Thursday, December 12, 2013

The New Power-Grid That Failed The Backup Generator

Airports have backup generator to supply power whenever a grid fails. Normally these generators faithfully take over and keep on running whenever a grid is overloaded and just quit.

One day an old and failing grid which supplied power to a city also affected an updated supply of power to an airport. The intent was an update for the city to avoid breakdowns due to overloads, and life at the airport electrical field would also be perfect.

In a safety management system (SMS) an operator must conduct risk analyses and plan to mitigate potential hazards.  Whenever there are operational changes, an operational risk analysis is conducted and both current risks and residual risks must be managed with implementation of corrective action plan (CAP) and check of CAP’s effectiveness.

Before continue reading, take a minute to evaluate if there could be any residual risks of upgrading the grid. The assumption is that an upgrade is able to take on the load without breakdowns. However, should a breakdown occur, it is expected that the backup generator is taking over.  Overall, it is a safety improvement to operational control.  After analyzing for possible residual risks, make a comment to this risk as being: “None”, or “Yes”, and if “Yes”, give an example of what this risk could be.

A generator failure often causes major consequences.
Over a few years the new and improved grid faithfully supplies power to the airport with no need for backup power. Then, on a cold and dark winter night there is an overload and the grid fails. Further, there is no generator backup power, since the generator also failed and left the airport without power for hours. The generator had a fuel “backflow” issue and is not operational.

When the airport was operating on the old and inferior grid with several losses of power, the backup generator would operate frequently. This frequency in operation kept enough fuel pressure in the system to allow for start-up and operation whenever the power failed.  With the new and improved power supply which was operating steady over a few years, the generator was not started as frequently and fuel pressure on the generator was slowly backing up. When power was required on this dark winter night, there was no fuel pressure in the system to allow for start-up.

The residual risk of more reliable power had not been assessed. It is often assumed that implementing new and improved operational equipment or procedures solve the problems. It is often assumed that new CAPs are effective and there is no need to assess for residual risks or establish timeline to evaluate effectiveness. 

Evaluation of CAP effectiveness keeps operations on track.
Whenever there is a change in a process, the process must be evaluated for effectiveness. The process which just failed and required a new CAP was at one time a new process and assessed as operational effective.