Regulatory & Compliance Qualifications. Qualifications

Transcription

1 Prepared by: Contact: Quanta Technology, LLC Bryan Rushing 4020 Westchase Blvd., Suite 300 Raleigh, NC (919) office (636) cell

2 CONFIDENTIAL/PROPRIETARY: This document contains trade secrets and/or proprietary, commercial or financial information not generally available to the public. It is considered privileged and proprietary to the Offeror, and is submitted by Quanta Technology LLC in confidence with the understanding that its contents are specifically exempted from disclosure under the Freedom of Information Act [5 USC Section 552 (b) (4)] and shall not be disclosed by the recipient [whether it be Government (local, state, federal, or foreign), private industry or non-profit organization] and shall not be duplicated, used or disclosed, in whole or in part, for any purpose except to the extent in which portions of the information contained in this document are required to permit evaluation of this document, without the expressed written consent of the Offeror. If a contract is awarded to this Offeror as a result of, or in connection with, the submission of this data, the right to duplicate, use or disclose the data is granted to the extent provided in the contract. 2

3 Executive Summary Quanta Technology is pleased to offer these qualifications and reference projects in the area of operational and programmatic compliance with both national and regional reliability standards. Quanta Technology embraces the philosophy of sustainability and reliability, and commits to plan and implement projects using technology and practices that are progressive, renewable and cost effective. This document contains a summary of the Quanta Technology, LLC ("Quanta Technology") qualifications to assist electric utilities, energy companies and reliability organizations with issues related to Regulatory Services, including NERC Electric Reliability Organization ("ERO") and Regional Reliability Organization ("RRO") Compliance Services. This document includes information about our key personnel credentials and a summary of related projects previously performed by the Quanta Technology staff. Quanta Technology is a subsidiary of Quanta Services, Inc., an S&P 500 member company. Our experts have worked closely with every major utility in North America and many around the world. The breadth and depth of our technical knowledge, coupled with an intimate understanding of business drivers, allows our engagement teams to consistently identify ways to reduce cost, improve reliability and better manage risk throughout organizations. Our experts at Quanta Technology have considerable experience related to infrastructure planning, engineering and construction, and the impact these have on an organization's business. 3

4 NERC as the ERO With the passage of the Energy Policy Act of 2005, an Electric Reliability Organization (ERO) was created to develop and enforce compliance with mandatory reliability standards in the U.S. under the jurisdiction of the Federal Energy Regulatory Commission (FERC). This non-governmental, "self-regulatory organization" was created in recognition of the interconnected and international nature of the bulk power grid. In 2006, the North American Electric Reliability Corporation (NERC) applied for, and was granted, this designation. NERC delegates much of the monitoring and enforcement authority to the eight Regional Entities through FERC approved delegation agreements. Today, NERC's reliability standards are mandatory and enforceable in the United States and in several provinces in Canada. Entities in the U.S. found to be in violation of a standard can be subject to fines of up to $1 million per day, per violation. In Canada the penalties depend on the provincial regulations in place. All bulk power system owners, operators and users must comply with approved NERC reliability standards. Those portions of the NERC Rules of Procedure approved by FERC and Canadian regulators also apply to bulk power system owners, operators and users. These entities are required by the Energy Policy Act of 2005 and FERC regulations to register with NERC through the appropriate Regional Entity. Should the entity fail to register, NERC or its Regional Entity may dictate and include the entity in the compliance registry. NERC generally relies on the Regional Entities to monitor compliance and enforce the NERC standards with bulk power system owners, operators and users through approved delegation agreements. Regional Entities are responsible for monitoring compliance of the registered entities within their regional boundaries, assuring mitigation of all violations of approved reliability standards, and assessing penalties and sanctions for failure to comply. The Quanta Technology staff has been assisting utilities and generation companies with all aspects of compliance with the more than 100 NERC reliability standards and myriad of 1500 requirements, from program design to audit preparations. Quanta Technology also assists companies with compliance with the Critical Infrastructure Standards (CIP) adopted by NERC and approved by FERC. Quanta Technology Service Offerings Our team is comprised of industry experts with extensive utility and energy industry experience. We have a strong customer focus to ensure that our clients' objectives are fully and effectively met. Our service offerings are flexible so that they can be tailored to meet specific client objectives. Quanta Technology typically provides regulatory and compliance services to utilities, independent power producers and any registered NERC entity. Quite often our services are delivered to clients via their designated law firms in the form of specific technical expertise. Where Quanta Technology can provide constructive industry value, we may also provide services to regulatory and standard developing bodies. Perhaps, one of the most compelling values we bring to compliance matters is the capability of helping clients to resolve any variance in a manner that minimizes risk of an expensive and negative publicity from an undesirable settlement. 4

5 Compliance with the NERC Reliability Standards Corporate ERO Compliance Program Structure and Design Establishing an effective Corporate Compliance Program requires having a program that is auditable, manageable, sustainable, cost effective and traceable. We have the ability to help define our clients Corporate Policy Statements, Corporate Procedures, Corporate Process level design, IT and document platforms, Training and Communication Plans. Process Design Specific communications, duties, data sharing, recording keeping and so on are now required on specific timelines by ERO. Well-designed processes ensure employees know exactly what they should do to achieve compliance. We will assess existing processes, suggest changes and help implement changes to ensure compliance. Documentation Development To achieve auditable compliance, clear and concise documentation needs to be developed. We can develop easily understood, logically organized and accessible documentation for use by operators, engineers and planners. Corporate Program Audit Our corporate program audits are designed around the tests identified in the FERC Policy Statement on enforcement and in the NERC Reliability Assurance Initiative (RAI). We evaluate the appropriateness, comprehensiveness and effectiveness of organization s ERO Compliance Program. Our experts perform a gap analysis of program attributes against appropriate benchmarks (i.e., good utility practices, industry best practices). Commissioning Before a new element of the Bulk Electric System is placed into service, all reliability related compliance issues should be resolved and the Internal Compliance Program in place. Examples include new power plants, wind farms, control centers, etc. Our team will help coordinate the applicable testing, training, and documentation in order to demonstrate compliance on day one of operation and help establish the programs necessary to maintain compliance with the NERC Reliability Standards. Gap Analysis & Compliance Roadmap Our team of experts will assess a client s compliance program, processes, documentation and training to determine if gaps exist in achieving auditable compliance with the ERO Standards and Alerts, such as the Aurora security threat, and other focused requirements, such as updating transmission line rating records. We will then create, document and help implement (if desired) a roadmap to compliance. Engineering & Field Labor Assistance Quanta Technology can draw upon an extensive pool of engineering and field labor resources to assist in gathering and reporting asset "as is" condition information to support the assessment of assets required to be reported by NERC. Examples are Quanta Technology can mobilize and provide field personnel to assess condition of tower structures and associated power equipment, and we can mobilize energized transmission maintenance crews to gather line rating data without the delays for obtaining scheduled line outages to conduct work de-energized. Critical Infrastructure Protection (CIP) Critical Infrastructure Identification The CIP-002 standard currently requires registered entities to identify critical assets using a Risk-Based Assessment as a precursor to identifying critical cyber security assets. However, this standard does not specify a methodology. We can help our clients understand, select and implement the most effective method available for this effort. The recently approved CIP version 5 set of standards contains High, Medium and Low Impact categories that will include assets that may have previously not been included in a Risk-Based Assessment. 5

6 Audit Preparedness Practice Audit Quanta Technology will perform an on-site comprehensive review and assessment of a client s compliance program, processes, documentation and procedures. This effort is designed to emulate a NERC on-site audit and will identify areas for attention. Our team can also perform a simplified one or two day off-site review. This service is designed to assess the design of a client s compliance program and perform spot audits for compliance with randomly selected standards. Due Diligence Review of Self-Audits Self-audits are part of the NERC Enforcement and Compliance Program. However, self-audits inherently introduce a bias. Quanta Technology can perform an independent review of the self-audit as a helpful check on a client s self-assessment. Remediation Assistance Quanta Technology can help focus a client's remediation efforts to effectively address the audit team's concerns, including assistance for preparing remediation or mitigation plans that will meet the regulatory requirements. Additional Regulatory Support Services Event Analysis and Investigation Quanta Technology possesses subject matter experts in all areas of power system planning, design, operations, cyber security and critical infrastructure protection. This expertise and the first-hand knowledge of NERC s event analysis processes and the NERC and FERC compliance investigative processes, provides a unique perspective to assist with a company s self-analysis and investigation. NERC and FERC have expressed their view that those responsible for the planning, design and operation of the bulk power system have the responsibility to conduct such analyses and investigations. While NERC and/or FERC may conduct their own analysis and investigation, Quanta Technology can assist with preparation and support of such an analysis and investigation. Settlement Development and Risk Mitigation Settlement of reliability standards variances is often the most effective way to bring closure to the issue with a Regional Entity, NERC and FERC. Settlements can be structured to address the issues while neither admitting nor denying if a violation existed. Quanta Technology staff has extensive experience with the development of settlement agreements and navigating the settlement processes. Expert Witness and Testimony Quanta Technology's senior staff have provided expert testimony in numerous state and federal jurisdictions and can provide this service should it be required. Expert testimony can be required in hearings related to reliability standard compliance, certification of power system facilities, rate cases and investigation of system events. Due Diligence Reviews Quanta Technology has assisted a number of clients conduct due diligence reviews related to asset acquisition for compliance with the NERC reliability standards. This work provides the client with a clear understanding of the compliance risk prior to acquisition. Training On-site training is available on any of the NERC Reliability Standards and compliance program implementation. We can tailor the material to focus on any entity identified in the NERC Reliability Standards. 6

7 Selected Regulatory Project Experience The following is a list of selected regulatory compliance projects for which the Quanta Technology staff has assisted clients in recent years. Some projects were performed prior to the staff members joining Quanta Technology. More detailed descriptions and references are available upon request. NERC Compliance Organizational Design, Major Northeastern Utility Quanta Technology performed a compliance related staffing assessment for a major northeastern utility. Quanta Technology defined how the recommended new positions fit into the organization, identified the critical nature of the duties, and document the new positions task relationships to other positions within the organization. We also identified the critical work functions and the specific job responsibilities that supported each work function document. In addition, Quanta Technology also estimated the percentage of time allocated to each critical work function and specific job responsibilities for the new positions. Quanta Technology also developed job descriptions and the org chart for these positions. The project was based on early work documenting the compliance duty impacts on existing staff. The project also relied on additional interviews and data collection to supplement the earlier work. NERC Compliance Staff Assessment, Major Northeastern Utility The client desired an independent staff assessment to determine of the current and future staffing levels (based on forthcoming NERC standards) and distribution of duties relative to reliability standard compliance was adequate or optimal. Quanta Technology conducted staff interviews and administered an electronic survey to gain insight from current staff on the staffing level and distribution of duties. Compliance Program Review, Major Midwest Utility Quanta Technology performed a review of the documented Internal Compliance Program documentation in order to assess the effectiveness of the program relative to FERC guidance, change management mechanisms, training, and the attributes of the NERC Reliability Assurance Initiative. Compliance Program Plan, Major Eastern Utility Quanta Technology drafted a comprehensive compliance program plan to coordinate functions between operations and corporate compliance departments, facilitate change management, coordinate periodic self-reviews, and manage audit, self-reports and mitigation plans as may be required. Pre-Audit Support, ERCOT Transmission Owner Quanta Technology reviewed and streamlined applicable standards to assist the Transmission Owner (TO) prepare for ERCOT s audit in An assessment and review was done on the identified standards. Any identified gaps in evidence were closed by recommending mitigation strategies. Pre-Audit Review, Midwestern Utility Quanta Technology reviewed and commented upon the evidence set assembled for PRC-001, PRC-004, PRC-005, PRC-008 and VAR-002 for a Distribution Provider and a Generator Operator in the upper Midwest. Feedback was also provided on RSAW language in anticipation of a spring 2010 audit by RFC. NPCC Pre-Audit Assessment, Northeast Utility Generation Plants in NPCC Quanta Technology reviewed the organization s power plants within NPCC for compliance status as relates to all the applicable standards. The objective involved reviewing organization compliance program and developing mitigation actions as necessary. This included establishing goals for the audit team, identifying internal knowledge gaps on compliance, developing a training program to close those gaps and identifying all applicable standards. 7

8 Pre-Audit of Generation Plants within NPCC Quanta Technology simulated a pre-audit for the client with respect to its applicable Power Plants within the NPCC footprint. Quanta Technology reviewed compliance status of all applicable standards using the applicable NERC RSAWS. Developed mitigation actions as necessary before notice of table top audit was sent. Helped executives understand financial exposures and performed remediation to mitigate risks to the non-compliance gaps that were identified and developed a comprehensive compliance report summarizing compliance gaps and suggested mitigation actions. Critical Assessment Support in New England Quanta Technology reviewed relevant documents related to critical infrastructure in the northeast. Performed a survey of critical infrastructure assessment methodologies from peer organizations to evaluate how black-start capability is treated with respect to a Critical Infrastructure designation. Critical Cyber Asset Risk Based Assessment Quanta Technology has performed Risk Based Assessments for critical cyber asset identification for several clients since the approval of Version 3 of the CIP standards. These assessments included both flow based analysis for generator operational criticality and onsite inspections of cyber related equipment within the Electronic Security Perimeter (ESP). Critical Infrastructure Protection Mock Audit for Compliance, major Midwest Utility Quanta Technology performed a mock audit of evidence for compliance with the CIP standards. The project included identification of applicable requirements, assistance with completing the Reliability Standard Audit Worksheets (RSAWs), off site review of evidence and accompanying data requests for supplemental evidence, Subject Matter Expert interviews, guidance on audit and evidence strategy, and a final report with recommendations for improvement. Critical Infrastructure Protection, Identification of High, Medium and Low Impact Assets, Major Northeast Utility Quanta Technology executed a field review of transmission, generation and substation sites to assess and catalogue High, Medium and Low Impact cyber systems. This project was in preparation of the enforcement of the Version 5 CIP standards. NERC Standards Program Design, Utility in Northeast Quanta Technology designed and prepared a written manual of an Electric Reliability Organization ( ERO ) Compliance Program for the Utility. Quanta Technology reviewed the Utility s current processes and procedures with respect to applicable ERO. Identified any additional recommended processes and procedures to include in a corporate ERO compliance program and provided a written ERO Compliance Manual describing necessary policy, processes and procedures necessary to manage ERO compliance activities within the Utility from Executive Oversight and Legal, the Utility Compliance Program Manager to the applicable line organizations. System Restoration Plan, Utility in Northeast Quanta Technology assessed the initial cranking paths used to perform a bottom-up system restoration approach as required by NERC EOP-005 and the PJM M36 System Restoration Manual. Project included a regulatory assessment of requirements governing black start restoration processes, identified appropriate black start resources, identified initial cranking paths, performed EMTP and PSS/E transient studies to ensure the adequate performance of these paths, identified necessary steps to satisfy the restoration time requirements established by PJM, provide switching sequences for incorporation into the BGE system restoration plan, and tested relay action during the restoration sequences. ERO Compliance Program Design, Midwestern Utility Reviewed attributes of client's ERO compliance program, compared these attributes to a benchmark of best practices, identified gaps and improvement opportunities. Findings and recommendations were documented for follow up by the client. 8

9 ERO Compliance Program Audit, Midwestern Utility Quanta Technology provided an audit of the ERO Compliance Program for a utility in the MRO Region. This audit assessed the "presence and quality" of the ERO compliance program, performed a gap analysis against a benchmark of best practice in the area of program design, and assessed staffing levels necessary to effectively & efficiently implement the Program. Compliance Support, Midwestern Utility Prepared a Corporate Compliance Manual to formalize and document the process used by organization staff to manage compliance activities throughout the organization. This manual was based upon the template manual and processes developed by Quanta Technology. Additionally, Quanta Technology reviewed changes created by the organizations staff in response to the practice audit findings. Quanta Technology also provided assistance in designing and documenting mitigation steps and improvement actions identified in practice audit findings. Quanta Technology additionally, provided SME expertise to the organization for additional benchmarking, process refinement for NERC standard interpretation in preparation for the organization s upcoming audit. ERCOT RRO Pre-Audit Assessment, Large Independent Power Producer Quanta Technology performed a pre-audit for IPP's power plants within West Texas. Quanta Technology reviewed compliance status of all applicable standards using the applicable NERC RSAWS. Developed mitigation actions as necessary before notice of table top audit was sent. Helped executives understand financial exposures and performed remediation to mitigate risks to the non-compliance gaps that were identified and developed a comprehensive compliance report summarizing compliance gaps and suggested mitigation actions. Critical Infrastructure Support, Confidential Client In this Project Quanta Technology studied the impact of losing key generation stations on the ERCOT system under both normal and contingency operating conditions. Several recommendations were given based on the study results. ERO Compliance Project, Large Independent Power Producer For this project, the Quanta Technology team performed an entity assessment of a large, international Independent Power Producer ("IPP") and developed compliance procedures which established internal processes, protocols and record keeping systems that were necessary to achieve auditable compliance with the applicable regulatory approved standards. Quanta Technology also performed on-site, pre-audit review of power plant compliance records, processes and procedures to identify gaps and remediation actions required to achieve compliance. 9

10 Key Personnel The individuals listed in this section represent expertise in every area covered by the ERO Standards developed and administered by NERC. Bryan Rushing, Senior Director Transmission & Regulatory Bryan Rushing has more than 14 years of progressive technical, operational, problem solving and commercial experience in the power supply industry. He is skilled in identifying transmission and generation development opportunities, technical and economic valuation, strategy formulation and plan implementation. Bryan is very familiar with the Midwest regional transmission organizations, as well as, NERC and FERC given his years of service with Ameren and LS Power. Bryan is a Member of the Institute of Electrical and Electronics Engineers (IEEE). Thomas J. Gentile, PE, Vice President Transmission Eastern Region Tom Gentile has over 30 years of experience and proven leadership with transmission and distribution system planning, analysis, engineering, program/project management, and interfacing with RTOs/ISOs and regulatory agencies. He is intimately familiar with the New England and New York power system infrastructure, the requirements of the New England and New York ISOs, and The New York State Reliability Council (NYSRC), as well as, NERC, NPCC, NEPOOL, and FERC via his many years of service with National Grid. Tom has honed his knowledge transfer skills by many years of teaching power system analysis and design at the university level. He is a Senior Member of Power Engineering Society of the Institute of Electrical and Electronics Engineers (IEEE) where he is Chair of IEEE-USA Energy Policy Committee. Mr. Gentile is a Registered Professional Engineer in the Commonwealth of Massachusetts. Eric Udren, Executive Advisor Mr. Udren has more than 39 years of experience in design and application of protective relaying, control, and communications systems. In 1990, with ABB, he led the design of the first interface of a microprocessor protective relay to an optical current sensor for TVA. In 1996, he joined Eaton Electrical (Cutler-Hammer) in Pittsburgh, where he served as Engineering Manager for relays and metering. In 2004, Mr. Udren joined KEMA (US) as Senior Principal Consultant where he developed the technical strategy for some of the most progressive utility LAN-based substation protection and control upgrading programs using IEC and other data communications, including technical design for utility enterprise integration of substation information. In 2008, Mr. Udren joined Quanta Technology, LLC of Raleigh, NC as Executive Advisor, developing substation protection and control upgrading strategies for major North American utilities, relay application research and design, and new data communications applications. Mr. Udren is a Fellow of IEEE, Member of the IEEE Power System Relaying Committee (PSRC), Chair of two Standards Working Groups, and Vice Chair of the Relaying Communications Subcommittee. On two occasions, in 2001 and 2006, he received the PSRC Distinguished Service Award. He serves as Technical Advisor to the US National Committee of IEC for TC 95, Measuring Relays. He also serves as a U.S. Delegate to IEC TC 57 Working Group 10 responsible for IEC Eric serves on the NERC System Protection and Control Subcommittee, and the NERC Protection System Maintenance Standard Drafting Team. He has written and presented over 60 technical papers and chapters of books on relaying topics, and has taught courses on protection, control, communications, and integration. He holds 8 patents on relaying and power-system communications. He received his BSEE from Michigan State University in 1969, MSEE degree from New Jersey Institute of Technology in 1981, and the Certificate of Post-Graduate Study from Cambridge University (UK) in In 1969 he joined the Westinghouse Relay Division, where he developed software for the world s first computer-based relaying system. From 1978 to 1986, he supervised relaying and control software development for the EPRI-sponsored first development of a LAN-based integrated EHV substation protection and control system. 10

11 Bobbi Welch, Principal Advisor, Transmission & Regulatory Bobbi Welch, Principal Advisor, Transmission & Regulatory, is a project manager with extensive experience in the energy industry spanning regulated and deregulated business environments, wholesale and retail markets, generation, transmission and distribution, with an emphasis in developing new business units, collaborative work teams and start-up operations. Strong background in project management, process improvement, operations management and regulatory policy/nerc compliance. While at American Transmission Company, Bobbi led the functional compliance areas for System Operations and Asset Management and developed the company s first Risk-Based Assessment Methodology (RBAM) and Transmission Emergency Response Plan (TERP). Her areas of expertise are NERC Compliance (incl. emergency operations planning, system operator training), Transmission System Operations & Asset Management, and Project/Program Management & Process Improvement (Six Sigma) Lynda McGhie, Associate Consultant Lynda McGhie has over 25 years of experience in information technology and governance, cyber security, risk and compliance management, security engineering and architecture. She is a resourceful, practical, senior information technology and cyber security professional with extensive experience in energy, oil and gas and utilities. Ms. McGhie is currently specializing in Smart Grid Cyber Security and Critical Infrastructure Protection, including the development and implementation of cyber security programs, defensible security strategies and practical solutions to address complex cyber security solutions, balanced risk management and compliance programs with emphasis on NERC CIP, NIST and NISTIR control frameworks, HIPAA, SOX, GLBA, COBIT and PCI-DSS. Lynda is a proven thought leader who stays abreast of industry standards, best-of-practice technologies and best practices. For the last five years, she has been working with utilities in the area of Transmission and Distribution including Independent Systems Operators, Municipals, Advanced Metering Infrastructure (AMI), Synchrophasors (PMUs), Smart Grid and Critical Infrastructure. Bob Janusaitis, Associate Consultant Bob Janusaitis, NERC/CIP Consultant, has over 30 years of experience in risk management, including cyber security, information systems audit, information technology governance, disaster recovery/business continuity and emergency management. An innovative problem solver with experience spanning numerous industries/sectors, including energy, manufacturing, distribution, financial services, healthcare, critical infrastructure and key resources. Investigative research, straight talking, and a common sense business approach, is combined with a unique ability to rapidly assess issues and present a balanced set of solutions. John S.F. Lim, Associate Consultant John Lim has more than 29 years of experience in Information Technology and Operations Technology systems infrastructure planning, design and implementation in a large electric power, gas distribution and steam distribution environment. A Certified Information Systems Security Professional (CISSP), John has also developed and implemented enterprise and operations cybersecurity policy and programs. John is actively engaged in industry and Federal critical infrastructure protection initiatives. John Blazekovich, Associate Consultant John Blazekovich has over 38 years in the electric utility industry at Commonwealth Edison and its parent organization, Exelon, which included compliance management responsibility for NERC and regional entity audit preparation, related activities and a wealth of transmission system operations experience. Mr. Blazekovich also served on the NERC Compliance and Certification Committee (CCC) from as a member of the investor-owned utility segment, and was the past chair of the Standards Interface Subcommittee. This material is intended strictly as general information about Quanta Technology, LLC and does not constitute the basis of any design advice or contract. Copyright