NERC compliance is mystifying even for experienced solar developers and owners. In Parts One and Two of this four-part series, we covered common mistakes and NERC registration requirements. Now, let’s discuss the NERC standards that have the most impact during the solar development phase.
First, how do you determine which, if any, NERC standards will apply to your solar project?
There is no single source that lists all of the NERC standards that apply to solar facilities or to GOs. There is too much variation in projects for this kind of checklist, especially considering that certain regional entities have specific requirements.
You can look up all of the active and retired NERC standards online at the NERC One-Stop Shop. Each standard has a PDF that shows the requirements and to whom they apply. While the requirements are fairly clear, looking up each standard one by one and checking applicability is a tedious and laborious process. We recommend instead using a third party who has expertise in handling NERC registrations if you don’t already have an in-house compliance officer.
Which NERC standards have the most impact during the development phase?
First, if you will have to register with NERC, you must factor compliance into your project budget. It is essential to do a good job with all the NERC requirements.
As to specific standards, two stand out during the development phase.
This standard governs the generators’ frequency and voltage controls. For solar plants, “generators” means the inverters. PRC-024 establishes normal deviation in frequency and/or voltage over time, within which you are not allowed to disconnect a generator.
Inverters are designed to trip offline if they hit unsafe frequency or voltage levels—as well they should. This is necessary to prevent equipment damage. However, if you can stay online, NERC wants you to. PRC-024 sets the frequency and voltage ranges as wide as possible to maintain both grid stability and safety.
To meet PRC-024, solar developers or EPCs must ensure that the inverter manufacturer can meet the requirements. The inverters must be commissioned with the requirements in mind.
NERC CIP (Critical Infrastructure Protection) is a group of standards covering cyber security. We will go more in depth on NERC CIP in future articles, but for now will touch lightly on CIP-003 specifically.
NERC CIP standards differ based on your impact rating: low, medium or high. The threshold for medium is 1,500 MW controlled from one location. There is currently no individual solar farm that big, meaning all are low-impact entities under NERC CIP. (There are, however, control rooms that handle over 1,500 MW, making them medium-impact.) The higher your impact, the greater the risk to the BES if something goes wrong, and the more stringent the cyber security standards become.
For low-impact entities, CIP-003 requires policies and plans that cover six areas:
- Cyber Security Awareness – You must set up a program to keep line workers aware of cyber security issues, incidents, changes and updates
- Physical Security Controls – You must create a system that controls access to the control house/plant controls
- Electronic Access Controls – You must control inbound and outbound Internet communications, only allowing approved communications (especially pertinent to remote access for facilities)
- Cyber Security Incident Response – You must have a response plan for a cyber security incident, including appropriate backups for site controls, documents and inverter programs
- Transient Cyber Assets and Removable Media – This requires any device that plugs into site equipment or the SCADA system (such as a thumb drive or laptop) to be scanned and cleared first to prevent malicious code introduction
- Declaring and Responding to CIP Exceptional Circumstances – This standard covers how to report and respond to certain emergency situations at a plant
CIP-003 also requires a review of each cyber security policy at least once every 15 months for low-impact entities, and documented approval of each policy by a CIP Senior Manager. This individual—typically a CEO, CCO, legal officer or senior IT officer—has overall authority and responsibility for leading and managing implementation. It must be someone who can authorize work and stop work.
Again, we will cover NERC CIP in more depth in future articles. This is a large and complex group of standards, and it is best to seek expert help with compliance.
Learn more about the importance of NERC compliance.
In the final article of this four-part series, you’ll learn about the risks of NERC non-compliance and potential changes to the regulatory landscape.
Radian Gen is a trusted partner for full NERC implementation and long-term compliance management. See our Compliance and Risk Management page for more on how we can help.