NOTICE DATE: March 2, 2020
NOTICE TYPE: M-A030220-01 NPRR
SHORT DESCRIPTION: Implementation details of NPRR928
INTENDED AUDIENCE: ERCOT Market Participants
DAYS AFFECTED: March 13, 2020 and April 3, 2020
LONG DESCRIPTION: On March 13, 2020, Protocol language related to Nodal Protocol Revision Request (NPRR) 928, Cybersecurity Incident Notification, will be partially implemented. NPRR928 establishes Market Participant notification responsibilities with respect to Cybersecurity Incidents. ERCOT is proposing a two-phase implementation process for NPRR928 to provide Market Participants time to submit Cybersecurity Contact information prior to the implementation of language under NPRR928 requiring Market Participants to notify ERCOT of a Cybersecurity Incident.
Phase 1 Implementation: March 13, 2020
On March 13, 2020, the Protocol sections listed below will be implemented to allow current Market Participants to submit Cybersecurity Contact information to ERCOT through the Notice of Change of Information (NCI) form (Protocol Section 23 Form E), and prospective Market Participants to designate a Cybersecurity Contact in the application process (Protocol Section 23 Forms A, B, G, I, J & M). In Phase 1, ERCOT will also be unboxing the Notice of Cybersecurity Incident form (Protocol Section 23 Form O) to allow Market Participants to voluntarily utilize the form, if necessary, prior to implementation of the remainder of NPRR928 in Phase 2.
- Section 2.1 (Definitions: Cybersecurity Contact, Cybersecurity Incident)
- Paragraph (1) of Section 16.19, Cybersecurity Incident Notification
- Section 23 Form A: Congestion Revenue Right (CRR) Account Holder Application for Registration
- Section 23 Form B: Load Serving Entity (LSE) Application for Registration
- Section 23 Form E: Notice of Change of Information
- Section 23 Form G: QSE Application and Service Filing for Registration Form
- Section 23 Form I: Resource Entity Application for Registration
- Section 23 Form J: Transmission and/or Distribution Service Provider Application for Registration
- Section 23 Form M: Independent Market Information System Registered Entity (IMRE) Application for Registration
- Section 23 Form O: Notice of Cybersecurity Incident
Phase 2 Implementation: April 3, 2020
On April 3, 2020, the remaining Protocol language related to NPRR928 will be implemented.
ACTION REQUIRED: Prior to April 3, 2020, Market Participants should designate a Cybersecurity Contact for communications with ERCOT with respect to Cybersecurity Incidents, using the Notice of Change of Information (NCI) form in Protocol Section 23 Form E.
ADDITIONAL INFORMATION: Implementation details of NPRR928 will be further discussed at the 3/25/20 TAC meeting.
Pursuant to Nodal Protocol Section 21.6, Nodal Protocol Revision Implementation, ERCOT is required to provide notice as soon as practicable, but no later than ten days prior to implementation.
NPRR928 and associated documents can be found on the ERCOT website.
CONTACT: If you have any questions, please contact your ERCOT Account Manager. You may also call the general ERCOT Client Services phone number at (512) 248-3900 or contact ERCOT Client Services via email at ClientServices@ercot.com.
If you are receiving email from a public ERCOT distribution list that you no longer wish to receive, please follow this link in order to unsubscribe from this list: http://lists.ercot.com.