1. Compliance Program Implementation Plan 2011 December 15, 2010 Ray Palmieri 1

2. Overview Areas of Change to the Annual Implementation Plan Risk-Based Methodology Changes From Past Plans New Outreach Programs No Process Changes 2 2011 Compliance Program Implementation Plan

3. Risk-Based Methodology Risk Factors Considered in Defining Scope of Activities  North American-wide NERC Reliability Standards most violated, including both all time historical and rolling twelve-month statistics, are considered. This encompasses the core standards to be monitored across the industry.  Regional Entity-specific most violated NERC Reliability Standards, which may include standards already identified in item #1 for some Regional Entities, or additional standards. This analysis allows Regional Entities to focus on significant trends and issues within the Regional Entity boundary. This also could lead to the identification of Interconnection-wide issues and concerns.  Regional Entity Reliability Standards most violated, as applicable.  Registered Entity specific issues, including but not limited to operational issues, operational footprint changes, corporate restructuring, other trends, etc.  Analytical determination (other high risk reliability standards, registered functions trends and concerns, standards rising in prominence and identified through trend analysis)  Other factors, as determined by ReliabilityFirst, including Compliance Culture, which considers the entity’s compliance culture and overall strength of compliance. 3 2011 Compliance Program Implementation Plan

4. Compliance Audits Standards Monitored for the First Time  MOD - 001, 004, 008, effective 4/1/2011  PRC - 023  CIP Suite of Standards – Version 3  IRO - 004 and 005 4 2011 Compliance Program Implementation Plan

5. Self-Certifications Standards Self Certified for the First Time  CIP Suite of Standards – Version 3 5 2011 Compliance Program Implementation Plan

6. Spot Checking Standards to be Spot Checked for the First Time  NUC-001  BAL-003  IRO-005, R13  CIP Suite of Standards – Version 3 6 2011 Compliance Program Implementation Plan

7. Data Submittals Standards Requiring First Time Data Submittals  MOD-028, 029, 030  PRC-004, 016, 022  PRC-007, 021  TPL-001, 002, 003, 004 7 2011 Compliance Program Implementation Plan

8. Outreach Programs Open Compliance Calls CIP Webinars Compliance Application Notices (CANs) 8 2011 Compliance Program Implementation Plan

9. SCOPE Minimum Number of Standards to be Monitored Total of 39 Standards for Audit (2010 – 56) Total of 55 Standards for Self Certification (2010 – 60) Total of 14 Standards for Spot Checks (2010 – 9) Total of 22 Standards for Data Submittals (2010 – 20) Total of 102 Standards are FERC approved, with expectation of compliance at all times 9 2011 Compliance Program Implementation Plan

10. Compliance Program Implementation 10 Questions