Page 7-SA-1

PM5-0403-WBX

SUBSTATION AUTOMATION
SYSTEMS
Based on the IEC 61850 Communications Standard

A Technical Specification for

Seven Substations and Three Terminal Stations

Prepared for

Metropolitan Electricity Authority

Prepared by
Power System Maintenance Department

January 16, 2012

 Page 7-SA-2
PM5-0403-WBX
TABLE of CONTENTS

1 SCOPE OF WORK.......................................................................................................... 6

2 SYSTEM ARCHITECTURE and HIERARCHY ................................................................ 9

2.1 BASIC ARCHITECTURE................................................................................................. 9
2.1.1 Station Communications................................................................................................ 10
2.1.1.1 Substation LAN ............................................................................................................. 10
2.1.1.2 Gateway for Enterprise Communications....................................................................... 10
2.1.2 Station Level.................................................................................................................. 11
2.1.2.1 System Linchpins: Local Repository and System Logs.................................................. 12
2.1.2.2 Common IED Capabilities.............................................................................................. 13
2.1.2.3 Central Control Unit (CCU) ............................................................................................ 14
2.1.2.4 Operator Interface [MMI] ............................................................................................... 18
2.1.2.4.1 Three Platforms............................................................................................................. 18
2.1.2.4.2 Operator Interface Responsibilities................................................................................ 19
2.1.2.5 Print Server ................................................................................................................... 21
2.1.2.6 Time and Date Server (TDS) ......................................................................................... 21
2.1.3 Bay Level ...................................................................................................................... 22
2.1.3.1 Bay Control Units / IEDs................................................................................................ 22
2.1.3.2 Bay Control Units with Protection Relays (BCUs) .......................................................... 23
2.2 FAILURE and MAINTENANCE MANAGEMENT ........................................................... 33

3 FUNCTIONAL REQUIREMENTS .................................................................................. 37

3.1 SYSTEM CONFIGURATION......................................................................................... 37
3.1.1 IEC 61850 Configuration Tools and Process ................................................................. 42
3.1.2 Open System Provision ................................................................................................. 42
3.2 FILE MANAGEMENT .................................................................................................... 44
3.2.1 Objectives ..................................................................................................................... 44
3.2.2 An Approach.................................................................................................................. 44
3.2.3 File Agent Responsibilities............................................................................................. 45
3.2.4 File Transfer Initiators.................................................................................................... 48
3.3 DATA ACQUISITION..................................................................................................... 48
3.4 DATA PROCESSING .................................................................................................... 48
3.4.1 Data Quality................................................................................................................... 48
3.4.2 Event Processing .......................................................................................................... 49
3.4.3 Status Processing ......................................................................................................... 50
3.4.4 Measurement Processing .............................................................................................. 50
3.4.5 Control Command Processing....................................................................................... 51
3.4.5.1 Control Initiators ............................................................................................................ 52
3.4.5.2 Types of Control Operations.......................................................................................... 52
3.4.5.2.1 Control of Two-State Devices ........................................................................................ 52
3.4.5.2.2 Control of Three-State Devices ..................................................................................... 53
3.4.5.2.3 Control of Integer-State Devices.................................................................................... 53
3.4.5.2.4 Incremental Device Control (Jog Control) ...................................................................... 53
3.4.5.2.5 Integer-Controlled Step Position Devices ...................................................................... 53
3.4.5.2.6 Set-Point Control ........................................................................................................... 53
3.4.6 Calculations................................................................................................................... 53
3.5 PROGRAMMABLE LOGIC APPLICATIONS ................................................................. 54
3.5.1 Heartbeat Function ........................................................................................................ 54
3.5.2 TRIP Counters for Circuit Breakers ............................................................................... 55
3.5.3 Rate of Change (ROC) Limit Checking .......................................................................... 55
3.5.4 Breaker Operating Time Checks.................................................................................... 56
 Page7-SA-3
PM5-0403-WBX
3.5.5 Feeder Fault and Breaker Lockout Recognition............................................................. 56
3.5.6 Automated Control Sequences...................................................................................... 56
3.5.6.1 Line Throw-over Scheme (LTO) .................................................................................... 56
3.5.6.2 Bus Throw-over Scheme (BTO)..................................................................................... 57
3.5.6.3 Bus Coupler Throw-over Scheme (CTO) ....................................................................... 57
3.5.6.4 Load Shed and Restoration ........................................................................................... 60
3.5.6.5 Voltage Selection (VS) .................................................................................................. 61
3.5.7 Protection Applications (Breaker failure protection, 50BF) .............................................. 61
3.6 HISTORICAL DATA ...................................................................................................... 62
3.7 OPERATOR INTERFACE [MMI] FUNCTIONS.............................................................. 63
3.7.1 General Requirements .................................................................................................. 63
3.7.1.1 Windows Usage ............................................................................................................ 63
3.7.1.2 User Interface Features................................................................................................. 64
3.7.1.3 Toolbars ........................................................................................................................ 64
3.7.1.4 Dialog Boxes ................................................................................................................. 65
3.7.1.5 Information Boxes ......................................................................................................... 65
3.7.1.6 HELP Function .............................................................................................................. 65
3.7.1.7 Display Capabilities (General) ....................................................................................... 65
3.7.2 Operator Functions........................................................................................................ 66
3.7.2.1 Display Call-Up.............................................................................................................. 66
3.7.2.2 Supervisory Control Procedures .................................................................................... 67
3.7.2.3 Device Tagging ............................................................................................................. 68
3.7.2.4 Placing Data and Command Points ‘In-Service’ and ‘Out-of-Service’ ............................ 68
3.7.2.5 Using Substituted Values............................................................................................... 69
3.7.2.6 Display Hard Copy......................................................................................................... 69
3.7.2.7 User Log-On.................................................................................................................. 69
3.7.3 Modes of Operation ....................................................................................................... 69
3.7.3.1 Operator Mode .............................................................................................................. 70
3.7.3.2 Supervisor Mode ........................................................................................................... 70
3.7.3.3 Maintenance Mode ........................................................................................................ 70
3.7.3.4 Programmer Mode......................................................................................................... 70
3.7.4 Event and Alarm Processing ......................................................................................... 70
3.7.4.1 Events ........................................................................................................................... 70
3.7.4.2 Definition of Alarms ....................................................................................................... 71
3.7.4.3 Alarm Processing .......................................................................................................... 72
3.7.4.4 Recording of Alarms and Events ................................................................................... 72
3.7.5 CompositeLog Capability............................................................................................... 73
3.7.6 Browsing to Capture Repository Data Components....................................................... 74
3.7.7 Displays......................................................................................................................... 76
3.7.7.1 Directories ..................................................................................................................... 76
3.7.7.2 Station Displays............................................................................................................. 76
3.7.7.3 Point Profile Displays..................................................................................................... 76
3.7.7.4 Communications Status / Operational Status Display .................................................... 76
3.7.7.5 Summary Displays......................................................................................................... 76
3.7.7.6 Log Displays.................................................................................................................. 78
3.7.7.7 Bulletin Board ................................................................................................................ 78
3.7.7.8 System Management Displays ...................................................................................... 78
3.7.8 Control Capabilities ....................................................................................................... 78
3.7.9 Other Capabilities.......................................................................................................... 79
3.8 REMOTE FILE MANAGER............................................................................................ 80
3.9 EQUIPMENT POWER SUPPLY.................................................................................... 80
3.9.1 Power Circuits within other Equipment .......................................................................... 80
3.9.2 Stand-Alone Power Units............................................................................................... 80
3.9.3 Wetting Voltage ............................................................................................................. 81

4 SYSTEM DESIGN CONSTRAINTS AND TESTING ...................................................... 82

-3-
 Page7-SA-4
PM5-0403-WBX
4.1 GENERAL REQUIREMENTS........................................................................................ 82
4.1.1 System Design and Engineering.................................................................................... 82
4.1.2 System Reliability and Availability.................................................................................. 82
4.1.2.1 Critical Functions........................................................................................................... 83
4.1.2.2 Non-Critical Functions ................................................................................................... 84
4.1.3 System Security ............................................................................................................ 84
4.1.4 System Sizing................................................................................................................ 85
4.1.4.1 Initially Delivered Systems............................................................................................. 86
4.1.4.2 Expansion and Upgrading ............................................................................................. 87
4.1.5 Reference Standards..................................................................................................... 87
4.1.5.1 Standards Groups ......................................................................................................... 87
4.1.5.2 Specific Relevant Standards.......................................................................................... 88
4.2 SYSTEM PERFORMANCE REQUIREMENTS.............................................................. 90
4.2.1 The General Rule .......................................................................................................... 90
4.2.2 Time Synchronization and Time-Stamping .................................................................... 90
4.2.3 CCU .............................................................................................................................. 91
4.2.3.1 ‘System Log’ Entries...................................................................................................... 91
4.2.3.2 Backup of Real-Time Data............................................................................................. 91
4.2.3.3 Time Synchronization .................................................................................................... 91
4.2.4 Operator Interface [MMI] ............................................................................................... 91
4.2.4.1 Operator Request Completion Time .............................................................................. 91
4.2.4.2 Display Update Time ..................................................................................................... 91
4.2.4.3 MMI Boot-Up Time and Start-Up Time........................................................................... 92
4.2.4.4 System Restarts ............................................................................................................ 92
4.2.5 Communications............................................................................................................ 92
4.2.5.1 Network Associations .................................................................................................... 92
4.2.5.2 SubLAN Data-Interchange Failure between Station-Level and Bay-Level ..................... 93
4.2.5.3 Communication Errors................................................................................................... 93
4.3 HARDWARE REQUIREMENTS .................................................................................... 93
4.3.1 Equipment Power Supply .............................................................................................. 93
4.3.1.1 General Specifications................................................................................................... 93
4.3.1.2 System-Related Specifications ...................................................................................... 94
4.3.2 IED Clock Circuits and Time-Stamping Capabilities....................................................... 94
4.3.3 Substation LANs............................................................................................................ 95
4.3.4 CCU .............................................................................................................................. 95
4.3.5 Operator Interface [MMI] ............................................................................................... 96
4.3.5.1 MMI Units based on Desktop PC................................................................................... 96
4.3.5.2 MMI Units based on Notebook PCs............................................................................... 97
4.3.6 Time and Date Server ................................................................................................... 98
4.3.7 CGW: Communications Gateway .................................................................................. 98
4.3.8 Serial Communication Interfaces ................................................................................... 99
4.3.9 Bay Control Units with Protection Relays (BCUs) .......................................................... 99
4.3.9.1 Installation Issues.......................................................................................................... 99
4.3.9.2 Interface, Electromagnetic, and Environmental Compatibility ........................................ 99
4.3.9.3 BCU I/O Point Types ..................................................................................................... 99
4.3.10 Printing Facilities ......................................................................................................... 100
4.3.11 I/O Point Types............................................................................................................ 100
4.3.11.1 Analog Inputs .............................................................................................................. 101
4.3.11.1.1 AC Analog Inputs (AC-AI) .................................................................................... 101
4.3.11.1.2 DC Analog Inputs (DC-AI).................................................................................... 102
4.3.11.2 Digital Inputs................................................................................................................ 102
4.3.11.2.1 Single Contact, Two-State ................................................................................... 103
4.3.11.2.2 Double Contact, Two-State.................................................................................. 103
4.3.11.2.3 Two-State with Memory (MCD)............................................................................ 103
4.3.11.3 Digital Outputs............................................................................................................. 103
4.3.11.3.1 ON/OFF Device Control....................................................................................... 105

-4-
 Page7-SA-5
PM5-0403-WBX
4.3.11.3.2 RAISE/LOWER Control ....................................................................................... 105
4.3.11.3.3 SET-POINT Control ............................................................................................. 105
4.3.11.3.4 Variable-Length Control ....................................................................................... 105
4.3.11.3.5 Direct-Operate (Pulse Output) Control ................................................................. 105
4.3.12 Control Circuit Requirements and Internal wiring Conductors...................................... 106
4.3.13 Console Furniture........................................................................................................ 106
4.4 SYSTEM SOFTWARE REQUIREMENTS ................................................................... 106
4.4.1 A Non-Comprehensive List of System Software .......................................................... 106
4.4.2 General Requirements ................................................................................................ 108
4.4.2.1 Operating Systems...................................................................................................... 108
4.4.2.2 Software Components ................................................................................................. 108
4.4.2.3 Software Interfaces...................................................................................................... 108
4.4.2.4 Programming Languages ............................................................................................ 108
4.4.2.5 Buffer Overflows.......................................................................................................... 109
4.4.2.6 System Loading........................................................................................................... 109
4.4.2.7 Unit Behavior............................................................................................................... 109
4.4.3 IEC 61850 Communications and Stack Software ........................................................ 109
4.4.4 Programmable Logic Control (PLC) Software .............................................................. 109
4.4.5 Configuration Software ................................................................................................ 109
4.4.5.1 Operational Parameters for IEC 61850 Information Models......................................... 109
4.4.5.2 User-Defined Parameters for Individual Software Components ................................... 110
4.4.5.3 Report Scheduling ....................................................................................................... 110
4.4.5.4 Operator Permissions.................................................................................................. 110
4.4.6 Display / Report Generation and Editing Software....................................................... 110
4.4.7 DNP3 Protocol Software Implementation..................................................................... 110
4.4.8 Protocol Analyzer Software ......................................................................................... 112
4.4.9 Demo Software and Literature..................................................................................... 112
4.5 SYSTEM TESTING REQUIREMENTS........................................................................ 112
4.5.1 Testing Categories ...................................................................................................... 112
4.5.2 System Performance Testing Requirements................................................................ 114
4.5.3 Compatibility Test Criteria (for Type-Testing)............................................................... 115

5 TRAINING and SYSTEM MOCK-UP ........................................................................... 119

5.1 Training System .......................................................................................................... 119
5.2 Training Courses ......................................................................................................... 120

6 Simulation Test Tool and Multifunction Primary Test Set ............................................. 120

-5-
 Page7-SA-6
PM5-0403-WBX

1 SCOPE OF WORK
This technical specification describes requirements for a substation automation (SA) system to be
placed in stations belonging to the Metropolitan Electricity Authority (MEA). Bidders must comply
with the requirements in this specification. The successful bidder shall provide completely
integrated, turnkey systems and accept responsibility for those systems successfully fulfilling the
requirements and intent of this specification.

1.1 GENERAL INFORMATION

There are three types of facilities that interconnect and power MEA’s 24/12 kV distribution
systems: Terminal stations, switching stations, and substations. Terminal stations are connection
points to MEA’s generation and transmission supplier, EGAT. Terminal stations may directly feed
MEA’s 24/12 kV distribution systems, as well as supply 69 or 115 kV power to substation sites. The
sole responsibility of MEA substation sites is to power MEA’s 24/12 kV distribution systems. The
10 sites covered by this specification include both terminal stations and substations. Switching
station is only used to manage the flow of power. MEA has only one switching station, and it is not
involved in this specification.
To ensure there is no confusion concerning terminology, this specification applies the standalone
word station in a general way, broadly including both terminal stations and substations. When
discussion applies specifically to substations or terminal stations, as described above, those
specific terms will be used.
The term substation automation refers to a general practice, described below, that may be applied
to both substations and terminal stations. Similarly, the term Substation LAN is deeply rooted in
industry literature and shall be understood as the networked communications facility deployed at
both substations and terminal stations within MEA’s power system.

1.2 DELIVERABLES
The system deliverables comprise turnkey systems for multiple sites. The successful bidder shall
act as general contractor to specify, deliver, install, configure, test, commission, and document
these systems in accordance with these technical specifications and the accompanying
commercial terms and conditions.
Work shall include all necessary site preparations and alterations. System deliverables shall
include all hardware software, applications, tools, licenses, materials (e.g. wiring, cabling,
connectors, trays), labor, governmental permits and clearances, procedures, methods,
compliances, demonstrations, test results, documentation, training materials, approval submittals,
and estimates required to complete the work, meet these specifications, and produce robust
operational systems. Licenses for installed products shall (in effect) be perpetual, not requiring
renewal. Future product upgrades will be treated as a separate issue; they will be considered
according to their perceived value. The commercial terms and conditions that accompany these
technical specifications may have other requirements.
1.2.1 Shipment Data and Time of Completion
Bidders must state their shipment schedule and time of completion of the work in the appropriate
field in the Bid and Price Schedule, provide in calendar days to be counted from the Effective Date
of Contract.
1.2.2 Milestones
The Time Schedule to be followed by the Contractor during the performance of the Contractor shall
adhere to the following periods of time for completing the itemized milestones as measured from
the Effective Date of the Contract :-

-6-
 Page7-SA-7
PM5-0403-WBX
• Submission of project plan: thirty (30) days.
• Submission of design and document for MEA approval: one hundred and twenty (120)
days.
• Submission of IEC 61850 type test reports and DNP3 Subset level 2 conformance
Certificate with conformance test reports: One hundred and eighty (180) days
• Successful Factory Acceptance Test: two hundred and seventy (270) days.
• Supply, install and commissioning entire SA : five hundred and forty (540) days
• Completion of all related works specified in the specification including of the submission
of as-built drawings and all documents : six hundred (600) days

1.2.3 Penalty for Late Delivery

If the IEC 61850 type test reports and/or DNP3 Subset level 2 conformance certificate are
submitted to MEA later than 180 (one hundred and eighty) days after the effective date of the
Contract, the Contractor shall be penalized at the rate of 50,000 (fifty thousand) baht per day until
the reports and certificate are submitted to MEA.
1.2.4 FAT Start Conditions
Before the Factory Acceptance Test starts, the Contractor shall proceed as follows:-
- Submit to MEA all type test reports and conformance certificate.
- Perform the pre-communication test at MEA’s SCADA/EMS control center by using the
DNP3 protocol and after the test has been passed, the Contractor shall submit to the MEA
the final test report.

1.3 OTHER RESPONSIBILITIES

1.3.1 Contractor Responsibilities

MEA or an MEA-authorized agent must approve all work plans and deliverables in advance; the
contractor must submit supporting documents and/or other materials, in MEA-approved formats,
that explain the work plans and deliverables to MEA’s satisfaction. No work may proceed without
MEA’s written approval. Following award of contract, a Scope of Work document shall be created
that describes deliverables (including all work to be performed), schedule milestones, the approval
process, document formats, and other relevant content. Throughout the project, the contractor is
responsible for clearing variances that MEA believes do not conform to the intended and/or
specified requirements. An attachment to this document specifies MEA’s general equipment
construction requirements.

1.3.2 MEA Responsibilities

MEA will support the approval process for proposed work and deliverables. Otherwise, MEA’s
support of the contracted work is limited to (1) providing information about the existing station sites,
(2) providing information about MEA’s work and material standards for station sites, and
(3) coordinating necessary site outages for work in progress.

1.4 OBJECTIVES
MEA’s electric power system network serves Bangkok and the neighboring areas of Nonthaburi
and Samut Prakarn. The network includes more than 148 substations and terminal stations. The
equipment and facilities within each station can be conceptually divided into two interrelated
systems:

-7-
 Page7-SA-8
PM5-0403-WBX
1. The primary system, which includes those components that carry, switch, isolate,
transform, interrupt, and passively condition the flow of electric power
2. The secondary system, which includes those components that allow MEA to protect,
control, monitor, and automate the primary system
This specification and the ensuing design and implementation efforts are primarily concerned with
the secondary system. MEA wants to achieve a secondary system environment that will allow MEA
to deploy substation automation solutions that are truly responsive to MEA’s business needs, both
present and future. To be successful, this environment must satisfy the following important criteria:
1. Provide a single, common, open, technological infrastructure that accommodates all
facets of substation automation: protection, control, monitoring, and automation. All
intelligent station devices, all system processes, and all station applications must share
this single system infrastructure.
Of primary importance are the interfaces used for system, device, and application
interoperability. These must be standard and representative of mainstream practice.
2. Support the flexible integration of devices, applications, and data into a functioning
system, which will probably evolve as business objectives do.
In particular, system design shall maintain hardware and software independence,
allowing either to be upgraded in the future without affecting the other.
3. The plans, non-recurring costs, and recurring costs associated with putting this
environment in place, using it, maintaining it, and adapting it over time must be feasible
and pragmatic for the power delivery stations in MEA’s system. Proposed implementation
plans must address both new and existing station sites.

1.5 System Configuration

MEA has determined that the IEC 61850 communications standard and an Ethernet Substation
LAN shall be used as the cornerstones of the technological infrastructure described above. This
shall apply to all stations governed by this specification, except for those specifically identified by
MEA as requiring a different treatment (i.e. by reason of small size or other special circumstance).
What is fundamentally required is a migration plan that allows MEA to begin reaping the benefits of
an IEC 61850-based architecture, while recognizing that the realities of priorities and resource
constraints will stretch the full conversion of these stations over a period of years. The full extent of
this plan is illustrated by the block diagram in Figures 1
Figure 1 shows the scope of Substation Automation (SA) configuration governed by this
specification. Bay Control Units, Protection Relays and IEDs are included, the core architecture for
an IEC 61850-based system is introduced. Figure 1 illustrates the eventual goal: a flexible, capable
secondary system environment that is fully networked and responsive to evolving business needs.
Related technologies, methodologies, tools, and procedures will be needed to complement and
complete the presently planned IEC 61850-based environment. Each bidder needs to ensure its
offerings address these to provide an attractive, well-defined environment and attractive, well-
defined solutions within that environment.
The remainder of this specification addresses system architecture, functional requirements, design
constraints, and test requirements. Collectively these reflect (1) the specific characteristics that
MEA wants the station environment to incorporate and (2) how MEA wants to use this
environment, including present capabilities and applications. As long as these requirements are
satisfied, the internal design aspects of individual products are left to their suppliers. MEA retains
the decisive power to alter these specifications or to reprioritize objectives, according to its
judgment.

-8-
 Page7-SA-9
PM5-0403-WBX

Figure 1

2 SYSTEM ARCHITECTURE and HIERARCHY

This clause describes the architectural levels and components required to support the capabilities
and responsibilities of a station’s secondary system. As long as bidders honor the intent and
substance of requirements, they have the latitude to recommend implementations that vary from
the ways they are portrayed in this specification.

2.1 BASIC ARCHITECTURE

The architecture and configuration of the system is guided by two high-level principles:
1. Use of a two-tier hierarchical control system
2. Distributed data processing
Both reinforce the same goal, which is to allow processing and data management to occur
concurrently and independently at the station and bay levels of station operation. Use of these two
principles helps organize the way system and application functions run, allows data processing and
management to proceed productively in multiple devices, reduces overlapping communications
traffic, and allows system failures to be addressed with less difficulty.
A consequence of this architectural approach is that conventional, concentrated, centralized
systems are broken apart. The pieces are distributed across a site, regrouped, and reassembled in
ways that reduce cost, simplify tasks, and provide continued flexibility. Overall, the approach must
provide significant benefits for engineering, construction, procurement, installation, testing,
operations, and maintenance.

-9-
 Page7-SA-10
PM5-0403-WBX
To preserve investment and promote system longevity, the system shall be designed with an
emphasis on hardware and software independence, industry standards, mainstream products and
toolkits, reusable methods, and applications supported by a common set of station functions. The
block diagram presented in Figures 1 represent an acceptable system structure, in that they are
conceptually compatible with the overall system architecture, capabilities, functions, and
constraints described by this technical specification. Those objectives being met, a premium has
been placed on tight integration of closely coupled system functions, segregation of independent
system responsibilities, simplicity, elegance, synergy, flexibility, durability, improved value, etc …
all hallmarks of good design. Bidders may propose alternatives or variations of Figure 1, which will
be evaluated per the same criteria.

2.1.1 Station Communications

2.1.1.1 Substation LAN

Two redundant Substation LANs shall provide the principal means for data exchange among
intelligent station components at both the station and bay levels. Each LAN shall consist of
Ethernet network segments, Ethernet switches, and TCP/IP communications software that conform
to the IEC 61850 network profile. Fiber-optic network media shall be used throughout the station
facility. Copper media may be used within station level enclosures (CCU, CGW, MMI and DTS).
Each device connected to the network shall be specified to have one or two network ports, used as
follows:
Where two ports are used, one shall be connected to each Substation LAN. The way
these two connections are used is described under the ‘Dual Substation LAN
Connections’ heading.
Where one port is used, it will be connected to an assigned Substation LAN, as
determined by system design.

2.1.1.2 Gateway for Enterprise Communications

MEA has two SCADA/EMS systems that are presently the only enterprise clients that gather data
from stations and provide control over their operation. Their primary objective is to provide
operational reliability for the power system. They achieve this by monitoring power system data,
status for various devices, events, counters that register energy transfer, and by controlling devices
such as circuit breakers, disconnecting switches, and transformer OLTCs. Only one SCADA/EMS
system has control and data acquisition responsibilities for any given station at any given time.
A SCADA/EMS system shall communicate with the stations covered by this specification using
DNP3 over serial communication channels. These data communications shall be carried by MEA’s
SDH, fiber optic WAN. The contractor shall provide a Fiber Optic Modem (FO Modem) at each
station. The modem shall support bidirectional communications and provide an interface circuit
between the SDH signal and a serial RS-232 data circuit. The RS-232 circuit shall be used to
interface the FO Modem to a Communications Gateway module (CGW), which shall provide and
support an Ethernet connection in compliance with the IEC 61850 Ethernet profile. The CGW
module shall physically connect to both Substation LANs through a fiber optic interface, using
either two Ethernet connectors (preferred) or a single connector equipped with a bifurcated
adapter. Operation with the two connectors is explained elsewhere in this technical specification.
Other present and future enterprise clients shall be able to share use of the Communications
Gateway to access the station. At present, access is limited to the two SCADA/EMS systems and a
Remote File Manager, which is responsible for downloading product software and configuration
updates.

- 10 -
 Page7-SA-11
PM5-0403-WBX
2.1.2 Station Level
The term station-level, used in the context of this specification, includes all station responsibilities
and capabilities above bay-level. These include the following:
1. Substation LANs, providing the means by which devices and applications exchange data
within the station
2. Station-level data management, data storage, and data retrieval mechanisms
Includes support for IEC 61850 information models, historical data, configurational data,
diagnostic and maintenance data, and files (e.g. non-operational, configurational,
application programs, software updates).
3. System functions required to implement and support the general secondary system
environment (e.g. time and date synchronization services)
4. Application functions necessary to meet specified business and/or functional objectives
These may include functions that would normally be implemented at the bay-level, if the
bay-level is not equipped to provide them
5. Station-wide, centralized, functional interlocking
6. Station-wide collection of maintenance data, diagnostic data, and statistical data for
(1) primary system components, (2) secondary system components, and (3) application
functions
7. Local control of the station for O&M purposes
8. Security
9. Support for MEA’s enterprise clients, residing outside the station
(e.g. SCADA/EMS and Remote Operator Interface).
10. Gateways for legacy subsystems

Accordingly, MEA has defined several components for the station-level architecture. They are
listed below, followed by a description of their specific system roles, responsibilities and
capabilities. They are shown in the block diagram, Figure 1. Except for the constraints placed on
their implementation, these may be regarded as black boxes. In other words, as long as the
specified interfaces, capabilities, design constraints (e.g. performance), etc are honored, the
internal design details are of no concern to MEA. The caveat, however, is that the integrated
system design must meet all expectations, whether or not MEA recognizes all appropriate design
constraints a priori.
Component Operating Level(s)
Substation LAN (SubLAN) Bay and Station
Centralized Control Unit (CCU) Station
Operator Interface [MMI] Station
Time and Date Server (TDS) Station
Communications Gateway (CGW) Station
Print Server (PS) Station

- 11 -
 Page7-SA-12
PM5-0403-WBX
2.1.2.1 System Linchpins: Local Repository and System Logs
The following data structures form the core of the SA system. They include five system logs that
chronologically capture the station’s operational history.
1. Local Repository
The Repository represents the present state of the station. It shall hold the IEC 61850-
based information models for the primary system and secondary system components,
including off-the-shelf and programmable logic applications.
2. StatusLog
The StatusLog is a chronological record of recent changes in either primary or secondary
system status, either commanded or uncommanded. In particular, it shall include an entry
for any station component power-fail, power-on, restart, or change in on-line/off-line
status. Power supply failures shall also be captured.
The StatusLog shall not include control commands, although it shall include changes in
status that result from those commands. The StatusLog shall not include configuration
changes to parameters in the system information models. The StatusLog shall hold
events for the most recent 100 days. It shall be backed up in archives, each archive
containing events for a particular month.
All StatusLog entries shall include a time-stamp, identify the system item that changed,
identify the new status, and identify the cause (or agent) of the change.
3. CommandLog
The CommandLog is a chronological record of recent control commands to station
equipment (e.g. Trip, Close, Open, Close, Raise, Lower, Enable, Disable, and set-points)
issued by System Clients. These may be initiated by a SCADA/EMS system, by a local
Operator Interface [MMI] unit, or by off-the-shelf and programmable logic applications.
The CommandLog shall hold commands issued during the most recent 100 days. It shall
be backed up in archives, each archive containing control commands for a particular
month.
All CommandLog entries shall include a time-stamp, identify the system item being
controlled, identify the state being commanded, and identify the source of the control
command.
4. ChangeLog
The ChangeLog is a chronological record of recent changes made by an Operator
Interface [MMI] unit to system and device configuration parameters. The ChangeLog shall
hold changes issued during the most recent 100 days. It is backed up in archives, each
archive containing changes for a particular month.
All ChangeLog entries shall include a time-stamp, identify the system or IED parameter
being changed, identify the new state, and identify the source (i.e. agent) of the change.
5. SubLog
The SubLog is a chronological record of changes made by clients using the IEC 61850
substitution services. The services allow clients to determine whether actual process
values or substituted values are to be provided by a server IED or programmable
application. The SubLog shall include all substitution events, including a return to process
values, that have occurred during the most recent 100 days.

- 12 -
 Page7-SA-13
PM5-0403-WBX
6. FileLog
The FileLog is a chronological record of recent file transfers and file deletions involving
any intelligent station device (e.g. BCU, CCU, Operator Interface [MMI]). The FileLog
shall include all such file events that have occurred during the most recent 100 days. It
shall be backed up in archives, each archive containing file events for a particular month.
All FileLog entries shall include a time-stamp, identify the file reference, identify the action
taken, and identify the source (i.e. agent) of the action.
The Local Repository is the basis for normal system operation. The five system logs save the
system’s recent operational history. They shall be used to bring a system client up-to-date after it
goes on-line. As long as the integrity of the system logs is maintained, they provide assurance of
operational continuity despite occasional failures and system maintenance actions. Integrity shall
be maintained through use of a standby CCU.
System clients (e.g. the SCADA/EMS system or Operator Interface [MMI] unit) shall have the
capability to construct a CompositeLog by chronologically interleaving entries from system logs
(i.e. StatusLog, CommandLog, ChangeLog, SubLog, FileLog). The CompositeLog enables
operators to understand what has happened over time. (See the more complete description found
under the Operator Interface [MMI] heading.)

2.1.2.2 Common IED Capabilities

The following capabilities shall be supported by all IEDs, unless specific exceptions are noted:

1. The IEC 61850 communications standard

IEDs shall support applicable portions of the IEC 61850 communications standard. This
includes the Ethernet network profile, applicable portions of the information models
(including data quality), and all communications services (except as noted).

2. Time synchronization over the network

IEDs shall support time synchronization over the network by the CCU. Exception: The Time
and Date Server is synchronized via a GPS source.

3. Remote or local configuration

IEDs shall support both remote and local configuration via file downloads over the network.
Local configuration shall also be supported through a traditional, serial maintenance port.

4. Self-monitoring and Diagnostic Routines

Each IED shall continually conduct on-line tests to monitor its health, operating conditions,
and performance to determine whether abnormal conditions or problems are present. It
shall collect statistics on repetitive operations such as communications messaging to
determine success/failure rates. Some of these conditions need to be reported in heartbeat
messages; the others shall be reported as diagnostic status, measurements, or counters,
which shall be entered into the Repository and subscribed by the Operator Interface [MMI]
unit.

5. Programmable logic applications

All IEDs shall host the heartbeat function.
Other specific applications may be required for individual IEDs, as described elsewhere in
this specification. Exceptions: Time and Date Server.

- 13 -
 Page7-SA-14
PM5-0403-WBX
6. Version Control
Each IED shall maintain version control for its software/firmware and configuration files.

2.1.2.3 Central Control Unit (CCU)

The CCU is the main station processor. It has several roles, as described below:

1. Principal Station Client

The CCU is the principal station client, meaning it is responsible for collecting and
maintaining the various data and files that comprise the station information base.
Bay Control Units, Protection Relays, and perhaps other IEDs are expected to report a
large amount of their data through use of IEC 61850 report services. The primary CCU
will need to poll for any remaining data, using IEC 61850 services, or calculate it from
other available data, using local automation applications. Data must be acquired and
stored according to the System Performance Requirements.

2. Local Repository / Compatibility with IEC 61850

The CCU provides a Local Repository for the storage of station data. This is directly
related to its role as principal station client. The information stored in the Repository shall
include real-time data and closely related support data (e.g. operational parameters,
configuration parameters, text-based descriptions), as provided by the IEC 61850
information models. Repository data may include diagnostic and maintenance data if it is
included in the IEC 61850 information models. Files are handled in special manner, which
is explained under the File Management heading.
IEC 61850 provides information models for most of the available system data, and those
models can be extended to include new components. Although it is not desirable for the
Repository to store all data available in the station, it must at least include all data
subscribed by station or enterprise clients. Operator Interface(s) [MMI] are examples of
station clients; they need station data for displays, alarm lists, logs, and local control
operations. Other station clients are devices that require data to perform automation. The
results produced by automation application functions will need to be stored in the
Repository if other clients subscribe them. SCADA/EMS, on the other hand, is an
enterprise client.
The Local Repository must have interfaces that are interoperable with all other system
devices (i.e. servers and clients) using IEC 61850 communication services, information
models, and object references. Where MEA applications use Logical Node and/or
Common Data Class extensions, these shall be supported in the Repository as well. The
Repository shall be configured to support any and all data available from station servers,
including the CCU itself, subject only to any limitations stated under System Performance
Requirements.
The CCU shall implement all of IEC 61850’s ASCI service models, with the following
exceptions: GSSE Control Block and the Sampled Value Class Model. Clients and
servers using the Repository shall find all of the other services available.
The Repository must be maintained in a replaceable flash memory module. Battery power
is an unacceptable approach to maintaining non-volatile data memory.

3. Proxy Server
To avoid confusion, it must first be understood that the CCU plays both client and server
roles in the station system. It acts as a client to populate the Repository with data from
other server IEDs (e.g. Bay Control Units). In turn, it acts as a ‘proxy’ server by satisfying

- 14 -
 Page7-SA-15
PM5-0403-WBX
client requests with data directly from the Repository. The intent is (1) to prevent access
contention and congestion that may potentially disrupt the operation of field IEDs, (2) to
simplify access mechanisms, and (3) to provide accountability (i.e. an audit trail) for past
operations.
The proxy services shall work the same way for enterprise and station clients, although
the SCADA/EMS system does not currently support IEC 61850 communications. Current
station clients include Operator Interface [MMI] units and programmable logic
applications. The only current enterprise client is the Remote File Manager. Although its
responsibilities are presently limited to file operations, it may emerge as a remote, fully
operational Operator Interface [MMI] unit if performance considerations permit. This shall
be determined later. When any of these requests server data, the CCU acts on it,
providing data from the Local Repository’s ‘Proxy Client Views’. With rare exception,
clients other than the CCU are not permitted to directly access the primary sources of
station data (e.g. IEDs, Bay Control Units, etc).
Because the Repository is the primary source of system data for system clients, the CCU
shall provide IEC 61850 report and log services for their benefit. The report services allow
clients to subscribe and receive selective, real-time data updates from the Repository, so
that clients can stay operationally up-to-date. The log services allow clients to
chronologically reconstruct recent system history if they are new or have just returned on-
line. The supported system logs shall be the StatusLog, CommandLog, ChangeLog,
SubLog, and FileLog.
As part of its proxy role, the primary CCU has the following responsibilities:
Determining status changes in reported or polled data and updating the status data
in the Repository. Status changes, both commanded and uncommanded, shall be
recorded in the StatusLog.
Executing client commands to control system equipment (e.g. circuit breaker and
disconnect switch Trip/Close, recloser Enable/Disable, transformer OLTC
Raise/Lower). These control commands shall be recorded in the CommandLog.
Clients authorized to initiate these commands include SCADA/EMS, Operator
Interface [MMI] units, and programmable logic applications.
Making value substitutions in server IEDs, in conformance with the IEC 61850
substitution service model. These changes shall be recorded in the SubLog. Clients
authorized to initiate value substitutions include SCADA/EMS, Operator Interface
[MMI] units, and programmable logic applications.
Making changes to configuration parameters and descriptive text within Common
Data Class (CDC) instances. These same changes must be made in the IED
Servers to the data that is mapped to the altered parameters in the Repository. The
changes made to the IED Servers must, in turn, be replicated in the Proxy Server
Views within the Repository. These changes shall also be recorded in the
ChangeLog. At some point, these changes have to be folded back into the SCL
system configuration process, if appropriate. The Operator Interface [MMI] unit is
the only client authorized to initiate these changes.
Executing file transfers and deletions. File transfers shall be supported between the
CCU and other system IEDs. These actions shall be recorded in the FileLog. The
only clients authorized to initiate file operations are the Operator interface [MMI] unit
and Remote File Manager. This topic is addressed in more detail below, under the
File Agent heading.

- 15 -
 Page7-SA-16
PM5-0403-WBX
4. Supporting SCADA/EMS Operations
Dispatchers shall be able to control station equipment and gather system data via DNP3
command and polling messages transmitted from the SCADA/EMS control center.
Implementation of DNP3 protocol shall meet ALL requirements as specified in APPENDIX
B.
The DNP3 Level 2 Conformance Certificate and a completed DNP3 ‘Device Profile
Document’ and ‘Implementation Table’ shall be submitted to MEA within 180 (one
hundred and eighty) days after the Effective Date of Contract. The Conformance
Certificate shall be issued by one of the DNP Users Group’s ‘Authorized Testing
Authorities’. If not already available, DNP requirements in Appendix B that transcend
Level 2 shall be implemented by the contractor in the course of project execution.
DNP communications shall be supported by the CCU via a process that links and
converts IEC 61850 data to the desired DNP values and formats. These resulting DNP
data shall be stored and maintained in a separate DNP database that can be accessed
by DNP data communication services. This approach provides two significant
advantages: (1) the continual DNP data conversion process is independent of (i.e. not
interrupted by) DNP message processing, and (2) the DNP database allows the CCU to
quickly respond to message requests. DNP commands shall likewise be translated to use
IEC 61850 control blocks and procedures for controlling system equipment.
The following appendices to this specification provide essential information for supporting
SCADA/EMS operations:
Appendix A
Appendix A details DNP3 communications implementation for the front-end
communications processors used in the two SCADA/EMS control centers. The
material includes a ‘Device Profile Document’ and a ‘Master’s implementation
Table’. These state the features and important parameters used in the
implementation, including supported DNP objects, variations, qualifiers, and
function codes.
Appendix B
Appendix B details the DNP3 objects, variations, qualifiers, and function codes
that must be supported by the CCU in its DNP slave role.
Appendix C
Appendix C details certain higher-level implementation information for the
individual Terminal Stations and Substations covered by this specification. The
information includes initial and ultimate quantities of bay units (of different types),
capacitor branches, bus ties, and CT-secondaries.
Appendix D
Appendix D details typical point types, point counts, and point identities for each
type of station bay unit.
Appendix E
Appendix E provides a standard DNP3 RTU point list for MEA’s SCADA/EMS.
The list is itemized by point type and point function for each type of station bay
unit and function. These are the DNP points that need to be supported by data in
the Repository and DNP database.

- 16 -
 Page7-SA-17
PM5-0403-WBX
5. Application Programs
The CCU must be capable of storing and executing application programs. These may be
commercial programs or they may be implemented in programmable logic.
The scope and functions of these programs will typically be defined for CCU.
All application functions that must be implemented in the CCU are listed below. They are
described in more detail under the specification heading titled Functional Requirements,
Applications Support.
Heartbeat function [at all 10 sites]
Trip Counters for circuit breakers [at all sites]
‘Rate-of-change’ calculations for selected measurements [at all sites]
‘Breaker Operating Time’ checks [at all sites]
6. Communications Gateway
The CCU shall supply and receive all application data for the Communications Gateway.
Lower-level communications functions are the responsibilities of the TCP/IP, Ethernet,
and/or DNP communications software.
Communication parameters such as baud rates, number of data bits, parity, transmission
retries, etc. shall be configurable. These shall be user-defined parameters that the
operator can change through an MMI template.
This includes DNP data exchanged with SCADA/EMS control centers. In this case the
CCU must be able to support the communications role of DNP / Level 2 Slave. DNP
application data may be converted from contents of the Local Repository or maintained in
a separate database. However supported, DNP response times cannot suffer.
The CCU shall be able to exchange files with enterprise clients and to store those files.
They will typically be configuration, software, application, or non-operational data files
(e.g. event or oscillography files from protective relays). The CCU does not need to
interpret the file data. For transfers between the CCU and an enterprise client (except the
Remote File Manager), FTP or COMTRADE services are preferred.
The CCU shall provide appropriate, application-level security services for information
transported through Communications Gateway, including authentication and access
control. The Communications gateway shall be designed to provide encryption, although
it may not be used initially.
7. File Agent
The CCU shall include a File Agent utility that provides file management, performs file
transfers and deletions, and maintains the FileLog (see above). The File Agent shall
process all file transfers, which shall occur between the CCU and other IEDs. Files may
include configuration files, application programs, software updates, and non-operational
data (e.g. relay disturbance files and event reports). To maintain interoperability within the
station, file services, attributes, references, and other characteristics shall comply with the
IEC 61850 communications standard. File content does not need to be interpreted by the
File Agent.
Since station IEDs and enterprise clients may currently support the COMTRADE standard
[IEEE C37.111 (1999)] and/or FTP standard [IETF – RFC 542], MEA has an interest in
applying them where IEC 61850 transfers cannot be supported. Potential applications
may involve SDH WAN transfers involving the remote File Management Client.

- 17 -
 Page7-SA-18
PM5-0403-WBX
2.1.2.4 Operator Interface [MMI]
An Operator Interface [MMI] shall be the center for all O&M station activities. This includes the
following categories of responsibilities:
1. ‘Local control’ over the primary power system. The facility shall provide all capabilities
available to dispatchers at the SCADA/EMS control centers plus more.
Supervisory control capabilities through the Operator Interface require the MMI/SCADA
switchover per field or system at the station to be in the MMI position, meaning the
SCADA/EMS center and any other (future) enterprise clients must relinquish control for
operational and safety reasons.
2. Displays and reports that inform the operator about what is happening in the station
system.
3. Maintenance and testing of the station system. This includes maintenance of the data
used to monitor, control, and configure the station’s operation.
The Operator Interface [MMI] displaces use of conventional hardwired control, metering, and
annunciation panels for local operations requiring a station operator. Where these displaced
facilities already exist, they may be used for backup, as permitted by MEA’s policies and
procedures.

2.1.2.4.1 Three Platforms

Three platforms shall be used for the Operator Interface. One will be used at Terminal Stations,
which are normally manned, two will be used for Substations which are normally unmanned, and
the other for Portable interface. Both of them will use the same system and application software.
1. Terminal Stations
The Operator Interface shall be implemented with a workstation, 23” monitor, keyboard,
mouse, annunciators, computer desk, and chair. The workstation shall provide dual
Substation LAN connection ports with fiber optic adapters: one for Substation LAN A and
the other for Substation LAN B.
Only one port shall be active at a time. Unlike other station IEDs, the operator forces the
MMI unit to connect to Substation LAN A or Substation LAN B. The prevailing selection
shall be displayed at the same screen location on all viewable displays.
2. Substations
The Operator Interface shall be implemented with a workstation, 20” monitor, keyboard,
mouse, annunciators, computer desk, and chair, however the Operator Interface may be
equipped in the Regional Control Center (RCC) outside the substations that are usually
unmanned. The communication media (Optical Fiber Link) between Substations LANs
and Operator Interface shall be provided by MEA, therefore all communication equipment
for interfacing at the both end shall be provided by Contractor.
3. Portable
The Operator Interface shall be implemented with a portable notebook computer and
mouse. The notebook shall provide one Ethernet connection port. The user shall
manually connect the unit to either Substation LAN A or Substation LAN B. Because this
unit does not provide dual Substation LAN connections, the MMI unit does not track or
display which Substation LAN it is connected to.

- 18 -
 Page7-SA-19
PM5-0403-WBX
2.1.2.4.2 Operator Interface Responsibilities
The following are Operator Interface [MMI] unit responsibilities for both Terminal Station and
Substation sites:
1. Primary On-Line Responsibilities
At start-up
At start-up, an Operator Interface [MMI] unit will have either no or out-dated
information regarding the operational history of the station system to which it is
connected. This means there is no basis for constructing an Alarm Summary or any
other display that depends on past events. The MMI also lacks current real-time
data needed to support displays and operator decisions.
To remedy this, the MMI unit shall read the system logs (i.e. StatusLog,
CommandLog, ChangeLog, SubLog, FileLog) from the resident, primary CCU. The
logs shall be read with IEC 61850 services. The system logs shall be processed to
produce the Alarm Display and any other displayed data dependent on system
history.
The MMI unit shall be able to interleave system logs to produce a CompositeLog,
providing an integrated, chronological list of events. This is a very helpful tool that
enables an operator to see time relationships. (See the clause heading Operator
Interface [MMI], under Function Requirements, for a more complete description.)
To the extent necessary to support MMI display updates, the MMI client shall
subscribe to IEC 61850 real-time data reports from the Repository.
The system logs, together with the real-time data, enable the MMI unit to capture
both the current state of the system and 100 days of history. It can populate all its
displays with data, enable the operator to make informed decisions, and act as
though it had been connected to that site for three months.
Maintenance of the CompositeLog
The MMI unit shall use new entries from system logs (i.e. StatusLog, CommandLog,
ChangeLog, SubLog, FileLog), provided by CCU(s), to maintain the CompositeLog.
Updating displays
The MMI displays are the operator’s principal means for staying abreast of the
system’s operating condition. The operator can also perform primary system control,
substitute values for process values, and make certain configuration changes.
Operational supervision of programmable logic applications
This shall be accomplished through the use of graphics to represent the application
and the use of Repository subscriptions to observe inputs and outputs.
Initiating file transfers and deletions
This capability supports local, operator-initiated software, application, and
configuration file downloads to IEDs through the CCU.
Browsing capability
This capability allows an operator to view the structure and contents of IEC 61850
information models within the Local Repository of the CCU. More importantly, it is
the MMI’s principal tool for reading and storing the structure and content of the
Local Repository in the CCU. This information is essential for building displays and
reports, saving historical data, and maintaining the system.
- 19 -
 Page7-SA-20
PM5-0403-WBX
2. Displays
Station Status
Alarm Summary
CompositeLog
Abnormal Points Summary
Communications Status / Operational Status
Tagged Device Summary
Substituted Value Summary
Health, diagnostic, and on-line/off-line (in-service/out-of-service) status for each IED
and application (i.e. technology monitoring and alarming for the secondary system)
Current file directory (for each IED)
3. Control capabilities
Primary Control: TRIP/CLOSE, RAISE/LOWER,
Device Tagging
Automatic acknowledgement
Recloser Mode Selection
Relay ‘Settings Group’ Mode Selection
‘Primary CCU’ Selection
Value substitution
CCU restart
Operator Interface [MMI] restart
4. Historical Data application
Hosted both Terminals Stations and Substations.
Allows the MMI operator to create Historical Points, which become periodic, saved
recordings of data values for a specific variable.
Records minimum and maximum values for designated variables over designated
time periods each day.
Provides reports that can be printed or displayed
5. Off-Line Responsibilities
IEC 61850-based configuration control, using the SCL tools provided by the
contractor.
Creation and modification of displays
Creation and modification of system reports
Creation and modification of programmable logic applications
Creation and modification of all IEDs setting / configuration parameters

- 20 -
 Page7-SA-21
PM5-0403-WBX
Modification of system behavior and application behavior through the use of
templates provided for user-defined parameters
Fault evaluation analysis (Disturbance waveform)

2.1.2.5 Print Server

The Print Server shall be provided at Terminal stations and substations. The Operator Interface
[MMI] units shall host the Print Server via the Substation LANs. This will allow the portable
notebook version of the Operator Interface to initiate print requests, regardless of its physical
location.
A black-and-white laser printer shall be provided, so that printed material can be annotated and
highlighted without smudging. The print facilities shall print excellent facsimiles of any of the
following:
1. Any Operator Interface display *
2. Any defined system report *
3. Any file that M/S Windows is capable of printing without the use of special application
utilities
Printouts for listed items listed above with an asterisk shall include the station name and the date
and time when the print request is executed.
If the printer is off-line, out-of-paper, etc, printing shall be delayed until the printer is returned to
service.

2.1.2.6 Time and Date Server (TDS)

The Time and Date Server is responsible for providing precision time and date data. The CCU
shall periodically retrieve the time and date from the TDS unit and distribute it to all other intelligent
system components that need it. The receiving components shall use this data in a timely manner
to synchronize their internal clocks. This mechanism is the basis for establishing a common,
absolute time basis by which all time-related applications can coordinate their time-stamping,
protection, control, and automation activities.
The TDS shall use a satellite-provided GPS signal as its synchronizing source. It is assumed that
all system components needing to receive precision time and date data reside on Substation LANs
A and B. The CCU shall deliver this data over the Substation LANs using IEC 61850 time
synchronization services.
The TDS design shall incorporate an internal clock circuit using a low drift, temperature
compensated crystal oscillator, so that the unit can continue to provide reasonably accurate time
synchronization for at least 5 minutes in the absence of a GPS signal. Under such circumstances,
the unit shall continue to perform its normal functions, but it shall provide status indicating loss of
the GPS source or other debilitating loss of function. This information shall be passed to the
SCADA/EMS and Operator Interface [MMI] systems through the Local Repository. If IEDs are not
synchronized within a specified time (e.g. two minutes), they shall report status indicating that they
are not being synchronized.
The SCADA/EMS control center shall always provide an alternate source of time for the station,
using the DNP time synchronization algorithm and delay measurement service (Function Code 23).
In the event that either (1) the TDS reports loss of the GPS signal or (2), the CCU determines that
the TDS module’s time and date are not credible, the CCU shall use the alternative source to
synchronize IEDs after a user-defined delay has passed. (Refer to Clause IV for the default delay.)
During the first hour or so, time precision is expected to be better maintained without using the

- 21 -
 Page7-SA-22
PM5-0403-WBX
alternative source, due to its inherently poorer precision. This approach also provides more grace
time for recovery of a lost GPS signal.

2.1.3 Bay Level

The term bay, used in the context of this specification, refers to the practice of grouping certain
secondary system equipment together to protect, control, monitor, and automate certain primary
system equipment within the station. There may be numerous bays in a station, including different
types (e.g. ‘feeder bay’, ‘transformer bay’) and multiple instances of the same type (e.g. ‘feeder
bay’). For example, MEA standardized its station practice around certain proposed bay designs,
where one or more IEDs (typically protection relays) and ancillary equipment are integrated
together in the same package for a particular purpose. That package could be reused in multiple
stations, saving non-recurring and recurring costs in engineering, installation, configuration, test,
and so on.

2.1.3.1 Bay Control Units / IEDs

This specification refers to smart bay implementations as Bay Control Units. As such, they are
assumed to have sufficient local processing, memory, programmable logic, and communication
resources to support expanded responsibilities and capabilities. When these resources are
combined with support for the IEC 61850 communications standard, Bay Control Units gain
flexibility and power that can significantly elevate their system roles and provide enormous
flexibility.
Since a number of capable protection IEDs now support the IEC 61850 communications
architecture as well as mainstream protocols, the need for non-relay, bay-level processing is at
best questionable. In all but the most demanding circumstances, protection IEDs are very capable
of managing bay-level responsibilities in coordination with the station level, while taking care of
their primary protection responsibilities.
The following are two examples of how MEA would like to apply bay-level processing at these 10
stations and beyond:
1. Bay-level IEDs can gather, pre-process, and store data locally. That same data can be
selectively reported to the station level when triggered by the occurrence of defined
events. The data may include power system measurements, status, and a variety of other
candidates that surpass typical RTU capabilities. IEDs can also execute commands
delivered from the station level.
This approach not only relieves the station level from performing these tasks for multiple
bay units, it provides for graceful loss of functionality when a critical processing resource
at the station level fails. Because IEC 61850 uses named data, represents it in
engineering units, and hierarchically structures it within station information models, data
management is simplified.
2. Certain applications may be deployed within a bay or among a group of cooperating bays
spread conveniently across a site. In the latter case, we say the application is distributed.
These applications may be implemented through commercially available software and/or
programmable logic.
For distributed applications, the participating protection relays usually need to directly
exchange interlocking signals (e.g. status and commands) with each other. For a
protection application, these exchanges must be quick, perhaps within 4 ms to satisfy the
timing requirements of the application. The IEC 61850 communications standard provides
GOOSE messaging services for this purpose, using the Substation LAN in lieu of
traditional hardwired connections. In support of a relatively simple migration strategy, IEC
61850-compatible relays can be used together with those that are not, combining use of
GOOSE messaging and traditional hardwired connections.

- 22 -
 Page7-SA-23
PM5-0403-WBX
3. The BCUs and Protection Relays shall have been submitted/passed a test to certificate
compliance with the IEC 61850 part 10 Conformance Testing such as the following :-

Basic Exchange
Data Set Definition
Unbuffered Report
GOOSE Publish
GOOSE Subscribe
Time Synchronization
File Transfer

The tests to certificate compliance with IEC 61850 part 10 have to be certified by
international accredited testing laboratories which are independent of the Bidder and
Supplier.

2.1.3.2 Bay Control Units with Protection Relays (BCUs)

Bay Control Units with Protection Relays that support the IEC 61850 communications standard will
replace existing RTU units and Protection Relays. The field wiring for all points shall be provided to
connect to the new BCU assemblies. MEA will provide marshalling cabinets for these field-wiring
connections. The Bay Control Units with Protective Relays shall be fully numerical type, use solid-
state analog converters, employing digital signal processing (DSP) techniques, to make analog
measurements from proportional AC signals provided by system CTs and PTs. This approach will
provide MEA with a greater variety of power system measurement data, while eliminating
transducer maintenance costs.
There are a number of important issues related to the use of these new Bay Control Units with
Protective Relays. They are summarized below, and discussed in more detail under the document
headings for functional, performance, and testing requirements.
1. Implementation
The Bay Control Units with Protective Relays shall be provided as a single unit or as a
collection of individual units that connect to the Substation LAN. All else being equal,
since it provides more flexibility and improves system availability. Individual units shall
be operationally independent.
2. IEC 61850 Support
Bay Control Units with Protection Relays shall represent all data as IEC 61850 object
references, using Logical Nodes and Common Data Classes that are appropriate to the
specific data sources. It is not acceptable for Bay Control Units with Protection Relay
information to be grouped into generic Logical Nodes except where MEA agrees that it
is the best course of action for specific points that otherwise have no standard
representation within the IEC 61850 information models.
All of IEC61850’s ACSI service models shall be implemented and ready for use, with
the following exceptions: the Setting Group Control Block, the GSSE Control Block, and
the Sampled Value Class Model.

In particular, it is expected that Bay Control Units with Protection Relay will use Report
Control Blocks to send data subscribed by CCUs and Operator Interface [MMI] units.
Report Control Blocks will be absolutely necessary for the transmittal of SOE data.
Operator Interface [MMI] units will exchange data with IEDs only for maintenance,
equipment mode control, and diagnostic purposes. No IEDs other than CCUs, Operator
Interface [MMI] units, and the Time & Date Server shall exchange data with BCU IEDs
on a client-server basis.

- 23 -
 Page7-SA-24
PM5-0403-WBX
Bay Control Units with Protection Relay shall need to transmit and receive GOOSE
messages in support of the heartbeat application. (See Programmable Logic
Applications under Functions.)
3. Data Maintenance Tools
Although the contractor is responsible for system integration of the delivered system,
PC-based tools shall be provided that allow MEA personnel to reassign IEC 61850
object references to point data, to add new assignments and delete old ones, and to
integrate the results into the system.
4. Data Quality
Each data component shall be accompanied by its associated data quality, as defined
by the IEC 61850 Common Data Classes. All constituent bits of data quality shall be
used and supported (as appropriate) by the Bay Control Units with Protection Relays.
5. System Configuration
Each Bay Control Unit with Protection Relay shall provide an IED Capabilities
Description (ICD) file that describes the IEC 61850 information models, service models,
and related communications capabilities supported by the device. It shall also fully
support the SCL process described under the heading titled System Configuration. As
the result of that process, a downloadable CID file shall be created for each BCUs.
6. BCU Point Interfaces and Circuits
Field connection circuits for I/O points, communications, and power require special
consideration to protect equipment against damage and to protect I/O processes
against corrupting influences. This is important for maintaining reliability and operational
integrity. These issues are addressed by three standards listed under the Specific
Relevant Standards clause: IEEE C37.1-1994, IEC 60870-2-1, and IEC 60870-2-2.
System and circuit design related to field connection circuits shall comply with these
standards. Where they overlap, the more stringent clause shall prevail.
In summary, I/O interfaces shall provide high integrity for the detection and
measurement of acquired signals. They shall also prevent damage, maintain safe
conditions for personnel, and prevent bad data caused by the secondary effects of
lightning, operation of power switchgear, abnormal electrical power behavior, and so
on. Under no circumstances shall these effects cause an unintended control action.
7. Serial Data Ports
Each Bay Control Units with Protection Relay shall provide at least two serial data
server ports for gathering I/O data from other sources within the station or from satellite
facilities. Bay Control Units with Protection Relay ports shall support IEC 61850 object
references in the object base. A PC-based test set with software that supports this
protocols shall be provided.
8. Maintenance Port
Each Bay Control Units with Protection Relay shall rely on a ‘maintenance port’ for
configuration management (e.g. uploading and downloading), if those functions cannot
be performed over the network. If this is the case, the supplier shall explain the
necessity and whether a remedy is being prepared.
9. Testing
Convenient, rapid, and effective testing of I/O inputs and Bay Control Units with
Protection Relay interface circuits is especially important. This capability is needed for

- 24 -
 Page7-SA-25
PM5-0403-WBX
verifying point connections, verifying object references against associated input points,
system commissioning, and troubleshooting activities.
One of the general difficulties is that I/O points may arrive at the Bay Control Units with
Protection Relay through terminal connections, through serial data ports, or from
programmable logic outputs. Partly in the interest of simplifying testability, only
connection-oriented I/O inputs are presently specified for use in the Bay Control Units
with Protection Relays.
One approach under consideration would provide the capability to temporarily force a
point out of its normal operating state and into a test state, wherein the point would be
represented by a selectable test value. For example, binary status points would have
two possible test values (0 and 1), analog inputs might have five (i.e. one for each
region), and so on. While in the test state, data quality for the point would be changed
to ‘test’, as indicated through the use of that constituent bit. This test data could be
viewed via an IEC 61850 browser. Alternatively, this testing could be manually or
automatically run and verified, point-by-point, from a client application. The CCU and
other system components would not process test data as valid real-time data, waiting
until such points are commanded out of the test state and back into the normal
operational state. The effectiveness of this approach, or any other recommended by the
bidder, depends heavily on how well the whole I/O path within the Bay Control Units
with Protection Relays is tested. Bidders are welcomed to submit alternative
approaches.
10. Programmable Logic
Bay Control Units with Protection Relays shall provide programmable logic capabilities
and tools.
All application functions that must be implemented in the BCUs are listed below. They
are described in more detail under the specification heading titled Functional
Requirements, Applications Support. Note that protection functions are presently
included.
Heartbeat function [at all sites]
Bay and inter-bay interlocking [at all sites]
Bus coupler throw-over scheme (CTO) [at selected sites]
Line throw-over scheme (LTO) [at selected sites]
Bus throw-over scheme (BTO) [at all sites]
Load shedding and restoration scheme (ALS/ALR) [at all sites]
Breaker failure protection (50BF) [at all sites]
Voltage Selection (VS) [at all sites]
Automatic Transformer Restoration (ATR) [at selected sites]
Capacitor Control [at all sites]

11. Mounting and Power

The Bay Control Units with Protection Relays shall be provided as 19”, rack-mountable
units, suitable for an open relay rack. They shall be powered from station battery, and
include appropriate provisions for fusing, grounding, lighting, heating and power
distribution.
- 25 -
 Page7-SA-26
PM5-0403-WBX
Each panel shall be supplied with 240Vac single phase strip or tubular space heater
with on-off switch and 240Vac single phase interior light controlled by door switch. The
heater shall have moisture control unit with a main switch placed in the bus coupler/bus
section panel.
12. Protection Functions
The rate of sampling for A/D converters shall vary between 1000 Hz and 2000 Hz. The
representation inside the protection relays of currents between 0.1 and 120 x rated
current requires the use of a microprocessor with at least 12 Bit word length. Numerical
protection shall always display the latest event.

Reset of the display shall be possible on the relay front without opening the cover. Reset
shall not erase the memory of the relay. On the panel front in a visible place a label with
the particular designation of each LED in the contractual language is required. The
software version shall be displayed if manually requested.

The operational indication shall be saved in a non-volatile ring buffer, a four digit
resettable counter shall identify the individual faults by a number, the date of the internal
fault shall be saved for each fault.

The recording shall be started by a external signal e.g. CB closing related to an alarm
relay and wired to the binary input and all internal protection functions. At least the four
latest fault events shall be loaded into the memory of the Protection relay (BCU).

Numerical protection shall be designed in such a way that in case of a failure of DC-
auxiliary infeed the full information need to be maintained during 24 hours. After a
recovery of the DC-auxiliary infeed the last information and alarms will be displayed and
the alarm failure of DC-auxiliary infeed released.

For critical alarms, the alarms are sent through ports per IEC 61850 and nearby BCU
binary input to CCU and MMI.

At least 75% of the alarms shall to be programmable and able to be related to output
contacts of the Bay Control Units with Protective Relays.
Through this serial interface the CCU and/or MMI shall be able to retrieve the following
minimum information, archive set or modified. The data integrity for data transfer inside
the substation control unit shall be assured by a Hamming distance 4.

Disturbance fault recording, Fault Location and Accumulation fault (current)

Event Records
On line analog fault currents and voltages
Retrieval, analysis of service and fault annunciations
Parameterizing of protection devices
On-line acquisition of measured process values (rms. or peak values) of currents,
voltages, active and reactive power
Marshalling of binary input, output, LEDs
Configuration of protection functions

12.1 Distance Protection 115/69 kV (21/21N, Separated unit)

The distance protection scheme shall be used as first main protection device. The
design of this protection device shall fulfil at least the following requirements:
Numerical full line protection scheme designed for high-speed discriminative
protection of lines and cables in transmission systems applicable to all neutral
grounding possibilities

- 26 -
 Page7-SA-27
PM5-0403-WBX
Suitable for the protection of long or short overhead lines or cables, double
circuit lines, heavily loaded lines, lines with weak infeeds
A mho or Polygon characteristic for faults between phases and preferable
polygon characteristic for fault between phase and earth.
To guard against incorrect tripping caused by magnetising inrush currents when
in-zone power transformers are present, a selectable magnetising inrush guard
feature shall be fitted.
At least four (4) distance stages with a independently set polygon
characteristics for forward and reverse measurement shall be implemented.
It will be possible to store at least four complete different groups of setting in a
non-volatile (EEPROM) memory, unaffected by loss of DC supply. The active
group of setting can be selected via menu, combination of contacts or via serial
communication from MMI according to IEC 61850 standards. All settings and
records are accessible from the integral user interfaces, also will be possible to
communicate with the MMI via Substation LAN and also will be possible to
relays office.
To ensure correct measurement under earth fault conditions, the relay needs to
be earth compensated with both residual and a angular compensation for the
proposed scheme OHL or cable.
VT supervision shall be included. VT supervision will block the trip of the
distance protection. The logic for this feature if based on zero component
voltage and current shall not be influenced by magnetising inrush current during
energization of power transformers and during starting of motors.
The power swing blocking feature shall be able to be selected for blocking or
tripping at selected zones and able to be overridden under the presence of a
earth fault.
System logic for switch onto fault protection (SOTF) shall be implemented. The
SOTF feature will be enabled in between a settable time 100…200 ms after the
relay detects the local circuit has opened. This feature will block the
autoreclosure scheme and the tripping will always be on the first setting time.
Any starting, measuring via distance comparators or any current level detector,
will initiate the tripping in this logic.
A logic for tele-protection schemes shall be regarded including the following
topics :
Permissive underreaching (PUTT)
Permissive overreaching (POTT) with weak infeed logic and
communication channel failure and reversal of fault energy direction
Zone 1 extension coupled to the autoreclosure scheme in case of a
faulty communication channel
Blocking scheme
Sensitive directional earth fault in a directional comparison scheme.
Weak infeed logic shall be able to select the proper autoreclosure
selection by means of the phase selection
Open terminal echo and current reversal logic will be supplied with all
the overreaching schemes
The logic scheme of the supplied tele-protection logic needs to be
submitted in block diagrams with clear indication of the send logic, trip
logic, open terminal end and weak end logic.
Autoreclosure schemes for single and multiple faults with single and
multiple shots shall be taken into account.

- 27 -
 Page7-SA-28
PM5-0403-WBX
The distance from the relaying point to the fault location will be
measured and displayed by the incorporated fault locator units. The
algorithm in this case shall take into consideration the pre-fault load
current and the selected mutual coupling.
In case of fault the relay shall store four cycles of pre-trip and at least
ten cycles of post-trip data. This includes as well the voltages and
currents as internal relay information.
The scheme is equipped with two interfaces for the connection to a
local PC and to remote communication with the Central Control Unit.
Integral user interface form allows easy access to relay setting and
fault recorded parameter and binary commands.
Interfaces modules/boards shall provide a galvanic isolation to 5 kV
peak and filter out high frequency common mode and transverse mode
noise signal.
At least two line by 16 character liquid crystal display (LCD), a key
path, and ten programmable light emitting diodes (LED) for the several
alarms, additional three LEDs for the relay should be available, alarm
and trip shall be delivered for the main relay interfaces.
Visual indication of service parameters like voltages, currents, active
and reactive power, maximum load, and other selectable parameters to
be visualised in case of faults shall be included.
The EEPROM is a non volatile area of the memory, and will fulfil the
storage and maintain the information within it even if the DC supply is
removed. This area of the memory is copied to the working RAM after
a DC power up, but only written to and read from, if setting changes
are updated or a fault condition occurs.
At least the last three fault signals, alarms as well as the voltages,
currents, tripping time, effective currents, setting group will be loaded
into the EEPROM able to be restored, and loaded in a PC and be
analysed by the protection service software as mentioned on this
specification.
The synchronisation from a common remote clock and locally through
the Central Control Unit (CCU) by means of a general synchronising
signal or by a manual menu guided instruction is possible.
The contractual language i.e. English shall be used for setting and data
input menus as well as for the description of all the main relay
interfaces.
12.2 Undervoltage Protection (27)
Undervoltage protection shall be provided built-in Distance Protection and BCUs with a
definitive time characteristic 0.1 till 1.2 in steps of 0.1 and a timer settable between 0.1 till
5.0 sec. Undervoltage protection will be used to initiate Programmable Logic
Applications, Automated Control Sequences Scheme such as LTO, CTO, BTO and ALR.
12.3 Directional Overcurrent and Earth Fault Protection (67/67N)
The directional overcurrent and earth fault protection device shall be provided built-in
BCUs with phase and earth fault elements. This relay shall be segregated measuring,
alarms, annunciations and settings. Directional elements for both phase and earth fault
scheme.
At least four selectable characteristics for the phase elements shall be included
according to IEC 60255-4 and BS 142:

normally inverse characteristic

very inverse characteristic
extremely inverse characteristic
definite time characteristic

- 28 -
 Page7-SA-29
PM5-0403-WBX
additional long time characteristic for the earth element

Instantaneous trip order for the phase and earth element with a implemented timer and a
set position to block their trip shall be provided.
12.4 Underfrequency Protection (81U)
Underfrequency protection shall be provided built-in BCUs for load shedding function
for tripping the outgoing 24/12 kV feeders, acting on underfrequency in five
programmable steps.
The setting range for both steps shall be 50-47 Hz in increments of approximately 0.03
Hz.
Time delay to allow a co-ordination between the different steps, settable between 0 -
120. sec for each step will be provided.
The function must be guaranteed with voltage levels of +10% to -50% of the rated
voltage. The function shall be blocked if the voltage is less than 80% of the rated
voltage.

12.5 Transformer Differential Protection (87, Separated Unit)

The transformer differential protection device shall be able to protect 2 and 3-winding
transformers. The protection principle is the comparison of currents of the different
voltage levels to detect any difference i.e. fault condition. The measured current values
are changed to restraining and differential currents. Tripping takes place if the
comparison of the couple restraining /differential current is within the tripping zone
(exception inrush). Faults within the protection range e.g. phase faults, earth faults and
interturn faults shall be recognised.

The analogue input signals of the relay are sent through a RC lowpass filter to suppress
high frequency parts ("aliasing"). The sampling rate shall not be less than 12
samples/period. This means a minimum sampling rate of 600 Hz for 50 Hz systems.

The input signals are digitalized by A/D converter. The transformer vector group will be
compensated. The CT ratio fault is to take into account by program. Digital filtering leads
to the harmonic contents of the differential (basic and second harmonic) and the
restraining current (basic harmonic). The content of the second harmonic is used to
restrain tripping during inrush conditions. The tripping characteristic has to be stabilised
against external faults to avoid false tripping.

The relay shall be able in case of tripping events to store the input data for 1 s with 2
periods prefault data. The digital relay shall be controlled by self control routines (e.g.
every 10 s) to avoid false function and to permit early detection of any fault inside the
relay.

The Parameterizing of the relay shall be able by local control by keyboard or PC and on
the other hand by MMI from the station or network control level.

The measured values are compared phase by phase. If there is one phase faulty the
tripping takes place. If in only one phase inrush conditions are detected tripping is
restrained. The command time of the relay shall not be higher than 35 ms.

The differential protection device shall provide the possibility of external binary signal
acquisition for the purpose of indication and fault recording. Interposing CT's included on
the relay.
Tripping and Lockout relays should be provided to prevent re-closure, both manual and
automatic, until the lockout relays are reset (shall be electrical reset).

- 29 -
 Page7-SA-30
PM5-0403-WBX
12.6 Overcurrent Protection (50/51, 50/51N)

The overcurrent protection device shall be provided built-in BCUs with phase and earth
fault elements. This relay shall be segregated measuring, alarms, annunciations and
settings.
At least four selectable characteristics for the phase elements shall be included
according to IEC 60255-4 and BS 142 :-

normally inverse characteristic

very inverse characteristic
extremely inverse characteristic
definite time characteristic
additional long time characteristic for the earth element

Instantaneous trip order for the phase element with a implemented timer and a set
position to block their trip shall be provided.
12.7 Breaker failure protection (50BF)

Breaker failure protection (50BF) shall be provided built-in for all BCUs and Distance
Protection. The phase currents of the feeders shall be monitored for each phase.

The overall reset function of the 50BF system shall not be slower than 25 ms. It shall be
sensitive to detect from 0.2 to 2.0 times the rated feeder current, adjustable in steps of
less or equal to 0.2 times of this current and being able to be operated continuously at
1.2 times the rated current.
12.8 Feeder Protection 24/12 kV
The overcurrent protection device shall be provided with phase and earth fault elements.

Overcurrent protection
Overcurrent Earth Fault protection
3 phase overcurrent with the same characteristics as directional overcurrent
protection

At least four selectable characteristics for the phase elements shall be included
according to IEC 60255-4 and BS 142:

normally inverse characteristic

very inverse characteristic
extremely inverse characteristic
definite time characteristic
additional long time characteristic for the earth element

All setting will be entered by means of a built-in keypad and a external software.
Comprehensive data accumulated in the memory for post fault analysis retrieved through
the serial interface into a personal computer.

Instantaneous trip order for the phase and earth element with a implemented timer and a
set position to block their trip if necessary.

A sensitive earth fault relay (0.02 - 0.8 In) shall be provided. A extensive timer 0.1 - 6.0
sec shall provided the co-ordination with the down stream overcurrent relays.

- 30 -
 Page7-SA-31
PM5-0403-WBX
The Earth Fault protection shall be controlled “ON” and “OFF” by BCU internal S-R
Flip-Flop which can be operated by a manual switch on the panel or through the SA
control command.
One lamps, LED, marked “OFF” shall be fixed on the panel near the double throw switch
to indicate the status of earth fault protection.
12.9 Auto-Reclosing for Feeder 24/12 kV
Auto-reclosing function shall be provided at least 3 shots. The auto-reclosing
function shall be started from overcurrent and earth fault protections and shall
operate in the following manner :
After being started by either protection, and after the circuit breaker has tripped,
the first auto-reclosing shot shall be 0.2- 4 seconds(adjustable) dead time, a
second shot after 15-60 seconds(adjustable) dead time, and the third and last
shot after another 30-180 second(adjustable) dead time. After closing circuit of
the circuit breaker has been energized , the auto-reclosing shall start reclaim
time for 15-180 seconds(adjustable) to start an autoreclosing sequence, in case
of close on to fault the reclaim time shall be stopped immediately by tripping
command of protection functions.
In addition to after first re-closing, the instantaneous overcurrent and
instantaneous earth fault functions shall be blocked, in order to allow
coordination of protection functions with downstream protections devices. The
auto-reclosing shall be provided with an operation counter according to auto-
reclosing sequence timing diagram.

The auto-reclosing function shall be controlled “USE” and “LOCK” (meaning “in use”
and “blocked”) by BCU internal S-R Flip-Flop which can be operated by a manual
switch on the panel and through the SA control command.
Two lamps, LED, marked “USE” and “LOCK” shall be fixed on the panel near the double
throw switch to indicate the status of auto-reclosing function.

- 31 -
 Page7-SA-32
PM5-0403-WBX

1st Trip 2nd Trip 3thTrip Final Trip

Protection I>>,I>,Ie>>,Ie> I>,Ie> I>,Ie> I>,Ie>
Tripping
Command

AR Close 1st shot 2nd shot 3thshot

Command

Reclaim Time
Reclaim Time
CB Status
Reclaim Time & Lock out Time

CB Close

Lockout
CB open
Dead Time 1st Dead Time 2nd shot Dead Time 3th shot
shot

Auto-reclosing Sequence Timing Diagram

12.10 Trip Circuit Supervision (74)

The trip circuit supervision circuits shall be provided to monitor the continuity of the circuit
breaker tripping circuit at both close and open conditions from relay output to two trip
coils in the CB. Trip circuit supervision shall be included the Distance Protection and all
BCUs.
All Distance Protections and all BCUs shall be provided two contacts for annunciator and
nearby BCU, for SA alarm is sent through ports per IEC 61850
12.11 List of Approved Manufacturers
Protection relays acceptable to MEA shall be from manufacturers listed below :-
ABB
ALSTOM GRID UK LIMITED
GE
Siemens
Schweitzer (SEL)
SEG

- 32 -
 Page7-SA-33
PM5-0403-WBX
Schneider Electric

2.2 FAILURE and MAINTENANCE MANAGEMENT

Using a network-based system configuration offers numerous opportunities for elevating the
station’s business value, but it also requires consideration of how potential failures or scheduled
maintenance activities may affect system operation. Since a Substation LAN is shared for all
information-related processes, any failure or disruption that significantly impairs network
communications has the potential for bringing down a critical portion of the whole system. Other
factors can also cause such a problem. It is very important to anticipate these situations and to
mitigate the overall risk to an acceptable level. Failure and maintenance management is the means
employed to achieve this, and it is intimately involved with system reliability and availability, which
are addressed in the clause titled System Design Constraints.
The objective of failure management is to provide a set of resources and mechanisms that can
automatically isolate the system from the effects of otherwise critical failures. This is not to say that
all situations can be so managed, or that system operation can be fully restored. It is rather the
capability to perform damage control, limiting the loss of system functionality to non-critical
functions whenever possible and diminishing the overall risk of critical failures occurring.
The objective of maintenance management is similar. There will surely be occasions when
personnel need to take a system resource off-line for maintenance, updates, or testing. Although
these are not failure scenarios, they can potentially have the same effects on system operation.
Fortunately, these situations are planned and generally under utility control. The same resources
and mechanisms used for failure management may be applied here. In addition, the Operator
Interface [MMI] may be a valuable asset, allowing the operator to intelligently prepare the system
for the scheduled activity in an advantageous way.
Resources and mechanisms for failure and maintenance management are listed below. Think of
these as countermeasures. One or more of these will be incorporated into system design for
reasons that go beyond failure and maintenance management; they are marked with an asterisk.
Others are simply candidates that seem to offer advantageous capabilities. This specification does
not presume to state how these ought to be specifically applied in a bidder’s system proposal, but it
is expected that such applications will be imaginative and effective. Bidders are encouraged to add
to the list. Bottom line, straight redundancy has its place but is a brute force approach. System
proposals shall describe the measures to be used, how they would be applied, and why they are
effective. It is recommended that bidders consider the system availability requirements and critical
outage definitions when responding.
In all this, remember that Terminal Stations will normally be manned and have permanent Operator
Interface {MMI] facilities. Substations will normally be unmanned, and the Operator Interface [MMI]
is outside at RCC, a portable resource that has to be brought to the substation.
1. Two redundant Substation LANs
There are two principal reasons for the use of two Substation LANs: (1) MEA’s standard
protection practice already uses two independent sets of relays, an A-set and a B-set. As
relay IEDs are deployed, it is natural to associate Substation LAN A with the A-set of
protection devices and Substation LAN B with the B-set of protection devices. (2) The A-
set and B-set devices work completely independently of each other, racing to complete
protection actions when faults occur. If one fails, the other can be expected to perform the
required functions. This works well and provides high system reliability as long as failures
are repaired promptly, ensuring that both sets are normally operating. Other types of IEDs
can reside on each Substation LAN alongside the relay IEDs.
2. Dual Substation LAN Connections
Certain critical IEDs shall be connected to both Substation LAN A and Substation
LAN B. These include the CCU, CGW, MMI and TDS. In all cases, only one
- 33 -
 Page7-SA-34
PM5-0403-WBX
connection shall be active at a time. Normally, it is the primary connection. Where
these IEDs are not equipped redundantly, the primary connection shall be
Substation LAN A. Where they are, the primary connection for the second IED shall
be Substation LAN B. Note that redundantly equipped IEDs must use different IP
addresses.
If an IED determines that its primary connection has an operational problem, it will
switch to its standby connection until such time as the primary connection is
restored. These dual connection provisions protect system availability and offer a
measure of operational resilience when network switch failures and certain other
types of failures occur.
Operator Interface [MMI] units located at Terminal Stations are equipped with dual
Substation LAN connections. These operate in a similar manner, except that the
operator shall simply force the connection to either Substation LAN A or Substation
LAN B. For MMI units, the concept of primary and standby connections does not
apply. In other words, the Operator Interface [MMI] will not automatically switch from
one connection to the other. This protects the operator against unexpected
switching while he is working and provides him with additional flexibility that he may
need in unusual situations. In all cases, the Operator Interface [MMI] shall
continuously show the connection status (Substation LAN A or B) in the same
location on all system displays. Portable MMI units, which are notebook-based, only
support one Substation LAN connection, so this capability description is not
applicable to them.
But using any MMI unit, an operator can temporarily lock any other IED having dual
connections to either Substation LAN A or Substation LAN B. The intent is to place
and maintain the system in a state that is under the operator’s control while he is
isolating or resolving a problem. This status shall be shown on the ‘Station Status’
display as an abnormal state, shown on the ‘Abnormal Points Summary’ display,
shown on the ‘Communications Status / Operational Status’ and cause an ‘Alarm
Summary’ entry. These actions shall be taken to ensure the lock is manually
removed before the system is returned to normal service.
3. Redundant CCUs
The CCU is a critical system resource. If the CCU is lost, the system goes down and the
system logs are at least temporarily (perhaps permanently) lost. When the CCU is
restored, the system will begin operation anew with no recorded history to rely on. For
sites where this is unacceptable, a standby CCU is required. This is also a sure way to
increase system availability.
When there are two (i.e. redundant) CCUs in a system, the MMI operator shall designate
one as the primary CCU, and the other assumes the standby role. These terms are not to
be confused with primary and standby connections, as described under the ‘Dual
Substation LAN Connections’ heading above. These concepts, however, do work in
tandem.
The primary CCU actively runs the system. When a standby CCU goes on-line, the
system will have been operating for an indefinite period of time (which may be no time at
all). The standby CCU is not aware of the system’s recent operational history or its
current operational state. To the extent they exist, they are maintained in the primary
CCU’s system logs (e.g. StatusLog, CommandLog, ChangeLog, SubLog, FileLog) and
Local Repository. Consequently, the standby CCU shall read and replicate the system
logs, and then enter a listening mode. In listening mode, the standby CCU shall monitor
and process all system communications that affect the content of its Repository or system
logs, ensuring that it updates them in the same manner performed by the primary CCU.

- 34 -
 Page7-SA-35
PM5-0403-WBX
These actions prepare the standby CCU for reassignment as the primary CCU, should
the need arise or a test be conducted.
Control commands, configuration changes, value substitutions, file transfers and
deletions, and reports, are only executed through the primary CCU. The standby CCU
only makes system log entries and Repository updates that result from these actions.
The standby CCU shall become the primary CCU if any of the following occurs:
The Operator Interface [MMI] unit designates it as the primary CCU.
The primary CCU is not issuing heartbeat messages or indicates that it has serious
health problems. In this case, the switchover shall be automatic.
In this case, the system temporarily promotes the standby CCU to primary. When
the failed CCU is restored on-line, the system will want to again make it the primary
CCU, per the operator’s standing preference. This shall not occur until the restored
CCU has read and processed the system logs from the other CCU. In addition, a
user-defined delay interval (e.g. 30 minutes) shall be imposed to give the restored
CCU a reasonable time to update its Repository.
Current thinking is that redundant CCUs shall be used at all sites as a defense against
critical system failures, since the CCU is responsible for a number of critical functions and
resources (e.g. the Local Repository).
4. The Portable Operator Interface [MMI]
It has been noted elsewhere that Terminal Stations shall have a permanent, desktop-
based Operator Interface [MMI], whereas Substations, being normally unmanned, shall
not. When Substations require the use of an MMI unit, a portable, notebook-based unit
shall be taken to the site for temporary use. This portable MMI concept also provides a
ready solution to the problem of backup, should an Operator Interface [MMI] unit fail at
any site, whether Terminal Station or Substation. For Terminal Stations, it means that a
permanent backup MMI is not required.
The one problem that needed to be solved, however, is how to bring a portable MMI into
a station site and make it aware of the system’s operational history. Otherwise, the
operator cannot see anything more than the system’s current state. The solution, in line
with the groundwork laid in this specification, is to enable the MMI unit to read and
process the system logs resident in the primary CCU. This is discussed more fully under
the Operator interface [MMI] heading.
5. Redundant Power and Converters
The following groups of equipment shall be powered separately from station battery using
independent converters, so that no power failure can bring down more than one group:
IEDs and equipment normally associated with Substation LAN A
IEDs and equipment normally associated with Substation LAN B
6. Redundant IEDs
Redundant IEDs (e.g. CCUs, as described above) can lower the risk associated with
certain kinds of system failures, since their functions continue to operate when one of the
pair fails.
7. Use of Contingent Peers
It is frequently the case that IEDs work interdependently to implement some distributed,
programmed logic application. In such cases, each IED depends on its peers to keep the

- 35 -
 Page7-SA-36
PM5-0403-WBX
application working properly. If one of these IEDs detects that the heartbeat of one of its
dependent peers is not being broadcast, it may use a contingent peer to substitute for the
non-operational one. (Refer to the description of the heartbeat function under the heading
titled Programmable Logic Applications.) Use of contingent peers requires planning, of
course, and would generally be used only for critical functions. This approach has been
successfully applied in an operating station in Tennessee.
8. Managed Ethernet Switches
Managed switches can provide capabilities that deal with communications network faults,
different classes of IEDs, and priority issues. Some of these capabilities and related
industry standards are bulleted below:
IEEE 802.1p: Prioritization to allow real-time, critical messages to get through
IEEE 802.1Q: VLAN to allow isolation of critical IEDs from non-critical IEDs
IEEE 802.1w: Rapid Spanning Tree to allow fault-tolerant ring architectures with
rapid reconfiguration times
Managed Ethernet Switches acceptable to MEA shall be from RuggedCom Inc. or
equivalent. Each Managed Ethernet Switch shall be provided with a minimum of at 20
% spare communication ports.
For Bay level (all BCUs and Protection relay), Integrated Ethernet Switches is also
accepted.
9. Redundant Systems Testing and Demonstration
All Redundant Systems shall be tested and demonstrated during FAT and SAT.

- 36 -
 Page7-SA-37
PM5-0403-WBX

3 FUNCTIONAL REQUIREMENTS
This clause describes the functions to be supported by the delivered systems. These functions
shall enable dispatchers from the SCADA/EMS control center and substation operators to monitor
and control MEA’s station systems and shall fully support advanced applications specified in this
specification.
The SA system shall incorporate hardware and software interlocks to ensure that substation plant
controls can only be affected from one location at any time.

3.1 SYSTEM CONFIGURATION

The following represent important implementation issues for the station systems:
1. SCL-Compliance
Not only shall all IEDs supplied for this bid be compliant with the IEC 61850
communications standard, but they shall be configured using SCL-compliant tools, files,
and procedures as described in IEC 61850, Part 6.
2. Remote Configuration and File-Based Maintenance
All system software, applications, and devices (e.g. IEDs) shall be designed to facilitate
easy re-configuration and program updates via remote file downloads. Some proprietary
files may be required for an entity to operate as intended, but this is not a problem as long
as the content of those files does not adversely affect IED or system communications
interoperability, as defined by IEC 61850.
3. Structure and Content of the Local Repository
The structure, information models, interfaces, and services of the Local Repository shall
comply with the IEC 61850 communications standard.
As shown in Figure 2, the Repository shall contain two sets of IEC 61850-compatible
schemas: Proxy ‘Server Views’ and Proxy ‘Client Views’. Design implementation shall not
limit the growth of the Repository over time, as some sites may appreciably increase in
scope. No programming or system regeneration shall be necessary for adding or
modifying components; reconfiguration through the SCL configuration process shall be
used.
Proxy ‘Server Views’
These replicate the actual Server Views held in IEDs, to the extent their use is
contemplated by MEA.
As a minimum, all Logical Devices (i.e. domains) belonging to those IEDs need to
be shown. This is important, because files related to server IEDs are referenced
through their associated Logical Devices. Because of the way file transfer
functionality is specified, files need to be referenced in both IED ‘Server Views’ and
Proxy ‘Server Views’.
Proxy ‘Server Views’ shall only be used to support browsing, so that operators and
system designers can determine what data is available from each IED Server and
how that data is structurally organized. This means that all defined Logical Nodes,
and the data they contain, shall be replicated from the IED Servers to the Proxy
Server Views. The only exceptions are data that MEA agrees will never be used.
IEDs shall not be directly browsed during normal system operation.

- 37 -
 Page7-SA-38
PM5-0403-WBX
Any time a related configuration file is updated and downloaded to a CCU or IED,
the affected schemas shall be automatically updated. Given the way file
management is specified, any reconfiguration of IED ‘Server Views’ shall
automatically result in an identical reconfiguration of the corresponding Proxy
‘Server Views’ in both the primary and standby (if present) CCUs. Reconfiguration
of Proxy ‘Client Views’ does not affect any IED besides CCUs, unless changes to
structure and data affect existing client subscriptions. Such issues are generally
handled by the SCL configuration process.
Proxy ‘Client Views’
While IED Server Views tend to be product-oriented, Client Views tend to be
application-oriented. Client Views rearrange the way information is grouped and
organized. This is done to suit the convenience and viewpoint of the client. In this
specification, MEA is primarily focused on an operations viewpoint.
For example, MEA may wish to use Logical Device ‘XB_691’ to represent a
transformer bay. The desired information content for this bay may include (1)
breaker control and status, recloser status, and lockout status for two circuit
breakers, (2) control and status for disconnect switches, (3) various transformer
data and LTC control, (4) status for earthing switches, and (5) power system
measurements at more than one point. Other views could be designed to suit
maintenance, power quality, or station metering, or engineering perspectives. Each
client is typically interested in a different slice of the available data and would like to
see it represented in a way that best meets their needs. It frequently depends on the
work culture of the group.
The desired content may be provided by several IEDs, each having a portion of the
required data, so those various pieces need to be mapped to the content of XB_691
in the Client Views.
As shown in Figure 3, each Logical Node in a Client View may draw its data from
one to several IEDs. Logical Nodes in the IED Servers may send different pieces of
their data to different Logical Nodes in the Client Views. This requires a mapping
process that links IED Server components with Client View components. SCL tools
provide this capability. Note that this is a ‘pick-and-choose’ process that begins at
the Logical Device level, and proceeds down through IEC 61850’s data modeling
hierarchy:
Logical Device
Logical Node
Common Data Class
Data
Data Attribute
Some components at the lower end are mandatory, some are optional, and some
involve interdependencies. The mapped linkages determine how data from the IED
Servers is used to keep the Client Views up to date.
All data that the CCU selectively acquires (e.g. subscribes, polls) from IED Servers shall
be stored in the Local Repository under both Proxy Server Views and Proxy Client Views.
Related support data (e.g. operational parameters, configuration parameters, text
descriptions) specified by the IEC 61850 data models shall also be included, except for
those items that both optional and of no interest to MEA. Other categories of data to be
represented within Client Views include the following, as long as they serve a defined
purpose for MEA:

- 38 -
 Page7-SA-39
PM5-0403-WBX
Calculated data
Data generated by application programs
Diagnostic data (e.g. operational status) and system performance statistics
These are to be represented in a manner consistent with standard IEC 61850 information
models and application usage.
The contractor shall consult with MEA and recommend schema for IEDs and client
applications installed at the individual stations. The Repository structure and content shall
be designed according to these specifications, documented by the contractor, and
presented for MEA’s approval.
Per the IEC 61850 standard, real-time data values stored in the Local Repository are
represented in engineering units. Where there is latitude in how those units are
expressed (e.g. Volts or kV), the contractor shall propose choices for MEA’s approval.
4. Things to Avoid
Delivered equipment shall not use DIP switches, connection jumpers, wire-wrap
techniques, or any similar technique for user-defined parameters.
5. Contractor Responsibilities
The contractor shall be responsible for integrating and configuring all required system
software, applications, and equipment. These shall all be reconfigurable by MEA, using
tools and procedures provided by the contractor, so that evolving operational
requirements can be met.

- 39 -
 Page7-SA-40
PM5-0403-WBX

Proxy ‘Client Views’

These views
reflect the way
one or more
system clients
(e.g. operations)
’
in es
i th vic see the
Server Views w e
s ed al D substation.
u i c
ly og
IED Server A t ive t ‘L
c
le re n There may be
se iffe
is d different views
ent use
nt h LOCAL REPOSITORY
’ co hic for different
e w ’, w
IED Server B r Vi ews clients.
ve Vi
er t
‘S lien
‘C

IE
IED Server C in D ‘ Proxy ‘Server Views’
t h Se
e rv
Lo e
ca r V
l R iew IED Server A
ep s
os ’ a
…

ito re
ry re p
lic
IED Server D at
ed
IED Server B

The structure and content of Proxy Server Views must be IED Server C
identical to the corresponding IED Server Views, to the extent
that the Proxy Server Views show Server View information. As a
minimum, all Logical Devices (i.e. domains ) must be shown.
…

Any file associated with a Server View is referenced through its

associated Logical Device directory.

Any file associated with a Proxy Client View is referenced IED Server D
through its associated Logical Device directory.

Server Views and Proxy Client Views are created through the
system configuration process.

Figure 2: Structure of the Local Repository

- 40 -
 Page7-SA-41
PM5-0403-WBX
IED Server A

LD root

LD_A Domain A
Client

LN_1 LD root

LN_2

LN_3 LD_D Domain D

IED Server B

LD root LN_11

LD_B1 Domain B1 LN_12

LN_4 LN_13

LN_14
LN_5

LD_B2 Domai n B 2

LD_ E Domain E
LN_6
IED Server C

LD root LN_15

LN_16
LD_C Domain C

LN_17
LN_7

LN_8

LN_9

LN_10

Figure 3: Mapping Data between IED and Client Schemas

- 41 -
 Page7-SA-42
PM5-0403-WBX
3.1.1 IEC 61850 Configuration Tools and Process
The IEC 61850 communication standard provides a System Configuration Language (SCL) that
can be used to configure communications for both IEDs and the entire system. It involves the use
of several types of files, created for different purposes, and two levels of tools for creating and
managing those files. The files are represented in XML (Extensible Mark-up Language), enabling
the interoperable exchange of configuration and capability information between supplier tools. The
semi-automated process (i.e. people still need to enter design intentions), illustrated in Figure 4,
virtually eliminates hand-entry of information and manual configuration of equipment.
The four types of files that comprise SCL, listed roughly in the order they are used to produce a
configured system, are the following:
1. ICD: IED Capabilities Description
This file describes the communications capabilities of an individual IED, and it is typically
installed in the IED before shipment from the factory. The file can be extracted from the
IED at any time. It contains no information about how the device is to be used in a target
system, but does fully describe what communication services and information models can
be supported by the IED.
2. SSD: System Specification Description
This file describes the functional specification of the whole secondary system at the
station, including the communications system. Among other things, it captures a one-line
diagram of the targeted system. It allows Logical Nodes [LNs] (i.e. functional pieces of the
whole IEC 61850 information model) to be assigned to the various IEDs according to their
functional roles and capabilities. These actions are typically performed using a single
System Configuration Tool, selected from among those offered by IED manufacturers.
3. SCD: System Configuration Description
This file is created using the System Configuration Tool, the SSD file and ICD files for all
IEDs used in the system. The result is a complete ‘process configuration’ for the
secondary system, with IEDs bound to individual process functions, primary equipment,
and client-access privileges. It also includes all predefined network associations and all
client-server connections with LNs on a data level.
4. CID: Configured IED Description
When the SCD file has been created, it is used to create an individual, downloadable
Configured IED Description file for each IED in the secondary system. This is achieved
using the IED Configuration Tool provided by each manufacturer. As long as these tools
have an interoperable SCL interface, as described by the IEC 61850 standard, they may
be proprietary. This is often necessary, so that the tools can download additional IED
configurational data that is proprietary in nature, but which does not affect system
interoperability.

3.1.2 Open System Provision

Although these systems will be provided through a turnkey project, it is imperative that the resulting
systems be open. It is not acceptable that MEA be locked into one or even a limited number of IED
suppliers for future upgrades. Therefore, a special provision is required: The contractor shall
demonstrate that two additional IEDs, each of different manufacture and approved by MEA, can be
integrated into these systems using the SCL tools, files, and process described by the IEC 61850
communications standard. The open system demonstration shall be done during FAT and SAT.
The open system experience/reference list of the supplier in supplying SA shall be submitted with
the bid.

- 42 -
 Page7-SA-43
PM5-0403-WBX

An IED-independent,
‘IED Capabilities Description’ system-level tool ‘System Specification Description’
for every IED ( ICD Files ) ( SSD File )
System
Configuration
IED #1 Tool
IED #2
…
‘System Configuration Description’
IED #n ( SCD File )

IED
Different manufacturers
Configuration
have different tools
Tools

6 System
Database
‘Configured IED Description’
( CID File ) for each IED
All files are stored in a
‘substation database’
The CID file (or a vendor-specific file) may
for record keeping
be used to configure the corresponding IED
and ongoing use
(via network download)

Figure 4: The SCL Configuration Process

- 43 -
 Page7-SA-44
PM5-0403-WBX

3.2 FILE MANAGEMENT

File management is concerned with the use, control, and organization of files in a system
environment, so that required objectives are met.

3.2.1 Objectives
Files of various types are used with the IEDs of these systems. They include configuration files,
software files, user-application files, and IED-generated data files. These files need to be managed
and occasionally transferred, so that the system operates properly, reliably, and efficiently. MEA’s
specific objectives include the following:
1. Download Capability: Devices need all their software, application program components,
and configuration files if they are to work properly. Even if they are preloaded when the
system is first commissioned, they will very likely need to be updated or replaced in the
future.
MEA needs to be able to accomplish these changes via file-download procedures over
the network, initiated from a remote location or at the station site, per MEA’s discretion on
each occurrence. File services are needed to perform these downloads and to delete files
that are no longer relevant.
2. Upload Capability: Sometimes, during system operation, IEDs may generate data files
(e.g. disturbance files). These files need to be uploaded to a higher system level and then
directed to one or more clients for analysis. The IEDs that generate these files have
limited resources, and they may need to get the current file uploaded relatively quickly, so
that they have freed resources (e.g. memory) to accept the next file, whenever it may be
generated. So a mechanism is needed for the responsible system component to
recognize when a new data file is present and a file-upload service is needed to transfer
the file.
3. File Attribute and Directory Services: The file management procedures must be
relatively simple and foolproof, to avoid confusion and ensure reliable results. And
because operators occasionally need to check their assumptions, they will want confirm
that files reside where they are expected and that the files have the proper attributes (e.g.
last-time-modified). So file services are needed to provide these capabilities.
4. Audit Trail for File Transfer Activity: From a system perspective, it is important to keep
an audit trail of significant occurrences. File transfers are always important, as personnel
need a reliable record of past transfers. Such information may be needed at a future time
when analyzing a problem and deciding how to proceed. An audit trail should create a
record each time a file is transferred or deleted, recording the file name, its attributes,
where it was transferred from and to, and what party (or client) authorized the transfer.

3.2.2 An Approach
The selected approach to file management is based on the IEC 61850 communication standard’s
file services. These five services are combined with the creation of a File Agent application that
runs on the CCU. Unlike programmable logic applications, which are typically applied to implement
user-related functions, the File Agent is a software utility that performs a general system function.
The File Agent performs file transfers when necessary, sometimes automatically and sometimes
when a system client initiates the action. The way this happens is shown in Table 1 for the various
file transfer scenarios. The File Agent does not need to interpret file content.
The File Agent also creates and maintains a chronological FileLog, which records information
about each transfer and thus provides an audit trail for file transfers. The FileLog is available to
system clients at any time and can be read selectively, using IEC 61850 log services. System

- 44 -
 Page7-SA-45
PM5-0403-WBX
clients shall use the FileLog, StatusLog, CommandLog, SubLog, and ChangeLog to reconstruct
recent system history when necessary.

File-Related IEC 61850 Service IEC 61850 File Types Target IEDs Authorized
System Service Affected Initiating Client
Capability Model

Download files SetFile File Configuration BCU, TDS, CCU Remote File Mgr
to IEDs Software Op. Interface [MMI] Op. Interface [MMI]
(via File Agent) Prot. Relays
User Apps BCU, CCU Remote File Mgr
Op. Interface [MMI] Op. Interface [MMI]
Prot. Relays
Upload files GetFile File Configuration BCU, TDS, Remote File Mgr
from IEDs to Op. Interface [MMI] Op. Interface [MMI]
CCU
Prot. Relays
(via File Agent)
Data Prot. Relays (future) File Agent (CCU)

Delete files DeleteFile File Configuration BCU, TDS, CCU Remote File Mgr
from IEDs Software Prot. Relays Op. Interface [MMI]
(via File Agent) User Apps

Data Prot. Relays Remote File Mgr

Op. Interface [MMI]
Configuration Op. Interface [MMI] Remote File Mgr
Software
User Apps
Read file GetFileAttributeValues File Configuration BCU, TDS, CCU, Remote File Mgr
attributes Software Op. Interface [MMI] Op. Interface [MMI]
(file name, size, User Apps Prot. Relays
time-last-
modified) Data Prot. Relays Remote File Mgr
Op. Interface [MMI]
Read file GetServerDirectory Server Configuration BCU, TDS, CCU, Remote File Mgr
directory (Files) Software Op. Interface [MMI] Op. Interface [MMI]
User Apps Prot. Relays
Data Prot. Relays Remote File Mgr
Op. Interface [MMI]

Note: Initiated by using SetFile service to place the target file into the target IED directory of the Local Repository.

Table 1: File Management

3.2.3 File Agent Responsibilities

The File Agent’s specific responsibilities include the following:
1. Process all File Transfers
The File Agent shall process all file transfers between clients and servers, with support
from the Local Repository.
2. Use IEC 61850 Specifications

- 45 -
 Page7-SA-46
PM5-0403-WBX
The File Agent shall use the file services, file structure, file attributes, and other file
characteristics specified (or recommended) by IEC 61850 to maintain interoperability
within the station.
For example, file names shall use extensions to differentiate the various kinds of files
(e.g. programs, configuration, disturbance records). All files shall use a single file format:
sequential unstructured binary. All files shall carry three attributes: File name, file size,
and last-time-modified.
Per IEC 61850-8-1, Clause 23.1: Files names may be constructed as file name
references, beginning with a sequence of directory names (separated by a ‘slash’
delimiter) and ending with the actual name-of-a-file. The sequence of directory names
always begins with a LogicalDevice directory under the LD root directory of the Server
(i.e. server IED). This is because IEC 61850 requires every file to be contained within an
associated LogicalDevice. This file naming convention shall be universally used in the
delivered systems, because it is necessary for the capabilities described in item 3 below.
IEC 61850 services shall be used to implement all file services for transfers within the
station. These can be found in IEC 61850-7-2 under Server Class Services
(GetServerDirectory) and File Services (all the others). These services shall operate over
MEA’s Substation LANs (as specified by the IEC 61850 network profile) and MEA’s fiber
optic SDH WAN. File transfers shall be segmented and transferred with low priority to
prevent contention with higher-priority transfers.
3. Synchronize File Presence between the Local Repository and Server IEDs
As the System Configuration clause describes, IED ‘Server Views’ and Proxy ‘Server
Views’ shall be identical. In particular, this means they both contain the same set of
Logical Devices. This is an important issue, because it affects how files are stored and
managed, as described below:
When an authorized system client uses the SetFile service to send a file to the CCU, the
File Agent shall ensure that files associated with Server Views are written in two places:
(1) the associated IED and (2) the CCU(s). In both cases, the targeted location is
provided by the file name reference, which always begins with a Logical Device name. If
the downloaded file has the same name as an existing file, the File Agent shall replace
the existing file with the new one in both places.
Similarly, if an authorized system client applies the FileDelete service to a file associated
with a Server View, the File Agent shall ensure the file is deleted from two places: (1) the
associated IED and (2) the CCU(s). As before, the targeted location is provided by the file
name reference, which always begins with a Logical Device name. See Figure 5.
Files associated with Proxy ‘Client Views’ are similarly written or deleted, but only in the
CCU(s).
If an authorized system client uses the GetFile service to fetch a file, no collateral action
is required. If the file is associated with a Server View, the File Agent shall use the CCU
source.
4. Transfer Only One File at a Time
The File Agent shall enforce the rule that only one file can be transferred at a time.
5. File Transfer Blocking Option
The File Agent shall allow the SCADA/EMS system to block file transfers altogether in
periods of high stress, using an SBO-controlled File Transfer Mode Switch (FTMS).

- 46 -
 Page7-SA-47
PM5-0403-WBX
6. FileLog Maintenance
The File Agent shall create and maintain a chronological FileLog. A new FileLog entry
shall be made when each file transfer has been completed. The recorded information
shall include the date and time, all file attributes, where it was transferred from and to,
and what party (or client) authorized the transfer.

LD root

LD_A Logical Device A

LNs Logical Nodes

FileDir1 names-of-files
IEC 61850 ‘File References’

Allan LD_A/FileDir1/Allan

Boris LD_A/FileDir1/Boris

Charles LD_A/FileDir1/Charles

LD_B Logical Device B

LNs Logical Nodes

Domain B1

FileDir2 names-of-files

IEC 61850 ‘File References’

Derek LD_B/FileDir2/Derek

Ernest LD_B/FileDir2/Ernest

Figure 5: Every IEC 61850-Compatible File is Associated with a Logical Device

- 47 -
 Page7-SA-48
PM5-0403-WBX

3.2.4 File Transfer Initiators

Only the following clients shall be authorized to initiate the file transfer services shown in Table 1:
1. Any Operator Interface [MMI] client at the station (assuming the operator has
authorization to perform file management).
2. A File Management Client at a remote location (assuming the operator has authorization
to perform file management).

3.3 DATA ACQUISITION

The CCU is responsible for collecting the data that populates the Local Repository. In general, this
includes all data that is being subscribed by client applications (e.g. SCADA EMS, Operator
Interface [MMI] units, and automation programs, as well as any other classes of data that MEA
wants to see included. Most of the data is expected to be spontaneously sent to the CCU via IEC
61850 reporting services. Reports are set up for each system client via IEC 61850’s SCL
configuration tools. The CCU needs to poll for any remaining data.
The principal sources of data in the systems covered by this specification are BUCs, Protection
Relays, the CCU itself (from automation programs, which are generally realized with
programmable logic), the Operator Interface [MMI] units, which may change settings for devices,
applications, and system processes, and their future presence shall be anticipated in these
systems to the extent possible.
In many ways, the real-time data acquisition and control responsibilities of these systems are
similar to those of traditional RTU systems: Status and SOE inputs, measurement inputs, counter
inputs, and control outputs. But in forward-looking ways, there are tremendous differences. The
IEC 61850 communications standard provides tremendous flexibility and information support that
places such systems in a different league. Data naming, structural relationships among data within
hierarchical information models, text fields for self-description, consistent but flexible operational
configurability, data management tools, browsing, and SCL configuration tools for IEDs and the
system are all far beyond traditional practice. All these affect what information must be stored in
the Local Repository and the communication services that must access and manage that
information. Data acquisition of real-time data represents only a part of the information flows that
will circulate through the Repository.

3.4 DATA PROCESSING

3.4.1 Data Quality

Every data value, whether a field value, calculated value, or pseudo-value, has an associated data
quality, as defined by the IEC 61850 Common Data Classes. The data quality attribute has a
number of constituent bits. When none are asserted, the data quality attribute is considered to be
normal, meaning no special considerations need to be made when processing its associated data
value. When any of the quality bits is asserted, it can mean various things, such as the data is bad,
the data is a test value, the source of the data is operator-blocked, and so on. In general, it’s up to
each application that uses the data to decide what course of action to take regarding asserted
quality bits. In any case, data quality needs to accompany data values in the Local Repository and
in individual IEDs, meaning that data quality always needs to always accompany a data value.
Depending on circumstances, what starts out as a good data value with normal data quality may
be adversely affected as it travels the system. System applications need to know this information
and IEC 61850 has provided a standardized means to track it. The IEC 61850 data quality
definitions shall be invoked wherever possible. If a serial data communication port hands off its

- 48 -
 Page7-SA-49
PM5-0403-WBX
data for conversion, the data quality conversion to IEC 61850 shall follow, in the best way it can be
mapped. The same goes for data derived from a legacy source. If no data quality is available for a
value, look for criteria to assess it and fold those criteria into the IEC 61850 data quality scheme.

3.4.2 Event Processing

This specification considers an event to be any monitored, time-tagged occurrence that represents
a change in system state. Such events may result from status changes, control commands,
changes to operational parameters, use of substitution services, or file transfers and deletions.
This expanded view of event data is a consequence of the IEC 61850 standard’s communication
capabilities. SOE data, as defined for a certain subset of system events, retains its original
meaning.
1. Event Sources
The following represent the types of events that may occur in a system. Each event type
is followed by a list of the IEC 61850 Common Data Classes (CDCs) that may be used
with that type.
Changes in status for protection relay funtions, auxiliary breaker contacts, and
contacts of other primary and secondary sources; changes in computed status;
changes in integer status; changes in controllable status: CDCs SPS, DPS, ACT,
ACD, SEC, or BCR.
Changes in integer status: CDC INS.
Changes in status associated with controllable status information: CDCs SPC, DPC,
INC, BSC, or ISC.
Movement of measurement values from one user-defined operating region to
another: CDCs MV, CMV, WYE, DEL, or SEQ.
2. Use of IEC 61850 Range Limits for Measurements
The IEC 61850 range limits for measurement values shall be applied as follows:
‘Normal’ Operating Region: The ‘high’ and ‘low’ limits shall be used to define this
region. Values for power system variables are expected to fall within this region.
‘Warning’ Operating Region: The ‘high-high’ and ‘low-low’ limits shall be used to
define this region. Values in this region indicate that some kind of operational
correction is required.
‘Emergency’ Operating Region: The ‘min’ and ‘max’ limits shall be used to define
this region. Values in this region indicate exceptional conditions requiring immediate
attention.
Out-of-Range: ‘Min’ and ‘max’ represent the boundaries for measurements within
process limits. Data outside these limits is questionable and may indicate equipment
failure. Accordingly, data quality shall be marked ‘questionable’ and ‘out-of-range’.
When an analog data value transitions into an out-of-range region, the last
reasonable value shall be retained in the Repository. It shall not be updated again
until the value leaves the out-of-range region.
3. Processing
All events shall be time-tagged at the time of occurrence, as detected/determined by
the monitoring/processing source (e.g. BUC or other IED)

- 49 -
 Page7-SA-50
PM5-0403-WBX
Time-tagging resolution shall be a maximum of 1 ms, relative to the internal clock of
the monitoring/processing source.
Event records can be cleared at the source once successfully reported. Reports use
confirmed services, which ensure that the server is notified whether each transfer is
successful. Pending events at a server shall not be lost.
Contact inputs: Changes in signal state shall be time-tagged at the time of
transition, although such changes must be validated before they can be accepted,
processed, and reported.
Validation shall be achieved by applying digital filtering to ensure changes persist
for at least a user-defined period of time before they are accepted as genuine.
IEDs shall be able to detect a quick sequence of multiple changes in status for the
same point and ensure that all those changes are reported. This assumes that
individual status transitions persist sufficiently long to qualify for validation.
These sequences of changes may arise, for example, from breaker TRIPs
alternating with RECLOSE operations.
Server IEDs shall support both buffered and unbuffered IEC 61850 event reporting.
It shall include integrity reporting, set at a user-defined interval. Buffered reports for
any server shall be capable of supporting 10 times the number of reportable entities;
this minimizes the chances of data loss if reporting capabilities are temporarily
disabled. Event buffer overflows shall be reported to the CCU.
The contractor shall recommend which optional and/or new attributes to support in
each CDC placed into service for the delivered systems.

3.4.3 Status Processing

Status processing is identical to event processing. If client applications don’t want the time-tag,
they can ignore it.

3.4.4 Measurement Processing

1. Power System Measurements
The following power system measurements shall be available in the Local Repository. If
they cannot be acquired from an IED server (e.g. BCU), the CCU shall derive them by
calculation, using a system utility or programmable logic application.
Phase-to-ground RMS voltages
Line-to-line RMS voltages
Phase RMS currents
Neutral RMS current
Power direction
kW, kVA, kVAr (per phase and total)
kWh, kVArh (input, export, net)
Power factor (per phase and total)
Minimum, maximum, and average RMS values for the following shall be acquired or
calculated over user-specified intervals, and saved in the Repository:

- 50 -
 Page7-SA-51
PM5-0403-WBX
Voltage
Current
Apparent power (VA)
Real power (W)
Reactive power (VAr)
2. Sources
Mainly CTs and PTs connected to and processed by BCUs (i.e. no DC transducers).
Measurement values are used in IEC 61850 CDCs MV, CMV, SAV, WYE, DEL,
SEQ, HMV, HWYE, and HDEL.
DC transducers (perhaps a few, if necessary)
3. Processing
Measurement values shall be reported when changes since the last report exceed a
user-defined deadband
Deadbands and operating regions shall be user-defined for each individual
measurement. Deadbands shall be specified in 1% steps. These capabilities are
supported by the IEC 61850 standard.
Measurement values shall be reported after device power up, after power recovery,
or when the device is returned to on-line status.
DC Analog Inputs: Analog input modules shall be regularly checked against a stable
reference voltage for linearity and DC-offset at zero volts. Encountered problems
shall be recorded in data quality, causing the data to be marked invalid, and this can
be returned to the SCADA/EMS control center and MMI workstations.

3.4.5 Control Command Processing

The CCU is responsible for coordinating the execution of all control commands initiated by system
clients. This shall ensure that the Local Repository and system logs are kept up to date for system
clients.
Only one control command at a time shall be executed. All attempted control operations, whether
successful or not, shall be entered into the CommandLog. IEC 61850 enables all control
operations to be tracked to the initiating party; this information shall be made part of each
CommandLog entry.
MEA requires that all control operations be completed with confirmation that the desired device
status has been achieved within a user-specified ‘completion period’. Control operations that fail to
complete within the assigned time period shall result in ‘Control Failed to Complete’ alarms.
Control failures shall not be automatically re-attempted. Jog controls shall be similarly alarmed if
they do not result in a user-defined amount of position change within their assigned ‘completion
period’.
The duration of operational contact closures is not controlled by IEC 61850 configuration tools.
This shall be independently configured for the station’s various control points. An MMI template
shall allow an operator to make user-defined assignments of contact closure time for applicable
control points. The duration shall be adjustable for individual points, ranging from 100 ms to 60 s in
steps of 100 ms. The template shall also allow the operator to change control time-out periods,
‘control completion periods’ (2 s to several minutes), and minimal jog-control travel within an
assigned ‘completion period’ (for applicable points).

- 51 -
 Page7-SA-52
PM5-0403-WBX
A supervisory control request shall be rejected if any of the following conditions exists for the
targeted control point:
1. The device is not subject to supervisory control of the type being attempted.
2. Another control operation is in progress.
3. The requested control operation is inhibited by a tag.
4. The point has failed or is otherwise out-of-service, or if an associated status point is
represented by manually substituted data.

3.4.5.1 Control Initiators

A control operation can be initiated by any of the following station and enterprise clients:
1. A SCADA/EMS control center, where commands are issued by dispatchers
2. An Operator interface [MMI] unit, where commands are issued by operators
3. Applications that are designed to use control operations to fulfill their operational
objectives. In these systems, they may be installed on the EMS/SCADA control center, an
Operator interface [MMI] unit, or on other IEDs. They typically evaluate process inputs
and perform calculations to determine when to issue control commands. When installed
in the station, they are likely to be implemented with programmable logic.

3.4.5.2 Types of Control Operations

The IEC 61850 control model enables a wide range of control modes, which cover virtually all
traditional utility control practices. These shall all be supported by the delivered systems. The
various types of control operations are summarized below. They are described in more detail than
other topics in this specification, because control usage is generally a sensitive topic and it is
desirable to make the various IEC 61850 control capabilities visible for application considerations.
Because of the breadth of control possibilities offered by IEC 61850, it would be less
straightforward to lay out the desired range of control functionality in traditional terms.

3.4.5.2.1 Control of Two-State Devices

These operations use a two-state control variable to switch devices to one of two possible states.
They are supported by the SPC (Controllable Single Point) CDC (Common Data Class). In all
cases, a control point must be selected before a command can be executed. Individual instances
of use can be configured to use either SBO or direct control mode, to operate once or possibly
many times per selection, and to operate with normal security or enhanced security. Enhanced-
security requires that a control operation be confirmed by a change in status for the controlled
device; normal-security does not … status is reported independently. If SBO control mode is used,
device selection is required before the control can be executed, and the selection status can be
validated by the CCU. These control operations permit a time-of-operation to be assigned
(optional), for applications where synchronization to a particular time is necessary. A configurable
SBO time-out period is provided. Provisions allow use of pulse trains and variable length pulses.
MEA’s typical usage of this kind of control will be applied to circuit breakers and certain other
switches that switch very quickly. They shall use Select-Before-Operate (SBO) control mode,
operate-once control mode, and enhanced-security mode (in support of monitoring ‘control
completion’).

- 52 -
 Page7-SA-53
PM5-0403-WBX
3.4.5.2.2 Control of Three-State Devices
These operations are identical to that of two-state devices, except they are typically applied to
slowly switching devices like motor-operated disconnect switches. The status of these devices may
be open, closed, or in-transition, which requires three possible states. These operations are
supported by the DPC (Controllable Double Point) CDC. A two-bit binary status is provided, with
the fourth state interpreted as invalid.

3.4.5.2.3 Control of Integer-State Devices

These operations are very similar to that of two-state devices, except they allow a very large
number of control states (as many as can be expressed with a 32-bit integer). For application
convenience, a step-size can be configured that defines the step between successive control
values. Issuing a control value of zero resets the controlled device.
Pulse capabilities are not applicable. Otherwise, the same control modes and comments apply.
These operations are supported by the INC (Controllable Integer Status) CDC.

3.4.5.2.4 Incremental Device Control (Jog Control)

These operations are used for applications requiring incremental step control, as with LTC control.
The three control states are ‘higher’, ‘lower’, and ‘stop’. A maximum of 128 positions can be
accommodated. A step-size can be configured that defines the step between successive control
values. The status for these control points shows the current position and can also show when the
state is in-transition (i.e. between positions). An option allows this command to be ‘persistent’ until
deactivated. This feature may be intended for devices that need a persistent value to be applied
while the device mechanism responds.
Pulse capabilities are not applicable. Otherwise, the same control modes and comments discussed
for two-state devices apply. These operations are supported by the BSC (Binary-Controlled Step
Position Information) CDC.

3.4.5.2.5 Integer-Controlled Step Position Devices

These operations are for device applications requiring variably-sized steps. Unlike incremental
device control, new control positions are achieved through a single command that immediately
switches the device from the old position to the new. A step-size can be configured that defines the
step between successive control values. The status for these control points shows the current
position and can also show when the state is in-transition (i.e. between positions).
Pulse capabilities are not applicable. Otherwise, the same control modes and comments discussed
for two-state devices apply. These operations are supported by the ISC (Integer-Controlled Step
Position Information) CDC.

3.4.5.2.6 Set-Point Control

A set-point control operation provides an analog value to the controlled device. In general, the
device uses the analog value as a target value for some process-related control variable. For
example, a substation application providing voltage control would interpret the set-point as the
target voltage to be maintained. The application may use OLTCs and capacitor banks to regulate
the voltage to the desired set-point.

3.4.6 Calculations
Calculations shall be supported as necessary to derive values that are not directly acquired by the
secondary system. Calculations may be required in BCU, CCU, and MMI units as part of their core
or programmable logic responsibilities. In all cases, the data types for calculated variables shall be

- 53 -
 Page7-SA-54
PM5-0403-WBX
consistent with the data types used in the IEC 61850 information models for the same or similarly
defined data. If the calculated variable is available for use by subscribing clients, it shall be
maintained in the Local Repository in a structural location that is consistent with IEC 61850’s
established information models. Its value shall be updated at a rate that supports the application
requirements that depend on it.

3.5 PROGRAMMABLE LOGIC APPLICATIONS

The SA systems shall perform enhanced automation functions, including the following:
1. Heartbeat function for IED health and on-line status monitoring
2. Maintenance of TRIP Counters for breakers
3. Rate-of-change calculations and alarming for selected analog input variables
4. Breaker operating time checks
5. Substation-wide, automated control sequences: CTO, LTO, BTO, load shedding / Load
Restoration, and Voltage Selection
6. Station-wide interlocking
7. Protection applications (Breaker Failure Protection)
8. Voltage Selection (VS)
9. Automatic Transformer Restoration (ATR)
The contractor shall be responsible for the creation, design, implementation, configuration,
installation, testing, and documentation of logical control sequences for the above tasks for each
station’s ultimate configuration. The contractor shall consult with MEA regarding the various design
and planning issues and submit the finalized plans for MEA’s approval. All Programmable Logic
Control (PLC) software and source code shall be included in the deliverables, so that MEA can use
them for future modifications. These applications shall be verified during the Factory Acceptance
Tests (FAT), using an I/O simulation panel provided by the contractor.
The closing of circuit breakers shall be supervised by appropriate interlocking. For example, a
circuit breaker shall only be closed if its two disconnect switches are already closed and the ground
switch is in the ungrounded position. Abnormal conditions such as ‘low air’ or ‘low gas lockout’ in
the breaker, etc, shall inhibit the control operation. These procedures represent standard station
practice, and MEA expects them to be incorporated into applications without explicit direction.
Other situations involve other interlocks or permissive signaling, and practice may differ among
utilities. Where MEA’s operational practice is unclear, the contractor shall submit the issues for
written clarification. Generally speaking, applications shall monitor their operations and avoid
situations that can damage equipment, pose safety hazards, or lead to unsatisfactory results.
Applications shall be configured to subscribe the input data they need from the Local Repository. If
station or enterprise clients need the results generated by the application, then those data also
need to reside in the Repository.

3.5.1 Heartbeat Function

All IEDs shall support the heartbeat function. Each IED broadcasts a GOOSE message over its
Substation LAN every 10 seconds to indicate that it is healthy, on-line, and performing its
responsibilities without any significant impairment. If that isn’t true, it doesn’t broadcast the
message. Every IED in the system monitors these heartbeat functions to determine whether any of
its peers has a problem or is off-line. An IED is deemed by its peers to be off-line or malfunctioning
if a GOOSE message is not received from it within an interval of 25 seconds. If an IED is

- 54 -
 Page7-SA-55
PM5-0403-WBX
dependent on a non-operational peer, it may use a contingent peer to complete its responsibilities,
if that contingency has been provided in its programmable logic or through other means.
In particular, the Operator Interface [MMI] units shall monitor heartbeat messages to determine
which IEDs are operational and which are not. This information shall be displayed, logged, and
reported to the SCADA/EMS system.
Heartbeat messages from the various IEDs shall be offset in time by some mechanism that
prevents all system heartbeat messages from being issued simultaneously.

3.5.2 TRIP Counters for Circuit Breakers

This application shall run in the CCU and be responsible for maintaining the values of TRIP
Counters, one for each circuit breaker in the station. Each TRIP Counter keeps track of the number
of times its associated breaker trips. It doesn’t matter whether the breaker is tripped by command,
by protection logic, or by other means; the TRIP Counter shall be incremented by +1 for each trip
occurrence. The TRIP Counters will principally be used to keep track of breaker usage for
maintenance purposes. They may also be used to understand operational patterns over a long
period of time.
The TRIP Counters eventually roll over. By default, the roll-over value is the decimal equivalent of
a 32-bit value. However, it shall be possible to configure the roll-over value on a point-by-point
basis. It shall also be possible to pre-set TRIP Counters, so that the counts can be synchronized
with prior records or external equipment.
The implementation of this application shall support the inclusion of each TRIP Counter in the
Local Repository, accompanied by a configuration parameter for the roll-over value. One approach
would be to create a new LN called STRC (Sensor Group: TRIP Counter), containing an INC CDC
to represent the TRIP Counter. This would provide all the tools needed to manage the counter per
the discussion above. The INC CDC supports data type INT32 for the controllable integer status,
allowing it to be operated as a 32-bit counter. The application itself would need to subscribe to
breaker status events for the breakers to be monitored, preferably from the Repository. The
application would normally respond to each trip event by incrementing the appropriate TRIP
Counter. Once in a great while, it would reset the counter if the roll-over value was attained. The
application should perform the incrementing or resetting via a direct control operation, with the
ctlClass configured for ‘operate-once and ctlModel configured for ‘direct-with-normal-security’.

3.5.3 Rate of Change (ROC) Limit Checking

This application shall run in the CCU and be applied to selected analog input variables that are
acquired from IEDs and maintained in the Local Repository. For these variables, the application
shall divide the change in value for successive value reports by the difference in time-tags. Filtering
shall be applied so that single scan excursions do not cause an alarm. The calculated rate-of-
change shall be compared against a limit, and shall create an alarm if the rate-of-change exceeds
that limit.
To support the implementation of this capability, analog input values shall be reported using IEC
61850 report services, ensuring that their reported values are time-tagged. Care needs to be taken
that deadbands for the analog input values are set sufficiently small to support effective
calculations by the CCU. The calculated ROC variables shall be modeled as instances of either the
MV (Measured Value) or CMV (Complex Measured Value) CDC (Common Data Class), as
appropriate. The MMXU (Measurement) LN (Logical Node) can be extended to include the desired
ROC variables as ‘optional’ components. This is the way the ROC variables would be represented
and stored in the Local Repository. Once the range limits are configured for the individual ROC MV
or CMV instances, IEC 61850 change-of-range events will occur naturally and can be processed
as alarms by an Operator Interface [MMI] unit or the SCADA/EMS system.

- 55 -
 Page7-SA-56
PM5-0403-WBX
3.5.4 Breaker Operating Time Checks
This application shall run in the CCU and be applied to all circuit breakers at the station. The
objective is to determine how long it takes each breaker to TRIP, from the time that the tripping
mechanism starts to work to the time that the tripping action is complete. The results are used to
direct breaker maintenance, and they need to be stored in the Local Repository for each breaker.
Breaker operating times can be calculated by monitoring ‘a’ and ‘b’ auxiliary contacts on the
breaker. The interval begins at the instant when both ‘a’ and ‘b’ contacts are open; the interval
ends the instant the ‘b’ contact is closes (with the ‘a’ contact remaining open).
‘Breaker Operating Time’ measurements shall be included in the Local Repository, associated with
other data related to the circuit breaker (e.g. the TRIP Counter).

3.5.5 Feeder Fault and Breaker Lockout Recognition

Feeder protection relays shall provide starting signal that indicates a downstream fault has been
detected, tripping the feeder breaker. A second signal shall indicate a breaker lockout condition if
re-closing has not been successful, indicating that the fault may still persist.
For all distribution breakers, a programmable logic application in the CCU or BCU shall detect
starting signal, delay for a user-defined period, and then (1) check the status of the second signal
or (2) check the status of the breaker. If the second signal indicates lockout or if the breaker is
OPEN, breaker lockout shall be inferred. If the second signal indicates no lockout or if the breaker
is CLOSED, a transient fault and successful re-closing shall be inferred.
In the case of a transient fault with successful re-closing, the operator shall reset the relay target
that indicated a downstream fault, and the resulting status change shall consequently reset the
programmable logic application for that breaker. In the case of lockout, the operator shall reset
both relay targets (i.e. downstream fault and lockout, if the lockout target exists) when the fault has
been cleared. Again in this case, resetting the downstream fault target shall consequently reset the
programmable logic application for that breaker.

3.5.6 Automated Control Sequences

The following automated control sequences are currently used at selected stations within MEA’s
power delivery system, these applications shall all run in the Bay Control Units and Protection
IEDs.

3.5.6.1 Line Throw-over Scheme (LTO)

Under certain operating conditions, MEA will operate its HV line circuit breakers in a “PREFERRED
LINE” mode, with only one of an incoming pair of circuit breakers energized, the bus coupler/bus
section closed, and the other line in standby mode. Refer to Figure 6A.
If the preferred line voltage is lost, and the standby line remain healthy, the LTO logic shall open
the preferred line circuit breaker and check whether the line circuit breaker of the preferred line is
open. If it is open, the LTO logic shall implement a switchover to the standby line after a user
definable time delay of 0.2 seconds (total dead time). Time delay shall be able to adjustable in
range of 0 to 10 seconds.
The LTO functions shall be blocked if the preferred line breaker is tripped by over-current, breaker
failure, or bus differential protection, In addition, if both lines voltage is lost the LTO logic shall not
operate.
When the preferred line voltage returns to normal, the LTO shall switch back to this line after a
user definable time delay of 60 seconds. Time delay shall be able to adjustable in range of 0 to 180
seconds.

- 56 -
 Page7-SA-57
PM5-0403-WBX
It must be possible to enable or to inhibit the LTO application, and to select the preferred line, from
the Operator Workstation, and (subject to Station Level interlocking) from the SCADA/EMS control
center.
3-phase voltage relays (U<) for lines voltage supervision shall be provided built-in both Distance
protections and line BCUs.
The LTO shall be controlled “AUTO” and “MANUAL” by BCU internal S-R Flip-Flop which can be
operated by a manual switch on the panel and through the SA control command.
One lamps, LED, marked “OFF” shall be fixed on the panel near the double throw switch to
indicate the status of LTO function. Preferred Line key switch shall be provided.
LTO functions for 3 incoming lines much more complex than LTO functions, the Contractor shall
consult MEA for detail description before implementation.

3.5.6.2 Bus Throw-over Scheme (BTO)

Under normal operating conditions, each of the station transformers will be operated individually,
with the bus section of the MV distribution board open and each transformer supplying up to 7 or 8
feeders. Refer to Figure 6A.
If a transformer supply is lost and the adjacent transformer remains healthy, the BTO logic shall
open the incoming MV circuit breaker and check whether the incoming MV circuit breaker is open.
If it is open, the BTO logic shall close the bus section circuit breaker after a user definable time
delay 5.0 seconds (total dead time). In addition, the time delay shall be able to adjustable in range
of 0 to 10 seconds.
The BTO functions shall be blocked if the incoming circuit breaker is tripped by over-current,
breaker failure, or bus differential protection. In addition, if both of transformers supply is lost the
BTO logic shall not operate.
When the lost transformer supply has been restored the BTO logic shall automatically close the
incoming MV circuit breaker and then open the bus section circuit breaker to restore normal
operation without interrupting power supply. The restoration delay shall be a user definable time
delay of 60 seconds. Time delay shall be able to adjustable in range of 0 to 180 seconds.
In case of there are two or three adjacent bus section, it shall be possible to implement the BTO
functions. The BTO1 shall be used to switchover between Transformer No.1 and Transformer
No.2. and BTO2 shall be used to switchover between Transformer No.2 and Transformer No.3.
The operating sequence for both BTO1 and BTO2 functions more complex than BTO functions,
the Contractor shall consult MEA for detail description before implementation.
It must be possible to enable or to inhibit the BTO application from the substation MMI, and
(subject to Station Level interlocking) from the SCADA/EMS control center.
3-phase voltage relays (U<) for transformer voltage supervision shall be provided built-in incoming
feeder BCUs or separated UV/OV protection units.
Some substations have only single phase VT. (24/12kV line VT), the separate unit single phase
undervoltage relay shall be provided.
The BTO shall be controlled “AUTO” and “MANUAL” by BCU internal S-R Flip-Flop which can be
operated by a manual switch on the panel and through the SA control command.
One lamps, LED, marked “OFF” shall be fixed on the panel near the double throw switch to
indicate the status of BTO function.

3.5.6.3 Bus Coupler Throw-over Scheme (CTO)

Under certain operating conditions, MEA will operate two HV line circuit breakers simultaneously,
However each busbar is energized by one HV line. So the bus coupler is open. Refer to Figure 6B.
If the line voltage is lost and the other line remain healthy, the CTO logic shall open the line circuit
breaker (line voltage is lost) and check whether the line circuit breaker is open. If it is open, the

- 57 -
 Page7-SA-58
PM5-0403-WBX
CTO logic shall close the bus coupler to receive electric power from the healthy line after a user
definable time delay of 0.2 seconds (total dead time). Time delay shall be able to adjustable in
range of 0 to 10 seconds.
The CTO functions shall be blocked if the any line breaker is tripped by over-current, breaker fail or
bus differential protection. In addition, if both lines voltage is lost the CTO logic shall not operate.
When the unhealthy line voltage returns to normal, the CTO shall switch back to this line and open
the bus coupler after a user definable time delay of 60 seconds. Time delay shall be able to
adjustable in range of 0 to 180 seconds.
It must be possible to enable or to inhibit the CTO application from the substation MMI, and
(subject to Station Level interlocking) from the SCADA/EMS control center.
3-phase voltage relays (U<) for lines voltage supervision shall be provided built-in both Distance
protections and line BCUs.
The CTO shall be controlled “AUTO” and “MANUAL” by BCU internal S-R Flip-Flop which can be
operated by a manual switch on the panel and through the SA control command.
One lamps, LED, marked “OFF” shall be fixed on the panel near the double throw switch to
indicate the status of CTO function.

- 58 -
 Page7-SA-59
PM5-0403-WBX

HV HV

Incoming
HV
Line Bays

LTO LTO

Motor-Operated
Bus Switch

M
Transformer HV
Bays Busbar

Red zones are normally closed

Green zones are normally open

BTO
MV MV
… …

Distribution Busbar & Feeders

(12kV or 24kV)

Figure 6A: Line Throw-over (LTO) & Bus Throw-over (BTO) /

Normal Operational Configuration
(There are other variations with this same basic theme)

- 59 -
 Page7-SA-60
PM5-0403-WBX

HV HV

Incoming
HV

M
M
Line Bays

M
M
Motor-Operated
Switch

HV Busbar
M

BUS A
M

M
M
M M

CTO

M M M M M
M

BUS B
HV Busbar
Bus Coupler
Transformer Bay
Bays
M
M

Red zones are normally closed

Green zones are normally open

Bus Breaker

MV MV

… …

Distribution Busbar & Feeders

(12kV or 24kV)

Figure 6B: The Bus-Coupler Throw-over (CTO) / Normal Operational Configuration

(There are other variations with this same basic theme)

3.5.6.4 Load Shed and Restoration

The SA shall provide an accurate frequency measurement for the voltage on each of the MV bus
sections. The under-frequency load shedding application shall provide for up to five (5) stages of
load shedding, at user definable pre-set frequencies, with minimum increments of 0.03 Hz over an
operating range of 50 to 47 Hz, and with user-definable pre-set time delays within a range from 0
sec through 120 sec, with increments of 0.1 sec in range from 0 sec through 1 sec, and with
increments of 1 sec in range from 1 sec through 120 sec.
An under-voltage function for blocking load shedding application shall provide for up to five (5)
stages of load shedding at user definable pre-set voltages, with minimum increments of 1% over
an operating range within 50% through 95% of nominal voltage, and with user-definable time delay
from 0 sec through 60 sec in 0.1 sec increments.
Feeder trip-groups and trip-points shall be user definable to ensure maximum flexibility of the
application. Each of the outgoing feeders shall be assignable to trip at any of the five (5) pre-set
under-frequency levels.

- 60 -
 Page7-SA-61
PM5-0403-WBX
The load shedding application shall block any auto-reclosing functions. The under-frequency
application shall be enabled or disabled from the Operator Interface [MMI]or (subject to Station
Level interlocks) from the SCADA/EMS control center.
The under-frequency load shedding application shall be guaranteed to run at user definable
voltage limits between +10% to –40% of rated voltage, and shall be blocked if the voltage is less
than a user-definable level.
Load restoration of a trip-group shall be manually initiated from the Operator Interface [MMI] , or
(subject to Station Level interlocks) from the SCADA/EMS control center. Restoration of any trip–
group shall be by single command and the programmable logic applications shall automatically
sequence closing of the feeders so as to avoid troublesome load initiation surges.
Load restoration application shall switch an auto-reclosing function in ON position after feeders
circuit breaker have been closed. Auto-reclosing function shall be switched ON only feeders were
tripped by load shedding function).
A second alternative for the load shedding and restoration scheme using the dry contact from the
under frequency/under-voltage relays at the substation. Provision for a selection of each alternative
and the reset of the under-frequency/under-voltage tripping relay from the Operator Interface [MMI]
shall be provided. In addition, automatic PT voltage selection function for frequency-voltage
measurement shall be provided to switchover to the other PT in case of the main MV busbar PT
supply is lost.

3.5.6.5 Voltage Selection (VS)

Busbar voltage simulation which displays simulated bus voltage according to the bus selector
switch and input voltage for HV Transformers BCUs is available from the line voltage transformer
at the incoming lines. Voltage selection scheme (VS) shall be provided for voltage circuit switching
to the appropriate line voltage transformer.
Suitable low voltage circuit breaker shall be supplied.

3.5.7 Protection Applications (Breaker failure protection, 50BF)

Breaker failure protection (50BF) shall be provided. The phase currents of the feeders shall be
monitored for each phase.

The overall reset function of the 50BF system shall not be slower than 25 ms. It shall be sensitive to
detect from 0.2 to 2.0 times the rated feeder current, adjustable in steps of less or equal to 0.2 times
of this current and being able to be operated continuously at 1.2 times the rated current.

The 50BF relay has to be provided for each individual CB. It shall be initiated by all other protection
devices tripping commands. The starting and tripping provided from a protection to be infeed from
the same DC auxiliary circuit. Starting from protection relays with single pole tripping shall be
transferred segregated per phase.

All lock-out functions provided by the CBs i.e. SF6 underpressure, N2 and oil monitoring shall be
incorporated to the BFR tripping logic. In case one of these lock-out functions is activated the trip
signal to the remote CB shall be sent or performed without delay.

External signal inputs provided for non-current sensing elements e.g. Buchholz performed via binary
inputs shall be incorporated in a tripping logic with an auxiliary contact of the CB.

A software matrix shall allow to use the 50BF in different tripping configurations, send signals and
combination with several timers.

Trip cut out switches shall be provided as required. All such switches shall provide with suitable
nameplate stating the device number and function.

- 61 -
 Page7-SA-62
PM5-0403-WBX
One lamps, LED, marked “OFF” shall be fixed on the panel near the double throw switch to
indicate the status of breaker failure protection.

3.6 HISTORICAL DATA

An application shall be provided for periodically saving real-time data in records that can be later
retrieved to support station troubleshooting and planning. This application shall run on the Operator
Interface [MMI] platform in Terminal Stations and substations.
The capabilities and procedures associated with this application shall be reasonably simple to use
and intuitive, requiring only a small amount of training (i.e. a half-hour). The capabilities that shall
be provided include the following.
1. Acquired Historical Points
A historical point is defined as a set of periodically recorded data values for a specific
variable. The operator shall be able to select (or deselect) variables (one at a time) from a
template containing candidates supported by the station’s Local Repository.
For each historical point, the operator shall be able to select a periodic rate. The following
rates shall be available: 1, 5, 15, 30, or 60 minutes (synchronized to the hour); daily,
weekly, monthly (at the end of each period).
Each historical point shall take the name of the variable used. For each historical point,
the operator shall be able to enable or suspend operation (i.e. data collection and
recording) or delete the historical point completely.
At any time, the operator shall be able to display this template to view his selections for
existing historical points and to make any changes. An ‘Enter’ button shall be used to
signal that changes or additions are ready to be processed by the system.
2. Calculated Historical Points
The operator shall be able to specify a formula for calculating a historical point. This shall
work the same way as before, except that the formula may reference one or more
candidate variables from the same template used for acquired historical points. Formula-
creation shall be supported by an unambiguous syntax for arithmetic operators, a list of
useful functions (e.g. square root; trig functions, etc), and precedence. Calculated
historical points need to have a name assigned.
3. Retrieval of Historical Point Records
The operator shall be able to enter a report mode, wherein he can set up an Excel
spreadsheet for presenting the recorded data he wants. He shall be able to specify
several conditions concurrently, such as the following:
Start date and end date
Historical point names (or wildcard)
Values exceeding x, less than x, or equal to x
If the application is unsuccessful in finding requested data, it shall respond with an
appropriate message, providing the operator with information that is helpful.
Aside from the data loaded into the spreadsheet from historical points, the operator shall
be able to enter supporting text and other content as he would in any Excel spreadsheet.
All spreadsheet functions shall be available to total columns of figures, and so on.

- 62 -
 Page7-SA-63
PM5-0403-WBX
The operator shall be able to print the report or to temporarily display fields of data
graphically (e.g. a trend graph, displayed against a time-marked axis). The amount of
data in a report shall only be limited by available data and the size of an Excel worksheet.
4. Predefined Historical Points
The contractor shall provide the following historical points, already set up in the delivered
systems:
Hourly snapshots of all status, analog, and counter values.
Daytime maximum values of all analog and counter readings collected during the
time interval 06:00 to 17:00, along with the date and time of the maximum reading.
Nighttime maximum values of all analog and counter readings collected during the
time interval 18:00 to 05:00, along with the date and time of the maximum reading.
MEA shall be able to alter these predefined points (e.g. changing the time intervals;
adding more historical points, or deleting historical points.
5. Archives
All historical data shall be saved and available on-line for the present month plus the prior
three months. Older data shall be archived on an end-of-the-month basis. Archives shall
be stored on disk and retrievable on a read-only basis for queries.

3.7 OPERATOR INTERFACE [MMI] FUNCTIONS

3.7.1 General Requirements

The details of the proposed MMI shall be included in the bidder’s proposal. The detailed design of
all user interfaces, including navigation trees and menu bars; the format and contents of dialog
menus; the colors of display features such as menu bars, window borders, display background;
and operational procedures shall be subject to MEA's approval. The following MEA preferences
shall be incorporated.

3.7.1.1 Windows Usage

Windows shall be provided to allow the partitioning of the monitor so that several displays and
information from several programs can be viewed simultaneously.
At any time, there shall be one and only one active window at the MMI. The active window shall be
the focus of all user interactions such as display call-up, navigation through displays, program
execution, and dialog interactions. A window shall become active by clicking within its boundary.
In general, all windows shall have the same basic structure, and include the following:
1. Window Border
2. Title Bar
3. Maximize. Minimize, Restore and Close buttons
4. Scroll Bars, when the display spans beyond the window. The magnitude and position of
the slider of the scroll bar shall represent the size of portion of the display that is currently
being shown relative to the full size of the display and the position of the shown portion
within the display.
5. Mode/Case Identification: The operational mode of the function running in the window
shall be very distinctly shown.
6. A Toolbar from which pull down menus can be called.

- 63 -
 Page7-SA-64
PM5-0403-WBX
7. Application Area: The main area of the window, from the SA system functions and
applications are operated.
It shall be possible to change the size of windows by dragging edges, and to drag the
complete window to any position on the screen.

3.7.1.2 User Interface Features

1. Date and Time
The date and time shall be shown on the MMI monitor. Date shall be presented in the
format DD /MM/YYYY. Time shall be presented in the format HH:MM:SS with a resolution
of one (1) second and shall be updated once per second.
2. Pushbuttons (Soft Keys) and Function Keys
In the context of this specification, the term push-button (or simply button) refers
exclusively to icons on a display from which functions can be initiated or displays can be
called by clicking them.
3. Function Keys
The term function key (or simply key) refers to a physical key on the keyboard. The
following frequently used functions shall be assigned function keys: SILENCE, ACK, DEL.
They shall be labeled as such. Others may be proposed.
4. Keyboard Functions
MEA shall be able to assign and reassign combinations of keys of the MMI's keyboard
(e.g. Control-Alt-P) for the activation of specific functions and calling up of frequently used
displays. The changing of these assignments shall be allowed only from the MMI in the
Programmer Mode. The following keyboard selectable functions shall be included in the
delivered SA systems.
SILENCE: Silence the audible alarm.
CANCEL: Has the same effect as a "CANCEL" button shown in a currently
displayed menu.
DISPLAY: Call up a display by entering its mnemonic. See Sub-Clause !
ก .
ALARM SUMMARY: Display the Alarm Summary.
HELP: Show a menu of topics related to the active display from which further
information or instructions can be selected.

3.7.1.3 Toolbars
Toolbars with pull-down menus shall provide fast navigation to functions and displays. It shall be
possible to navigate to functions and displays by clicking the toolbars and entries on their pull-
down menus. The layout of toolbars and the rest of the navigation schemes shall be developed in
consultation with MEA and shall be subject to MEA’s approval. Provisions are required for
programmers to edit the toolbars and the navigation trees, and to construct new ones, through an
interactive procedure and without programming.
1. A main toolbar shall appear near the top of each display. The main toolbar and pull-down
menus initiated from it shall provide fast navigation to frequently used SA system
functions and displays, and to functions that have to be quickly accessible for handling
emergencies.

- 64 -
 Page7-SA-65
PM5-0403-WBX
2. One or more application toolbars shall be provided for application displays to facilitate
navigation to functions and displays that belong to the application itself or are used in
conjunction with it. Each application’s toolbar shall provide fast and convenient access to
HELP information associated with the specific application.

3.7.1.4 Dialog Boxes

Dialog Boxes shall be displayed when it is necessary to present the user with further information,
or to allow the user to choose among several alternatives, or to enter data. Alternatives, which are
not currently valid, shall be displayed in lower intensity and shall be inactive. A dialog box shall be
placed close to the object from which it was initiated, but shall not to cover it, and it shall be
possible for the user to drag a dialog box to any part of the window. Dialog Boxes shall be able to
include static textual information, pushbuttons, data entry fields, pushbuttons and check boxes as
appropriate.
It shall be possible for the user to cancel a dialog at any time by selecting a CANCEL push-button
in the dialog box or using an assigned keyboard function.

3.7.1.5 Information Boxes

Information Boxes shall be used to annunciate occurrences that require user attention, such as
failures to successfully complete a supervisory control request, receipt of a message from a
substation, or errors reported by other applications. Messages that are displayed in response to
substation operator actions, such as notification of failure of supervisory control, shall be displayed
in an information box that pops up on the screen from which the request was issued. Other
messages, such as an error message from an application, shall be posted on the MMI monitor in
order to report the problem to the substation operator.
Information Boxes shall remain on the screen until they are closed by a user, and shall not be
overlaid by other windows.
Multiple information boxes shall be able to be present at the same time, and users shall be able to
drag information boxes to other parts of the screen.

3.7.1.6 HELP Function

The SA system shall include a “HELP” function of sufficient scope to instruct users on normal
operation of the SA system and each of its applications without having to resort to a printed user’s
manual. The HELP function shall include both text and drawings.
The SA system shall include tools that enable MEA programmers to edit and add "HELP" text and
screens.

3.7.1.7 Display Capabilities (General)

1. Fonts
Both fixed size fonts and vector fonts that change with zooming shall be available.
2. Data Display
Any attribute of any data contained in the SA system Repository, whether the point is
telemetered, calculated, or produced by an application, shall be available for presentation
at any screen location of the display.

- 65 -
 Page7-SA-66
PM5-0403-WBX
No artificial restrictions as to the placement of data or the format of its presentation shall
limit the way in which displays can be defined. It shall be possible to access every
attribute of any point or object in any database of the SA system in order to dynamically
control its appearance in displays. The presence, appearance and location of quality
indicators, tags, alarm inhibit indications, and any other indications or display features
that depend on point attributes shall be defined via the Display Editor during display
creation/modification.
3. Graphical Display Capabilities
The capability to include bar charts, x-y plots and pie charts shall be available.

3.7.2 Operator Functions

In this sub-clause, the following required operator functions are specified:
1. Display call-up
2. Supervisory control
3. Device tagging
4. Placing data and command points ‘out-of-service’ or ‘in-service’
5. Display hard copy
6. User log-on
Other operator functions are specified elsewhere in the context of the required applications.
Messages shall be displayed to advise the user of the disposition of his request after each action.
Appropriate dialog menus or pushbuttons shall automatically be displayed to guide the substation
operator through operating procedures. Error messages shall explicitly identify the encountered
problem or reason for which a user request was rejected.
Operational requests shall be validated and accepted (or rejected, if not authorized) according to
the user’s log-on. Requests shall also be rejected if parameters or other data entered by the user
are not valid or are unreasonable. An acceptable, alternative approach is to not make functions
available to users who are not authorized to perform them. The user shall be notified of the
rejection of requests through an information box with a message that states the reason for
rejection.
Several operator functions, such as Supervisory Control and Out-of-Service/In-Service
Commands, require a point to be selected. Point selection shall automatically be canceled when
the last step of an activity concerning a point is completed. Point selection shall also be canceled
for multi-step procedures if the time between two consecutive steps of the procedure exceeds a
pre-defined, system-wide selection-timeout period. The selection timeout period shall be adjustable
by programmers in the range of 10 - 120 seconds.

3.7.2.1 Display Call-Up

It shall be possible to call up a display using any of the following methods:
1. By clicking a pushbutton in a directory display. These displays shall be organized in a
hierarchical order.
2. By clicking on an entry in a pull-down menu selected from a toolbar.
3. By clicking on a pushbutton that may be included in any display for the purpose of calling
up a related display.

- 66 -
 Page7-SA-67
PM5-0403-WBX
4. Using function keys or keyboard functions (defined earlier) that may be designated for the
selection of frequently-called displays.
5. By entering a short display mnemonic in a location reserved for this purpose on the
screen.
6. It shall be possible to call an Alarm Summary display by clicking a data point on any
substation display where it appears.
If there is an entry for the selected point in an Alarm Summary, that portion of the
summary which includes the entry, shall be shown. The point’s alarm entry shall be
highlighted by scrolling the Alarm Summary down to where the entry appears at the top of
the display.
If no such entries appear in the Alarm Summary, a message confirming that fact shall be
presented to the user.
Methods shall be provided to call displays within the active window or within a new window.

3.7.2.2 Supervisory Control Procedures

This Sub-Clause specifies the substation operator procedures for supervisory control; functional
requirements for supervisory control are specified under the Functional Requirements heading.
The station operator shall be able to control two-state devices such as breakers and switches,
three-state devices such as motor-operated switches, and multi-state (RAISE/LOWER) devices
such as tap changers.
If the user does not perform the next step of a control procedure (or other point-oriented
procedure) within the selection time-out period, the point's selection shall automatically be
canceled. A system-wide, user-defined time-out period shall be used with a default value of 30s.
Rejection of a control request shall occur at the procedure step at which it is detected and, in any
event, before the request is sent to the CCU. The user shall be notified of the rejection and of its
reason.
1. Control of the State of Devices
Supervisory Control of two-state devices and three-state devices such as breakers and
switches shall involve the following consecutive actions:
The substation operator shall select the device for control by clicking the dynamic
presentation of a control point.
When the device is selected, the device symbol shall flash and a pop-up menu with
the device name and available operations shall be displayed. Operations that are
not applicable or currently available shall be dim and inactive. This menu shall not
obscure the selected device.
The station operator shall select a control operation (TRIP, CLOSE, etc). Users
shall be permitted to control devices into any state, including the current state of the
device.
A message shall be placed in the pop-up menu identifying the device and the
selected control operation. The pushbuttons EXECUTE and CANCEL shall be
placed in the window.
The station operator shall initiate the control action by selecting the EXECUTE
function.
Successful completion of the control request shall be recorded as an event. Failures
to complete shall be handled as specified under the ‘Control Command Processing’
heading.

- 67 -
 Page7-SA-68
PM5-0403-WBX
Control requests shall be canceled and the selection of the point shall be terminated
when the user cancels a request, does not perform the next step of the control
procedure within the selection time-out period, or the request is rejected.
2. Incremental (RAISE/LOWER) Control
Supervisory control of RAISE/LOWER control devices shall involve the same set of
consecutive actions as specified above for device state control, with the following
exceptions:
Only RAISE and LOWER control operations may be selected.
The command shall be issued as soon as RAISE or LOWER is selected, without an
EXECUTE step. It shall be possible for substation operator to initiate control
repeatedly without reselection of the controlled point, provided that the execution of
the previous control command has successfully been completed.
A separate timeout period shall be provided for incremental control points. This
selection timeout period shall be user-defined within the range 10 - 120 seconds.
The timer shall reset and start counting again whenever a RAISE or LOWER
command is issued.

3.7.2.3 Device Tagging

A station operator shall be able to place a combination of up to ten (10) or more tags on any
controllable station equipment appearing on the one-line diagram. There are three (3) types of
tags, which are listed in the order of diminishing severity:
Clearance Tag (T)
All control commands shall be rejected for devices with a Clearance Tag.
Hot-Line Tag (H)
Only OPEN/TRIP commands shall be permitted for devices with Hot-Line Tags;
CLOSE commands shall be rejected.
Warning Tags (W)
These tags shall not impose any control restrictions on devices, but a comment box
with a standard warning message shall be displayed when they are selected for
control.
The tag symbol shown in parentheses shall be displayed for tagged devices. Provisions to define
and use graphic icons in lieu of these textual symbols shall be provided. For devices with several
tags, the symbol for the most severe type of tag that presently applies to the device shall be
shown.
A station operator shall be prompted to enter a comment of up to one (1) line that will be shown in
the tag summary entry. A station operator shall be able to edit the comment later. It shall be
possible to remove individual tags from the tag summary display and station displays. The placing
and removal of tags shall be recorded as events in the CommandLog.

3.7.2.4 Placing Data and Command Points ‘In-Service’ and ‘Out-of-Service’

The station operator shall be able to place individual data points, control points, and IED servers
out-of-service (i.e. deactivate them) or in-service (i.e. activate them). These actions remain in effect
indefinitely, although deactivation is typically used temporarily while there is a malfunction of some
type.

- 68 -
 Page7-SA-69
PM5-0403-WBX
Incoming data shall not be processed for a deactivated point. A deactivated point shall retain the
last value or state that was successfully retrieved before being deactivated, and shall be assigned
an appropriate IEC 61850 data quality code corresponding to DEACTIVATED. Upon reactivation,
the SA system shall resume processing of data reported for the point from the field. The data
quality of a reactivated point shall be set to FAILED (or an equivalent IEC 61850 data quality) until
up-to-date data is successfully received for it.
When an entire IED server is deactivated, the SA system shall stop processing any control
command for the IED and mark the IEC 61850 data quality for all points belonging to the IED as
DEACTIVATED (or equivalent). Supervisory control requests, issued by either the station operator
or applications, shall be rejected for deactivated control points of the IED; the reason for the
rejection shall be noted in a message displayed to the station operator or reported to the
requesting application. When the IED is reactivated, the associated quality codes shall be set to
FAILED (or an equivalent IEC 61850 data quality) until up-to-date data is received from the IED.
However, points that had been individually deactivated, either before or after the IED was
deactivated, shall remain in the DEACTIVATED state.

3.7.2.5 Using Substituted Values

Rather than deactivating a data point, the operator may choose to substitute a chosen value for the
process value at the IED server where the point is located. This capability relies on use of the IEC
61850 substitution services. While the point remains in service, the IED provides the substituted
value in lieu of the process value until the use of process values is reinstated. Using the IEC 61850
substitution services to move to use of substituted data for a point shall cause an entry to the
SubLog. Similarly, a return to the use of process values shall also cause an entry to the SubLog.
The data quality for the point indicates whether the source is process data or substituted data. This
information needs to be used by clients (e.g. SCADA/EMS or MMI) to annotate presented values
that are in fact substituted values.

3.7.2.6 Display Hard Copy

The MMI operator shall be able to request printing of copies of any display, if the station is
equipped with a printer. The station operator shall be able to choose either the active window or
the complete display screen for printing.

3.7.2.7 User Log-On

Users shall be required to log-on to gain access to the SA system. The log-on procedure shall
require entering an associated password. A list of authorized users shall be maintained, and a
default operation mode shall be assigned to each user. Upon log-on, the MMI shall be put into the
user’s default mode. In order to facilitate the transition between station working shifts, it shall not
be required for the current user to log-off before a new user logs on.
Logging on and off shall be recorded in the ChangeLog. When nobody is logged on to a MMI,
logging-on shall be the only function allowed at the MMI.

3.7.3 Modes of Operation

In order to control the scope of functions that users are authorized to operate; it shall be possible to
assign the MMI to modes of operation. The functions permitted for each mode shall be defined in a
table. MEA programmers shall be able to edit this table in order to change the authorizations of
existing modes and to define new modes.
Initial modes that shall be implemented by the contractor are tentatively defined below. Final
definition shall be developed in consultation with MEA during the implementation of the project.

- 69 -
 Page7-SA-70
PM5-0403-WBX
3.7.3.1 Operator Mode
The station operator is authorized to perform all the control and monitoring functions.

3.7.3.2 Supervisor Mode

In this mode, the user shall be able to perform all the functions permitted in the Operator Mode. In
addition, supervisors shall be able to manage the configuration of the SA system, change the
operating mode, change the assignments of user passwords, set system-wide operating
parameters, choose another set of limits, restart the system, request system warm restart, manage
communications interfaces, etc.
Any change to an operating parameter, whether it changes parameters in other IEDs or is stored
and used strictly by the MMI unit, shall result in an entry to the ChangeLog. In cases where the
change doesn’t result in changes to other IEDs, the MMI unit still has to effect the change through
the CCU, so that a ChangeLog entry is generated. This means that user-defined parameters, even
for the private use of MMI unit functionality, must be represented within the Local Repository.
In particular, any MMI unit that is restarted or placed on-line at the site shall need to pick up the
ChangeLog to determine the current values of operating parameters that have been changed from
the default values. It has already been stipulated elsewhere in this technical specification that any
MMI unit that is restarted or placed on-line shall gather and process all the system logs as part of
its start-up procedures.

3.7.3.3 Maintenance Mode

This mode shall provide access to the MMI database and display editors, including programmable
logic applications. Users shall be able to build, edit, integrate and test database and display
changes, including programmable logic applications, but shall not be permitted to perform any
power system operations.
This mode shall be used to modify or reconfigure IEDs or the system at large, using the IEC 61850
SCL tools.
All editing and reconfiguration tools shall use version control, inserting version numbers into
configuration files and archiving them in the preparation process.
This mode shall be used to upgrade software in IEDs via file downloads. Software files shall carry
version codes.
The contractor shall explain in his bid proposal how these capabilities will be implemented. To the
extent these responsibilities involve file services, they are likely the same ones used by the
Remote File Manager.

3.7.3.4 Programmer Mode

Programmers and software developers shall be able to perform software development, debugging,
integration, and configuration activities from the MMI. Programmers shall also be authorized to
perform all the maintenance mode functions.

3.7.4 Event and Alarm Processing

3.7.4.1 Events
The following occurrences shall be processed as events:
1. All changes of status points resulting from supervisory control commands.
(These shall result in StatusLog entries.)
2. Substation operator’s actions including, but not limited to, the following:

- 70 -
 Page7-SA-71
PM5-0403-WBX
Supervisory control.
(These shall result in CommandLog entries.)
Tagging and removal of tags.
(These shall result in CommandLog entries.)
MMI log-on or log-off.
(These shall result in ChangeLog entries.)
Changing of MMI modes.
(These shall result in ChangeLog entries.)
Alarm acknowledgement.
(These shall result in AlarmLog entries.)
Deactivation and activation of data and command points and of audible alarming.
(These shall result in ChangeLog entries.)
Manual substitution for process values.
(These shall result in SubLog entries.)
System warm restart.
(These shall result in ChangeLog entries.)
3. Events declared by application programs.
(These shall result in entries to the most appropriate system log, according to the defined
purpose of each system log.)
4. Other conditions that may be specifically called out in this specification

3.7.4.2 Definition of Alarms

Alarms are the result of interpreting system events and determining which events generally require
notification of the operator and further action. The following types of events shall be processed as
alarms:
1. Uncommanded changes of state of status points
2. Limit crossing by analog values from one defined operating region to another.
3. Failures of a device to respond to a supervisory control command
4. The passage of an SA system component (e.g. IED) to or from on-line status.
5. The power-up of an SA system component.
6. The detected failure of an SA system component (e.g. printer).
7. When a communications resource (e.g. SubLAN) experiences a high error rate (i.e.
beyond a defined threshold).
8. Reported loss of heartbeat or abnormal heartbeat for any SA system IED.
9. When an alarm is declared by an application program.
10. Other conditions specifically called out in this specification.
MEA shall be permitted to add, delete or redefine conditions for alarming at any time before the
entire contractor's design documents are approved.

- 71 -
 Page7-SA-72
PM5-0403-WBX
It shall be possible to assign points and specific alarm conditions to major and minor alarms.
Therefore, for instance, it shall be possible to define the excursion of a value of an analog value
outside the operational limits as a minor alarm and exceeding of emergency limits as a major
alarm.

3.7.4.3 Alarm Processing

1. Alarm Reporting
The following shall occur when an alarm is detected:
An audible tone shall sound.
The visual representation of the point in alarm (the status symbol, or the numerical
value) shall flash.
An entry shall be made in appropriate Alarm Summary displays.
An entry shall be made in the Alarm and Event (A&E) file.
2. Alarm Inhibition
The station operator shall be able to inhibit alarm processing for any point. When a point
is alarm-inhibited it shall be processed as usual, and analog points shall continue to be
shown in the color (or other characteristic) that corresponds to their limits range, however
no alarm conditions associated with the point shall be reported.
3. Alarm Tones
Different tones shall be used for major and minor alarms. If a minor, audible alarm is
already sounding when a major alarm is generated for the same point, the tone shall
change to that of a major alarm. The station operator shall be able to silence audible
alarms at their workstations. The station operator shall also be allowed to inhibit audible
alarming; however, a conspicuous indication shall be displayed as long as audible
alarming is inhibited.
4. Acknowledgment and Deletion of Alarms
The station operator shall be able to acknowledge alarms. On Alarm Summary displays, it
shall be possible to use the mouse or keyboard to select individual alarms or blocks of
alarms for acknowledgement and for deletion from the summary.
Deletion shall be permitted only for previously acknowledged alarms. When an alarm is
acknowledged, its visual representation shall no longer flash.

3.7.4.4 Recording of Alarms and Events

1. Alarm Summary
The alarm messages shall be shown in chronological order. The last page, with the
most recent alarms, shall appear when a summary is called. Scrolling shall provide
access to the complete summary.
Only one (1) alarm shall be shown for a point. An old message for a point shall be
deleted when a new alarm is generated for that point.
The time field shall flash for unacknowledged alarms.
2. AlarmLog

- 72 -
 Page7-SA-73
PM5-0403-WBX
An entry shall be made in an AlarmLog for each occurrence of an event that is defined as
an alarm, provided alarming for the item is not currently suppressed (e.g. alarm-inhibited).
The alarms shall be chronologically ordered. Unlike the Alarm Summary, the AlarmLog
shall have a time-tagged entry for every occurrence, rather than just the most recent
occurrence.
The AlarmLog is not to be considered as one of the system logs. It is private to an MMI
unit and only serves as an audit trail for the handling of Alarm Summary entries (e.g.
alarm entry, acknowledgement, and deletion). The AlarmLog shall be incrementally saved
in non-volatile or disk memory. It shall be archived monthly.
The AlarmLog, along with the system logs (i.e. StatusLog, CommandLog, ChangeLog,
SubLog, and FileLog) shall be part of the Historical Database (HIS), and entries shall be
kept on-line for the period specified for historical data.
3. Alarm and AlarmLog Entry Format
All entries in Alarm Summaries and the AlarmLog shall be a maximum one (1) monitor
line in length. Display and print versions shall be identical. No unduly cryptic
abbreviations shall be used in alarm and AlarmLog entries. The exact format of the alarm
and AlarmLog entries shall be subject to MEA’s approval.
Alarm and AlarmLog entries shall contain the following information, as applicable:
Class or Priority
Major alarm or minor alarm, indicated through color and a symbol.
Date and Time
Date and time of the detection of the condition, or of the user’s action. Date shall be
in the format DD /MM/ YYYY.
The User ID (for user-initiated events)
Location (e.g. substation ID or application)
Point name
Point descriptor
Statement of the nature of the alarm or event
For status changes: TRIPPED/CLOSED/TRIPPED or ‘Clearance Tag Placed’.
For analog value transitions between operating regions: The region entered, as well
as the analog value shall be stated.

3.7.5 CompositeLog Capability

As a result of an MMI unit’s start-up or return to on-line status, it shall construct a CompositeLog
for the station from the system logs it finds on the CCU. The system log entries shall be
chronologically interleaved to produce the CompositeLog.
CompositeLog entries from each system log (i.e. StatusLog, CommandLog, ChangeLog, SubLog,
FileLog) shall be enabled or disabled for display and printing by a user, through the use of a
supporting template. This action shall only affect display and printing for the user’s convenience; it
shall not change the content of the CompositeLog, which shall retain all entries. Printout of the
enabled portion of the CompositeLog shall be in landscape mode. Each sheet shall have the field
headings at the top. Two lines per entry are acceptable if the formatted arrangement is consistent,
clean, and easy to read. To the extent possible, the arrangement of fields for the CompositeLog
shall be compatible with the arrangement of fields for the Alarm Summary.

- 73 -
 Page7-SA-74
PM5-0403-WBX
The CompositeLog shall maintain entries for the prior 100 days, including the present one. At the
end of each calendar month (or at the first opportunity thereafter), all entries for the just-completed
month shall be saved in a separate ‘CompositeLog Archive’, regardless of whether event entries
have been acknowledged on the Alarm Summary display. CompositeLog Archives shall be saved
on the local disk and on all CCU(s). File names for these archives shall be labeled as follows:
CompLogArchive%’StationName’%’Year-Month’.log
(actual name) (actual year & month)

Operators shall be able to open and display LogArchives on a view-only basis. They may be
printed in the same format as the CompositeLog if a printer is available. CompositeLog archives
shall not be deletable at an Operator Interface [MMI] unit or CCU, but may be duplicated to
separate media (e.g. a portable disk) for backup or analysis at a different site (where deletion shall
be allowed).
The operator shall have the capability to enter a mode in which he can select and sort
CompositeLog entries for viewing and printout (if a printer is available), using various field-related
search keys. For example, he should be able to search for events related to a specific circuit
breaker, across a particular period of time. It shall be possible to apply several search criteria at
the same time.
The ‘annotation’ field shall provide quick-reference information for each line entry. More than one
annotation code may be used for the field entry (e.g. ‘m e’).
‘C’ for command
‘M’ for major status alarm
‘M/’ for transition out of major alarm
‘m’ for minor status alarm
‘m/’ for transition out of minor alarm
‘S’ for manual value substitution
‘S/’ for return to actual system values
‘F’ for file transfer
‘D’ for file deletion
‘P’ for a configuration parameter change
‘e’ for entry time (when date & time reflect Alarm Summary entry time, rather than a time-
stamp from the data source).

3.7.6 Browsing to Capture Repository Data Components

Browsing allows the operator to view the Local Repository in either the primary CCU or standby
CCU. More importantly, it allows the MMI’s system software to capture and store the structure and
data of Proxy Server Views and Proxy Client Views residing in the Local Repository.
In particular, the MMI shall capture all IEC 61850 object references that represent a terminal leaf.
These are object references that drill down through the information structure to the furthest
possible points (i.e. to a specific data attribute that has very specific meaning). The wonderful thing
about object references is that they not only represent a name for each piece of data, but they also
provide navigational directions for finding that piece of data in the Repository.
Object references that do not qualify include those that drill down only part way, and so represent a
cluster of lower level objects or data attributes. These assist in establishing the structure and

- 74 -
 Page7-SA-75
PM5-0403-WBX
navigation of these information models, but they do not otherwise have a bearing on the objectives
presented here.
This specification refers to these captured ‘terminal leaves’ as d-tags (short for ‘data tags’ to
prevent confusion with utility equipment tags). D-tags shall be used for several purposes. D-tags
(or whatever they are called by the contractor) shall be an MMI implementation mechanism for
identifying important pieces of station data, whether they represent real-time values, data quality
(which is really real-time data, too), operating parameters, configuration parameters, or descriptive
text. IEC 61850 simplifies life here, because object references include a field called a functional
constraint. The functional constraint classifies the object reference as to its purpose. Examples
include status (ST), control (CO), measurement value (MX), configuration (CF), description (DC),
substitution value (SV), and so on.
The MMI software shall sort these captured d-tags into several lists according to their functional
constraint. These lists shall be used in templates, allowing the maintenance engineer to assign
familiar (and shorter) names in lieu of their IEC 61850 object reference handles. These d-tag
names shall be used in displays and reports. These lists shall be used to coordinate and simplify
coordination of MMI activities with the content of the Local Repository. For example …
1. D-tags with Functional Constraint = CF
D-tags in this list shall be used to support MMI templates for modifying operational
parameters. Care is required. Some of these d-tags are closely tied to software or
hardware processes (e.g. sample rate), and the maintenance engineer would be ill-
advised to alter them. Others can be changed at his discretion. The contractor shall ‘gray
out’ any configuration parameters that should not be changed in this way.
Note that not all operational parameters are defined by the IEC 61850 information
models, as occasionally explained in other clauses of this specification. The contractor
shall include those outlying operational parameters in this list, if appropriate.
2. D-tags with Functional Constraint = MX
D-tags in this list shall be used to support the selection and positioning of real-time
measurement values for displays and reports, as part of the editing process. They can
also be referenced for defining historical data points, as defined under the Historical Data
clause.
3. D-tags with Functional Constraint = ST
D-tags in this list shall be used to support the selection and positioning of real-time status
values for displays and reports, as part of the editing process. They can also be
referenced for defining historical data points, as defined under the Historical Data clause.
4. D-tags with Functional Constraint = CO
D-tags in this list shall be used to support the selection and positioning of control points
for displays (e.g. the one-line diagram), as part of the editing process.
5. D-tags with Functional Constraint = SV
D-tags in this list shall be used to support an MMI template that allows an operator to
perform data value substitution. (Substitution services are supported by the IEC 61850
standard.) They can also be used, when a substituted value is being used for a process
value, for insertion into historical data records. This requires appropriate annotation of the
record to avoid confusion between process and substituted values.
6. D-tags with Functional Constraint = DC
D-tags in this list shall be used to support an MMI template that allows the operator to
change these descriptions.

- 75 -
 Page7-SA-76
PM5-0403-WBX
3.7.7 Displays
Displays to be included in the SA system are listed and described below. This is not an exhaustive
list and the contractor shall prepare all the displays necessary for the required functions in
consultation with MEA. Display generation tools shall be provided for MEA in order to integrate
displays created for future applications. Some screen displays specified in this specification.

3.7.7.1 Directories
These are hierarchically organized lists of displays from which displays can be selected for viewing
by clicking on items in the lists.

3.7.7.2 Station Displays

1. Station Status
A multi-page set of displays that show the overall status of the station, using both one-line
diagrams and a set of text-based displays.
One graphic-based display shall show the station’s one-line diagram.
One text-based display shall provide a high-level overview of the station’s operating
status, including key power system measurements.
Others displays shall show information associated with individual bays, both HV and
MV, in a manner that enables the operator to easily assess the station’s condition.
These shall show more comprehensive information than the overview display.
2. Station Tabular Displays
These shall be automatically created by the SA system. They shall list all the telemetered
status, analog, and counter data points associated with the substation. The regions
currently defined analog points shall be shown, and Supervisors shall be able to change
them from this display.

3.7.7.3 Point Profile Displays

These include an individual display for each data component within the Local Repository. They
shall show all the fields associated with the point, including current value, configuration
parameters, text descriptions, and any other attributes for the point. Supervisors shall be allowed to
change point attributes and limits (as permitted by IEC 61850 rules) from these displays.

3.7.7.4 Communications Status / Operational Status Display

This display shall show the communications status and operational status for all secondary system
devices (e.g. IEDs) and resources (e.g. SubLANs). This information shall be used for maintenance
of the secondary system.
Information shall include operational status (e.g. device health; in-service/out-of-service; on-
line/off-line), communications status, (OK/Failed), and communications statistics for both
Substation LANs and all devices connected to them.

3.7.7.5 Summary Displays

A set of summary displays, including those listed below, shall be provided to list alarms and events
as well as data points that are in an alarm or abnormal state, or have been placed in a special
condition by the substation operator.
1. Alarm Summary

- 76 -
 Page7-SA-77
PM5-0403-WBX
Each alarm entry shall contain the following fields:
Date and Time: Alarm entries shall be time-tagged with the date and time of
occurrence, as reported from the original source.
Alarm entries for status data without a reported time-tag shall be posted with the
time of entry into the summary; these time entries shall be annotated with the
symbol ‘e’, meaning ‘display entry time’.
Alarm Source: Device name, application name, or ‘system’.
Description of the Alarming Entity: Related to the IEC 61850 LD, LN, and CDC
attribute, but described in power system, equipment, or functional terms that are
familiar and useful to the operator. The operator shall be able to right-click
‘properties’ for this field to see the associated IEC 61850 ‘object reference’ (if
applicable).
State Description: A state description shall be assigned to each discrete status
value, where a particular interpretation is intended. Examples follow:
Open/Closed/In-Transition, On/Off, In/Out, Energized/De-energized, Lockout/Reset;
Warning region, Emergency Region, Out-of-Range. These shall correlate with CDC
assignments in the IEC 61850 standard, where applicable. The operator shall be
able to right-click ‘properties’ for a ‘State Description’ field entry to see the
associated CDC attribute name (if applicable).
The state description used with each discrete status value for each reportable entity
shall be user-defined, using a standardized, on-screen template in off-line mode.
State descriptions considered ‘normal’ shall also be user-defined.
Normal / Abnormal State: A ‘normal’ or ‘abnormal’ entry shall be made, according
to user-defined assignments. The operator shall be able to right-click ‘properties’ for
a ‘Normal / Abnormal State’ field entry to see the associated value (if applicable).
The appropriate IEC 61850 data type representation shall be used.
2. Abnormal Summary
This summary shall be a list of analog points that are outside of operational limits, and of
status points that are not in the state defined as “NORMAL” in the Local Repository.
3. Tagged Device Summary
This is a list of all devices that have been electronically tagged. Each entry shall show the
date and time that the tag was placed, the log-on ID of the substation operator placing the
tag, the substation and point name of the tagged device, the type of the tag, and a
operator-entered comment. Entries shall be deleted when tags are removed.
4. Substituted Values Summary
This display identifies the data points whose process value is currently being substituted
by an operator-supplied value. The substitute value being used shall be displayed for
each point.
5. Alarm Inhibited Summary
This is a list of points for which alarming has been inhibited by operators.
Operators shall be able to select entries from summaries for viewing or for printing, using
appropriate search keys for each type of summary.

- 77 -
 Page7-SA-78
PM5-0403-WBX
3.7.7.6 Log Displays
1. System Logs
StatusLog
CommandLog
ChangeLog
SubLog
FileLog.
2. CompositeLog
An operator shall be able to selectively enable which system logs are used for displaying
or printing CompositeLog entries. Entries from the enabled system logs shall be
chronologically interleaved, with the most recent entries at the bottom..
3. AlarmLog
This display is for viewing AlarmLog entries in chronological order, with the most recent
entries at the bottom.

3.7.7.7 Bulletin Board

A text display shall be included on which any user may make multi-line message entries. The
display will be used to convey information among users, and from one shift to another. The entries
on the Bulletin Board shall be ordered chronologically. When a user makes an entry, or updates an
entry, the system shall automatically enter the time, date, and the user’s ID. An entry made by a
user may be modified or deleted only by that user or by a Supervisor.

3.7.7.8 System Management Displays

These are displays for monitoring and controlling the SA system. They shall include:
1. System Configuration Control Display
2. MMI Assignments Display, for the management of MMI modes
3. Display for monitoring and controlling the SubLANs

3.7.8 Control Capabilities

1. Primary Controls
These shall provide control capabilities for the primary system equipment (e.g. circuit
breakers, disconnects, earthing switches, power transformer LTCs, recloser
enable/disable) through the station’s one-line diagram, using select-before-operate
control procedures.
2. Device Tagging
This control capability shall allow controllable devices to be tagged, so that control is by
SCADA/EMS, an Operator Interface [MMI], or any other system or enterprise client is
inhibited.
This electronic tagging shall be coordinated with use of physical tags on manual control
boards and panels. The Tagged Device Summary shall show the system devices that are
currently tagged. Tagged devices must be clearly indicated on the one-line station
diagram.
- 78 -
 Page7-SA-79
PM5-0403-WBX
3. Recloser Mode Selection
This control shall allow recloser modes to be selected according to the prevailing situation
(e.g. normal, storm, high wind). It shall be supported by a display of the current mode
setting.
4. Relay ‘Settings Group’ Mode Selection
This control shall allow a particular protection relay group setting to be activated, when
multiple group settings are available. It shall be supported by display of the currently
active setting.
5. Primary CCU Selection
This control shall allow the operator to designate which CCU is managing the station, if
two are provided. If there is only one CCU, this capability shall be disabled. If enabled,
the primary CCU shall be identified in the Station Status Display.
6. Value Substitution
This control capability allows the operator to set substitute values for malfunctioning data
points. IEC 61850 substitution services and object references shall be used to carry this
out.
7. CCU Restart
This control allows a warm restart or cold restart to be initiated for either the Primary CCU
or Standby CCU..
8. Operator Interface Restart
This control allows the operator to restart the Operator Interface.

3.7.9 Other Capabilities

1. Historical Data Reports
This capability is only provided at Terminal Stations. It allows historical data reports to be
viewed and printed, as allowed by the tools and facilities provided by the Historical Data
application.
2. IEC 61850 Configuration Control
The Operator Interface [MMI] unit shall be able to use the SCL tools (described under the
System Configuration heading) off-line to prepare system and IED configuration files.
Subsequently, it shall be have the capability to download these files to IEDs.
3. Off-line Editing
Although the Operator Interface shall be delivered with a set of displays already intact,
MEA personnel shall be provided with tools and procedures for editing the information to
be presented on each display, as well as the screen layouts. These tools shall use IEC
61850 object references to identify data. System reports shall likewise be accommodated.
The editing tools and capabilities shall allow MEA personnel to modify displays and
related data on another off-line PC platform. The editing tools and capabilities shall apply
to both text-based displays and one-line diagrams. They shall include use of graphical
elements, dynamic behavior (e.g. flashing, color), displayed data, static text, and screen
layout. The editing tools and capabilities shall allow MEA to modify and/or create the
dynamic and static icons used to represent primary and secondary system components.

- 79 -
 Page7-SA-80
PM5-0403-WBX
The editing tools and capabilities shall allow MEA to designate whether alarms are major
or minor, to determine the normal states for all status data (as appropriate), and to
identify the electrical equipment contact associated with each status input (e.g. ‘b’,
normally closed contact).
The resulting files from all these editing activities shall be backed up on portable media
and/or the CCU(s), as a hedge against loss.

3.8 REMOTE FILE MANAGER

The Remote File Manager shall comprise software and any ancillary hardware running on a
desktop or notebook PC. It shall provide the capability to remotely manage and perform file
operations with a target SA system. These operations shall include file downloads (e.g. software,
applications, configuration, data), uploads (e.g. configuration, data), file deletions, and file
attributes. In other words, it shall support all file services described under the File Management
heading.
As these operations are to be performed from a remote location, care shall be taken to provide
security measures. These capabilities shall require administrative passwords and be
complemented by audit trail records to identify the person, platform, time, and file action for each
remote operation. Note that the latter may be fulfilled through the FileLog records produced by the
CCU at the station site. The contractor shall ensure that these capabilities work together in the
intended manner.

3.9 EQUIPMENT POWER SUPPLY

A stand-alone power unit (DC/DC converter or DC/AC inverter) shall be provided for computer
systems, peripheral devices, the fiber-optic modem, and GPS receiver. MEA’s preference is that all
other equipment (including IEDs) incorporate their own power conversion and protection circuits,
so that they can be directly connected to station battery.

3.9.1 Power Circuits within other Equipment

Power circuits within another piece of equipment are assumed to be specific to and dedicated to
that piece of equipment. If the power circuits lack adequate monitoring and protection for abnormal
conditions, it will reflect badly on the performance and acceptance of the whole device.
Equipment incorporating its own power circuits shall provide input fusing and an ON/OFF switch.
As the equipment is to operate in a substation environment, the power circuits shall comply with
the specifications in IEC 60870-2-1 and IEEE C37.1-1994.

3.9.2 Stand-Alone Power Units

Stand-alone power units frequently provide power to a number of independent loads. Since the
design of the power units and the design of those system loads are independent, precautions are
taken in these specifications to ensure that a proper power distribution environment is maintained.
Station battery power wiring shall be routed to stand-alone power units through an input power
panel. The panel shall provide fusing, voltage monitoring points, and an ON/OFF power switch.
The design, location, and connection of fuse carriers and bases shall facilitate convenient fuse
replacement.

- 80 -
 Page7-SA-81
PM5-0403-WBX
All power conversion circuits shall provide overvoltage protection against normal-mode transients
at their supply inputs and provide common-mode voltage standoff capability suitable for the
substation environment. Power unit outputs shall be isolated from earth ground and short-circuit
proof. In general, any load condition (including short-circuit) that exceeds the unit’s capability to
deliver quality power shall cause the power unit to temporarily shut down. After a reasonable delay
(two seconds, for example), the unit shall start up again, testing the load conditions. This cycle
shall repeat indefinitely until the power unit can support the load. The important thing is that the
unit be capable of automatically handling abnormal load conditions and recovering normal
operation without human intervention.
Overvoltage and undervoltage protection at the power unit outputs shall be included to protect load
circuits. Normal power unit operation shall not be disrupted by brief load transients, which may
occur when individual system loads are added or removed. LEDs shall be used to indicate that the
unit has is working properly and that input and output voltages are within the proper ranges.
DC/DC converters shall incorporate reverse polarity protection at the inputs to protect against
connection errors. Station battery shall not be earth grounded.
Power supply busbars in cabinets shall be carefully routed and each busbar shall be shrouded. It
shall not be possible to inadvertently short busbars, either between themselves or to earth.
Below the cut-off levels for distribution voltages, equipment (being powered) shall shut down in an
orderly manner without generating spurious alarms, generating wild fluctuations in analog
readings, or causing unintended control operations.
The stated power unit ratings and reliable operation shall be maintained over the full system
temperature operating range and over the entire input supply (i.e. station battery) voltage range.
The contractor shall state the power requirements and dissipation rates for each modular sub-rack
and fully populated rack in the detailed design documents.
The power unit shall comprise two units and transfer switch. The DC input and AC output shall be
isolated from each other (two batteries). The AC. output neutral point shall be solidly earthed. The
power units shall be arranged with a main bypass supply, an electronic transfer switch and
maintenance bypass circuit.
The transfer switch shall be rated to match the output of the power unit. The transfer time shall not
exceed 1 ms. The transfer shall normally be synchronous, but the transfer switch shall be capable
of a synchronous operation. Transfer from the main bypass circuit to a power units shall only be
initiated manually.

3.9.3 Wetting Voltage

The 125 Vdc station battery voltage shall be used to wet dry contacts for status and counter inputs.
As part of installation requirements, the contractor shall be responsible for any required
modifications to existing circuits that already carry the 125 Vdc wetting voltage.

- 81 -
 Page7-SA-82
PM5-0403-WBX

4 SYSTEM DESIGN CONSTRAINTS AND TESTING

4.1 GENERAL REQUIREMENTS

The SA systems shall be manufactured to the highest possible quality to achieve a minimum of ten
(10) years useful operating life.
The SA systems shall reflect state-of-the-art, mainstream engineering for continuous-duty service
in the substation environment, shall be built of all new material of the best industrial grade with
proven reliability, and shall be designed to provide reliable service subject to reasonable
maintenance and replacement of consumable parts.
The components of the SA systems shall be unused, free from defect or irregularity, and reflect
good engineering judgment with respect to strength, durability, electrical characteristics,
insusceptibility to failure, and suitability for the intended service. Materials that may promote the
growth of fungus or be susceptible to corrosion shall not be used.
The components of the SA system shall be of current production from industry recognized
component manufacturers. The manufacturing process shall be ISO 9001 certified. A copy of the
current Certificate of Accreditation shall be included in the bidder’s proposal. In the absence of
such certification, bidders shall be capable of demonstrating that the proposed Quality Assurance
Program meets or exceeds these standards or is otherwise acceptable to MEA. Bidders shall also
submit a detailed description of the proposed Quality Assurance Program in the bidder’s proposal.
All hardware and software/firmware of the microprocessor-based components shall be free from
defects, new and unused.

4.1.1 System Design and Engineering

Unless explicitly excluded in this specification, the contractor shall perform all work and supply all
items and materials for achieving completion of the work. This shall include all work, items, and
materials, whether they were explicitly specified or not, provided they can be reasonably inferred
from this specification as being required for achieving completion of the work, just as if they were
expressly specified.
The contractor shall be responsible for any discrepancies, errors or omissions in this specification,
drawings, and other technical documents that it has prepared, whether such specification,
drawings and other documents have been approved by MEA or not, provided that such
discrepancies, errors or omissions are not because of inaccurate information furnished in writing to
the contractor by MEA.
The contractor shall be entitled to disclaim responsibility for any design, data, drawing,
specification, or other document, or any modification thereof provided by MEA, by giving a notice of
such disclaimer to MEA.
The contractor shall execute the basic and detailed design and the engineering work in compliance
with all requirements specified in this specification, or where not so specified, in accordance with
good engineering practice, the emphasis being on reliability and maintainability.
System design shall emphasize use of ‘normal operation’ indicators and self-monitoring / self-
diagnosis routines that are able to report operational status to the Local Repository for eventual
use by the Operator Interface [MMI] unit.

4.1.2 System Reliability and Availability

Since a Substation LAN is shared for all information-related processes, any failure or disruption
that significantly impairs network communications has the potential for bringing down a critical
portion of the whole system. It is very important to anticipate the situations that may cause this to

- 82 -
 Page7-SA-83
PM5-0403-WBX
happen and to mitigate the overall risk to an acceptable level. Risks can be expressed in terms of
probabilities, and those probabilities can be combined mathematically to calculate an estimate of
annual system downtime. Those calculations depend on the system configuration,
interdependencies of system components, and how well the individual components are designed.
Realistically, low failure rates are heavily dependent on consideration of environmental and
electrical susceptibility factors in equipment selection and design, good engineering judgment and
practice, competent and trained O&M personnel, proper attention to system problems, and
avoidance of electrical components that require manual adjustment or repositioning during
configuration or maintenance (e.g. electronic connectors, jumpers, and switches). The contractor
shall keep these and related factors in mind when responding to this specification with a proposed
design.
The contractor shall submit his rationale, reliability data, and availability calculations in support of
his proposal. The contractor may use any widely recognized reliability tool or method that he
believes helps construct his case, but how these are applied must be documented for MEA’s
review. MEA will expect cogent, credible, and persuasive evidence for the selected approach.
Proven track records will carry greater weight than purely theoretical calculations, although track
records need to be substantiated through a number of customer references for like systems
(including contact information for persons who can provide authentic testimony). Cherry-picking of
several customer references is strongly discouraged; a greater number or references will dispel
this concern. Documents supporting the contractor’s reliability/availability claims shall be submitted
to MEA within 30 days of the bid opening date. MEA has a strong preference for a system
approach that does not require routine maintenance. The IEC 60870-4 standard shall be used as a
guide for addressing these issues.
MEA requires the following guaranteed reliability criteria:
1. Annual availability of the system shall be 99.95% or better on average (IEC 60870-4,
Table 2 – Class A3). This requires that system downtime be less than 262 minutes per
year.
2. MTTR: Trained maintenance personnel shall not require more than six (6) hours to
restore the SA system to normal service (IEC 60870-4 Table 3 – Class M4).
The above figures shall exclude administration time and traveling time. Recommended test
equipment and replaceable spares are assumed to be locally available to sites needing their use,
although these assumed resources must consequently be included in the proposal.

4.1.2.1 Critical Functions

Critical functions are defined as the system functions that need to remain available when a single
point of failure occurs in the system. Failures that affect critical functions are subject to the
guaranteed reliability criteria. They include the following:
1. Any failure that brings down the entire system.
2. Any failure that causes loss of core station functionality, including:
Local station control (i.e. MMI functions)
Historical data processing (at Terminal Stations)
SCADA/EMS support
Enterprise communications
Station LAN communications
Operation of or access to the Repository

- 83 -
 Page7-SA-84
PM5-0403-WBX
Programmable logic application processing or supervision
Proper operation of the system logs
System configuration control or diagnostics
Field data acquisition and processing
Time synchronization
3. Any other failure that interrupts system capability beyond that solely attributable to the
failed resource.
For example, loss of a single BCU may be excluded if it only results in the loss of data for which it
is directly responsible. Loss of all data acquisition, however, comprehensively disables
SCADA/EMS support, requiring that failure be subject to the guaranteed reliability criteria.

4.1.2.2 Non-Critical Functions

Non-critical functions are defined as system functions that do not need to remain available when a
single point of failure occurs in the system. Failures of non-critical functions are not subject to the
guaranteed reliability criteria. Non-critical functions include the following:
1. Database generation and modification (an off-line function)
2. Display generation and modification (an off-line function)
3. ‘Programmable logic application’ generation and modification (an off-line function)
4. Backup of real-time data
5. Archiving
6. Access to on-line documentation
7. Printing functions

4.1.3 System Security

Because of the critical nature of the SA system’s operation and its networked relationship with
other systems, security is of major concern to MEA. System components and integration
methodology shall provide robust security features to prevent unauthorized users from reading or
writing data or files, executing programs, or performing operations for which they do not have
appropriate privileges.
The SA system software shall have no special undocumented user sign-on procedure, such as
might be used by the programming staff of the contractor or the supplier of the operating system
while the software is being developed.
The software system shall be free of viruses when delivered, and shall contain the most recent
version of virus detection software.
The contractor shall recommend security capabilities that provide reasonable protection for a
reasonable cost, so as to significantly reduce the risk of damage, loss of information, unauthorized
use, or impairment of use or control of the station facility.

- 84 -
 Page7-SA-85
PM5-0403-WBX

4.1.4 System Sizing

Table 2: SA SYSTEM SIZING

Description Ultimate System
1. Local Repository Sizing
Analog Points The Local Repository sizing
Status Points shall be met with the
requirement for the calculated
Counter Points point counts using the
Control points (2 & 3 state) substation’s ultimate
configuration given in
Calculated Analog Points APPENDIX C and point counts
Set Point Control for typical stations given in
APPENDIX D plus
requirements specified
elsewhere in this specification

2. Historical Data
Number of values stored once per hour for a All values in the Local
period of 3 months, plus the current month. Repository
Number of values stored twice per day for a All analogs and counters in the
period of 120 days (peak daytime values and Local Repository
peak nighttime values)

3. Summaries
Alarm file entries 1,000
A&E file entries 2,000
Abnormal summary entries 500
Alarming inhibited summary entries 500
Tag summary entries (maximum number of 500
equipment tags)

** Note: The IEC 61850 information models include a considerable number of additional data
components to support the real-time data components identified above. Local
Repository sizing requirements for these additional data components are not
included here and shall be determined by the contractor.

- 85 -
 Page7-SA-86
PM5-0403-WBX
4.1.4.1 Initially Delivered Systems
Upon delivery, each SA system’s technical infrastructure shall be sized to meet the substation’s
ultimate configuration, as specified in Appendix C. By ‘technical infrastructure’ this specification
means the wiring, cabling, connections, enclosures, IED mounting positions, Ethernet switch ports,
Repository memory sizing, etc shall all be planned and ready to accept new equipment boxes for
the system expansion expected in the future. No new technical infrastructure or engineering shall
be required to expand from the initially installed system to the ultimate, planned system
configuration. The I/O point counts can be anticipated from the information in Appendix D.
Programmable logic applications and other requirements shall be interpreted from descriptions
elsewhere in this specification.
All screen displays and other items related to the non-existent or spare bays shall be included in
the design of the SA system, as if it already existed, but shown on the screen in a distinctive
manner to indicate that it is ‘future’ in nature.

1. Reserved Capacities
At least fifty percent (50%) of installed RAM in the CCU, bay, and MMI processors shall
be provided as spare memory. The system shall be able to meet all functional and
performance requirements with the spare capacity blocked off or physically removed.
At least eighty percent (80%) of each installed disk’s capacity shall be uncommitted and
reserved for future use.
During all performance and functional tests of the Factory Acceptance Test (FAT), the
spare RAM and disk capacities shall be blocked off, removed, disabled, or loaded with
dummy information, to prevent their use by the supplied software.

2. Utilization Requirements
Over any five (5) minute period (including end-of-hour, end-of-day and end-of-month), the
utilization of SA system components during the system activities defined for system
performance testing shall not exceed the following limits:
The total loading of a CCU processor shall not exceed thirty percent (30%)
The total loading of a bay processor shall not exceed thirty percent (30%)
The total loading of an Operator Interface [MMI] processor shall not exceed fifty
percent (50%).
No disk associated with the CCU shall be busy with data transfers more than twenty
percent (20%) of the time.
No more than 8% of SubLAN bandwidth shall be in use at any time.
(Ethernet contention becomes a problem when bandwidth exceeds 20%.)
The SA system shall be provided with hardware and software measuring tools to enable
precise measurement or calculation of utilization for all system components.

- 86 -
 Page7-SA-87
PM5-0403-WBX
4.1.4.2 Expansion and Upgrading
In order to accommodate system expansion beyond the ultimate size, MEA requires that the
system incorporate hardware and software capabilities that support operational and quality of
supply applications that are expected to emerge in the future. This concept requires that the
system be design in a manner that progressively allows older equipment to be replaced with new
equipment, so that system performance, maintainability, and reliability can be improved. This
specification refers to this as a planned migration strategy. In his bid, the contractor shall lay out
his vision for a credible migration strategy, supported by the system implementation that he
proposes.
The contractor shall indicate in his bid which portions of these technical specifications will be met
by existing products, which portions will require additional development, and when the various
pieces of additional development will be available. The contractor shall describe how the various
pieces are to be integrated to produce the desired system capabilities.
The system shall be designed to facilitate the future addition of station bay equipment, as follows:
1. The system hardware and software modules shall be scaleable, configurable, standard
types, employed in similar projects elsewhere. For future modifications or expansions,
this system structure shall be easily extendible through the addition of new components
of same or similar type. For new components, having the same functionality as the
original system, additional programming shall not be required; only the configuration shall
be adapted.
2. With appropriate training by the contractor, MEA personnel shall be able to make all
database and system changes to support system growth, using tools and procedures
supplied with the installed system and without regeneration of system software.
Bidders shall also identify how the supplied system can be modified to accommodate the following
system capability options:
1. Communications with each of two SCADA/EMS control centers, using independent
communication channels and separate sets of system configuration parameters, over the
existing SDH network using DNP3 protocol.
2. Autonomous supervisory control and automation of a remote distribution plant outside the
substation fence. For such applications up to thirty (30) typical items of an outside
distribution plant (e.g. primary and secondary system devices, such as load-break
switches, reclosers, voltage regulators, etc) would be connected via satellite IEDs
connected via fiber-optic cables to the SA system. Either IEC 61850 or DNP3
communications might be used, depending on technical and cost factors.

4.1.5 Reference Standards

4.1.5.1 Standards Groups

Except as specified elsewhere in this specification, the SA systems shall be designed,
manufactured, integrated, installed, configured, and tested in conformity with the latest revision of
applicable standards governed by the groups listed below:
ANSI American National Standards Institute
ASCII American Standard Code for Information Interchanges
ASTM American Society for Testing and Materials
CCITT Consultive Committee International Telegraph and Telephone
CISPR International Special Committee on Radio Interference
- 87 -
 Page7-SA-88
PM5-0403-WBX
EIA Electronic Industries Association
EN European Standard
FCC Federal Communication Commission
IEEE Institute of Electrical and Electronics Engineers
IEC International Electrotechnical Commission
ISO International Organization for Standardization
NEC National Electrical Code
NEMA National Electrical Manufacturers Association
RAL Deutsches Institut für Gütesicherung und Kennzeichnung e.V.
In case of conflict between the requirements of any of these authorities, the conflict shall be
referred to MEA for resolution. In the event of contradictory requirements between such standards
and this specification, the terms of this specification shall govern. Any relevant issues not
specifically covered by these standards shall be submitted with options and recommendations for
MEA’s approval.
Any significant deviations from these standards shall be clearly communicated within proposals
under the heading “Deviations from MEA'S Specification”.
Proposals may be submitted that are based on other national standards having similar
characteristics and providing equal performance and/or quality to those specified. In this case,
complete English language copies of the standards shall be submitted with the proposal;
otherwise, such offers may be rejected without further consideration.

4.1.5.2 Specific Relevant Standards

The following are specific standards with special relevance to this technical specification.
Conformance with their content shall receive especially close scrutiny. The contractor shall ensure
that the delivered systems comply with the requirements of these standards, as conditioned by the
specific requirements of this technical specification.
1. IEC 60870: Telecontrol Equipment and Systems. The following parts of this standard are
relevant to this technical specification. They refer to numerous IEC base standards used
to conduct type-testing.
IEC 60870-2-1-1995: Telecontrol Equipment and Systems – Part 2-1: Operating
Conditions – Section 1: Power Supply and Electromagnetic Compatibility
IEC 60870-2-2-1996: Telecontrol Equipment and Systems – Part 2-2: Operating
Conditions – Section 2: Environmental Conditions (Climatic, Mechanical, and other
Non-Electrical Influences)
IEC 60870-3: Telecontrol Equipment and Systems – Part 3: Interfaces (Electrical
Characteristics)
This standard addresses interfaces between telecontrol equipment and the
following: (1) process equipment (i.e. field I/O points), (2) operator equipment, (3)
communication subsystems, and (4) other data processing equipment.
IEC 60870-4: Telecontrol Equipment and Systems – Part 4: Performance
Requirements

- 88 -
 Page7-SA-89
PM5-0403-WBX
This document shall be used as the project planning reference for addressing
reliability, availability, maintainability, security, time parameters affecting
performance, and overall accuracy of the delivered systems. Although written for
telecontrol systems using serial communications lines, the broad content of this
document applies to the systems to be delivered under this technical specification. If
any aspects of this document’s content are contraindicated by IEC 61850, the latter
shall prevail in those instances.
2. IEC 61010-1: Safety Requirements for Electrical Equipment for Measurement, Control,
and Laboratory Use: General Requirements
The SA systems delivered under this technical specification shall conform to the
requirements of this standard.
3. IEC 61850: Communication Networks and Systems in Substations
This standard represents the principal communications architecture for the SA systems to
be delivered under this technical specification. It includes a network profile,
communication services, and information models. During Factory Acceptance Testing
and other times, MEA personnel or their agents may inquire how these safety
requirements have been applied to the delivered systems and request testing in specific
areas of interest.
IEC 61850-1: Communication Networks and Systems in Substations – Part 1:
Introduction and Overview.
IEC 61850-2: Communication Networks and Systems in Substations – Part 2:
Glossary
IEC 61850-3: Communication Networks and Systems in Substations – Part 3:
General Requirements
IEC 61850-4: Communication Networks and Systems in Substations – Part 4:
System and Project Management
IEC 61850-5: Communication Networks and Systems in Substations – Part 5:
Communication Requirements for Functions and Device Models
IEC 61850-6: Communication Networks and Systems in Substations – Part 6:
Configuration Description Language for Communications in Electrical Substations
Related to IEDs
IEC 61850-7-1: Communication Networks and Systems in Substations – Part 7-1:
Basic Communication Structure for Substation and Feeder Equipment / Principals
and Models
IEC 61850-7-2: Communication Networks and Systems in Substations – Part 7-2:
Basic Communication Structure for Substation and Feeder Equipment / Abstract
Communication Service Interface
IEC 61850-7-3: Communication Networks and Systems in Substations – Part 7-3:
Basic Communication Structure for Substation and Feeder Equipment / Common
Data Classes
IEC 61850-7-4: Communication Networks and Systems in Substations – Part 7-4:
Basic Communication Structure for Substation and Feeder Equipment / Compatible
Logical Node Classes and Data Classes
IEC 61850-8-1: Communication Networks and Systems in Substations – Part 8-1:
Specific Communication Service Mapping (SCSM) / Mappings to MMS (ISO 9506-1
and ISO 9506-2) and to ISO/IEC 8802-3

- 89 -
 Page7-SA-90
PM5-0403-WBX
IEC 61850-10: Communication Networks and Systems in Substations – Part 10:
Conformance Testing
4. IEEE C37.1-1994: Definition, Specification, and Analysis of Systems used for Supervisory
Control, Data Acquisition, and Automatic Control
This standard shall be applied to any implementation involving field connections for I/O
points, such as BCU field circuits. It overlaps IEC standards 60870-2-1, 60870-2-2, and
60870-3, but addresses issues that the IEC standards may not address as well [e.g.
common mode voltage standoff for analog input signal processing, rejection of normal
and common mode voltages in analog input signal processing, rejection of false status
changes, time-tagging precision and time of application, change of status monitoring, and
change validation (i.e. digital signal filtering)].
5. IEEE C37.90.1-2002: IEEE Standard Surge Withstand Capability (SWC) Tests for Relays
and Relay Systems Associated with Electric Power Apparatus
6. IEEE C37.90.2-2004: IEEE Standard for Withstand Capability of Relay Systems to
Radiated Electromagnetic Interference from Transceivers
7. IEEE C37.111-1999: Common Format for Transient Data Exchange (COMTRADE) for
Power Systems
8. IEEE C37.115-2003: Test Method for Use in the Evaluation of Message Communications
between IEDs in an Integrated Substation Protection, Control, and Data Acquisition
System
9. IETF – RFC 542: FTP standard

4.2 SYSTEM PERFORMANCE REQUIREMENTS

4.2.1 The General Rule

If a person asks how fast real-time data needs to be, the answer should generally be “whatever it
takes to make the applications successful”.
To elaborate and broaden the previous statement somewhat: Applications and system processes
need timely data in order to perform their functions successfully (i.e. late data can cause them to
fail their system missions). The General Rule is that the system must reliably process and deliver
all system data within times that satisfy the requirements of individual system functions,
applications, and overall system performance expectations.
This specification lays out certain expectations for system functions and applications, and also
imposes constraints on the design approach (e.g. use of the IEC 61850 communications standard;
use of Substation LANs). It is the contractor’s responsibility to make it all come together in a
consistent manner, to achieve the desired intent and specific results. This clause describes the
timing and other metrics required of the system.

4.2.2 Time Synchronization and Time-Stamping

All station time-stamping processes are expected to provide accurate time-tags within a precision
of +/-0.5ms of absolute time.

- 90 -
 Page7-SA-91
PM5-0403-WBX
4.2.3 CCU

4.2.3.1 ‘System Log’ Entries

System log entries shall be added within one (1) second of when the initiating conditions are
updated in the Local Repository.

4.2.3.2 Backup of Real-Time Data

Data that is stored in volatile memory (i.e. memory whose contents are lost when power is
interrupted) shall also be stored locally on hard disk or in flash memory for use in warm restart
procedure. The contents of the Local Repository in a primary CCU shall be incrementally backed
up in the standby CCU and on disk or in flash memory as they occur.

4.2.3.3 Time Synchronization

The CCU module shall synchronize IEDs once per minute over the network. If the TDS or GPS
signal fails, the CCU shall synchronize IEDs once per minute using the SCADA/EMS source,
following a user-defined delay. The default value for the delay shall be one hour.

4.2.4 Operator Interface [MMI]

4.2.4.1 Operator Request Completion Time

During the system activities defined for system performance testing (refer to ‘System Performance
Testing Requirements’), the system shall complete responses to MMI operator requests within one
(1) second, following the request. These requirements shall apply to all operator requests,
including the following:

Operator Request System Response (within 1 s)

Point selection on a monitor Pop-up window appears.

Alarm acknowledgement
Control request
Control execute
Control point tagged.
Alarm inhibit
Silence audible alarm
Real-time data point placed out-
of-service / in-service
Acknowledged alarm stops flashing.
The system confirms the control action selected.
Control sent to the responsible server IED.
Tag is in effect and shown on monitor. The tag
summary is updated.
Alarm checking stopped; inhibit indication (I)
shown on the appropriate displays; inhibit
summary is updated.
Sound stops.
Processing of the point is stopped / resumed,
deactivated summary is updated.

Table 3: Operator Request Completion Times

4.2.4.2 Display Update Time

During the system activities defined for system performance testing (refer to ‘System Performance
Testing Requirements’), the following display update times apply to the MMI monitor:

- 91 -
 Page7-SA-92
PM5-0403-WBX
1. The delay between the occurrence of a status event at the station and the appearance of
the corresponding Alarm Summary entry shall not exceed two (2.0) seconds.
2. Updates of measured or status values appearing on a display shall occur within two (2.0)
seconds of their being updated in the Local Repository. This shall be tested with values
that change once per second.
3. System time shall be shown on displays with a resolution of one (1.0) second and shall
be updated once per second.

4.2.4.3 MMI Boot-Up Time and Start-Up Time

The MMI’s ‘Boot-Up Time’ is defined as the time interval beginning when power is turned on (or the
MMI is rebooted) and ending when the user is prompted to perform a log-on. The boot-up time
shall not exceed one (1) minute.
The MMI’s ‘Start-Up Time’ is defined as the time interval beginning when the user completes the
log-on and ending when the initial set of displays has been completely generated, input data is
being received and processed, the displays are being updated with real-time data, and the
Operator Interface [MMI] unit is ready to accept user input. The ‘Start-Up Time’ shall not exceed
two (2) minutes.

4.2.4.4 System Restarts

Two (2) modes of restart are required:
1. A warm restart in which the database resident in volatile memory is restored from disk.
A mechanism for warm restarting the system (e.g. CCU) shall be provided. The warm
restart may be used to reset the DNP application, but not necessarily to reset other
application programs. Typically, the warm restart is used to initialize the configuration. A
warm restart shall be initiated only in response to an MMI request from an authorized
user.
Time for a warm restart shall not exceed twenty (20) seconds.
2. A cold restart is a complete restart of the system after a power loss or after it had been
de-powered and then re-powered up.
After a power outage or total shutdown of the system, the total elapsed time for a
complete system start-up, beginning when power is restored and ending when data
processing is initialized, real-time data is available at the MMI and SCADA/EMS control
center, and all functions are operational, shall not exceed five (5) minutes.

System Restarts shall cause a major alarm to be generated. This status shall be mapped and
automatically sent to the SCADA/EMS control center.

System Restarts shall not clear system logs, which shall normally be kept in non-volatile memory
and archived on disk.

4.2.5 Communications

4.2.5.1 Network Associations

The following specifies the minimum number of concurrent LAN associations that each type of IED
shall be able to maintain:
IED Servers: 4

- 92 -
 Page7-SA-93
PM5-0403-WBX
CCU IED: 50
Operator Interface [MMI}: 6
TDS: 4

4.2.5.2 SubLAN Data-Interchange Failure between Station-Level and Bay-Level

The failure of SubLAN data interchange between station-level and bay-level IEDs shall not affect
the capability of IEDs at either level from continuing their individual responsibilities and buffering
the data to eventually be communicated. At a certain point, of course, finite buffers overflow and
the oldest data is . These shall be circular buffers, designed to accommodate 1,000 entries. If a
circular buffer were to overflow through extraordinary circumstances, the oldest entries should be
discarded as newer ones are added. This would at least enable MEA to salvage the most
important data.

4.2.5.3 Communication Errors

The system shall track communications error statistics for each LAN port and serial
communications port (if applicable), on a module-by-module basis. The statistics shall be displayed
by the Operator Interface [MMI] unit.
A user-defined percentage, applicable to each LAN port, shall be used to determine when
communication failures exceed an acceptable rate over a particular period of time. A second
percentage shall be applied to serial ports (if applicable). When those rates are exceeded, the
affected port shall be alarmed as ‘Excessive Error Rate’. Separate, but lower, user-specified
percentages shall be applied to determine when a port has again achieved an acceptable rate.
When it does, the port shall be returned to a ‘Normal’ status. A sufficiently long, user-specified
interval (30 to 300 s) shall be used to make these assessments. Failures for a given module shall
not be counted when its port is taken out-of-service or when the module cannot successfully
communicate because of external failures (e.g. the failure of a communications partner).

4.3 HARDWARE REQUIREMENTS

This section describes hardware specifications for the various modules and subsystems that
comprise the SA system. These are not functional specifications, but are specifications regarding
other required qualities of hardware that make it acceptable for use in MEA’s systems.

4.3.1 Equipment Power Supply

4.3.1.1 General Specifications

Power units and circuits, whether stand-alone or incorporated within other equipment, shall be
designed to operate reliably, maintaining their stated power-delivery capacity and other
specifications in compliance with IEC 60870-2-1 and IEC 60870-2-2. The station battery voltage
and compliance-levels selected for use in the systems to be delivered are as follows:
AC power supply -
Nom. input voltage 220 V, 50 Hz
Input voltage range -15% to +10% IEC 60870-2-1 Class AC2)
Freq tolerance ±5% IEC 60870-2-1 Class F3
Harmonic content tolerance: < 10% IEC 60870-2-1 Class H2
(input voltage)

- 93 -
 Page7-SA-94
PM5-0403-WBX
Inverters -

Output voltage variations < 10% IEC 60870-2-1 Class AC1

Harmonic content tolerance: < 10% IEC 60870-2-1 Class H2
(input voltage)

DC/DC converter -
Nom. Input voltage: 125 Vdc
Input voltage range: -20% to +15% IEC 60870-2-1 Class DC3
Input earthing condition: Floating earth IEC 60870-2-1 Class EF
Input voltage ripple: < 5% IEC 60870-2-1 Class VR1

If a piece of equipment cannot accept 125 Vdc, it is acceptable to use 48 Vdc through provision of
a stand-alone 125VDC/48VDC converter.
The load on a power supply, converter, or inverter shall not exceed 70% of its rated power output
capacity. Power unit efficiency shall be 75% or higher.

4.3.1.2 System-Related Specifications

Several other requirements are listed below. They represent conditions that must be met between
the integrated SA system and the power units that supply it. The fulfillment of these requirements
shall be demonstrated during Factory Acceptance Testing and Site Testing.
1. SA system shall tolerate a 20ms interruption in the auxiliary supply without de-energizing.
(Reference IEC 60255-11)
2. SA system shall tolerate 12% ripple on the DC auxiliary supply.
(Reference IEC 60255-11)
3. The starting current shall be less than 10A if the nominal load current is less than 2A.
Otherwise, starting current shall be less than 3 x the load current.
(Reference IEC 60870-4)

4.3.2 IED Clock Circuits and Time-Stamping Capabilities

IEDs shall be equipped with a real-time clock, with full calendar support (including leap year).
Clock resolution shall be governed by IEC 60870-4, Table 7 Class TR4. Clocks shall have an
accuracy of ±2ppm and shall not drift more than twenty (20) ms per hour. If necessary, IEDs shall
employ software algorithms to counter inaccuracies and drift resulting from crystal ageing.
All IEDs that need to maintain precise time for time-stamping shall be capable of supporting IEC
61850 time-synchronization by the CCU, maintaining acceptably low drift in time between
synchronizations, and time-stamping events with an absolute precision of +/-0.5ms relative to the
GPS source.
IEDs shall support local setting of time and date from the front port or HMI panel. This feature is
intended only for use in unusual circumstances, such as the loss of CCU synchronization or for
IED testing. This set of values shall be maintained by the IED until overridden by a successful time-
synchronization from the CCU.
Except for synchronization, the IED’s real-time clock shall be completely independent of outside
sources, so that the IED can continue to properly handle its time related applications, should the
time-synchronization mechanism fail.

- 94 -
 Page7-SA-95
PM5-0403-WBX
4.3.3 Substation LANs
Operation of the Substation LANs shall comply with the IEC 61850 Ethernet profile using TCP/IP.
Substation LANs shall support 10/100 Mbps operation, with consideration of whether 1Gbps is
technically and economically appropriate.
All connections to Substation LANs shall be made using ST or SC or LC connectors. Unless
otherwise specified, the Substation LANs shall use multi-mode cable and be sheathed for
protection against abrasion and cuts. Fiber optic cable shall be terminated and routed according to
best industry practices. All materials shall be industry standard, commercially available, and
supportive of the open systems concept. A service loop shall be provided at connection points to
allow flexibility for future equipment upgrades.
The Substation LAN design shall not require any routine engineering administration or manual
reconfiguration to remedy an equipment failure or to facilitate failure recovery.
The Substation LAN shall be designed to ensure that, in the event of a single LAN cable or LAN
interface module failure, none of the SA system functionality shall be lost and at most one IED
server (e.g. BCU) shall be isolated from the CCU.

4.3.4 CCU
The CCUs shall be a 19” rack type, industrial standard, computer system and shall be capable of
operating under the specified ambient conditions for indoor equipment. The CCU shall conform to
UL approved safety standards and be certified to FCC Class B. The statistical MTBF for the CCU
shall be not less than 50,000 hours, when analyzed at 75% loading and 25°C.
The CCU shall be manufactured by IBM, Dell, Hewlett Packard, or an equivalent source approved
by MEA. Alternatively, an SA system supplier’s computer system hardware is also acceptable if it
is designed for use in the electrical substation environment, designed for this purpose, and
otherwise meets all requirements. Full repair services shall be available in THAILAND for the
selected equipment.
Aside from hardware requirements, the equipment shall incorporate an acceptable real-time
operating system and other required system software. Refer to the Software Requirements clause.
The CCU shall be equipped with certain interfaces that enable data and file communication
exchanges with other SA system components:
1. Dual Ethernet ports for connection to the SubLANs.
The CCU shall connect to both Substation LANs through separate fiber optic interfaces.
Use of the two connectors is described under the ‘Dual Substation LAN Connections’
heading.
2. A serial maintenance port for connecting to a portable Operator Interface [MMI] unit, even
though such connections will usually be made via a SubLAN.
The portable MMI unit shall support configuration, testing, commissioning, operational
monitoring and control, and troubleshooting of the CCU as described elsewhere in this
technical specification.
3. USB ports for connection to a portable flash memory drive (i.e. thumb drive), Zip drive, or
hard drive.

- 95 -
 Page7-SA-96
PM5-0403-WBX
4.3.5 Operator Interface [MMI]

The MMI unit shall conform to UL approved safety standards and be certified to FCC Class B. The
statistical MTBF for the MMI unit shall be not less than 50,000 hours, when analyzed at 75%
loading and 25°C. The equipment shall be capable of operating under the specified ambient
conditions for indoor equipment.
The MMI unit shall be manufactured by IBM, Dell, Hewlett Packard, or an equivalent source
approved by MEA. The equipment shall be warranted to work in MEA’s electrical substation
environments. Full repair services shall be available in THAILAND for the selected equipment.
The MMI unit shall connect to both Substation LANs through separate fiber optic or coppper media
interfaces, using ST or RJ-45 connectors. Use of the two connectors is described under the ‘Dual
Substation LAN Connections’ heading.
Aside from hardware requirements, the equipment shall incorporate the required system software.
Refer to the Software Requirements clause.

4.3.5.1 MMI Units based on Desktop PC

MMI units based on a desktop PC shall meet the minimum specifications shown in Table 4, unless
the contractor believes that the specifications are not sufficient for meeting requirements or that the
specifications can be better oriented to available, mainstream products. In either case, the
contractor shall submit a counterproposal to MEA, accompanied by reasons for the proposed
changes.
®
Processor Intel Core™ i7-2600 (3.40 GHz, 8MB cache, 4 cores)
RAM 4 up to 16 GB 1333 MHz DDR3 SDRAM,4 DIMM Slots

Hard Drive SATA (7200 rpm) from: 250 GB Up to: 1 TB

Other Storage SATA SuperMulti DVD writer
Display 23-inch LED color monitor with 1920 x 1080 Resolution , 250 Brightness, 2ms Response Time,
1,000:1 Typical Contrast Ratio, 5,000,000:1 Dynamic Contrast Ratio, 170°/160° Viewing Angle
16.7 Million Colors Supported
Video Card NVIDIA Quadro NVS 300 (512 MB) or equivalent
Ports 2 @ 9-pin RS-232C port
1 @ 25-pin bidirectional ECP and EPP (Parallel port)
6 @ Universal Serial Bus ports (USB 2.0)
1 @ 15-pin VGA port
2 @ Ethernet LAN jack: 10/100 Base TX (RJ45) + 100 Base-FX fiber optic interface (ST) or
adapter required for each port.
1 @ RJ11 phone jack, 1 eSATA/USB 2.0 combo port
Network Interface Dual Fast Ethernet NIC (10/100/1000Mbps) communications adapter with all necessary facilities
& for Ethernet TCP/IP networking per the IEC 61850 network profile specifications, including
Communications compatible TCP/IP stack. (Note: Two independent ports required with same IP address

Keyboard USB standard keyboard with a minimum of 104 keys with Thai/English key labels. Function keys
required for dedicated MMI functions.
Operating System Genuine Windows® 7 Professional 64-bit with Thai language support and latest service pack
Accessories Recovery CDs and operating system
Microsoft Wheel Mouse™ (USB Interface)
Mouse pad
Speaker/sound card for audible alarming and for use with future functions
Real-time clock, calendar with battery backup, and support for CCU time-synchronization
Auto-restart capability
2 @ spare expansion PCI slots for future expansion
Diagnostics, on-site installation, and validation

Table 4: Operator Interface [MMI] based on Desktop PC

- 96 -
 Page7-SA-97
PM5-0403-WBX
4.3.5.2 MMI Units based on Notebook PCs
MMI units based on a notebook PC shall meet the minimum specifications shown in Table 5,
unless the contractor believes that the specifications are not sufficient for meeting requirements or
that the specifications can be better oriented to available, mainstream products. In either case, the
contractor shall submit a counterproposal to MEA, accompanied by reasons for the proposed
changes.

Processor Intel® Core™ i7 Mobile Processor Family with Turbo Boost Technology
RAM DDR3 SDRAM (1333 MHz), two slots supporting dual-channel memory, 2048 MB SODIMMs, up
to 8192 MB total
Hard Drive 500 GB 7200rpm SMART SATA II HDD
Other Storage Blu-ray ROM DVD+/-RW SuperMulti DL LightScribe Drive
Display 14-inch diagonal LED-backlit HD+ Anti-Glare (1600 x 900 resolution)
Video Card ATI Mobility Radeon™ HD 540v with 512MB dedicated video memory or equivalent
Ports 1 @ 9-pin RS-232C port
1 @ 25-pin bidirectional ECP and EPP (Parallel port)
3 @ Universal Serial Bus ports (USB 2.0)
1 @ 15-pin VGA port
1 @ Ethernet LAN jack: 10/100 Base TX (RJ45) + 100 Base-FX fiber optic interface (ST) or
adapter required
1 @ RJ11 phone jack
1 eSATA/USB 2.0 combo port
1 docking connector
Network Interface Dual Fast Ethernet NIC (10/100/1000Mbps) communications adapter with all necessary facilities
& for Ethernet TCP/IP networking per the IEC 61850 network profile specifications, including
Communications compatible TCP/IP stack. (Note: Two independent ports required with same IP address

Modem Interface 56-Kbps V.92 MODEM

PC Card Slots 1 @ Type II PCMCIA card slot, CardBus-enabled

Keyboard 87- (US)/88-(Int’l English) key, full-size keyboard (with 101-/102-key emulation) supports
Windows keys Embedded Numeric Keypad, 12 function keys, suspend/resume sleep button
Operating System Genuine Windows® 7 Professional with Thai language support and latest service pack
Accessories • Recovery CDs and operating system
• Leather luggage
• Microsoft Wheel Mouse™ (USB Interface)
• Mouse pad
• Power adapter, battery and charger

Table 5: Operator Interface [MMI] based on Notebook PC

- 97 -
 Page7-SA-98
PM5-0403-WBX
4.3.6 Time and Date Server
One (1) GPS satellite disk and receiver shall be provided for time synchronization purposes at
each SA system station site. The physical connection and installation of the GPS hardware
components shall simple, not requiring any RF or GPS expertise. Any software for configuring or
operating the unit shall be provided with the system.
A GPS antenna unit with remote power supply and supporting cable shall be provided. The
antenna shall be dc-insulated with dielectric strength of 1,000 V. The interface between the GPS
receiver and the GPS input of the TDS module shall be a standard serial interface equipped with
an optical-to-serial converter (or equivalent interface with isolation, approved by MEA).
The GPS clock receiver shall withstand operating temperatures up to 70°C and humidity up to
100% non-condensing. The contractor shall supply all necessary cables, connectors, accessories,
and mounting hardware needed to support positioning and adjustment of the antenna.
At a MINIMUM the GPS clock receiver shall require no more than one (1) minute to synchronize,
using a known receiver position and valid almanac, or twelve (12) minutes if this data is not known.
The following specifications shall be met for the time-synchronization subsystem:
1. The accuracy of the GPS clock receiver shall be better than ±250 nanoseconds
immediately after synchronization and ±2 us after 20 minutes of operation (in the absence
of further synchronization).
If the GPS signal is temporarily lost, the GPS clock receiver shall continue to provide
precise time measurements to the TDS module based on its own low-drift time-keeping,
per the drift specification stated directly above.
2. When the SA system is synchronized using SCADA/EMS control center time, the
maximum allowable time synchronization error (i.e. deviation from absolute time) shall be
not more than 20 ms plus the propagation delay in the SDH network.
The default delay between loss of GPS signal and the use of SCADA/EMS control center
time shall be four (4) hours, unless the CCU determines that the time provided by the
TDS module is unreasonable for the elapsed time (for example, the TDS module may
have failed). In that case, the CCU shall immediately start using the SCADA/EMS control
center time for time synchronization. The default delay may be changed via a user-
defined parameter.

4.3.7 CGW: Communications Gateway

The CGW shall support a maximum SDH data rate of 19,200 bps, although the operational rate
shall initially be set at 9,600 bps. The CGW interfaces with the SDH WAN through a Fiber Optic
Modem (FO Modem).
The FO Modem shall be mounted on a standard 35 mm DIN rail. It is the contractor’s responsibility
to verify that the modem he selects for use at station sites is fully compatible with existing SDH
Node modems used by MEA at other locations (e.g. at the SCADA/EMS control center). If the
modems selected by the contractor are not fully compatible with the existing modems, the
contractor shall either modify the selected modems or furnish matching modems for existing SDH
Nodes.
The CGW module, which interfaces the FO Modem to the SA system, shall connect on the other
side to both Substation LANs through separate fiber optic interfaces. Use of the two connectors is
described under the ‘Dual Substation LAN Connections’ heading.
MEA will provide one (1) independent communications circuit to the SCADA/EMS control center.
The contractor will be responsible for establishing end-to-end communications with the
SCADA/EMS control center.
- 98 -

4.3.8 Serial Communication Interfaces
Where data communication interfaces using DNP3 protocol are necessary, DNP-IP shall be used
over the Substation LANs.
Where DNP-IP is not practical (e.g.
communication interface shall be used.
optical converters to achieve electrical
failure phenomena. This applies only
enclosures.
Page7-SA-99
PM5-0403-WBX
perhaps for legacy data integration), a DNP serial
Any such interface shall be implemented using serial-
isolation against common-mode voltage and transient
to serial communication lines that leave protective

4.3.9 Bay Control Units with Protection Relays (BCUs)

BCU servers have data acquisition and control responsibilities within the SA system. In the
systems to be delivered under this technical specification, they connect to traditional I/O points on
the back end (e.g. status contacts, counter contacts, analog inputs, and control outputs). On the
front end they are presented as IEC 61850 data models, just as though they originated from true
IEC 61850-compatible sources. The data from these models shall be selectively delivered to the
CCU’s Local Repository according to station needs.
The BCUservers shall be capable of storing and executing programmable logic applications. In
support of a distributed processing environment, they shall be capable of interconnecting with other
BCU servers via IEC 61850 GOOSE messaging to acquire status and commands and to provide
the same in return. In this way, multiple units can cooperate perform bay interlocking and
automation applications. All parameters, configurations, programs, software, and process data
shall be stored in non-volatile memory, along with revision control information.

4.3.9.1 Installation Issues

To the extent feasible, distributed BCU servers shall be grouped and installed in station cabinets
where the required inputs and outputs can be most easily accessed, in order to minimize the length
and complexity of control and field wiring, while providing convenient site service and maintenance.
A collateral objective is to reduce the exposure of low-level analog signals to electromagnetic
interference (EMI).
Construction requirements for outdoor cabinets are specified in an attachment to this technical
specification: ‘Equipment Construction Requirements’. Besides cabinet construction, it governs
terminal blocks, cabling, and wiring techniques.

4.3.9.2 Interface, Electromagnetic, and Environmental Compatibility

The BCU servers and any affiliated data acquisition or control modules shall be considered
protection grade equipment. They shall be type-test certified as meeting the ‘Compatibility Test
Criteria’ for (1) interfaces, (2) electromagnetic compatibility, and (3) environmental issues. Refer to
the ‘Compatibility Test Criteria’ heading for specific requirements.

4.3.9.3 BCU I/O Point Types

BCUs shall be equipped to handle and use the required physical I/O points described in
APPENDIX D and elsewhere in this specification. Refer to the ‘I/O Point Types’ heading for
specifications regarding each applicable point type. The contractor shall provide verifiable
information regarding such capabilities and present any limitations of the proposed BCU units in
his proposal. The IEC 61850 representations for this data shall be addressed in the Work
Statement, after award of contract.

- 99 -
 Page7-SA-100
PM5-0403-WBX
4.3.10 Printing Facilities
The contractor shall provide printers (for the stations that require them) and all necessary
installation components (e.g. LAN interfacing, cabling, connectors). Printers shall be located in
close proximity to the Operator Interface [MMI] units.

4.3.11 I/O Point Types

Table 6 summarizes the current I/O point types used by MEA and whether there is support for
using each type of point within IEC 61850. Fact is, the IEC 61850 communications standard
supports a broader range of capabilities than has been offered by traditional practice.

What follows is a description of each point type and how it is applied within MEA’s power delivery
system. This information strongly correlates with the content of IEC 60870-3, concerning interfaces
used in telecontrol equipment and systems, although it is a rather obtuse standard to apply. For the
purposes of this technical specification, the contractor’s bid response shall describe in detail how
the proposed equipment meets these requirements. Equipment shall be examined and tested
during Factory Acceptance Tests to ensure these requirements are adequately met.

Supported by
Point Type IEC 61850?

Analog inputs
AC-AI: AC Analog Inputs Yes
DC-AI: DC Analog Inputs Yes, but information is limited by the loss
of knowledge due to DC representation

Digital Inputs
Single contact, 2-state Yes (including SOE)
Double-contact, 2-state Yes (including SOE)
MCD: 2-state with memory Yes (including SOE)

Digital Outputs
ON/OFF Device Control Yes
Raise/Lower Control Yes
Set-point Control Yes
Variable-Length Control Yes
Direct-Operate Control Yes
(and pulse output)

Table 6: Summary of IEC 61850 Support for I/O Point Types

- 100 -
 Page7-SA-101
PM5-0403-WBX
4.3.11.1 Analog Inputs
The following descriptions apply to BCU servers that acquire and process analog input values.
MEA has traditionally used DC transducers for acquiring values, but going forward, that approach
shall only be used in exceptional cases, where other approaches are not convenient or feasible or
where economic considerations dominate. For the systems to be delivered under this technical
specification, AC analog inputs are the strongly preferred approach. Once protective relays are
added to these systems, measurement values shall be acquired from those devices.

4.3.11.1.1 AC Analog Inputs (AC-AI)

BCU servers shall acquire the AC Inputs directly from the current transformers (CTs) and voltage
transformers (VTs), without any interposing devices and transducers, and use these inputs to
calculate true RMS, the 50Hz phasor, and other power system data.
The BCU servers shall accept AC current and voltage input signals with the following nominal
signal ranges:
0 to 5A ac or 0 to 1A ac
0 to 115Vac or 0 to 120Vac
The AC Analog Input (AC-AI) Sub-Module shall be able to convert at least three (3) current inputs
of 1A or 5A and three (3) voltage inputs for 115Vac or 120Vac, with linearity better than ±0.05% on
the range of 1.2 times of rated values. Configurable assignment of voltage and current pairs for
single phase and three phase star or delta configurations and for independent CT inputs shall be
provided.
The Overall Accuracy (true RMS) of the AC Analog Input (AC-AI) Sub-Module shall be at least
±0.2% of full scale over the temperature range 0 to 70°C.
The sampling rate for AC quantities shall be at least 32 samples per cycle, using at least a 12-bit-
plus-sign A/D converter.
The AC Analog Input (AC-AI) Sub-Module shall be designed to reject common mode voltages up
to 150Vac (50 Hz). For DC inputs, normal mode noise voltages up to 5Vac shall be rejected while
maintaining the specified accuracy.
For current inputs, the input impedance shall be such that the voltage across the input terminals
does not exceed 5 V with full-scale input current [IEC 60870-3 Table 12], and no damage shall
occur for sustained 100% overcurrent. For voltage inputs, the input impedance shall not be less
than 200kΩ per volt [IEC 60870-3 Table 12].
PT and CT connections shall be wired to individual terminal blocks of the removable-link or
bypass-bridge type (as appropriate), so that CT and PT connections may be safely interrupted
without removing individual wires. The appropriateness of ABB Combitest or ALSTOM or
SIEMENS test switch blocks or equivalent shall be provided. Status, counter, and control field
wiring shall be connected to I/O field modules through the existing, disconnectable terminal blocks,
so that field wires do not have to be removed to interrupt those circuits. I/O modules shall be
replaceable without reprogramming.
Wiring conductors shall be stranded copper wire 500 V class insulation. The cross section area
shall be as follows :-
For PT circuit : 1.5 mm2
For CT circuit : 2.5 mm2

- 101 -
 Page7-SA-102
PM5-0403-WBX
4.3.11.1.2 DC Analog Inputs (DC-AI)
BCU servers shall support DC inputs from linear transducers and other DC instrument sources.
These shall be used where CT and PT inputs are not available, where the measurement does not
represent power system data, or where economics dictates the choice.
For this project, the interfacing to plant parameters, such as transformer temperature values,
transformer tap position, etc shall use a live-zero transducer of 4 to 20mA value. The transducer (if
not already installed in a current system) shall come factory-fitted with precision scaling resistors,
conform to IEC 60688-2 standards, and be approved by MEA. It shall be possible to remove or
replace scaling resistors at site without any resoldering.
The DC Analog Input (DC-AI) Sub-Module shall be configurable to accept DC inputs in the
following signal ranges:
Unipolar Voltage : 0-1V, 0-2.5V, 0-5V, 1-5V
Unipolar Current : 0-10mA, 0-20mA, 4-20mA
Bipolar Voltage : ±1V, ±2.5V, ±5V
Bipolar Current : ±10mA, ±20mA
It shall be possible to adapt each individual DC analog input terminal to any of the above input
ranges with minimal difficulty. Programmable ‘gain factor’ shall be employed to enable a range of
current inputs to be used.
The DC Analog Input (DC-AI) Sub-Module shall support differential inputs to provide maximum
noise immunity and shall exhibit common-mode noise rejection characteristics of at least 85 dB
between 0 to 50 Hz and normal-mode (differential) rejection of at least 48 dB at 50 Hz.
The Overall Accuracy of the DC Analog Input (DC-AI) Sub-Module, from input terminal to digital
value, shall be at least ±0.2% of full scale for current and voltage inputs, over the full temperature
operating range. For the definition of accuracy, “FULL SCALE” shall mean the measurement span,
which is the difference between maximum positive and negative readings.
The DC analog processing shall use at least a 12-bit-plus-sign A/D converter.
For current inputs, the input impedance shall be such that the voltage across the input terminals
does not exceed 5 V with full-scale input current [ IEC 60870-3 Table 12 ], and no damage shall
occur for sustained 100% overcurrent. For voltage inputs, the input impedance shall not be less
than 200kΩ per volt [ IEC 60870-3 Table 12 ].

4.3.11.2 Digital Inputs

The following descriptions apply to BCU servers that acquire and process digital input values.BCU
servers shall support continuous monitoring of contact status inputs and shall have the capability to
time-stamp changes that are validated as meeting the change criteria.
Each digital input point shall be implemented with an optical isolating barrier (i.e. opto-coupler)
between the internal circuit and the external connection point. The BCU shall support inverting the
status via configuration (i.e. a configuration table), so that a “b” or normally closed contact can be
reported as an “a” or normally open contact. In addition, each input circuit shall include an LED
indicator to show the status of the associated input.

- 102 -
 Page7-SA-103
PM5-0403-WBX
A soft-filtering technique shall be provided to eliminate noise effects and false-change detections,
and to ensure that a changed status signal level persists for a user-defined, minimum period of
time before being accepted as a valid change. The user-defined parameter shall be settable
between 10 and 100ms. Note that time-stamping is to be performed at the initial transition of the
change, but that the change shall only be accepted if validated through the filtering process. The
precision of time-stamps must comply with the specification stated under the ‘Time
Synchronization and Time-Stamping’ heading. Hard-filtering techniques (using passive electrical
components) are discouraged, as they inevitably distort time-stamping values.
The wetting voltage used for input contacts shall be the same as the primary control voltage (125
Vdc from station battery) used within the control cabinet from which the digital input point is
acquired.
Note that it is an MMI planning issue as to whether any digital state is to be considered abnormal,
whether any state is to be classified as an alarm, and if an alarm, whether major or minor. This
interpretive information shall be part of the MMI unit’s configuration, and it is not part of an BCU
server’s responsibilities.
The following types of digital input points shall be supported and shall be configurable without the
requirement for different hardware.

4.3.11.2.1 Single Contact, Two-State

For single contact, two-state digital input points, a single contact shall represent both states of the
monitored device.

4.3.11.2.2 Double Contact, Two-State

For double-contact, two-state digital input points, separate contacts shall be provided for
representing the state of the monitored device. The contacts shall be treated as a complimentary
pair. One contact (when closed) shall indicate an OPEN condition of the monitored device, while
the other contact (when closed) shall indicate a CLOSED condition. When both contacts are open,
they represent that the monitored device is in transition (e.g. a motor-operated switch in the
process of changing position). When both contacts are closed, they represent an invalid condition.

4.3.11.2.3 Two-State with Memory (MCD)

‘Two-state with memory’ digital input points, also called “Momentary Change Detect (MCD) digital
inputs”, shall include a means to indicate that two or more status changes have occurred since the
last reported status, regardless of the current status of the device. Both the ‘two-state with memory
(MCD)’ digital input and the current status of the point shall be returned in the response message
(i.e. a total of two bits). Two-state with memory (MCD) digital input points shall be filtered (i.e.
debounced), as described above, to eliminate false indications produced by contact bounce.

4.3.11.3 Digital Outputs

The following descriptions apply to BCU servers that provide control output capabilities.
Digital Output (DO) Sub-Modules shall support control outputs by means of independent, voltage-
free, optically-isolated, single-pole / single-throw (SPST) relay output contacts. The contact outputs
shall be used to control various station equipment (e.g. circuit breakers [via TRIP/CLOSE
commands], motor-operated switches [via OPEN/CLOSE commands], tap-changers [via
RAISE/LOWER commands], relay RESET, digital set-point). Transistor outputs are not acceptable.
All contacts shall be immune to vibration effects and all contacts shall have a minimum mechanical
durability of one million (1,000,000) operations.

- 103 -
 Page7-SA-104
PM5-0403-WBX
The type of relay output contacts used shall be normally-open (Form A) and they shall be able to
make and break at least 5A inductive (L/R ≤ 40 ms) at 125 Vdc. All individual digital output points
shall be equipped with an individual BCU to confirm the operation (i.e. energization) of each control
relay coil. For heavy-current circuits (e.g. TRIP/CLOSE circuits for circuit breakers), the output
relay may be integrated within the BCU server; alternatively, it may be provided by the contractor
as an interposing relay. These interposing relays shall be mounted and wired as an integral part of
the BCU server’s enclosure assembly and shall be included in the scope of supply. The interposing
relays shall be also able to make and break at least 5A inductive (L/R ≤ 40 ms) at 125 Vdc.
Where individual control outputs operate existing circuits that require lower contact ratings, the
contractor may propose using lower power-handling relays that are integral to the BCU server. In
such cases, the contractor shall be responsible for ensuring that the current handling
characteristics of the relay are adequately rated to match the existing interface circuit.
All modules providing digital output points shall be equipped with a control disable switch to
disconnect power from control relay contacts, thereby disabling control of equipment. Variations of
this approach may be used if approved by MEA.
An auxiliary contact shall be provided on each control disable switch. This auxiliary contact shall be
wired to one (1) digital input to provide a remote indication of the switch’s status. These indicators
shall be included in the specified point counts.
Each Digital Output (DO) Sub-Module shall be equipped with a dummy breaker (latching relay) as
a test indication for control functionality.
One (1) pair of control outputs in each equipped Digital Output (DO) Sub-Module shall be used to
handle TRIP and CLOSE commands from a communicating host (e.g. SCADA/EMS or MMI) and
two pole trip one pole close of control outputs shall be used to handle TRIP and CLOSE
commands from protection functions. The status of the relay shall be acquired by the BCU server
as a digital input point for transmission to the communicating host.
The BCU servers shall support the following types of digital output points in order to support control
actions initiated by the communicating host or, where applicable, the integrated programmable
logic facilities of the BCU servers or SCADA/EMS software applications:

- 104 -
 Page7-SA-105
PM5-0403-WBX
4.3.11.3.1 ON/OFF Device Control
The DO Sub-Module shall perform ON/OFF control actions using complimentary pairs of contact
outputs. One contact output shall perform the “ON” control action, and a second output contact
shall perform the “OFF” control action.
The DO Sub-Module shall be designed such that only one output of a complimentary pair can be
activated at a time.
These control commands shall use the SBO control procedure.

4.3.11.3.2 RAISE/LOWER Control

The DO Sub-Module shall perform RAISE / LOWER control actions using complimentary pairs of
contact outputs. One contact output shall perform the “RAISE” control action, and a second output
contact shall perform the “LOWER” control action.
The DO Sub-Module shall be designed such that only one output in a complimentary pair can be
activated at a time.
These control commands shall use the SBO control procedure when controlling primary equipment
such as LTCs that require control security.

4.3.11.3.3 SET-POINT Control

The DO Sub-Module shall be capable of accepting Set-Point Values (e.g. pre-set, analog output
values) from the communicating host (e.g. MMI unit or SCADA/EMS control center, if mapped),
and using them to initiate closed-loop control actions through its programmable logic capabilities
(e.g. initiating consecutive RAISE/LOWER controls at a transformer tap changer to maintain line
voltage at the set-point value).
To support the above capabilities, DO Sub-Module shall provide momentary control outputs and
latching control outputs. Each momentary control output shall provide a contact closure (pulse) that
has a programmable duration. The pulse duration shall be adjustable on an individual point basis
from 0.01 to at least 16 seconds in increments of 0.01 seconds.
In contrast, latching control outputs shall remain in the last commanded state until a subsequent
command or until the process variable changes the control output state.

4.3.11.3.4 Variable-Length Control

The DO Sub-Module shall be capable of performing command outputs whose pulse duration shall
be adjustable during the course of the output per a set-point parameter received from the
communicating host (e.g. MMI unit or SCADA/EMS control center, if mapped).
The voltage rating of the control outputs contacts shall be the same as the primary control voltage
(125 Vdc) used within the control cabinet associated with the controlled device.

4.3.11.3.5 Direct-Operate (Pulse Output) Control

Direct-operate controls are typically used for controlling devices and systems that do not require
the control security (i.e. they do not use the SBO control procedure). They can be configured as
individual or paired outputs.
Direct-operate (pulse output) controls shall be used for step functions, such as precisely-timed
RAISE and LOWER commands to generator controllers. Multiple RAISE/ LOWER control outputs
shall be able to operate concurrently. On receipt of a command message from the communicating
host (e.g. MMI unit or SCADA/EMS control center, if mapped), a timed pulse is sent to a specified
device. The time duration is specified in the command message. These controls shall be
configurable for latching or pulsed operation.

- 105 -
 Page7-SA-106
PM5-0403-WBX
It is preferred that BCU servers supporting direct-operate (pulse output) control functionality use
the same module as used for secure control. In such a case, the module is able to operate in either
mode, according to operational parameters associated with a control point. The direct-operate
capability, however, may be provided by a different module.
All control outputs (secure and direct-operate) shall be equipped with individual BCUs to confirm
the energized-coil status of each control relay.

4.3.12 Control Circuit Requirements and Internal wiring Conductors

All BCUs and Protection Relays shall be house in a dust proof cover, class IP51, with a transparent
front and shall be provided with test switch blocks.
Low voltage circuit breaker with auxiliary contact and suitable breaking characteristics shall be
provided for protection of each measuring and control circuit in each panel.
All internal wiring conductors shall be stranded copper wire 500 V class insulation. The cross
section area shall be as follows :-
For voltage and control circuit 1.5 mm2
For current circuit 2.5 mm2
Potential circuits, current circuits, trip circuits and auxiliary supply shall be connected to test switch
block.

4.3.13 Console Furniture

The L-shape console furniture shall conform to the proposed MMI, and shall be designed in
accordance with generally accepted ergonomic principles regarding the height and orientation of
the monitors, the keyboard, and the mouse.
One (1) L-shape desk or two (2) separate computer desks with one (1) operator chair shall be
provided and shall have a full depth of at least 70 cm, a depth of approximately 40 cm in front of
the monitor, and a free flat area with a minimum size of 100 cm in length by 70 cm in depth.
The L-shape console furniture shall be situated in the substation control room, in a location
approved by MEA. The proposed design, dimensions and materials of the desk and chair shall be
subject to MEA's review and approval.

4.4 SYSTEM SOFTWARE REQUIREMENTS

System software includes any software or firmware used to implement or support the functions
required by this technical specification. It is possible that software includes certain programmable
logic applications, if those applications are in fact an extension of system software (e.g. the File
Agent). System software does not include programmable logic or other application
implementations that represent specialized MEA-defined utility functions, as described under the
Functional Requirements clause.

4.4.1 A Non-Comprehensive List of System Software

The following is a non-comprehensive list of specific functions to be implemented by system
software:
1. Operating system functions.
2. High-speed SubLAN communication among IEDs using IEC 61850 communication
services over Ethernet.

- 106 -
 Page7-SA-107
PM5-0403-WBX
3. Time synchronization functions.
4. Field data acquisition and pre-processing functions.
5. Control of primary system devices.
6. Local Repository functions.
7. ‘SCADA/EMS control center’-requested functions.
8. DNP3 communication services and functions
9. Bay- and station-level interlocking functions.
10. System log functions.
11. Configuration capabilities supporting –
IEC 61850 SCL configuration
Operator templates and procedures for setting and modifying operational
parameters
Proprietary configuration of devices
Programmable logic and other applications
12. Use of programmable logic and other application functions
(but not including the application code itself)
13. Generation, editing, and maintenance functions for –
Displays and reports
Programmable logic and other applications
DNP database
14. Diagnostic functions
15. Archiving and recall functions
16. File-related functions
17. Security functions
18. Use of displays
19. Use of system peripherals (e.g. monitor, printer, keyboard, mouse)
20. Any other functions associated with device or subsystem responsibilities -
CCU functions
SubLAN or CGW functions
Operator Interface [MMI] functions
TDS functions
BCU functions

- 107 -
 Page7-SA-108
PM5-0403-WBX
4.4.2 General Requirements
The following are general comments on MEA’s software expectations for the systems to be
delivered.

4.4.2.1 Operating Systems

System software and tools for any computer system platform shall be integrated under an
operating system based on Microsoft Windows XP professional™ with Thai language support and
the latest service pack, either desktop-based or embedded.
An anti-virus protection program shall be selected to run on these same computer system
platforms.

4.4.2.2 Software Components

The contractor shall provide a comprehensive list of the system software components to be
provided. The list shall be organized by system platform (e.g. CCU, Operator Interface [MMI], BCU,
TDS, CGW, Ethernet switch). The function(s) provided by each software component shall be briefly
but clearly described.
The list shall be an expansion of the system software list shown above, but one that is specific to
the contractor’s proposed implementation. The result shall enable MEA to understand how the
system functions are defined, organized, and related, where they reside, and how they are
integrated to support the system functionality required by this technical specification. MEA does not
expect a detailed understanding of how the internal code for each function is designed.

4.4.2.3 Software Interfaces

The contractor shall describe how he anticipates the software components will be integrated into a
system software structure that supports the requirements of this technical specification. This will
require a characterization of the interfaces to be used to support interaction among the software
components.
The contractor shall provide a comprehensive list of the types of software interfaces used by the
system to coordinate software components. Each interface shall be described in a way that
enables MEA to understand why the interface exists, which platform provides and manages the
interface, how the interface works to coordinate use of software components, and other
distinguishing characteristics. All software interfaces shall conform to good, mainstream
engineering practices.
The final system deliverables shall include ‘as-installed’, detailed documentation that functionally
describes the interfaces in more detail. The contractor shall enumerate the types of interfaces used
and then list the various instances where each type is used and for what purpose it is used. This
shall include a diagram showing the overall system software structure, including software
components and their linkages through the individual interfaces. This shall be performed in a way
that makes it easy to understand how this implementation has been partitioned among the various
system platforms and devices. These diagrams and accompanying explanations shall enable MEA
to understand the functional organization of the overall system software design.

4.4.2.4 Programming Languages

The software shall be written in C++ (preferred) or C, and shall include a fully-documented version
control capability.

- 108 -
 Page7-SA-109
PM5-0403-WBX
4.4.2.5 Buffer Overflows
System software shall identify and alarm any buffer or FIFO overflows. If these occur during
system operation, they represent system design deficiencies. They indicate that some aspect of
system operation or loading has been underestimated. It is imperative that these kinds of problems
be identifiable so that they can be fixed. The occurrence of such problems damages system
reliability.

4.4.2.6 System Loading

System software shall calculate and display the percentage loading on the CCU(s). This
information shall appear on the ‘Communications Status / Operational Status’ display of the
Operator Interface [MMI] unit.

4.4.2.7 Unit Behavior

The software of each IED or other subsystem shall provide automatic restart of the unit upon
power restoration, memory parity errors, hardware failures, manual requests, and operator
requests via the network. All restarts shall be reported as time-tagged system events.

4.4.3 IEC 61850 Communications and Stack Software

IED products (e.g. protection relays, BCUs) that support IEC 61850 over Ethernet will include this
software. If the contractor integrates IEDs based on PC systems (e.g. CCU, Operator Interface
[MMI] units), he shall ensure this software is properly integrated and tested. This software is
typically obtained from one of three principal suppliers who work closely with the electric utility
industry in support of the IEC 61850 communications standard.

4.4.4 Programmable Logic Control (PLC) Software

A Windows-based, graphical programming tool, compliant with the IEC 61131-3 (Soft PLC)
standard for open PLC programming languages, shall be provided for developing logic programs
for the SA system. The tool shall support the IEC 61131-3 programming model, which addresses
configuration, resources, tasks, programs, and functions. Simulation tools shall be provided to test
and debug logic programs before they are placed into service. These tools shall be used on all
Operator Interface {MMI} units.
The contractor shall be responsible for configuring the SA system and all logic control functions
required by this specification. Refer to this topic in the Functional Requirements clause.

4.4.5 Configuration Software

Configuration software shall enable a password-authorized maintenance engineer to change the
values of a variety of user-defined parameters. These user-defined parameters affect the way the
system software components behave, allowing MEA to tailor system operation to its preferences.
Changes shall be accomplished through procedures that use templates, dialog box prompts, and
pull-down menus. All changes shall be entered into the ChangeLog (one of the system logs). The
clauses that follow describe some of the various areas affected.

4.4.5.1 Operational Parameters for IEC 61850 Information Models

Certain operational parameters, defined in the IEC 61850 information models, control how
communication services behave. The user shall be able to change a selected group of these.
Each change shall be issued as a separate transaction, using IEC 61850 communication services
to update the appropriate Proxy Server View in the Local Repository. The CCU has responsibility

- 109 -
 Page7-SA-110
PM5-0403-WBX
to also install them in the corresponding IED Server View and in any Proxy Client View mapped to
the same information. Refer to Figures 2 and 3.

4.4.5.2 User-Defined Parameters for Individual Software Components

All user-defined parameters for software components shall be handled in a like manner. In each
case, the user shall use the template and procedures to locate the desired parameter and to make
and save the change. Affected software functions include data acquisition, data processing, alarm
management, supervisory control, display management, display generation and maintenance,
programmable logic applications, others.

4.4.5.3 Report Scheduling

Using the same facilities, the user shall be able to schedule reports to run either at a preset time,
or on demand (i.e. via a keyboard entry or a mouse selection). It shall be possible to schedule the
reports to be printed periodically, for example every half an hour, or once a month. Alternatively,
the user may schedule a report to run in response to a specific event.

4.4.5.4 Operator Permissions

Using the same facilities, the authorized maintenance engineer shall also have the capability to
assign and restrict individual operator permissions for access of data, displays, alarm-processing
and system controls.

4.4.6 Display / Report Generation and Editing Software

These software capabilities shall allow a password-authorized maintenance engineer to create,
edit, or delete displays and reports. These shall include text displays and reports, one-line
diagrams, graphic pictures annotated with data and text (e.g. device names, state names), or
combinations. These capabilities shall be provided on Operator Interface [MMI] units. The software
shall provide a user interface, a set of tools, and procedures to support this activity.
Software application and programming skills shall not be required. Wherever possible, the software
shall make use of (1) pop-up dialog boxes to prompt the user for required actions and (2) pull-down
menus to show available choices. Pull-down menus dramatically reduce input errors when
compared with manual entry. They also inform the user about the full range of available choices.
These capabilities shall be very flexible, while maintaining consistency with certain choices made
by the authorized maintenance engineer. Such choices include the selection of icons to represent
different equipment and equipment states, the selection of colors to represent different states, use
of flashing for unacknowledged changes, and so on.
The data in these displays and reports shall be individually linked to components in the IEC 61850-
based Proxy Client Views in the Local Repository. The software shall establish Repository
subscriptions for dynamic data in displays and reports, so that they are updated when the
Repository is updated. Static data can be refreshed on a more infrequent basis. Refer to the clause
titled ‘Browsing to Capture Repository Data Components‘.

4.4.7 DNP3 Protocol Software Implementation

The Contractor’s implementation of DNP3 protocol shall meet or exceed the requirements of “Level
2 DNP3 Implementation” as described in the most recent version of DNP3 Users Group Document.
In addition, the following capabilities shall be implemented in the delivered systems.

- 110 -
 Page7-SA-111
PM5-0403-WBX
4.4.7.1 Binary Command Operation
The SA system shall support Control Relay Output Blocks (Object 12, Variation 1). With special
emphasis: all DNP binary command operations shall be performed via Control Relay Output Blocks
(Object 12, Variation 1). Use of Write (Function Code 2) for this purpose is not permitted.
4.4.7.2 Time Synchronization

‘Delay Measurement’ (Function Code 23) on ‘Time Delay Fine’ (Object 52 Variation 2) shall be
supported for synchronizing SA system time with the SCADA/EMS control center, should the GPS
capability fail.
4.4.7.3 Data Point Configuration

For the DNP protocol, the following shall be configured and modified on a point basis: (1) class, (2)
variation, and (3) point address.
4.4.7.4 Data Class
The SA system shall support the assigning and re-assigning of data objects to classes dynamically
(i.e. during run-time). An assign class (Function code 22) of all class objects shall be supported by
the SA system.
4.4.7.4 Unsolicited Response

Where required for the data in Appendix E, the SA system shall support ‘Unsolicited Response’
(Function Code 130).
The SA system must accept commands from the SCADA/EMS control center in order to enable
and disable unsolicited responses by event class (using object headers with group number 60)
even if the device does not have class 1, 2 or 3 data when the request arrives.
The SA system shall support end-use configuration of at least following parameters:

• Destination address of the master

• Unsolicited response mode (either “ON” or “OFF”)
• Timeout period for unsolicited response confirmation
• Number of unsolicited retries

Regardless of the cause, when the SA system is reset or restarted, all of its points must be
disabled form initiating unsolicited responses. The SA system shall not report unsolicited events
until its points are explicitly enabled by a request from the master, and then only data from the
enabled points are permitted to be included in the response.
When the SA system receives a function code DISABLE_UNSOLICITED request to disable
initiation of unsolicited responses from points identified by the object headers in the request, it
must no longer transmit any data via an unsolicited response for those points. The request also
cancels any pending expectation of confirmation for an unsolicited response that has already been
sent from the outstation, but for which confirmation has not yet been received.
The SA system must not lose or discard event data as a result of receiving the
DISABLE_UNSOLICITED function code; the SA system must report events if they are requested in
a master poll for those points that were disabled from reporting in unsolicited responses.
The response to enable unsolicited and disable unsolicited requests are null responses.

- 111 -
 Page7-SA-112
PM5-0403-WBX
4.4.8 Protocol Analyzer Software
The contractor shall provide test set software for DNP3 protocol and the IEC 61850
communications architecture. The test set software is for testing and monitoring system
communications capabilities, enabling the user to diagnose problems and maintain the system. All
necessary interfaces and facilities (e.g. cables, connectors) shall be provided for use on both
notebook and desktop PC platforms.
The DNP3 protocol analyzer software shall be capable of emulating both master and slave and
supporting DNP Levels 2 and 3. The software shall be capable of listening to both the master and
slave concurrently. Operation over a serial port or Ethernet / IP shall be supported. The software
shall support multiple frame message processing and the full range of objects, variations, function
codes, and application service data units (ASDUs).
In support of the IEC 61850 communications architecture, the analyzer shall include stack and
related communications software that enable the unit to sit on the network and act as an initiating
or receiving network node. The user shall be able to set the network address and data link address
as MAC address, enabling the unit to operate in lieu of a system node taken off-line. The analyzer
shall be able to record and analyze traffic at any of the various stack levels of various nodes in the
same time, particularly at the applications level. Application data shall be appropriately presented
as text and numbers, so that the user can interpret results in a manner consistent with use of the
information models. Similarly, the user shall be able to set up a message with a template and issue
it to another designated node in client-server mode. Alternatively, the analyzer shall be able to
broadcast messages in GOOSE mode. All control block capabilities and communication services
shall be supported.
The protocol analyzer software shall provide dynamic data display during monitoring and
‘simulation mode’ test sessions(e.g Master, Slave). It shall be capable of continuously monitoring
communications without interfering with normal operation. The message data shall be displayed in
a format that can be easily interpreted by the user and also can be displayed in the raw format if
the user request. Selection of number base (e.g. decimal, hexadecimal, octal and binary) shall be
also available. The protocol analyzer software shall allow the user to store all data resulting from
communication tests into memory (e.g. disk, flash) for subsequent analysis.

4.4.9 Demo Software and Literature

Wherever possible, the contractor’s bid shall include demo software and literature for the software
functions described by this technical specification.

4.5 SYSTEM TESTING REQUIREMENTS

System testing shall ensure that the proposed system components and system-at-large are
suitable for continuous service in an electric power substation environment.
If this technical specification fails to identify the required class (i.e. level) of compliance for any
issue of testing, the contractor shall submit a recommendation and request MEA’s approval.

4.5.1 Testing Categories

The following are the specific categories of tests that need to be passed during the course of the
project:
1. Type Testing
Certificates shall be submitted for successful type-testing of proposed equipment for
electromagnetic compatibility, environmental requirements, interface requirements, and
other miscellaneous requirements. These tests are specified by standards IEC 60870-2-

- 112 -
 Page7-SA-113
PM5-0403-WBX
1, IEC 60870-2-2, IEC 61850-3, IEEE C37.1-1994, IEEE C37.90.1-2002, and IEEE
C37.90.2-2004.
Type-testing shall be performed by internationally accredited testing laboratories that are
independent of the bidder and equipment manufacturers. Tests performed by an in-house
laboratory are not acceptable.
All test reports shall be submitted to MEA within 180 (one hundred and eighty) days after
the Effective Date of Contract. The detailed testing facilities and procedures, including
schematic diagrams and photographs, if any, shall also be included.
The type-testing must be performed on the same equipment models and configurations
as proposed for the SA systems.
Refer to the ‘Compatibility Test Criteria (for Type-Testing)’ heading.
2. IEC 61850 Certification
Test certification shall be submitted for all proposed IEDs, configuration tools, and test
tools used to fulfill IEC 61850 communication requirements. The certificates shall confirm
compliance with mandatory aspects of the standard and any non-mandatory aspects
claimed by the manufacturer.
3. DNP3 Certification
A DNP3 Level 2 conformance certificate is required. Beyond that, the contractor shall
demonstrate the successful implementation of additional Level 3 capabilities required for
implementation of the delivered systems.
4. Factory Acceptance Testing
The contractor shall conduct a Factory Acceptance Test that is interactively witnessed
and critiqued by selected MEA personnel and/or MEA’s agent. The test objectives, upon
which a subsequent test plan shall be based, shall be recommended by MEA or its agent,
reviewed by the contractor, and finally approved by MEA. Thereafter, the contractor shall
submit a test plan with supporting procedures for MEA’s approval. These tests shall be
conducted at the contractor’s facilities, before delivery of any portions of the system.
Exceptions must be approved by MEA in writing. The approved test objectives and test
plan shall be included in the Work Statement, following award of contract and adequate
review of the technical proposal.
The test objectives and test plan shall include integration issues (e.g. interfaces),
functional issues, and performance issues. In general, compliance issues shall not be
included where type-testing or other certification has addressed those issues, unless a
reason arises to doubt their validity.
The Factory Acceptance Test shall use sufficient equipment to reasonably represent
actual system behavior at site. Circuit breaker simulators, Doble (or equivalent) PT and
CT simulators, and monitoring equipment shall be included to support visual confirmation
of test results. The contractor shall submit in writing his rationale as to how the proposed,
integrated system test plan and set-up fulfills the test objectives.
MEA, its agent, and the contractor shall note variances as testing proceeds. Descriptions
of these variances shall be entered into a Test Log kept by MEA and shared with the
contractor. The contractor shall respond to each variance in writing, detailing the problem
and the specific, proposed solution. These responses shall be submitted to MEA for
review and approval before the proposed solutions are implemented by the contractor.

- 113 -
 Page7-SA-114
PM5-0403-WBX
5. Site Testing
Site testing shall be performed at each site to ensure the installed and configured system-
at-large and individual components perform as intended. With the problems identified
during the Factory Acceptance Test already resolved, test objectives at this stage shall
focus on verification of complete-system functionality and performance. The test
objectives shall be proposed by MEA or its agent, reviewed by the contractor, approved
by MEA or its agent, and specified in the Work Statement. The contractor shall submit a
site test plan with supporting procedures for MEA’s approval, and this, too, shall be
included in the Work Statement. Both functional and performance testing shall be
included. The successful testing of each aspect of system behavior shall be witnessed by
MEA personnel and/or their agent. Testing at each site shall be concluded with a
successful 100-hour test (i.e. no failures and no discrepancies). The Test Log procedures
used during Factory Acceptance Testing shall be used here as well. Finally, each system
shall be commissioned and placed into service. As part of the contract, the contractor
shall successfully and expediently resolve any problems that arise during the first six
months of station service.
MEA’s failure to detect or recognize a problem during Factory Acceptance Testing, Site Testing, or
at any other time shall not release the contractor from the responsibility of (1) correcting problems
that are eventually recognized or of (2) producing and delivering reliable systems that perform in
the manner intended by these specifications. The contractor shall assist MEA and its agent with
‘tightening’ these technical specifications where necessary.

4.5.2 System Performance Testing Requirements

As mentioned above, Factory Acceptance Testing and Site Testing both involve performance
testing. The working assumption is that the system has already passed the prescribed functional
tests. Performance tests shall determine whether timing specifications are met.
The proposed system shall comply with the performance requirements stated below. In
preparation, the contractor shall present calculations and/or other credible evidence to support his
contention that the integrated system is designed to perform its responsibilities (under all
circumstances) within the timing requirements stated in this technical specification. Processing
speed, memory resources (all applicable types), communications bandwidth, system latencies, and
I/O bandwidth, and avoidance of resource bottlenecks shall be among the factors considered. To
demonstrate this compliance during performance testing, loading on processors, LANs, and
communication interfaces, and other system components shall be simulated for the ultimate
system configuration.
If upgrades to the system are required as the result of performance testing, the contractor shall
bear all costs to replace system components and/or materials and to integrate and test them to
meet the requirements of this technical specification.
The following system activities are postulated for system performance testing. These concurrent
system activities intend to represent composite system behavior during an exceptionally busy
interval of time. The system is expected to run without interruption and to successfully complete all
activities while the test is in progress. Performance testing shall be run for a minimum of five
continuous minutes:
1. The system is processing the ultimate number of status, analog, and counter data, as
determined from point data in the attached appendices for the individual stations to be
delivered.
2. All calculated analog points are processed for the ultimate number of points, whenever
data for the Local Repository is received from IEDs.
3. The system performs historical data processing per the stated requirements and
prescribed frequencies.
- 114 -
 Page7-SA-115
PM5-0403-WBX
4. The system communicates and interacts with the SCADA/EMS control center at the
prescribed polling rates.
5. All hourly and other periodic processing of data functions is performed on schedule.
6. The MMI is logged on and its displays are updated at the required rates.
7. The MMI is in either the Operator or Supervisor Mode. The monitor of the MMI is shows
the station one-line diagram used during Factory Acceptance Testing.
8. Ten (10) new status alarms and four (3) new analog alarms are processed every ten (10)
seconds. The alarms shall be uniformly distributed among different IEDs.
9. At least twenty-five percent (25%) of all analog points being monitored change during any
update cycle and these changed values are processed for updating the Local Repository.
10. Programmable logic applications are executed at rates that are representative of their
functional responsibilities and the system’s expected, typical behavior.
11. The Operator Interface [MMI] keeps its displays up to date within the prescribed update
times and the operator acknowledges outstanding alarms as quickly as possible.

4.5.3 Compatibility Test Criteria (for Type-Testing)

The following tables summarize the Compatibility Test Criteria for equipment delivered under this
technical specification:

Table 7: Environmental, Shock, & Vibration Compatibility Requirements

These test requirements apply to all equipment delivered for the SA system. The
temperature and humidity requirements specify the operating ranges for equipment.
These requirements have been selected using IEC 60870-2-1 and IEEE C37.1 as guides.
They and any referenced base standards shall be used to perform type-testing on the
equipment under test.
Table 8: Insulation Withstand Requirements
These test requirements apply to all wiring and cables entering and exiting equipment
enclosures. For equipment to pass these tests, no equipment damage must occur as a
result of these tests. Tests shall be performed on de-energized equipment.
These requirements have been selected using IEC 60870-2-1, IEC 60870-2-2, IEC
60870-3, IEC 60255-5 and IEEE C37.1 as guides. They and any referenced base
standards shall be used to perform type-testing on the equipment under test.
Table 9: EMC Immunity & Emission Requirements
These test requirements selectively apply to equipment delivered for the SA system. The
table includes columns that indicate which tests are applicable to each type of equipment.
Any equipment not classified as a power unit or as telecom equipment is assigned to the
‘control & signal’ category.
For equipment to pass the immunity tests, no improper operation of the equipment shall
occur while the tests are in progress. Tests shall be performed on energized equipment.
These requirements have been selected using IEC 60870-2-1 and IEEE C37.1 as guides.
They and any referenced base standards shall be used to perform type-testing on the
equipment under test.

- 115 -
 Page7-SA-116
PM5-0403-WBX

Table 7: Environmental, Shock, & Vibration Compatibility Requirements

Equipment Applicability
Severity
Applicable Level or Control DC AC
Test Class Description Standard Class Comments Telecom & Signal Power Power

o o
Climatic Operating temperature IEC 60068-2-2 ---- 0 to 55 C, 20 C/hr, 96 hrs (indoors) x x x x
o o
0 to 70 C, 30 C/hr, 96 hrs (outdoors)
o
Relative humidity IEC 60068-2-3 ---- 40 C, 5 to 95%, 10 days (indoors) x x x x
o
40 C, 0 to 100%, 10 days (outdoors)
o o
---- 25 C to 55 C at 95% RH (indoors); six-cycle test x x x x

Shock & Shock response & IEC 60255-21-2 1 x x x x

Vibration withstand IEC 60068-2-27
IEC 60068-2-29
Mechanical vibration IEC 60255-21-1 1 To be performed on complete assemblies; performance x x x x
IEC 60068-2-6 checks during test.

Table 8: Insulation Withstand Tests (No damage permitted to pass; performed on de-energized equipment)

Equipment Applicability
Severity
Applicable Level or Control DC AC
Test Class Description Standard Class Comments Telecom & Signal Power Power

Dielectric Insulation resistance IEC 60870-3 ---- Insulation resistance to earth > 1 MΩ at x x x x
(Table 7) 500 Vdc

Hi-pot IEC 60060 ---- Inputs with direct connection to items of substation x x x x
equipment: Shall withstand 2kVrms to earth for 60s.
---- Across open relay contact circuits: Shall withstand x x x x
1kVrms to earth for 60s.
Impulse Common-mode IEC 60060 ---- 2kV test voltage (1.2/50us waveform; 0.5J) x x x x

Differential mode IEC 60060 ---- 1kV test voltage (1.2/50us waveform; 0.5J) x x x x

- 116 -
 Page7-SA-117
PM5-0403-WBX
Table 9: EMC Immunity & Emission Tests [2 sheets]
(To pass immunity tests, no improper operation is permitted)

Equipment Applicability
Severity
Applicable Level or Control DC AC
Test Class Description Standard Class Comments Telecom & Signal Power Power

Low Freq Harmonics IEC 61000-4-1 2 x

Disturbance (Test A.1.1)
Immunity
Inter-harmonics IEC 61000-4-1 2 x
(Test A.1.2)
Signaling voltage IEC 61000-4-16 4 x
(Test A.1.3)
Voltage fluctuations IEC 61000-4-11 2 x x
(Test A.1.4) IEC 61000-3-3
Voltage dips & short IEC 61000-4-11 2 x
interruptions
(Test A.1.5) IEC 61000-3-3 2 x

Conducted Voltage & current surges: IEC 61000-4-1 ---- Either the IEC or IEEE test may be performed; x x
Transient & 100/1300us compliance with both is preferred.
High-Freq (Test A.2.1)
Disturbance
Immunity Surge immunity: 1.2/50us IEC 61000-4-5 4 4kV open circuit test voltage / short circuit current x x x
voltage & 8/20us current
(Test A.2.2)
Fast transient bursts IEC 61000-4-4 4 x x x x
(Test A.2.3) or
IEEE C37.90.1 ----
Damped oscillatory IEC 61000-4-12 3 Either the IEC or IEEE test may be performed; x x x x
waves or ---- compliance with both is preferred.
(Test A.2.5) IEEE C37.90.1
Surge immunity: IEC 61000-4-5 4 x
10/700us voltage
(Test A.2.8)

- 117 -
 Page7-SA-118
PM5-0403-WBX
Equipment Applicability
Severity
Applicable Level or Control DC AC
Test Class Description Standard Class Comments Telecom & Signal Power Power

ESD Electrostatic discharges IEC 61000-4-2 3 6kV test voltage for contact discharge tests; 8kV for air x x x x
Immunity (Test A.3.1) discharge tests

Magnetic and Radiated E/M field IEC 61000-4-3 4 Field strength of 10V/m over freq range 80 to 1000MHz x x x x
E/M Field disturbance (Test A.5.1) (80% AM; 1kHz)
Immunity
Power frequency IEC 61000-4-8 5 100 A/m continuous; x x x x
magnetic field 1000 A/m for 3s pulse
(Test A.4.1)
Damped oscillatory IEC 61000-4-10 4 x x x x
magnetic fields
(Test A.4.3)

Other 50Hz interference IEC 61000-4-16 ---- Tests immunity to power freq voltage interference on x x
Immunity control & signal lines.
Tests Common-mode test: 500Vrms for 2s
Differential-mode test: 250Vrms for 2s
DC voltage on control IEC 61000-4-16 ---- x
and signal lines

EMC RF disturbance voltages CISPR 22 A x x

Emissions
RF disturbance currents CISPR 22 A x
Conducted interference CISPR 22 A Freq range: 150kHz to 30MHz x x x x
voltage
Interference field strength CISPR 22 A Freq range: 30MHz to 1000MHz x x x x
Harmonic currents IEC 61000-3-2 ---- Limits for harmonic current emissions in equipment with x
th
rated current < 16A. Measurements up to 40 harmonic.
Voltage fluctuations IEC 61000-3-3 ---- Limits for voltage fluctuations and flicker in equipment x
with low-voltage supply systems with rated current < 16A.
Low freq disturbance CCITT Rec. P.53 ---- Psophometric measurements (DC to 4kHz) x
voltages

- 118 -
 Page7-SA-119
PM5-0403-WBX

5 TRAINING and SYSTEM MOCK-UP

5.1 Training System

At least three months prior to Factory Acceptance Testing, the contractor shall deliver and install a
hands-on training system at a facility specified by MEA. The purposes are three-fold:
1. To provide a means for MEA personnel to become familiar with individual system
components (e.g. wired connections, layout, installation characteristics, configuration,
operational controls, maintenance features, HMI, use of client software, and so on.
2. To provide hands-on reinforcement of training material during the presentation of courses
by the contractor or his suppliers.
3. To provide a means for MEA personnel to become familiar with operation and
maintenance of the integrated system and to validate system operations.
4. To serve as a test-bed for MEA engineering personnel to address operational,
maintenance, or technical issues that affect use of the systems to be delivered.
The initially-provided training system need only provide a representative configuration, having the
same operational characteristics but not necessarily the exact data specified for the delivered
systems. This shall suffice for familiarization and training purposes. As the delivered systems
become better defined, the training system shall be progressively updated to reflect the capabilities
of the systems to be delivered. These improvements will facilitate objectives 3 and 4.
The training system shall include the following equipment:
1. Substation LAN (2 ea) and Ethernet switches: Interconnected with the training system
IEDs via fiber optic cable.
2. GPS connection: All necessary parts to deliver the signal.
3. CCU IEDs (2 ea): One primary and one standby
4. Operator Interface [MMI] IED (1 ea): Terminal Station version
5. TDS IED (1 ea)
6. BCUs, Protection Relays (IEDs): Sufficient modules to support all point types and IEC
61850 Logical Nodes to be used.
These need to be supplemented with simulator panels providing status and counter
inputs; these shall support both manually-initiated inputs and automatic toggling and
counting. CT and PT inputs shall be provided by MEA via a Doble or equivalent test unit.
7. CGW IED (1 ea)
8. Power converters, fusing, and power distribution: As necessary to safely support the
above equipment. To be supplied from conventional 220, 50 Hz wall sockets.
9. Simulator devices for circuit breakers, OLTC controls, reclosers, and any other controlled
equipment: Simulator devices shall provide control and status indicators. Other display
and control panels shall be provided as needed to interpret system behavior. The training
system shall not be connected to any real primary system equipment.
10. ABB Combitest or AREVA or SIEMENS or equivalent test switch blocks for isolation and
testing of Protection relays within the system allow rack space for mounting these.
11. Open relay racks to support 19” rack mounting at convenient heights and trays to support
cable and wiring interconnections.

- 119 -
 Page7-SA-120
PM5-0403-WBX
5.2 Training Courses
The contractor shall recommend a menu of training courses for the purpose of preparing MEA
personnel to configure, operate, program, and maintain the delivered systems. It is understood that
MEA shall have no programming or configuration responsibilities for the systems under contract,
but they may well need these skills after system deliveries.
MEA and the contractor shall come to agreement in the Work Statement regarding which courses
shall be presented prior to the Factory Acceptance Tests, so that MEA has a solid foundation for
witnessing and evaluating the structure and results of tests.

6 Simulation Test Tool and Multifunction Primary Test Set

The contractor shall provide Simulation Test Tool and Multifunction Primary Test Set for Substation
Automation Systems as specified in Appendix F for testing all IEDs (Protection Relays and BCUs)
according to the IEC 61850 communications standard and IEC 60870-5-103 companion standard
for the informative interface protection equipment. Training shall be also provided.

- 120 -