Here's the compliance trap most CleanTech and EnergyTech SaaS vendors don't see until a NERC CIP audit arrives: you build a workflow in Zapier or Make to route grid operations alerts, and that workflow touches an API that has electronic access to a Bulk Electric System (BES) Cyber System. Under NERC CIP-010-4, any system with transient electronic connectivity to a BES Cyber System is a Transient Cyber Asset. That means your cloud iPaaS — the one routing your operations tickets — may require documentation, baseline management, and patch monitoring under CIP-010-4 R4. Your NERC CIP Responsible Entity compliance program may not mention it.
The DOE Form OE-417 exposure compounds it. Federal regulations require electric emergency incident notification within 24 hours of when your operations center "becomes aware" of the event. If your SOC workflows run on a cloud automation platform, the vendor's execution timestamp for the incident alert may be earlier than your internal team's documented awareness. The 24-hour clock may have started before your compliance team opened the incident.
Self-hosted n8n runs inside your operational perimeter. BES Cyber System access doesn't leave your environment. CEMS data stays in your Postgres. Your NERC CIP evidence vault and DOE OE-417 timestamps are under your direct custody.
Here are 5 production-ready workflows for CleanTech and EnergyTech SaaS vendors, with full import-ready JSON.
1. CleanTech/EnergyTech Customer Onboarding & Compliance Orientation Drip (7-Tier Segmentation)
Segments by customer type and compliance flags. Day 0 delivers NERC CIP/FERC/EPA guidance tailored to their tier. Day 3 sends integration setup. Day 7 or 14 offers a compliance automation review.
Customer tiers: UTILITY_SCALE_ENERGY_SAAS (large IOU — NERC CIP High/Medium BES assets, FERC Form 1, DOE OE-417) / DISTRIBUTED_ENERGY_SAAS (DER aggregation platform — FERC Order 2222, ISO/RTO market participation) / ENERGY_ANALYTICS_SAAS (grid analytics — NERC CIP Transient Cyber Asset CIP-010-4, BES Cyber System access boundary) / CLEANTECH_CARBON_SAAS (carbon credit/offset management — SEC climate disclosure Scope 1/2/3, voluntary carbon standards) / RENEWABLE_ENERGY_SAAS (wind/solar operations SaaS — EPA CEMS 40 CFR Part 75 quarterly, interconnection FERC) / EV_CHARGING_SAAS (EV charging network — FERC Order 2222, ISO-NE/MISO/CAISO interconnection, CPUC EV rate tariffs) / ENERGYTECH_STARTUP (seed-stage — EPA Scope 1 baseline, SEC climate readiness)
Compliance flags: NERC_CIP_HIGH_IMPACT / NERC_CIP_MEDIUM_IMPACT / FERC_ORDER_2222_SUBJECT / EPA_TITLE_V_PERMIT / DOE_OE417_REPORTER / SEC_CLIMATE_DISCLOSURE_REQUIRED / CEMS_CONTINUOUS_MONITORING
{
"name": "CleanTech/EnergyTech Onboarding Drip",
"nodes": [
{
"id": "1",
"name": "New Customer Webhook",
"type": "n8n-nodes-base.webhook",
"parameters": {
"path": "energy-onboarding",
"method": "POST"
}
},
{
"id": "2",
"name": "Segment by Tier & Flags",
"type": "n8n-nodes-base.code",
"parameters": {
"jsCode": "const d=items[0].json;const tierMap={UTILITY_SCALE_ENERGY_SAAS:{slack:'#utility-cs',qbrDay:7,desc:'Utility-scale energy SaaS (IOU/MOU)'},DISTRIBUTED_ENERGY_SAAS:{slack:'#der-cs',qbrDay:7,desc:'DER aggregation platform'},ENERGY_ANALYTICS_SAAS:{slack:'#analytics-cs',qbrDay:10,desc:'Grid analytics/forecasting SaaS'},CLEANTECH_CARBON_SAAS:{slack:'#carbon-cs',qbrDay:10,desc:'Carbon credit/offset management SaaS'},RENEWABLE_ENERGY_SAAS:{slack:'#renewable-cs',qbrDay:7,desc:'Wind/solar operations SaaS'},EV_CHARGING_SAAS:{slack:'#ev-cs',qbrDay:14,desc:'EV charging network operator SaaS'},ENERGYTECH_STARTUP:{slack:'#startup-cs',qbrDay:14,desc:'EnergyTech startup'}};const tier=d.tier||'ENERGYTECH_STARTUP';const t=tierMap[tier]||tierMap.ENERGYTECH_STARTUP;const flags=d.compliance_flags||[];const nercHigh=flags.includes('NERC_CIP_HIGH_IMPACT');const nercMed=flags.includes('NERC_CIP_MEDIUM_IMPACT');const ferc2222=flags.includes('FERC_ORDER_2222_SUBJECT');const titleV=flags.includes('EPA_TITLE_V_PERMIT');const doe417=flags.includes('DOE_OE417_REPORTER');const secClimate=flags.includes('SEC_CLIMATE_DISCLOSURE_REQUIRED');const cems=flags.includes('CEMS_CONTINUOUS_MONITORING');return [{json:{...d,tier,csmSlack:t.slack,qbrDay:t.qbrDay,tierDesc:t.desc,nercHigh,nercMed,ferc2222,titleV,doe417,secClimate,cems}}];"
}
},
{
"id": "3",
"name": "Day 0 Welcome + Compliance Brief",
"type": "n8n-nodes-base.gmail",
"parameters": {
"operation": "send",
"toEmail": "={{$json.email}}",
"subject": "Welcome to [Platform] \u2014 Your CleanTech/EnergyTech Compliance Automation Toolkit",
"message": "={{`Dear ${$json.contact_name},\\n\\nWelcome to [Platform]. As a ${$json.tierDesc}, your account is pre-configured for:\\n\\n${$json.nercHigh||$json.nercMed?'\\u2022 NERC CIP v7 compliance monitoring (CIP-007 35-day patch window, CIP-010 change management, CIP-004 training)\\n':''}${$json.ferc2222?'\\u2022 FERC Order 2222 DER aggregation compliance (ISO/RTO market participation tracking)\\n':''}${$json.doe417?'\\u2022 DOE Form OE-417 incident notification (24-hour grid emergency clock)\\n':''}${$json.cems?'\\u2022 EPA CEMS 40 CFR Part 75 quarterly reporting (continuous emissions data pipeline)\\n':''}${$json.secClimate?'\\u2022 SEC climate disclosure Scope 1/2/3 GHG pipeline (Rule 33-11275 annual 10-K)\\n':''}${$json.titleV?'\\u2022 EPA Title V operating permit annual compliance certification\\n':''}\\nYour CSM will reach out within 1 business day to schedule your compliance setup review.\\n\\n[Platform] Team`}"
}
},
{
"id": "4",
"name": "Log to Sheets",
"type": "n8n-nodes-base.googleSheets",
"parameters": {
"operation": "appendOrUpdate",
"sheetId": "YOUR_SHEET_ID",
"range": "Onboarding!A:K",
"columns": {
"mappingMode": "autoMapInputData"
}
}
},
{
"id": "5",
"name": "Slack CSM Alert",
"type": "n8n-nodes-base.slack",
"parameters": {
"channel": "={{$json.csmSlack}}",
"text": "={{`New ${$json.tier} customer: ${$json.company_name} (${$json.email}). NERC CIP High: ${$json.nercHigh} | FERC 2222: ${$json.ferc2222} | DOE OE-417: ${$json.doe417} | CEMS: ${$json.cems} | SEC Climate: ${$json.secClimate}`}}"
}
},
{
"id": "6",
"name": "Wait 3 Days",
"type": "n8n-nodes-base.wait",
"parameters": {
"amount": 3,
"unit": "days"
}
},
{
"id": "7",
"name": "Day 3 Integration Guide",
"type": "n8n-nodes-base.gmail",
"parameters": {
"operation": "send",
"toEmail": "={{$json.email}}",
"subject": "3 integrations to configure this week (NERC CIP + EPA compliance)",
"message": "={{`Hi ${$json.contact_name},\\n\\nPriority integrations for your compliance team this week:\\n\\n${$json.nercHigh||$json.nercMed?'1. Connect your NERC CIP evidence vault API (CIP-007 R6 evidence retention, 36-month minimum)\\n':'1. Set up your EPA Scope 1/2 GHG data pipeline for SEC climate disclosure\\n'}${$json.cems?'2. Configure your CEMS telemetry connection (40 CFR Part 75 quarterly reporting)\\n':'2. Connect your compliance deadline tracker (FERC Form 1 annual, EPA Title V permit)\\n'}${$json.doe417?'3. Set up DOE OE-417 incident notification workflow (24-hour grid emergency clock)\\n':'3. Enable SEC climate disclosure Scope 1/2/3 aggregation workflow\\n'}\\nSetup guide: [docs link]\\n\\n[Platform] Team`}"
}
},
{
"id": "8",
"name": "Wait to QBR",
"type": "n8n-nodes-base.wait",
"parameters": {
"amount": "={{$json.qbrDay}}",
"unit": "days"
}
},
{
"id": "9",
"name": "QBR Offer",
"type": "n8n-nodes-base.gmail",
"parameters": {
"operation": "send",
"toEmail": "={{$json.email}}",
"subject": "Book your 30-min NERC CIP/EPA compliance automation review",
"message": "={{`Hi ${$json.contact_name},\\n\\nYou've been live for ${$json.qbrDay} days. Let's close any gaps in your NERC CIP evidence workflows and EPA reporting pipeline before your next audit window.\\n\\nBook 30 min: [calendar link]\\n\\n[Platform] Team`}}"
}
}
],
"connections": {
"New Customer Webhook": {
"main": [
[
{
"node": "Segment by Tier & Flags"
}
]
]
},
"Segment by Tier & Flags": {
"main": [
[
{
"node": "Day 0 Welcome + Compliance Brief"
}
]
]
},
"Day 0 Welcome + Compliance Brief": {
"main": [
[
{
"node": "Log to Sheets"
}
]
]
},
"Log to Sheets": {
"main": [
[
{
"node": "Slack CSM Alert"
}
]
]
},
"Slack CSM Alert": {
"main": [
[
{
"node": "Wait 3 Days"
}
]
]
},
"Wait 3 Days": {
"main": [
[
{
"node": "Day 3 Integration Guide"
}
]
]
},
"Day 3 Integration Guide": {
"main": [
[
{
"node": "Wait to QBR"
}
]
]
},
"Wait to QBR": {
"main": [
[
{
"node": "QBR Offer"
}
]
]
}
}
}
Self-hosting note: NERC CIP-010-4 R4 requires that Transient Cyber Assets with electronic access connectivity to BES Cyber Systems be managed under your asset baseline program. A cloud iPaaS vendor that routes SCADA alerts or BES operations data may qualify as a Transient Cyber Asset under your CIP-010-4 compliance boundary — a finding that typically surfaces during a NERC audit rather than before one.
2. CleanTech/EnergyTech API & Compliance Infrastructure Health Monitor
Polls 5 critical endpoints every 15 minutes. Each failure is annotated with the specific NERC CIP/EPA/DOE regulatory exposure so your on-call team immediately knows which compliance clock is at risk.
{
"name": "CleanTech/EnergyTech API Health Monitor",
"nodes": [
{
"id": "1",
"name": "Every 15 Minutes",
"type": "n8n-nodes-base.scheduleTrigger",
"parameters": {
"rule": {
"interval": [
{
"field": "minutes",
"minutesInterval": 15
}
]
}
}
},
{
"id": "2",
"name": "Load Endpoints",
"type": "n8n-nodes-base.googleSheets",
"parameters": {
"operation": "getAll",
"sheetId": "YOUR_SHEET_ID",
"range": "Endpoints!A:D"
}
},
{
"id": "3",
"name": "Poll Each Endpoint",
"type": "n8n-nodes-base.httpRequest",
"parameters": {
"url": "={{$json.endpoint_url}}",
"method": "GET",
"timeout": 8000,
"continueOnFail": true
}
},
{
"id": "4",
"name": "Classify with Regulatory Annotation",
"type": "n8n-nodes-base.code",
"parameters": {
"jsCode": "const results=[];for(const item of items){const ep=item.json;const ok=ep.statusCode>=200&&ep.statusCode<300;if(!ok){const regMap={nerc_cip_evidence_vault:'NERC CIP CIP-007 R6 \u2014 evidence retention minimum 36 months. Vault downtime = evidence gap in your CIP compliance program. Regional entity audit finding risk.',cems_telemetry_api:'EPA 40 CFR Part 75 \u2014 CEMS data availability. Downtime requires substitute data values per 40 CFR Part 75 App. D. Data gaps flagged in quarterly QA/QC report submitted to EPA.',ferc_form_submissions:'FERC Form 1 / Order 2222 \u2014 FERC electronic filing system. Deadline-driven annual filing (April 15). Downtime during submission window = missed filing risk.',doe_oe417_portal:'DOE Form OE-417 \u2014 electric emergency incident notification. 24-hour clock from operations center awareness. Portal downtime during incident = notification chain break.',sec_climate_disclosure_pipeline:'SEC Rule 33-11275 \u2014 Scope 1/2 GHG data pipeline for annual 10-K. Data pipeline gap during reporting period creates Scope 1/2 accuracy risk in SEC climate disclosure.'};const reg=regMap[ep.endpoint_name]||'Unknown regulatory exposure \u2014 check your NERC CIP compliance boundary and EPA reporting obligations.';results.push({json:{endpoint_name:ep.endpoint_name,status:ep.statusCode||'TIMEOUT',regulatory_note:reg,ts:new Date().toISOString()}});}}return results.length?results:[{json:{status:'ALL_OK',ts:new Date().toISOString()}}];"
}
},
{
"id": "5",
"name": "Any Failures?",
"type": "n8n-nodes-base.if",
"parameters": {
"conditions": {
"string": [
{
"value1": "={{$json.status}}",
"operation": "notEqual",
"value2": "ALL_OK"
}
]
}
}
},
{
"id": "6",
"name": "Slack #compliance-ops",
"type": "n8n-nodes-base.slack",
"parameters": {
"channel": "#compliance-ops",
"text": "={{`:rotating_light: ${$json.endpoint_name} DOWN (${$json.status})\\n*Regulatory risk*: ${$json.regulatory_note}\\nTime: ${$json.ts}`}}"
}
},
{
"id": "7",
"name": "Log to Sheets",
"type": "n8n-nodes-base.googleSheets",
"parameters": {
"operation": "appendOrUpdate",
"sheetId": "YOUR_SHEET_ID",
"range": "HealthLog!A:D",
"columns": {
"mappingMode": "autoMapInputData"
}
}
}
],
"connections": {
"Every 15 Minutes": {
"main": [
[
{
"node": "Load Endpoints"
}
]
]
},
"Load Endpoints": {
"main": [
[
{
"node": "Poll Each Endpoint"
}
]
]
},
"Poll Each Endpoint": {
"main": [
[
{
"node": "Classify with Regulatory Annotation"
}
]
]
},
"Classify with Regulatory Annotation": {
"main": [
[
{
"node": "Any Failures?"
}
]
]
},
"Any Failures?": {
"main": [
[
{
"node": "Slack #compliance-ops"
}
],
[]
]
},
"Slack #compliance-ops": {
"main": [
[
{
"node": "Log to Sheets"
}
]
]
}
}
}
Self-hosting note: EPA CEMS data (40 CFR Part 75) must be preserved with your monitoring plan for EPA examination. A cloud workflow that aggregates CEMS telemetry creates a third-party record of your emissions data — data that EPA can request independently of your own records during a Title V compliance inspection.
3. FERC / NERC CIP / EPA / DOE / SEC Climate Compliance Deadline Tracker
Runs every weekday at 8 AM. Reads your compliance deadline sheet, routes each item by urgency tier, and sends the appropriate action email with the specific regulatory citation.
12 deadline types: NERC_CIP_007_PATCH_MGMT_35DAY (CIP-007 R2 — software vulnerability mitigation within 35 calendar days of vendor notification) / NERC_CIP_010_CHANGE_MGMT_35DAY (CIP-010-1 — change management documentation within 35 days) / NERC_CIP_004_TRAINING_ANNUAL (CIP-004 R4 — annual cyber security personnel training) / NERC_CIP_EVIDENCE_RETENTION_36MO (CIP-007 R6 / CIP-010 — 36-month evidence retention) / FERC_FORM_1_ANNUAL_APRIL15 (FERC Form 1 annual report due April 15) / FERC_ORDER_2222_COMPLIANCE_ANNUAL (FERC Order 2222 DER aggregation compliance review) / EPA_TITLE_V_ANNUAL_PERMIT_CERT (EPA Clean Air Act Title V — annual compliance certification) / EPA_CEMS_QUARTERLY_REPORT (40 CFR Part 75 — CEMS quarterly QA/QC report to EPA) / DOE_OE417_GRID_EMERGENCY_24H (DOE Form OE-417 — electric emergency notification within 24 hours of awareness) / SEC_CLIMATE_DISCLOSURE_10K_ANNUAL (SEC Rule 33-11275 — Scope 1/2 GHG in annual 10-K) / NERC_CIP_009_RECOVERY_TEST_ANNUAL (CIP-009 R3 — recovery plan test annually) / NERC_CIP_014_PHYSICAL_SECURITY_ANNUAL (CIP-014 — physical security vulnerability assessment)
{
"name": "CleanTech/EnergyTech Compliance Deadline Tracker",
"nodes": [
{
"id": "1",
"name": "Every Weekday 8AM",
"type": "n8n-nodes-base.scheduleTrigger",
"parameters": {
"rule": {
"interval": [
{
"field": "cronExpression",
"expression": "0 8 * * 1-5"
}
]
}
}
},
{
"id": "2",
"name": "Load Deadlines from Sheets",
"type": "n8n-nodes-base.googleSheets",
"parameters": {
"operation": "getAll",
"sheetId": "YOUR_SHEET_ID",
"range": "Deadlines!A:G"
}
},
{
"id": "3",
"name": "Calculate Urgency",
"type": "n8n-nodes-base.code",
"parameters": {
"jsCode": "const results=[];for(const item of items){const d=item.json;const due=new Date(d.due_date);const now=new Date();const daysLeft=Math.ceil((due-now)/(1000*60*60*24));const citations={NERC_CIP_007_PATCH_MGMT_35DAY:'NERC CIP CIP-007 R2 \u2014 software vulnerability mitigation required within 35 calendar days of vendor notification. Missed window = CIP violation finding in NERC regional entity audit. Potential $1M+/day penalty.',NERC_CIP_010_CHANGE_MGMT_35DAY:'NERC CIP CIP-010-1 R1 \u2014 change management documentation must be updated within 35 days of BES Cyber System configuration change. Audit finding risk.',NERC_CIP_004_TRAINING_ANNUAL:'NERC CIP CIP-004 R4 \u2014 annual cyber security training for all personnel with Electronic or Physical Access. Non-compliance = audit finding for each affected individual.',NERC_CIP_EVIDENCE_RETENTION_36MO:'NERC CIP CIP-007 R6 / CIP-010 \u2014 compliance evidence must be retained minimum 36 months for NERC regional entity examination. Evidence destruction before 36 months = document production failure in audit.',FERC_FORM_1_ANNUAL_APRIL15:'FERC Form 1 \u2014 annual financial and operational report due April 15. Late or inaccurate filing = FERC enforcement proceeding and \\u00a7316A civil penalty.',FERC_ORDER_2222_COMPLIANCE_ANNUAL:'FERC Order 2222 \u2014 DER aggregation market participation annual compliance review. ISO/RTO settlement data accuracy and market rule compliance.',EPA_TITLE_V_ANNUAL_PERMIT_CERT:'EPA Clean Air Act Title V 42 USC \\u00a77661b \u2014 annual compliance certification due within 60 days of end of compliance period. False certification = Clean Air Act \\u00a7113 enforcement.',EPA_CEMS_QUARTERLY_REPORT:'EPA 40 CFR Part 75 \u2014 CEMS quarterly emissions report submission to EPA Electronic Reporting Tool (ERT). Missing report = Title IV/V noncompliance and permit deviation.',DOE_OE417_GRID_EMERGENCY_24H:'DOE Form OE-417 \u2014 electric emergency incident notification to DOE within 24 hours of operations center becoming aware of qualifying grid event. 24h clock starts at awareness, not resolution.',SEC_CLIMATE_DISCLOSURE_10K_ANNUAL:'SEC Rule 33-11275 \u2014 Scope 1 and Scope 2 GHG emissions required in annual 10-K for large accelerated filers. Scope 3 if material. Inaccurate GHG data = SEC enforcement and auditor liability.',NERC_CIP_009_RECOVERY_TEST_ANNUAL:'NERC CIP CIP-009 R3 \u2014 recovery plan test required annually per entity. Test results must be documented and retained per CIP-007 R6 evidence retention requirements.',NERC_CIP_014_PHYSICAL_SECURITY_ANNUAL:'NERC CIP CIP-014 R4 \u2014 physical security vulnerability assessment for Transmission stations. Annual review and documentation required.'};const citation=citations[d.deadline_type]||'Review your NERC CIP compliance program and FERC/EPA reporting obligations for this deadline.';let urgency='INFO';if(daysLeft<=2)urgency='CRITICAL';else if(daysLeft<=7)urgency='HIGH';else if(daysLeft<=35)urgency='MEDIUM';results.push({json:{...d,daysLeft,urgency,citation}});}return results;"
}
},
{
"id": "4",
"name": "Route by Urgency",
"type": "n8n-nodes-base.switch",
"parameters": {
"dataType": "string",
"value1": "={{$json.urgency}}",
"rules": {
"rules": [
{
"value2": "CRITICAL",
"output": 0
},
{
"value2": "HIGH",
"output": 1
},
{
"value2": "MEDIUM",
"output": 2
}
]
}
}
},
{
"id": "5",
"name": "CRITICAL Alert",
"type": "n8n-nodes-base.slack",
"parameters": {
"channel": "#compliance-critical",
"text": "={{`:rotating_light: CRITICAL \u2014 ${$json.deadline_type} due in ${$json.daysLeft} days\\nCitation: ${$json.citation}\\nOwner: ${$json.owner}`}}"
}
},
{
"id": "6",
"name": "HIGH Alert Email",
"type": "n8n-nodes-base.gmail",
"parameters": {
"operation": "send",
"toEmail": "={{$json.owner_email}}",
"subject": "={{`[HIGH] ${$json.deadline_type} due in ${$json.daysLeft} days`}}",
"message": "={{`${$json.deadline_type} is due in ${$json.daysLeft} days.\\n\\nRegulatory citation: ${$json.citation}\\n\\nAction required: ${$json.action_required}`}}"
}
},
{
"id": "7",
"name": "Log All to Sheets",
"type": "n8n-nodes-base.googleSheets",
"parameters": {
"operation": "appendOrUpdate",
"sheetId": "YOUR_SHEET_ID",
"range": "DeadlineLog!A:F",
"columns": {
"mappingMode": "autoMapInputData"
}
}
}
],
"connections": {
"Every Weekday 8AM": {
"main": [
[
{
"node": "Load Deadlines from Sheets"
}
]
]
},
"Load Deadlines from Sheets": {
"main": [
[
{
"node": "Calculate Urgency"
}
]
]
},
"Calculate Urgency": {
"main": [
[
{
"node": "Route by Urgency"
}
]
]
},
"Route by Urgency": {
"main": [
[
{
"node": "CRITICAL Alert"
}
],
[
{
"node": "HIGH Alert Email"
}
],
[
{
"node": "Log All to Sheets"
}
]
]
},
"CRITICAL Alert": {
"main": [
[
{
"node": "Log All to Sheets"
}
]
]
},
"HIGH Alert Email": {
"main": [
[
{
"node": "Log All to Sheets"
}
]
]
}
}
}
Self-hosting note: NERC CIP-007 R2's 35-day patch window starts from the date of vendor notification — not from when your compliance team reviews it. If your patch management pipeline runs through a cloud iPaaS that applies updates asynchronously, the vendor notification timestamp in the iPaaS execution log may be earlier than your internal documented review date. The 35-day clock in a NERC audit is the earliest documented awareness date.
4. NERC CIP Security Event & EPA Emissions Incident Pipeline
Triggered by webhook from your monitoring systems. Classifies each incident, starts the regulatory clock, routes for immediate action, and logs with deduplication.
8 incident types: NERC_CIP_REPORTABLE_CYBER_INCIDENT (E-ISAC + FERC + regional entity — within 1 hour of determination) / DOE_OE417_GRID_EMERGENCY_EVENT (DOE Form OE-417 — 24-hour notification clock from operations awareness) / EPA_CEMS_DATA_GAP (40 CFR Part 75 — substitute data values required, quarterly report flag) / NERC_CIP_007_VULNERABILITY_DETECTED (CIP-007 R2 — 35-day patch mitigation window starts) / EPA_TITLE_V_PERMIT_DEVIATION (EPA Title V — permit deviation report within 2 business days) / FERC_ORDER_2222_SETTLEMENT_FAILURE (FERC tariff noncompliance — market operator notification required) / SEC_CLIMATE_DATA_DISCREPANCY (Scope 1/2 GHG data anomaly — auditor flag for 10-K accuracy) / DATA_BREACH_SCADA_SYSTEMS (NERC CIP + DOE OE-417 + multi-jurisdiction — fastest clock governs)
{
"name": "NERC CIP & EPA Emissions Incident Pipeline",
"nodes": [
{
"id": "1",
"name": "Incident Webhook",
"type": "n8n-nodes-base.webhook",
"parameters": {
"path": "energy-incident",
"method": "POST",
"responseMode": "onReceived",
"responseData": "={{JSON.stringify({received:true,ts:new Date().toISOString()})}}"
}
},
{
"id": "2",
"name": "Classify Incident",
"type": "n8n-nodes-base.code",
"parameters": {
"jsCode": "const d=items[0].json;const now=new Date().toISOString();const classMap={NERC_CIP_REPORTABLE_CYBER_INCIDENT:{severity:'CRITICAL',clock:'NERC CIP CIP-008 R1 \u2014 reportable cyber security incident notification to E-ISAC within 1 hour of determination. Notification to NERC regional entity within 1 hour. Incident report within 7 days.',action:'Notify E-ISAC immediately via NERC portal. Document determination timestamp. Preserve all logs for regional entity examination. Do NOT alter any system until forensics complete.',escalate:['ciso@company.com','legal@company.com','coo@company.com']},DOE_OE417_GRID_EMERGENCY_EVENT:{severity:'CRITICAL',clock:'DOE Form OE-417 \u2014 electric emergency incident notification within 24 hours of when operations center becomes aware. Clock starts at awareness timestamp, not resolution. Late notification = DOE enforcement referral.',action:'Document time of operations center awareness NOW. Begin OE-417 preparation immediately. 24-hour clock is running from this timestamp.',escalate:['coo@company.com','compliance@company.com','legal@company.com']},EPA_CEMS_DATA_GAP:{severity:'HIGH',clock:'EPA 40 CFR Part 75 App. D \u2014 CEMS data gap requires substitute data values for all hours missing. Data gap flagged in quarterly QA/QC report. Excessive data gaps trigger Title V permit deviation.',action:'Apply substitute data methodology per 40 CFR Part 75 App. D immediately. Log gap start/end timestamps. Flag for inclusion in quarterly QA/QC ERT submission.',escalate:['environmental@company.com','compliance@company.com']},NERC_CIP_007_VULNERABILITY_DETECTED:{severity:'HIGH',clock:'NERC CIP CIP-007 R2 \u2014 35 calendar days from vendor notification date to documented mitigation or compensating measure. Day 1 is the vendor notification date, not detection date.',action:'Document vendor notification date immediately \u2014 this is Day 1 of 35. Begin patch applicability assessment for all BES Cyber Systems. If patch cannot be applied in 35 days, document compensating measure.',escalate:['ciso@company.com','engineering@company.com']},EPA_TITLE_V_PERMIT_DEVIATION:{severity:'HIGH',clock:'EPA Clean Air Act Title V \u2014 permit deviation report within 2 business days of becoming aware of deviation. Annual deviation report required even if no deviations. False certification = \\u00a7113 enforcement.',action:'Document deviation discovery timestamp. Prepare Title V deviation notification for permitting authority. Corrective action plan required.',escalate:['environmental@company.com','compliance@company.com','legal@company.com']},FERC_ORDER_2222_SETTLEMENT_FAILURE:{severity:'HIGH',clock:'FERC Order 2222 \u2014 tariff noncompliance. ISO/RTO market rules govern settlement timelines. Market operator notification required within tariff-specified window. Potential FERC enforcement under FPA \\u00a7316A.',action:'Notify relevant ISO/RTO market operator. Document settlement failure cause. Preserve all DER telemetry and dispatch records for FERC production request.',escalate:['ops@company.com','legal@company.com']},SEC_CLIMATE_DATA_DISCREPANCY:{severity:'MEDIUM',clock:'SEC Rule 33-11275 \u2014 Scope 1/2 GHG accuracy required in annual 10-K. Material discrepancy in climate data = potential 10-K restatement and SEC enforcement. Auditor must attest to methodology.',action:'Identify scope of GHG data discrepancy. Assess materiality for 10-K disclosure. Engage auditor immediately if discrepancy affects filed or pending 10-K.',escalate:['cfo@company.com','legal@company.com','sustainability@company.com']},DATA_BREACH_SCADA_SYSTEMS:{severity:'CRITICAL',clock:'NERC CIP breach: E-ISAC 1 hour + regional entity 1 hour. DOE OE-417: 24 hours from awareness. State data breach laws: 30-72 hours. Multi-jurisdiction \u2014 fastest clock governs all.',action:'Activate breach response plan immediately. NERC CIP 1-hour notification clock is running. Notify Legal for multi-jurisdiction breach assessment. Preserve all SCADA logs.',escalate:['ciso@company.com','coo@company.com','legal@company.com','dpo@company.com']}};const cls=classMap[d.incident_type]||{severity:'MEDIUM',clock:'Unknown clock \u2014 review NERC CIP compliance program and EPA reporting obligations.',action:'Escalate to compliance team for regulatory assessment.',escalate:['compliance@company.com']};return [{json:{...d,...cls,incident_id:`ENERGY-${Date.now()}`,detected_at:now}}];"
}
},
{
"id": "3",
"name": "Dedup Check",
"type": "n8n-nodes-base.postgres",
"parameters": {
"operation": "executeQuery",
"query": "INSERT INTO energy_incidents (incident_id, incident_type, severity, detected_at, clock_note, action_note) VALUES ('{{$json.incident_id}}', '{{$json.incident_type}}', '{{$json.severity}}', '{{$json.detected_at}}', '{{$json.clock}}', '{{$json.action}}') ON CONFLICT (incident_id) DO NOTHING RETURNING *"
}
},
{
"id": "4",
"name": "Is New?",
"type": "n8n-nodes-base.if",
"parameters": {
"conditions": {
"number": [
{
"value1": "={{$json.rowCount}}",
"operation": "equal",
"value2": 1
}
]
}
}
},
{
"id": "5",
"name": "Escalation Emails",
"type": "n8n-nodes-base.gmail",
"parameters": {
"operation": "send",
"toEmail": "={{$json.escalate.join(',')}}",
"subject": "={{`[${$json.severity}] EnergyTech Compliance Incident: ${$json.incident_type} \u2014 ${$json.incident_id}`}}",
"message": "={{`Incident: ${$json.incident_type}\\nSeverity: ${$json.severity}\\nDetected: ${$json.detected_at}\\n\\nRegulatory clock: ${$json.clock}\\n\\nRequired action: ${$json.action}`}}"
}
},
{
"id": "6",
"name": "Slack #compliance-incidents",
"type": "n8n-nodes-base.slack",
"parameters": {
"channel": "#compliance-incidents",
"text": "={{`:rotating_light: ${$json.severity} \u2014 ${$json.incident_type} (${$json.incident_id})\\nClock: ${$json.clock}\\nAction: ${$json.action}`}}"
}
}
],
"connections": {
"Incident Webhook": {
"main": [
[
{
"node": "Classify Incident"
}
]
]
},
"Classify Incident": {
"main": [
[
{
"node": "Dedup Check"
}
]
]
},
"Dedup Check": {
"main": [
[
{
"node": "Is New?"
}
]
]
},
"Is New?": {
"main": [
[
{
"node": "Escalation Emails"
}
],
[]
]
},
"Escalation Emails": {
"main": [
[
{
"node": "Slack #compliance-incidents"
}
]
]
}
}
}
Self-hosting note: NERC CIP-008 R1's 1-hour notification clock starts when your operations center "determines" a reportable cyber security incident has occurred. If your SOC alert routing runs on cloud iPaaS, the execution timestamp in the vendor's log may be earlier than your internal determination timestamp. In a NERC audit, the earliest documented awareness timestamp governs. Self-hosted n8n puts the detected_at timestamp in your own Postgres — under your direct custody for E-ISAC and regional entity examination.
5. Weekly CleanTech/EnergyTech Compliance KPI Dashboard
Runs every Monday at 8 AM. Pulls metrics from Postgres across all customer tiers, builds an HTML summary, and delivers it to the CEO with BCC to CCO and a Slack post to #exec-energy-kpis.
{
"name": "Weekly CleanTech/EnergyTech KPI Dashboard",
"nodes": [
{
"id": "1",
"name": "Monday 8AM",
"type": "n8n-nodes-base.scheduleTrigger",
"parameters": {
"rule": {
"interval": [
{
"field": "cronExpression",
"expression": "0 8 * * 1"
}
]
}
}
},
{
"id": "2",
"name": "Platform Metrics",
"type": "n8n-nodes-base.postgres",
"parameters": {
"operation": "executeQuery",
"query": "SELECT COUNT(*) FILTER (WHERE tier='UTILITY_SCALE_ENERGY_SAAS') AS utility_accounts, COUNT(*) FILTER (WHERE tier='DISTRIBUTED_ENERGY_SAAS') AS der_accounts, COUNT(*) FILTER (WHERE tier='ENERGY_ANALYTICS_SAAS') AS analytics_accounts, COUNT(*) FILTER (WHERE tier='CLEANTECH_CARBON_SAAS') AS carbon_accounts, COUNT(*) FILTER (WHERE tier='RENEWABLE_ENERGY_SAAS') AS renewable_accounts, COUNT(*) FILTER (WHERE tier='EV_CHARGING_SAAS') AS ev_accounts, COUNT(*) FILTER (WHERE tier='ENERGYTECH_STARTUP') AS startup_accounts, SUM(mrr_usd) AS total_mrr, SUM(CASE WHEN created_at >= NOW() - INTERVAL '7 days' THEN mrr_usd ELSE 0 END) AS new_mrr_7d, COUNT(*) FILTER (WHERE nerc_cip_high_impact=true) AS nerc_cip_high_accounts, COUNT(*) FILTER (WHERE ferc_order_2222_subject=true) AS ferc_2222_accounts, COUNT(*) FILTER (WHERE cems_continuous_monitoring=true) AS cems_accounts, COUNT(*) FILTER (WHERE sec_climate_disclosure_required=true) AS sec_climate_accounts FROM customers"
}
},
{
"id": "3",
"name": "Open Incidents",
"type": "n8n-nodes-base.postgres",
"parameters": {
"operation": "executeQuery",
"query": "SELECT COUNT(*) FILTER (WHERE severity='CRITICAL' AND status='OPEN') AS critical_open, COUNT(*) FILTER (WHERE severity='HIGH' AND status='OPEN') AS high_open, COUNT(*) FILTER (WHERE incident_type='NERC_CIP_REPORTABLE_CYBER_INCIDENT') AS nerc_incidents_7d, COUNT(*) FILTER (WHERE incident_type='DOE_OE417_GRID_EMERGENCY_EVENT') AS doe417_incidents_7d, COUNT(*) FILTER (WHERE incident_type='EPA_CEMS_DATA_GAP') AS cems_gaps_7d, COUNT(*) FILTER (WHERE incident_type='NERC_CIP_007_VULNERABILITY_DETECTED') AS cip007_vulns_open FROM energy_incidents WHERE detected_at >= NOW() - INTERVAL '7 days'"
}
},
{
"id": "4",
"name": "Build HTML Report",
"type": "n8n-nodes-base.code",
"parameters": {
"jsCode": "const m=$('Platform Metrics').first().json;const i=$('Open Incidents').first().json;const prev=$getWorkflowStaticData('global');const mrrPrev=prev.mrr_usd||m.total_mrr;const mrrWow=mrrPrev>0?((m.total_mrr-mrrPrev)/mrrPrev*100).toFixed(1):0;prev.mrr_usd=m.total_mrr;$setWorkflowStaticData('global',prev);const color=i.critical_open>0?'#dc3545':i.high_open>0?'#fd7e14':'#198754';const html=`<h2 style='color:${color}'>CleanTech/EnergyTech Weekly KPI</h2><table border='1' cellpadding='6'><tr><td><b>Utility-scale accounts</b></td><td>${m.utility_accounts}</td></tr><tr><td><b>DER aggregation accounts</b></td><td>${m.der_accounts}</td></tr><tr><td><b>Energy analytics accounts</b></td><td>${m.analytics_accounts}</td></tr><tr><td><b>Carbon/CleanTech accounts</b></td><td>${m.carbon_accounts}</td></tr><tr><td><b>Renewable energy accounts</b></td><td>${m.renewable_accounts}</td></tr><tr><td><b>EV charging accounts</b></td><td>${m.ev_accounts}</td></tr><tr><td><b>Startups</b></td><td>${m.startup_accounts}</td></tr><tr><td><b>Total MRR</b></td><td>$${Number(m.total_mrr||0).toLocaleString()} (${mrrWow}% WoW)</td></tr><tr><td><b>New MRR 7d</b></td><td>$${Number(m.new_mrr_7d||0).toLocaleString()}</td></tr><tr><td><b>NERC CIP High-impact accounts</b></td><td>${m.nerc_cip_high_accounts}</td></tr><tr><td><b>FERC Order 2222 accounts</b></td><td>${m.ferc_2222_accounts}</td></tr><tr><td><b>EPA CEMS accounts</b></td><td>${m.cems_accounts}</td></tr><tr><td><b>SEC climate disclosure accounts</b></td><td>${m.sec_climate_accounts}</td></tr><tr><td><b>Open CRITICAL incidents</b></td><td style='color:${i.critical_open>0?'#dc3545':'inherit'}'>${i.critical_open}</td></tr><tr><td><b>Open HIGH incidents</b></td><td>${i.high_open}</td></tr><tr><td><b>NERC CIP cyber incidents (7d)</b></td><td>${i.nerc_incidents_7d}</td></tr><tr><td><b>DOE OE-417 events (7d)</b></td><td>${i.doe417_incidents_7d}</td></tr><tr><td><b>EPA CEMS data gaps (7d)</b></td><td>${i.cems_gaps_7d}</td></tr><tr><td><b>CIP-007 open vulnerabilities</b></td><td>${i.cip007_vulns_open}</td></tr></table>`;return [{json:{html,subject:`EnergyTech Weekly KPI \u2014 MRR $${Number(m.total_mrr||0).toLocaleString()} (${mrrWow}% WoW) \u2014 ${i.critical_open} CRITICAL open`}}];"
}
},
{
"id": "5",
"name": "Email CEO + BCC CCO",
"type": "n8n-nodes-base.gmail",
"parameters": {
"operation": "send",
"toEmail": "ceo@company.com",
"bccEmail": "cco@company.com",
"subject": "={{$json.subject}}",
"message": "={{$json.html}}",
"options": {
"bodyType": "html"
}
}
},
{
"id": "6",
"name": "Slack #exec-energy-kpis",
"type": "n8n-nodes-base.slack",
"parameters": {
"channel": "#exec-energy-kpis",
"text": "={{$json.subject + ' \u2014 full report in email'}"
}
}
],
"connections": {
"Monday 8AM": {
"main": [
[
{
"node": "Platform Metrics"
}
]
]
},
"Platform Metrics": {
"main": [
[
{
"node": "Open Incidents"
}
]
]
},
"Open Incidents": {
"main": [
[
{
"node": "Build HTML Report"
}
]
]
},
"Build HTML Report": {
"main": [
[
{
"node": "Email CEO + BCC CCO"
}
]
]
},
"Email CEO + BCC CCO": {
"main": [
[
{
"node": "Slack #exec-energy-kpis"
}
]
]
}
}
}
Self-hosting note: NERC CIP evidence (CIP-007 R6) must be retained for 36 months and available for regional entity examination. Running your compliance KPI pipeline through a cloud iPaaS creates a third-party record of your NERC CIP metrics — metrics that a regional entity auditor can request from the vendor independently of your own document production. Self-hosted n8n keeps your NERC CIP evidence entirely within your compliance boundary.
Why CleanTech/EnergyTech SaaS Vendors Choose Self-Hosted n8n
| Compliance driver | Cloud iPaaS exposure | Self-hosted n8n advantage |
|---|---|---|
| NERC CIP CIP-010-4 Transient Cyber Assets | Cloud iPaaS with BES Cyber System connectivity may require CIP-010-4 R4 baseline documentation | n8n runs inside your operational perimeter — no external transient asset |
| NERC CIP CIP-007 R2 35-day patch window | Vendor notification timestamp in iPaaS log = Day 1 regardless of team awareness | Patch management timeline is entirely under your documented control |
| DOE OE-417 24-hour grid emergency clock | iPaaS execution timestamp may predate internal operations center awareness | OE-417 awareness timestamp is in your Postgres — your evidence |
| EPA CEMS 40 CFR Part 75 data lineage | CEMS data aggregated through cloud vendor creates third-party emissions record | CEMS telemetry stays in your monitoring plan data boundary |
| SEC climate Scope 1/2 GHG accuracy | GHG data in cloud workflow = third-party emissions record auditors can examine | Scope 1/2 pipeline output is in your own Postgres for auditor attestation |
Get all 15 workflows
The full FlowKit n8n template library includes 15 production-ready workflows across automation categories — plus the CleanTech/EnergyTech compliance pack above.
Browse FlowKit on Gumroad — individual templates from $12, full bundle $97.
All workflow JSON is import-ready. Works with self-hosted n8n (recommended for NERC CIP/EPA/FERC compliance) and n8n Cloud.
Top comments (0)