Southern Company Services Inc., Alabama Power Company, Georgia Power Company, Gulf Power Company, Mississippi Power Company, Southern Power Company; Notice of Audit Report Issuance and Invitation To Comment, 77665-77678 [E8-30143]

Agencies

• DEPARTMENT OF ENERGY
• Federal Energy Regulatory Commission

[Federal Register Volume 73, Number 245 (Friday, December 19, 2008)]
[Notices]
[Pages 77665-77678]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: E8-30143]



[[Page 77665]]

-----------------------------------------------------------------------

DEPARTMENT OF ENERGY

Federal Energy Regulatory Commission

[Docket Nos. PA08-6-000; EL05-102-000; EL05-104-000; ER03-713-000]


Southern Company Services Inc., Alabama Power Company, Georgia 
Power Company, Gulf Power Company, Mississippi Power Company, Southern 
Power Company; Notice of Audit Report Issuance and Invitation To 
Comment

December 12, 2008.
    On October 5, 2006, the Commission issued an Order on Settlement 
(Settlement Order) accepting in part and rejecting in part an Offer of 
Settlement (Settlement Offer) submitted by the settling parties \1\ in 
Docket No. EL05-102-000, et al.\2\ The Settlement Order required 
numerous modifications to the Settlement Offer intended to provide 
immediate benefits to consumers and competitors that operate in the 
Southern region.
---------------------------------------------------------------------------

    \1\ Southern Company Services, Inc. (acting for itself and as 
agent for Alabama Power Company, Georgia Power Company, Gulf Power 
Company, Mississippi Power Company, Savannah Electric and Power 
Company, and Southern Power Company, collectively Southern Company), 
Calpine Corporation, Coral Power, LLC, and the Board of Water, Light 
and Sinking Fund Commissioners of the City of Dalton (collectively 
the settling parties).
    \2\ Southern Company Services, Inc., 117 FERC ] 61,021 (2006).
---------------------------------------------------------------------------

    The Settlement Order also directed the Office of Enforcement to 
conduct an audit of the Southern Operating Companies (Alabama Power 
Company, Georgia Power Company, Gulf Power Company, Mississippi Power 
Company, and Southern Power Company (Southern Power)) to: (1) ensure 
that the Southern Operating Companies are fully complying with all the 
conditions set forth in the Settlement Order, and (2) determine whether 
the conditions imposed there were sufficient to address any remaining 
opportunities for affiliate abuse under the Intercompany Interchange 
Contract (IIC) related to Southern Power.\3\
---------------------------------------------------------------------------

    \3\ Settlement Order at P 60.
---------------------------------------------------------------------------

    In the Settlement Order, the Commission advised that it will notice 
the audit report for comment and, after considering the comments on it, 
determine what, if any, further action is appropriate.\4\ The 
Commission added that if affiliate abuse concerns remain, it would 
either set such concerns for hearing or require further changes 
immediately.\5\ The Office of Enforcement has recently completed its 
audit report. A copy of the report is attached to this Notice.
---------------------------------------------------------------------------

    \4\ Id.
    \5\ Id.
---------------------------------------------------------------------------

    All interested persons desiring to comment on what, if any, further 
action is appropriate on the matters addressed by the audit report, 
including the IIC and remaining opportunities for affiliate abuse, may 
file written comments on or before January 12, 2009. After reviewing 
these comments, the Commission will determine whether further action is 
appropriate.
    The Commission encourages electronic submission of comments in lieu 
of paper using the ``eFiling'' link at https://www.ferc.gov. Persons 
unable to file electronically should submit an original and 14 copies 
of the comments to the Federal Energy Regulatory Commission, 888 First 
Street, NE., Washington, DC 20426.
    Comment Date: 5 pm Eastern Time on January 12, 2009.

Kimberly D. Bose,
Secretary.

Federal Energy Regulatory Commission

Audit Report of Southern Company's

     Compliance with the Conditions Imposed by the Commission 
in Docket No. EL05-102-000, et al., and
     Remaining Opportunities for Affiliate Abuse related to 
Southern Power under the Intercompany Interchange Contract

Docket No. PA08-06-000

December 12, 2008.

Office of Enforcement

Division of Audits

Table of Contents

I. Executive Summary
    A. Overview
    B. Southern Company
    C. Summary of Commission Proceedings in Docket No. EL05-102 et 
al.
    D. Summary of Compliance Findings
    E. Summary of Recommendations and Corrective Actions Taken
II. Southern Company's Compliance With Commission Orders
III. Introduction
    A. Objectives
    B. Scope and Methodology
IV. Findings and Recommendations
    1. Electronic Separation
    2. Employee Separation
    3. Posting of Separation Protocol Violations on OASIS
V. Southern Companies Response on the Draft Audit Report--Appendix A

I. Executive Summary

A. Overview

    On October 5, 2006, the Commission issued an Order on Settlement 
(Settlement Order) accepting in part and rejecting in part an Offer of 
Settlement (Settlement Offer) submitted by the settling parties \6\ in 
Docket No. EL05-102-000, et al.\7\ The Settlement Order required 
numerous modifications intended to provide immediate benefits to 
consumers and competitors that operate in the Southern region. The 
Settlement Order also directed the Division of Audits (DA) within the 
Office of Enforcement (OE) to conduct an audit of the Southern 
Operating Companies (Alabama Power Company, Georgia Power Company, Gulf 
Power Company, Mississippi Power Company, and Southern Power Company 
(Southern Power)) to: (1) Ensure that the Southern Operating Companies 
are fully complying with all the conditions set forth in the order, and 
(2) determine whether the conditions imposed therein were sufficient to 
address any remaining opportunities for affiliate abuse under the 
Intercompany Interchange Contract (IIC) related to Southern Power.
---------------------------------------------------------------------------

    \6\ Southern Company Services, Inc. (acting for itself and as 
agent for Alabama Power Company, Georgia Power Company, Gulf Power 
Company, Mississippi Power Company, Savannah Electric and Power 
Company, and Southern Power Company, collectively Southern Company), 
Calpine Corporation, Coral Power, LLC, and the Board of Water, Light 
and Sinking Fund Commissioners of the City of Dalton (collectively 
the settling parties).
    \7\ Southern Company Services, Inc., 117 FERC ] 61,021 (2006).
---------------------------------------------------------------------------

    The Southern Operating Companies made a compliance filing on 
November 6, 2006, notifying the Commission that they had implemented 
the modifications required by the Settlement Order. The Southern 
Operating Companies also provided a projected implementation schedule 
reflecting the compliance efforts to date and a seven-month timeline to 
complete the remaining compliance milestones. The Commission accepted 
the compliance filing on April 19, 2007 (Acceptance Order), subject to 
further modifications to the IIC, Separation of Functions and 
Communications Protocol (Separation Protocol), and Generator Support 
Service Tariff (GSS Tariff).\8\ The Commission required the Southern 
Operating Companies to fully implement all the compliance efforts 
included in its implementation schedule within seven months from the 
issuance of the Acceptance Order. The Commission also directed OE to 
monitor the Southern Operating Companies' implementation progress and, 
once the implementation is complete, to commence its audit and finish 
the audit within 12 months. The Southern Operating Companies completed 
the implementation on November 16, 2007, and filed a Notice of 
Completion with

[[Page 77666]]

the Commission. The Commission accepted the Southern Operating 
Companies' Notice of Completion on January 11, 2008.\9\ OE commenced 
the audit of the Southern Operating Companies on November 19, 2007.
---------------------------------------------------------------------------

    \8\ Southern Company Services, Inc., 119 FERC ] 61,065 (2007).
    \9\ Southern Company Services, Inc., Docket Nos. EL05-102-005 
and EL05-102-006 (January 11, 2008) (unpublished letter order).
---------------------------------------------------------------------------

    OE has completed its audit of the Southern Operating Companies. The 
audit examined whether the Southern Operating Companies are fully 
complying with the modifications the Commission set forth in the 
Settlement and Acceptance Orders and whether the conditions imposed 
therein are sufficient to address any remaining opportunities for 
affiliate abuse under the IIC related to Southern Power. The audit 
covered the period from November 19, 2007 through August 29, 2008.
    Audit staff concluded that the Southern Operating Companies 
properly implemented the modifications and generally complied with the 
conditions imposed by the Commission in the Settlement and Acceptance 
Orders. However, audit staff determined that Southern Company should 
implement additional corrective actions to prevent the potential for 
Southern Power employees to access non-public market information. 
Moreover, Southern Company should follow the Commission's and its 
company's policies for posting non-public market information on its 
Open Access Same-Time Information System (OASIS). OE's audit findings 
and recommendations are summarized below in sections D and E of this 
audit report (report), and discussed comprehensively in section IV of 
this report.
    Audit staff's conclusions are based on evidence obtained through 85 
employee interviews, four face-to-face meetings, weekly phone 
conferences, four site visits, facility inspections, extensive data 
inquiries and examinations, and review of approximately 7,000 e-mails 
and 2,800 voice recordings.

B. Southern Company

    Southern Company is an electric utility holding company and the 
parent company of the Southern Operating Companies, Southern Company 
Services, Inc., and other direct and indirect subsidiaries. The primary 
business of Southern Company is the supply and sale of electricity in 
the Southeast region of the United States. Southern Power, a wholesale 
energy provider, constructs, acquires, and manages generation assets in 
the wholesale market, where it sells electricity at market-based rates. 
Southern Power is the large wholesale energy provider in the Southeast, 
owning and operating more than 6,500 megawatts of generating assets. 
The other Southern Operating Companies are vertically integrated 
utilities that provide electric service in the states of Alabama, 
Georgia, Florida, and Mississippi.
    Southern Company Services, Inc. is a centralized service company 
which provides various services, at cost, to the Southern Operating 
Companies and its subsidiaries. For example, Southern Company Services, 
Inc. acts as agent to the Southern Operating Companies for 
administering and carrying out the operational activities under the IIC 
and for the sale of wholesale power at market-based rates. Southern 
Company Services, Inc. also acts as agent to the Southern Operating 
Companies for providing transmission service under Southern Company's 
OATT. Further, Southern Company Services, Inc. enters into gas purchase 
and sales agreements, and transportation and storage contracts, as 
agent on behalf of the Southern Operating Companies.
    The Southern Operating Companies function as an integrated public 
utility system through the joint commitment and economic dispatch of 
their generating resources to meet their collective load obligations. 
The integrated operation of their respective electric generating 
facilities and system operations (generally referred to as the pool) is 
governed by the IIC, which is a rate schedule on file with the 
Commission pursuant to the Federal Power Act.\10\ The IIC provides for 
the coordinated and integrated operation of the generating facilities 
and resources owned, contractually controlled, and operated by the 
Southern Operating Companies, as well as the pooling of surplus energy 
for short-term wholesale energy sale opportunities. In essence, the 
IIC: (1) Specifies the types of transactions involved in system 
operations; (2) provides for the sharing of the benefits and burdens 
associated with the operation of facilities that are used for the 
mutual benefit of the Southern Operating Companies; and (3) provides 
guidance for pool operations. Southern Company Services, Inc. operates 
the pool in accordance with the IIC using a centralized economic 
dispatch model to serve the obligations of the Southern Operating 
Companies with the lowest cost resources while at the same time 
reliably operating the interconnected system. Any energy generated in 
excess of these obligations becomes available to the pool for making 
short-term wholesale energy sales to third parties on behalf of the 
Southern Operating Companies. Southern Company Services, Inc. is 
responsible for billing the Southern Operating Companies for 
transactions and services under the IIC on a monthly basis.
---------------------------------------------------------------------------

    \10\ Second Revised Rate Schedule FERC Number 138.
---------------------------------------------------------------------------

    The Southern Operating Companies also make wholesale sales at 
market-based rates, pursuant to market-based rate tariffs, which 
include a code of conduct and a Separation Protocol. The code of 
conduct provides important protections concerning the business 
relationship amongst the Southern Operating Companies and marketing 
affiliates with market-based rate authority. The Separation Protocol 
places protections between Southern Power and the other Southern 
Operating Companies in the codes of conduct. Specifically, the 
Separation Protocol requires the functional separation of the wholesale 
activities that Southern Power carries out for the sole benefit of its 
shareholders from the activities of the other Southern Operating 
Companies. Further, the Separation Protocol allows Southern Power to 
use employees of Southern Company Services, Inc. or any other affiliate 
as long as those employees are dedicated exclusively to Southern Power. 
Southern Power is also permitted to use shared support employees as 
long as it does so consistent with the independent functioning 
requirements of the Standards of Conduct.\11\ In addition, the 
Separation Protocol contains other restrictions designed to protect 
against Southern Power's physical and electronic access to non-public 
market information, receiving preferential treatment with regard to the 
purchase or sale of transmission service or electric energy, and abuses 
related to the purchase or the sale of non-power goods and services.
---------------------------------------------------------------------------

    \11\ 18 CFR 358.4(a)(5)(2008).
---------------------------------------------------------------------------

C. Summary of Commission Proceedings in Docket No. EL05-102 et al.

    Southern Power is a wholly-owned subsidiary of Southern Company and 
affiliate of the other Southern Operating Companies. Southern Power is 
a competitive generation provider that does not have a franchised 
obligation to serve at retail. In this capacity, it raises several 
regulatory concerns, which were described by the Commission in the 
Settlement Order. As the Commission explained therein, when a 
competitive affiliate is a member of a power pool with its regulated 
operating company

[[Page 77667]]

affiliates, an incentive exists for the regulated affiliates to 
subsidize the sales of the competitive affiliate to benefit their 
mutual shareholders.\12\ Second, when Southern Power sells power to 
other Southern Operating Companies, there is a concern that the 
competitive affiliate not be granted an undue preference.\13\ When the 
competitive affiliate sells to a regulated affiliate, the Commission's 
concern is that the price not be set too high.\14\ Conversely, when the 
regulated affiliate sells to a competitive affiliate, the Commission's 
principal concern is that the price not be set too low.\15\ When sales 
are made to third parties, the Commission's principal concern is that 
the regulated Southern Operating Companies continue to compete for such 
sales rather than favoring sales by Southern Power.\16\ Finally, the 
Commission expressed concerns that the integration of the companies 
created by the pool could lead to potential violations of the Standards 
of Conduct and hence the obligation to provide transmission service on 
a nondiscriminatory basis.\17\ Together, these concerns form the basis 
for the conditions and modifications the Commission imposed on Southern 
Company that is the subject of this audit.
---------------------------------------------------------------------------

    \12\ Settlement Order, 117 FERC ] 61,021 at P 31.
    \13\ Id. at P 38.
    \14\ Id.
    \15\ Id. at P 43.
    \16\ Id. at P 47.
    \17\ Id. at P 51.
---------------------------------------------------------------------------

    The proceeding in Docket No. EL05-102-000 began on May 5, 2005, 
when the Commission instituted an investigation to determine whether 
the role of Southern Power in Southern Company's pool continued to be 
appropriate and consistent with the Commission's regulations and 
precedents regarding affiliate abuse.\18\ Specifically, the Commission 
set for hearing the following issues: (1) The justness and 
reasonableness of the IIC, including the justness and reasonableness of 
Southern Power's inclusion in the pool and whether such inclusion 
involves undue preference and undue discrimination that adversely 
affected wholesale competition and wholesale customers in the 
Southeast; (2) whether any of the Southern Operating Companies had 
violated or were violating the Commission's Standards of Conduct which 
were in effect at the time; and (3) whether the Southern Operating 
Companies' Code of Conduct was just and reasonable and whether the Code 
of Conduct should continue to define Southern Power as a ``system 
company.''
---------------------------------------------------------------------------

    \18\ Southern Company Services, Inc., 111 FERC ] 61,146 (Hearing 
Order), clarified, 112 FERC ] 61,015 (2005).
---------------------------------------------------------------------------

    On April 11, 2006, Southern Company Services, Inc., on behalf of 
the Southern Operating Companies, filed the Settlement Offer to resolve 
the regulatory proceedings in Docket No. EL05-102 and other related 
proceedings. The purpose of the Settlement Offer was to resolve all 
allegations that the IIC and certain other aspects of the Southern 
Operating Companies' structure and operations provided Southern Power 
with an undue preference over non-affiliated power suppliers. The 
Settlement Offer also encompassed other measures that the Southern 
Operating Companies were planning to implement in response to 
allegations that their operations improperly favored affiliates. On 
October 5, 2006, the Commission issued its Settlement Order, which 
accepted in part and rejected in part the Settlement Offer.\19\ The 
Commission explained that the Settlement Offer did not adequately 
protect customers against affiliate abuse. As a result, the Commission 
ordered the Southern Operating Companies to make significant changes to 
the Settlement relating to the IIC, Separation Protocol, and GSS 
Tariff, to adequately protect customers from affiliate abuse in the 
sale of wholesale power and the provision of transmission service. In 
the Settlement Order, the Commission directed the OE to conduct an 
audit of Southern Power and its regulated Operating Company affiliates. 
Further, the Commission advised that it will notice the audit report 
for comment and after considering the comments on it, determine what 
further action is appropriate.\20\ Moreover, the Commission stated that 
if affiliate abuse concerns remained, it will either set such concerns 
for hearing or require further changes immediately. Lastly, the 
Commission advised that it would keep the section 206 investigation 
open until receiving the audit, any public comments on it, and 
determine what further action is appropriate in this docket.
---------------------------------------------------------------------------

    \19\ Settlement Order at P 3.
    \20\ Settlement Order at P 60.
---------------------------------------------------------------------------

    On November 6, 2006, Southern Company Services, Inc., acting as 
agent for the Southern Operating Companies, submitted a modified 
compliance filing, as directed by the Settlement Order. The compliance 
filing included the required amendments to the IIC, Separation 
Protocol, and GSS Tariff, as well as a projected implementation 
schedule outlining the actions taken to date and the expected timeframe 
for implementing the Separation Protocol over a seven-month period. On 
April 19, 2007, the Commission issued an Acceptance Order, which 
accepted the modified compliance filing and projected implementation 
schedule, but directed a further compliance filing be made.\21\ On May 
18, 2007, Southern Company Services, Inc. filed a revised compliance 
filing in Docket No. EL05-102-003, as directed by the Commission in its 
Acceptance Order. The Commission accepted, by delegated authority, this 
revised compliance filing with minor modifications on July 16, 
2007.\22\ On August 13, 2007, Southern Company Services, Inc. filed 
these minor modifications in Docket No. EL05-102-004, which the 
Commission accepted by delegated authority on September 12, 2007.\23\
---------------------------------------------------------------------------

    \21\ Acceptance Order, at P. 2.
    \22\ Southern Company Services, Inc., Docket No. EL05-102-003 
(July 16, 2007) (unpublished letter order).
    \23\ Southern Company Services, Inc., Docket No. EL05-102-004 
(September 12, 2007) (unpublished letter order).
---------------------------------------------------------------------------

    On November 16, 2007, Southern Company Services, Inc. filed, on 
behalf of the Southern Operating Companies, a Notice of Completion and 
Conformed Compliance Filing in connection with the Settlement and 
Acceptance Orders. The Southern Operating Companies stated that the 
implementation of the requirements set forth in the Settlement and 
Acceptance Orders was complete. Moreover, the Southern Operating 
Companies submitted an effective conformed version of the Separations 
Protocol. The filing also conformed the definition of ``market 
information'' used in the Separation Protocol and IIC to the definition 
of that term established by the Commission in Order No. 697.\24\ The 
Southern Operating Companies requested that the Commission accept the 
Order No. 697 conformed rates for filing.\25\ The Southern Operating 
Companies later determined that the November 16, 2007 filing should not 
have included the section 205 request that the definition of ``market 
information'' established by the Commission in Order No. 697 apply to 
that same term as used in the Southern Operating Companies' Separation 
Protocol. Accordingly, on December 4, 2007, the Southern Operating 
Companies amended its Notice of Completion filing to remove the section

[[Page 77668]]

205 aspect of its submission. On January 11, 2008, the Commission, by 
delegated authority, accepted the Southern Operating Companies' Notice 
of Completion and the Separation Protocol with an effective date of 
November 19, 2007.\26\
---------------------------------------------------------------------------

    \24\ Market-Based Rates for Wholesale Sales of Electric Energy, 
Capacity and Ancillary Services by Public Utilities, Order No. 697, 
FERC Stats. & Regs. ] 31,252, clarified, 121 FERC ] 61,260 (2007), 
order on reh'g, Order No. 697-A, 73 Fed. Reg. 25,832 (May 7, 2008), 
FERC Stats. & Regs. ] 31,268 (2008).
    \25\ Southern Company Services' November 16, 2007 transmittal 
letter, page 1.
    \26\ Southern Company Services, Inc., Docket Nos. EL05-102-005 
and EL05-102-006 (January 11, 2008) (unpublished letter orders).
---------------------------------------------------------------------------

    On November 19, 2007, OE commenced the audit of the Southern 
Operating Companies in Docket No. PA08-6-000.

D. Summary of Compliance Findings

    Although audit staff determined that the Southern Operating 
Companies generally complied with the conditions in the Settlement and 
Acceptance Orders, audit staff identified three areas where the 
Southern Operating Companies should strengthen and further its 
compliance measures related to electronic separation, employee 
separation, and posting of Separation Protocol violations on OASIS.\27\ 
Below is a summary of audit staff's compliance findings. A more 
detailed discussion of audit staff's compliance findings is included in 
section IV.
---------------------------------------------------------------------------

    \27\ The time frame for the audit covers a period prior to the 
effective date of Order No. 717. Therefore, the audit measures 
compliance with then-existing regulations. The Commission recently 
changed certain posting requirements for Standards of Conduct 
regulations (see Standards of Conduct for Transmission Providers, 
Order No. 717, 125 FERC ] 61,064 (2008).
---------------------------------------------------------------------------

     Electronic Separation--Although Southern Company 
implemented electronic controls to prevent Southern Power employees 
from accessing non-public market information, audit staff detected some 
gaps in the controls that potentially provided Southern Power employees 
with access to non-public market information. Specifically, a Southern 
Power employee was able to breach Southern Company's network access 
restrictions through a non-Southern Power computer workstation and the 
wireless network. Additionally, Southern Company did not have adequate 
procedures in place to review for non-public market information 
available through: (1) Personal network drives of employees who 
transferred jobs and (2) files transferred to shared network drives by 
non-Southern Power employees.
     Employee Separation--Audit staff observed an employee 
performing transmission activities that support the long-term wholesale 
energy transactions of Southern Power, while at the same time 
performing transmission and energy trading activities that support the 
short-term wholesale energy transactions made by the pool on behalf of 
the Southern Operating Companies. Audit staff believes that Southern 
Company should dedicate separate employees to perform the transmission 
activities supporting Southern Power's long-term wholesale energy 
transactions and the transmission activities supporting the short-term 
wholesale energy transactions made for the pool on behalf of the 
Southern Operating Companies to prevent the potential for any undue 
preference.
     Posting of Separation Protocol Violations on OASIS--
Southern Company did not immediately post, date, and time stamp all the 
postings it made to OASIS in accordance with the Commission's Standards 
of Conduct requirements in effect during the audit period.

E. Summary of Recommendations and Corrective Actions Taken

    Audit staff provides the following recommendations to ensure 
adequate corrective actions are taken by Southern Company to address 
the remaining opportunities for potential affiliate abuse under the IIC 
related to Southern Power.
     Create procedures for reviewing files posted to Southern 
Power shared drives by non-Southern Power employees for non-public 
market information. Additionally, create procedures for reviewing the 
personal network drives of all employees who transfer into Southern 
Power for non-public market information. For each review, remove all 
files that contain non-public market information from the personal 
network drive of the transferred employee.
    On November 14, 2008, Southern Company implemented new policies 
governing the monitoring and review of Southern Power shared drives and 
the personnel network drives of employees transferring into Southern 
Power.
     Perform periodic reviews to ensure that Southern Power 
employees do not have access rights to applications, databases, and 
shared network drives containing non-public market information. 
Additionally, these periodic reviews should include testing of the 
segmented network to determine whether Southern Power employees can 
bypass the segmented network and potentially access non-public market 
information.
    On November 14, 2008, Southern Company implemented new procedures 
requiring a periodic review of Southern Power shared drives and 
periodic testing of the segmented network.
     Add the ``SPC'' designator to Southern Power employee 
names in Cool Compliance, as is already done in the Global Address List 
for e-mails, to spotlight a Southern Power employee having access 
rights granted in Cool Compliance.\28\
---------------------------------------------------------------------------

    \28\ Cool Compliance is a computer application originally 
created to maintain Sarbanes-Oxley controls, which Southern Company 
also adopted as a tool to provide a consistent automated process for 
evaluating and managing access requests.
---------------------------------------------------------------------------

    On November 10, 2008, Southern Company informed audit staff that it 
will identify and label all Southern Power employees in Cool 
Compliance. However, Southern Company did not provide an implementation 
date.
     Dedicate employees performing transmission activities that 
support Southern Power's long-term wholesale energy transactions solely 
to Southern Power.
    On November 7, 2008, Southern Company informed audit staff that it 
transferred the responsibilities associated with the procurement of 
transmission service for Southern Power's long-term wholesale energy 
transactions to Southern Power.
     Post all violations of the Separation Protocol 
immediately, in accordance with the Standards of Conduct at 18 CFR 
358.5(b)(3). In addition to the date the violation occurred, include on 
each document the date and time Southern Company posted the violation 
in accordance with the OASIS regulations at 18 CFR 37.6(g)(2).
    On November 14, 2008, Southern Company revised its Separation 
Protocol Violations Investigative Procedure to reflect that upon 
determining an actual violation has occurred, the incident must 
immediately be posted on OASIS. Further, Southern Company implemented a 
procedural change to include a date and time stamp for each document 
posted on OASIS relating to the violation.
     Strengthen procedures and controls for maintaining e-mail 
distribution lists and providing reports to Southern Power that may 
contain non-public market information. Incorporate these procedures and 
other pertinent procedural enhancements in the Separation Protocol 
compliance training program to achieve a reduction in the number of 
future violations.
    On November 14, 2008, Southern Company implemented new procedures 
requiring employees to maintain and periodically review their e-mail 
distribution lists to verify employee memberships. Further, Southern 
Company revised its Separation Protocol training regarding electronic 
communications with Southern Power employees and the development and 
maintenance of e-mail distribution lists.

[[Page 77669]]

II. Southern Company's Compliance With Commission Orders

    The Southern Operating Companies' efforts to comply with the 
Settlement and Acceptance Orders included the following activities: (1) 
Tariff modifications filed with the Commission; (2) functional 
separation through organizational restructuring, relocation of 
employees and infrastructure changes; (3) electronic access controls 
(information technology); (4) training of employees; and (5) a 
compliance filing to conform to the definition of ``market 
information'' used in the Separation Protocol and IIC to the definition 
of that term established by the Commission in Order No. 697. Further, 
the Southern Operating Companies expended almost $20 million to 
implement the modifications required by the Commission's Settlement and 
Acceptance Orders. In addition, the Southern Operating Companies 
anticipate there will be on-going costs for compliance, including the 
purchasing of equipment, additional staffing, training, and other costs 
that are difficult to quantify at this time.

Tariff Modifications

    Subsequent to the issuance of the Settlement Order, the Southern 
Operating Companies made several compliance filings, which the 
Commission has approved, that changed the tariff language of the IIC, 
Separation Protocol, and GSS Tariff to comply with the Commission's 
Settlement and Acceptance Orders.\29\ The IIC changes pertained to 
sales between the Southern Operating Companies that were outside the 
pool operating window, but less than a year in length, opportunity 
sales made on behalf of the pool members, Southern Power taking 
transmission service under the OATT, Southern Power as an Energy 
Affiliate under the Standards of Conduct in effect at the time, and 
defining ``market information'' consistently with Order No. 697.
---------------------------------------------------------------------------

    \29\ Southern Company Services, Inc., Docket No. EL05-102-003 
(July 16, 2007) (unpublished letter order); Southern Company 
Services, Inc., Docket No. EL05-102-004 (September 12, 2007) 
(unpublished letter order), Southern Company Services, Inc., Docket 
Nos. EL05-102-005 and EL05-102-006 (January 11, 2008) (unpublished 
letter order).
---------------------------------------------------------------------------

    The Separation Protocol changes pertained to broadening the 
separated functions responsibilities to any function undertaken for the 
benefit of Southern Power's shareholders (except joint economic 
dispatch and reserve sharing), prohibiting the sharing of any 
information, protecting against preferential treatment in regard to the 
purchase or sale of transmission service or electric energy between the 
Southern Operating Companies, and the pricing of non-power goods and 
services. The GSS tariff changes pertained to filing the GSS tariff 
with the Commission to provide all similarly situated merchant 
generators access to back-up power by the Southern Operating Companies, 
and requiring the just and reasonable standard, as opposed to the 
public interest standard, to govern all revisions to the GSS tariff. 
The Commission accepted all of these modifications to the IIC, 
Separation Protocol, and GSS tariff.

Functional Separation

    In addition to the tariff filings, the Southern Operating Companies 
made several organizational and structural changes to comply with the 
Settlement and Acceptance Orders. The Southern Operating Companies 
began to evaluate the measures necessary to comply with the Settlement 
Order in late 2006 and, after the Commission issued the Acceptance 
Order in April 2007, initiated the compliance effort. Based on the 
schedule accepted by the Commission, the Southern Operating Companies 
were afforded seven months to complete the functional separation of 
Southern Power, implement the required information sharing 
restrictions, and provide Separation Protocol training to its 
employees.
    Southern Company evaluated its corporate structure and made various 
organizational changes. To functionally separate Southern Power's 
wholesale activities from the other Southern Operating Companies, 
Southern Company created Southern Wholesale Energy and Southern Power 
as divisions within Southern Company Services, Inc. Southern Wholesale 
Energy, a business unit within Southern Company Services, Inc. performs 
all of the bilateral, long-term wholesale activities of the Southern 
Operating Companies, with the exception of Southern Power. Southern 
Power, as subsidiary of Southern Company performs wholesale activities 
including asset management and trading, market analysis and structure, 
generation development, and asset acquisition on behalf of its 
shareholders. Southern Power also created its own finance, accounting, 
budgeting, and compliance groups separate from the other Southern 
Operating Companies. In addition, Southern Power established separate 
officer positions, including President, Chief Commercial Officer, 
Senior Production Officer, Chief Financial Officer, and Compliance 
Officer.
    Southern Company reviewed its physical facilities and, as a result, 
relocated employees, made changes to its electronic infrastructure, and 
implemented physical access controls. Southern Company relocated 65 
Southern Power employees and 90 other Southern Operating Companies 
employees within the Birmingham, Alabama, and Atlanta, Georgia, offices 
as a result of functionally separating Southern Power from the other 
Southern Operating Companies. In Birmingham, Southern Company 
physically separated employees solely dedicated to Southern Power to a 
separate floor and developed Southern Power's own trading floor. 
Southern Power's separate floor contains its asset management and 
trading, market analysis and structure, generation development, and 
asset acquisition functions. Southern Power installed electronic card 
key access controls on this separate floor to provide access only to 
employees solely dedicated to Southern Power. Southern Company also 
implemented electronic card key access controls to restrict Southern 
Power employees' access to non-public market information in other areas 
of the building where the other Southern Operating Companies perform 
operating and trading activities. Further, Southern Company instituted 
sign-in procedures for all non-authorized visitors in these areas to 
provide extra protection. Southern Company included these same 
protections in its Atlanta facilities and the generating plants owned 
and operated by Southern Power.

Electronic Access Controls

    Southern Company conducted an extensive review of its computer and 
e-mail systems, business software applications and databases, and 
intranet sites to establish controls that prevent Southern Power 
employees from having electronic access to or receiving non-public 
market information from the other Southern Operating Companies. As a 
result of this review, Southern Company installed a segmented network 
to comply with the electronic separation requirements ordered by the 
Commission's Settlement and Acceptance Orders. The segmented network 
allows Southern Power to coexist on the same information technology 
infrastructure as the rest of Southern Company, yet at the same time 
precludes Southern Power from obtaining non-public market information 
electronically. Southern Company also created separate intranet Web 
sites for Southern Power and the other Southern Operating Companies to 
ease the burden of electronic separation

[[Page 77670]]

and Southern Power's restriction to non-public market information. 
Further, all shared drives that contain non-public market information 
are electronically protected and restrict Southern Power employees' 
access. In addition to these protective measures, Southern Company 
added an ``SPC'' notation next to the e-mail addresses of Southern 
Power employees to clearly distinguish them from non-Southern Power 
employees and avoid the inadvertent exchange of non-public market 
information.

Employee Training

    Southern Company informed audit staff that the Southern Operating 
Companies provided the Separation Protocol training required by the 
Commission's Settlement Order to over 15,000 employees. This training 
educated employees on functional separation requirements, physical 
separation requirements, ``prohibited information'' definitions, 
electronic access requirements, no conduit rules, and violation 
reporting instructions. The type of training provided (instructor-led 
or on-line) was based on the priority level of employees. Employees in 
the high priority level included employees of Southern Power, 
generation employees, transmission employees, shared support service 
employees and corporate officers of the other Southern Operating 
Companies responsible for these areas. These high priority level 
employees received instructor-led training while others participated in 
an on-line training program. Continued education and training on the 
Separation Protocol is provided on an annual basis. Additionally, 
training materials for the Separation Protocol are available on the 
intranets of both Southern Company and Southern Power.

Order No. 697 Compliance Filing

    In the Acceptance Order, the Commission directed Southern Company 
Services, Inc. to revise its Separation Protocol and IIC to prohibit 
the sharing of any market information, whether or not such information 
is public.\30\ Subsequent to the Acceptance Order, the Commission 
issued Order No. 697, which, among other things, codified a new 
definition of ``market information.'' Pursuant to the Commission's 
regulations, ``market information'' means non-public information 
related to the electric energy and power business including, but not 
limited to, information regarding sales, cost of production, generator 
outages, generator heat rates, unconsummated transactions, and 
historical generator volumes. Market information includes information 
from either affiliates or non-affiliates.\31\ This new definition not 
only provides greater specificity regarding the type of information 
falling within its scope, but also limits its application to non-public 
information.
---------------------------------------------------------------------------

    \30\ Acceptance Order at P 26.
    \31\ 18 CFR 35.36(a)(8).
---------------------------------------------------------------------------

    On December 4, 2007, Southern Company Services, Inc., on behalf of 
the Southern Operating Companies, made a section 205 filing in Docket 
No. ER08-298-000 to conform the definition of ``market information'' as 
used in the Separation Protocol and the IIC to the definition of that 
term established in Order No. 697. On January 11, 2008, the Commission 
accepted the filing.\32\
---------------------------------------------------------------------------

    \32\ See Southern Company Services, Inc., Docket No. ER08-298-
000 (January 11, 2008) (unpublished letter order).
---------------------------------------------------------------------------

Standards of Conduct Compliance

    In the Settlement Order, the Commission directed Southern Operating 
Companies to revise section 4.4 of the IIC to make clear that the IIC 
is not to serve as a means whereby transmission information is shared 
in a manner contrary to the Commission's Standards of Conduct.\33\ The 
Settlement Order also required revision of section 4.4 of the IIC to 
make clear that Southern Power is treated as an Energy Affiliate under 
the Standards of Conduct and therefore cannot receive any nonpublic 
transmission information. \34\
---------------------------------------------------------------------------

    \33\ Settlement Order, at P 55.
    \34\ The Commission recently eliminated the concept of ``energy 
affiliate'' from the Standards of Conduct regulations (see Standards 
of Conduct for Transmission Providers, Order No. 717, 125 FERC ] 
61,064 (2008).
---------------------------------------------------------------------------

    While the Commission recently revised its Standards of Conduct 
regulations, the fundamental principle prohibiting a transmission 
provider's transmission function employees from disclosing nonpublic 
transmission information (which includes customer information) to 
marketing function employees is retained. The revisions do not affect 
either Southern Operating Company's compliance with the recommendations 
regarding shared employees or the information restrictions discussed 
herein. We also note that the Southern Operating Companies are subject 
to restrictions similar to those in the Standards of Conduct 
regulations based on its market-based rate authority.\35\ In addition 
to restricting information sharing between a franchised public utility 
with captive customers and a market-regulated power sales affiliate, 
those rules contain separation of function requirements and a no 
conduit provision.
---------------------------------------------------------------------------

    \35\ 18 CFR 35.39 (2008).
---------------------------------------------------------------------------

Introduction

A. Objectives

    The primary objective of the audit was to determine whether the 
Southern Operating Companies fully complied with the conditions and 
modifications imposed by the Commission in its Settlement and 
Acceptance Orders. The audit also evaluated whether the conditions and 
modifications set forth in both orders are sufficient to address any 
remaining opportunities for affiliate abuse related to Southern Power 
under the IIC. The audit covered the period from November 19, 2007 
through August 29, 2008.

B. Scope and Methodology

    Audit staff conducted a series of reviews prior to the commencement 
of the audit to gain an understanding of Southern Company's corporate 
environment, and state and federal regulatory affairs. Audit staff also 
monitored the implementation of the modifications imposed upon the 
Southern Operating Companies by the Commission in Docket No. EL05-102-
000 through a series of phone conferences and compliance filing 
reviews. The audit activities conducted included:
     Corporate Review--Audit staff conducted a corporate review 
prior to the commencement of the audit to obtain a preliminary 
understanding of Southern Company's corporate structure, system design 
and operations, and market and financial activities. Audit staff 
reviewed publicly available materials and references including Southern 
Company's: OASIS and corporate Web sites; Federal Energy Regulatory 
Commission (FERC) Electric Quarterly Reports (EQR); FERC Forms No. 1, 
60, and 714; IIC Annual Informational Filing; Securities and Exchange 
Commission (SEC) Forms 8-K, 10-Q, and 10-K; annual stockholder reports; 
various industry Web sites; and trade press releases.
     Internal Auditor and External Accountant Review--Audit 
staff reviewed relevant audit reports and workpapers of the Southern 
Companies' internal audit department and external audit firm, Deloitte 
& Touche LLP. The audit staff also reviewed the prior SEC audit report 
relating to service company costs and revenue allocations.
     Federal Regulatory Review--Audit staff reviewed numerous 
company filings and Commission orders to obtain

[[Page 77671]]

an understanding of the issues involved in the audit, including: Docket 
Nos. EL05-102, EL05-104, and ER03-713; market-based rate tariffs and 
authorizations, including Docket Nos. ER95-1468, ER96-780, ER00-1655, 
ER03-3240, ER01-1633, and ER03-1383; and various dockets authorizing 
Southern Power to sell power to Alabama Power and Georgia Power. 
Additionally, audit staff reviewed company filings and orders relating 
to Southern Company's OATT and Order No. 697 compliance filings.
     State Regulatory Review--Audit staff performed a 
comprehensive review of each State Commission's (Georgia, Alabama, 
Mississippi, and Florida) Web site to obtain an understanding of their 
oversight responsibilities and regulatory involvement with Southern 
Company. Additionally, audit staff conducted phone conferences with 
staff at each State Commission to establish points of contact for the 
audit and to discuss its past regulatory review of Southern Company. In 
particular, audit staff inquired about each State Commission's 
compliance audits related to affiliated transactions and cross-
subsidization, their understanding and review of the terms and 
conditions of the IIC and related billing process, and their 
involvement in solicitation of competitive bids for generation 
suppliers.
     Monitoring of Compliance Implementation--To ensure that 
Southern Company adhered to the Commission-approved compliance 
implementation schedule, audit staff monitored Southern Company's 
progress prior to the audit. Specifically, audit staff reviewed 
compliance filings made with the Commission by Southern Company 
Services, Inc. on behalf of the Southern Operating Companies. Further, 
audit staff held three phone conferences with Southern Company 
regarding the status and completion of its projected compliance 
implementation plan before the commencement of the audit on November 
19, 2007.
    Audit staff also reviewed specific areas related to the objectives 
of the audit and conducted testing in those areas to evaluate the 
Southern Operating Companies' compliance with the conditions imposed by 
the Settlement and Acceptance Orders, and whether those conditions were 
sufficient to address any remaining opportunities for affiliate abuse 
by Southern Power under the IIC. Audit staff held regular conference 
calls and formal meetings with Southern Company, and performed three 
site visits at Southern Company's facilities in Birmingham, Alabama, 
and one site visit in Atlanta, Georgia. Further, audit staff issued 
nearly two hundred data requests to obtain information for review and 
testing purposes, and to collect evidence to support its conclusions. 
The specific areas audit staff reviewed and tested include the 
Separation Protocol, wholesale sales, transmission, and GSS tariff.
     Separation Protocol--Audit staff conducted multiple tests 
to evaluate the Southern Operating Companies' compliance with the 
conditions imposed by the Commission and remaining opportunities for 
affiliate abuse relating to the separation of functions and employee 
workspace, restriction of non-public market information, separation 
protocol training, and sale of non-power goods and services. 
Specifically, audit staff:
    [cir] Reviewed Southern Company's organizational structure and 
conducted interviews with several employees to ensure that Southern 
Company functionally separated all wholesale activities carried out for 
the sole benefit of Southern Power shareholders, including its trading 
activities by the other Southern Operating Companies.
    [cir] Toured and inspected Southern Power and other facilities in 
Birmingham, Alabama, and Atlanta, Georgia, to ensure that the workspace 
of all employees conducting separated functions of Southern Power were 
separated from the workspace of the other Southern Operating Companies.
    [cir] Inspected the physical and electronic information security 
restrictions in place and tested the information system processes and 
controls in place at the network, application, and workstation level to 
ensure non-public market information is protected from employees 
conducting the separated functions of Southern Power.
    [cir] Reviewed various physical and electronic means by which 
Southern Power could access or receive non-public market information 
from the other Southern Operating Companies to ensure they did not 
violate the Separation Protocol. The various means inspected included: 
employee e-mails and voice recordings; access to shared drives and 
databases containing non-public market information; electronic card key 
access permissions at facilities containing non-public market 
information; records of joint meetings between Southern Power and other 
Southern Operating Companies; and visitor sign-in logs at facilities 
containing non-public market information. Further, audit staff 
conducted interviews with employees who conduct separated functions for 
Southern Power and interviews with employees performing pool operations 
and trading as a secondary level of testing.
    [cir] Reviewed the training program Southern Company developed to 
educate employees affected by the Separation Protocol to assess its 
adequacy and completeness. Audit staff also interviewed compliance 
officers involved with providing training and employees receiving 
training to assess their knowledge and understanding of the Separation 
Protocol. As part of this testing, audit staff reviewed the processes 
in place for detecting and investigating potential violations of the 
Separation Protocol, and procedures for posting actual violations of 
the Separation Protocol on OASIS.
    [cir] Reviewed the allocation methodologies and pricing for non-
power goods and services provided and purchased amongst Southern 
Company Services, Inc., Southern Power, and the other Southern 
Operating Companies, to determine whether such allocation methodologies 
and pricing were consistent with the Separation Protocol and did not 
result in subsidization. Audit staff reviewed all service agreements in 
effect that provide for non-power goods and services to identify the 
types of non-power goods and services provided and purchased amongst 
Southern Company Services, Inc. and the Southern Operating Companies, 
and the pricing for such non-power goods and services. Audit staff also 
reviewed the methods used to allocate cost amongst the Southern 
Operating Companies.
    [cir] Wholesale Sales--Audit staff conducted several tests to 
evaluate the Southern Operating Companies' compliance with the 
conditions imposed by the Commission and remaining opportunities for 
affiliate abuse relating to wholesale sales, including the IIC 
provisions for: reserve sharing and generation expansion plans; sales 
between the Southern Operating Companies; and wholesale sales to third 
parties. Specifically, audit staff:
    [cir] Conducted group discussions and interviews with operational, 
trading, and shared employees to obtain an in-depth knowledge and 
understanding of the provisions of the IIC and the operation of 
Southern Company's integrated system. Further, audit staff reviewed 
business practices and procedures, observed operational and trading 
activities, and reviewed transactional and other business data to 
determine how to apply these provisions for testing compliance.

[[Page 77672]]

    [cir] Reviewed Southern Company's annual IIC informational filing, 
conducted employee interviews, and analyzed data to determine how the 
Southern Operating Companies derived recognized capacity for the 
reserve sharing calculation. As part of the data analysis, audit staff 
reviewed expansion plans to verify Southern Power did not automatically 
include new capacity resources in the reserve sharing calculation as 
recognized capacity that was not part of the coordinated planning 
process. Further, audit staff analyzed reserve sharing calculations and 
billings to verify the payments to and receipts from the Southern 
Operating Companies for reserve sharing were in accordance with the 
provisions of the IIC.
    [cir] Analyzed transactions, billings, and other documents to 
validate the payments to and receipts from the pool for interchange 
energy and opportunity interchange energy were in accordance with the 
provisions of the IIC. Audit staff reviewed pool interchange energy 
sale transactions between the Southern Operating Companies to validate 
the charges were based upon the variable costs of the generating 
resource supplying the interchange energy. Audit staff also reviewed 
pool opportunity interchange energy sales transactions to verify the 
Southern Operating Companies received revenues based upon approved peak 
period load ratios and paid costs based upon the variable dispatch 
costs.
    [cir] Reviewed regulatory filings to determine whether the 
Commission approved any sales between the Southern Operating Companies 
outside the pool operating window for the periods of less than one year 
and greater than one year. Audit staff also analyzed transactional data 
and conducted employee interviews to independently assess whether any 
sales between the Southern Operating Companies occurred outside the 
pool operating window without prior Commission approval.
    [cir] Analyzed transactional data and other supporting documents to 
verify Southern Power made all of its wholesale sales outside the pool 
operating window using its own generating capacity. Audit staff also 
interviewed Southern Operating Companies' employees to assess the 
adequacy of procedures and controls in place for ensuring all of 
Southern Power's wholesale sales occur outside the pool operating 
window and that Southern Power has available capacity from its own 
generating resources to support these wholesale sales.
    [cir] Reviewed the Southern Operating Companies' coordinated 
planning process to verify Southern Power independently developed its 
generation expansion plans and did not participate in reviewing and 
recommending the generation expansion plans of the other Southern 
Operating Companies. Further, audit staff reviewed e-mails and 
interviewed the Southern Power Senior Production Officer on the 
Operating Committee to ensure Southern Power did not receive non-public 
market information from other Operating Committee members.
    [cir] Transmission--Audit staff conducted several tests to evaluate 
the Southern Operating Companies' compliance with the conditions 
imposed by the Commission and remaining opportunities for affiliate 
abuse relating to the Southern Operating Companies' access to non-
public transmission information and Southern Power's adherence to the 
terms and conditions of the OATT and treatment as an Energy Affiliate 
under the Standards of Conduct. Specifically, audit staff:
    [cir] Conducted interviews with Southern Company transmission 
function managers and employees to understand the physical aspects and 
operations of Southern Company's electric transmission system.
    [cir] Reviewed corporate organizational charts and employee job 
descriptions to assess the functional separation of Southern Power and 
other marketing functions from the transmission function.
    [cir] Reviewed all transmission services provided to each of the 
Southern Operating Companies by Southern Company's transmission 
function and then analyzed transmission service agreements, 
reservations, schedules, and billing statements to validate that 
Southern Power adhered to the terms and conditions of the OATT.
    [cir] Reviewed various physical and electronic means for Southern 
Power and other employees performing marketing activities to access or 
receive non-public transmission information to ensure that they did not 
violate the Commission's Standards of Conduct regulations in effect 
during the audit period. The various means inspected included: employee 
e-mails and voice recordings; marketing employees' access to shared 
drives and transmission databases; transmission facilities' electronic 
card key access permissions; records of joint meetings between 
transmission and marketing function employees; and records for visitor 
sign-in logs at the operating control center. Audit staff also 
conducted interviews with personnel who work in separated functions for 
Southern Power and interviews with employees performing pool operations 
and trading as a secondary level of testing.
    [cir] Reviewed OASIS to determine whether the Southern Operating 
Companies made required postings in accordance with the Standards of 
Conduct as in effect at the time.
    [cir] GSS Tariff--Audit staff conducted testing to evaluate the 
Southern Operating Companies' compliance with the conditions imposed by 
the Commission and remaining opportunities for affiliate abuse relating 
to similarly-situated merchant generators' access to back-up power. 
Audit staff reviewed all filings made by Southern Company Services, 
Inc. to validate that Southern Company complied with the Commission's 
order to file a GSS tariff that offered all similarly-situated merchant 
generators access to back-up power. Audit staff issued data requests 
and conducted interviews to assess the internal processes and 
procedures related to the administration of the GSS tariff. Audit staff 
also used these data requests and interviews to verify whether any 
scheduling entity requested service under the GSS tariff, and to 
determine whether any scheduling entity was improperly denied service 
under the GSS tariff.

III. Findings and Recommendations

1. Electronic Separation

    Although Southern Company implemented electronic controls to 
prevent Southern Power employees from accessing non-public market 
information, audit staff detected gaps that could have potentially 
provided Southern Power employees with access to non-public market 
information. Specifically, as part of our audit testing, a Southern 
Power employee was able to breach Southern Company's network access 
protections through a non-Southern Power computer workstation and the 
wireless network.
    Additionally, Southern Company did not have adequate procedures in 
place to review: (1) Personal network drives that may contain non-
public market information when employees transferred jobs and (2) files 
transferred to shared network drives by non-Southern Power employees 
for non-public market information.
Pertinent Guidance
    The Commission's Settlement Order required the Southern Operating 
Companies to ``adopt a clear separation of functions, including 
restrictions on

[[Page 77673]]

information sharing,'' for transactions benefitting Southern Power's 
shareholders. The Settlement Order also required Southern to make clear 
that Southern Power is to be treated as an Energy Affiliate under the 
Standards of Conduct and therefore cannot receive any nonpublic 
transmission information.\36\ In response to implementing these 
modifications, Southern Company included language in its Separation 
Protocol to protect against the electronic sharing of non-public market 
information. Specifically, the Separation Protocol applicable to 
Southern Power states in paragraph no. 4:
---------------------------------------------------------------------------

    \36\ Settlement Order at P. 3.

    Prohibited information will be electronically protected from 
employees conducting the separated functions of Southern Power 
through restricted access to any shared drive that includes such 
information. Access to these shared drives by employees conducting 
the separated functions of Southern Power will require pre-approval 
under an authorization process administered by the Southern Company 
Generation Compliance Officer.

Background

    Southern Company conducted a comprehensive review of its computer 
network environment, business software applications and databases, 
intranet Web sites, and other computer related systems to ensure it had 
adequate controls in place to restrict Southern Power employees from 
having electronic access to non-public market information. Southern 
Company implemented a segmented network as its overarching control to 
comply with the electronic separation and information sharing 
requirements set forth in the Commission's Settlement Order. The 
segmented network allows Southern Power to co-exist on the same 
information technology infrastructure as the rest of Southern Company, 
yet at the same time is designed to preclude Southern Power from 
electronically accessing non-public market information. The 
implementation of the segmented network and other computer 
infrastructure related changes required extensive employee hours and 
cost approximately $1.3 million.
    The compliance measures taken by Southern Company required re-
engineering of its existing computer infrastructure with the 
implementation of a segmented network. Audit staff's review of the 
segmented network determined that it is an effective first line of 
defense in electronically protecting Southern Power employees' access 
to non-public market information. However, audit staff's testing of 
Southern Company's electronic separation control environment for the 
segmented network detected some minor weaknesses that could have 
potentially provided Southern Power employee's access to non-public 
market information through personal employee computers workstations and 
the wireless network had they been left unresolved.
    Further, Southern Company did not have adequate procedures in place 
to review for non-public market information: (1) personal network 
drives when employees transferred jobs and (2) files transferred to 
shared network drives by non-Southern Power employees.

Segmented Network

    The segmented network was achieved by installing dedicated computer 
infrastructure, such as dedicated servers, switches and firewalls, and 
by implement