2026 Internal Controls Workshop
About this event
Join ReliabilityFirst on Feb. 23-25 in Cleveland for a dynamic and engaging Internal Controls Workshop that kicks off a power packed week focused on Compliance Monitoring (CIP and O&P) and Enforcement. This interactive experience features small group discussions, opportunities to share industry insights, and a flexible format that lets you choose your own learning tracks. Whether you prefer to explore a variety of topics or dive deep into specific areas, this workshop is designed to foster meaningful conversations and practical takeaways.
Registration
Registration for this event has closed.
Event location
The Aviator, 20920 Brookpark Rd, Cleveland, OH 44135
Accommodations
Hilton Garden Inn – Cleveland Airport
4900 Emerald Ct SW
Cleveland, OH 44135
Phone: 216-898-1898
To make a hotel reservation, please use the online link: click here
Room Block Details:
Group Name: ReliabilityFirst
Room Rate: $149.00 plus taxes
Stay for the 2026 ERO Women’s Leadership Conference
Back-to-back with our Internal Controls Workshop, be sure to stick around for the 2026 ERO Women’s Leadership Conference! There will be an evening reception on Feb. 25 followed by the conference on Feb. 26 at the same location as the Internal Controls Workshop. Details and registration for the Women’s Leadership Conference can be found here.
Event format
Attendees will have the flexibility to customize their schedule and join the sessions that interest them most. You are welcome to repeat the same topic if you would like to dive in on a given subject/standard or you can move around. Each session will feature small-group discussions led by RF’s subject matter experts, beginning with a 15-minute presentation followed by 30 minutes of group discussion (45 min per session). This open format encourages participants to share insights, exchange best practices, and learn from one another’s experiences. The purpose of the Internal Controls Workshop is to bring industry professionals together to collaborate, share knowledge, and strengthen strategies that ensure grid resiliency.
Agenda
Welcome Reception, Monday, Feb. 23, 2026
| 5:30 pm – 7:30 pm | Evening Reception |
Day 1 of Workshop, Tuesday, Feb. 24, 2026
| Time | Session Topics |
| 8:00 am – 9:00 am | Breakfast |
| 9:00 am – 9:45 am | Opening and Keynote Speaker |
| Morning Session: 10:00 am – 12:00 pm |
CIP-015 (Internal Network Security Monitoring)
Explore Internal Controls and practical approaches to CIP-015 as you prepare to develop your Internal Network Security Monitoring Program. Gain insight into strategies your peers are considering that strengthen compliance and operational security. |
| CIP-012 (Communications between Control Centers)
Discuss actionable approaches to enhance secure communication between Control Centers with your industry peers. Discover which controls can add value to your program and improve reliability across your network. |
|
| BCSI in the Cloud
Join the conversation on key controls to consider for the use of cloud environments for BES Cyber System Information (BCSI). Hear real-world experiences from others who have successfully adopted cloud-based BCSI programs. |
|
| EOP-012 (Extreme Cold Weather Preparedness and Operations)
Discuss building a strong winterization plan by sharing best practices and lessons learned, identifying common mistakes to avoid, and clarifying expectations for onsite activities. |
|
| PRC-004 (Protection System Misoperation Identification and Correction)
Discuss common misoperation causes and how RF’s results stack up compared to other regions. Explore common causes of misoperations and the RF region’s performance. The discussion will highlight frequent pitfalls identified through evidence verification and foster an exchange of best practices. Together, we’ll identify strategies to strengthen internal controls and enhance overall reliability. |
|
| Emerging standards for inverter-based resources (PRC-028, PRC-029, PRC 030)
Look at emerging standards for inverter-based resources and discuss strategies to embed controls that help maintain proper settings, provide reliable monitoring and recording, and drive effective corrective actions in response to system events or misoperations. |
|
| 12:00 pm – 1:00 pm | Lunch |
| Afternoon Session: 1:00 pm – 5:00 pm |
Transient Cyber Assets (TCAs) (High, Medium and Low Impact)
Dive into the management of TCAs across High, Medium, and Low impact programs. Explore preventive, detective, and corrective controls that strengthen compliance posture. |
| CIP-003-9 (Security Management Controls)
Understand the latest changes to CIP-003-9, including Internal Controls and vendor management requirements. Discuss implementation strategies and what your organization can do now to prepare for the April 1, 2026, effective date. |
|
| Virtualization Standards
Examine the impacts of Project 2016-02 on the CIP Standards. Engage with others on challenges, changes, and recommended controls to support a smooth virtualization transition. |
|
| FAC-003 (Transmission Vegetation Management)
Discuss vegetation maintenance controls, validation of third-party contractor work, common issues in Transmission Vegetation Maintenance Plans, annual work execution, and key control points for SME handoffs. |
|
| FAC-008 (Facility Ratings)
Discuss asset management practices, ensure field equipment aligns with one-lines and matches Facility Ratings databases and model values. Review common issues, best practices, and explore strategies to strengthen your Facility Ratings program through key internal controls. |
|
| PRC-005 (Protection System, Automatic Reclosing, and Sudden Pressure Relaying Maintenance)
Engage in discussions on one of RF’s most frequently violated O&P Standards, focusing on implementing best practices, sharing lessons learned, and exploring strategies to strengthen asset management and effective maintenance. |
Day 2 of Workshop, Wednesday, Feb. 25, 2026
| 8:00 am – 9:00 am | Breakfast |
| Morning Session 9:00 am – 12:00 pm |
Internal Controls tracking, testing, automation
After establishing initial internal controls, the next phase focuses on advancing the program’s maturity. This track will discuss strategies for enhancing and automating detective, preventive, and corrective controls. Through group discussion, participants will share best practices, lessons learned, and collaborate on defining and sustaining key controls. |
| Overview of RF’s Audit Process; PCC education
This session will equip Primary Compliance Contacts and other Compliance Personnel with a thorough understanding of RF’s Audit Process, covering everything from annual scheduling processes to the audit lifecycle. Topics include scoping, audit notifications, key milestone dates, evidence review, internal controls, and much more. |
|
| Internal Controls for Mitigation
Join us for a discussion on internal controls considerations during enforcement actions. Hear directly from RF Enforcement on key internal controls considerations when mitigating violations of NERC Reliability Standards, including best practices, identifying, developing, and improving preventative, detective, and corrective controls, and other effective mitigation strategies. |
|
| IRAs and COPs
Understand how the IRA/COP process shapes compliance strategy. This session will unpack how the Entity Risk Profile Questionnaire, Risk Factors, and Performance Considerations come together to build the Compliance Oversight Plan, ultimately driving scoping decisions. |
|
| Repeat high demand from day 1 | |
| Repeat high demand from day 1 | |
| 12:00 pm – 2:00 pm | Lunch / Networking |
| 5:30 pm – 8:30 pm | Women’s Leadership Reception and Networking |