Wednesday, June 12, 2013

The New Power-grid that Failed the Backup Generator


The new power-grid that failed the backup generator.

Airports have backup generator to supply power whenever a grid fails. Normally these generators faithfully take over and keep on running whenever a grid is overloaded and just quit.

One day an old and failing grid which supplied power to a city also affected an updated supply of power to an airport. The intent was an update for the city to avoid breakdowns due to overloads, and life at the airport electrical field would also be perfect.

In a safety management system (SMS) an operator must conduct risk analyses and plan to mitigate potential hazards.  Whenever there are operational changes, an operational risk analysis is conducted and both current risks and residual risks must be managed with implementation of corrective action plan (CAP) and check of CAP’s effectiveness.

Before continue reading, take a minute to evaluate if there could be any residual risks of upgrading the grid. The assumption is that an upgrade is able to take on the load without breakdowns. However, should a breakdown occur, it is expected that the backup generator is taking over.  Overall, it is a safety improvement to operational control.  After analyzing for possible residual risks, make a comment to this risk as being:  “None”, or “Yes”, and if “Yes”, give an example of what this risk could be.


A generator failure often causes major consequences.


Over a few years the new and improved grid faithfully supplies power to the airport with no need for backup power. Then, on a cold and dark winter night there is an overload and the grid fails. Further, there is no generator backup power, since the generator also failed and left the airport without power for hours. The generator had a fuel “backflow” issue and is not operational.

When the airport was operating on the old and inferior grid with several losses of power, the backup generator would operate frequently. This frequency in operation kept enough fuel pressure in the system to allow for start-up and operation whenever the power failed.  With the new and improved power supply which was operating steady over a few years, the generator was not started as frequently and fuel pressure on the generator was slowly backing up. When power was required on this dark winter night, there was no fuel pressure in the system to allow for start-up.

The residual risk of more reliable power had not been assessed. It is often assumed that implementing new and improved operational equipment or procedures solve the problems. It is often assumed that new CAPs are effective and there is no need to assess for residual risks or establish timeline to evaluate effectiveness.


Evaluation of CAP effectiveness keeps operations on track.


Whenever there is a change in a process, the process must be evaluated for effectiveness. Remember, the process which just failed and required a new CAP was at one time a new process and assessed as operational effective.


BirdsEye59604



















2 comments:

  1. A lot of companies miss this aspect of Risk Management. When a company does Root Cause Analysis and comes up with the root cause(s) to a problem, they forget to do a risk analysis on the changes to be made to mitigate or eliminate the root cause of the problem. Often, the change adds additional risk. For Example: An airport up north had a problem with deer on the runway. The RCA reveals that they needed a "deer fence" around the airport. A few months after the deer fence was install a small plane came in for a low level landing and hit the fence. So the mitigation of the deer problem introduced an additional hazard. Interesting look at Risk Mitigation. Risk is talked about a lot in the SMS Memory Jogger II available at dtitraining.com

    ReplyDelete

When SMS is Flawed

  When SMS is Flawed By OffRoadPilots A safety management system (SMS) is a system which paints a true image of airports and airline operat...