Power utility NERC dispatch control room at dusk; bank of telemetry monitors mostly dim with one warm amber alarm screen casting a single warm glow against cool concrete and brushed-steel.
FOR POWER & UTILITIES

Your EMS logs every relay misoperation.
It doesn't know why the same one misoperates twice.

Sovel reads the relay-engineer note, the operator log, and the switching order — then proposes findings a named reviewer approves. The named-authorization record CIP-010-4 R1.2 requires. Autonomous-write competitors can't produce it.

Run a knowledge-risk scan Talk to a founder
§ 02 — The named pain

Three repeat-failure shapes
every NERC compliance lead has lived through.

01

Recurrent relay misoperation

The same protection scheme misoperates on the same fault type three times in eighteen months. NERC PRC-004-6 makes you analyze and report each one. The relay engineer's notes from the second event — the ones that name the upstream coordination drift — never make it back into governed procedure. The third event reads the same way as the first.

Mechanism · Knowledge concentration / post-event note loss
02

Switching-order procedure drift

Senior switchman hand-marks the master switching procedure during a complex unit-removal — "trip 5L breaker first, watch for backfeed on bus 2." The marked-up sheet stays in the binder. The next switching evolution uses the unmarked master. The marked-up correction was the load-bearing knowledge.

Mechanism · Procedure drift / shift-handover gap
03

Black-start sequence assumed knowledge

The annual black-start drill works because one specific control-room operator silently corrects the sequence at five points the procedure doesn't name. The drill passes. The procedure is never updated. That operator is six years from retirement.

Mechanism · Knowledge concentration / pre-retirement risk
§ 03 — Regulatory anchor matrix

Mapped against NERC CIP + PRC standards
paragraph by paragraph.

NERC reliability standards Sovel maps against — protection-system misoperation reporting (PRC-004-6), configuration change management (CIP-010-4), BES Cyber System Information protection (CIP-011-3), and cyber-security incident reporting (CIP-008-6).

Paragraph
Sub-paragraph
Sovel covers
Citation
§PRC-004-6
Protection System Misoperation Analysis
Recurrent-misoperation cluster detection across protection events; reviewer-approved root-cause and corrective-action drafts that satisfy the analysis-and-corrective-action requirement.
NERC PRC-004-6 — analysis must include identification of corrective action; recurring misoperations are an audit-priority finding.
§CIP-010-4 R1.2
Configuration Change Management
Verify-in-place records as the named-authorization artifact: every change to a BES Cyber System baseline carries a named reviewer, evidence anchors, and an immutable trail.
Tom Alrich (Dec 2025) — zero AI-tool citations under CIP-010-4 R1.2 to date; adoption ahead of enforcement is the moat window.
§CIP-011-3
Information Protection (BCSI)
BCSI classification at L2 ingest, not post-hoc — Slack/Teams/SharePoint sources are scanned for BES Cyber System Information before reviewer surfacing. On-prem deployment satisfies CIP-004-7 R6 provisioned-access burden.
WECC 2018 settlement $2.7M (CIP-003-3) — utility penalized for failing to classify BCSI before vendor handoff. NERC 2019 settlement $87K (CIP-011-2) — BCSI in shared drive not classified as BCSI repository.
§CIP-008-6
Cyber Security Incident Reporting
Repeat-incident pattern detection across incident reports; surfaces the same root-cause class recurring across reportable events before the next compliance audit.
NERC CIP-008-6 (effective 2020-08) — strengthened reporting in response to recurring incident-classification gaps.
§ 04 — Reviewer surface

The same inbox your safety lead approves from
— architected against NERC CIP + PRC standards.

Fig. 02 — Reviewer Inbox · liveFOR POWER & UTILITIES

Reviewer inbox surfacing a BCS-0712 NERC CIP-010 R1 baseline drift on Unit 2 plus three additional power-vertical findings. (BCS = Sovel's BES Cyber System issue prefix — disambiguated from NERC's own CIP-NNN standard numbering.) Each row is a knowledge-risk finding Sovel proposes; the named reviewer approves, defers, or rejects. Approval emits a verify-in-place record that satisfies CIP-010-4 R1.2 named-authorization for any baseline change.

§ 05 — Pre-pilot

Pre-pilot Knowledge Risk Assessment for power.

Two-week scoped engagement against one EMS or CMMS export. One named Sovel reviewer, one substrate scan, one auditable bundle — mapped to the NERC CIP and PRC reliability standards your CIP compliance lead already audits against.

Run a knowledge-risk scan Talk to a founder
Delivers
  • Read-only ingest of one EMS or CMMS export, scoped to a single substation or generation unit.
  • BCSI-aware sanitization at L2 normalization (Slack/Teams/SharePoint sources classified before reviewer surfacing).
  • Reviewer walkthrough of one closure record on a 45-minute call.
  • Signed PDF and live evidence bundle within five working days, mapped to CIP-010-4 / CIP-011-3 / PRC-004-6 / CIP-008-6.
Does NOT deliver
  • No autonomous writes to relay settings, switching procedures, or BES Cyber System baselines.
  • EMS / DMS / SCADA replacement.
  • Generic chatbot or open-ended Q&A surface.
  • Cloud-only deployment (on-prem available — required for CIP-004-7 R6 provisioned-access posture).