July 10, 2025

Welcome to TRC’s NERC Compliance Conversations: This is a special series diving into our teams’ NERC Conversations. Produced by the staff of TRC, they will be discussing evolving NERC standards and challenges utilities face as the environment can be unpredictable. 

In this series, we’re joined by TRC’s NERC Compliance Director in the Power Division, Dwayne Stradford. Dwayne leads TRC’s efforts to support utility clients across all three U.S, interconnections as he has over 30 years of engineering experience, transmission operations, planning, and regulatory compliance. Dwayne has navigated TRC to ensure reliable compliance with his expertise in NERC-CIP and NERC O&P. 

Scroll down to browse recent episodes!

Contact Us

Related Services

View All Services
content-pattern
image-3-1 video-bttn

Conversation 6 – NERC CIP Part 4 – Post-Implementation Security Protections Under CIP-014

December 17, 2025

Physical security under CIP-014 continues to evolve as threats against the grid intensify and load patterns shift with new data centers, renewables and transmission growth. Once a facility is designated as medium or high impact, utilities must ensure their protections, monitoring and procedures are robust, not just at implementation, but throughout ongoing operation. Keeping pace requires coordination between planning engineers, security teams, operations and vendors to ensure assessments, design updates, site inspections and technology performance all work together as a unified defense. 

In this edition of NERC Compliance Conversations, our experienced practitioners explore what happens after the initial CIP-014 assessment. They discuss how utilities can adapt protections as conditions change, maintain effective monitoring and access controls, incorporate feedback from field crews and design security measures that stand up to modern threats. The conversation highlights how proactive planning, layered defenses and strong organizational awareness help utilities stay secure, compliant and audit-ready. 

content-pattern
image-2-1 video-bttn

Conversation 5 – NERC CIP Part 3 – Revoking Access and Personnel Risk Assessments Under CIP-004

December 17, 2025

Access management under CIP-004 can be one of the most deceptively challenging areas of NERC CIP compliance. With 24-hour revocation requirements, multi-year PRA review cycles and a heavy dependence on coordination across HR, IT, vendors and operational teams, just one overlooked revocation can quickly escalate into a major violation. Many utilities struggle with misaligned processes, delayed notifications and human error; especially when contractors, interns or shared roles are involved. 

In this edition of NERC Compliance Conversations, our experienced team examines why CIP-004 issues continue to surface across the industry and discuss practical ways to strengthen internal controls, automate revocation workflows, improve visibility of PRA timelines and build a culture where access governance is treated as a shared responsibility, not an afterthought. 

content-pattern
image-1-1 video-bttn

Conversation 4 – NERC CIP Part 2 – Challenges of Managing Security Patches Under CIP-007

December 17, 2025

Despite a 35-day evaluation window, patch management under CIP-007 continues to rank among the most frequently violated NERC CIP standards. The complexity lies not in installing updates, but in tracking vendor notifications, evaluating hundreds of patches across cyber assets, verifying success and maintaining auditable evidence, all while keeping critical systems online. 

In this edition of NERC Compliance Conversations, our experts unpack why patch management remains so challenging across the industry. They highlight common traps, discuss how misclassification under CIP-002 can compound CIP-007 exposure and outline the elements of a mature, well-governed patch management program that keeps utilities audit-ready and resilient. 

content-pattern
image-3 video-bttn

Conversation 3 – NERC CIP Part 1 – Misclassification of Cyber System Categorization Under CIP-002

December 17, 2025

Misclassifying BES Cyber Systems under CIP-002 remains one of the most consequential and costly errors a utility can make. What appears to be a simple categorization decision can ripple across the entire set of CIP Reliability Standards, triggering gaps in CIP-004 through CIP-013 and exposing utilities to significant compliance and security risk.

In this edition of NERC Compliance Conversations, our experts break down why accurate asset categorization is foundational to every other NERC CIP obligation. They explore the pitfalls of siloed processes, overlooked assets and unclear responsibilities. We share practical steps utilities can take to strengthen inventories, tighten internal controls and prevent cascading violations before they occur.

content-pattern
Screenshot-2025-07-10-at-10.14.00 AM-3 video-bttn

Conversation 2 – Smart Vegetation Management Under FAC-003-5

June 5, 2025

One year into enforcement of FAC-003-5, utilities are rethinking right-of-way strategies to stay compliant and protect grid reliability. The retirement of Requirement 2 and the elimination of IROL-specific categorization have left many vegetation management programs facing mounting risks and massive fines unless they adapt to this new reality. 

In this edition of NERC Compliance Conversation our experts, Dwayne Stradford and Marc Sherman, explore why proactive vegetation strategies are now mission-critical and how utilities can turn compliance into a long-term resilience advantage. 

Further Reading

 
content-pattern
Screenshot-2025-07-10-at-10.10.21 AM-3 video-bttn

Conversation 1 – Cold Weather Preparedness Under EOP-012 and Beyond 

March 18, 2025

As extreme weather events occur more often and are more severe, utilities are under increasing pressure to confine and meet NERC standards. The latest updates to cold weather preparedness requirements under EOP-012 demand a more proactive approach to dealing with severe weather conditions. 

In this edition of NERC Compliance Conversation, our experts Dwayne Stradford and Dylan Achey break down the latest regulatory updates, challenges and best practices to help utilities stay ahead and mitigate risk.