RSAWs are the work papers used by NERC and Regional teams to understand and evaluate an entity’s compliance position and provided evidence for specific Reliability Standards. Entities are required to provide a narrative of how compliance was met during the monitoring period, along with evidence used to support the compliance narrative. The RSAW accomplishes this by being a roadmap that outlines how an Entity complies with a NERC Reliability Standard. It identifies the Who, What, Why, When, Where and How. Who is responsible for the Standard, What the Entity is doing to achieve Compliance, Why they perform certain tasks, When the tasks are completed, Where these activities took place, and how they were performed.
RSAWs are also a great guide for training. You should be able to read the RSAW and understand how the Entity approaches compliance with the Standard. If someone leaves their position or is not available, a co-worker or supervisor should be able to read the RSAW and determine the process and see the results.
RSAWs are used for a variety of compliance activities including audits, self-certifications, and spot checks, as well as internal activities to perform annual assessments and to track and maintain compliance documentation. PCS offers assistance in reviewing an entity’s prepared RSAWS and can provide recommendations to strengthen and clarify the compliance narrative and supporting evidence. PCS also develops template RSAWs using information and evidence provided by the entity that help prepare that organization for its next compliance monitoring activity.
All regions are now requiring the completion of the NERC ERT for CIP Audits and other CIP compliance monitoring activities, such as self-certifications. Thorough completion of the ERT and well organized evidence packages that correlate with the ERT references will assist in expediting the Auditors’ reviews and moving the audit to completion. With this change, Regional Auditors are relying more on the responses and evidence provided with the completed ERT, as opposed to completed RSAWs. That said, PCS encourages Registered Entities to still complete the RSAW narratives and provide a verbal picture that introduces each piece of evidence, references specific page numbers and sections to bring the Auditor’s eye directly to where compliance is being demonstrated, gives the Auditor a quick picture of how required controls are applied and measured, and demonstrates how compliance objectives are achieved.