July 1 2008 criminal background

Part 3 Criminal justice records

This includes encouraging and contributing to the rehabilitation of persons with criminal convictions and assisting them in the resumption of their responsibilities of citizenship. The goal of this policy is to provide a consistent approach to conducting criminal background checks on new employees and to comply with Minnesota Statutes, Chapter Back to top.

Search Search. In addition, SERC discovered during a spot check that although the URE had trained new personnel, it had not trained its existing staff. Finding: The violations did not pose a serious or substantial risk to the reliability of the bulk power system because the URE is a small Balancing Authority with a low estimated summer peak and its Control Center cyber assets had only one external communications link, which was with the Reliability Coordinator.

NP December 22, Issue: Unidentified Registered Entity URE failed to conduct or update personnel risk assessments on nine occasions for seven employees and two contract workers having authorized cyber access or authorized unescorted physical access to Critical Cyber Assets. In reaching this determination, the NERC BOTCC considered the following facts: the violation constituted URE's first violation of this Reliability Standard; URE self-reported the violation; URE cooperated during the compliance enforcement process; URE did not have a formal compliance program at the time of the violation; URE did not attempt to conceal a violation or intend to do so; the violation did not create a serious or substantial risk to the bulk power system; and there were no other mitigating or aggravating factors or extenuating circumstances.

WECC found that the violation of CIP R2 did not constitute a serious or substantial risk to bulk power system reliability since the four employees who had not completed the required training within the required time frame were not physically located in the same facility as the relevant Critical Cyber Assets and they received the required cyber security training within 14 days after they were supposed to. In regards to the violation of CIP R3, WECC found that the violation did not constitute a serious or substantial risk to bulk power system reliability since only a small number of the Registered Entity's relevant employees had not received the required personnel risk assessment within the required time frame.

For the violation of CIP R4, WECC found that the violation did not pose a serious or substantial risk to bulk power system reliability since the Registered Entity had updated its list of personnel who have access to Critical Cyber Assets during the third quarter of and the first quarter of even though it did not perform an update in the fourth quarter of In determining the penalty amount, WECC considered the fact these were the Registered Entity's first assessed violations of the relevant Reliability Standards; the violations were self-reported; and the Registered Entity was cooperative during the enforcement process and did not attempt to conceal the violations.

Issue: Unidentified Registered Entity URE self-reported that three of its personnel with authorized cyber or authorized unescorted physical access to Critical Cyber Assets did not have personnel risk assessments completed within 30 days of gaining access in accordance with CIP R3. Such risk assessments were completed within 35 days of gaining access.

Michigan Legislature

URE also self-reported the following violations of R4: three of its employees retired or were terminated but URE did not remove them from its Master Access List in a timely fashion; seven of its employees had access to Critical Cyber Assets but were not listed on the Master Access List; and seventy one of its employees were listed on the Master Access List without also listing which Critical Cyber Assets each employee had access to. Finding: It was determined by WECC that the R3 violation did not pose a serious or substantial risk to the reliability of the bulk power system because of the small number of employees involved and the fact that the URE was only five days late.

WECC determined that the R4 violation posed a moderate risk to the reliability of the bulk power system because even though the URE had a Master Access List of its personnel with access to Critical Cyber Assets, it was not maintaining the list within the timeframes required. The duration of both violations was July 1, , when the Reliability Standard became enforceable, through September 22, Issue: During a spot-check audit, SERC found two incidents in which Unidentified Registered Entity URE failed to properly maintain its list of employees, contracts and service vendors who have authorized cyber or authorized unescorted physical access to Critical Cyber Assets and also failed to include in the list each individual's specific access rights.

Finding: It was determined by SERC that the violation did not pose a serious or substantial risk to the reliability of the bulk power system because URE trained and performed background checks on all employees with cyber and unescorted physical access and kept records of the access granted to employees, contractors and service providers these records were not made part of the master list, leading to the violation. The existence of a robust internal compliance program was given credit in the zero penalty determination.

The duration of the violation was April 1, through November 14, The violation of R4 did not pose a serious or substantial threat to reliability of the bulk power system because the contractor had conducted pre-employment background checks, had activities in place to protect customer system information, and had training related to cyber security. Issue: Two Unidentified Registered Entities URE , both wholly owed subsidiaries of the same Parent Company, self-reported violations of CIP R3 and R4 for failing to complete risk assessments for certain personnel having authorized cyber or authorized unescorted physical access to Critical Cyber Assets R3 and for failing to maintain a complete and accurate list of personnel with such access R4.

In addition, MRO and SPP determined the violation of R4 did not pose a serious or substantial threat to the reliability of the bulk power system because most of the employees that were mistakenly not on the Critical Cyber Assets access lists had received cyber security training and background checks to ensure they would not abuse access rights to the Critical Cyber Assets.

Crime Patrol - Episode 29 - Sunita Rape Case Part 1

Finding: MRO determined that the violations posed a minimal risk to the reliability of the bulk power system for the following reasons. With regard to the 3 individuals whose access was not revoked within 7 days of no longer requiring access to CCAs, it was noted that the individuals' primary work facility included a terminal for URE-MRO1's Energy Management System and on January 22, , the terminal was removed from the facility, and the individuals could no longer physically or electronically access the CCA.

Additionally, MRO did not find any additional instances of access being revoked without the Access List being updated within the required 7 day or 24 hour time frames and URE-MRO1 provided evidence of conducting quarterly reviews of the Access List. Finding: MRO determined that the violations posed minimal risk to the reliability of the bulk power system because even though there was no evidence that the SCADA vendor personnel received cyber security training or were on the authorized access list, the vendor personnel had received cyber security training from their employer and URE-MRO2 closely monitored the SCADA vendor personnel while on-site and during remote interactive troubleshooting sessions.

NP February 23, Issue: Unidentified Registered Entity URE self reported that it had not performed a fourth quarter review of the list of individuals having key cards granting authorized unescorted physical access to Critical Cyber Assets. URE also had not conducted third and fourth quarter review of a key manifest. RFC determined the violation did not pose a serious or substantial risk to the reliability of the bulk power system.

The NERC Board of Trustees Compliance Committee considered the following in determining the penalty: the violation of CIP R4 was a repeat occurrence, which was an aggravating factor since URE completed a mitigation plan associated with the previous violation that should have prevented a reoccurrence; URE was cooperative during the compliance enforcement process; URE's compliance program; there was no evidence of any attempt or intent to conceal a violation; and there were no additional mitigating or aggravating factors that would affect the penalty amount.

Issue: In September , a Registered Entity self-reported that it provided three employees who were granted unescorted physical access to the Critical Cyber Assets with physical cardkey access to its Physical Security Perimeter, even though it had not conducted backgrounds checks on those employees within the seven-year time frame as required. FRCC found that the CIP violation did not constitute a serious or substantial risk to bulk power system reliability since the Registered Entity had actually previously conducted personnel risk assessments on the relevant employees even though the assessments were no longer up to date.

Article 72 Public records

In addition, the relevant employees were all long-term employees who had access to the Physical Security Perimeter before the Reliability Standards came into effect. In approving the settlement agreement, NERC considered the fact that these were the Registered Entity's first violations of the relevant Reliability Standards; the Registered Entity self-reported some of the violations; the Registered Entity was cooperative during the enforcement process and did not conceal the violations; there was a compliance program in place; and there were no additional mitigating or aggravating factors.

Violation Risk Factor: Medium R4. RFC also found that the URE failed to ensure that all personnel with access to Critical Cyber Assets were trained within 90 days of being granted that access and the URE did not maintain documentation of annual training for 47 out of 83 personnel R2. Further, RFC found that the URE failed to conduct PRAs for 21 of its 83 employees, contractors and service providers who had authorized cyber or authorized unescorted physical access within 30 days of the employees, contractors and service providers being granted such access R3.

The URE also failed to update its master list of personnel with authorized cyber or unescorted physical access rights to a Critical Cyber Asset within seven days of granting access to the contract employee R4. In reaching this determination, the NERC BOTCC considered the following facts, among others: the violations constituted the URE's first violation of the subject NERC Reliability Standards; the URE self-reported 11 of the 16 violations; the URE cooperated during the compliance enforcement process; the URE's compliance program; the URE did not attempt to conceal a violation or intend to do so; the violation did not create a serious or substantial risk to the bulk power system; and there were no other mitigating or aggravating factors or extenuating circumstances.

In reaching this determination, the NERC BOTCC considered the following facts, among others: the violations constituted the URE's first violations of the subject NERC Reliability Standard; the URE self-reported the violations; the URE cooperated during the compliance enforcement process; the URE's compliance program; the violations did not create a serious or substantial risk to the bulk power system; and there were no other mitigating or aggravating factors or extenuating circumstances.

In reaching this determination, the NERC BOTCC considered the following facts, among others: the violation sconstituted the URE's first violations of the subject NERC Reliability Standard; the URE self-reported the violations; the URE cooperated during the compliance enforcement process; the URE's compliance program; the violations did not create a serious or substantial risk to the bulk power system; and there were no other mitigating or aggravating factors or extenuating circumstances.

Issue: With respect to the first violation of CIP, Unidentified Registered Entity URE self-reported that its personnel access list for contract and service personnel with unescorted physical access to Critical Cyber Assets was not complete because it did not include a list of personnel from its provider of secure hosting facilities for URE's Critical Cyber Assets. URE self-reported prior to R4 becoming enforceable.

Duration of violation was from July 1, , when the Standard became enforceable, through July 28, , when the violation was mitigated. With respect to the second violation, URE self-reported that its procedures were not sufficient to ensure that its access lists of personnel who have Critical Cyber Asset access are updated within the required seven calendar days, and on four occasions the access lists were not updated within the time required.

Duration of violation was from August 18, through February 13, , when the violation was mitigated.

Finding: FRCC Enforcement determined that the violation did not create a serious or substantial risk to the bulk power system because 1 with respect to the first violation, the secure hosting facilities of the provider at issue are located at a major telecommunication company's facility, protected by armed security, electronic access control and video monitoring; and 2 with respect to the second violation, URE revoked or suspended access prior to updating the access list s , so no personnel had access that should not have had such access.

Further, the NERC Board of Trustees Compliance Committee concluded the penalty appropriate because, with one exception, this was URE's first violation of the Standards, URE self reported several of the violations, numerous violations of a single standard were considered to be four instances of a single violation as opposed to separate violations, and URE was cooperative during the investigation. WECC determined URE had not established a training program for personnel with authorized access to Critical Cyber Assets and consequently did not maintain a corresponding training record in violation of R2.


  • corey russ warrant for arrest hagerstown maryland.
  • finding someone by there cellphone number?
  • Lawyer for Record Seals in El Paso County, CO;
  • montgomery county pennsylvania public records search!
  • Background?

URE also did not have a personnel risk assessment program and did not conduct appropriate background checks per R3. Finding: The violations of R2 and R3 posed a moderate threat to the reliability of the bulk power system BPS because, even though URE is a small entity and did have a cyber security policy and a list of critical facilities in place, it did not have a training program for personnel with authorized access to the Critical Cyber Assets and did not have a compliant personnel risk assessment program that included background checks for personnel that had access to Critical Cyber Assets.

The violation of R4 did not pose a serious or substantial risk to the BPS because URE had security procedures such as card readers and security guards in place to control access to Critical Cyber Assets. NP February 28, Issue: The entity self-reported that pursuant to its quarterly review of the list of personnel with unescorted physical access to the System Operations Control Room, its systems operations personnel identified 6 employees as no longer requiring access.

They notified security via a paper request to revoke access, of which security confirmed receipt. However, security did not revoke access within 7 days as required by R4. Duration of violation was May 14, through June 4, Finding: NPCC determined this violation posed a minimal risk to the reliability of the bulk power system because there were no attempts to access either the physical security perimeter or the electronic security perimeter due to the lapse, and the issue was discovered in less than three weeks during regular review of access.

How to "seal" criminal records in Colorado: eligibility, process, timeframe

Issue: The entity self-reported that one employee with authorized unescorted physical access, retired but the authorized unescorted physical access rights for this employee were not revoked within the 7 calendar day requirement. In addition, the list of personnel with access to Critical Cyber Assets was updated outside the 7 calendar day requirement. Duration of violation was March 7, through March 9, Finding: TRE determined that the violation posed a minimal risk to the reliability of the bulk power system because the employee never accessed the privileges after his voluntary retirement date and only had physical not cyber access.

NP March 30, Issue: Prior to the effective date of the Standard, URE self-reported that it would not be compliant with R2 through R4 at the time the Standard became effective because it did not have 1 a cyber security training program that met the requirements of R2; 2 a personnel risk assessment for personnel with authorized cyber or unescorted physical access to critical cyber assets as required by R3; or 3 lists of personnel with authorized cyber or unescorted physical access as required by R4.

URE had hired an independent contractor to review its compliance and assist with mitigation. Duration of violation was July 1, , when the Standard became enforceable for Table 1 entities, through December 16, , when the violations were mitigated. Finding: WECC Enforcement determined that the violations did not pose a serious or substantial risk to the bulk power system, even though the settlement agreement assessed the violation as a high risk.

http://john-und.sandra-gaertner.de/life-sucks-so-have-at-it.php In reaching this determination, the NERC BOTCC considered the following facts, among others: the violations constituted URE's first violations of the subject NERC Reliability Standard; URE self-reported some of the violations; URE cooperated during the compliance enforcement process; URE's compliance program; URE did not attempt to conceal a violation or intend to do so; the violations did not create a serious or substantial risk to the bulk power system; and there were no other mitigating or aggravating factors or extenuating circumstances.

Issue: During a spot check, SERC found that at least one of the Unidentified Registered Entity's URE employees who had authorized cyber access had not fulfilled his annual cyber security training requirement according to the timeframe specified in the URE's cyber security training procedures R2. In addition, in August , the URE self-reported that one of its employees who had authorization for unescorted physical access to a Critical Cyber Asset within the physical security perimeter had not been given cyber security training within 90 days of being granted access, as required R2.

SERC found that the violations constituted only a minimal risk to bulk power system reliability since all existing employees received their initial cyber security training in May and then again in June And, while there was a two-year period without annual training, there were no known instances that result from the lack of cyber security training.

In addition, the one relevant employee who did not receive the initial cyber security training, all other new employees received the mandated cyber security training within 90 days of obtaining access to the Critical Cyber Assets. For that one relevant employee who only had physical access rights , the employee was never alone in the physical security boundary and had already received a personnel risk assessment. The duration of the violations was from July 1, through June 18, for R2.

In determining the penalty amount, NERC considered the fact that these were the URE's first violations of the relevant Reliability Standards; one of the violations was self-reported; there was a compliance program in place even though this was only evaluated as a neutral factor ; the URE was cooperative during the enforcement process and did not attempt to conceal the violations; and there were no additional mitigating or aggravating factors.

In addition, during a spot check, RFC found that the UREs were not properly maintaining the lists of personnel who possessed authorized cyber access or unescorted physical access to the Critical Cyber Assets. With regard to the CIP R2 sub-requirement 2. The relevant contractors also had their access privileges revoked until they completed the needed training. Regarding the CIP R3 violations, RFC found that the violations did not constitute a serious or substantial risk to bulk power system reliability since the access records demonstrated that all of the locations accessed by the relevant contractors had a series of security measures in place to monitor individual's movements.

For the CIP R4 violations, RFC found that the violations did not constitute a serious or substantial risk to bulk power system reliability since the relevant personnel had already received cyber security training and a personnel risk assessment. In determining the penalty amount, NERC considered the fact that these were the UREs' first violations of the relevant Reliability Standards; some violations were self-reported, while others were revealed during an RFC spot check; the UREs were cooperative during the enforcement process and did not attempt to conceal the violations; the UREs had a compliance program in place which was evaluated as a mitigating factor ; the mitigation plan for CIP R3 violation was completed late; and there were no additional mitigating or aggravating factors.

Moreover, the one employee at issue was a long-term employee in good standing and had a background check when hired. Finding: WECC Enforcement determined the violation did not pose a serious or substantial risk to the Bulk Power System because the individual that did not receive annual cyber security training had been trained on cyber security, and the person's authorized access was revoked within 72 hours of the missed annual training deadline.

Moreover, URE conducted personnel risk assessments on all covered personnel according to an informal revised policy that had not been incorporated into the formal, documented program. NP March 31, Issue: URE self-reported that a retired employee had indirect cyber-access to certain Critical Cyber Assets for several months after his last day of employment before access was revoked. Duration of violation was February 6, through April 5, , when access was revoked.

Finding: TRE Enforcement determined that the violation did not pose a serious or substantial risk to the bulk power system because the inappropriate access was indirect and would have required Control Room Operator approval to use, and TRE was able to determine by review of control room logs that the retired employee had not accessed any systems after his retirement.

admin