NERC just rolled out its NERC Alert System (NAS), which gives NERC/ES-ISAC the ability to alert and notify NAS-registered entities of the bulk power system (BPS) of vulnerabilities, threats, and/or abnormal events/conditions that could impact the BPS. It is also designed to enable rapid Alert creation and dissemination of alerts and provides for quick acknowledgment and response from Alert recipients via a secure Web browser portal.
“It’s pretty good,” says Paul J. Fricke, CQMgr, CQA Quality Manager/Project Manager at AssurX, Inc. “It sets up a direct and rapid communication to registered entities on when to send alerts and to have the mechanism to do it effectively.”
When registered entities receive an alert, they’ll then log into a secure site to receive the full update details.
There are three levels of alerts, in rising levels of seriousness:
- Level 1 – Advisory – information only
- Level 2 – Recommendations to Industry – usually requires that a questionnaire be completed and submitted back to NERC
- Level 3 – Essential Action – these require information back from the registered entity – highest level of alert, seriousness
NERC also set up a fairly straightforward means of labeling how carefully to protect information contained in an alert:
- Green – Public
- Yellow – Private
- Red – Sensitive
- Black – Confidential
NERC also just released its report for 2009 which addresses a year of transition (changes at the top) and a broader kind of transition: It’s “one of focus as we enter our third full year as the entity responsible for developing and enforcing compliance with mandatory reliability standards,” says Gerry Cauley, NERC’s new President and CEO.
Cauley’s ambitious vision is “to broaden our focus from a compliance organization to a learning organization, one that fosters learning and facilitates growth, both within our organization and across the industry.”
Given all that NERC is trying to do – some well, some maybe not so well – we’ll keep you posted on how they deliver on some tough promises in 2010.
See also:
NERC Unveils Improved Standards Development Process
The Top 10 FERC Enforceable Standards in 2009
“There’s nothing to see here folks, move along. Nothing to see here.”
That’s what police usually say when a crowd gathers to watch something new, unusual or just plain interesting.
Reminds me of an article I recently ran across declaring that Software as a Service (SaaS) technology was indeed configurable. The jist of it was that NetSuite CEO Zach Nelson was attempting to shatter some of the common misperceptions about SaaS during his keynote address at a company’s partner conference in San Francisco last week.
The WebCPA article covering Zach’s speech went on, “Addressing claims that most SaaS solutions are not customizable, Nelson claimed that there are currently 6,600 users utilizing NetSuite’s enterprise resource planning functions, the majority of which are customizable features.”
Extra! Extra! Read all about it: SaaS is configurable, says Zach. And we’ve blogged about this before, too.
But is this news to anyone?
Apparently it is in some circles. So why has SaaS gotten a bad rap as inflexible?
Blame it on the early days of SaaS, when some providers offered more rigid, “pigeon-holed” solutions, says AssurX Operations Manager Karl Kleinkauf, who’s been in this business nearly twenty years. “In the old days there was something of a ‘take it or leave it’ attitude,” Karl adds.
But that’s all changed in recent years, Karl notes. For starters, the technology has improved and ample bandwidth is more widely available today. Both factors help make SaaS more configurable. But consumer demand also helped make it happen, Karl notes.
In fact, as his own customers get more adept using SaaS for regulatory compliance, they often see other uses for it. “I’ve helped many use our SaaS system for document control and customer complaint handling after they’ve gotten comfortable with it on the compliance side,” Karl says.
So let’s recap: SaaS is flexible, multi-faceted and configurable.
Remember, you didn’t read it here first.
WHEN: Thursday, January 28, 2010 – 10 am – 2pm (Pacific)
REGISTER: https://www2.gotomeeting.com/register/554360930
WHO SHOULD ATTEND: All AssurX Energy/Utility Customers
AGENDA:
How to Manage NERC CIP Workflows & Documentation
NERC CIP Compliance Management – CIP-002 thru CIP-009 reached the Auditably Compliant stage July 1st, 2009. In this talk we will take a look at best practices for managing CIP workflows including configuration change management and process/plan review workflows.
How to Manage a NERC Compliance Framework
Part of a NERC audit includes submitting information about how your internal documentation (i.e. procedures, policies, etc.) relates to each applicable requirement. This presentation will demonstrate how CATSWeb ER can be used to establish this compliance framework.
NERC Standard Update Service
View how the NERC Standard Update Service is used to import new NERC standards and file attachments into your CATSWeb ER system.
Self Certification
Using the new CATSWeb 16Q Service Pack rules engine, view how your self-certification preparation process can be automated to create and assign all Gap Analysis records and monitor when all Gaps have been completed.
Using CATSWeb for PRC-005-1 Compliance
Demonstration of CATSWeb configured as a standalone system as well as an integration hub with various Work Order Management, ERP and Test Systems assuring that assets which effect the BES are in PRC-005-1 compliance.
Taking your CATSWeb ER system beyond your expectations
An opportunity to learn how companies use CATSWeb ER to steamline the management of documents, assets, approvals, certifications, testing, exceptions, etc.
Sessions will last anywhere from 20 – 45 minutes each and will be followed by a 5 – 10 minute Q&A, as well as a midway break. This four hour event will be recorded and available for replay shortly afterwards. Presentations will be available for download immediately following the event.
Michael Causey, Editor & Publisher, eDataIntegrityReport.com
UPDATE 2: (July 2010): FDA: eMDR Guidance Probably Won’t Happen This Summer.
UPDATE 1: (June 2010): Please see our updated blog on the new timeline here.
Well, they finally did it.
After more delays and internal intrigue than your typical Hollywood Blockbuster, the FDA today unveiled their proposed guidance for ultimately mandating electronic submission of mandatory adverse event reports.
It’s going to save time (paper submissions take up to two weeks to process at FDA HQ) and money for both industry and the agency.
But will device firms be ready?
A telling stat that came out of today’s press teleconference announcing the draft guidance: While about 80% of the nearly 500,000 submissions CDER gets already come in electronically, on the CDRH device side it’s only about 15%.
“We have some work to do” on the device side, David Buckles, Ph.D., director of the Division of Postmarket Surveillance at the FDA’s Center for Devices and Radiological Health (CDRH), observed mildly at today’s press conference.
Why are pharma firms so far ahead of device firms here? It’s odd because in many ways device firms are viewed as more tech savvy and more of the early adopter type. But the fact that pharma companies are generally much bigger, with much deeper pockets, probably explains some of why they have such a big electronic jump on their device brethren.
Device companies have also complained that the FDA hadn’t made its eMDR expectations clear. But that excuse won’t really hold now that the agency has issued a pretty straightforward guidance.
Industry has 90 days to comment on the draft guidance. After that, the agency will take a few months maximum to digest and perhaps take advice from those comments. Then they’ll issue a final rule that will mandate esubmissions for mandatory reporting (such as adverse events) a year from then.
So, mark your calendar for sometime around February 2011 for a mandate from the agency.
Will device firms be ready? There’s no excuse not to get with the program now.
Download the PDF version of the draft guidance here.
More information about AssurX’s eMDR solution here.
The concept of implementing SaaS is moving ahead quickly, especially in the medical device arena. Perhaps that shouldn’t be surprising; most industry experts say that device firms tend to be a bit more innovative when it comes to embracing new technologies.
That may be why Angiotech made the decision to go with AssurX’s OnDemand (SaaS) model as opposed to on-premise implementation for their global complaint handling system. Angiotech is a global specialty pharmaceutical and medical device company that discovers, develops, and markets innovative technologies and medical products primarily for local diseases or for complications associated with medical device implants, surgical interventions and acute injury.
AssurX’s CATSWeb system is already rolled out across four facilities – three in the US and one in Puerto Rico – with Europe expected by the end of 2009.
Larry Murphy, Senior Manager, Corporate Quality, was part of the team that made the decision to go with the SaaS model because they needed to get up and running quicker.
“We got the blessing of the IT group after they reviewed the AssurX system and were able to get answers quickly about the level of security and support,” Murphy said. “As far as the users are concerned, they really like having everything centralized, including the reporting capabilities. We have significantly improved our efficiency and productivity,” added Murphy.
Prior to implementing an automated complaint handling system, various divisions of Angiotech were using either paper-based systems or homegrown Access database applications. Now the company-wide system using CATSWeb allows them to process complaints in a more structured and standardized manner that provides a much higher level of quality of information as well as the ability to track progress using metrics and dashboards.
Future plans include expansion of the current process and perhaps implementing electronic medical device reporting (eMDR) somewhere down the line.
