Life-Time Management of Relay Settings: Working Group

539
Life-time Management of Relay Settings
Working Group
B5.31
June 2013
Life-time Management of Relay
Settings
Working Group B5.31
List of contributing WG members
Peter Crossley United Kingdom Convenor

Rannveig S. J. Løken Norway Secretary
Jorge Cardenas Spain Regular
John Fitch United Kingdom Regular
Bryan Gwyn USA Regular
Cord Mempel Austria Regular
Damir Novosel USA Regular
Fernando Gonzalez Argentina Corresponding
Júlio César Marques de Lima Brazil Corresponding
Nuno Costa Martins Portugal Corresponding
Comfort Masike South Africa Corresponding
Pelqim Spahiu United Kingdom Corresponding
Copyright © 2013
“Ownership of a CIGRE publication, whether in paper form or on electronic support only infers right of
use for personal purposes. Unless explicitly agreed by CIGRE in writing, total or partial reproduction of
the publication and/or transfer to a third party is prohibited other than for personal use by CIGRE
Individual Members or for use within CIGRE Collective Member organisations. Circulation on any
intranet or other company network is forbidden for all person. As an exception, CIGRE Collective
Members only are allowed to reproduce the publication.”
Disclaimer notice
“CIGRE gives no warranty or assurance about the contents of this publication, nor does it accept any
responsibility, as to the accuracy or exhaustiveness of the information. All implied warranties and conditions are
excluded to the maximum extent permitted by law”.
ISBN: 978-2-85873-233-3
CIGRE
Study Committee B5
Working Group B5.31
Version 27 –30.10.12
Page 1 / 42
ISBN: 978-2-85873-233-3
WG B5.31 - Life-time Management of Relay Settings
Preface
In 2006, CIGRE Study Committee B5 (Power System Protection and Local Control) instigated
the formation of the Working Group B5.31 to investigate and report on the state of the art as
related to Life-time Management of Relay Settings.
Scope of B5.31 Report

The report addresses the processes and techniques required for the life-cycle management of
the settings associated with protection relays. This includes:
 Information about how utilities manage the settings associated with existing relays
 Evaluation how utilities expect to manage the settings associated with future relays
 Assessment of the setting parameters associated with relays
 Methods used to verify and validate relay settings
 Techniques for the classification and standardisation of settings
 Indication how utilities manage and control the settings associated with protection
schemes
 Suggestions for the best practices associated with the management of settings
 Guidelines for the staff involved in setting management
 Requirements about setting management workflow process
The report was prepared by a working group that consisted of utility engineers, consultants,
designers, application engineers and academics specialising in protection and control.
Page 2 / 42
Table of contents
1 Introduction ...................................................................................................................................... 4
2 Definitions ........................................................................................................................................ 5
3 Protection Settings; past, present and future ..................................................................................... 6
3.1 Electromechanical relays .......................................................................................................... 6
3.2 Analogue “static” relays ........................................................................................................... 6
3.3 1st generation digital relays ....................................................................................................... 7
3.4 Numerical relays ....................................................................................................................... 7
3.5 Intelligent Electronic Devices (IED) ........................................................................................ 8
3.6 Future trends for IED ................................................................................................................ 8
3.7 Settings – past and present ........................................................................................................ 9
4 Generic Process for Managing Settings .......................................................................................... 12
4.1 Initiate change or new setting ................................................................................................. 13
4.2 Scope work ............................................................................................................................. 13
4.3 Review standards .................................................................................................................... 13
4.4 Establish a setting calculation folder ...................................................................................... 13
4.5 Calculate settings .................................................................................................................... 14
4.6 Perform coordination study .................................................................................................... 14
4.7 Calculate commissioning test data .......................................................................................... 14
4.8 Setting data entry .................................................................................................................... 15
4.9 Issue settings for commissioning ............................................................................................ 15
4.10 Perform commissioning tests .................................................................................................. 15
4.11 Record results ......................................................................................................................... 16
4.12 Returning settings to the setting engineer ............................................................................... 16
4.13 Store returned setting folder ................................................................................................... 17
4.14 Compare setting file during maintenance ............................................................................... 17
5 Organisation and people ................................................................................................................. 18
5.1 Skills, experience and knowledge transfer ............................................................................. 18
5.2 Organisational structure .......................................................................................................... 19
5.2.1 In-house protection setting ............................................................................................. 19
5.2.2 Outsourced protection setting ......................................................................................... 19
5.2.3 Partnership arrangements on protection settings ............................................................ 20
5.3 Auditing and accreditation of people ...................................................................................... 20
6 Implementation of setting management .......................................................................................... 21
6.1 Triggers for setting change ..................................................................................................... 21
6.2 Classification of settings ......................................................................................................... 21
6.3 Verification of setting changes ............................................................................................... 23
6.3.1 Verification IED setting record is identical to reference record ..................................... 23
6.3.2 Verification applied settings are effective ...................................................................... 24
6.3.3 Verification applied settings are adequate ...................................................................... 24
6.4 Version control ....................................................................................................................... 25
6.5 Management of multiple setting groups ................................................................................. 26
6.6 Integration of relays of different types ................................................................................... 26
7 Utility examples for process control of setting management .......................................................... 27
7.1 Example from USA (New York State) ................................................................................... 27
7.2 Example from Europe (UK) ................................................................................................... 29
7.2.1 Protection Life Cycle ...................................................................................................... 30
7.3 Example from Brazil .............................................................................................................. 32
8 Cyber security issues ...................................................................................................................... 33
8.1 Main Cyber Security Considerations ...................................................................................... 34
8.2 Standards and Guidelines Overview ....................................................................................... 35
9 Software tools ................................................................................................................................. 36
9.1 Network calculation tools ....................................................................................................... 37
9.2 Relay manufacturers tools ...................................................................................................... 37
9.3 Test Set Supplier Tools........................................................................................................... 38
10 Recommended improvements and emerging developments ....................................................... 39
11 Conclusion .................................................................................................................................. 41
12 References .................................................................................................................................. 42
Page 3 / 42
1 Introduction
This report has been produced by CIGRE B5 Working Group 31 (Life Time Management of
Relay Settings) [1]. The working group has been tasked with identifying the existing utility
processes, practices and the issues faced in managing protection relay settings throughout
the life of the equipment. It also highlights potential issues and recommends solutions for the
techniques and tools needed for protection relays and IEDs in the future.
A generic utility setting management process is described, based on a number of utility

processes, which have been gathered as part of this work. The life time management process
requires that all changes that could affect relay settings are identified, controlled and
validated, to ensure security of the power system is maintained. It is recognised that the
methods and techniques used to manage relay settings vary between utilities and are
particularly influenced by organisational structures, out-sourcing and levels of expertise.
However it is fundamental that the relay settings applied at the relay application are controlled
and identical to those stored and maintained at the central offices.
The report reviews how relay settings can be classified and what may trigger a change or
update to these settings during the relay’s life. It describes the techniques needed to validate
these changes and the tools available to carry this out as an auditable process. This is
becoming increasingly important due to financial penalties which can be imposed on the utility
by regulators and other agencies for non-compliance. The classification of relay settings into
fixed and variable is particularly important as it can reduce the number of settings that need to
be changed by the utility for a particular application. The control of fixed and variable settings
and the use of setting groups are also discussed.
The difficulties associated with managing other setting parameters within the protection relay,
for instance primary system topology, scheme logic or mapping of inputs and outputs, are
also described. These are traditionally fixed at design, but may have settings within the logic
or a degree of application logic configuration, which needs to be managed within an auditable
setting control process.
Finally the potential issues that a utility will face in the life time management of relay settings
are highlighted and the possible tools and techniques that will be needed in the future are
described This particularly relates to the networking of relays over a communication bus,
control of remote access, ensuring adequate security is maintained and considering issues
related to the emergence of new relay types and protection schemes.
During the life time of the protection relay, the overall requirements for the utility are to
develop a quality assurance process which simplifies the setting management process,
minimises the possibility of human error and provides an auditable record of any changes
implemented.
Page 4 / 42
2 Definitions
Configuration setting - Basic setting in a relay that provides the user with the ability to apply
a number of different parameters and operating scenarios to a relay
Coordination study- Determine the protective device settings that will provide selective fault
isolation
Critical Assets - Facilities, systems and equipment which if destroyed, degraded or rendered
unavailable, would affect the reliability or operability of the Power System
Critical Cyber Assets: Cyber assets essential to the reliable operation of Critical Assets, with
access provided using a routable protocol or dial-up connection.
Cyber Assets - Programmable electronic devices and communication networks including
hardware, software and data.
Firmware - Firmware refers to the software containing the protection algorithms delivered by
the manufacturer for the relay.
Firmware version control - Firmware version is linked to a hardware version and the
protection algorithm is dependent on the firmware version. Firmware version is related to
the algorithm installed in the relay and consequently the manufacturer may need to
change it, to correct errors or add features, but it cannot be changed by the user.
Functional setting - Setting that relates the functions incorporated in the relay with the
protection needs of the primary plant being protected.
Intelligent Electronic Device (IED) - Term used in the electric power industry to describe
microprocessor-based devices for protection and control.
Setting program – A computer program that allows access to the internal setting parameters
in the IED. The program may work offline or online when connected with the IED.
Marshalling - Collection, organisation and addressing of the information needed in the IED to
perform the necessary protection and control functions.
Parameters - Numerical or verbal descriptions that enable users to set the protection and
control functions according to the calculated settings. In IEDs these are often accessed via
setting programs. In electronic or electromechanical relays the parameters are often
accessed via bridges, variable resistors, plugs, thumbwheels etc.
Protection relay - A unit used to protect a part of the power system from the effect of a fault
or abnormal condition. This report refer to the broad term of protection devices including
electromechanical, electronic (static), and microprocessor based (IED) relay types.
Setting - Refers to a list of parameters defining the function of the protection. In IEDs the
algorithms in the firmware are not changed by the setting.
Setting group - Represents a group of settings with a specific set of values related to one
protection application. One protection relay can have multiple setting groups, but only one
setting group can be activated at any one time.
Page 5 / 42
3 Protection Settings; past, present and future
The evolution from electromechanical to numerical relays has dramatically increased the
number of protection settings and changed the scope of the term “protection settings”. Since
these changes have had a huge impact on the management of settings, Chapter 3 takes a
closer look at these developments.
3.1 Electromechanical relays
Electromechanical relays are normally single function relays and complex functions are
realised by interconnecting multiple relays. Each relay has a limited number of settings and all
of these are functional settings, such as delay time and pick-up value. The function of each
output contact is fixed and a relay offers few or only one configuration option; changing the
configuration normally requires modification of the internal or external wiring. Implementation
of complex protection functions is achieved by interconnecting, using hard-wiring, different
relays, each providing different sub-functions (e.g. connections between a starter relay and
trip relay, connections to timers or to an auto-reclosure relay). Therefore, relay and protection
configurations are documented in the wiring diagrams. In addition, to ensure long-term
precision and accuracy, settings need to be regularly adjusted at the relay. This task is referred
to as calibration.
Figure 3-1: Electromechanical Relay; intervention points for relay settings identified in the circuit diagram.
3.2 Analogue “static” relays
Static relays convert the relevant quantities (voltage or current) into analogue voltages and
use electronic comparators and amplifiers to process the signals. Parameters are typically
entered by plugs (change of electrical connection) or by variable resistors. There are
additional signalling or display options (LEDs, annunciation relays), but the number and use
of parameters do not significantly differ from what was available with protection schemes
implemented using electromechanical relays.
Complex relay functions are realised by various modules. Such modules are assigned to a
certain function. Parameterisation (user control) is function oriented, and often performed on
an individual module. Relay configuration is documented in the wiring diagrams. To ensure
precision and cope with age or temperature related drifting of component values, relay
settings need to be regularly adjusted and this involves calibrating the relay.
Page 6 / 42
Figure 3-2: Functional module of a static relay; setting is done with a plug (1 parameter, 4 values)
3.3 1st generation digital relays

st
In a 1 generation digital relay the input values are sampled and all the protection algorithms
are implemented within a microprocessor. Settings can be entered at the relay via a keypad,
either directly or via a local control device; although later relays allowed setting transfer
to/from a computer. This type of relay usually has a greater number of functional parameters
than a static relay, and some additional (auxiliary) protection functions are added. Often,
different logical signals can be routed to the output contacts using a matrix connectivity
interface. This ensures the relay configuration can be changed without modifying the electrical
wiring and consequently the operating configuration is not fully documented in the wiring
diagrams.
3.4 Numerical relays
From a relay settings perspective, numerical relays from the late 1990’s were characterised
by a significant increase in the number of functional settings, the integration of additional
functions within the relay and the use of settings for functions not directly related to protection.
Figure 3-3: Sample for presentation of settings on PC
Page 7 / 42
3.5 Intelligent Electronic Devices (IED)
Enhanced functionality of a protection and control device (IED) leads to an increased number
of setting parameters and the use of flexible products based on a manufacturers own
common hardware platform, with different software or firmware modules activated.
To support the use of a single IED for different applications, some manufacturers display
parameters several times or provide different views on the parameters. As an example
consider a distance protection, where all settings relevant for one zone form a natural group.
Therefore the zone trip time parameter is assigned to the zone settings. However, for
protection coordination it is desirable to have the trip time of all zones available together. In
addition, many suppliers provide user definable functions (logic diagrams) that cannot be
easily documented in typical setting formats; for example, see Figure 3.4.
CB
GENERATOR
TURBINE
Figure 3-4: Tripping logic (partial) for a generator IED
3.6 Future trends for IED
The use of the IEC 61850 standard, changes the role of the communications between an IED
and the SCADA systems and between similar and different IEDs. The standard describes two
general kinds of communication. The first is client-server communication with TCP/IP (e.g. a
SCADA-system client and a relay server) and is used for non time critical applications such as
reporting and control. The second is real time communication between IEDs utilising GOOSE
(Generic Object Oriented Substation Event) using Ethernet. The IEC 61850 can also be used
for the "process bus (Sampled Values according to IEC 61850-9-2). When these new features
are applied, all the analogue and status information, from the CTs, PTs, CBs, disconnectors
etc, are supplied via the merging units and the Ethernet link to the IEDs. The signals are
processed by the IEDs and the appropriate control responses returned to the merging units
that control the switchgear.
Substation Network (Bay Level Process Bus)
CB
CT
B
PT
CB
Figure 3-5: IED communication with GOOSE and sampled values
Page 8 / 42
Since IEC 61850 describes the engineering process for a whole substation, and not just a
single IED, these parameters describe a system. More than just defining a set of services and
communication protocols, IEC 61850 also specifies a common, vendor independent
engineering concept. The concept uses configuration information in a standardised file format
(Substation Configuration Language (SCL) IEC 61850-6 as explained in
Figure 3-6).
The setting management process may become even more complicated because in IEC
61850 more settings will be in software than hardware, the engineering will become more
closely integrated with the protection setting process, and the software files will need version
management.
A system specification tool specifies (optionally) the single line diagram of the station and the
required logical nodes in a file with the extension System Specification Description (SSD).
The knowledge of the capabilities of the used IEDs in a substation is necessary for the
"system configurator", a tool that sets up the configuration of the communication set-up of the
SAS. These capabilities are described in the ICD-files (IED Capability Description). The
output of the system configurator is the Substation Configuration Description (SCD). This file
provides information regarding all the IEDs; they can be set up with CID files (Configured IED
Description). Nevertheless the SCD-file is the base for setting up the test sets and is essential
for testing in a substation.
Edition 2 of the IEC 61850 standard will provide further file types (*.iid and *.sed) for detailed
descriptions of relay capability, functions enabled and system data exchange.
Figure 3-6: Engineering process with IEC 61850
3.7 Settings – past and present
The evolution of numerical protection has not only increased the number of setting
parameters, but the scope of the settings. While a manufacturer of an early digital relay
clearly segregates between "settings" and "marshalling/configuration", more recent relays
now subsume configuration and marshalling under the term relay settings in their software.
Page 9 / 42
Figure 3-7: Relay settings now include functional, configuration and marshalling settings
In the latest IEDs "relay settings" includes all modifications that can be done by the user
without modifying any of the electrical connections to the IED. Accordingly, IED connection
drawings provide significantly less information. This trend may continue in the future with the
broader application of the IEC 61850 standard.
The introduction of the process bus to the secondary systems in a substation will create the
possibility of a totally digitalised substation protection, control and measurement system. This
requires an interface which converts the necessary information from primary devices such as
circuit breakers, switches, current transformers, voltage transformers, into digital format
signals and sends the digital signal to the process bus for communication to higher level IEDs
which use the data for protection, control and measurement processes. An IED will
communicate with the process bus interface, referred to as a merging unit, without direct
cable connection with the primary equipment or voltage and current transducers.
Page 10 / 42
Link to Field Units
CT-/VT selection
CT- data
VT- data
Assignment of the physical

CT / VT to a virtual device
Digital Input configuration
Digital Output configuration
Figure 3-8: Example of a Process Bus Configuration; information contained in IED settings file.
The files according to IEC 61850-6 may contain protection parameters stored in the IED-
section of the different file types. Since these parameters are optional and currently do not
cover all the possible settings of an IED, additional information is necessary.
Page 11 / 42
4 Generic Process for Managing Settings
Some utilities outsource the engineering and setting calculations to an external contractor,
whilst others perform the entire process in house. This generic process covers both scenarios
as well as partial outsourcing. Some utilities are organised functionally and others are
organised on a process basis. This generic process can be used regardless of company
structure or whether individual parts are outsourced. However, handover of information must
be clearly defined by the responsible person or department with defined roles and
responsibilities for contracting organisations, individuals and/or consultants. An example of
this is when engineering and field commissioning are performed in separate parts of the same
organisation. The engineering department will pass the settings over to the field department
and then track that the correct settings are commissioned in the relay. The responsible
person in the engineering department must then confirm that the settings issued are identical
to the settings installed in the relay.
Figure 4.1 illustrates a generic process that can be applied for managing the settings over the
life of a protection device or scheme. The steps of the process have been taken from utility
practices used in the countries represented in the Working Group B5.31 [2].
Standars
Internal& Setting
External Guides&
Type tests Templates
Initiate Establish
Change Scope Review Setting Calculate
or new Work Standards Q Calculation Settings
setting (4.2) (4.3) Folder (4.5)
(4.1) (4.4)
Issue
Perform Calculate Setting
Settings
Coordination Commissioning Data
Q Q For
Study Test data Entry
Commissioning
(4.6) (4.7) (4.8)
(4.9)
Returning Compare
Perform Store
Record Settings to Setting
Commissioning Returned
Q Results Setting File during
Tests Setting Folder
(4.11) Engineer Maintenance
(4.10) (4.13)
(4.12) (4.14)
Quality
check,
Q
approval &
feedback
Figure 4-1: Generic Process for Managing Lifetime of Settings
Page 12 / 42
4.1 Initiate change or new setting
The reasons for installing a new setting or modifying a setting are detailed in section 6.1.
4.2 Scope work
It is essential to create a scope document that describes the settings that need to be changed
or the new settings that need to be developed. The scope should be developed with the
participation of all the stakeholders associated with the work that needs to be done, and will
normally include asset managers, field personnel and protection engineers. The scope should
be finalised and approved by an authority such as the manager of the protection engineering
department. Scope changes should be made with agreement of the stake holders and the
scope document should be re-approved. The protection engineer and the rest of the project
team then have a clear set of instructions of what needs to be done. The scope should be
kept in the project file for future reference.
4.3 Review standards
The protection engineer should have a competent knowledge of all company standards,
methods and practices relevant to the particular application. This is particularly important not
only to the protection engineers directly employed by the utility, but also those employed by
external contractors when the work is outsourced. In addition, external standards may need to
be considered, especially those related to regulatory bodies and national standards.
An example of this process could be the installation of a new feeder being terminated at an
existing station. A utility may have its own distance protection standard or standard bay
solution and the engineer needs to understand the standards and apply them as published,
unless there are agreed reasons to deviate. The standard may include application guidance
notes and standard settings that need to be applied. Regulatory standards may also need to
be applied, for example the North American Reliability Standard on “Loadability”.
At this point the standards and approach used by the engineer to calculate the settings needs
to be checked by a senior engineer or manager to ensure the correct approach was taken.
This is also applicable to contractors who calculate the settings on behalf of a utility. This is
part of a Quality Assurance process that should be established to make sure the settings are
calculated in accordance with company practices and to help mitigate the risk of errors or
oversights being made during the setting process. Errors and oversights should be recorded
so they can be reviewed and used for process improvement and training needs.
4.4 Establish a setting calculation folder
Establishing a folder containing scope, setting calculations, settings, notes, references and
other useful information is essential for future reference if the setting needs to be changed, or
if there is a mal-operation and the calculations need to be reviewed. There are many methods
for doing this, including document management systems, simple folders on a server, and
paper files if hand calculations have been done.
The use of setting guides either from the utility, international institutions such as the IEEE or
the manufacturers setting guidance should all be referenced and the results kept in the folder.
Some utilities use setting templates either based on spreadsheets or math software, and
these should also be kept in the setting calculation folder.
A process is needed to manage the project settings files (see 6.3 and 6.4), and a responsible
engineer is required to keep track of all setting files and work alongside the setting calculation
engineer. All changes of settings can be updated once the assigned engineer obtains the
approved setting calculation folder from the protection setting engineer.
Page 13 / 42
4.5 Calculate settings
Some utilities use templates for calculating settings, which helps provide consistency and
efficiency, but carries the risk of engineers blindly entering data into a spreadsheet and just
accepting the output. Adequate training, knowledge and competency must be established by
engineers before they use templates, to ensure they recognise an erroneous result caused by
incorrect assumptions or bad system data.
All calculations must be recorded in the setting calculation folder for future reference. At this
stage computer models used for establishing correct settings and coordination studies need
to be updated with the calculated settings and primary system data. If properly managed, the
databases of these models can be used for recording a summary of the settings. The priority
is to mitigate the risk of data being incorrectly entered or invalid primary system changes
being used. It is essential a responsible person needs to control and authorise any updates to
the model.
4.6 Perform coordination study
The Coordination Study is one of the most important steps in the setting calculation process;
it is essential the protection operates correctly, in accordance with expected policies on
dependability and security.
Coordination studies are normally performed using simulators and computer models, which
must provide an accurate representation of the real primary and secondary system and the
individual items of plant. In addition, when performing a coordination study it is essential that
a standard set of scenarios are considered to ensure consistency with other studies. All of the
results should be recorded and stored in the setting calculation folder.
At this point a quality check is recommended in the form of a peer review. This is a useful
exercise, especially if a challenge session is scheduled and several peers review the setting
calculations and the results obtained by the protection engineer. Generally, inadequate time
will be available to completely re-calculate the settings, so pertinent questions should be
asked to challenge the engineer’s results and the coordination study. For example - was the
mutual coupling of the adjacent lines taken into account, are the zone reaches correct, was a
weak-end in-feed scenario calculated etc. A record should be taken at the challenge session
of good questions and oversights, so that the challenge session guidance document can be
updated and the information used in future challenge sessions. The feedback from the
sessions can also be used for process improvement and to identify the training needs of the
protection engineer. These sessions are also useful as a training exercise for less
experienced engineers who need to learn good practice from their more experienced
colleagues. When this has been completed, an approval process should be established to
formally sign off the settings as complete and read. For future reference purposes, the setting
output documents should also include a record of those involved in the settings process.
4.7 Calculate commissioning test data
Setting changes or new settings applied within a relay should be evaluated using a
commissioning test designed to provide assurance that the settings have been entered
correctly and the protection will perform as expected. Computerised test equipment can
produce a large number of tests automatically and store the results. The type of tests and
their range need to be established for a particular application and if necessary a set of
secondary values calculated. Commissioning test guidance notes should also be produced to
ensure consistency between different protection engineers and to list the types of tests
needed for a particular application. The commissioning test data should be stored in the
setting calculation folder and be formally issued with the settings.
Page 14 / 42
4.8 Setting data entry
Once the setting calculations have been completed the setting values can be entered into the
manufacturers setting software for an IED or numerical relay. For electromechanical relays a
setting sheet will need to be completed and used to transmit the information to the field
commissioning engineer. For an IED consideration must be given to version control and
compatibility of relay firmware and the manufacturer’s setting program, refer to chapter 6.4.
Engineers calculating the settings and the commissioning engineer’s who install the settings,
should all be using the same hardware, firmware and software version, otherwise problems
arise when downloading the settings.
Consideration should also be given to developing methods for transferring settings calculated
using computer software (such as spreadsheets and math software) directly into the
electronic setting file produced by the manufacturer’s software. This reduces the risk of typing
errors when transferring settings into the setting software. IEDs are versatile and have
hundreds of settings, most of which are not used for a general application. The use of setting
templates should be considered to reduce the risk of unused functions being mistakenly
activated or set incorrectly. Some IEDs have this function, if not the required setting should be
clearly stated in the guidance document.
For electromechanical relays a setting sheet needs to be produced to transmit all the settings
to the commissioning engineer in the field. Templates should be used to ensure the
information being transmitted is consistent and is entered correctly on to the relay. A
protection scheme implemented using electromechanical relays has fewer settings than an
equivalent IED and is therefore less prone to settings being enabled or set by mistake.
However care should be taken when entering the settings on the setting sheet to avoid typing
errors. To prevent this, consideration should be given to transferring the output of the
computer based software setting calculation programme directly to a setting sheet.
4.9 Issue settings for commissioning
The process of issuing settings for commissioning is different for an electromechanical relay
as compared to an IED. With an electromechanical relay a setting engineer will normally issue
a paper copy of the setting file for the relay. This could be issued via a fax, an e-mail
attachment, post or by hand. For an IED the setting engineer will normally electronically issue
a setting calculation folder to the commissioning engineer. The folder contains several files
including a setting file. The setting file can then be transferred to the IED, via the
communication port, using the specific manufacturer tool.
The utility needs to have a policy on how setting change requests are handled during
installation and commissioning. There needs to be a clear authorised process on the types
and scope of changes allowed and how these are validated and recorded.
If a setting problem is observed during commissioning, the commissioning engineer may be

able to immediately correct the setting and report the new setting to the setting engineer, or
obtain authorisation before the revised setting change can be implemented.
4.10 Perform commissioning tests
Commissioning guidance documentation should be used to ensure consistency, especially if

this process is outsourced. If witnessing or Factory Acceptance Testing is being performed
then the tests being witnessed need to be recorded and signed off. These documents should
then be stored in the Setting Calculation Folder.
The commissioning test plan should provide a clear programme of what needs to be tested
and also may include additional test specifications and at what stage each test is required.
Utilities normally develop a detailed test programme (or test sheets) that defines each test
and how it should be executed.
Page 15 / 42
Commissioning tests should validate all the functions used in the given protection scheme. If
doubts emerge about the validity of the settings installed during commissioning, it may be
necessary to review the commissioning tests pending clarification of the settings and/or the
test procedure. The outcome of the review might result in changing one or more settings,
modifying the test plan, disabling functions or requesting support from the setting engineers or
relay manufacturer. If the problem is very serious and no obvious solutions are available, the
only option may be to suspend commissioning.
Changing a setting to allow a commissioning test to be performed should, if at all possible, be

avoided, since this increases the risk of an incorrect setting or a test setting being left active in
the relay by mistake. If it is necessary to change the settings when commissioning a relay,
then the use of setting groups should be considered, so that the original settings can be
preserved as a group. An example of this would be to use a commissioning group for testing
over-current backup protection functions, whilst keeping the original setting group unchanged.
Any errors observed during commissioning should be recorded and resolved, as part of the
Quality Assurance procedure, and if possible reported to the setting engineer before the
setting changes are applied. They can then be reviewed for process improvement and
training needs.
4.11 Record results
The results of the commissioning test should be recorded in the setting calculation folder for
future reference. The results are also useful as a benchmark for future comparison, especially
during maintenance tests.
It is important that close correlation exists between a test and a setting and that the complete
commissioning test confirms that all relevant settings are validated. If setting changes are
required during commissioning it is necessary to document which tests were performed
before the setting change and which after the change. In addition it is important to evaluate
the impact of the setting change on functions previously tested and if necessary repeat part or
all the tests previously performed.
4.12 Returning settings to the setting engineer
It is important that after commissioning, the setting engineer is assured that the issued
settings are exactly the same as the settings that are loaded and stored in the relay. The
concern is that mistakes can be made and an old version of the settings can be inadvertently
loaded into the relay, or a commissioning engineer has made an unauthorised change to the
settings stored in a relay in the field.
Once the commissioning process has been completed, the setting file should be downloaded
from the relay or manually recorded on a setting sheet. The setting file should then be
returned to the setting engineer, who is required to check the settings are identical to those
issued. If changes are required during commissioning, the setting engineer should issue a
new setting file or setting sheet including all the correct settings and increment the setting
version number.
For audit purposes, the commissioning engineer should demonstrate that the tests have been
completed satisfactorily and the setting file returned to the setting engineer. The
commissioning engineer normally achieves this by signing the setting sheet (physically or
electronically) once the commissioning process has been completed. The setting engineer
should also sign the setting sheet confirming that the returned setting file from the
commissioning engineer is identical to the final version issued.
A system should be developed to track the transfer of the setting file between the setting
engineer and the commissioning engineer. The system is especially important if this involves
multiple hand-offs, for example if the setting engineer hands the setting file to the
commissioning department manager, who later assigns it to a commissioning engineer.
Page 16 / 42
Tracking is necessary to ensure the settings stored in the relay can be verified and are
identical to those issued. A naming convention is normally used to ensure each setting file
has a unique identity and to avoid mix ups with other setting files used in other relays.
4.13 Store returned setting folder
The setting sheets and files, test and commissioning records should ideally be stored together
in the setting calculation folder and kept in a controlled and secure location with an archive
and backup facility which can be easily accessed by authorised personnel. Figure 4-2 shows
an example of a corporate network data repository.
Corporate Network
Assert Relay Vendor

Management Applications
Engineers
Field Personnel
Centralized
Test Equipment Relay Settings
Application
Security Layer
Operations &
planning
Engineering
Documents &Simulation
Applications
Other Users
Figure 4-2 Corporate Network Data Repository [3]
4.14 Compare setting file during maintenance
When the protection scheme undergoes its periodic maintenance the setting file in the IED
should be compared with the stored setting file. Any differences need to be reported and
investigated. Firmware versions of the IED should be kept on file and during maintenance
compared with the firmware in the IED. Firmware version control is discussed in section 6.2.
Figure 4-3: Example of a report comparing two Setting files: In red the new settings
Page 17 / 42
5 Organisation and people
5.1 Skills, experience and knowledge transfer
Protection engineers and technicians should have appropriate engineering skills with an
emphasis on electrical power engineering, although knowledge of communication and IT
systems is also required. This provides the basic knowledge that is a prerequisite for
understanding the principles and techniques of power system protection. However, recently
recruited protection engineers and technicians will need further training and experience
before they can be expected or allowed to work unsupervised in the field of protection.
Normally this would be expected to take several years, but the process never ends since
there are always new challenges, particularly with the introduction of new systems and
technology.
Protection activities in a utility are organised around the knowledge and experience of a
protection specialist, or ideally a community of protection engineers either within the
company, or extending out to product suppliers and external consultants. The process of
updating knowledge includes the use of written procedures, personal supervision, coaching
and mentoring. The priority is to ensure the protection community works together during the
different phases in the life of a protection relay or scheme.
Engineers and technicians new to the protection field should start with simple protection
applications and be closely supervised by experienced members of staff who will advise and
check their work. This should be supplemented by a structured training program based on the
different products used by the utility, the protection principles, the applications, and the
utilities policies and operating practices. The training program also requires knowledge
transfer from experienced engineers, supplemented by practical experience. The working
group recommends that a utility has a modularised training program adapted to the
experience of the person to be trained.
In addition to this, timely and relevant setting related training on specific protection related
products, including setting tools, setting calculation programmes, functional parameter
requirements, communication protocols and relay design and configuration information. Prior
to the introduction of new devices into the utility a more in-depth training program will be
required to educate the utility staff on the application and management of the new device.
An important part of the knowledge transfer process is accomplished by working on protection

projects. This will start with setting simple protection schemes or less critical applications and
will help the engineer gain experience and confidence in the application of the setting
management process. As experience develops they will be able to take on the greater
responsibility of setting more sophisticated protection schemes or more complicated
protection functions, as for example distance protection. During this period, it is important that
the work is checked by experienced protection staff to ensure accuracy and validity, and to
provide positive feedback to improve knowledge and understanding. Involvement in
investigations into protection mal-operations and power system scenario studies will further
increase knowledge, understanding and experience.
Operational experience and setting best practices should be captured and disseminated back
into the organisation that owns, manages and/or operates the protection, since this will help
eliminate similar errors and improve overall knowledge. In addition, every utility should
encourage continual development and involvement in an extended protection community,
which can be trusted for discussion, support, problem analysis, technological development
and the sharing of best practice.
To help prevent problems in the future, a utility needs to consider succession management of
experienced technical staff; it is crucial experience and knowledge is captured for the future.
Page 18 / 42
5.2 Organisational structure
This section identifies the impact and risks of different organisational structures and working
arrangements, this is necessary to ensure the level of competency associated with managing
relay settings is sufficient. Organisational structures can range from complete in-house design
using dedicated own staff, through partnership arrangements, to fully outsourced or turnkey
projects. The different elements that can be outsourced are listed in the table below
Activities Description
Protection concept Protection options, principle of coordination
Protection Selection of relays, plant interfacing, drawings, cubicle arrangement,
engineering accessories
Setting calculations Individual parameter settings based on network parameters and
simulations; requires accurate data about primary equipment &
instrument transformers
Protection relay Transfer of settings to a manufacturers tool and to the relay; necessary
parameterisation to verify successful transfer
Commissioning Test and verification at site of protection settings
Maintenance Periodic test, revalidation of settings following network changes
5.2.1 In-house protection setting

In-house calculation and management of protection settings requires the utility to have
sufficient well trained people to meet their current and near-future setting related needs. To
ensure this is achievable the utility must be committed to the development and training of the
next generation of protection engineers.
A utilities protection group must be able to collaborate with their own power system designers
and maintenance or commissioning teams and be able to identify protection application and
setting problems. An important aspect of this approach is that the utility has knowledge of
historical protection mal-operations or problems and this knowledge is taken into account
when considering future setting changes. The utility is responsible for the settings over the
lifetime of the power network or system. The utility needs to have the capacity to calculate
and verify the main activities associated with protection settings, this requires knowledge of
the protection systems, the network topology and any special system configurations. The
utility must also have sufficient manpower and experience to solve the setting problem
created by an emergency; although it must be recognised that for an extreme event, access
to external expertise might be required.
One of the risks associated with complete dependence on in-house expertise is that in-depth
knowledge for all protection products is difficult to capture and retain. Well trained specialist
staff is required to both calculate and utilise protection settings. The concern is that a
specialist will leave the utility and less experienced people have to solve the protection
problems for which they are not fully trained. One of the difficulties for the utility is how to
maintain a protection team with the skills to handle all aspects of their setting activities on
both classical and emerging protection systems.
5.2.2 Outsourced protection setting

Outsourcing is an arrangement in which an external company provides protection setting
services for a utility. Many utilities are considering outsourcing as a part of their operational
efficiency improvements or as a method of gaining access to specialists who are not available
in the company. Outsourcing can range from specialist support to the use of external
companies who perform most of the protection activities required by the utility.
The benefits of outsourcing are that expert and in-depth knowledge is available on individual
products and protection systems, and best practise is available from other utilities. In addition
large multinational consultants or manufacturers have access to a wider resource base.
Page 19 / 42
An advantage of outsourcing from the perspective of the utility is that the manpower
requirements of the utility are reduced; although the utility still needs to provide a detailed
specification for the work subcontracted to its outsourced partners.
Some of the risks associated with outsourcing are: lack of understanding of utility practise;
inadequate expertise during emergencies; loss of experience in the utility; dependence on
external companies, which might close or relocate in the future; loss of local skill and
knowledge base; poor contract performance; difficulties of preparing an adequate
specification for the outsourcing partners; future difficulties in managing external suppliers
and specifying the contracts; problems associated with becoming an uninformed buyer;
challenges in controlling quality. However, high levels of quality assurance can help mitigate
these risks.
Other disadvantages are that the utility will need to spend more time with the consultants to
train their staff and verify that the utility standards are understood and followed. The utility will
also be dependent on the vendor and their response time. The main focus of the utility will be
quality checking of the work and updating of technical specifications.
5.2.3 Partnership arrangements on protection settings

Many utilities provide support for their protection setting activities using a partnership between
their own in-house experts and the resources of external organisations. The level of
involvement of utility personnel in these activities depends on the type and size of the utility,
the regulatory framework and the internal policies of the utility and the owners. An example is
a privately owned utility who decides it is preferable to subcontract all or most of the setting
activities to an external company. However, this might be perceived as a risk and many
utilities may decide to maintain core activities in-house, perhaps only using external
companies for certain routine activities or specific activities for which the company lacks skills
or people. It is difficult to quantify the extent to which setting related activities can be
subcontracted, although most utility engineers want to maintain some in-house expertise.
5.3 Auditing and accreditation of people
Many utilities require that setting engineers must satisfy various accreditation tests before
they are allowed to work on specific setting tasks. It is essential that accreditation focuses on
the experience and knowledge needed for the different steps in the setting management
process. Depending on the tasks, responsibilities and competencies required, accreditation
may contain knowledge of power system primary equipment, power systems, short circuit
analysis, devices used to protect the power system, basic understanding of dynamic power
system behaviour, general protection philosophy, relay coordination and system modelling.
On a regular basis, the people involved with protection settings should be audited. The
purpose is to provide confidence in the standard of settings undertaken across the whole
utility, across geographic areas and type of projects and to correct any deviations that the
audit reveals. The audit can include a process quality audit and a settings accuracy audit; the
people involved in the audit are normally the design manager, project manager, setting
engineer and commissioning engineer. They will define an audit program for all types of
project and report the findings in an audit report.
Page 20 / 42
6 Implementation of setting management
This section focuses on the techniques used in the generic process, i.e. triggers for setting
change, classification of settings, verification of setting changes, version control, management
of multiple setting groups and the integration of different types of relays and protection
schemes.
6.1 Triggers for setting change
It has been identified that various triggers may require the relay settings to be reviewed and
updated:
 Asset replacement: relay replaced as part of an asset replacement program due to

obsolescence, type faults, inadequate vendor support, limited functionality or unreliability.
 New connections: settings need to be changed if a new load or generator is connected
to an existing network node, which might impact on the settings of downstream relays.
 Primary plant changes: replacement of an item of plant or network re-configuration;
includes connection of new plant onto an existing circuit node or the use of a spare bay.
 Transmission line reconductoring: any changes in the transmission line parameters
will affect the reach of distance relays.
 Temporary system changes: a transmission line may be temporarily reconfigured
during a construction project, such as a temporary bypass, diversion or line tee.
 Neighbouring utility: if a neighbour changes the configuration of an interconnector; i.e.
adds a new station on an interconnecting line or upgrades an existing substation.
 Secondary systems changes: because of renovation or the use of new circuits, a new
or modified protection scheme may be required and this can affect existing relays on
adjacent circuits.
 Failure: a relay fails in service and is replaced by a spare or an equivalent relay.
 Mal-operations: if a relay fails to operate on an “in-zone” fault or operates when not
appropriate, the mal-operation must be reviewed and the applied settings re-validated.
 Changes to communications: relay settings might need to be adapted to cope with new
interface and communication parameters.
 Setting reviews: as part of an assurance process, settings are reviewed after a long
period of inactivity; if the settings are no longer adequate they may need to be changed.
 Change of reliability requirements: the importance of a particular circuit may become
more critical, which affects protection reliability and may require setting changes.
 Manufacture recommendation or alert: settings may need to be changed due to
advised firmware upgrades, i.e. it may be necessary to resolve problems that have
manifested elsewhere.
 Externally mandated changes: change initiated by a regulatory authority e.g. after the
2003 blackouts the North American Electric Reliability Corporation mandated that relays
must remain stable during extreme emergency loading conditions.
6.2 Classification of settings
IEDs require the specification of a large number of user defined parameters. To achieve this
IED manufacturers provide facilities for the classification, categorisation, grouping and sorting
of the parameters; normally these cannot be changed by the user. Such a classification might
be: relay configuration, power system data, protection relay functions (per function), control
functions (e.g. local plant control, interlocking, logical functions), other functions (e.g. self
supervision, fault recording), assignment of input / output contacts (or equivalent
communication signals) and user defined functions and logic; see Figure 6-1.
Figure 6-1
Page 21 / 42
Relay configuration
Selectable Logic Sequence Communication Selection Power System Measurement
Relay Function Selection
Miscellaneous
Output/Input configuration
Figure 6-1: Example of manufacturer setting classification
An important feature is how the settings are organised in an IED; in general these are
structured in accordance with the philosophy of the manufacturer. The relationship between
settings and network electrical parameters is often difficult to understand and in future it will
become important to emphasise that settings must be closely related with the network
parameters in a way that is transparent to the user. The proposed classification is not
intended to change the grouping provided by a manufacturer, but rather to give setting
parameters additional "tags" according to different criteria. The main purpose of tagging is to
facilitate the verification of settings, simplify and standardise the processes implemented for
setting generation and setting changes.
Suitable criteria are:

 Settings fixed for a certain IED type; some settings can be standardised within the
company and are fixed for all IEDs (e.g. nominal frequency, fault record settings, and
functions never used).
 Settings fixed for specific applications; these settings are standardised according to
protection philosophy and are fixed for selected applications (fixed settings could be:
voltage level, maximum number of auto-reclosure attempts, shape and direction of
distance zones). Note: many utilities type test distance relays before they are used in the
network, this type test determines which parameters can be fixed and which have to be
calculated and changed.
 Settings individually derived for a specific installation; for these settings the
calculation procedures could be fixed, the values however are individual for each relay
(e.g. nameplate data of instrument transformers, line data, zone reach settings and time
delays).
Page 22 / 42
Additional suitable criteria for classification of settings could include:

 Revision of settings during commissioning (e.g. CB delay time, communication delay
time of line differential relays, reverse power protection settings for generator protection).
 Unused settings (e.g. setting to disable unused functions).
 Settings with reference to a calculation sheet or primary equipment data.
 Changing settings due to specific operating states (e.g. cold load pickup, use of
setting groups).
 Settings defined in standards (e.g. IEC 61850).
 Settings that require specific attention or a review (e.g. problems caused by drifting of
components in electromechanical or static relays).
 Settings belonging to substation control systems (e.g. bay control functions, voltage
selection).
Manufacturers often provide setting file templates that simplify configuration and
commissioning of IEDs that protect similar assets (typically > 90% of settings are identical).
Templates allow engineers to configure and test these common settings, they can then be
locked and will not be available to users. These locked down settings can be marked (gray-
scaled) or hidden from view (see Figure 6-2). The remaining settings can be specified as
editable and available to users (e.g. protection element pickup values, CT and VT ratios).
Settings displayed to the user
A setting template defines the

accessibility of the individual settings
Figure 6-2: Settings templates
6.3 Verification of setting changes
The generic process in section 4 illustrates how the settings applied to an IED are verified.
This is necessary to prove the IED setting record is identical to the reference record and the
settings applied are effective and adequate for the application.
6.3.1 Verification IED setting record is identical to reference record

The generic process defines that the setting folder (issued by the setting engineer) is the
reference used to store the IED settings record. The settings in the actual IED must be
identical to those stored in the reference record; ensuring this is true, is a challenge for many
utilities. Uncertainty about the validity of the reference settings can affect the security of the
power system. There are many procedures to ensure the reference settings are identical to
those in the IED. These procedures vary for each utility and are influenced by the format of
the setting record, the tools used for verification and the utility organisational structure.
Page 23 / 42
If the format of the setting record is identical to the format expected by the proprietary relay
operating software, then the comparison between the reference settings and the IED settings
can be performed directly. This verifies a file has been correctly transferred and no additional
setting changes have occurred. After commissioning, the comparison verifies that the setting
changes found during commissioning have been correctly entered into the reference file. The
comparison is easy to perform and includes all the settings applied to the IED.
For many applications the setting record has a different format to that used in the IED
operating software. Consequently, verification against such a setting record is more difficult.
Possible solutions involve using spread-sheet tools like Excel or special verification software
that allow relevant settings (characteristics) to be displayed in a format independent of the
IED supplier software (RIO, XRIO). This is only applied to the relevant settings, i.e. those that
are classified as dependent on the application, e.g. zone settings for distance protection.
6.3.2 Verification applied settings are effective

Verification that the settings are effective is achieved by testing the IED. As a minimum, the
functions that were affected by a setting change have to be tested. To reduce the risk of
unwanted side effects, it is common practice to also check the most important functions (e.g.
test once per impedance zone and at important pickup values).
Modern test sets provide support for such purposes, which might include using import filters
for the setting files. For example, a test equipment manufacturer might provide an option to
import and convert a manufacturer’s settings file into a format suitable for test purposes. This
ensures the characteristics can be visualised (e.g. distance zones), allowing easier manual
checks. Furthermore, automatic test procedures can be defined that adapt to the settings
(e.g. start values for a pick-up test) and provide automatic assessment of the test results.
Such tests can be compared with the IED setting file or against the reference file. However,
this does not access all the parameters, but only those considered important.
6.3.3 Verification applied settings are adequate

To confirm the applied settings are adequate for a particular application the operating
behaviour is analysed for a set of realistic test cases. These tests are designed to confirm that
the IED behaves correctly under selected fault conditions. Network calculation programmes
often provide tools for such simulations. The test cases can be saved as Comtrade files and
replayed using a test set. Many test sets also provide built in simulation tools for modelling the
effect of faults on small network models.
Figure 6-3: Verification that applied settings fit for the relay application
Page 24 / 42
6.4 Version control
Electro-mechanical relays do not include firmware, software or programmable logic; they were
built around fixed hardware and interface wiring using mechanical timers, relays and contacts.
The settings are applied by adjusting the operating mechanisms. The wiring between the
relays used within the protection scheme is fixed and can only be modified via new diagrams
and engineering re-wiring.
IEDs are built using standard hardware platforms which includes microcomputers and
input/output/communication interfaces. The firmware which is fixed by the manufacturer
provides the protection functions required by the user. Programmable logic is normally used
to enable the functions and integrate them into the required protection scheme. This is
achieved with a logic configuration tool. The utility requirements for a particular protection
scheme are then defined by the settings applied to the IED. This is often implemented using a
PC based setting program, which allows modification of the settings. The settings can also be
modified using a front panel man-machine- interface (MMI) on the IED.
Strict management and quality control is required to ensure the combination of the hardware
version, firmware version, scheme logic, settings files and setting program are compatible and
correct for the scheme. It is essential that it can be modified in a controlled way to cope with
changing protection and network requirements. This generally means that a utility
standardises on one version of the IED, which is extensively tested and all necessary support
documents generated.
During the lifetime of the IED, a manufacturer will bring out new versions and it might be
necessary to update devices installed on-site. This might involve changing the IED version,
i.e. modifying the firmware, programmable logic, configuration tool, settings file, settings tool
and/or the hardware. In general, the new version will consist of a combination of these, and
the exact modifications will depend on what was necessary to fix a problem or improve the
performance of the IED. Upgrades are usually resisted by the utility as it is preferable to
maintain one version of the IED across the utility population. In addition to the management
and maintenance problems created by upgrades, there is also the impact of the disruption
caused in visiting the sites to perform the upgrade. In some cases the upgrade is essential to
mitigate a problem related to protection performance.
If a new hardware version or a firmware upgrade is required then some utilities require
selected testing of the new IED version to confirm functionality and performance. The output
will be new test results and the associated test and support documentation. The aim of these
tests is to prove that the IED with its settings and functionality will operate as required. If new
settings files are required to match the new firmware, these should normally be tested.
Once the utility is satisfied with the performance of the IED and all necessary documentation
has been produced, the firmware is deployed at site either under circuit outage or protection
depletion conditions. Method statements and test schedules are produced to manage the
risks of installing new firmware on already commissioned protection. Before installing the
firmware the IED outputs (including any communication trip outputs) should be isolated from
the system to prevent spurious operations during the upgrade.
After upgrading the firmware, the new setting file must be loaded into the IED. Limited testing
should then be carried out to prove the new firmware and its setting file are operating
correctly and all required protection functions are operational. Finally the IED can be put back
into service and the setting files and test records returned to the central offices. Furthermore,
with an IED the settings include the configuration structure and the functional interconnection
that have traditionally been handled by hardwiring. It is necessary to manage these changes,
which requires adequate documentation and control.
Page 25 / 42
6.5 Management of multiple setting groups
Multiple setting groups are normally available in IEDs and when required the utility can
activate this function and switch between the setting groups. This can be done via binary
inputs, or via a communication link. The utilities can use multiple setting groups to deal with
changes in the system parameters or protection requirements; this improves the flexibility of
the protection. Ideally during onsite commissioning or maintenance, all the setting groups
should be adequately tested.
An example is the use of three setting groups for distance protection. Setting group 1 is the
normal setting. Setting group 2 is for emergency or non-standard primary circuit
configurations and provides high speed clearance for faults located anywhere on the
protected line. When the busbar protection is out of service, setting group 3 is used to
provide protection for local busbar faults. Multiple setting groups can also be used during
commissioning or maintenance testing to verify the operating performance of an individual
element by disabling other elements. However, multiple setting groups carries the risk that an
incorrect setting group is activated, resulting in the wrong settings being applied to the IED.
Preventive actions that secure the correct use of multiple setting groups are important. This
could for example be documented guidelines included in the IED setting sheet. For an IED
with multiple setting groups, the setting engineer should pay special attention to whether a
change in a setting is valid for one or multiple setting groups and must fully document this in
the setting folder.
6.6 Integration of relays of different types
Protection engineers are often concerned about the difficulties in grading an IED with an
st
electromechanical, static or 1 generation microprocessor relay. This is particular true if they
are from different manufacturers, although different generations of relays from the same
manufacturer may struggle to grade properly under all possible operating conditions. An
example of this could be the protection scheme for a radial feeder that involves different
generations of time-graded overcurrent relays particularly when the faults are intermittent or
the waveforms are distorted.
Another area of concern is the use of different types of distance relay within a protection
scheme. For example if one relay is a classical MHO relay and the other is a IED with a
polygon characteristic the behaviour during a resistive earth fault need to be considered
carefully. Many utilities would decide to change the MHO relay to an IED to avoid grading
problems; although experience shows this is not always the case.
When using IEDs from different manufacturers it is important to ensure that the philosophy of
the protection functions are coordinated, this is necessary to avoid interference that could
cause an incorrect operation. An example is single pole tripping for distance protection, where
after the initial single pole trip and reclosure attempt, one of the IEDs enables the three pole
trip function after the initial trip signal was sent by the protection, whereas a different IED
activates this function after the breaker opens.
As utilities operate relays and IEDs from different manufacturers, the control of the settings
and their performance presents challenges that have not yet been adequately solved. In
order to facilitate the setting management, some common settings needs to be defined in all
the manufacturer documentation according to a standard where the definition of functions and
terms are independent of the manufacturer; for example ABC, LIL2L3 or RST for phase
identification.
Page 26 / 42
7 Utility examples for process control of setting

management
7.1 Example from USA (New York State)
A US utility has formalised the setting management procedure in accordance with the
following flow chart, see Figure 7.1. The protection engineering team first reviews each
individual setting associated with the setting file for a specific relay. If changes are required
the team formulates new settings, which are then created, checked and validated, prior to
being loaded into a new setting file, stored within the secure protection data base.
If manufacturer specific software is available, this is used to create the revised setting file,
which in this example is stored in a secure NY shared drive. The “Aspen relational data base
(RDB)” is used to create a summary sheet, also stored with the setting file. The “jumpers” and
“output contacts” associated with the relay wiring diagram are also added to the summary
sheet. The manufacturer’s file is then linked to the Aspen RDB.
If manufacturer specific software is not available (or if the utility has specifically decided not to
use it) then the setting template available in Aspen RDB is used to create the new settings
which are then added to the setting file. Information about the output contacts are included as
a heading at the start of the setting file. Finally the complete relay specific, setting file is saved
using Aspen RDB.
The quality control QQC4 process, then confirms that the proposed settings have been stored
in Aspen RDB with the appropriate revision code and date. The protection engineer,
responsible for finalising the new setting file, completes the protection management quality
control form, loads it into the quality control tracking folder of the NY shared drive and waits
for final approval. The quality control form must abide by the utilities naming convention, i.e.
“work order number station number.doc”. Next, the protection engineer, requests that a
reviewer checks the setting file and confirms the relay settings and the protection philosophy
are correct for the particular relay and application. When the review has been completed, and
assuming no changes are required, the protection engineer informs the protection
engineering manager that the review is complete and requests that the quality control form is
approved. If at any stage changes are required, the process returns to the start and all the
checks, reviews, modifications, requests and approvals are repeated. Note: - If an associate
engineer has undertaken the modifications to the setting file, a copy of the approval email
from the protection engineering manager will be sent to the responsible senior engineer.
When required the new or edited setting file is sent to the protection liaison engineer,
employed by the contractor to install the new settings in the relay, or the relay supervisor, who
manages the engineers/technicians who will download the settings into the relay. The file is
normally sent by email or printed and sent by Fax. To reduce the risk of communication
failures, the liaison engineer or relay supervisor are phoned or emailed and asked to confirm
that the new setting file has been received.
If errors are found in the setting file that needs to be downloaded to the relay, field personnel
or the liaison contractor will be asked to upload the setting file from the relay. This file is then
sent to the protection engineering team who will then review and re-issue the new setting file.
If the setting file is considered correct and no errors are detected, the “final” setting file is
obtained from the field personnel or the liaison contractor and sent to the protection
engineering team. In addition to the soft copy stored in the database, a hard copy is normally
stored for future reference. If necessary the Aspen RDB and the NY shared drive are updated
using the final setting file.
Page 27 / 42
Protection Engineering NY-

Relay Issuing Flow Chart
Sub-transmission
engineering and design
Regional field Engineering
Power Delivery /Relay Protection Engineering Capital related
Customers (IPP’s, NUGS) review/create relay setting Projects
(POLETOPS SEE PAGE 7 FOR

DETAILS)
Manufacture’s
software available No manufacture software
o Use manufacture's software to create relay o Use setting template in Aspen RDB to
setting create relay setting
o Save file on the NY shared drive o Label Output contacts on the heading
o Use Aspen RDB to create a Summary of setting file
Sheet. o Save setting file in Aspen RDB
o Label jumpers and Ouput contacts to
Summary Sheet
o “Link” the manufacture's file to Aspen RDB
QC4
QC4 Process
QC4
Send setting to contractor liaison or Proposed & revised settings
relay supervisor via: are stored in ASPEN RDB.
o email
or Protection Engineer completes Quality Control form and
o print setting to relay lab remotely asks for approval; follow naming convention for the Quality
Control form:- “Work order number _ Station name.doc”
Protection Engineer then requests a reviewer to ensure that

relay settings and protection philosophy are correct
Inform relay supervisor that setting is

ready via email or phone Protection Engineer informs Manager once review is
complete
Protection Engineering Manager will approve the Quality

Errors found No errors Control form
Request field personnel/ o Obtain a copy of final setting from

contractor liaison to download field personnel/contractor liaison
setting directly from relay (if o Evaluate changes (if any)
possible) and send back to o Maintain a hard copy for record
Protection Engineering. o Update Aspen RDB / NY Shared
drive (if needed)
Protection Engineering
review and re-issue
setting
Figure 7.1 Procedure for relay setting from USA
Page 28 / 42
7.2 Example from Europe (UK)
A utility in Europe has developed a procedure for life time management of protection settings
starting from equipment initial evaluation and assessment through to de-commissioning. The
steps are shown in figure 7.2 with three discrete phases and a number of steps including
product assessment (type registration), protection scheme design, protection setting
calculations and configuration, factory acceptance tests, scheme implementation and site
acceptance tests, commissioning, post commissioning support and de-commissioning.
a) Settings Guidance Document

Type Registration Process containing all fixed settings and
guidance on the power system
dependant settings calculations
Equipment Assessment (Settings File ‘’X’’).This is the
1 (Function & Performance)
paper or electronic file that
contains blank circuit
specific/power system settings).
b) Standard application diagram.
Project
Protection scheme design and a) Circuit specific power system
complete protection settings in settings document (modification
accordance with Utility of the Settings File “X”’ to include
Protection Policy and these settings. Settings File ‘’X’’
2 Business Procedures. This becomes ‘’XY’’ and this is loaded
includes the output from in to the target relay.
step1. b) Circuit specific application diag.
Settings and configuration file are

3 Factory Acceptance Tests entered into the utility settings
(FAT) using output from step 2 database, after successful FAT
completion.
Scheme Implementation and
Site Acceptance Tests (SAT)
4 & off load commissioning tests
Final Settings and Configuration (as

they are on the relay) are recorded
On load commissioning tests.
5 into the settings database.
Support Any changes to the in service relay settings

6 Post Commissioning Support are entered (recorded) in the settings
database. Changes that may have to be
implemented to the in service relay settings
7 De-commissioning are detailed in section 7.2.1 c.
Figure 7.2 Procedure for life time management of protection setting from Europe
Page 29 / 42
7.2.1 Protection Life Cycle
The protection life cycle is described by means of a flowchart, Figure 7.3. All activities related
to settings and configuration are highlighted using ‘’boxes’’ in bold. The flowchart is
reinforced by the text below which provides some additional explanation.
a) Scheme Sanction, Application and Delivery

As part of the development of a scheme, the network design group will consider the protection
requirements prior to the project being sanctioned. They will identify, at the earliest
opportunity, where there are new requirements that could mean changes to protection
equipment or if the system development proposed requires new, revised or enhanced
protection functionality. Provision and assessment of a new or updated protection solution will
always commence once the scheme has been sanctioned. Assessment (called type
registration by the utility) of an updated or new protection solution will require assessment
against the relevant technical specifications. This process is then planned to be delivered
within the project programme timescales.
b) Build and Test

The contracted supplier (called solution provider by the utility) builds the protection solution.
As part of the assessment process a validation plan is provided by the supplier with agreed
programme milestones. The validation plan will include Factory Acceptance Tests (FAT) and
Site Acceptance Tests (SAT). During the build and test phase, defects (test results not as
expected) and non-compliances to the technical requirements may be identified. These may
require changes to the pre-agreed configuration and/or settings and/or changes to the
functionality. Following the on site installation of the new protection solution, SAT is
performed. These tests are mainly focused on the validation of interfaces, i.e. where
protection is connected with the plant and the rest of the already installed secondary system.
After completion of SAT, off load and on load commissioning is carried out.
c) Post Commissioning Support

For new systems, the protection devices are normally supported either by the utility
maintenance staff or more often a support service contract with the original project company
or original equipment supplier. During the lifetime of a protection device, there may be a need
to update the configuration, firmware or hardware. In such cases, a nominated assessment
engineer in the utility is notified and carries out a review of the documentation provided by the
supplier, which details the changes together with the supporting test evidence. Depending on
the nature of the change, a further check of compliance against the technical specifications
may be required. Following completion of this process, roll out and deployment is managed,
through an agreed business process, to upgrade or replace the affected protection relays.
In addition, there are also occasions where changes may need to be made to in service relay
settings. The following are examples:
i) Request from the system operator to modify a relay setting either temporarily or
permanently for operational security reasons.
ii) When a busbar protection scheme is taken out of service (e.g. due to failure of a
central unit) the settings on the relays (distance and backup) protecting the circuits connected
to the unprotected busbars are changed to provide acceptable protection for the busbars.
iii) At the request of a supplier to update the settings on the equipment. This could, for
example, occur on a current differential protection setting, following changes to the
telecommunication system characteristics affecting channel delay characteristics.
iv) Following a connection of new distribution circuit and if the settings of the overcurrent
and earth fault protections on the new circuit are higher than the other outgoing circuits, then
the backup protection settings need to be changed.
v) Following an incident investigation, if a relay setting was found to be the cause.
vi) Settings and configuration changes to the busbar protection central unit to bring on
line an additional bus bar protection bay unit, for a new primary circuit.
Page 30 / 42
Figure 2 - Life cycle of Numeric Protection flowchart with activities related to protection settings/
configuration highlighted using ''boxes'' in bold
Scheme
Sanctioned
Produce enquiry Post Commissioning Support

document and
assess returns
Is Protection Existing
and does Setting Yes
needs changing due to Post Delivery Protection upgrade
Primary Circuit/ plant Support Agreement Management
Is proposed scheme with the Supplier
solution Yes
Type Registered upgrade due to
EMI process
primary circuit/ setting
No No Routine plant change
Fault Progression Maintenance modifications (see
(may not be section
needed for 3.3)
numeric O&T/ES
Reject Tender protection) changes
New Protection required
can be applied in
No Defect Reporting
line with the Type
using reporting
Registration and
system
Manufacturers
Is change No
Identify documentation
required
requirements from urgently
Sanctioned Scheme
Progression of Type
Yes Faults Yes
Manufacturer
Re-register/Test/Install
Informs of
modified hardware/
changes to
firmware/software/
Hardware,
Will the Type setting (configuration)
sofware,
Registration be as appropriate
No Yes Initiate Work firmware or
completed within
(Place Contract)
1 settings
Project timescales (configuration)
Asset - see section
Health 3.3
Management of Review
Contract (includes Process
Type Registration Type Registration Yes
Deliverables; settings Process with Support Agreement?
deliverables)
document etc
2 No Change requirement
stored for
incorporation into
Enter settings in programmed light
to the settings current work
Build Solution and
database and then perform Factory
make available Acceptance Tests
FAT results
3 Arrange setting change with field
staff
Install Protection on site, download/enter settings and

Make available Site configuration received from the settings database and perform
Acceptance results Site Acceptance Tests - Off Load commissioning,
Confirm the settings and On Laoad commissioning.

configuration from the commissioned
protection match the settings within
the settings database. 4
Figure 7.3 Life cycle of numerical protection flowchart with activities related to protection
settings, configuration highlighted using boxes in bold, from Europe
Page 31 / 42
7.3 Example from Brazil
Brazilian utilities have developed a database for the lifetime management of protection
settings. The database includes multiple management tools, each of which performs a
specific activity, in accordance with utility practice, referred to as “Phoenix”. Together, they
ensure the setting file, as stored in the office, is identical to the settings within the relay.
Phoenix provide operational and maintenance support and is designed to help engineering
and maintenance crews solve questions related to protection settings. The system was
developed to ensure the validity of the setting information stored in the database. The
identifier used to describe the particular type of equipment and its location within the network
must be unique. Phoenix serves all users and is accessible from all sites in the company. It is
integrated with other corporate systems and data from previous systems are included.
The control and back-up of the database servers and the web security control are centralized.
The maintenance crew are responsible for inputting the data downloaded to the relay.
However, validation is performed by a senior engineer. Each change in the stored data is
registered with a unique user-identification, and different users have privileges given by
administrators or senior engineers. The system is based on the standard procedures of the
company. Any changes emanate from operations engineering, and the person responsible
must be authorized to undertake these changes.
Phoenix requires all setting changes to be controlled by “Settings Orders” and these emanate
from the protection engineers. After the Setting Order is implemented in the relay, Phoenix
requires the technician who undertook this task to formally “respond” to the Setting Order.
This requires the registering of any changes made to an electromechanical or static relays, or
for a digital relay, the downloading of the actual setting file from the relay.
Figure 7.4 illustrates the system architecture that integrates the operation and maintenance
databases and introduces the procedures used to manage the settings.
Figure 7.4: Phoenix Architecture
To mitigate the possibilities of errors, the following rules apply: the user responsible for data
management must be a specialist; standardisation must include the equipment description
(e.g. models, settings & identification numbers); the data tables must support the system (e.g.
rated voltages, manufacturer & installation location); and the users must be formally
approved.
Page 32 / 42
8 Cyber security issues
The widespread use of communications for remotely accessing IEDs increases the possibility
of a malicious attack on the electrical infrastructure. Historically, electromechanical and static
relays did not include a communication interface and consequently there were no means to
access and modify these devices remotely. Any changes, including removing protection from
service, required staff to be physically present within the station.
With the introduction of IEDs, there is an increasing demand to provide communication

access to ensure information can be transferred to/from SCADA applications and non-
operational data can be captured for fault and system disturbance analysis. Remote access if
incorrectly provisioned and secured, may present a channel for malicious or unintentional
disruptions to the power system.
Therefore it is recommended that utilities implement a security discipline that includes the
following processes [4]: reviewing and analyzing current and evolving cyber security
standards; using an appropriate methodology to assess risk to the system; maintaining high
corporate awareness of possible cyber threat; establishing and maintaining a well
documented security frameworks model; deploying and maintaining security technologies that
map to logical security domains. In this chapter the cyber security issues related to setting
management are discussed.
NERC CIP Cyber Security Standards – Determination of

Critical Assets/Critical Cyber Assets
Bulk Electric Inputs – List of: generation resources;
The Process
System Assets
substations; control centers & backup
control centers; etc
Filtering - Risk Based Assessment
Critical
Output - List of Critical Assets
Assets
Cyber
Assets Inputs – Cyber assets supporting
Critical Assets
Filtering - Essential to operation of

critical asset
and meet CIP 002 R3
Critical
Cyber Output - List of Critical Cyber Assets
Assets
Figure 8.1 Process for determining a Critical Cyber Asset,

Note: critical assets are defined according to NERC CIP standards
Where IEDs are controlling assets that are essential for reliable operation of the transmission
system there are a number of issues that need to be considered. The setting management
controls that need to be put in place to mitigate cyber threats should include; a company
cyber security policy, access control to the IEDs, restrictions for inappropriate changing of
settings, personnel awareness and training, electronic security perimeters (such as firewalls),
management of IP-ports and services on relays, electronic access controls (such as control
room entry), and appropriate disposal of out of service relays.
Page 33 / 42
In addition to the control of physical and cyber access, utilities require: a strong password
policy; secure means to remotely access IEDs; testing of the security impact associated with
changing IED’s; configuration change control; annual vulnerability assessments; and the
reporting of cyber security incidents.
8.1 Main Cyber Security Considerations
In the realm of cyber security, it is often common to refer to “Defence-in Depth”. The best way
to describe this, is to relate it to the zones of protection commonly used in the Power System.
Due to concerns about cyber security most utilities do not allow remote access to protection
relay settings, either for reading or changing settings because of the risk of uncontrolled
changes and external access. Where remote access is allowed, a full risk assessment and
consideration of the cyber security threats are recommended. However, remote access and
communication services need to be correctly provisioned and secured in accordance with
normal business and operational security processes. The priority is to ensure the security of
the power system cannot be compromised. A typical utility network with different electronic
security domains is shown in Figure 8.2.
Figure 8.2 Example of Logical Security Domains [4]
Page 34 / 42
8.2 Standards and Guidelines Overview
There are a number of standards, both officially published and in draft, that deal with the issue
of security of electronic assets considered critical to the safe and reliable operation of bulk
electricity systems. There are also a number of key industry working groups addressing
issues related to cyber security for electric utilities. Active working groups at the time of writing
this report are listed below.
 The North American Electrical Reliability Corporation (NERC), the electric utilities, and
suppliers to the electric utility industry, have recognised the possibility of “cyber” attacks
on the electrical grid. NERC has established the Critical Infrastructure Protection
Committee (CIPC) to address the challenges of cyber security. Eight NERC standards
have been issued governing the protection of cyber assets. Six of these have been
identified as directly affecting relay setting management, as listed in table 8.1.
CIP Standard Scope
Critical Cyber
CIP-002 Identification & enumeration of critical cyber assets
Assets
Security
CIP – 003 Management Information Protection, access control, change control
Controls
Personnel authorised to access Critical Cyber Assets must be
Personnel &
CIP-004 trained on security policy, have a criminal background check and
Training
personnel risk assessment
Electronic Controlling electronic access to Critical Cyber Assets such as

CIP – 005
Security remotely accessing settings
Controlling access to Critical Cyber Assets regarding accessing

CIP – 006 Physical Security
the relay at the substation
Incident
CIP-008 Identification, classification and reporting of Cyber attacks
Reporting
Table 8.1 NERC standards that affect the management of relay settings
 IEEE /PES Power System Relay Committee Working Group C1 has published a report
covering issues related to cyber security for protection relay with electronic
communication access.
 The Power System Relaying Committee Working Group C3 has published a report -
Processes, Issues, Trends and Quality Control of Relay Settings [5] that addresses
issues related to the developing, checking, application, and maintenance of relay settings.
 The IEEE Subcommittee Working Group C1 is currently finalising Standard P1686 for
Substation IED Cyber Security Standards.
 The IEEE (PSCC) Security Assessment Subcommittee [6] is developing methods for
utilities to assess information security risks.
 IEC Technical Committee (TC) 57 IEC TC57 WG15 has been commissioned to
recommend standardised security enhancements to other TC57 WGs.
 CIGRE Working Group D2.22 [4] has discussed information security for electric power
utilities.
Page 35 / 42
9 Software tools
The purpose of this chapter is to give a general overview of software tools, highlight basic
requirements and provide examples.
A wide range of software tools are available to support the management of protection relays.
Many tools were not originally designed for setting management purposes and consequently
only support some of the process steps. These process steps, typically supported by different
kinds of tools are shown in
Figure 9-1.
Initiate Change
or new setting
Scope Work
Review Standards
Customer data bases & commercial databases
Establish Setting
Network calculation tools
Calculation Folder
Calculate Settings
Relay manufacturer tools
Perform Coordination
Study
Calculate Commissioning
Test data
Test set manufacturer tools
Setting Data Entry
Issue Settings
for Commissioning
Perform Commissioning
Tests
Record Results
Returning Settings to
Setting Engineer
Store Returned Folder
Compare Setting File

during Maintenance
Figure 9-1: Tool support for the different process steps of relay setting management
Utility specific or commercially available tools that address the setting management process
are available. These are typically database tools which provide guidance through the whole
process, manage the user roles, the access rights and data management (including
archiving). However, for specific tasks such as network calculation, setting transfer to and
from the relay, and test management, other tools are required.
Network calculation tools are essential to derive the load and short circuit fault data, and
support the calculation of the relay settings. Manufacturer designed tools are required to
download/upload relay settings between computer and relay. They typically also support the
Page 36 / 42
process steps and the management and archiving of settings. However they are limited to the
relays of a specific manufacturer of a relay family.
With the introduction of IEC61850, additional settings describing the substation structure and
the communication links between relays and other IEDs are required (e.g. SCD-file, SSD-file).
Management of these settings is supported by relay manufacturer designed tools and by third
party products.
In order to support test automation and to ensure traceability of test results tools designed by
test set manufacturer provide features which are helpful for relay setting management.
Real time network simulation tools are mainly used for acceptance testing of protection
relays, but fault recordings from typical test cases could be used for commissioning and
maintenance testing. Such tools are also used to verify that a relay is suitable for a specific
application.
Existing utility application rules and processes often based on paper and file systems provide
guidance through the setting management process and complement the different software
tools.
At a generic level, the procedures used by utilities are defined in accordance with the tool that
is used to control the settings. Many utilities do not have specific or corporate tools to control
setting information, the communication of settings orders and information about the
implementation of the calculated settings.
Some utilities have developed specific or corporate tools to control the settings information
and all steps that involve the setting process. This include sending the settings and
configurations of the protection equipments to the maintenance team and the return and
validation of the information, after it has been implemented in the field.
9.1 Network calculation tools
Network calculation involves the use of transmission planning and engineering tools. They are
mainly used for load flow calculation, and the calculation of short circuit currents. The
maximum load currents and the short circuit currents are important inputs for calculating
protection settings. These tools need topological data and important asset parameters. Often
these tools include protection relay models, and are used to provide support for relay
coordination (time grading) and also allow transient stability studies and the simulation of
realistic network events and faults.
9.2 Relay manufacturers tools
Setting programs are designed to perform the following functions: transfer of settings between
relay and computer, comparison of relay and database setting file, increased visibility and
interpretation of settings, access control including password protection and enhanced
traceability.
A traceability feature allows the user to quickly determine if the settings in a relay have been
changed since a settings file was installed. When a settings file is transferred to a relay, the
date, time, and serial number of the relay are sent back to the setting software and added to
the settings file. This information can be compared with the actual values in the relay at any
future date. This detects if security has been compromised. The transfer date of a setting file
written to a relay is logged in the relay and can be viewed via software or on the front panel
display. Similar, the transfer date of a setting file saved to a local PC is logged in the software
used for setting; comparing the dates stored in the relay with the settings file indicates if
changes have been made to the relay since the settings file was saved.
Page 37 / 42
9.3 Test Set Supplier Tools
To verify the relay settings are effective and correct the relay must be adequately tested.
Many test set now require access to the relay setting to implement a test program.
The test results of a distance relay, illustrated using its operating characteristic are show in
Figure 9-2. Most test supplier visualise the relay characteristic supplied by the relay
manufacturer. They do not have access to the internal operation structure of the relay.
Figure 9-2: Display of test shot results together with the relay characteristic
In the 1990’s the RIO format was introduced as an open interface for test sets. This ensures
settings used in most numerical relays can be exported to the test set which reduces the time
test the relay on-site and ensures correct relay data is used by the tester.
The XRIO file format (eXtended RIO) uses an xml structure and allows mapping to a setting
structure according to IEC 61850.
Page 38 / 42
10 Recommended improvements and emerging developments
Protection technology and utility communication systems are experiencing major change. The
speed of change will increase as power system networks are updated to cope with asset
replacement, system enhancements, new generation connections, competitive markets,
removal of systems access restrictions, regulatory targets and a stronger environmental
focus. The main issue for this report is how the relay setting process will cope with change. It
is essential a utility implements a quality procedure, based on a generic process that uses a
structured approach to the management of settings. The setting engineer checks the setting
configuration file, and determines if the settings are right for the application. The updating of
the settings must be checked, documented and any changes securely stored.
An area of concern is the need for firmware updates. It is recommended that the firmware is
only changed if the existing firmware might result in a problem for the utility. Setting
management is easier if you have fewer settings to change; therefore it is recommended that
most of the settings required by a particular utility are fixed in advance by the manufacturer.
As protection relays become more complex and more information is required, there will be a
greater demand for information management systems (IMS). This will involve more advanced
software systems operating within the IMS database.
The impact of communications on the management of settings will become significant, as the
business and operational demands for facilities to remotely manage settings and relay
information files are implemented. However, considerable concerns exist about cyber security
and the impact of using remote methods to interrogate or change setting parameters.
Utilities have traditionally managed the settings in an incremental manner; however, settings
management procedures will need to be extensively changed to take full advantage of the
IEC61850 standards. To achieve this, new tools will need to be developed to allow seamless
transfer and control of new language and database files. Settings management procedures
based on IEC 61850 systems are starting to incorporate methods to take full advantage of the
standard. Certain facilities are provided within the standard regarding change control and
identification, and the use of Substation Communication Language (SCL) files offers
opportunities to automate the process. These new facilities enable more reliable processes to
maintain “as operating” documentation, rather than “as built” documentation, in a single file.
As the SCL files take over the drawing and database records, this will create new
opportunities to interrogate the files and include time stamps of changes, identification of
devices including vendor serial number and firmware version.
The Substation Configuration Description (SCD) file means the protection and control settings
must be capable of being accessed by various stakeholder groups including those
responsible for the primary assets, secondary systems, control, condition monitoring and
maintenance. This access must be managed in terms of sequence of making changes and
authorisation to view or change the file.
A substation constructed in accordance with the IEC 61850 standard adds a new dimension
to protection and control; the substation communication network now extends to the primary
plant in terms of operational commands, measurement signals and condition monitoring data.
The setting file must therefore incorporate a range of new devices in order to maintain the
integrity of the complete Substation Automation System (SAS).
IEC 61850 will have the following effect on protection and setting management: more settings
will be in software than hardware; engineering will become more closely integrated with the
protection setting process; software files will need version management; and to make their
management more efficient and less susceptible to errors, advanced software tools are
needed.
Page 39 / 42
If a utility use the 61850 process bus, the protection settings extend into the merging units,
which provides the interface between the primary plant and the protection devices. In this
situation the merging units have relatively few settings as compared to a protection relay.
Consequently it will be easier to upgrade a live system or change a protection device because
the only interface between the merging unit and the protection is the fibre optical
communication link. One of the reasons for this is that the lifetime of the next generation of
protection might be less than existing relays, and it is expected the life of a merging unit will
be significantly longer.
Page 40 / 42
11 Conclusion
A generic approach to the systems, procedures and guidelines for the life-time management
of protection settings was described in the report. The emphasis has been on the need to
provide adequate tools and processes to control the type and amount of information that can
be accessed by engineers/technicians with different levels of authorisation and to protect
relays from mal-intentioned access. The report also identified the challenges for the future of
lifetime management of relays and outlined how these may be addressed using a set of rules
and recommendations.
With the increasing complexity of protection relays as they embrace; new standards of
communication, the integration of control functions and cyber security concerns, there is a
need to manage all of these settings effectively to ensure that the right settings are securely
and efficiently delivered to the relay.
Regardless of the complexity of the relay, the proposed generic process is an effective
methodology for managing the settings over the lifetime of the relay. Classification of settings
into groups helps the protection engineer find and understand the purpose of the settings.
Well organised settings will reduce the risk of the engineer applying the wrong setting.
Verification of the settings ensures that the settings in the relay are identical to a reference
record, and the settings are effective and adequate for the relay application.
The overall principle of maintaining setting records and the changes to the settings is vital to
maintain the integrity of the protection system and the subsequent analysis of the events. This
implies version management must be a secure process that captures the changes and the
reasons for the changes. Firmware and setting software versions must equally be controlled
to avoid errors using incompatible versions between relays and the software used to set
them.
Where protection relays are controlling assets that are essential for the reliable operation of
the transmission system there are a number of issues that need to be considered with regard
to cyber security.
The adoption of new communication standards such as IEC 61850 will have a significant
impact on the way settings will be managed. New Software tools will need to control the
increased number of settings and make their management more efficient and less susceptible
to errors.
Page 41 / 42
12 References
[1] B. Gwyn, P. Crossley, R. Loken, J. Fitch, C. Mempel, D. Novosel, N. C. Martins, J.

Cardenas, J. Lima: Lifetime Management of Relay Settings
Paper B5-105, CIGRE Session 2010
[2] Crossley, P.A., Loken, R., Fitch, J., Gwyn, B., Mempel, C., Cardenas, J.,
Novosel, D., Castro Martins, N., Cesar M de LIMA, J.
Life Time Management of Relay Settings
Cigre Study Committee B5 Colloquium, Jeju 2009
[3] IEEE PSRC Working Group Report: Processes, Issues, Trends and Quality Control of
Relay Settings – March 10, 2007
[4] CIGRE working group D2.22, Treatment of Information Security for Electric Power
Utilities, TB 419, www.cigre.org
[5] Processes, Issues, Trends and Quality Control of Relay Settings

IEEE PSRC Subcommittee C, WG C1; http://www.pes-psrc.org/
[6] http://ewh.ieee.org/cmte/substations/scc0/basefile.htm
[7] Marenbach, R: RIOplus – A New Relay Modelling Standard

DPSP 2008, Glasgow
[8] Shukri, Z.B., Mohd Zin, A.A., Lo, K.L.: Integrating Protection Engineering and
Management Tools for Utility Practices, Paper B5-209, CIGRE Session Paris 2004
Page 42 / 42

Life-Time Management of Relay Settings: Working Group

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Life-Time Management of Relay Settings: Working Group

Uploaded by

Copyright:

Available Formats

539

Life-time Management of Relay Settings

Working Group B5.31

List of contributing WG members

Peter Crossley United Kingdom Convenor

Scope of B5.31 Report

A generic utility setting management process is described, based on a number of utility

3 Protection Settings; past, present and future

3.1 Electromechanical relays

3.2 Analogue “static” relays

3.3 1st generation digital relays

3.4 Numerical relays

Figure 3-3: Sample for presentation of settings on PC

3.5 Intelligent Electronic Devices (IED)

3.6 Future trends for IED

Substation Network (Bay Level Process Bus)

Figure 3-6: Engineering process with IEC 61850

3.7 Settings – past and present

Link to Field Units

Assignment of the physical

Digital Input configuration

Digital Output configuration

4 Generic Process for Managing Settings

Figure 4-1: Generic Process for Managing Lifetime of Settings

4.1 Initiate change or new setting

4.2 Scope work

4.3 Review standards

4.4 Establish a setting calculation folder

4.5 Calculate settings

4.6 Perform coordination study

4.7 Calculate commissioning test data

4.8 Setting data entry

4.9 Issue settings for commissioning

If a setting problem is observed during commissioning, the commissioning engineer may be

4.10 Perform commissioning tests

Commissioning guidance documentation should be used to ensure consistency, especially if

Changing a setting to allow a commissioning test to be performed should, if at all possible, be

4.11 Record results

4.12 Returning settings to the setting engineer

4.13 Store returned setting folder

Assert Relay Vendor

Figure 4-2 Corporate Network Data Repository [3]

4.14 Compare setting file during maintenance

5 Organisation and people

5.1 Skills, experience and knowledge transfer

An important part of the knowledge transfer process is accomplished by working on protection

5.2 Organisational structure

5.2.1 In-house protection setting

5.2.2 Outsourced protection setting

5.2.3 Partnership arrangements on protection settings

5.3 Auditing and accreditation of people

6 Implementation of setting management

6.1 Triggers for setting change

 Asset replacement: relay replaced as part of an asset replacement program due to

6.2 Classification of settings

Relay Function Selection

Figure 6-1: Example of manufacturer setting classification

Suitable criteria are:

Additional suitable criteria for classification of settings could include:

Settings displayed to the user

A setting template defines the

Figure 6-2: Settings templates

6.3 Verification of setting changes