NERC Standards Management: Lessons Learned from Other Industries
When President Bush signed into law the Energy Policy Act of 2005, which authorized the creation of an electric reliability organization (ERO) with the statutory authority to enforce compliance with reliability standards, market participants faced sea change. The voluntary system of compliance had morphed into a mandatory system of reliability standards compliance backstopped by audits and fines. Even though this was something brand new for energy companies – it is not the first time an industry has had to deal with such a regulatory shift.
Lessons can be learned from similar events in other industries:
- 1990’s: Manufacturers scramble to obtain ISO 9000 certification
- 2000: FDA regulated medical device and pharmaceutical companies face increased scrutiny regarding management of electronic quality records
- 2005: Publicly traded companies deal with Sarbanes Oxley laws
Here are some ‘lessons learned’ I have encountered while helping companies implement compliance management systems:
Top-Down Approach: The most successful companies implement corporate-wide compliance programs with a clearly stated purpose initiated from the top. The best illustration of this is President Kennedy’s 1961 ‘Man on the Moon’ speech. Kennedy (the top executive) described the goal (“landing a man on the moon and returning him safely”) and deadline (“before this decade is out”).
Compliance for Cost and Reliability Improvement: Given the tight deadlines and overwhelming workload most companies set up a compliance program with one goal in mind ‘pass the audit’. While this may be a necessary first focus; companies that raise their sights towards actually ‘improving reliability’ and ‘reducing costs’ gain the biggest benefit from compliance expenses.
Enterprise Management Systems: Managing everything associated with compliance (data, tasks, documents, evidence, due dates, etc.) quickly outgrows spreadsheets and homegrown databases. It is best to reap the benefits of a commercial-off-the-shelf (COTS) system designed specifically for their industry. COTS vendors like AssurX typically host user group meetings and continually improve the system to keep up with regulatory changes.
Post by Sal Lucido
[...] set of challenges for compliance especially when it comes to access control and data management.NERC Standards Management: Lessons Learned from Other …When President Bush signed into law the Energy Policy Act of 2005, which authorized the creation of [...]