Transforming reliability and security compliance for a major utility

Challenge 

In recent years, utilities have faced a surge of mandatory reliability and security compliance regulations, including ones implemented by the North American Electric Reliability Corporation (NERC), a regulatory authority covering the interconnected power systems of the United States, Canada, and part of Mexico. NERC’s primary goal is to maintain power grid stability and reliability by ensuring compliance with its standards for operations and planning, such as facility ratings, and for critical infrastructure protection practices that address extreme weather events and cyber threats. 

Although utilities have invested heavily in people, tools, and technology to meet these increasing regulatory demands, the solutions have often been fragmented and uncoordinated, leading to redundancies and inefficient operations. That was the situation confronting the leaders of one major electric company, which was grappling with an aggressive growth strategy that entailed efficiencies, increased regulatory obligations, new costs associated with those obligations, and instances of non-compliance that incurred fines and required new mitigation investments.  

Mindful of these challenges, the utility turned to Guidehouse for help developing a unified, enterprise-wide compliance process ahead of a planned multibillion-dollar investment in nuclear energy, natural gas, wind, solar, and battery storage over the next several years. Faced with gaps and inefficiencies in its security patch management and other critical areas, company leaders wanted to create a centralized, continuous monitoring capability for NERC compliance. That would require a top-down transformation across all of the utility’s registered entities—which include multiple operating companies and business units—as well as the consolidation of disparate data sources and the automation of manual processes throughout the enterprise. 

Approach 

Guidehouse adopted a database-centered approach, first developing a proof of concept and then a minimum viable product focused on asset management, change management, and patch management. Building on that foundation, Guidehouse teams expanded the solution to cover compliance with all NERC standards for all registered entities across the enterprise and launched a state-of-the-art NERC information hub. 

The hub functions as a command center, designed so that all data manipulation and updates occur primarily within the database, allowing for controlled access and better data governance. That integrated data, in turn, enables the hub to provide centralized monitoring and operational insights in multiple modes:

• Continuous monitoring mode is the default mode of the command center, transforming compliance personnel into validators and risk assessors rather than evidence producers. They gain daily insights into the health of their compliance program as well as the ability to provide operational support by spotting cyber and reliability issues quickly.
• Audit mode allows compliance analysts to efficiently validate data that’s subject to audit and allows regulators to interact directly with the data they’re sampling.
• Storm mode helps the utility determine which assets may be in the path of a hurricane and use those insights to take protective measures. 

Accurate information and real-time monitoring allow staff to detect and resolve potential issues before they occur. AI technology can also be layered on top of the hub’s data to facilitate proactive investment decisions, acting as a virtual anytime auditor and accelerating the completion of compliance tasks.  

Impact 

With the centralized database in place, the utility has been able to continuously track and monitor compliance across all aspects of company operations while realizing significant operational and cost-saving benefits, including:  

• 40% savings in business process efficiencies 
• 66% savings in audit preparation costs 
• 41% reduction in patch assessment cycle time 
• 80% reduction in data request response time 

The NERC information hub also allows employees to produce a populated audit evidence-request workbook using live data, reducing audit preparation time from months to minutes and enabling continuous compliance assurance capabilities. And by streamlining data source verification and simplifying the procedures for issuing alerts about anomalies such as changes to facilities, the new system has significantly reduced the likelihood of compliance violations.