Publications & Events
Alert

NERC Case Notes: Reliability Standard EOP-008-1

White & Case NERC Database
Click here to return to the main page at whitecase.com/nerc

 

Arlington Valley, LLC - AVBA, FERC Docket No. NP13-9 (December 31, 2012)

Reliability Standard: EOP-008-1

Requirement: 1

Violation Risk Factor: High

Violation Severity Level: Severe

Region: WECC

Issue: AVBA self-reported, as a TOP, that it did not have a sufficient plan in place that provides for the continuation of operation when there is a loss of control room functionality. Instead, AVBA called for the plant to shut down if the plant control room became inoperable.

Finding: WECC found that the EOP-008-1 violation only constituted a minimal risk to BPS reliability. Constellation Energy Control and Dispatch (CECD), in its role as AVBA's BA Service Agent, had a plan that AVBA would follow in the event of the loss of control room functionality. The duration of the EOP-008-1 R1 violation was from November 5, 2007 through March 1, 2009. AVBA stipulated to the violations. In approving the settlement agreement, the NERC BOTCC considered the fact that these violations were AVBA's first violations of the relevant Reliability Standards; the violations were not intentional and were promptly mitigated once discovered; and AVBA was cooperative during the enforcement process and did not conceal the violations. In addition, all but one of AVBA's violations did not constitute a serious or substantial risk to BPS reliability.

Penalty: $60,000 (aggregate for 43 violations)

FERC Order: Issued January 30, 2013 (no further review)

NP20-22-000: Associated Electric Cooperative, Inc. (AECI)

Reliability Standard: EOP-008-1; EOP-008-1; FAC-009-1; TOP-004-2; PER-003-0; PER-005-1

Requirement:  R1; R4; R1; R6; R1; R1

Violation ID: SERC2016016486; SERC2016016487; SERC2016016489; SERC2017017277; SERC2019021901; SERC2019021902

Method of Discovery: Compliance Audit; Compliance Audit; Compliance Audit; Self-Report; Self-Report; Self-Report

Violation Risk Factor: Medium; High; Medium; Medium; High; Medium

Violation Severity Level: Severe; Severe; Severe; Lower; Severe; Severe

Region: SERC

Issue:  EOP-008-1 R1 

SERC determined that AECI did not have a current Operating Plan describing the manner in which it would continue to meet its functional obligations with regard to the reliable operations of the Bulk Electric System (BES) in the even that its generation and transmission (G&T) cooperative primary Regional Dispatch Centers (RDCs) functionality is lost. Attachment A includes additional facts regarding the violation. 

The cause of this violation was management oversight by failing to ensure the implementation of an organizational model that reflected the G&T RDC's role of performing TOP functions both within and outside the terms of the jurisdictional control agreements.

EOP-008-1 R4 

SERC determined that AECI lacked backup functionality for the RDCs and did not provide control capability of the BES elements for which the RDCs had exclusive functional control. Attachment A includes additional facts regarding the violation.

The cause of this violation was management oversight by failing to ensure the implementation of an organizational model that reflected the G&T RDC's role of performing TOP functions per the jurisdictional control agreements.

FAC-009-1 R1 

SERC determined that AECI did not have Facility Ratings for its solely and jointly owned Facilities that were consistent with its associated Facility Ratings Methodology (FRM). Attachment A includes additional facts regarding the violation.

The cause of this violation was management oversight by failing to verify the implementation of effective processes. When AECI performed its initial evaluation and physical verification of equipment ratings, it did not have the processes in place to ensure that it considered all relevant equipment.

TOP-004-2 R6

SERC determined that AECI did not implement its formal policies and procedures to provide for transmission reliability as it relates to switching transmission elements. Attachment A includes additional facts regarding the violation. 

The cause of this violation was management oversight by failing to verify that all needed controls were implemented to prevent the KAMO RDC operation of a BES element without the prior approval of the AECI Operator.

PER-003-0 R1

SERC determined that AECI failed to staff its Real-time operating positions performing TOP reliability-related tasks in its G&Ts' RDCs with System Operators who have demonstrated minimum competency by obtaining and maintaining one of the valid NERC certificates. Attachment A includes additional facts regarding the violation. 

The cause of this violation was management oversight by failing to ensure the implementation of an organizational model that reflected the G&T RDC's role of performing TOP functions per the jurisdictional control agreements.

PER-005-1 R1

SERC determined that AECI failed to establish and implement a systematic approach for its training program for the BES company-specific reliability-related tasks performed by its System Operators. Attachment A includes additional facts regarding the violation. 

The cause of this violation was management oversight by failing to ensure the implementation of an organizational model that reflected the G&T RDC's role of performing TOP functions per the jurisdictional control agreements.

Finding: SERC found that the violations in the aggregate posed a serious risk to the system. AECI has no relevant prior violations associated with EOP-008-1 R1 and R4, FAC-009-1 R1, PER-003-0 R1, and PER-005-1 R1 and SERC considered the AECI's relevant prior noncompliance with TOP-004-2 R6 (including NERC Violation ID SERC2015015266) as repeat noncompliance with the subject NERC Reliability Standards. SERC considered AECI's compliance history with TOP-004-2 R6 as an aggravating factor. AECI self-reported three of the violations and AECI agreed to settle the violations.

Penalty: $430,000

Duration of Violation: 7/1/2013 - 12/31/2020 (Anticipated); 7/1/2013 - 12/31/2020 (Anticipated); 6/18/2007 - 6/1/2019; 1/9/2017 - 1/9/2017; 6/18/2007 - 6/24/2021 (Anticipated); 4/1/2013 - 9/9/2020

FERC Order: Issued September 30, 2020 (Settlement Agreement)

NP19-17-000: Gridforce Energy Management, LLC

Region: WECC

NERC Violation ID Standard Requirement VRF/VSL Discovery Method Start Date End Date
WECC2016016377 EOP-008-1 R1 Medium/Severe Compliance Audit 11/22/2013 12/28/2017
WECC2016016323 INT-006-4 R1 Lower/Severe Self-Report 7/5/2016 7/5/2016

Issue:  EOP-008-1

During a Compliance Audit conducted from September 26, 2016 through October 7, 2016, WECC determined that the entity, as a Balancing Authority (BA), had a violation of EOP-008-1 R1. Specifically, WECC found several issues with the entity's Operating Plan:

a. it defined the backup functionality as being provided by remotely accessing the BA functionality from specified hotel lobbies and using laptops instead of transferring operations to a specific backup facility. The entity incorporated an incorrect definition of facility, citing the use of laptops in a hotel lobby as implementing backup functionality in addition to an "alternate" Control Center, which did not meet the criteria of backup functionality provided by FERC's directives in Order 693 (R1.1);

b. the laptop batteries were listed as the backup power supply to the hotel building power for use from the hotel lobbies (R1.2.4);

c. it did not include physical or cyber security in the hotel lobbies (R1.2.5);

d. the entity did not include a transition period between the loss of primary control center functionality and the time to transition to the alternate control center in Austin, Texas which was used for low probability high impact events, such as hurricanes requiring evacuation of Houston, Texas. Specifically, the primary Control Center and the alternate Control Center were two and a half hours away from each other by car resulting in a period over the two-hour limit (R1.5);

e. for these reasons, the entity did not include actions to manage the risk to the BES during the transition from primary to backup functionality as well as during outages of the primary or backup functionality because the entity assumed that its operators would be able to gain full operational functionality in under two hours from the hotel lobbies whenever required (R1.6.2).

After reviewing all relevant information, WECC determined that the entity failed to have an Operating Plan describing the manner in which it continues to meet its functional obligations with regard to the reliable operations of the BES in the event that its primary control center functionality is lost that meets the requirements of EOP-008-1 R1, specifically R1.1, R1.2.4, R1.2.5, R1.5, and R1.6.2.
The root cause of the violation was the entity's incorrect assumptions regarding the criteria for its Operating Plan and previous implementation of its Operating Plan. The entity did not consider the specific sub-requirements of EOP-008-1 R1 nor FERC's directives when it designed and created its Operating Plan.

This violation began on November 22, 2013, when GRID registered as a BA and ended on December 28, 2017, when GRID established its new Operating Plan and designated a new backup Facility.

INT-006-4

On October 5, 2016, the entity submitted a Self-Report stating that, as a Balancing Authority (BA), it was in violation of INT-006-4 R1.

Specifically, the entity reported that on July 5, 2016 at 1:40 PM, its scheduling software automatically approved a downward modification to a Confirmed Interchange (CI) even though it was not capable of supporting the magnitude including ramping throughout the duration of the AI. The entity should have denied or curtailed the request for the AI. The downward modification or curtailment resulted in an AI that was below the low operating limit of the generating Facility. At 1:50 PM, the modified CI resulted in an over-generation condition in which the entity was producing more than the expected magnitude of Interchange and ramp because of the minimum generation levels at the generating Facility. The entity then directed the generating Facility to reconfigure its generation blocks to achieve the magnitude of the interchange. The interchange value remained constant into the next hour. In the absence of directing the generator offline the entity returned to compliance when the schedules ramped in to match the output of the generating facility at 2:56 PM.

After reviewing all relevant information, WECC determined that the entity failed to deny an AI or curtail CI for which it did not expect to be capable of supporting the magnitude of the Interchange, including ramping, throughout the duration of the AI, as required by INT-006-4 R1, R1.1.

The root cause of the violation was a lack of controls around the protocol and configuration of the entity's electronic tagging system, which automatically accepted an AI, even though the entity could not support the magnitude of the Interchange.

This violation began on July 5, 2016 at 1:50 pm, when the entity automatically accepted the Arranged Interchange (AI) request and ended on July 5, 2016, when the entity directed the generating Facility to achieve the output of the magnitude of the interchange.

Finding:

EOP -008-1

This violation posed a moderate risk and did not pose a serious and substantial risk to the reliability of the BPS. In this instance, the entity failed to have an Operating Plan describing the manner in
which it continues to meet its functional obligations with regard to the reliable operations of the BPS in the event that its primary control center functionality is lost that meets the requirements of EOP-008-1 R1, specifically R1.1, R1.2.4, R1.2.5, R1.5, and R1.6.2.

The entity did not have effective internal controls to detect or prevent this issue. However, the entity's EOP-008 Operating Plan was used successfully for backup control center functionality on January 6, 2016, due to a false fire alarm, and on December 14, 2012, due to a bomb threat. In addition, the Operating Plan was used successfully during hurricane evacuation conditions and for routine training and testing of remote functionality verifying all functions could be performed using remote access functionality from 2012 through 2016. For these reasons, WECC determined that there was a moderate likelihood of causing intermediate harm to the BPS. No harm is known to have occurred.

INT-006-4

WECC determined that this violation posed a moderate risk and did not pose a serious and substantial risk to the reliability of the BPS. In this instance, the entity failed to deny an AI or curtail CI for which it did not expect to be capable of supporting the magnitude of the Interchange, including ramping, throughout the duration of the AI as required by INT-006-4 R1, R1.1. Such failure could result in inadvertent energy, an out-of-balance condition on the system, and incorrect Net Scheduled Interchange (NSI) information to the Interconnection and BAAL deviations which affected another Requirement, WECC2016016013, BAL-001-2 R2. The risk was reduced because the amount of over-generation relative to the Western Interconnection was small (Entity 2 ACE +100 MWs, the entity ACE +40MW) during the event. The entity provides interchange authority services for 4,800 MW of generation for seven BAs. Therefore, WECC assessed the potential harm to the security and reliability of the BPS as intermediate.

However, this over-frequency (outside of BAAL limits) lasted a total of 66 minutes and the entity was in communication with its Reliability Coordinator during the entire event. Based on this, WECC determined that there was a moderate likelihood of causing intermediate harm to the BPS. No harm is known to have occurred.

Penalty: $50,000

FERC Order: Issued August 29, 2019