SPP Assessed $280,000 Penalty

Background

SPP is a Regional Transmission Organization (RTO) that is mandated by the Commission with ensuring reliable supplies of power, adequate transmission infrastructure, and competitive wholesale prices of electricity. Based in Little Rock, Arkansas, SPP has members in 14 states and a service territory spanning approximately 552,882 square miles that serves 18 million people. The SPP service territory includes more than 70,000 miles of high-voltage transmission lines; approximately 6,140 substations; and more than 1,162 generation plants. The SPP service territory has reached a coincident peak load of approximately 51 GW and has approximately 94 GW of generating nameplate capacity. SPP is registered on the NERC Compliance Registry as a Balancing Authority, Planning Authority/Planning Coordinator, Reliability Coordinator, Reserve Sharing Group, and Transmission Service Provider under NCR01143. SPP, in its capacity as a Reliability Coordinator, is subject to compliance with IRO-002-2 and subsequent versions of the Standard.

Description of Violation

This violation started on January 1, 2016, when the alarm flags were first disabled in the SPP RTCA system, and ended on May 15, 2017, when SPP restored the expected alarming functions in the SPP RTCA system.

On December 22, 2017, SPP submitted a Self-Report to SERC Reliability Corporation stating that, as a Reliability Coordinator, it was in violation of IRO-002-4 R4.6. SPP did not have sufficient alarm management in its Real-time Contingency Assessment (RTCA) system, such that alarms flags were disabled for certain 345 kV and 500 kV Facilities.

On January 1, 2016, a computer program used to verify SPP’s RTCA database began to disable alarm flags for certain 345 kV and 500 kV facilities. When the flag is disabled, the program does not report any real-time or potential post-contingent thermal overloads of that facility to the Energy Management System (EMS), creating a potential lack of operator awareness. At that time, SPP already used multiple validation steps to ensure that EMS alarm functions including RTCA alarms functioned properly; however, this condition went undetected.

On May 15, 2017, while applying a new database validation, SPP Operations Engineering staff discovered some of the alarm flags in the RTCA function were not set properly. After investigation, they determined that an earlier automated verification was disabling flags that affected alarming of some of an individual registered entity’s 345 kV and 500 kV facilities. SPP used data archives to reconstruct the events leading up to the discovery and to perform an extent of condition review, starting with January 1, 2016, when the issue first presented itself. SPP’s review demonstrated that it properly monitored facilities in other voltage levels and in other areas of its footprint and adjacent RC footprints. SPP’s problem did not affect alarming of the affected entity’s EMS.

SPP staff investigated the reason that the automated verification was corrupting the database and corrected the alarm flags. In doing so, SPP created a work-around in the production EMS environment to ensure it actively monitored and alarmed the affected Facilities. On May 15, 2017, the same day that it identified the issue, SPP restored the appropriate settings and resolved the alerting issue. SPP contacted the vendor to obtain a patch as a permanent fix.

The root cause of this violation was a database software issue and insufficient controls in process steps before SPP put the model into the production EMS environment.

NERC Standard at Issue

IRO-002-2, R4 – Each Reliability Coordinator shall have detailed real-time monitoring capability of its Reliability Coordinator Area and sufficient monitoring capability of its surrounding Reliability Coordinator Areas to ensure that potential or actual System Operating Limit or Interconnection Reliability Operating Limit violations are identified. Each Reliability Coordinator shall have monitoring systems that provide information that can be easily understood and interpreted by the Reliability Coordinator’s operating personnel, giving particular emphasis to alarm management and awareness systems, automated data transfers, and synchronized information systems, over a redundant and highly reliable infrastructure.

Basis for Penalty

According to the Settlement Agreement, NCEA has assessed a penalty of two hundred eighty thousand dollars ($280,000) for the referenced violation. In reaching this determination, NCEA considered the following factors:

1. The violation posed a serious or substantial risk to the reliability of the BPS. 

2. The Entity self‐reported the violation.

3. The Entity admitted to and agreed to settle the violation.

4. The Entity was cooperative throughout the compliance enforcement process.

5. The instant violation constituted the Entity’s first occurrence of violation of the subject NERC Reliability Standard.

6. The Entity had an internal compliance program at the time of the violation, which NCEA did not consider a mitigating factor.

7. There were no other mitigating or aggravating factors or extenuating circumstances that would affect the assessed penalty/disposition.