prepared to go offline.
3
The voltage or Reactive Power schedule is a target value communicated by the Transmission Operator to the
Generator Operator establishing a tolerance band within which the target value is to be maintained during a specified
period.
4
When a Generator is operating in manual control, reactive power capability may change based on stability
considerations and this may lead to a change in the associated Facility Ratings.
Page 2 of 10
output to meet the voltage or Reactive Power schedule directed by the Transmission
Operator.
R2.2. When directed to modify voltage, the Generator Operator shall comply or provide an
explanation of why the schedule cannot be met.
R3. Each Generator Operator shall notify its associated Transmission Operator as soon as practical,
but within 30 minutes of any of the following: [Violation Risk Factor: Medium] [Time
R3.1. A status or capability change on any generator Reactive Power resource, including the
status of each automatic voltage regulator and power system stabilizer and the
expected duration of the change in status or capability.
R3.2. A status or capability change on any other Reactive Power resources under the
Generator Operators control and the expected duration of the change in status or
capability.
R4. The Generator Owner shall provide the following to its associated Transmission Operator and
Transmission Planner within 30 calendar days of a request. [Violation Risk Factor: Lower]
R4.1. For generator step-up transformers and auxiliary transformers with primary voltages
equal to or greater than the generator terminal voltage:
R4.1.1. Tap settings.
R4.1.2. Available fixed tap ranges.
R4.1.3. Impedance data.
R4.1.4. The +/- voltage range with step-change in % for load-tap changing
transformers.
R5. After consultation with the Transmission Operator regarding necessary step-up transformer tap
changes, the Generator Owner shall ensure that transformer tap positions are changed
according to the specifications provided by the Transmission Operator, unless such action
would violate safety, an equipment rating, a regulatory requirement, or a statutory requirement.
[Violation Risk Factor: Medium] [Time Horizon: Real-time Operations]
R5.1. If the Generator Operator cant comply with the Transmission Operators
specifications, the Generator Operator shall notify the Transmission Operator and
shall provide the technical justification.
C. Measures
M1. The Generator Operator shall have evidence to show that it notified its associated Transmission
Operator any time it failed to operate a generator in the automatic voltage control mode as
specified in Requirement 1. If a generator is being started up or shut down with the automatic
voltage control off and no notification of the automatic voltage regulator status is made to the
Transmission Operator, the Generator Operator will have evidence that it notified the
Transmission Operator of its procedure for placing the unit into automatic voltage control
mode. Such evidence must include, but is not limited to, dated evidence of transmittal of the
procedure such as an electronic message or a transmittal letter with the procedure included or
attached.
M2. The Generator Operator shall have evidence to show that it controlled its generator voltage and
reactive output to meet the voltage or Reactive Power schedule provided by its associated
Transmission Operator as specified in Requirement 2.
Page 3 of 10
M3. The Generator Operator shall have evidence to show that it responded to the Transmission
Operators direction as identified in Requirement 2.1 and Requirement 2.2.
M4. The Generator Operator shall have evidence it notified its associated Transmission Operator
within 30 minutes of any of the changes identified in Requirement 3.
M5. The Generator Owner shall have evidence it provided its associated Transmission Operator and
Transmission Planner with information on its step-up transformers and auxiliary transformers
as required in Requirements 4.1.1 through 4.1.4
M6. The Generator Owner shall have evidence that its step-up transformer taps were modified per
the Transmission Operators documentation as identified in Requirement 5.
M7. The Generator Operator shall have evidence that it notified its associated Transmission
Operator when it couldnt comply with the Transmission Operators step-up transformer tap
specifications as identified in Requirement 5.1.
D. Compliance
For functional entities that work for their Regional Entity, the ERO or a Regional Entity
approved by the ERO and FERC or other applicable governmental authorities shall serve
1.2. Data Retention
The Generator Operator shall maintain evidence needed for Measure 1 through Measure
4 and Measure 7 for the current and previous calendar year.
The Generator Owner shall keep its latest version of documentation on its step-up and
auxiliary transformers. (Measures 5 and 6)
Compliance Audit
Self-Certification
Spot Checking
Self-Reporting
Complaint
Page 4 of 10
None
Page 5 of 10

R # Lower VSL Moderate VSL High VSL
Severe VSL
R1. N/A N/A N/A
did not operate each
generator in the
automatic voltage
control mode and
as identified in R1.
R2. When directed by the
to maintain the
generator voltage or
reactive power schedule
the Generator Operator
failed to meet the
directed values for up to
and including 45
minutes.
When directed by the
Transmission
Operator to maintain
the generator voltage
or reactive power
schedule the
Generator Operator
failed to meet the
directed values for
more than 45 minutes
up to and including
60 minutes.
OR
When a generators
automatic voltage
regulator is out of
service, the Generator
Operator failed to use
an alternative method
to control the
generator voltage and
reactive output to
meet the voltage or
Reactive Power
schedule directed by
the Transmission
Operator.
OR
The Generator
Operator failed to
provide an
explanation of why
the voltage schedule
could not be met.
to maintain the
reactive power
schedule the Generator
Operator failed to
meet the directed
values for more than
60 minutes up to and
including 75 minutes.
to maintain the
reactive power
schedule the Generator
Operator failed to
meet the directed
values for more than
75 minutes.
OR
When a generators
automatic voltage
regulator is out of
service, the Generator
Operator failed to use
an alternative method
to control the
generator voltage and
reactive output to meet
the voltage or Reactive
Power schedule
directed by the
and the Generator
Operator failed to
provide an explanation
of why the voltage
schedule could not be
met.
R3. N/A N/A The Generator
Operator failed to
notify the
within 30 minutes of
the information as
specified in either
The Generator
Operator failed to
notify the
within 30 minutes of
the information as
specified in both R3.1
Page 6 of 10
R3.1 or R3.2 and R3.2
R4. The Responsible entity
failed to provide to its
associated
and Transmission
Planner one of the types
of data as specified in
R4.1.1 or R 4.1.2 or
4.1.3 or 4.1.4
OR
The information was
provided in more than
30, but less than or
days of the request.
The Responsible
entity failed to
provide to its
associated
Transmission
Operator and
two of the types of
data as specified in
R4.1.1 or R 4.1.2 or
4.1.3 or 4.1.4
OR
The information was
provided in more
than 35, but less than
or equal to 40
request.
The Responsible entity
associated
and Transmission
Planner three of the
types of data as
specified in R4.1.1 or
R 4.1.2 or 4.1.3 or
4.1.4
OR
The information was
40, but less than or
days of the request.
The Responsible entity
associated
and Transmission
Planner any of the
types of data as
specified in R4.1.1 and
R 4.1.2 and 4.1.3 and
4.1.4
OR
The information was
45 calendar days of
the request.
R5. N/A N/A N/A The responsible entity
failed to ensure that
transformer tap
positions were
changed according to
the specifications
provided by the
when said actions
would not have
violated safety, an
equipment rating, a
regulatory
requirement, or a
statutory requirement.
R5.1. N/A N/A N/A The responsible entity
and to provide
technical justification.

Page 7 of 10
None identified.
1. Appendix 1 Interpretation of Requirements R1 and R2 (August 1, 2007).

Version History
1 May 15, 2006 Added (R2) to the end of levels on non-
compliance 2.1.2, 2.2.2, 2.3.2, and 2.4.3.
July 5, 2006
1a December 19, 2007 Added Appendix 1 Interpretation of R1 and
R2 approved by BOT on August 1, 2007
Revised
1a January 16, 2007 In Section A.2., Added a to end of standard
number.
Section F: added 1.; and added date.
Errata
1.1a October 29, 2008 BOT adopted errata changes; updated version
number to 1.1a
Errata
1.1b March 3, 2009 Added Appendix 2 Interpretation of VAR-
002-1.1a approved by BOT on February 10,
2009
Revised
2b TBD Revised R1 to address an Interpretation
Request. Also added previously approved
VRFs, Time Horizons and VSLs. Revised R2
to address consistency issue with VAR-001-2,
R4.
Revised
2b August 16, 2012 Adopted by Board of Trustees
2b April 16, 2013 FERC Order issued approving VAR-002-2b

Page 8 of 10
Appendix 1
Interpretation of Requirements R1 and R2

Request:
Requirement R1 of Standard VAR-002-1 states that Generation Operators shall operate each generator
connected to the interconnected transmission system in the automatic voltage control mode (automatic
voltage regulator in service and controlling voltage) unless the Generator Operator has notified the
Requirement R2 goes on to state that each Generation Operator shall maintain the generator voltage or
Reactive Power output as directed by the Transmission Operator.
The two underlined phrases are the reasons for this interpretation request.
Most generation excitation controls include a device known as the Automatic Voltage Regulator, or AVR.
This is the device which is referred to by the R1 requirement above. Most AVRs have the option of
being set in various operating modes, such as constant voltage, constant power factor, and constant Mvar.
In the course of helping members of the WECC insure that they are in full compliance with NERC
Reliability Standards, I have discovered both Transmission Operators and Generation Operators who have
interpreted this standard to mean that AVR operation in the constant power factor or constant Mvar
modes complies with the R1 and R2 requirements cited above. Their rational is as follows:
The AVR is clearly in service because it is operating in one of its operating modes
The AVR is clearly controlling voltage because to maintain constant PF or constant Mvar, it
controls the generator terminal voltage
R2 clearly gives the Transmission Operator the option of directing the Generation Operator to
maintain a constant reactive power output rather than a constant voltage.
Other parties have interpreted this standard to require operation in the constant voltage mode only. Their
rational stems from the belief that the purpose of the VAR-002-1 standard is to insure the automatic
delivery of additional reactive to the system whenever a voltage decline begins to occur.
The material impact of misinterpretation of these standards is twofold.
First, misinterpretation may result in reduced reactive response during system disturbances,
which in turn may contribute to voltage collapse.
Second, misinterpretation may result in substantial financial penalties imposed on generation
operators and transmission operators who believe that they are in full compliance with the
standard.
In accordance with the NERC Reliability Standards Development Procedure, I am requesting that a
formal interpretation of the VAR-002-1 standard be provided. Two specific questions need to be
answered.
First, does AVR operation in the constant PF or constant Mvar modes comply with R1?
Second, does R2 give the Transmission Operator the option of directing the Generation Owner to
operate the AVR in the constant Pf or constant Mvar modes rather than the constant voltage
mode?

Page 9 of 10
Interpretation:
1. First, does AVR operation in the constant PF or constant Mvar modes comply with R1?
Interpretation: No, only operation in constant voltage mode meets this requirement. This
answer is predicated on the assumption that the generator has the physical equipment that
will allow such operation and that the Transmission Operator has not directed the generator
to run in a mode other than constant voltage.
2. Second, does R2 give the Transmission Operator the option of directing the Generation
Owner (sic) to operate the AVR in the constant Pf or constant Mvar modes rather than the
constant voltage mode?
Interpretation: Yes, if the Transmission Operator specifically directs a Generator Operator to
operate the AVR in a mode other than constant voltage mode, then that directed mode of AVR
operation is allowed.
Page 10 of 10
Appendix 2
Interpretation of VAR-002-1a

Request:
VAR-002 Generator Operation for Maintaining Network Voltage Schedules, addresses the generators
provision of voltage and VAR control. Confusion exists in the industry and regions as to which
requirements in this standard apply to Generator Operators that operate generators that do not have
automatic voltage regulation capability.

The Standards requirements do not identify the subset of generator operators that need to comply
forcing some generator operators that do not have any automatic voltage regulation capability to
demonstrate how they complied with the requirements, even when they arent physically able to comply
with the requirements. Generator owners want clarification to verify that they are not expected to acquire
AVR devices to comply with the requirements in this standard.

Many generators do not have automatic voltage regulators and do not receive voltage schedules. These
entities are at a loss as to how to comply with these requirements and are expending resources attempting
to demonstrate compliance with these requirements. A clarification will avoid challenges and potential
litigation stemming from sanctions and penalties applied to entities that are being audited for compliance
with this standard, but who do not fall within the scope or intent of the standard itself.

Please identify which requirements apply to generators that do not operate generators equipped with
AVRs.

Response: All the requirements and associated subrequirements in VAR-002-1a apply to Generator
Owners and Generator Operators that own or operate generators whether equipped with an automatic
voltage regulator or not. The standard is predicated on the assumption that the generator has the physical
equipment (automatic voltage regulator) that is capable of automatic operation. A generator that is not
equipped with an automatic voltage regulator results in a functionally equivalent condition to a generator
equipped with an automatic voltage regulator that is out of service due to maintenance or failure.

There are no requirements in the standard that require a generator to have an automatic voltage regulator,
nor are there any requirements for a Generator Owner to modify its generator to add an automatic voltage
regulator. Unless exempted by the Transmission Operator, each Generator Operator shall maintain the
generator voltage or Reactive Power output (within applicable Facility Ratings) as directed by the
WECC Standard VAR-002-WECC-1 Automatic Voltage Regulators
A. Introduction
1. Title: Automatic Voltage Regulators (AVR)
2. Number: VAR-002-WECC-1
3. Purpose: To ensure that Automatic Voltage Regulators on synchronous generators and
condensers shall be kept in service and controlling voltage.
4. Applicability
4.2. Transmission Operators that operate synchronous condensers
4.3. This VAR-002-WECC-1 Standard only applies to synchronous generators and
synchronous condensers that are connected to the Bulk Electric System.
B. Requirements
R1. Generator Operators and Transmission Operators shall have AVR in service and in
automatic voltage control mode 98% of all operating hours for synchronous generators or
synchronous condensers. Generator Operators and Transmission Operators may
exclude hours for R1.1 through R1.10 to achieve the 98% requirement. [Violation
Risk Factor: Medium] [Time Horizon: Operations Assessment]
R1.1. The synchronous generator or synchronous condenser operates for less than five
percent of all hours during any calendar quarter.
R1.2. Performing maintenance and testing up to a maximum of seven calendar days
per calendar quarter.
R1.3. AVR exhibits instability due to abnormal system configuration.
R1.4. Due to component failure, the AVR may be out of service up to 60 consecutive
days for repair per incident.
R1.5. Due to a component failure, the AVR may be out of service up to one year
provided the Generator Operator or Transmission Operator submits
documentation identifying the need for time to obtain replacement parts and if
required to schedule an outage.
R1.6. Due to a component failure, the AVR may be out of service up to 24 months
provided the Generator Operator or Transmission Operator submits
documentation identifying the need for time for excitation system replacement
(replace the AVR, limiters, and controls but not necessarily the power source
and power bridge) and to schedule an outage.
R1.7. The synchronous generator or synchronous condenser has not achieved
Commercial Operation.
R1.8. The Transmission Operator directs the Generator Operator to operate the
synchronous generator, and the AVR is unavailable for service.
R1.9. The Reliability Coordinator directs Transmission Operator to operate the
synchronous condenser, and the AVR is unavailable for service.
R1.10. If AVR exhibits instability due to operation of a Load Tap Changer (LTC)
transformer in the area, the Transmission Operator may authorize the Generator
Operator to operate the excitation system in modes other than automatic voltage
control until the system configuration changes.
R2. Generator Operators and Transmission Operators shall have documentation identifying
the number of hours excluded for each requirement in R1.1 through R1.10. [Violation
Risk Factor: Low] [Time Horizon: Operations Assessment]

C. Measures
M1. Generator Operators and Transmission Operators shall provide quarterly reports to the
compliance monitor and have evidence for each synchronous generator and synchronous
condenser of the following:
M1.1 The actual number of hours the synchronous generator or synchronous
condenser was on line.
M1.2 The actual number of hours the AVR was out of service.
M1.3 The AVR in service percentage.
M1.4 If excluding AVR out of service hours as allowed in R1.1 through R1.10,
provide:
M1.4.1 The number of hours excluded, and
M1.4.2 The adjusted AVR in-service percentage.
M2. If excluding hours for R1.1 through R1.10, provide the date of the outage, the number of
hours out of service, and supporting documentation for each requirement that applies.
D. Compliance
Compliance Enforcement Authority may use one or more of the following methods
- Spot check audits conducted anytime with 30 days notice
- Investigations
- Other methods as provided for in the Compliance Monitoring Enforcement
Program
The Reset Time Frame shall be a calendar quarter.
1.3 Data Retention
The Generator Operators and Transmission Operators shall keep evidence for
Measures M1 and M2 for three years plus current year, or since the last audit,
1.4.1 The sanctions shall be assessed on a calendar quarter basis.
1.4.2 If any of R1.2 through R1.9 continues from one quarter to another, the
number of days accumulated will be the contiguous calendar days from the
beginning of the incident to the end of the incident. For example, in R1.4
if the 60 day repair period goes beyond the end of a quarter, the repair
period does not reset at the beginning of the next quarter.
1.4.3 When calculating the in-service percentages, do not include the time the
AVR is out of service due to R1.1 through R1.10.
1.4.4 The standard shall be applied on a machine-by-machine basis (a
Generator Operator or Transmission Operator can be subject to a separate
sanction for each non-compliant synchronous generator and synchronous
condenser).
2. Violation Severity Levels for R1
2.1. Lower: There shall be a Lower Level of non-compliance if the following condition exists:
2.1.1. AVR is in service less than 98% but at least 90% or more of all hours during
which the synchronous generating unit or synchronous condenser is on line for
each calendar quarter.
2.2. Moderate: There shall be a Moderate Level of non-compliance if the following condition
exists:
2.3. High: There shall be a High Level of non-compliance if the following condition exists:
2.4. Severe: There shall be a Severe Level of non-compliance if the following condition
exists:
2.4.1. AVR is in service less than 70% of all hours during which the synchronous
generating unit or synchronous condenser is on line for each calendar quarter.
3.1. Lower: There shall be a Lower Level of non-compliance if documentation is incomplete
with any requirement R1.1 through R1.10.
3.2. Moderate: There shall be a Moderate Level of non-compliance if the Generator Operator
does not have documentation to demonstrate compliance with any requirement R1.1
through R1.10.
VAR-STD-002a-1

1 April 21, 2011 FERC Order issued approving VAR-
27, 2011)

WECC Standard VAR-501-WECC-1 Power System Stabilizer


A. Introduction
1. Title: Power System Stabilizer (PSS)
2. Number: VAR-501-WECC-1
3. Purpose: To ensure that Power System Stabilizers (PSS) on synchronous generators
shall be kept in service.
4. Applicability
B. Requirements
R1. Generator Operators shall have PSS in service 98% of all operating hours for
synchronous generators equipped with PSS. Generator Operators may exclude hours
for R1.1 through R1.12 to achieve the 98% requirement. [Violation Risk Factor:
Medium] [Time Horizon: Operations Assessment]
R1.1. The synchronous generator operates for less than five percent of all hours during
any calendar quarter.
R1.2. Performing maintenance and testing up to a maximum of seven calendar days
per calendar quarter.
R1.3. PSS exhibits instability due to abnormal system configuration.
R1.4. Unit is operating in the synchronous condenser mode (very near zero real power
level).
R1.5. Unit is generating less power than its design limit for effective PSS operation.
R1.6. Unit is passing through a range of output that is a known rough zone (range in
which a hydro unit is experiencing excessive vibration).
R1.7. The generator AVR is not in service.
R1.8. Due to component failure, the PSS may be out of service up to 60 consecutive
days for repair per incident.
R1.9. Due to a component failure, the PSS may be out of service up to one year
provided the Generator Operator submits documentation identifying the need
for time to obtain replacement parts and if required to schedule an outage.
R1.10. Due to a component failure, the PSS may be out of service up to 24 months
provided the Generator Operator submits documentation identifying the need
for time for PSS replacement and to schedule an outage.
R1.11. The synchronous generator has not achieved Commercial Operation.
R1.12. The Transmission Operator directs the Generator Operator to operate the
synchronous generator, and the PSS is unavailable for service.
R2. Generator Operators shall have documentation identifying the number of hours
excluded for each requirement in R1.1 through R1.12. [Violation Risk Factor:
Low] [Time Horizon: Operations Assessment]

C. Measures
M1. Generators Operators shall provide quarterly reports to the compliance monitor and have
evidence for each synchronous generator of the following:


M1.1 The number of hours the synchronous generator was on line.
M1.2 The number of hours the PSS was out of service with generator on line.
M1.3 The PSS in service percentage
M1.4 If excluding PSS out of service hours as allowed in R1.1 through R1.12,
provide:
M1.4.1 The number of hours excluded, and
M1.4.2 The adjusted PSS in-service percentage.
M2. If excluding hours for R1.1 through R1.12, provide:
M2.1 The date of the outage
M2.2 Supporting documentation for each requirement that applies

D. Compliance
Compliance Enforcement Authority may use one or more of the following methods
- Spot check audits conducted anytime with 30 days notice
- Investigations
- Other methods as provided for in the Compliance Monitoring Enforcement
Program
The Reset Time Frame shall be a calendar quarter.
1.3 Data Retention
The Generator Operators shall keep evidence for Measures M1 and M2 for three
years plus current year, or since the last audit, whichever is longer.
1.4.1 The sanctions shall be assessed on a calendar quarter basis.
1.4.2 If any of R1.2 through R1.12 continues from one quarter to another, the
number of days accumulated will be the contiguous calendar days from the
beginning of the incident to the end of the incident. For example, in R1.8
if the 60 day repair period goes beyond the end of a quarter, the repair
period does not reset at the beginning of the next quarter.
1.4.3 When calculating the adjusted in-service percentage, the PSS out of service
hours do not include the time associated with R1.1 through R1.12.
1.4.4 The standard shall be applied on a generating unit by generating unit basis
(a Generator Operator can be subject to a separate sanction for each non-
compliant synchronous generating unit or to a single sanction for multiple
machines that operate as one unit).


2.1. Lower: There shall be a Lower Level of non-compliance if the following condition exists:
2.1.1. PSS is in service less than 98% but at least 90% or more of all hours during
which the synchronous generating unit is on line for each calendar quarter.
2.2. Moderate: There shall be a Moderate Level of non-compliance if the following condition
exists:
2.2.1. PSS is in service less than 90% but at least 80% or more of all hours during which
the synchronous generating unit is on line for each calendar quarter.
2.3. High: There shall be a High Level of non-compliance if the following condition exists:
2.3.1. PSS is in service less than 80% but at least 70% or more of all hours during which
the synchronous generating unit is on line for each calendar quarter.
2.4. Severe: There shall be a Severe Level of non-compliance if the following condition
exists:
2.4.1. PSS is in service less than 70% of all hours during which the synchronous
generating unit is on line for each calendar quarter.
3.1. Lower: There shall be a Lower Level of non-compliance if documentation is incomplete
with any requirement R1.1 through R1.12.
3.2. Moderate: There shall be a Moderate Level of non-compliance if the Generator Operator
does not have documentation to demonstrate compliance with any requirement R1.1
through R1.12.

VAR-STD-002b-1

1 April 21, 2011 FERC Order issued approving VAR-
27, 2011)

Glossary of Terms Used in NERC Reliability
Standards
Updated J uly 9, 2013

Introduction:
This Glossary lists each term that was defined for use in one or more of NERCs continent-wide or
Regional Reliability Standards and adopted by the NERC Board of Trustees from February 8, 2005
through July 9, 2013.

This reference is divided into two sections, and each section is organized in alphabetical order. The first
section identifies all terms that have been adopted by the NERC Board of Trustees for use in continent-
wide standards; the second section identifies all terms that have been adopted by the NERC Board of
Trustees for use in regional standards. (WECC, NPCC and ReliabilityFirst are the only Regions that have
definitions approved by the NERC Board of Trustees. If other Regions develop definitions for approved
Regional Standards using a NERC-approved standards development process, those definitions will be
added to the Regional Definitions section of this glossary.)

Most of the terms identified in this glossary were adopted as part of the development of NERCs initial
set of reliability standards, called the Version 0 standards. Subsequent to the development of Version
0 standards, new definitions have been developed and approved following NERCs Reliability Standards
Development Process, and added to this glossary following board adoption, with the FERC approved
date added following a final Order approving the definition.

Immediately under each term is a link to the archive for the development of that term.

Definitions that have been adopted by the NERC Board of Trustees but have not been approved by
FERC, or FERC has not approved but has directed be modified, are shaded in blue. Definitions that have
been remanded or retired are shaded in orange.

Any comments regarding this glossary should be reported to the following:
sarcomm@nerc.com with Glossary Comment in the subject line.

Glossary of Terms Used in NERC Reliability Standards 2

Continent-wide Definitions:
A ......................................................................................................................................... 5
B ......................................................................................................................................... 9
C ....................................................................................................................................... 18
D ...................................................................................................................................... 23
E ....................................................................................................................................... 26
F ....................................................................................................................................... 29
G ...................................................................................................................................... 33
H....................................................................................................................................... 34
I ........................................................................................................................................ 35
J ........................................................................................................................................ 39
L ....................................................................................................................................... 40
M ...................................................................................................................................... 40
N....................................................................................................................................... 42
O ...................................................................................................................................... 45
P ....................................................................................................................................... 49
R ....................................................................................................................................... 54
S ....................................................................................................................................... 61
T ....................................................................................................................................... 64
V ....................................................................................................................................... 68
W ...................................................................................................................................... 68

Y ....................................................................................................................................... 68


Regional Definitions:

ReliabilityFirst Regional Definitions ......................................................................................... 69

NPCC Regional Definitions .......................................................................................................... 70

WECC Regional Definitions ......................................................................................................... 71


Continent-wide
Term
Acronym
BOT
Approval
Date
FERC
Approval
Date
Definition
Adequacy
[Archive]
2/8/2005 3/16/2007 The ability of the electric system to supply the aggregate
electrical demand and energy requirements of the end-use
customers at all times, taking into account scheduled and
reasonably expected unscheduled outages of system
elements.
Adjacent Balancing
Authority
[Archive]
2/8/2005 3/16/2007 A Balancing Authority Area that is interconnected another
Balancing Authority Area either directly or via a multi-party
agreement or transmission tariff.
Adverse Reliability
Impact
[Archive]
2/7/2006 3/16/2007 The impact of an event that results in frequency-related
instability; unplanned tripping of load or generation; or
uncontrolled separation or cascading outages that affects a
widespread area of the Interconnection.
Adverse Reliability
Impact
[Archive]
8/4/2011 The impact of an event that results in Bulk Electric System
instability or Cascading.
After the Fact
[Archive]
ATF 10/29/2008 12/17/2009 A time classification assigned to an RFI when the submittal
time is greater than one hour after the start time of the
RFI.
Agreement
[Archive]
2/8/2005 3/16/2007 A contract or arrangement, either written or verbal and
sometimes enforceable by law.
Alternative
Interpersonal
Communication
[Archive]
11/7/2012
Any Interpersonal Communication that is able to serve as a
substitute for, and does not utilize the same infrastructure
(medium) as, Interpersonal Communication used for day-to-
day operation.


Continent-wide
Term
Acronym
BOT
Approval
Date
FERC
Approval
Date
Definition
Altitude Correction
Factor
[Archive]
2/7/2006 3/16/2007 A multiplier applied to specify distances, which adjusts the
distances to account for the change in relative air density
(RAD) due to altitude from the RAD used to determine the
specified distance. Altitude correction factors apply to both
minimum worker approach distances and to minimum
vegetation clearance distances.
Ancillary Service
[Archive]
2/8/2005 3/16/2007 Those services that are necessary to support the
transmission of capacity and energy from resources to
loads while maintaining reliable operation of the
Transmission Service Provider's transmission system in
accordance with good utility practice. (From FERC order
888-A.)
Anti-Aliasing Filter
[Archive]
2/8/2005 3/16/2007 An analog filter installed at a metering point to remove the
high frequency components of the signal over the AGC
sample period.
Area Control Error
[Archive]
ACE 2/8/2005 3/16/2007 The instantaneous difference between a Balancing
Authoritys net actual and scheduled interchange, taking
into account the effects of Frequency Bias and correction
for meter error.
Area Control Error
[Archive]

ACE 12/19/2012 The instantaneous difference between a Balancing
Authoritys net actual and scheduled interchange, taking
into account the effects of Frequency Bias, correction for
meter error, and Automatic Time Error Correction (ATEC), if
operating in the ATEC mode. ATEC is only applicable to
Balancing Authorities in the Western Interconnection.


Continent-wide
Term
Acronym
BOT
Approval
Date
FERC
Approval
Date
Definition
Area Interchange
Methodology
[Archive]

08/22/2008 11/24/2009 The Area Interchange methodology is characterized by
determination of incremental transfer capability via
simulation, from which Total Transfer Capability (TTC) can
be mathematically derived. Capacity Benefit Margin,
Transmission Reliability Margin, and Existing Transmission
Commitments are subtracted from the TTC, and Postbacks
and counterflows are added, to derive Available Transfer
Capability. Under the Area Interchange Methodology, TTC
results are generally reported on an area to area basis.
[Archive]
5/2/2006 3/16/2007 The state where the Interchange Authority has received the
Interchange information (initial or revised).
Automatic Generation
Control
[Archive]
AGC 2/8/2005 3/16/2007 Equipment that automatically adjusts generation in a
Balancing Authority Area from a central location to maintain
the Balancing Authoritys interchange schedule plus
Frequency Bias. AGC may also accommodate automatic
inadvertent payback and time error correction.
Available Flowgate
Capability
[Archive]

AFC 08/22/2008 11/24/2009 A measure of the flow capability remaining on a Flowgate
for further commercial activity over and above already
committed uses. It is defined as TFC less Existing
Transmission Commitments (ETC), less a Capacity Benefit
Margin, less a Transmission Reliability Margin, plus
Postbacks, and plus counterflows.
Available Transfer
Capability
[Archive]
ATC 2/8/2005 3/16/2007 A measure of the transfer capability remaining in the
physical transmission network for further commercial
activity over and above already committed uses. It is
defined as Total Transfer Capability less existing
transmission commitments (including retail customer
service), less a Capacity Benefit Margin, less a Transmission
Reliability Margin.


Continent-wide
Term
Acronym
BOT
Approval
Date
FERC
Approval
Date
Definition
Available Transfer
Capability
[Archive]

ATC 08/22/2008 11/24/2009 A measure of the transfer capability remaining in the
physical transmission network for further commercial
activity over and above already committed uses. It is
defined as Total Transfer Capability less Existing
Transmission Commitments (including retail customer
service), less a Capacity Benefit Margin, less a Transmission
Reliability Margin, plus Postbacks, plus counterflows.
Available Transfer
Capability
Implementation
Document
[Archive]
ATCID 08/22/2008 11/24/2009 A document that describes the implementation of a
methodology for calculating ATC or AFC, and provides
information related to a Transmission Service Providers
calculation of ATC or AFC.
ATC Path
[Archive]
08/22/2008 Not
approved;
Modification
directed
11/24/09
Any combination of Point of Receipt and Point of Delivery
for which ATC is calculated; and any Posted Path
1

.

1
See 18 CFR 37.6(b)(1)


Continent-wide
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
Balancing Authority
[Archive]
BA 2/8/2005 3/16/2007 The responsible entity that integrates resource plans ahead of
time, maintains load-interchange-generation balance within a
Balancing Authority Area, and supports Interconnection
frequency in real time.
Balancing Authority
Area
[Archive]
2/8/2005 3/16/2007 The collection of generation, transmission, and loads within the
metered boundaries of the Balancing Authority. The Balancing
Authority maintains load-resource balance within this area.
Base Load
[Archive]
2/8/2005 3/16/2007 The minimum amount of electric power delivered or required
over a given period at a constant rate.
BES Cyber Asset
[Archive]
11/26/12 A Cyber Asset that if rendered unavailable, degraded, or
misused would, within 15 minutes of its required operation,
misoperation, or non-operation, adversely impact one or more
Facilities, systems, or equipment, which, if destroyed,
degraded, or otherwise rendered unavailable when needed,
would affect the reliable operation of the Bulk Electric System.
Redundancy of affected Facilities, systems, and equipment
shall not be considered when determining adverse impact. Each
BES Cyber Asset is included in one or more BES Cyber
Systems. (A Cyber Asset is not a BES Cyber Asset if, for 30
consecutive calendar days or less, it is directly connected to a
network within an ESP, a Cyber Asset within an ESP, or to a
BES Cyber Asset, and it is used for data transfer, vulnerability
assessment, maintenance, or troubleshooting purposes.)


Continent-wide
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
BES Cyber System
[Archive]
11/26/12 One or more BES Cyber Assets logically grouped by a
responsible entity to perform one or more reliability tasks for a
functional entity.
BES Cyber System
Information
[Archive]
11/26/12 Information about the BES Cyber System that could be used to gain
unauthorized access or pose a security threat to the BES Cyber
System. BES Cyber System Information does not include individual
pieces of information that by themselves do not pose a threat or
could not be used to allow unauthorized access to BES Cyber
Systems, such as, but not limited to, device names, individual IP
addresses without context, ESP names, or policy statements.
Examples of BES Cyber System Information may include, but are not
limited to, security procedures or security information about BES
Cyber Systems, Physical Access Control Systems, and Electronic
Access Control or Monitoring Systems that is not publicly available
and could be used to allow unauthorized access or unauthorized
distribution; collections of network addresses; and network topology
of the BES Cyber System.


Continent-wide
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
Blackstart Capability
Plan
[Archive]
2/8/2005
Will be
retired
when EOP-
005-2
becomes
enforceable
on (7/1/13)

3/16/2007 A documented procedure for a generating unit or station to go
from a shutdown condition to an operating condition delivering
electric power without assistance from the electric system.
This procedure is only a portion of an overall system
restoration plan.
Blackstart Resource
[Archive]
8/5/2009 3/17/11 A generating unit(s) and its associated set of equipment which
has the ability to be started without support from the System
or is designed to remain energized without connection to the
remainder of the System, with the ability to energize a bus,
meeting the Transmission Operators restoration plan needs for
real and reactive power capability, frequency and voltage
control, and that has been included in the Transmission
Operators restoration plan.
Block Dispatch
[Archive]

08/22/2008 11/24/2009 A set of dispatch rules such that given a specific amount of
load to serve, an approximate generation dispatch can be
determined. To accomplish this, the capacity of a given
generator is segmented into loadable blocks, each of which is
grouped and ordered relative to other blocks (based on
characteristics including, but not limited to, efficiency, run of
river or fuel supply considerations, and/or must-run status).


Continent-wide
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
[Archive]
BES 2/8/2005 3/16/2007 As defined by the Regional Reliability Organization, the
electrical generation resources, transmission lines,
interconnections with neighboring systems, and associated
equipment, generally operated at voltages of 100 kV or higher.
Radial transmission facilities serving only load with one
transmission source are generally not included in this
definition.


Continent-wide
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
[Archive]
BES 01/18/2012 07/01/2013
Unless modified by the lists shown below, all Transmission
Elements operated at 100 kV or higher and Real Power and
Reactive Power resources connected at 100 kV or higher. This
does not include facilities used in the local distribution of
electric energy.
Inclusions:
I1 - Transformers with the primary terminal and at
least one secondary terminal operated at 100 kV or
higher unless excluded under Exclusion E1 or E3.
I2 - Generating resource(s) with gross individual
nameplate rating greater than 20 MVA or gross
plant/facility aggregate nameplate rating greater than
75 MVA including the generator terminals through the
high-side of the step-up transformer(s) connected at a
voltage of 100 kV or above.
I3 - Blackstart Resources identified in the Transmission
Operators restoration plan.
I4 - Dispersed power producing resources with
aggregate capacity greater than 75 MVA (gross
aggregate nameplate rating) utilizing a system
designed primarily for aggregating capacity, connected
at a common point at a voltage of 100 kV or above.


Continent-wide
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
(Continued)

BES I5 Static or dynamic devices (excluding generators) dedicated
to supplying or absorbing Reactive Power that are connected at
100 kV or higher, or through a dedicated transformer with a
high-side voltage of 100 kV or higher, or through a transformer
that is designated in Inclusion I1.
Exclusions:
E1 - Radial systems: A group of contiguous
transmission Elements that emanates from a single
point of connection of 100 kV or higher and:
a) Only serves Load. Or,
b) Only includes generation resources, not
identified in Inclusion I3, with an
aggregate capacity less than or equal to
75 MVA (gross nameplate rating). Or,
c) Where the radial system serves Load and
includes generation resources, not
identified in Inclusion I3, with an
aggregate capacity of non-retail
generation less than or equal to 75 MVA
(gross nameplate rating).
Note A normally open switching device
between radial systems, as depicted on prints
or one-line diagrams for example, does not
affect this exclusion.


Continent-wide
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
(Continued)

BES
E2 - A generating unit or multiple generating units on
the customers side of the retail meter that serve all or
part of the retail Load with electric energy if: (i) the net
capacity provided to the BES does not exceed 75 MVA,
and (ii) standby, back-up, and maintenance power
services are provided to the generating unit or multiple
generating units or to the retail Load by a Balancing
Authority, or provided pursuant to a binding obligation
with a Generator Owner or Generator Operator, or
under terms approved by the applicable regulatory
authority.
E3 - Local networks (LN): A group of contiguous
transmission Elements operated at or above 100 kV but
less than 300 kV that distribute power to Load rather
than transfer bulk power across the interconnected
system. LNs emanate from multiple points of
connection at 100 kV or higher to improve the level of
service to retail customer Load and not to accommodate
bulk power transfer across the interconnected system.
The LN is characterized by all of the following:


Continent-wide
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
(Continued)

BES
a) Limits on connected generation: The LN
and its underlying Elements do not
include generation resources identified in
Inclusion I3 and do not have an
aggregate capacity of non-retail
generation greater than 75 MVA (gross
nameplate rating);
b) Power flows only into the LN and the LN
does not transfer energy originating
outside the LN for delivery through the
LN; and
c) Not part of a Flowgate or transfer path:
The LN does not contain a monitored
Facility of a permanent Flowgate in the
Eastern Interconnection, a major transfer
path within the Western Interconnection,
or a comparable monitored Facility in the
ERCOT or Quebec Interconnections, and is
not a monitored Facility included in an
Interconnection Reliability Operating Limit
(IROL).
E4 Reactive Power devices owned and operated by
the retail customer solely for its own use. Note - Elements
may be included or excluded on a case-by-case basis through
the Rules of Procedure exception process.


Continent-wide
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
Bulk-Power System
[Archive]

5/9/2013 7/9/2013
A) facilities and control systems necessary for operating an
interconnected electric energy transmission network (or any
portion thereof); and (B) electric energy from generation
facilities needed to maintain transmission system reliability.
The term does not include facilities used in the local distribution
of electric energy.

Burden
[Archive]
2/8/2005 3/16/2007 Operation of the Bulk Electric System that violates or is
expected to violate a System Operating Limit or
Interconnection Reliability Operating Limit in the
Interconnection, or that violates any other NERC, Regional
Reliability Organization, or local operating reliability standards
or criteria.
Business Practices
[Archive]

8/22/2008 Not
approved;
Modification
directed
11/24/09
Those business rules contained in the Transmission Service
Providers applicable tariff, rules, or procedures; associated
Regional Reliability Organization or regional entity business
practices; or NAESB Business Practices.
Bus-tie Breaker
[Archive]
8/4/2011
A circuit breaker that is positioned to connect two individual
substation bus configurations.


Continent-wide
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
Capacity Benefit
Margin
[Archive]
CBM 2/8/2005 3/16/2007 The amount of firm transmission transfer capability
preserved by the transmission provider for Load-Serving
Entities (LSEs), whose loads are located on that
Transmission Service Providers system, to enable access by
the LSEs to generation from interconnected systems to
meet generation reliability requirements. Preservation of
CBM for an LSE allows that entity to reduce its installed
generating capacity below that which may otherwise have
been necessary without interconnections to meet its
generation reliability requirements. The transmission
transfer capability preserved as CBM is intended to be used
by the LSE only in times of emergency generation
deficiencies.
Capacity Benefit
Margin
Implementation
Document
[Archive]
CBMID 11/13/2008 11/24/2009 A document that describes the implementation of a Capacity
Benefit Margin methodology.
Capacity Emergency
[Archive]
2/8/2005 3/16/2007 A capacity emergency exists when a Balancing Authority
Areas operating capacity, plus firm purchases from other
systems, to the extent available or limited by transfer
capability, is inadequate to meet its demand plus its
regulating requirements.
Cascading
[Archive]
2/8/2005 3/16/2007 The uncontrolled successive loss of system elements
triggered by an incident at any location. Cascading results
in widespread electric service interruption that cannot be
restrained from sequentially spreading beyond an area
predetermined by studies.


Continent-wide
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
Cascading Outages
[Archive]

11/1/2006
Withdrawn
2/12/2008
FERC
Remanded
12/27/2007
The uncontrolled successive loss of Bulk Electric System
Facilities triggered by an incident (or condition) at any
location resulting in the interruption of electric service that
cannot be restrained from spreading beyond a pre-
determined area.
CIP Exceptional
Circumstance
[Archive]
11/26/12 A situation that involves or threatens to involve one or more
of the following, or similar, conditions that impact safety or
BES reliability: a risk of injury or death; a natural disaster;
civil unrest; an imminent or existing hardware, software, or
equipment failure; a Cyber Security Incident requiring
emergency assistance; a response by emergency services;
the enactment of a mutual assistance agreement; or an
impediment of large scale workforce availability.
CIP Senior Manager
[Archive]
11/26/12 A single senior management official with overall authority
and responsibility for leading and managing implementation
of and continuing adherence to the requirements within the
NERC CIP Standards, CIP-002 through CIP-011.
Clock Hour
[Archive]
2/8/2005 3/16/2007 The 60-minute period ending at :00. All surveys,
measurements, and reports are based on Clock Hour
periods unless specifically noted.
Cogeneration
[Archive]
2/8/2005 3/16/2007 Production of electricity from steam, heat, or other forms of
energy produced as a by-product of another process.
Compliance Monitor
[Archive]
2/8/2005 3/16/2007 The entity that monitors, reviews, and ensures compliance
of responsible entities with reliability standards.
[Archive]
5/2/2006 3/16/2007 The state where the Interchange Authority has verified the
Arranged Interchange.


Continent-wide
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
Congestion
Management Report
[Archive]
2/8/2005 3/16/2007 A report that the Interchange Distribution Calculator issues
when a Reliability Coordinator initiates the Transmission
Loading Relief procedure. This report identifies the
transactions and native and network load curtailments that
must be initiated to achieve the loading relief requested by
the initiating Reliability Coordinator.
Consequential Load
Loss
[Archive]
8/4/2011 All Load that is no longer served by the Transmission
system as a result of Transmission Facilities being removed
from service by a Protection System operation designed to
isolate the fault.
Constrained Facility
[Archive]
2/8/2005 3/16/2007 A transmission facility (line, transformer, breaker, etc.) that
is approaching, is at, or is beyond its System Operating
Limit or Interconnection Reliability Operating Limit.
Contingency
[Archive]
2/8/2005 3/16/2007 The unexpected failure or outage of a system component,
such as a generator, transmission line, circuit breaker,
switch or other electrical element.

Contingency Reserve
[Archive]
2/8/2005 3/16/2007 The provision of capacity deployed by the Balancing
Authority to meet the Disturbance Control Standard (DCS)
and other NERC and Regional Reliability Organization
contingency requirements.
Contract Path
[Archive]
2/8/2005 3/16/2007 An agreed upon electrical path for the continuous flow of
electrical power between the parties of an Interchange
Transaction.


Continent-wide
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
Control Center
[Archive]

11/26/12 One or more facilities hosting operating personnel that
monitor and control the Bulk Electric System (BES) in real-
time to perform the reliability tasks, including their
associated data centers, of: 1) a Reliability Coordinator, 2)
a Balancing Authority, 3) a Transmission Operator for
transmission Facilities at two or more locations, or 4) a
Generator Operator for generation Facilities at two or more
locations.
Control Performance
Standard
[Archive]
CPS 2/8/2005 3/16/2007 The reliability standard that sets the limits of a Balancing
Authoritys Area Control Error over a specified time period.
Corrective Action Plan
[Archive]
2/7/2006 3/16/2007 A list of actions and an associated timetable for
implementation to remedy a specific problem.
Cranking Path
[Archive]
5/2/2006 3/16/2007 A portion of the electric system that can be isolated and
then energized to deliver electric power from a generation
source to enable the startup of one or more other
generating units.
Critical Assets
[Archive]
5/2/2006 1/18/2008 Facilities, systems, and equipment which, if destroyed,
degraded, or otherwise rendered unavailable, would affect
the reliability or operability of the Bulk Electric System.
Critical Cyber Assets
[Archive]
5/2/2006 1/18/2008 Cyber Assets essential to the reliable operation of Critical
Assets.
Curtailment
[Archive]
2/8/2005 3/16/2007 A reduction in the scheduled capacity or energy delivery of
an Interchange Transaction.


Continent-wide
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
Curtailment Threshold
[Archive]
2/8/2005 3/16/2007 The minimum Transfer Distribution Factor which, if
exceeded, will subject an Interchange Transaction to
curtailment to relieve a transmission facility constraint.
Cyber Assets
[Archive]
5/2/2006

1/18/2008 Programmable electronic devices and communication
networks including hardware, software, and data.
Cyber Assets
[Archive]

11/26/12 Programmable electronic devices, including the hardware,
software, and data in those devices.
Cyber Security
Incident
[Archive]
5/2/2006 1/18/2008 Any malicious act or suspicious event that:
Compromises, or was an attempt to compromise, the
Electronic Security Perimeter or Physical Security
Perimeter of a Critical Cyber Asset, or,
Disrupts, or was an attempt to disrupt, the operation of
a Critical Cyber Asset.
Cyber Security
Incident
[Archive]

11/26/12 A malicious act or suspicious event that:
Compromises, or was an attempt to compromise, the
Electronic Security Perimeter or Physical Security
Perimeter or,
Disrupts, or was an attempt to disrupt, the operation of
a BES Cyber System.


Continent-wide
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
Delayed Fault Clearing
[Archive]
11/1/2006 12/27/2007 Fault clearing consistent with correct operation of a breaker
failure protection system and its associated breakers, or of
a backup protection system with an intentional time delay.
Demand
[Archive]
2/8/2005 3/16/2007
1. The rate at which electric energy is delivered to or by a
system or part of a system, generally expressed in
kilowatts or megawatts, at a given instant or averaged
over any designated interval of time.
2. The rate at which energy is being used by the customer.
Demand-Side
Management
[Archive]
DSM 2/8/2005 3/16/2007 The term for all activities or programs undertaken by Load-
Serving Entity or its customers to influence the amount or
timing of electricity they use.
Dial-up Connectivity
[Archive]

11/26/12 A data communication link that is established when the
communication equipment dials a phone number and
negotiates a connection with the equipment on the other
end of the link.
Direct Control Load
Management
[Archive]
DCLM 2/8/2005 3/16/2007 Demand-Side Management that is under the direct control
of the system operator. DCLM may control the electric
supply to individual appliances or equipment on customer
premises. DCLM as defined here does not include
Interruptible Demand.
Dispatch Order
[Archive]
determined. To accomplish this, each generator is ranked by
priority.


Continent-wide
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
Dispersed Load by
Substations
[Archive]
2/8/2005 3/16/2007 Substation load information configured to represent a
system for power flow or system dynamics modeling
purposes, or both.
Distribution Factor
[Archive]
DF 2/8/2005 3/16/2007 The portion of an Interchange Transaction, typically
expressed in per unit that flows across a transmission
facility (Flowgate).
Distribution Provider
[Archive]
DP 2/8/2005 3/16/2007 Provides and operates the wires between the transmission
system and the end-use customer. For those end-use
customers who are served at transmission voltages, the
Transmission Owner also serves as the Distribution
Provider. Thus, the Distribution Provider is not defined by a
specific voltage, but rather as performing the Distribution
function at any voltage.
Disturbance
[Archive]
2/8/2005 3/16/2007
1. An unplanned event that produces an abnormal system
condition.
2. Any perturbation to the electric system.
3. The unexpected change in ACE that is caused by the
sudden failure of generation or interruption of load.
Disturbance Control
Standard
[Archive]
DCS 2/8/2005 3/16/2007 The reliability standard that sets the time limit following a
Disturbance within which a Balancing Authority must return
its Area Control Error to within a specified range.


Continent-wide
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
Disturbance
Monitoring Equipment
[Archive]
DME 8/2/2006 3/16/2007 Devices capable of monitoring and recording system data
pertaining to a Disturbance. Such devices include the
following categories of recorders
2
Sequence of event recorders which record equipment
response to the event
:
Fault recorders, which record actual waveform data
replicating the system primary voltages and currents.
This may include protective relays.
Dynamic Disturbance Recorders (DDRs), which record
incidents that portray power system behavior during
dynamic events such as low-frequency (0.1 Hz 3 Hz)
oscillations and abnormal frequency or voltage
excursions
Dynamic Interchange
Schedule or
Dynamic Schedule
[Archive]
2/8/2005 3/16/2007 A telemetered reading or value that is updated in real time
and used as a schedule in the AGC/ACE equation and the
integrated value of which is treated as a schedule for
interchange accounting purposes. Commonly used for
scheduling jointly owned generation to or from another
Balancing Authority Area.
Dynamic Transfer
[Archive]
2/8/2005 3/16/2007 The provision of the real-time monitoring, telemetering,
computer software, hardware, communications,
engineering, energy accounting (including inadvertent
interchange), and administration required to electronically
move all or a portion of the real energy services associated
with a generator or load out of one Balancing Authority Area
into another.

2
Phasor Measurement Units and any other equipment that meets the functional requirements of DMEs may qualify as DMEs.


Continent-wide
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
Economic Dispatch
[Archive]
2/8/2005 3/16/2007 The allocation of demand to individual generating units on
line to effect the most economical production of electricity.
Electronic Access
Control or Monitoring
Systems
[Archive]
EACMS 11/26/12 Cyber Assets that perform electronic access control or
electronic access monitoring of the Electronic Security
Perimeter(s) or BES Cyber Systems. This includes
Intermediate Devices.
Electronic Access Point
[Archive]

EAP 11/26/12 A Cyber Asset interface on an Electronic Security Perimeter
that allows routable communication between Cyber Assets
outside an Electronic Security Perimeter and Cyber Assets
inside an Electronic Security Perimeter.
Electrical Energy
[Archive]
2/8/2005 3/16/2007 The generation or use of electric power by a device over a
period of time, expressed in kilowatthours (kWh),
megawatthours (MWh), or gigawatthours (GWh).
Electronic Security
Perimeter
[Archive]
ESP 5/2/2006 1/18/2008 The logical border surrounding a network to which Critical
Cyber Assets are connected and for which access is
controlled.
Electronic Security
Perimeter
[Archive]

ESP 11/26/12 The logical border surrounding a network to which BES
Cyber Systems are connected using a routable protocol.
Element
[Archive]
2/8/2005 3/16/2007 Any electrical device with terminals that may be connected
to other electrical devices such as a generator, transformer,
circuit breaker, bus section, or transmission line. An
element may be comprised of one or more components.


Continent-wide
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
Emergency or
BES Emergency
[Archive]
2/8/2005 3/16/2007 Any abnormal system condition that requires automatic or
immediate manual action to prevent or limit the failure of
transmission facilities or generation supply that could
adversely affect the reliability of the Bulk Electric System.
Emergency Rating
[Archive]
2/8/2005 3/16/2007 The rating as defined by the equipment owner that specifies
the level of electrical loading or output, usually expressed in
megawatts (MW) or Mvar or other appropriate units, that a
system, facility, or element can support, produce, or
withstand for a finite period. The rating assumes acceptable
loss of equipment life or other physical or safety limitations
for the equipment involved.
Emergency Request
for Interchange
[Archive]
Emergency
RFI
10/29/2008 12/17/2009 Request for Interchange to be initiated for Emergency or
Energy Emergency conditions.
Energy Emergency
[Archive]
2/8/2005 3/16/2007 A condition when a Load-Serving Entity has exhausted all
other options and can no longer provide its customers
expected energy requirements.
Equipment Rating
[Archive]

2/7/2006 3/16/2007 The maximum and minimum voltage, current, frequency,
real and reactive power flows on individual equipment under
steady state, short-circuit and transient conditions, as
permitted or assigned by the equipment owner.
External Routable
Connectivity
[Archive]

11/26/12 The ability to access a BES Cyber System from a Cyber
Asset that is outside of its associated Electronic Security
Perimeter via a bi-directional routable protocol connection.


Continent-wide
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
Existing Transmission
Commitments
[Archive]
ETC 08/22/2008 11/24/2009 Committed uses of a Transmission Service Providers
Transmission system considered when determining ATC or
AFC.


Continent-wide
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
Facility
[Archive]
2/7/2006 3/16/2007 A set of electrical equipment that operates as a single Bulk
Electric System Element (e.g., a line, a generator, a shunt
compensator, transformer, etc.)
Facility Rating
[Archive]
2/8/2005 3/16/2007 The maximum or minimum voltage, current, frequency, or
real or reactive power flow through a facility that does not
violate the applicable equipment rating of any equipment
comprising the facility.
Fault
[Archive]
2/8/2005 3/16/2007 An event occurring on an electric system such as a short
circuit, a broken wire, or an intermittent connection.
Fire Risk
[Archive]
2/7/2006 3/16/2007 The likelihood that a fire will ignite or spread in a particular
geographic area.
Firm Demand
[Archive]
2/8/2005 3/16/2007 That portion of the Demand that a power supplier is
obligated to provide except when system reliability is
threatened or during emergency conditions.
Firm Transmission
Service
[Archive]
2/8/2005 3/16/2007 The highest quality (priority) service offered to customers
under a filed rate schedule that anticipates no planned
interruption.
Flashover
[Archive]
2/7/2006 3/16/2007 An electrical discharge through air around or over the
surface of insulation, between objects of different potential,
caused by placing a voltage across the air space that results
in the ionization of the air space.
Flowgate
[Archive]
2/8/2005 3/16/2007 A designated point on the transmission system through
which the Interchange Distribution Calculator calculates the
power flow from Interchange Transactions.


Continent-wide
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
Flowgate
[Archive]
08/22/2008 11/24/2009
1.) A portion of the Transmission system through which the
Interchange Distribution Calculator calculates the power
flow from Interchange Transactions.
2.) A mathematical construct, comprised of one or more
monitored transmission Facilities and optionally one or more
contingency Facilities, used to analyze the impact of power
flows upon the Bulk Electric System.
Flowgate Methodology
[Archive]
08/22/2008 11/24/2009 The Flowgate methodology is characterized by identification
of key Facilities as Flowgates. Total Flowgate Capabilities
are determined based on Facility Ratings and voltage and
stability limits. The impacts of Existing Transmission
Commitments (ETCs) are determined by simulation. The
impacts of ETC, Capacity Benefit Margin (CBM) and
Transmission Reliability Margin (TRM) are subtracted from
the Total Flowgate Capability, and Postbacks and
counterflows are added, to determine the Available
Flowgate Capability (AFC) value for that Flowgate. AFCs
can be used to determine Available Transfer Capability
(ATC).
Forced Outage
[Archive]
2/8/2005 3/16/2007
1. The removal from service availability of a generating
unit, transmission line, or other facility for emergency
reasons.
2. The condition in which the equipment is unavailable due
to unanticipated failure.
Frequency Bias
[Archive]
2/8/2005 3/16/2007 A value, usually expressed in megawatts per 0.1 Hertz
(MW/0.1 Hz), associated with a Balancing Authority Area
that approximates the Balancing Authority Areas response
to Interconnection frequency error.


Continent-wide
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
Frequency Bias
Setting
[Archive]
2/8/2005 3/16/2007 A value, usually expressed in MW/0.1 Hz, set into a
Balancing Authority ACE algorithm that allows the Balancing
Authority to contribute its frequency response to the
Interconnection.
Frequency Bias
Setting
[Archive]
2/7/2013 A number, either fixed or variable, usually expressed in
MW/0.1 Hz, included in a Balancing Authoritys Area Control
Error equation to account for the Balancing Authoritys
inverse Frequency Response contribution to the
Interconnection, and discourage response withdrawal
through secondary control systems.
Frequency Deviation
[Archive]
2/8/2005 3/16/2007 A change in Interconnection frequency.
Frequency Error
[Archive]
2/8/2005 3/16/2007 The difference between the actual and scheduled frequency.
(F
A
F
S
)
Frequency Regulation
[Archive]
2/8/2005 3/16/2007 The ability of a Balancing Authority to help the
Interconnection maintain Scheduled Frequency. This
assistance can include both turbine governor response and
Automatic Generation Control.
Frequency Response
[Archive]
2/8/2005 3/16/2007 (Equipment) The ability of a system or elements of the
system to react or respond to a change in system
frequency.
(System) The sum of the change in demand, plus the
change in generation, divided by the change in frequency,
expressed in megawatts per 0.1 Hertz (MW/0.1 Hz).


Continent-wide
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
Frequency Response
Measure
[Archive]
FRM 2/7/2013 The median of all the Frequency Response observations
reported annually by Balancing Authorities or Frequency
Response Sharing Groups for frequency events specified by
the ERO. This will be calculated as MW/0.1Hz.
Frequency Response
Obligation
[Archive]
FRO 2/7/2013 The Balancing Authoritys share of the required Frequency
Response needed for the reliable operation of an
Interconnection. This will be calculated as MW/0.1Hz.


Continent-wide
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
Frequency Response
Sharing Group
[Archive]
FRSG 2/7/2013 A group whose members consist of two or more Balancing
Authorities that collectively maintain, allocate, and supply
operating resources required to jointly meet the sum of the
Frequency Response Obligations of its members.
Generator Operator
[Archive]
GOP 2/8/2005 3/16/2007 The entity that operates generating unit(s) and performs
the functions of supplying energy and Interconnected
Operations Services.
Generator Owner
[Archive]
GO 2/8/2005 3/16/2007 Entity that owns and maintains generating units.
Generator Shift Factor
[Archive]
GSF 2/8/2005 3/16/2007 A factor to be applied to a generators expected change in
output to determine the amount of flow contribution that
change in output will impose on an identified transmission
facility or Flowgate.
Generator-to-Load
Distribution Factor
[Archive]
GLDF 2/8/2005 3/16/2007 The algebraic sum of a Generator Shift Factor and a Load
Shift Factor to determine the total impact of an Interchange
Transaction on an identified transmission facility or
Flowgate.
Generation Capability
Import Requirement
[Archive]
GCIR 11/13/2008 11/24/2009 The amount of generation capability from external sources
identified by a Load-Serving Entity (LSE) or Resource
Planner (RP) to meet its generation reliability or resource
adequacy requirements as an alternative to internal
resources.


Continent-wide
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
Host Balancing
Authority
[Archive]
2/8/2005 3/16/2007
1. A Balancing Authority that confirms and implements
Interchange Transactions for a Purchasing Selling Entity
that operates generation or serves customers directly
within the Balancing Authoritys metered boundaries.
2. The Balancing Authority within whose metered
boundaries a jointly owned unit is physically located.
Hourly Value
[Archive]
2/8/2005 3/16/2007 Data measured on a Clock Hour basis.


Continent-wide
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
Implemented
Interchange
[Archive]
5/2/2006 3/16/2007 The state where the Balancing Authority enters the
Confirmed Interchange into its Area Control Error equation.
Inadvertent
Interchange
[Archive]
2/8/2005 3/16/2007 The difference between the Balancing Authoritys Net
Actual Interchange and Net Scheduled Interchange.
(I
A
I
S
)
Independent Power
Producer
[Archive]
IPP 2/8/2005 3/16/2007 Any entity that owns or operates an electricity generating
facility that is not included in an electric utilitys rate base.
This term includes, but is not limited to, cogenerators and
small power producers and all other nonutility electricity
producers, such as exempt wholesale generators, who sell
electricity.
Institute of Electrical
and Electronics
Engineers, Inc.
[Archive]
IEEE 2/7/2006 3/16/2007


Continent-wide
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
Interactive Remote
Access
[Archive]

11/26/12 User-initiated access by a person employing a remote
access client or other remote access technology using a
routable protocol. Remote access originates from a Cyber
Asset that is not an Intermediate Device and not located
within any of the Responsible Entitys Electronic Security
Perimeter(s) or at a defined Electronic Access Point (EAP).
Remote access may be initiated from: 1) Cyber Assets used
or owned by the Responsible Entity, 2) Cyber Assets used
or owned by employees, and 3) Cyber Assets used or
owned by vendors, contractors, or consultants. Interactive
remote access does not include system-to-system process
communications.
Interchange
[Archive]
5/2/2006 3/16/2007 Energy transfers that cross Balancing Authority boundaries.
Interchange Authority
[Archive]
IA 5/2/2006 3/16/2007 The responsible entity that authorizes implementation of
valid and balanced Interchange Schedules between
Balancing Authority Areas, and ensures communication of
Interchange information for reliability assessment
purposes.
Interchange
Distribution Calculator
[Archive]
IDC 2/8/2005 3/16/2007 The mechanism used by Reliability Coordinators in the
Eastern Interconnection to calculate the distribution of
Interchange Transactions over specific Flowgates. It
includes a database of all Interchange Transactions and a
matrix of the Distribution Factors for the Eastern
Interconnection.


Continent-wide
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
Interchange Schedule
[Archive]
2/8/2005 3/16/2007 An agreed-upon Interchange Transaction size (megawatts),
start and end time, beginning and ending ramp times and
rate, and type required for delivery and receipt of power
and energy between the Source and Sink Balancing
Authorities involved in the transaction.
Interchange
Transaction
[Archive]
2/8/2005 3/16/2007 An agreement to transfer energy from a seller to a buyer
that crosses one or more Balancing Authority Area
boundaries.
Interchange
Transaction Tag
or
Tag
[Archive]
2/8/2005 3/16/2007 The details of an Interchange Transaction required for its
physical implementation.
Interconnected
Operations Service
[Archive]
2/8/2005 3/16/2007 A service (exclusive of basic energy and transmission
services) that is required to support the reliable operation
of interconnected Bulk Electric Systems.
Interconnection
[Archive]
2/8/2005 3/16/2007 When capitalized, any one of the three major electric
system networks in North America: Eastern, Western, and
ERCOT.
Interconnection
Reliability Operating
Limit
[Archive]
IROL 2/8/2005 3/16/2007
Retired
12/27/2007
The value (such as MW, MVar, Amperes, Frequency or
Volts) derived from, or a subset of the System Operating
Limits, which if exceeded, could expose a widespread area
of the Bulk Electric System to instability, uncontrolled
separation(s) or cascading outages.


Continent-wide
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
Interconnection
Limit
[Archive]
IROL 11/1/2006 12/27/2007 A System Operating Limit that, if violated, could lead to
instability, uncontrolled separation, or Cascading outages
3
Interconnection
Limit T
v

that adversely impact the reliability of the Bulk Electric
System.
[Archive]
IROL T
v
11/1/2006 12/27/2007 The maximum time that an Interconnection Reliability
Operating Limit can be violated before the risk to the
interconnection or other Reliability Coordinator Area(s)
becomes greater than acceptable. Each Interconnection
Reliability Operating Limits T
v
shall be less than or equal to
30 minutes.
Intermediate
Balancing Authority
[Archive]
2/8/2005 3/16/2007 A Balancing Authority Area that has connecting facilities in
the Scheduling Path between the Sending Balancing
Authority Area and Receiving Balancing Authority Area and
operating agreements that establish the conditions for the
use of such facilities.
Intermediate System
[Archive]

11/26/12 A Cyber Asset or collection of Cyber Assets performing
access control to restrict Interactive Remote Access to only
authorized users. The Intermediate System must not be
located inside the Electronic Security Perimeter.
Interpersonal
Communication
[Archive]
11/7/2012 Any medium that allows two or more individuals to interact,
consult, or exchange information.

3
On September 13, 2012, FERC issued an Order approving NERCs request to modify the reference to Cascading Outages to Cascading
outages within the definition of IROL due to the fact that the definition of Cascading Outages was previously remanded by FERC.


Continent-wide
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
Interruptible Load
or
Interruptible Demand
[Archive]
11/1/2006 3/16/2007 Demand that the end-use customer makes available to its
Load-Serving Entity via contract or agreement for
curtailment.
Joint Control
[Archive]
2/8/2005 3/16/2007 Automatic Generation Control of jointly owned units by two
or more Balancing Authorities.


Continent-wide
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
Limiting Element
[Archive]
2/8/2005 3/16/2007 The element that is 1. )Either operating at its appropriate
rating, or 2,) Would be following the limiting contingency.
Thus, the Limiting Element establishes a system limit.
Load
[Archive]
2/8/2005 3/16/2007 An end-use device or customer that receives power from the
electric system.
Load Shift Factor
[Archive]
LSF 2/8/2005 3/16/2007 A factor to be applied to a loads expected change in demand
to determine the amount of flow contribution that change in
demand will impose on an identified transmission facility or
monitored Flowgate.
Load-Serving Entity
[Archive]
LSE 2/8/2005 3/16/2007 Secures energy and transmission service (and related
Interconnected Operations Services) to serve the electrical
demand and energy requirements of its end-use customers.
Long-Term
Transmission Planning
Horizon
[Archive]
8/4/2011 Transmission planning period that covers years six through
ten or beyond when required to accommodate any known
longer lead time projects that may take longer than ten years
to complete.
Market Flow
[Archive]
11/4/2010 4/21/2011 The total amount of power flowing across a specified Facility
or set of Facilities due to a market dispatch of generation
internal to the market to serve load internal to the market.
Minimum Vegetation
Clearance Distance
[Archive]
MVCD 11/3/2011 3/21/2013
(Becomes
effective
7/1/14)
The calculated minimum distance stated in feet (meters) to
prevent flash-over between conductors and vegetation, for
various altitudes and operating voltages.


Continent-wide
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
Misoperation
[Archive]
2/7/2006 3/16/2007
Any failure of a Protection System element to operate
within the specified time when a fault or abnormal
condition occurs within a zone of protection.
Any operation for a fault not within a zone of protection
(other than operation as backup protection for a fault in
an adjacent zone that is not cleared within a specified
time for the protection for that zone).
Any unintentional Protection System operation when no
fault or other abnormal condition has occurred unrelated
to on-site maintenance and testing activity.


Continent-wide
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
Native Load
[Archive]
2/8/2005 3/16/2007 The end-use customers that the Load-Serving Entity is
obligated to serve.
Near-Term
Transmission Planning
Horizon
[Archive]
1/24/2011 11/17/2011 The transmission planning period that covers Year One
through five.
Net Actual Interchange
[Archive]
2/8/2005 3/16/2007 The algebraic sum of all metered interchange over all
interconnections between two physically Adjacent Balancing
Authority Areas.
Net Energy for Load
[Archive]
2/8/2005 3/16/2007 Net Balancing Authority Area generation, plus energy
received from other Balancing Authority Areas, less energy
delivered to Balancing Authority Areas through interchange.
It includes Balancing Authority Area losses but excludes
energy required for storage at energy storage facilities.
Net Interchange
Schedule
[Archive]
2/8/2005 3/16/2007 The algebraic sum of all Interchange Schedules with each
Adjacent Balancing Authority.
Net Scheduled
Interchange
[Archive]
2/8/2005 3/16/2007 The algebraic sum of all Interchange Schedules across a
given path or between Balancing Authorities for a given
period or instant in time.
Network Integration
[Archive]
2/8/2005 3/16/2007 Service that allows an electric transmission customer to
integrate, plan, economically dispatch and regulate its
network reserves in a manner comparable to that in which
the Transmission Owner serves Native Load customers.


Continent-wide
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
Non-Consequential
Load Loss
[Archive]
8/4/2011 Non-Interruptible Load loss that does not include: (1)
Consequential Load Loss, (2) the response of voltage
sensitive Load, or (3) Load that is disconnected from the
System by end-user equipment.
Non-Firm Transmission
Service
[Archive]
2/8/2005 3/16/2007 Transmission service that is reserved on an as-available
basis and is subject to curtailment or interruption.
Non-Spinning Reserve
[Archive]
2/8/2005 3/16/2007
1. That generating reserve not connected to the system but
capable of serving demand within a specified time.
2. Interruptible load that can be removed from the system in
a specified time.
Normal Clearing
[Archive]
11/1/2006 12/27/2007 A protection system operates as designed and the fault is
cleared in the time normally expected with proper
functioning of the installed protection systems.
Normal Rating
[Archive]
2/8/2005 3/16/2007 The rating as defined by the equipment owner that specifies
the level of electrical loading, usually expressed in
megawatts (MW) or other appropriate units that a system,
facility, or element can support or withstand through the
daily demand cycles without loss of equipment life.
Nuclear Plant
Generator Operator
[Archive]
5/2/2007 10/16/2008 Any Generator Operator or Generator Owner that is a
Nuclear Plant Licensee responsible for operation of a nuclear
facility licensed to produce commercial power.
Nuclear Plant Off-site
Power Supply (Off-site
Power)
[Archive]
5/2/2007 10/16/2008 The electric power supply provided from the electric system
to the nuclear power plant distribution system as required
per the nuclear power plant license.


Continent-wide
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
Nuclear Plant Licensing
Requirements
[Archive]
NPLRs 5/2/2007 10/16/2008 Requirements included in the design basis of the nuclear
plant and statutorily mandated for the operation of the plant,
including nuclear power plant licensing requirements for:
1) Off-site power supply to enable safe shutdown of the
plant during an electric system or plant event; and
2) Avoiding preventable challenges to nuclear safety as a
result of an electric system disturbance, transient, or
condition.
Nuclear Plant Interface
Requirements
[Archive]
NPIRs 5/2/2007 10/16/2008 The requirements based on NPLRs and Bulk Electric System
requirements that have been mutually agreed to by the
Nuclear Plant Generator Operator and the applicable
Transmission Entities.


Continent-wide
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
Off-Peak
[Archive]
2/8/2005 3/16/2007 Those hours or other periods defined by NAESB business
practices, contract, agreements, or guides as periods of
lower electrical demand.
On-Peak
[Archive]
2/8/2005 3/16/2007 Those hours or other periods defined by NAESB business
practices, contract, agreements, or guides as periods of
higher electrical demand.
Open Access Same
Time Information
Service
[Archive]
OASIS 2/8/2005 3/16/2007 An electronic posting system that the Transmission Service
Provider maintains for transmission access data and that
allows all transmission customers to view the data
simultaneously.
Open Access
Transmission Tariff
[Archive]
OATT 2/8/2005 3/16/2007 Electronic transmission tariff accepted by the U.S. Federal
Energy Regulatory Commission requiring the Transmission
Service Provider to furnish to all shippers with non-
discriminating service comparable to that provided by
Transmission Owners to themselves.
Operating Plan
[Archive]
2/7/2006 3/16/2007 A document that identifies a group of activities that may be
used to achieve some goal. An Operating Plan may contain
Operating Procedures and Operating Processes. A
company-specific system restoration plan that includes an
Operating Procedure for black-starting units, Operating
Processes for communicating restoration progress with
other entities, etc., is an example of an Operating Plan.


Continent-wide
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
Operating Procedure
[Archive]
2/7/2006 3/16/2007 A document that identifies specific steps or tasks that
should be taken by one or more specific operating positions
to achieve specific operating goal(s). The steps in an
Operating Procedure should be followed in the order in
which they are presented, and should be performed by the
position(s) identified. A document that lists the specific
steps for a system operator to take in removing a specific
transmission line from service is an example of an
Operating Procedure.
Operating Process
[Archive]
2/7/2006 3/16/2007 A document that identifies general steps for achieving a
generic operating goal. An Operating Process includes steps
with options that may be selected depending upon Real-
time conditions. A guideline for controlling high voltage is
an example of an Operating Process.
Operating Reserve
[Archive]
2/8/2005 3/16/2007 That capability above firm system demand required to
provide for regulation, load forecasting error, equipment
forced and scheduled outages and local area protection. It
consists of spinning and non-spinning reserve.
Operating Reserve
Spinning
[Archive]
2/8/2005 3/16/2007 The portion of Operating Reserve consisting of:
Generation synchronized to the system and fully
available to serve load within the Disturbance Recovery
Period following the contingency event; or
Load fully removable from the system within the
Disturbance Recovery Period following the contingency
event.


Continent-wide
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
Operating Reserve
Supplemental
[Archive]
2/8/2005 3/16/2007 The portion of Operating Reserve consisting of:
Generation (synchronized or capable of being
synchronized to the system) that is fully available to
serve load within the Disturbance Recovery Period
following the contingency event; or
Load fully removable from the system within the
Disturbance Recovery Period following the contingency
event.
Operating Voltage
[Archive]
2/7/2006 3/16/2007 The voltage level by which an electrical system is
designated and to which certain operating characteristics of
the system are related; also, the effective (root-mean-
square) potential difference between any two conductors or
between a conductor and the ground. The actual voltage of
the circuit may vary somewhat above or below this value.
Operational Planning
Analysis
[Archive]
10/17/2008 3/17/2011 An analysis of the expected system conditions for the next
days operation. (That analysis may be performed either a
day ahead or as much as 12 months ahead.) Expected
system conditions include things such as load forecast(s),
generation output levels, and known system constraints
(transmission facility outages, generator outages,
equipment limitations, etc.).
Outage Transfer
Distribution Factor
[Archive]
OTDF 8/22/2008 11/24/2009 In the post-contingency configuration of a system under
study, the electric Power Transfer Distribution Factor (PTDF)
with one or more system Facilities removed from service
(outaged).


Continent-wide
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
Overlap Regulation
Service
[Archive]
2/8/2005 3/16/2007 A method of providing regulation service in which the
Balancing Authority providing the regulation service
incorporates another Balancing Authoritys actual
interchange, frequency response, and schedules into
providing Balancing Authoritys AGC/ACE equation.


Continent-wide
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
Participation Factors
[Archive]
determined. To accomplish this, generators are assigned a
percentage that they will contribute to serve load.
Peak Demand
[Archive]
2/8/2005 3/16/2007
1. The highest hourly integrated Net Energy For Load
within a Balancing Authority Area occurring within a
given period (e.g., day, month, season, or year).
2. The highest instantaneous demand within the Balancing
Authority Area.
Performance-Reset
Period
[Archive]
2/7/2006 3/16/2007 The time period that the entity being assessed must
operate without any violations to reset the level of non
compliance to zero.
Physical Access
Control Systems
[Archive]

PACS 11/26/12 Cyber Assets that control, alert, or log access to the
Physical Security Perimeter(s), exclusive of locally mounted
hardware or devices at the Physical Security Perimeter such
as motion sensors, electronic lock control mechanisms, and
badge readers.
Physical Security
Perimeter
[Archive]
PSP 5/2/2006 1/18/2008 The physical, completely enclosed (six-wall) border
surrounding computer rooms, telecommunications rooms,
operations centers, and other locations in which Critical
Cyber Assets are housed and for which access is controlled.
Physical Security
Perimeter
[Archive]

PSP 11/26/12 The physical border surrounding locations in which BES
Cyber Assets, BES Cyber Systems, or Electronic Access
Control or Monitoring Systems reside, and for which access
is controlled.


Continent-wide
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
Planning Assessment
[Archive]
8/4/2011 Documented evaluation of future Transmission system
performance and Corrective Action Plans to remedy
identified deficiencies.
Planning Authority
[Archive]
PA 2/8/2005 3/16/2007 The responsible entity that coordinates and integrates
transmission facility and service plans, resource plans, and
protection systems.
[Archive]
PC 8/22/2008 11/24/2009 See Planning Authority.
Point of Delivery
[Archive]
POD 2/8/2005 3/16/2007 A location that the Transmission Service Provider specifies
on its transmission system where an Interchange
Transaction leaves or a Load-Serving Entity receives its
energy.
Point of Receipt
[Archive]
POR 2/8/2005 3/16/2007 A location that the Transmission Service Provider specifies
on its transmission system where an Interchange
Transaction enters or a Generator delivers its output.
Point to Point
[Archive]
PTP 2/8/2005 3/16/2007 The reservation and transmission of capacity and energy on
either a firm or non-firm basis from the Point(s) of Receipt
to the Point(s) of Delivery.
Postback
[Archive]
08/22/2008 Not
approved;
Modification
directed
11/24/09
Positive adjustments to ATC or AFC as defined in Business
Practices. Such Business Practices may include processing
of redirects and unscheduled service.


Continent-wide
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
Power Transfer
Distribution Factor
[Archive]
PTDF 08/22/2008 11/24/2009 In the pre-contingency configuration of a system under
study, a measure of the responsiveness or change in
electrical loadings on transmission system Facilities due to
a change in electric power transfer from one area to
another, expressed in percent (up to 100%) of the change
in power transfer
Pro Forma Tariff
[Archive]
2/8/2005 3/16/2007 Usually refers to the standard OATT and/or associated
transmission rights mandated by the U.S. Federal Energy
Regulatory Commission Order No. 888.
Protected Cyber
Assets
[Archive]

PCA 11/26/12 One or more Cyber Assets connected using a routable
protocol within or on an Electronic Security Perimeter that
is not part of the highest impact BES Cyber System within
the same Electronic Security Perimeter. The impact rating
of Protected Cyber Assets is equal to the highest rated BES
Cyber System in the same ESP. A Cyber Asset is not a
Protected Cyber Asset if, for 30 consecutive calendar days
or less, it is connected either to a Cyber Asset within the
ESP or to the network within the ESP, and it is used for
data transfer, vulnerability assessment, maintenance, or
troubleshooting purposes.
Protection System
[Archive]
2/7/2006 3/17/2007
retired
4/1/2013
Protective relays, associated communication systems,
voltage and current sensing devices, station batteries and
DC control circuitry.


Continent-wide
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
Protection System
4
[

Archive]
[Implementation Plan]

11/19/2010 2/3/2012 Protection System
Protective relays which respond to electrical quantities,
Communications systems necessary for correct
operation of protective functions
Voltage and current sensing devices providing inputs to
protective relays,
Station dc supply associated with protective functions
(including batteries, battery chargers, and non-battery-
based dc supply), and
Control circuitry associated with protective functions
through the trip coil(s) of the circuit breakers or other
interrupting devices.

4
This termbecomes effective on April 1, 2013.


Continent-wide
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
Protection System
Maintenance Program
[Archive]
PSMP 11/7/2012
An ongoing program by which Protection System
components are kept in working order and proper operation
of malfunctioning components is restored. A maintenance
program for a specific component includes one or more of
the following activities:
Verify Determine that the component is functioning
correctly.
Monitor Observe the routine in-service operation of the
component.
Test Apply signals to a component to observe functional
performance or output behavior, or to diagnose problems.
Inspect Examine for signs of component failure, reduced
performance or degradation.
Calibrate Adjust the operating threshold or measurement
accuracy of a measuring element to meet the intended
performance requirement.
Pseudo-Tie
[Archive]
2/8/2005 3/16/2007 A telemetered reading or value that is updated in real time
and used as a virtual tie line flow in the AGC/ACE
equation but for which no physical tie or energy metering
actually exists. The integrated value is used as a metered
MWh value for interchange accounting purposes.
Purchasing-Selling
Entity
[Archive]
PSE 2/8/2005 3/16/2007 The entity that purchases or sells, and takes title to,
energy, capacity, and Interconnected Operations Services.
Purchasing-Selling Entities may be affiliated or unaffiliated
merchants and may or may not own generating facilities.


Continent-wide
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
Ramp Rate
or
Ramp
[Archive]
2/8/2005 3/16/2007 (Schedule) The rate, expressed in megawatts per minute,
at which the interchange schedule is attained during the
ramp period.
(Generator) The rate, expressed in megawatts per minute,
that a generator changes its output.
Rated Electrical
Operating Conditions
[Archive]
2/7/2006 3/16/2007 The specified or reasonably anticipated conditions under
which the electrical system or an individual electrical circuit
is intend/designed to operate
Rating
[Archive]
2/8/2005 3/16/2007 The operational limits of a transmission system element
under a set of specified conditions.
Rated System Path
Methodology
[Archive]
08/22/2008 11/24/2009 The Rated System Path Methodology is characterized by an
initial Total Transfer Capability (TTC), determined via
simulation. Capacity Benefit Margin, Transmission
Reliability Margin, and Existing Transmission Commitments
are subtracted from TTC, and Postbacks and counterflows
are added as applicable, to derive Available Transfer
Capability. Under the Rated System Path Methodology, TTC
results are generally reported as specific transmission path
capabilities.


Continent-wide
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
Reactive Power
[Archive]
2/8/2005 3/16/2007 The portion of electricity that establishes and sustains the
electric and magnetic fields of alternating-current
equipment. Reactive power must be supplied to most
types of magnetic equipment, such as motors and
transformers. It also must supply the reactive losses on
transmission facilities. Reactive power is provided by
generators, synchronous condensers, or electrostatic
equipment such as capacitors and directly influences
electric system voltage. It is usually expressed in kilovars
(kvar) or megavars (Mvar).
Real Power
[Archive]
2/8/2005 3/16/2007 The portion of electricity that supplies energy to the load.
Reallocation
[Archive]
2/8/2005 3/16/2007 The total or partial curtailment of Transactions during TLR
Level 3a or 5a to allow Transactions using higher priority to
be implemented.
Real-time
[Archive]
2/7/2006 3/16/2007 Present time as opposed to future time. (From
Interconnection Reliability Operating Limits standard.)
Real-time Assessment
[Archive]
10/17/2008 3/17/2011 An examination of existing and expected system conditions,
conducted by collecting and reviewing immediately
available data
Receiving Balancing
Authority
[Archive]
2/8/2005 3/16/2007 The Balancing Authority importing the Interchange.


Continent-wide
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
Regional Reliability
Organization
[Archive]
RRO 2/8/2005 3/16/2007 1. An entity that ensures that a defined area of the Bulk
Electric System is reliable, adequate and secure.
2. A member of the North American Electric Reliability
Council. The Regional Reliability Organization can serve
as the Compliance Monitor.
Regional Reliability
Plan
[Archive]
2/8/2005 3/16/2007 The plan that specifies the Reliability Coordinators and
Balancing Authorities within the Regional Reliability
Organization, and explains how reliability coordination will
be accomplished.
Regulating Reserve
[Archive]
2/8/2005 3/16/2007 An amount of reserve responsive to Automatic Generation
Control, which is sufficient to provide normal regulating
margin.
Regulation Service
[Archive]
2/8/2005 3/16/2007 The process whereby one Balancing Authority contracts to
provide corrective response to all or a portion of the ACE of
another Balancing Authority. The Balancing Authority
providing the response assumes the obligation of meeting
all applicable control criteria as specified by NERC for itself
and the Balancing Authority for which it is providing the
Regulation Service.
Reliability Adjustment
RFI
[Archive]
10/29/2008 12/17/2009 Request to modify an Implemented Interchange Schedule
for reliability purposes.


Continent-wide
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
[Archive]
RC 2/8/2005 3/16/2007 The entity that is the highest level of authority who is
responsible for the reliable operation of the Bulk Electric
System, has the Wide Area view of the Bulk Electric
System, and has the operating tools, processes and
procedures, including the authority to prevent or mitigate
emergency operating situations in both next-day analysis
and real-time operations. The Reliability Coordinator has
the purview that is broad enough to enable the calculation
of Interconnection Reliability Operating Limits, which may
be based on the operating parameters of transmission
systems beyond any Transmission Operators vision.
Area
[Archive]
2/8/2005 3/16/2007 The collection of generation, transmission, and loads within
the boundaries of the Reliability Coordinator. Its boundary
coincides with one or more Balancing Authority Areas.
Information System
[Archive]
RCIS 2/8/2005 3/16/2007 The system that Reliability Coordinators use to post
messages and share operating information in real time.
Reliability Directive
[Archive]
8/16/2012
A communication initiated by a Reliability Coordinator,
Transmission Operator, or Balancing Authority where action
by the recipient is necessary to address an Emergency or
Adverse Reliability Impact.
Remedial Action
Scheme
[Archive]
RAS 2/8/2005 3/16/2007 See Special Protection System
Reportable Cyber
Security Incident
[Archive]

11/26/12 A Cyber Security Incident that has compromised or
disrupted one or more reliability tasks of a functional entity.


Continent-wide
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
Reliability Standard
[Archive]

5/9/2013 7/9/2013
A requirement, approved by the United States Federal
Energy Regulatory Commission under this Section 215 of
the Federal Power Act, or approved or recognized by an
applicable governmental authority in other jurisdictions, to
provide for reliable operation [Reliable Operation] of the
bulk-power system [Bulk-Power System]. The term
includes requirements for the operation of existing bulk-
power system [Bulk-Power System] facilities, including
cybersecurity protection, and the design of planned
additions or modifications to such facilities to the extent
necessary to provide for reliable operation [Reliable
Operation] of the bulk-power system [Bulk-Power System],
but the term does not include any requirement to enlarge
such facilities or to construct new transmission capacity or
generation capacity.

Reliable Operation
[Archive]
5/9/2013 7/9/2013
Operating the elements of the bulk-power system [Bulk-
Power System] within equipment and electric system
thermal, voltage, and stability limits so that instability,
uncontrolled separation, or cascading failures of such
system will not occur as a result of a sudden disturbance,
including a cybersecurity incident, or unanticipated failure
of system elements.
Reportable
Disturbance
[Archive]
2/8/2005 3/16/2007 Any event that causes an ACE change greater than or equal
to 80% of a Balancing Authoritys or reserve sharing
groups most severe contingency. The definition of a
reportable disturbance is specified by each Regional
Reliability Organization. This definition may not be
retroactively adjusted in response to observed
performance.


Continent-wide
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
Request for
Interchange
[Archive]
RFI 5/2/2006 3/16/2007 A collection of data as defined in the NAESB RFI Datasheet,
to be submitted to the Interchange Authority for the
purpose of implementing bilateral Interchange between a
Source and Sink Balancing Authority.
Reserve Sharing
Group
[Archive]
RSG 2/8/2005 3/16/2007 A group whose members consist of two or more Balancing
Authorities that collectively maintain, allocate, and supply
operating reserves required for each Balancing Authoritys
use in recovering from contingencies within the group.
Scheduling energy from an Adjacent Balancing Authority to
aid recovery need not constitute reserve sharing provided
the transaction is ramped in over a period the supplying
party could reasonably be expected to load generation in
(e.g., ten minutes). If the transaction is ramped in quicker
(e.g., between zero and ten minutes) then, for the
purposes of Disturbance Control Performance, the Areas
become a Reserve Sharing Group.
Resource Planner
[Archive]
RP 2/8/2005 3/16/2007 The entity that develops a long-term (generally one year
and beyond) plan for the resource adequacy of specific
loads (customer demand and energy requirements) within
a Planning Authority Area.
Response Rate
[Archive]
2/8/2005 3/16/2007 The Ramp Rate that a generating unit can achieve under
normal operating conditions expressed in megawatts per
minute (MW/Min).
Right-of-Way
[Archive]
ROW 2/7/2006 3/16/2007 A corridor of land on which electric lines may be located.
The Transmission Owner may own the land in fee, own an
easement, or have certain franchise, prescription, or license
rights to construct and maintain lines.


Continent-wide
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
Right-of-Way
[Archive]
ROW 11/3/2011 3/21/2013
(Becomes
inactive
6/30/14)
The corridor of land under a transmission line(s) needed to
operate the line(s). The width of the corridor is established
by engineering or construction standards as documented in
either construction documents, pre-2007 vegetation
maintenance records, or by the blowout standard in effect
when the line was built. The ROW width in no case exceeds
the Transmission Owners legal rights but may be less
based on the aforementioned criteria.
Right-of-Way
[Archive]
ROW 5/9/12 (Becomes
effective
7/1/14)
The corridor of land under a transmission line(s) needed to
operate the line(s). The width of the corridor is established
by engineering or construction standards as documented in
either construction documents, pre-2007 vegetation
maintenance records, or by the blowout standard in effect
when the line was built. The ROW width in no case exceeds
the applicable Transmission Owners or applicable
Generator Owners legal rights but may be less based on
the aforementioned criteria.


Continent-wide
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
Scenario
[Archive]
2/7/2006 3/16/2007 Possible event.
Schedule
[Archive]
2/8/2005 3/16/2007 (Verb) To set up a plan or arrangement for an Interchange
Transaction.
(Noun) An Interchange Schedule.
Scheduled Frequency
[Archive]
2/8/2005 3/16/2007 60.0 Hertz, except during a time correction.
Scheduling Entity
[Archive]
2/8/2005 3/16/2007 An entity responsible for approving and implementing
Interchange Schedules.
Scheduling Path
[Archive]
2/8/2005 3/16/2007 The Transmission Service arrangements reserved by the
Purchasing-Selling Entity for a Transaction.
Sending Balancing
Authority
[Archive]
2/8/2005 3/16/2007 The Balancing Authority exporting the Interchange.
Sink Balancing
Authority
[Archive]
2/8/2005 3/16/2007 The Balancing Authority in which the load (sink) is located for
an Interchange Transaction. (This will also be a Receiving
Balancing Authority for the resulting Interchange Schedule.)
Source Balancing
Authority
[Archive]
2/8/2005 3/16/2007 The Balancing Authority in which the generation (source) is
located for an Interchange Transaction. (This will also be a
Sending Balancing Authority for the resulting Interchange
Schedule.)


Continent-wide
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
Special Protection
System
(Remedial Action
Scheme)
[Archive]
SPS 2/8/2005 3/16/2007 An automatic protection system designed to detect abnormal
or predetermined system conditions, and take corrective
actions other than and/or in addition to the isolation of faulted
components to maintain system reliability. Such action may
include changes in demand, generation (MW and Mvar), or
system configuration to maintain system stability, acceptable
voltage, or power flows. An SPS does not include (a)
underfrequency or undervoltage load shedding or (b) fault
conditions that must be isolated or (c) out-of-step relaying
(not designed as an integral part of an SPS). Also called
Remedial Action Scheme.
Spinning Reserve
[Archive]
2/8/2005 3/16/2007 Unloaded generation that is synchronized and ready to serve
additional demand.
Stability
[Archive]
2/8/2005 3/16/2007 The ability of an electric system to maintain a state of
equilibrium during normal and abnormal conditions or
disturbances.
Stability Limit
[Archive]
2/8/2005 3/16/2007 The maximum power flow possible through some particular
point in the system while maintaining stability in the entire
system or the part of the system to which the stability limit
refers.
Supervisory Control
and Data Acquisition
[Archive]
SCADA 2/8/2005 3/16/2007 A system of remote control and telemetry used to monitor
and control the transmission system.
Supplemental
Regulation Service
[Archive]
2/8/2005 3/16/2007 A method of providing regulation service in which the
Balancing Authority providing the regulation service receives a
signal representing all or a portion of the other Balancing
Authoritys ACE.


Continent-wide
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
Surge
[Archive]
2/8/2005 3/16/2007 A transient variation of current, voltage, or power flow in an
electric circuit or across an electric system.
Sustained Outage
[Archive]
2/7/2006 3/16/2007 The deenergized condition of a transmission line resulting
from a fault or disturbance following an unsuccessful
automatic reclosing sequence and/or unsuccessful manual
reclosing procedure.
System
[Archive]
2/8/2005 3/16/2007 A combination of generation, transmission, and distribution
components.
System Operating
Limit
[Archive]
SOL 2/8/2005 3/16/2007 The value (such as MW, MVar, Amperes, Frequency or Volts)
that satisfies the most limiting of the prescribed operating
criteria for a specified system configuration to ensure
operation within acceptable reliability criteria. System
Operating Limits are based upon certain operating criteria.
These include, but are not limited to:
Facility Ratings (Applicable pre- and post-Contingency
equipment or facility ratings)
Transient Stability Ratings (Applicable pre- and post-
Contingency Stability Limits)
Voltage Stability Ratings (Applicable pre- and post-
Contingency Voltage Stability)
System Voltage Limits (Applicable pre- and post-
Contingency Voltage Limits)
System Operator
[Archive]
2/8/2005 3/16/2007 An individual at a control center (Balancing Authority,
Transmission Operator, Generator Operator, Reliability
Coordinator) whose responsibility it is to monitor and control
that electric system in real time.


Continent-wide
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
Telemetering
[Archive]
2/8/2005 3/16/2007 The process by which measurable electrical quantities from
substations and generating stations are instantaneously
transmitted to the control center, and by which operating
commands from the control center are transmitted to the
substations and generating stations.
Thermal Rating
[Archive]
2/8/2005 3/16/2007 The maximum amount of electrical current that a
transmission line or electrical facility can conduct over a
specified time period before it sustains permanent damage
by overheating or before it sags to the point that it violates
public safety requirements.
Tie Line
[Archive]
2/8/2005 3/16/2007 A circuit connecting two Balancing Authority Areas.
Tie Line Bias
[Archive]
2/8/2005 3/16/2007 A mode of Automatic Generation Control that allows the
Balancing Authority to 1.) maintain its Interchange
Schedule and 2.) respond to Interconnection frequency
error.
Time Error
[Archive]
2/8/2005 3/16/2007 The difference between the Interconnection time measured
at the Balancing Authority(ies) and the time specified by the
National Institute of Standards and Technology. Time error
is caused by the accumulation of Frequency Error over a
given period.
Time Error Correction
[Archive]
2/8/2005 3/16/2007 An offset to the Interconnections scheduled frequency to
return the Interconnections Time Error to a predetermined
value.


Continent-wide
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
TLR Log
[Archive]
2/8/2005 3/16/2007 Report required to be filed after every TLR Level 2 or higher
in a specified format. The NERC IDC prepares the report for
review by the issuing Reliability Coordinator. After approval
by the issuing Reliability Coordinator, the report is
electronically filed in a public area of the NERC Web site.
Total Flowgate
Capability
[Archive]
TFC 08/22/2008 11/24/2009 The maximum flow capability on a Flowgate, is not to
exceed its thermal rating, or in the case of a flowgate used
to represent a specific operating constraint (such as a
voltage or stability limit), is not to exceed the associated
System Operating Limit.
Total Transfer
Capability
[Archive]
TTC 2/8/2005 3/16/2007 The amount of electric power that can be moved or
transferred reliably from one area to another area of the
interconnected transmission systems by way of all
transmission lines (or paths) between those areas under
specified system conditions.
Transaction
[Archive]
2/8/2005 3/16/2007 See Interchange Transaction.
Transfer Capability
[Archive]
2/8/2005 3/16/2007 The measure of the ability of interconnected electric
systems to move or transfer power in a reliable manner
from one area to another over all transmission lines (or
paths) between those areas under specified system
conditions. The units of transfer capability are in terms of
electric power, generally expressed in megawatts (MW).
The transfer capability from Area A to Area B is not
generally equal to the transfer capability from Area B to
Area A.


Continent-wide
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
Transfer Distribution
Factor
[Archive]
2/8/2005 3/16/2007 See Distribution Factor.
Transmission
[Archive]
2/8/2005 3/16/2007 An interconnected group of lines and associated equipment
for the movement or transfer of electric energy between
points of supply and points at which it is transformed for
delivery to customers or is delivered to other electric
systems.
Transmission
Constraint
[Archive]
2/8/2005 3/16/2007 A limitation on one or more transmission elements that may
be reached during normal or contingency system
operations.
Transmission
Customer
[Archive]
2/8/2005 3/16/2007 1. Any eligible customer (or its designated agent) that can
or does execute a transmission service agreement or can
or does receive transmission service.
2. Any of the following responsible entities: Generator
Owner, Load-Serving Entity, or Purchasing-Selling Entity.
Transmission Line
[Archive]
2/7/2006 3/16/2007 A system of structures, wires, insulators and associated
hardware that carry electric energy from one point to
another in an electric power system. Lines are operated at
relatively high voltages varying from 69 kV up to 765 kV,
and are capable of transmitting large quantities of electricity
over long distances.
[Archive]
TOP 2/8/2005 3/16/2007 The entity responsible for the reliability of its local
transmission system, and that operates or directs the
operations of the transmission facilities.


Continent-wide
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
Area
[Archive]
08/22/2008 11/24/2009 The collection of Transmission assets over which the
Transmission Operator is responsible for operating.
Transmission Owner
[Archive]
TO 2/8/2005 3/16/2007 The entity that owns and maintains transmission facilities.
[Archive]
TP 2/8/2005 3/16/2007 The entity that develops a long-term (generally one year
and beyond) plan for the reliability (adequacy) of the
interconnected bulk electric transmission systems within its
portion of the Planning Authority Area.
Transmission
Reliability Margin
[Archive]
TRM 2/8/2005 3/16/2007 The amount of transmission transfer capability necessary to
provide reasonable assurance that the interconnected
transmission network will be secure. TRM accounts for the
inherent uncertainty in system conditions and the need for
operating flexibility to ensure reliable system operation as
system conditions change.
Transmission
Reliability Margin
Implementation
Document
[Archive]
TRMID 08/22/2008 11/24/2009 A document that describes the implementation of a
Transmission Reliability Margin methodology, and provides
information related to a Transmission Operators calculation
of TRM.
[Archive]
2/8/2005 3/16/2007 Services provided to the Transmission Customer by the
Transmission Service Provider to move energy from a Point
of Receipt to a Point of Delivery.
Provider
[Archive]
TSP 2/8/2005 3/16/2007 The entity that administers the transmission tariff and
provides Transmission Service to Transmission Customers
under applicable transmission service agreements.


Continent-wide
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
Vegetation
[Archive]
2/7/2006 3/16/2007 All plant material, growing or not, living or dead.
Vegetation Inspection
[Archive]
2/7/2006 3/16/2007 The systematic examination of a transmission corridor to
document vegetation conditions.
[Archive]
11/3/2011 3/21/2013
(Becomes
inactive
6/30/14)
The systematic examination of vegetation conditions on a
Right-of-Way and those vegetation conditions under the
Transmission Owners control that are likely to pose a
hazard to the line(s) prior to the next planned maintenance
or inspection. This may be combined with a general line
inspection.
[Archive]

5/9/12 (Becomes
effective
7/1/14)
The systematic examination of vegetation conditions on a
Right-of-Way and those vegetation conditions under the
applicable Transmission Owners or applicable Generator
Owners control that are likely to pose a hazard to the
line(s) prior to the next planned maintenance or inspection.
This may be combined with a general line inspection.
Wide Area
[Archive]

2/8/2005 3/16/2007 The entire Reliability Coordinator Area as well as the critical
flow and status information from adjacent Reliability
Coordinator Areas as determined by detailed system studies
to allow the calculation of Interconnected Reliability
Operating Limits.
Year One
[Archive]
1/24/2011 11/17/2011 The first twelve month period that a Planning Coordinator or
a Transmission Planner is responsible for assessing. For an
assessment started in a given calendar year, Year One
includes the forecasted peak Load period for one of the
following two calendar years. For example, if a Planning
Assessment was started in 2011, then Year One includes
the forecasted peak Load period for either 2012 or 2013.


ReliabilityFirst Regional Definitions
The following definitions were developed for use in ReliabilityFirst Regional Standards.

RFC Regional
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
Resource Adequacy
[Archive]
08/05/2009 03/17/2011 The ability of supply-side and demand-side resources to meet
the aggregate electrical demand (including losses)
Net Internal
Demand
[Archive]
08/05/2009 03/17/2011 Total of all end-use customer demand and electric system
losses within specified metered boundaries, less Direct Control
Management and Interruptible Demand
Peak Period
[Archive]
08/05/2009 03/17/2011 A period consisting of two (2) or more calendar months but
less than seven (7) calendar months, which includes the
period during which the responsible entitys annual peak
demand is expected to occur
Wind Generating
Station
[Archive]
11/03/2011 A collection of wind turbines electrically connected together
and injecting energy into the grid at one point, sometimes
known as a Wind Farm.
Year One
[Archive]
08/05/2009 03/17/2011 The planning year that begins with the upcoming annual Peak
Period


NPCC Regional Definitions
The following definitions were developed for use in NPCC Regional Standards.

NPCC Regional
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
Current Zero Time
[Archive]
11/04/2010 10/20/2011 The time of the final current zero on the last phase to
interrupt.
Generating Plant
[Archive]
11/04/2010 10/20/2011 One or more generators at a single physical location whereby
any single contingency can affect all the generators at that
location.


WECC Regional Definitions
The following definitions were developed for use in WECC Regional Standards.

WECC Regional
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
Area Control Error
[

Archive]
ACE 3/12/2007 6/8/2007 Means the instantaneous difference between net actual and
scheduled interchange, taking into account the effects of
Frequency Bias including correction for meter error.
Automatic
Generation Control

[Archive]
AGC 3/12/2007 6/8/2007 Means equipment that automatically adjusts a Control Areas
generation from a central location to maintain its interchange
schedule plus Frequency Bias.
Automatic Time
Error Correction
[Archive]
3/26/2008 5/21/2009 A frequency control automatic action that a Balancing Authority
uses to offset its frequency contribution to support the
Interconnections scheduled frequency.
Automatic Time
Error Correction
[Archive]
12/19/2012 The addition of a component to the ACE equation that modifies
the control point for the purpose of continuously paying back
Primary Inadvertent Interchange to correct accumulated time
error.
Average
Generation

[Archive]
3/12/2007 6/8/2007 Means the total MWh generated within the Balancing Authority
Operators Balancing Authority Area during the prior year
divided by 8760 hours (8784 hours if the prior year had 366
days).
Business Day

[Archive]
3/12/2007 6/8/2007 Means any day other than Saturday, Sunday, or a legal public
holiday as designated in section 6103 of title 5, U.S. Code.


WECC Regional
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
Commercial
Operation
[Archive]
10/29/2008 4/21/2011 Achievement of this designation indicates that the
Generator Operator or Transmission Operator of the
synchronous generator or synchronous condenser has received
all approvals necessary for operation after completion of initial
start-up testing.
Contributing
Schedule
[Archive]
2/10/2009 3/17/2011 A Schedule not on the Qualified Transfer Path between a
Source Balancing Authority and a Sink Balancing Authority that
contributes unscheduled flow across the Qualified Transfer
Path.
Dependability-
Based Misoperation
[Archive]
10/29/2008 4/21/2011 Is the absence of a Protection System or RAS operation when
intended. Dependability is a component of reliability and is the
measure of a devices certainty to operate when required.
Disturbance

[Archive]
3/12/2007 6/8/2007 Means (i) any perturbation to the electric system, or (ii) the
unexpected change in ACE that is caused by the sudden loss of
generation or interruption of load.


WECC Regional
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
Extraordinary
Contingency

[Archive]

3/12/2007 6/8/2007 Shall have the meaning set out in Excuse of Performance,
section B.4.c.
language in section B.4.c:
means any act of God, actions by a non-affiliated third party,
labor disturbance, act of the public enemy, war, insurrection,
riot, fire, storm or flood, earthquake, explosion, accident to or
breakage, failure or malfunction of machinery or equipment, or
any other cause beyond the Reliability Entitys reasonable
control; provided that prudent industry standards (e.g.
maintenance, design, operation) have been employed; and
provided further that no act or cause shall be considered an
Extraordinary Contingency if such act or cause results in any
contingency contemplated in any WECC Reliability Standard
(e.g., the Most Severe Single Contingency as defined in the
WECC Reliability Criteria or any lesser contingency).
Frequency Bias

[Archive]
3/12/2007 6/8/2007 Means a value, usually given in megawatts per 0.1 Hertz,
associated with a Control Area that relates the difference
between scheduled and actual frequency to the amount of
generation required to correct the difference.
Functionally
Equivalent
Protection System
[Archive]
FEPS 10/29/2008 4/21/2011 A Protection System that provides performance as follows:
Each Protection System can detect the same faults within the
zone of protection and provide the clearing times and
coordination needed to comply with all Reliability Standards.
Each Protection System may have different components and
operating characteristics.
Functionally
Equivalent RAS
[Archive]
FERAS 10/29/2008 4/21/2011 A Remedial Action Scheme (RAS) that provides the same
performance as follows:
Each RAS can detect the same conditions and provide


WECC Regional
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
mitigation to comply with all Reliability Standards.
Each RAS may have different components and operating
characteristics.
Generating Unit
Capability

[Archive]
3/12/2007 6/8/2007 Means the MVA nameplate rating of a generator.
Non-spinning
Reserve

[Archive]
3/12/2007 6/8/2007 Means that Operating Reserve not connected to the system but
capable of serving demand within a specified time, or
interruptible load that can be removed from the system in a
specified time.
Normal Path
Rating

[Archive]
3/12/2007 6/8/2007 Is the maximum path rating in MW that has been demonstrated
to WECC through study results or actual operation, whichever
is greater. For a path with transfer capability limits that vary
seasonally, it is the maximum of all the seasonal values.
Operating Reserve

[Archive]
3/12/2007 6/8/2007 Means that capability above firm system demand required to
provide for regulation, load-forecasting error, equipment forced
and scheduled outages and local area protection. Operating
Reserve consists of Spinning Reserve and Nonspinning
Reserve.
Operating Transfer
Capability Limit

[Archive]
OTC 3/12/2007 6/8/2007 Means the maximum value of the most critical system
operating parameter(s) which meets: (a) precontingency
criteria as determined by equipment loading capability and
acceptable voltage conditions, (b) transient criteria as
determined by equipment loading capability and acceptable
voltage conditions, (c) transient performance criteria, and (d)
post-contingency loading and voltage criteria.


WECC Regional
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
Primary
Inadvertent
Interchange
[Archive]
3/26/2008 5/21/2009 The component of area (n) inadvertent interchange caused by
the regulating deficiencies of the area (n).
Qualified
Controllable Device
[Archive]
2/10/2009 3/17/2011 A controllable device installed in the Interconnection for
controlling energy flow and the WECC Operating Committee
has approved using the device for controlling the USF on the
Qualified Transfer Paths.
Qualified Transfer
Path
[Archive]
2/10/2009 3/17/2011 A transfer path designated by the WECC Operating Committee
as being qualified for WECC unscheduled flow mitigation.
Qualified Transfer
Path Curtailment
Event
[Archive]
2/10/2009 3/17/2011 Each hour that a Transmission Operator calls for Step 4 or
higher for one or more consecutive hours (See Attachment 1
IRO-006-WECC-1) during which the curtailment tool is
functional.
Relief Requirement
[Archive]
2/10/2009 3/17/2011 The expected amount of the unscheduled flow reduction on the
Qualified Transfer Path that would result by curtailing each Sink
Balancing Authoritys Contributing Schedules by the
percentages listed in the columns of WECC Unscheduled Flow
Mitigation Summary of Actions Table in Attachment 1 WECC
IRO-006-WECC-1.
Secondary
Inadvertent
Interchange
[Archive]
3/26/2008 5/21/2009 The component of area (n) inadvertent interchange caused by
the regulating deficiencies of area (i).
Security-Based
Misoperation
10/29/2008 4/21/2011 A Misoperation caused by the incorrect operation of a
Protection System or RAS. Security is a component of reliability


WECC Regional
Term
Acronym
BOT
Approved
Date
FERC
Approved
Date
Definition
[Archive] and is the measure of a devices certainty not to operate
falsely.
Spinning Reserve

[Archive]
3/12/2007 6/8/2007 Means unloaded generation which is synchronized and ready to
serve additional demand. It consists of Regulating reserve and
Contingency reserve (as each are described in Sections B.a.i
and ii).
Transfer
Distribution Factor
[Archive]
TDF 2/10/2009 3/17/2011 The percentage of USF that flows across a Qualified Transfer
Path when an Interchange Transaction (Contributing Schedule)
is implemented. [See the WECC Unscheduled Flow Mitigation
Summary of Actions Table (Attachment 1 WECC IRO-006-
WECC-1).]
WECC Table 2

[Archive]
3/12/2007 6/8/2007 Means the table maintained by the WECC identifying those
transfer paths monitored by the WECC regional Reliability
coordinators. As of the date set out therein, the transmission
paths identified in Table 2 are as listed in Attachment A to this
Standard.

Endnotes

FERC approved the WECC Tier One Reliability Standards in the Order Approving Regional Reliability Standards for the Western Interconnection and Directing Modifications, 119
FERC 61,260 (June 8, 2007). In that Order, FERC directed WECC to address the inconsistencies between the regional definitions and the NERC Glossary in developing permanent
replacement standards. The replacement standards designed to address the shortcomings were filed with FERC in 2009.
NERC Reliability Standards Complete Set Page 1 of 13
Change History
NERC Reliability Standards Complete Set Change History Table

Date Standard Requirement Change that was made
7/9/13

Glossary of Terms replaced with the
updated version
7/1/13
EOP-005-2, EOP-006-2, &
EOP-008-1

Updated VRFs and VSLs based on June
24, 2013 approval.
7/1/13
EOP-001-0.1b, EOP-005-
1, EOP-006-1, EOP-008-0,
EOP-009-0 & VAR-002-
1.1b
Retired Removed
6/20/13
EOP-004-2, TPL-003-0b,
TPL-004-0a & VAR-001-3
FERC Approved Added
6/20/13
TPL-003-0a & TPL-004-0
Retired Removed
6/10/13 TOP-007-WECC-1
Modified the VRF for Requirement R1
from "Medium" to "High" and the VRF for
Requirement R2 from "Low" to "Medium"
5/13/13 PRC-024-1

NERC BOT Approved Added
5/13/13
updated version
5/13/13 IRO-001-2
Retired Removed
Change History
5/13/13 CIP-007-3 & CIP-007-4
The version number was updated to
(CIP-007-3a & CIP-007-4a) to
incorporate the approved interpretation
that should have previously been
appended.
5/13/13 FAC-003-2
Board of Trustees adopted the
modification of the VRF for Requirement
R2 of FAC-003-2 by raising the VRF from
Medium to High.
4/23/13 PER-002-0 & PER-004-1
Retired Removed
4/17/13 VAR-002-2b

FERC Approved Added

4/9/13 MOD-027-1 Footnote Update
4/5/13 TOP-006-3
Updated Rapid revision to
accommodate interpretation request for
Requirements R1.2 & R3. Updates
made to the VSL table.
4/5/13 PRC-006-SERC-01
Updated Modified the Rationale and
changed the VRF for Requirement R6
from Medium to High per a
compliance filing (Filed on 3/11/13)
4/5/13 FAC-003-2
FERC Approved Added
updated version
4/5/13
CIP-002-3a, CIP-002-4a,
CIP-006-3d & CIP-006-4d
Removed FERC remanded these
interpretations in an order issued on
3/21/13
Change History
4/5/13 CIP-002-3b
Updated FERC Order issued
remanding interpretation of R3 for Duke
Energy; interpretation removed from
standard (previously Appendix 1)
4/1/13 FAC-012-1 & FAC-013-1
Retired Removed
4/1/13
updated version
3/12/13 BAL-003-1
Updated the standard to include
Attachment A.
3/08/13 CIP-002-4b
Removed (CIP-002-4b was removed
because the interpretation of R1.2.5 was
inadvertently appended to the standard
and does not apply to version 4 of CIP-
002.)

3/01/13 PRC-006-NPCC-1 FERC Approved Added
2/15/13 Various standards
Updated requirements and associated
elements approved by NERC Board of
Trustees for retirement as part of the
Paragraph 81 project (Project 2013-02)
pending applicable regulatory approval.
2/15/13
BAL-003-1, CIP-002-3b,
CIP-002-4b, IRO-006-
WECC-2, MOD-025-2,
MOD-026-1, MOD-027-1,
PRC-019-1, TPL-001-3,
TPL 001 4 TPL 002 2b

updated version
1/30/13
CIP-004-5, CIP-005-5,
CIP-006-5, CIP-007-5,
CIP-008-5, CIP-009-5,
CIP-010-1& CIP-011-1
Updated the standards by moving the
Reference to Prior Version and Change
Rationale to the Rationale section of the
standard.
Change History
1/11/13
updated version
1/9/13 PRC-006-SERC01 FERC Approved Added
01/03/13 FAC-008-1 & FAC-009-1 Retired Removed
12/21/12
BAL-001-1 & BAL-004-
WECC-02
updated version
12/21/12 PRC-004-1a Retired Removed
12/13/12 CIP-004-3a & CIP-004-4a
FERC Letter Order issued on December
12, 2012, approving the Interpretation of
R2 R3 and R4

12/3/12

CIP-002-5, CIP0035,

updated version
11/19/12 PRC-006-1
FERC Letter Order issued on November
9, 2012, accepting the modification of the
VRF in R5 from (Medium to High) and
the modification of the VSL language in
R8.

11/15/12
BAL-002-WECC-2, BAL-
002-1a, COM-001-2,
COM-002-3, EOP-004-2,
PRC-005-2, PRC-006-

11/7/12 BAL-002-WECC-1
Retired Removed (Remanded in
FERC Order, effective November 26,
2010)
11/7/12 MOD-025-RFC-01
Retired Removed (The NERC BOT
withdrew its approval of this standard at
its meeting on November 7, 2012)
10/19/12
updated version
Change History
10/17/12 EOP-005-2 & EOP-006-2
Updated the standard to remove the
VRFs and VSLs, as they are not yet
FERC approved.
10/15/12
updated version

10/3/12
PER-003-0

Retired Removed
9/27/12 TOP-003-1
Updated the standard to remove the
VSLs, as they are not yet FERC
approved.
9/20/12
updated version
9/20/12
BAL-005-0.2b, EOP-001-
0.1b, EOP-001-2.1b, EOP-
002 3 1 IRO 00 3 1

FERC Approved Added

9/20/12 PRC-001-2
Capitalized Protection System to conform
with errata changes made in PRC-001-
1.1

8/20/12

IRO-001-3 & VAR-002-2b


8/20/12
BAL-004-1

Retired Removed (The NERC BOT
withdrew its approval of this standard at

7/30/12
CIP-004-3a & CIP-004-4a
7/18/12 BAL-502-RFC-02, EOP-

Updated the FERC Order date in the

7/17/12 IRO-010-1a
version history table
7/6/12 FAC-003-3
Removed Regional Entity from the title
of 1.2 of the Compliance section and
corrected the headings of Table 2, page
3
7/6/12 FAC-003-2
Corrected the Compliance section of the
proposed standard per NERCs 4/24/12
Errata filing
7/6/12
TPL-001-1, TPL-002-1b,
TPL-003-1a, TPL-004-1
Retired Removed (Remanded in
4/19/12 FERC Order, effective 7/6/12)
6/26/12 TPL-002-0b
version history table
Change History
6/7/12 PRC-001-2 NERC BOT Approved Added
6/4/12 IRO-006-TRE-1 FERC Approved Added
6/1/12 FAC-008-3
FERC Order issued directing the VRF for
Requirement R2. be changed from
Lower to Medium
6/1/12 FAC-013-2
FERC Order issued directing the VRFs
for Requirement R1. and R4. be changed
from Lower to Medium.
FERC Order issued correcting the High
and Severe VSL language for R1.
5/31/12 FAC-003-3
Corrected footnote references throughout
the standard.
5/25/12 FAC-003-3
Glossary of Terms also replaced with the
updated version
5/16/12 EOP-003-2 & PRC-006-1 FERC Approved Added
5/14/12
CIP-002-3a, CIP-002-4a,
PRC-005-1.1b, TOP-001-
2, TOP-002-3, TOP-003-2,
VAR-001-3 NERC BOT Approved Added
5/8/12
TPL-001-1, TPL-002-1b,
TPL-003-1a, & TPL-004-1
Updated the version history for TPL-001-
1, TPL-002-1b, TPL-003-1a, & TPL-004-
1 due to FERC Order issuing a remand
(order becomes effective July 6, 2012).
5/3/12
CIP-002-4, CIP-003-4,
CIP-004-4, CIP-005-4a,
CIP-006-4c, CIP-007-4,
CIP-008-4, & CIP-009-4
FERC Approved Added

5/2/12 BAL-002-0 Retired Removed
5/2/12 IRO-006-WECC-1
Updated the requirements to R1. and R2.
4/12/12 PRC-005-1b
Added footnote to Interpretation b to note
that the interpretation will be superseded
when the modified definition of Protection
System becomes effective.
4/12/12
NUC-001-2.1, PRC-001-
1.1, & TOP-002-2.1b
Errata Standards Committee Approved
Added (NUC-001-2.1 & PRC-001-1.1).
TOP-002-2.1b- Additional errata adopted
by Standards Committee; (Deleted
language from retired sub-requirement
from Measure M7).
Change History
3/29/12 PRC-023-2
FERC Approved Added

3/29/12
BAL-005-0.1b, BAL-005-
0.2b & EOP-001-2.1b,
MOD-016-1.1, MOD-017-
0.1, MOD-019-0.1, PRC-
016-0.1,TPL-001-0.1
Updated the version history for BAL-005-
0.1b, BAL-005-0.2b, MOD-016-1.1,
MOD-017-0.1, MOD-019-0.1, PRC-016-
0.1 and TPL-001-0.1 to remove the
reference to the footer.
The version history was also updated for
EOP-001-2.1b to correct the version for
the errata entry.
3/22/12 Interpretations & Errata
Removed footers from all interpretations
and errata to avoid confusion regarding
what the BOT adoption date pertains to
(going forward, footers will no longer be
included in reliability standards)
3/20/12
BAL-005-0.2b, EOP-001-
0.1b, EOP-001-2.1b, EOP-
002-3.1, IRO-005-3.1a,
PER-001-0.2, TOP-002-
2.1b Standards Committee Approved - Added
3/14/12 PRC-005-1a
All Requirements
and Sub-
requirements Retired Removed
3/8/12 CIP-006-4c
Updated the footer to include the Board
Approval dates and updated the lettering.
3/8/12 IRO-005-3a
Updated the footer to include the Board
Approval dates and updated the version
history.
3/8/12 BAL-STD-002-0 Updated the Header
3/8/12 CIP-006-3d & CIP-006-4d
Added footer to include Board Approval
dates & removed unnecessary lettering.
2/28/12 EOP-001-0b
Removed footnote in Appendix 2. This
footnote was prematurely added and the
error in the Appendix will be corrected
through an errata. The footer was also
updated to include the BOT adoption
dates of the standard and the
interpretations.
2/28/12 TOP-002-2b
Added FERC Approved language back
in to the effective date section. This
language is an error that was
prematurely deleted and will be corrected
through an errata. The footer was also
updated to include the BOT adoption
dates of the standard and the
Change History
interpretations.
2/27/12 PRC-005-1b
All Requirements
and Sub-
requirements
FERC Approved Added

2/22/12 EOP-007-0
All Requirements
and Sub-
requirements Withdrawn Removed
2/22/12
CIP-006-3d, CIP-006-4d,
COM-002-2a, FAC-001-1,
MOD-028-2, PRC-004-
2.1a, PRC-006-NPCC-1
All Requirements
and Sub-
requirements NERC BOT Approved Added
2/8/12
Replaced the Glossary of Terms with the
updated version
01/12/11
updated version
01/12/11
EOP-001-2b
EOP-001-2
All Requirements
and Sub-
requirements
FERC Approved Added
Retired Removed
01/12/11
EOP-001-0b
EOP-001-0
All Requirements
and Sub-
requirements
FERC Approved Added
Retired Removed
12/13/11
updated version
12/13/11 FAC-008-3, FAC-013-2
All Requirements
and Sub-
requirements FERC Approved Added
12/13/11
FAC-003-2, MOD-025-
RFC-01, PRC-006-SERC-
01, IRO-006-TRE-1
All Requirements
and Sub-
12/13/11 TOP-001-1
All Requirements
and Sub-
10/26/11
updated version
10/26/11
TOP-002-2a, PRC-002-
NPCC-01
All Requirements
and Sub-
10/26/11 TPL-002-0a, TOP-002-2a
All Requirements
and Sub-
10/26/11 PRC-006-1
Updated to correct formatting of chart in
Change History
Attachment 1
10/10/11
PRC-004-2a
PRC-004-2
All Requirements
and Sub-
requirements
FERC Approved Added
Retired Removed
10/10/11
PRC-005-1a
PRC-005-1
All Requirements
and Sub-
requirements
FERC Approved Added
Retired Removed
10/10/11
PRC-004-1a
PRC-004-1
All Requirements
and Sub-
requirements
FERC Approved Added
Retired Removed
10/10/11 PER-003-1
All Requirements
and Sub-
10/03/11 IRO-006-EAST-1
Updated to remove the section including
definitions used in the standard
(consistent with the version posted on
the Reliability Standards page)
10/03/11 CIP-006-3c, CIP-006-4c
All Requirements
and Sub-
requirements
Updated version history and order of
interpretations
10/03/11
CIP-001-1a, EOP-002-2.1,
FAC-002-0, IRO-002-1,
IRO-004-1, IRO-005-2a,
PRC-STD-001-1, PRC-
STD-003-1, TOP-003-0,
TOP-005-1.1a, TOP-006-
1, VAR-001-1
All Requirements
and Sub-
09/27/11 TOP-001-1a, TPL-002-0b
All Requirements
and Sub-
08/18/11
IRO-001-2, IRO-002-3,
IRO-005-4, IRO-014-2,
TPL-001-2
All Requirements
and Sub-
08/18/11 EOP-001-0b, EOP-001-2b
All Requirements
and Sub-
requirements
(previously missing from the complete
set)
08/18/11 IRO-010-1
All Requirements
and Sub-
08/11/11 TOP-001-1a
All Requirements
and Sub-
requirements
set)
08/05/11
BAL-002-WECC-1, BAL-
004-1, BAL-004-WECC-

Footers updated to include/correct NERC
Change History
01, BAL-STD-002-0, CIP-
006-3c, FAC-501-WECC-
1, PRC-001-1, PRC-002-
NPCC-01, PRC-004-
WECC-1, PRC-STD-001-
1, PRC-STD-003-1, TOP-
007-WECC-1, VAR-002-
WECC-1, VAR-501-
WECC-1
BOT approval dates
08/05/11 CIP-001-2a
All Requirements
and Sub-
08/04/11
updated version
07/20/11
PRC-023-2, FAC-008-3,
PRC-002-NPCC-01, CIP-
001-2a, TOP-002-2b
All Requirements
and Sub-
requirements
set)
07/20/11 EOP-001-2, IRO-004-2
All Requirements
and Sub-
07/20/11 EOP-001-1
All Requirements
and Sub-
07/19/11 BAL-003-0.1b
Version history updated to be consistent
with prior versions
07/01/11
updated version
07/01/11
TOP-STD-007-0, PRC-
STD-005-1, VAR-STD-
002a-1, VAR-STD-002b-1,
IRO-006-4.1, IRO-STD-
006-0
All Requirements
and Sub-
05/26/11
updated version
05/26/11 IRO-005-3a, TOP-005-2a
All Requirements
and Sub-
requirements
Updated IRO-005-3 and TOP-005-2 to
include FERC Approved Interpretation
05/26/11 TOP-005-1.1, IRO-005-2
All Requirements
and Sub-
05/19/11 CIP-005-4a, CIP-006-4c
All Requirements
and Sub-
requirements
Updated CIP-005-4 and CIP-006-4 to
include FERC Approved Interpretations
Change History
05/05/11
EOP-008-1, FAC-501-
WECC-1, IRO-005-2a,
IRO-006-5, IRO-006-
EAST-1, PRC-004-WECC-
1, TOP-005-1.1a, TOP-
007-WECC-1, VAR-002-
WECC-1, VAR-501-
WECC-1
All Requirements
and Sub-
04/14/11 CIP-005-2a, CIP-005-3
All Requirements
and Sub-
requirements Removed
04/14/11
CIP-005-3a, EOP-005-2,
EOP-006-2, IRO-005-3,
TOP-005-2
All Requirements
and Sub-
04/08/11
Multiple Standards added and removed
to make the Complete Set of Reliability
Standards current (specific changes will
be noted again going forward)

Glossary of Terms also replaced with the
updated version
06/01/10
CIP Version 1 Standards
MOD-001-0 thru MOD-
005-0, MOD-008-0, MOD-
009-0, and MOD-030-1
All Requirements
and Sub-
requirements Removed
05/03/10 FAC-010-2.1
All Requirements
and Sub-
04/21/10
updated version
04/09/10 CIP-007-2a
All Requirements
and Sub-
04/09/10 PRC-023-1
All Requirements
and Sub-
04/09/10 CIP Version 3 Standards
All Requirements
and Sub-
12/03/09 TOP-002-2a
All Requirements
and Sub-
11/02/09 BAL-502-RFC-02
All Requirements
and Sub-
Change History
requirements
09/14/09
EOP-001-2
EOP-005-2
EOP-006-2
NUC-001-2
All Requirements
and Sub-
05/20/09
Inserted Change History to End of
Complete Set
05/20/09
CIP-002-2 through CIP-
009-2
All Requirements
and Sub-
05/20/09 IRO-006-4.1
All Requirements
and Sub-
05/20/09 MOD-021-0.1
All Requirements
and Sub-
05/20/09 PER-001-0.1
All Requirements
and Sub-
05/20/09 TPL-006-0.1
All Requirements
and Sub-
05/20/09
BAL-001-0.1a
BAL-001-0a
All Requirements
and Sub-
requirements
FERC Approved Added
Retired Removed
05/20/09
BAL-003-0.1b
BAL-003-0a
All Requirements
and Sub-
requirements
FERC Approved Added
Retired Removed
05/20/09
BAL-005-0.1b
BAL-005-0b
All Requirements
and Sub-
requirements
FERC Approved Added
Retired Removed
05/20/09
COM-001-1.1
COM-001-1
All Requirements
and Sub-
requirements
FERC Approved Added
Retired Removed
05/20/09
EOP-002-2.1
EOP-002-2
All Requirements
and Sub-
requirements
FERC Approved Added
Retired Removed
05/20/09
IRO-001-1.1
IRO-001-1
All Requirements
and Sub-
requirements
FERC Approved Added
Retired Removed
05/20/09 MOD-006-0.1
All Requirements
FERC Approved Added
Change History
MOD-006-0 and Sub-
requirements
Retired Removed
05/20/09
MOD-016-1.1
MOD-016-1
All Requirements
and Sub-
requirements
FERC Approved Added
Retired Removed
05/20/09
MOD-017-0.1
MOD-017-0
All Requirements
and Sub-
requirements
FERC Approved Added
Retired Removed
05/20/09
MOD-019-0.1
MOD-019-0
All Requirements
and Sub-
requirements
FERC Approved Added
Retired Removed
05/20/09
PRC-016-0.1
PRC-016-0
All Requirements
and Sub-
requirements
FERC Approved Added
Retired Removed
05/20/09
TOP-005-1.1
TOP-005-1
All Requirements
and Sub-
requirements
FERC Approved Added
Retired Removed
05/20/09
TPL-001-0.1
TPL-001-0
All Requirements
and Sub-
requirements
FERC Approved Added
Retired Removed
05/20/09
VAR-002-1.1a
VAR-002-1a
All Requirements
and Sub-
requirements
FERC Approved Added
Retired Removed

RSCompleteSet PDF

Transféré par

Informations du document

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

RSCompleteSet PDF

Transféré par

Droits d'auteur :

Formats disponibles

3353 Peachtree Road NE

Suite 600, North Tower

= when operating in Automatic Time Error Correction control mode.

Standard BAL-003-1 Frequency Response and Frequency Bias Setting

Guidelines and Technical Basis

Standard CIP0053a Cyber Security Electronic Security Perimeter(s)

Standard CIP-006-3c Cyber Security Physical Security

Standard CIP0073a Cyber Security Sys tems Security Management

N/A N/A TheResponsibleEntity

3 12/16/09 ApprovedbytheNERCBoardofTrustees. Update

5 11/26/12 AdoptedbytheNERCBoardofTrustees. Modifiedto

Standard COM-001-1.1 Telecommunications

1. Title: Qualified Transfer Path Unscheduled Flow (USF) Relief

1.4. Additional Compliance Information:

Version Date Action ChangeTracking

Standard IRO-008-1 Reliability Coordinator Operational Analys es and Real-time As s es s ments

Standard TPL-005-0 Regional and Interregional Self-Assessment Reliability Reports

Vous aimerez peut-être aussi