EnergyTech SaaS vendors operate at the intersection of some of the strictest regulatory frameworks in existence: NERC CIP v7 for critical infrastructure cybersecurity, FERC Order 2222 for distributed energy resource market participation, DOE CESER for grid incident reporting, and EPA Title IV for emissions compliance. The compliance automation problem is acute -- and the choice of automation platform carries real regulatory weight.
Here is the core problem: if you route BES Cyber System (BCS) monitoring events, access logs, or operational telemetry through a cloud iPaaS like Zapier or Make, that data path exits your defined Electronic Security Perimeter (ESP) -- a direct NERC CIP-005 exposure. NERC auditors check ESP boundary integrity. Cloud automation vendors are not inside your boundary.
This article gives you five free n8n workflows designed for EnergyTech SaaS vendors. Self-hosted n8n stays inside your defined infrastructure boundary. All compliance data stays in your perimeter by design.
The Fastest Clock: DOE CESER 12-Hour Grid Incident Report
When a cyber or physical incident affects your BES Cyber System, the DOE OE-417 form must be filed within 12 hours of detection. This is the fastest reportable clock in the EnergyTech compliance stack.
The full notification cascade from a single BCS incident:
| Notification | Deadline | Authority | Regulation |
|---|---|---|---|
| E-ISAC notification | 1 hour | NERC E-ISAC | CIP-008-6 R1.2 |
| DOE OE-417 grid incident | 12 hours | DOE CESER | DOE OE-417 |
| FBI Cyber Division | 24 hours | FBI | CIP-008-6 R1.3 |
| Full incident report | 60 days | NERC | CIP-008-6 R2 |
Your incident pipeline workflow (Workflow 4 below) fires on detection and pre-fills the OE-417 fields from the incident data.
Seven Customer Tiers for EnergyTech SaaS
| Tier | Primary Compliance Obligations | Key Self-Hosting Argument |
|---|---|---|
| ENERGY_MANAGEMENT_SAAS | NERC CIP v7 BCS boundary + CIP-007 logging | BCS monitoring data outside ESP = CIP-005 violation |
| DEMAND_RESPONSE_SAAS | FERC Order 2222 DER registration + ISO/RTO market rules | DER dispatch data in cloud = FERC audit scope |
| GRID_ANALYTICS_SAAS | NERC CIP-010 vulnerability assessment + BAL-001-2 reliability | Grid telemetry in cloud = BCS boundary expansion |
| RENEWABLE_ENERGY_SAAS | EPA Title IV CEMS data integrity + 40 CFR Part 75 | CEMS data chain of custody -- cloud adds gap risk |
| UTILITY_BILLING_SAAS | FERC Form 1 annual filing + state PUC rate case data | Rate case data in cloud = PUC discovery expansion |
| SMART_GRID_SAAS | NERC CIP-013 supply chain + FERC Order 2222 | Supply chain risk management -- third-party iPaaS scope |
| ENERGYTECH_STARTUP | SOC 2 Type II + CIP-013 starter kit | Investor due diligence: CIP readiness from day one |
Workflow 1: Tier-Segmented Customer Onboarding Drip
NERC CIP customers get an ESP boundary briefing on Day 0. FERC Order 2222 DER aggregators get a market audit scope briefing. Every customer gets Day 3 follow-up with the fastest compliance clocks in their tier.
{
"name": "EnergyTech Tier-Segmented Onboarding Drip",
"nodes": [
{
"id": "w1-n1",
"name": "New Customer Webhook",
"type": "n8n-nodes-base.webhook",
"typeVersion": 1,
"position": [
240,
300
],
"parameters": {
"path": "energytech-customer-onboard",
"responseMode": "onReceived",
"responseData": "firstEntryJson"
}
},
{
"id": "w1-n2",
"name": "Is NERC CIP Subject",
"type": "n8n-nodes-base.if",
"typeVersion": 1,
"position": [
460,
300
],
"parameters": {
"conditions": {
"boolean": [
{
"value1": "={{ $json.flags.NERC_CIP_V7_SUBJECT }}",
"value2": true
}
]
}
}
},
{
"id": "w1-n3",
"name": "NERC CIP Day0 ESP Brief",
"type": "n8n-nodes-base.emailSend",
"typeVersion": 2,
"position": [
700,
200
],
"parameters": {
"toEmail": "={{ $json.contact_email }}",
"subject": "Your n8n Environment and NERC CIP v7 Electronic Security Perimeter",
"message": "={{ 'Hi ' + $json.contact_name + ', your self-hosted n8n instance operates inside your NERC CIP Electronic Security Perimeter (CIP-005-6). BCS monitoring data does not exit your ESP boundary. Key clocks: DOE CESER OE-417 12h, NERC E-ISAC 1h, FBI 24h. Compliance dashboard is live.' }}"
}
},
{
"id": "w1-n4",
"name": "Is FERC Order 2222 DER",
"type": "n8n-nodes-base.if",
"typeVersion": 1,
"position": [
700,
400
],
"parameters": {
"conditions": {
"boolean": [
{
"value1": "={{ $json.flags.FERC_ORDER_2222_DER_AGGREGATOR }}",
"value2": true
}
]
}
}
},
{
"id": "w1-n5",
"name": "FERC 2222 Day0 Brief",
"type": "n8n-nodes-base.emailSend",
"typeVersion": 2,
"position": [
940,
340
],
"parameters": {
"toEmail": "={{ $json.contact_email }}",
"subject": "FERC Order 2222 DER Aggregation Registration -- Automation Architecture Note",
"message": "={{ 'Hi ' + $json.contact_name + ', your FERC Order 2222 DER aggregation compliance workflows are active. DER dispatch commands and ISO/RTO settlement data stay inside your self-hosted boundary -- not in cloud iPaaS audit scope. FERC Form 1 deadline tracker is pre-configured.' }}"
}
},
{
"id": "w1-n6",
"name": "Standard Day0 Email",
"type": "n8n-nodes-base.emailSend",
"typeVersion": 2,
"position": [
940,
460
],
"parameters": {
"toEmail": "={{ $json.contact_email }}",
"subject": "Welcome to {{ $json.product_name }} -- Your Energy Compliance Workflows Are Ready",
"message": "={{ 'Hi ' + $json.contact_name + ', welcome to ' + $json.product_name + '. Your energy compliance automation stack is live. Pre-built workflows: EPA Title IV emissions monitoring, FERC Form 1 filing deadlines, grid reliability incident tracking, weekly KPI dashboard.' }}"
}
},
{
"id": "w1-n7",
"name": "Wait 3 Days",
"type": "n8n-nodes-base.wait",
"typeVersion": 1,
"position": [
1180,
300
],
"parameters": {
"resume": "timeInterval",
"unit": "days",
"amount": 3
}
},
{
"id": "w1-n8",
"name": "Day3 NERC CIP Clock Reminder",
"type": "n8n-nodes-base.emailSend",
"typeVersion": 2,
"position": [
1420,
300
],
"parameters": {
"toEmail": "={{ $json.contact_email }}",
"subject": "NERC CIP v7 Compliance Clocks -- Pre-Built Templates in Your Account",
"message": "={{ 'Hi ' + $json.contact_name + ', three pre-built templates are in your account: (1) NERC CIP Incident Pipeline -- DOE OE-417 12h clock auto-fires on BCS incident detection. (2) CIP Deadline Tracker -- CIP-004/005/007/010/013 annual and quarterly. (3) Grid API Health Monitor -- BCS endpoint availability every 15 min. View templates: ' + $json.templates_url }}"
}
}
],
"connections": {
"New Customer Webhook": {
"main": [
[
{
"node": "Is NERC CIP Subject",
"type": "main",
"index": 0
}
]
]
},
"Is NERC CIP Subject": {
"main": [
[
{
"node": "NERC CIP Day0 ESP Brief",
"type": "main",
"index": 0
}
],
[
{
"node": "Is FERC Order 2222 DER",
"type": "main",
"index": 0
}
]
]
},
"Is FERC Order 2222 DER": {
"main": [
[
{
"node": "FERC 2222 Day0 Brief",
"type": "main",
"index": 0
}
],
[
{
"node": "Standard Day0 Email",
"type": "main",
"index": 0
}
]
]
},
"NERC CIP Day0 ESP Brief": {
"main": [
[
{
"node": "Wait 3 Days",
"type": "main",
"index": 0
}
]
]
},
"FERC 2222 Day0 Brief": {
"main": [
[
{
"node": "Wait 3 Days",
"type": "main",
"index": 0
}
]
]
},
"Standard Day0 Email": {
"main": [
[
{
"node": "Wait 3 Days",
"type": "main",
"index": 0
}
]
]
},
"Wait 3 Days": {
"main": [
[
{
"node": "Day3 NERC CIP Clock Reminder",
"type": "main",
"index": 0
}
]
]
}
},
"settings": {
"executionOrder": "v1"
}
}
Workflow 2: NERC CIP / FERC / EPA Deadline Tracker
Twelve deadline types across NERC CIP, FERC, and EPA. Fastest clock -- DOE CESER 12-hour -- is flagged IMMEDIATE. System checks daily and sends alerts 30 days out.
Deadline types: DOE_CESER_INCIDENT_REPORT (IMMEDIATE, 12h OE-417), NERC_CIP_CYBERSECURITY_INCIDENT (IMMEDIATE, 1h E-ISAC), NERC_CIP_ACCESS_MANAGEMENT_QUARTERLY (CIP-004-6 R4), NERC_CIP_VULNERABILITY_ASSESSMENT (CIP-010-3, 15 months), FERC_FORM_1_ANNUAL (April 30), FERC_ORDER_2222_DER_REGISTRATION, EPA_TITLE_IV_ANNUAL_COMPLIANCE_CERT (March 1, 40 CFR Part 72), EPA_TITLE_IV_QUARTERLY_EMISSIONS_REPORT (40 CFR Part 75), NERC_CIP_PHYSICAL_SECURITY_ANNUAL, NERC_RELIABILITY_STANDARDS_TRAINING, SOC2_TYPE2_RENEWAL, ANNUAL_PENTEST.
{
"name": "NERC CIP / FERC / EPA Compliance Deadline Tracker",
"nodes": [
{
"id": "w2-n1",
"name": "Daily Deadline Check",
"type": "n8n-nodes-base.scheduleTrigger",
"typeVersion": 1,
"position": [
240,
300
],
"parameters": {
"rule": {
"interval": [
{
"field": "cronExpression",
"expression": "0 7 * * *"
}
]
}
}
},
{
"id": "w2-n2",
"name": "Fetch All Customers",
"type": "n8n-nodes-base.httpRequest",
"typeVersion": 4,
"position": [
460,
300
],
"parameters": {
"method": "GET",
"url": "={{ $env.CRM_API_URL }}/customers?status=active",
"authentication": "genericCredentialType",
"genericAuthType": "httpHeaderAuth"
}
},
{
"id": "w2-n3",
"name": "Split Customers",
"type": "n8n-nodes-base.splitInBatches",
"typeVersion": 3,
"position": [
680,
300
],
"parameters": {
"batchSize": 1
}
},
{
"id": "w2-n4",
"name": "Check Compliance Deadlines",
"type": "n8n-nodes-base.code",
"typeVersion": 2,
"position": [
900,
300
],
"parameters": {
"language": "javaScript",
"jsCode": "const customer = $input.first().json;\nconst today = new Date();\nconst msPerDay = 86400000;\n\nconst deadlineTypes = [\n { type: 'DOE_CESER_INCIDENT_REPORT', label: 'DOE OE-417 12-Hour Grid Incident Report', daysWindow: 0, flag: 'DOE_CESER_INCIDENT_REPORTER', urgency: 'IMMEDIATE', regulation: 'DOE Order OE-417 - 12h clock from incident detection' },\n { type: 'NERC_CIP_CYBERSECURITY_INCIDENT', label: 'NERC CIP Cybersecurity Incident E-ISAC Notification', daysWindow: 0, flag: 'NERC_CIP_V7_SUBJECT', urgency: 'IMMEDIATE', regulation: 'NERC CIP-008-6 R1 - 1h to E-ISAC, 24h to FBI' },\n { type: 'NERC_CIP_ACCESS_MANAGEMENT_QUARTERLY', label: 'NERC CIP-004 Access Review', daysWindow: 90, flag: 'NERC_CIP_V7_SUBJECT', urgency: 'HIGH', regulation: 'NERC CIP-004-6 R4 - quarterly access review' },\n { type: 'NERC_CIP_VULNERABILITY_ASSESSMENT', label: 'NERC CIP-010 Vulnerability Assessment', daysWindow: 455, flag: 'NERC_CIP_V7_SUBJECT', urgency: 'HIGH', regulation: 'NERC CIP-010-3 R1 - 15-month rolling cycle' },\n { type: 'NERC_CIP_PHYSICAL_SECURITY_ANNUAL', label: 'NERC CIP-006 Physical Security Plan Review', daysWindow: 365, flag: 'NERC_CIP_V7_SUBJECT', urgency: 'MEDIUM', regulation: 'NERC CIP-006-6 R1 - annual plan review' },\n { type: 'FERC_FORM_1_ANNUAL', label: 'FERC Form 1 Annual Filing', daysWindow: 365, flag: 'FERC_MARKET_PARTICIPANT', urgency: 'HIGH', regulation: 'FERC 18 CFR Part 141 - April 30 annual filing' },\n { type: 'FERC_ORDER_2222_DER_REGISTRATION', label: 'FERC Order 2222 DER Aggregation Registration Renewal', daysWindow: 365, flag: 'FERC_ORDER_2222_DER_AGGREGATOR', urgency: 'MEDIUM', regulation: 'FERC Order 2222 - ISO/RTO market participation renewal' },\n { type: 'EPA_TITLE_IV_ANNUAL_COMPLIANCE_CERT', label: 'EPA Title IV Acid Rain Annual Compliance Certification', daysWindow: 365, flag: 'EPA_TITLE_IV_ACID_RAIN_REPORTER', urgency: 'HIGH', regulation: 'EPA 40 CFR Part 72 - March 1 annual compliance cert' },\n { type: 'EPA_TITLE_IV_QUARTERLY_EMISSIONS_REPORT', label: 'EPA Title IV CEMS Quarterly Emissions Report', daysWindow: 30, flag: 'EPA_TITLE_IV_ACID_RAIN_REPORTER', urgency: 'MEDIUM', regulation: 'EPA 40 CFR Part 75 - quarterly CEMS data submission' },\n { type: 'NERC_RELIABILITY_STANDARDS_TRAINING', label: 'NERC Reliability Standards Annual Training', daysWindow: 365, flag: 'NERC_CIP_V7_SUBJECT', urgency: 'MEDIUM', regulation: 'NERC CIP-004-6 R2 - annual personnel training' },\n { type: 'SOC2_TYPE2_RENEWAL', label: 'SOC 2 Type II Audit Renewal', daysWindow: 365, flag: 'SOC2_REQUIRED', urgency: 'MEDIUM', regulation: 'AICPA SOC 2 - annual renewal for customer trust' },\n { type: 'ANNUAL_PENTEST', label: 'Annual Penetration Test', daysWindow: 365, flag: null, urgency: 'MEDIUM', regulation: 'CIP-007-6 R3 / SOC 2 CC7.1 - annual pentest' }\n];\n\nconst flags = customer.compliance_flags || {};\nconst lastDeadlines = customer.last_compliance_dates || {};\nconst alerts = [];\n\nfor (const d of deadlineTypes) {\n if (d.flag && !flags[d.flag]) continue;\n const lastDate = lastDeadlines[d.type] ? new Date(lastDeadlines[d.type]) : null;\n if (lastDate) {\n const nextDue = new Date(lastDate.getTime() + d.daysWindow * msPerDay);\n const daysUntil = Math.round((nextDue - today) / msPerDay);\n if (daysUntil <= 30 || d.urgency === 'IMMEDIATE') {\n alerts.push({ customer_id: customer.id, company: customer.company,\n contact: customer.compliance_contact, email: customer.compliance_email,\n deadline_type: d.type, label: d.label, days_until: daysUntil,\n urgency: d.urgency, regulation: d.regulation,\n due_date: nextDue.toISOString().split('T')[0] });\n }\n }\n}\n\nreturn alerts.map(a => ({json: a}));\n"
}
},
{
"id": "w2-n5",
"name": "Has Alerts",
"type": "n8n-nodes-base.if",
"typeVersion": 1,
"position": [
1120,
300
],
"parameters": {
"conditions": {
"number": [
{
"value1": "={{ $items().length }}",
"operation": "larger",
"value2": 0
}
]
}
}
},
{
"id": "w2-n6",
"name": "Send Deadline Alert",
"type": "n8n-nodes-base.emailSend",
"typeVersion": 2,
"position": [
1340,
200
],
"parameters": {
"toEmail": "={{ $json.email }}",
"subject": "={{ '[' + $json.urgency + '] ' + $json.label + ' -- ' + $json.days_until + ' days' }}",
"message": "={{ 'Compliance Alert: ' + $json.label + '\\n\\nCompany: ' + $json.company + '\\nDue: ' + $json.due_date + ' (' + $json.days_until + ' days)\\nUrgency: ' + $json.urgency + '\\nRegulation: ' + $json.regulation }}"
}
}
],
"connections": {
"Daily Deadline Check": {
"main": [
[
{
"node": "Fetch All Customers",
"type": "main",
"index": 0
}
]
]
},
"Fetch All Customers": {
"main": [
[
{
"node": "Split Customers",
"type": "main",
"index": 0
}
]
]
},
"Split Customers": {
"main": [
[
{
"node": "Check Compliance Deadlines",
"type": "main",
"index": 0
}
]
]
},
"Check Compliance Deadlines": {
"main": [
[
{
"node": "Has Alerts",
"type": "main",
"index": 0
}
]
]
},
"Has Alerts": {
"main": [
[
{
"node": "Send Deadline Alert",
"type": "main",
"index": 0
}
],
[]
]
}
},
"settings": {
"executionOrder": "v1"
}
}
Workflow 3: Grid and Energy API Health Monitor (15-Min, NERC CIP)
Five endpoints checked every 15 minutes, each annotated with its specific compliance implication:
-
bcs_monitoring_api-- NERC CIP-007-6 R3: BCS availability logging; outage = CIP-007 R6 incident logging gap -
der_dispatch_api-- FERC Order 2222: DER dispatch availability; outage = ISO/RTO non-performance risk -
emissions_cems_api-- EPA 40 CFR Part 75: CEMS data gap >2h = missing data substitution required -
ferc_market_api-- FERC 18 CFR Part 35: market data availability; outage during settlement = Form 1 integrity gap -
grid_stability_api-- NERC Reliability Standard BAL-001-2: outage = reliability event detection gap
{
"name": "Grid and Energy API Health Monitor (15-min NERC CIP)",
"nodes": [
{
"id": "w3-n1",
"name": "Every 15 Minutes",
"type": "n8n-nodes-base.scheduleTrigger",
"typeVersion": 1,
"position": [
240,
300
],
"parameters": {
"rule": {
"interval": [
{
"field": "minutes",
"minutesInterval": 15
}
]
}
}
},
{
"id": "w3-n2",
"name": "Check BCS Monitoring API",
"type": "n8n-nodes-base.httpRequest",
"typeVersion": 4,
"position": [
460,
180
],
"parameters": {
"method": "GET",
"url": "={{ $env.BCS_MONITORING_API_URL }}/health",
"timeout": 10000,
"options": {
"response": {
"response": {
"fullResponse": true
}
}
}
}
},
{
"id": "w3-n3",
"name": "Check DER Dispatch API",
"type": "n8n-nodes-base.httpRequest",
"typeVersion": 4,
"position": [
460,
280
],
"parameters": {
"method": "GET",
"url": "={{ $env.DER_DISPATCH_API_URL }}/health",
"timeout": 10000,
"options": {
"response": {
"response": {
"fullResponse": true
}
}
}
}
},
{
"id": "w3-n4",
"name": "Check Emissions CEMS API",
"type": "n8n-nodes-base.httpRequest",
"typeVersion": 4,
"position": [
460,
380
],
"parameters": {
"method": "GET",
"url": "={{ $env.EMISSIONS_CEMS_API_URL }}/health",
"timeout": 10000,
"options": {
"response": {
"response": {
"fullResponse": true
}
}
}
}
},
{
"id": "w3-n5",
"name": "Check FERC Market API",
"type": "n8n-nodes-base.httpRequest",
"typeVersion": 4,
"position": [
460,
480
],
"parameters": {
"method": "GET",
"url": "={{ $env.FERC_MARKET_API_URL }}/health",
"timeout": 10000,
"options": {
"response": {
"response": {
"fullResponse": true
}
}
}
}
},
{
"id": "w3-n6",
"name": "Check Grid Stability API",
"type": "n8n-nodes-base.httpRequest",
"typeVersion": 4,
"position": [
460,
580
],
"parameters": {
"method": "GET",
"url": "={{ $env.GRID_STABILITY_API_URL }}/health",
"timeout": 10000,
"options": {
"response": {
"response": {
"fullResponse": true
}
}
}
}
},
{
"id": "w3-n7",
"name": "Aggregate Health Results",
"type": "n8n-nodes-base.code",
"typeVersion": 2,
"position": [
680,
380
],
"parameters": {
"language": "javaScript",
"jsCode": "const endpoints = [\n { name: 'bcs_monitoring_api', label: 'BES Cyber System Monitoring API',\n note: 'NERC CIP-007-6 R3: BCS availability logging -- outage = CIP-007 R6 incident logging gap',\n item: $('Check BCS Monitoring API').first() },\n { name: 'der_dispatch_api', label: 'DER Dispatch API',\n note: 'FERC Order 2222: DER dispatch availability -- outage = ISO/RTO non-performance risk 18 CFR Part 35',\n item: $('Check DER Dispatch API').first() },\n { name: 'emissions_cems_api', label: 'Emissions CEMS API',\n note: 'EPA 40 CFR Part 75: CEMS data gap > 2h = missing data substitution required',\n item: $('Check Emissions CEMS API').first() },\n { name: 'ferc_market_api', label: 'FERC Market API',\n note: 'FERC 18 CFR Part 35: market data availability -- outage during settlement = Form 1 data integrity gap',\n item: $('Check FERC Market API').first() },\n { name: 'grid_stability_api', label: 'Grid Stability API',\n note: 'NERC Reliability Standard BAL-001-2: grid stability monitoring -- outage = reliability event detection gap',\n item: $('Check Grid Stability API').first() }\n];\n\nconst down = [];\nfor (const ep of endpoints) {\n const statusCode = ep.item?.json?.statusCode || ep.item?.json?.status || 0;\n const isDown = !statusCode || statusCode >= 400 || statusCode === 0;\n if (isDown) {\n down.push({ endpoint: ep.name, label: ep.label, note: ep.note,\n status_code: statusCode, detected_at: new Date().toISOString() });\n }\n}\nif (down.length === 0) return [{ json: { status: 'all_healthy', checked_at: new Date().toISOString() } }];\nreturn down.map(d => ({ json: d }));\n"
}
},
{
"id": "w3-n8",
"name": "Any Endpoint Down",
"type": "n8n-nodes-base.if",
"typeVersion": 1,
"position": [
900,
380
],
"parameters": {
"conditions": {
"string": [
{
"value1": "={{ $json.status }}",
"operation": "notEqual",
"value2": "all_healthy"
}
]
}
}
},
{
"id": "w3-n9",
"name": "Alert Engineering and Compliance",
"type": "n8n-nodes-base.emailSend",
"typeVersion": 2,
"position": [
1120,
280
],
"parameters": {
"toEmail": "={{ $env.ENG_ALERT_EMAIL }}",
"ccEmail": "={{ $env.COMPLIANCE_EMAIL }}",
"subject": "=[GRID API DOWN] {{ $json.label }} -- NERC/FERC/EPA Compliance Risk",
"message": "={{ '[GRID API DOWN] ' + $json.label + ' (' + $json.endpoint + ')\\nDetected: ' + $json.detected_at + '\\nHTTP Status: ' + $json.status_code + '\\n\\nCompliance note: ' + $json.note }}"
}
}
],
"connections": {
"Every 15 Minutes": {
"main": [
[
{
"node": "Check BCS Monitoring API",
"type": "main",
"index": 0
},
{
"node": "Check DER Dispatch API",
"type": "main",
"index": 0
},
{
"node": "Check Emissions CEMS API",
"type": "main",
"index": 0
},
{
"node": "Check FERC Market API",
"type": "main",
"index": 0
},
{
"node": "Check Grid Stability API",
"type": "main",
"index": 0
}
]
]
},
"Check BCS Monitoring API": {
"main": [
[
{
"node": "Aggregate Health Results",
"type": "main",
"index": 0
}
]
]
},
"Check DER Dispatch API": {
"main": [
[
{
"node": "Aggregate Health Results",
"type": "main",
"index": 0
}
]
]
},
"Check Emissions CEMS API": {
"main": [
[
{
"node": "Aggregate Health Results",
"type": "main",
"index": 0
}
]
]
},
"Check FERC Market API": {
"main": [
[
{
"node": "Aggregate Health Results",
"type": "main",
"index": 0
}
]
]
},
"Check Grid Stability API": {
"main": [
[
{
"node": "Aggregate Health Results",
"type": "main",
"index": 0
}
]
]
},
"Aggregate Health Results": {
"main": [
[
{
"node": "Any Endpoint Down",
"type": "main",
"index": 0
}
]
]
},
"Any Endpoint Down": {
"main": [
[
{
"node": "Alert Engineering and Compliance",
"type": "main",
"index": 0
}
],
[]
]
}
},
"settings": {
"executionOrder": "v1"
}
}
Workflow 4: Compliance Incident Pipeline
Eight incident types routed to the correct response with pre-filled notification templates. DOE CESER 12-hour clock is the fastest trigger. The pipeline runs inside your self-hosted n8n instance -- incident data never exits your ESP before filing.
Incident types: NERC_CIP_CYBERSECURITY_INCIDENT (IMMEDIATE -- E-ISAC 1h / FBI 24h), DOE_CESER_GRID_INCIDENT (12h OE-417), EPA_TITLE_IV_EXCEEDANCE (CEMS data integrity), FERC_MARKET_MANIPULATION (IMMEDIATE), NERC_CIP_PHYSICAL_SECURITY_BREACH (24h), BES_RELIABILITY_INCIDENT (IMMEDIATE), FERC_ORDER_2222_DER_NON_PERFORMANCE (48h), DATA_BREACH_CRITICAL_INFRA (72h multi-agency).
{
"name": "EnergyTech Compliance Incident Pipeline",
"nodes": [
{
"id": "w4-n1",
"name": "Incident Webhook",
"type": "n8n-nodes-base.webhook",
"typeVersion": 1,
"position": [
240,
300
],
"parameters": {
"path": "energytech-incident",
"responseMode": "onReceived",
"responseData": "firstEntryJson"
}
},
{
"id": "w4-n2",
"name": "Route by Incident Type",
"type": "n8n-nodes-base.switch",
"typeVersion": 3,
"position": [
460,
300
],
"parameters": {
"mode": "rules",
"rules": {
"values": [
{
"conditions": {
"options": {
"caseSensitive": false
},
"conditions": [
{
"leftValue": "={{ $json.incident_type }}",
"operator": {
"type": "string",
"operation": "equals"
},
"rightValue": "NERC_CIP_CYBERSECURITY_INCIDENT"
}
]
},
"renameOutput": true,
"outputKey": "NERC_CIP_CYBER"
},
{
"conditions": {
"options": {
"caseSensitive": false
},
"conditions": [
{
"leftValue": "={{ $json.incident_type }}",
"operator": {
"type": "string",
"operation": "equals"
},
"rightValue": "DOE_CESER_GRID_INCIDENT"
}
]
},
"renameOutput": true,
"outputKey": "DOE_CESER_12H"
},
{
"conditions": {
"options": {
"caseSensitive": false
},
"conditions": [
{
"leftValue": "={{ $json.incident_type }}",
"operator": {
"type": "string",
"operation": "equals"
},
"rightValue": "EPA_TITLE_IV_EXCEEDANCE"
}
]
},
"renameOutput": true,
"outputKey": "EPA_EXCEEDANCE"
},
{
"conditions": {
"options": {
"caseSensitive": false
},
"conditions": [
{
"leftValue": "={{ $json.incident_type }}",
"operator": {
"type": "string",
"operation": "equals"
},
"rightValue": "FERC_MARKET_MANIPULATION"
}
]
},
"renameOutput": true,
"outputKey": "FERC_MARKET"
},
{
"conditions": {
"options": {
"caseSensitive": false
},
"conditions": [
{
"leftValue": "={{ $json.incident_type }}",
"operator": {
"type": "string",
"operation": "equals"
},
"rightValue": "NERC_CIP_PHYSICAL_SECURITY_BREACH"
}
]
},
"renameOutput": true,
"outputKey": "CIP_PHYSICAL"
},
{
"conditions": {
"options": {
"caseSensitive": false
},
"conditions": [
{
"leftValue": "={{ $json.incident_type }}",
"operator": {
"type": "string",
"operation": "equals"
},
"rightValue": "BES_RELIABILITY_INCIDENT"
}
]
},
"renameOutput": true,
"outputKey": "BES_RELIABILITY"
},
{
"conditions": {
"options": {
"caseSensitive": false
},
"conditions": [
{
"leftValue": "={{ $json.incident_type }}",
"operator": {
"type": "string",
"operation": "equals"
},
"rightValue": "FERC_ORDER_2222_DER_NON_PERFORMANCE"
}
]
},
"renameOutput": true,
"outputKey": "DER_NON_PERF"
},
{
"conditions": {
"options": {
"caseSensitive": false
},
"conditions": [
{
"leftValue": "={{ $json.incident_type }}",
"operator": {
"type": "string",
"operation": "equals"
},
"rightValue": "DATA_BREACH_CRITICAL_INFRA"
}
]
},
"renameOutput": true,
"outputKey": "DATA_BREACH"
}
]
}
}
},
{
"id": "w4-n3",
"name": "NERC CIP Cyber IMMEDIATE",
"type": "n8n-nodes-base.emailSend",
"typeVersion": 2,
"position": [
720,
100
],
"parameters": {
"toEmail": "={{ $env.CISO_EMAIL }}",
"ccEmail": "={{ $env.COMPLIANCE_EMAIL }}",
"subject": "[IMMEDIATE NERC CIP CYBER] {{ $json.incident_title }} -- E-ISAC 1h / FBI 24h",
"message": "={{ '[NERC CIP CYBERSECURITY INCIDENT]\\nIncident: ' + $json.incident_title + '\\nDetected: ' + $json.detected_at + '\\nRequired: E-ISAC 1h (CIP-008-6 R1.2) / FBI 24h (CIP-008-6 R1.3) / DOE OE-417 12h\\nDo NOT route incident data through external APIs until ESP boundary analysis complete.' }}"
}
},
{
"id": "w4-n4",
"name": "DOE CESER 12H Alert",
"type": "n8n-nodes-base.emailSend",
"typeVersion": 2,
"position": [
720,
200
],
"parameters": {
"toEmail": "={{ $env.COMPLIANCE_EMAIL }}",
"ccEmail": "={{ $env.CISO_EMAIL }}",
"subject": "[12H CLOCK DOE OE-417] {{ $json.incident_title }} -- Grid Impact Incident",
"message": "={{ '[DOE CESER GRID INCIDENT -- 12-Hour OE-417 Clock]\\nIncident: ' + $json.incident_title + '\\nDetected: ' + $json.detected_at + '\\nOE-417 filing deadline: ' + $json.oe417_deadline + '\\nCategory: ' + ($json.oe417_category || 'TBD') + '\\nSubmit at: https://oe.netl.doe.gov/OE417.aspx' }}"
}
},
{
"id": "w4-n5",
"name": "EPA Title IV Exceedance",
"type": "n8n-nodes-base.emailSend",
"typeVersion": 2,
"position": [
720,
300
],
"parameters": {
"toEmail": "={{ $env.COMPLIANCE_EMAIL }}",
"subject": "[EPA TITLE IV] {{ $json.incident_title }} -- CEMS Exceedance Detected",
"message": "={{ '[EPA Title IV CEMS Exceedance]\\nUnit: ' + ($json.unit_id || 'UNKNOWN') + '\\nParameter: ' + ($json.parameter || 'UNKNOWN') + '\\nMeasured: ' + ($json.measured_value || 'UNKNOWN') + '\\nPermit limit: ' + ($json.permit_limit || 'UNKNOWN') + '\\nAction: Log in CEMS QA record. Apply 40 CFR 75.33 missing data substitution if gap > 2h.' }}"
}
},
{
"id": "w4-n6",
"name": "BES Reliability IMMEDIATE",
"type": "n8n-nodes-base.emailSend",
"typeVersion": 2,
"position": [
720,
400
],
"parameters": {
"toEmail": "={{ $env.OPERATIONS_EMAIL }}",
"ccEmail": "={{ $env.COMPLIANCE_EMAIL }}",
"subject": "[IMMEDIATE BES RELIABILITY] {{ $json.incident_title }} -- NERC Reliability Event",
"message": "={{ '[BES Reliability Incident]\\nIncident: ' + $json.incident_title + '\\nDetected: ' + $json.detected_at + '\\nAffected BES element: ' + ($json.transmission_element || 'UNKNOWN') + '\\nDocument event sequence. If above NERC reportable thresholds (PC-2): notify compliance within 24h.' }}"
}
},
{
"id": "w4-n7",
"name": "Data Breach 72H Alert",
"type": "n8n-nodes-base.emailSend",
"typeVersion": 2,
"position": [
720,
500
],
"parameters": {
"toEmail": "={{ $env.CISO_EMAIL }}",
"ccEmail": "={{ $env.COMPLIANCE_EMAIL }}",
"subject": "[72H CLOCK DATA BREACH] {{ $json.incident_title }} -- Critical Infrastructure PII",
"message": "={{ '[Data Breach -- Critical Infrastructure]\\nIncident: ' + $json.incident_title + '\\nDetected: ' + $json.detected_at + '\\n72h notification deadline: ' + $json.breach_notification_deadline + '\\nNotify: state AG if >500 residents / NERC E-ISAC if CIP-protected data / DOE CESER if BCS data / FERC if market-sensitive data.' }}"
}
}
],
"connections": {
"Incident Webhook": {
"main": [
[
{
"node": "Route by Incident Type",
"type": "main",
"index": 0
}
]
]
},
"Route by Incident Type": {
"main": [
[
{
"node": "NERC CIP Cyber IMMEDIATE",
"type": "main",
"index": 0
}
],
[
{
"node": "DOE CESER 12H Alert",
"type": "main",
"index": 0
}
],
[
{
"node": "EPA Title IV Exceedance",
"type": "main",
"index": 0
}
],
[
{
"node": "BES Reliability IMMEDIATE",
"type": "main",
"index": 0
}
],
[
{
"node": "BES Reliability IMMEDIATE",
"type": "main",
"index": 0
}
],
[
{
"node": "BES Reliability IMMEDIATE",
"type": "main",
"index": 0
}
],
[
{
"node": "BES Reliability IMMEDIATE",
"type": "main",
"index": 0
}
],
[
{
"node": "Data Breach 72H Alert",
"type": "main",
"index": 0
}
]
]
}
},
"settings": {
"executionOrder": "v1"
}
}
Workflow 5: Weekly KPI Dashboard
Monday 07:00 UTC pull of business metrics plus compliance status. Email to CEO with BCC to CISO and CCO. Subject line includes NERC CIP open incident count so leadership sees compliance posture at a glance.
{
"name": "EnergyTech SaaS Weekly KPI Dashboard",
"nodes": [
{
"id": "w5-n1",
"name": "Monday 7am KPI Pull",
"type": "n8n-nodes-base.scheduleTrigger",
"typeVersion": 1,
"position": [
240,
300
],
"parameters": {
"rule": {
"interval": [
{
"field": "cronExpression",
"expression": "0 7 * * 1"
}
]
}
}
},
{
"id": "w5-n2",
"name": "Fetch Business Metrics",
"type": "n8n-nodes-base.httpRequest",
"typeVersion": 4,
"position": [
460,
260
],
"parameters": {
"method": "GET",
"url": "={{ $env.METRICS_API_URL }}/weekly-kpi",
"authentication": "genericCredentialType",
"genericAuthType": "httpHeaderAuth"
}
},
{
"id": "w5-n3",
"name": "Fetch Compliance Status",
"type": "n8n-nodes-base.httpRequest",
"typeVersion": 4,
"position": [
460,
380
],
"parameters": {
"method": "GET",
"url": "={{ $env.COMPLIANCE_API_URL }}/open-items",
"authentication": "genericCredentialType",
"genericAuthType": "httpHeaderAuth"
}
},
{
"id": "w5-n4",
"name": "Build KPI Report",
"type": "n8n-nodes-base.code",
"typeVersion": 2,
"position": [
700,
320
],
"parameters": {
"language": "javaScript",
"jsCode": "const metrics = $('Fetch Business Metrics').first().json;\nconst compliance = $('Fetch Compliance Status').first().json;\nconst week = new Date().toISOString().split('T')[0];\n\nconst lines = [\n '=== EnergyTech SaaS Weekly KPI -- ' + week + ' ===',\n '',\n 'BUSINESS METRICS',\n 'Active Customers: ' + (metrics.active_customers || 0),\n 'MRR: $' + (metrics.mrr || 0).toLocaleString(),\n 'MRR Growth WoW: ' + (metrics.mrr_growth_pct || 0) + '%',\n 'API Calls 7d: ' + (metrics.api_calls_7d || 0).toLocaleString(),\n 'New Signups 7d: ' + (metrics.new_signups_7d || 0),\n 'Churn 7d: ' + (metrics.churn_7d || 0),\n '',\n 'COMPLIANCE DASHBOARD',\n 'NERC CIP Incidents Open: ' + (compliance.nerc_cip_incidents_open || 0),\n 'DOE CESER Reports Pending: ' + (compliance.doe_ceser_pending || 0),\n 'EPA CEMS Exceedances 7d: ' + (compliance.epa_cems_exceedances_7d || 0),\n 'FERC Deadlines Approaching 30d: ' + (compliance.ferc_deadlines_30d || 0),\n 'Overdue Compliance Items: ' + (compliance.overdue_items || 0),\n '',\n 'API HEALTH past 7 days',\n 'BCS Monitoring API uptime: ' + (metrics.bcs_api_uptime_pct || '--') + '%',\n 'DER Dispatch API uptime: ' + (metrics.der_api_uptime_pct || '--') + '%',\n 'Emissions CEMS API uptime: ' + (metrics.cems_api_uptime_pct || '--') + '%',\n '',\n '--- Sent by n8n compliance automation ---'\n];\n\nreturn [{ json: { report: lines.join('\\n'), week, metrics, compliance } }];\n"
}
},
{
"id": "w5-n5",
"name": "Send to CEO BCC CISO CCO",
"type": "n8n-nodes-base.emailSend",
"typeVersion": 2,
"position": [
940,
320
],
"parameters": {
"toEmail": "={{ $env.CEO_EMAIL }}",
"bccEmail": "={{ $env.CISO_EMAIL + ',' + $env.CCO_EMAIL }}",
"subject": "=[EnergyTech KPI] Week of {{ $json.week }} -- MRR ${{ $json.metrics.mrr }} / NERC CIP {{ $json.compliance.nerc_cip_incidents_open }} open",
"message": "={{ $json.report }}"
}
}
],
"connections": {
"Monday 7am KPI Pull": {
"main": [
[
{
"node": "Fetch Business Metrics",
"type": "main",
"index": 0
},
{
"node": "Fetch Compliance Status",
"type": "main",
"index": 0
}
]
]
},
"Fetch Business Metrics": {
"main": [
[
{
"node": "Build KPI Report",
"type": "main",
"index": 0
}
]
]
},
"Fetch Compliance Status": {
"main": [
[
{
"node": "Build KPI Report",
"type": "main",
"index": 0
}
]
]
},
"Build KPI Report": {
"main": [
[
{
"node": "Send to CEO BCC CISO CCO",
"type": "main",
"index": 0
}
]
]
}
},
"settings": {
"executionOrder": "v1"
}
}
Five Self-Hosting Procurement Arguments for EnergyTech SaaS
When your EnergyTech customer's procurement team asks why they cannot use their existing Zapier or Make subscription:
1. NERC CIP-005 Electronic Security Perimeter
NERC CIP-005-6 requires that EACMS and BES Cyber System data remain inside the defined ESP. Routing BCS events through cloud iPaaS creates a data path that exits the ESP. NERC auditors check boundary integrity. An undocumented external path is a CIP-005 finding.
2. FERC Market Manipulation Audit Scope
FERC Order 2222 settlement data and DER dispatch records are subject to FERC audit under 18 CFR Part 35. When that data flows through cloud automation infrastructure, the infrastructure becomes part of the audit scope (FERC v. Barclays, 2012 precedent). Self-hosted keeps settlement automation out of FERC audit expansion.
3. DOE CESER Incident Report Pre-Submission Exposure
DOE OE-417 incident reports must be filed within 12 hours. When the pre-submission incident data flows through cloud automation to build the report, it is transmitted to a third-party system before it is protected under the filed-report record. Self-hosted automation keeps pre-submission incident data inside your control.
4. EPA 40 CFR Part 75 CEMS Data Chain of Custody
CEMS data submitted under EPA Title IV Acid Rain Program must meet data integrity requirements in 40 CFR Part 75. CEMS data routed through cloud automation introduces a chain-of-custody gap that EPA EDR cannot verify. Self-hosted automation maintains an unbroken, auditable chain from sensor to submission.
5. NERC CIP-013 Supply Chain Risk Management
NERC CIP-013-1 requires that vendors with Electronic Access to BES Cyber Systems be assessed for supply chain risk. Adding cloud automation vendors to the BCS data flow requires a formal CIP-013 supply chain risk management plan entry. Self-hosted n8n, deployed by the operator, is an internal tool -- not a third-party vendor in the CIP-013 supply chain scope.
Get the Pre-Built Templates
All five workflows are in the FlowKit n8n Automation Templates store as part of the complete compliance automation bundle.
The full EnergyTech SaaS compliance bundle includes:
- Tier-segmented onboarding drip (7 tiers, 6 compliance flags)
- NERC CIP / FERC / EPA deadline tracker (12 deadline types)
- Grid API health monitor with NERC/FERC/EPA compliance annotations
- Incident pipeline (8 incident types, fastest: DOE CESER 12h OE-417)
- Weekly KPI dashboard (CEO + BCC CISO + CCO)
- NERC CIP-013 supply chain risk checklist
- FERC Form 1 data preparation workflow
Free workflow JSON is in this article. The bundle includes pre-configured credentials templates and the compliance clock reference card.
EnergyTech SaaS compliance automation built with n8n. Self-hosted. Your perimeter.
Top comments (0)