Insights

A LEADERSHIP FAILURE DISGUISED AS A PROTECTION SETTING

Image

During commissioning reviews on a European colocation data centre, I encountered a protection philosophy that is more common than many engineers would like to admit.

The facility was designed with utility-supplied LV switchboards supported by standby generators configured to supply only a defined portion of the total facility load during loss of utility power.


Nothing unusual there.


What was unusual was the protection strategy.


The standby generator overcurrent protection settings were effectively aligned with the utility incomer protection settings, even though the two sources possessed fundamentally different fault current capabilities and were supporting significantly different load levels.

At first glance, this appears to be a technical protection coordination issue.

It revealed something much more important.

It revealed leadership failure.


The Assumption Nobody Challenged

The utility network could deliver fault currents substantially higher than those available from the standby generators.

The utility incomers were therefore protected based on the characteristics of a strong external source.

The standby generators, however, represented comparatively weak sources with significantly lower fault-current contribution.


Yet the protection philosophy remained largely unchanged.


The question that immediately arose was:


why are we protecting a source capable of delivering approximately 15 kA as though it were a source capable of delivering 50 kA?


The answer was not found in the calculations.

The answer was found in the assumptions.


At some point during design development, someone assumed the settings had been reviewed.

Someone else assumed they had been validated.

Others assumed the protection study had considered all operating modes.

As the project progressed, those assumptions passed from one phase to the next without being challenged.

The issue remained hidden until commissioning reviews forced a fundamental question:

"Does the protection philosophy remain valid when the source changes from utility supply to standby generation?"

Nobody had clearly owned that question.

Commissioning simply exposed it.


The Hidden Risk

Protection systems exist to achieve two objectives:

1.      Protect equipment from damage.

2.      Maintain system stability and continuity of service.

When generator protection is not coordinated with actual generator capability, several risks emerge:

·       Delayed fault clearance.

·       Loss of selectivity.

·       Unnecessary generator trips.

·       Failure to clear faults within expected timeframes.

·       Increased risk of wider facility impact during abnormal conditions.


In mission-critical environments, these risks are amplified because standby generation is often the last line of defence against service interruption.


The protection philosophy that works perfectly on utility power may not work when the facility transitions to generator operation.


The Commissioning Perspective

One of the most valuable aspects of commissioning is that it forces the project team to evaluate how systems behave rather than how they are expected to behave.


Commissioning sits at the intersection of design intent, installation, controls integration, operations, and risk.

This position provides a unique opportunity to challenge assumptions that may have survived multiple design reviews.


The protection settings themselves were not the most significant finding.


The most significant finding was that nobody had asked a simple question:


Does the protection philosophy remain valid when the source changes from utility supply to standby generation?


That question should have been raised during design review.

It should have been reviewed during factory acceptance testing.

It should have been challenged during commissioning planning.

Yet it stayed hidden until commissioning reviews brought it to light.


The Leadership Lesson

Many commissioning discoveries are described as technical issues.

In my experience, the majority are not.

They are leadership issues disguised as technical issues.

They occur when responsibilities become fragmented across multiple organisations, disciplines, and project phases.

They occur when assumptions replace verification.

They occur when everyone believes someone else has already checked.

The generator protection settings were not the root cause.

The root cause was the absence of clear ownership for challenging a critical engineering assumption.


Reliability Assurance Requires More Than Calculations

Reliable facilities are not created by equipment alone.

They are created through disciplined verification, independent challenge, and a willingness to question accepted assumptions.


The lesson from this project was simple:

The most dangerous protection setting is often not the incorrect setting.


It is the setting that nobody thought to question.


That is why independent technical assurance, reliability assurance, and commissioning leadership remain essential components of mission-critical project delivery.

Because operational certainty is achieved not when assumptions are made, but when assumptions are tested.


What sort of hidden assumptions, governance gaps,

or engineering blind spots have you encountered on

projects?

I'd be interested to learn from your experience - (you can comment on the LinkedIn Version of this article here)