2
Table of Contents
Executive Summary ............................................................................................... 3
1.0 Project Objectives ............................................................................................. 3
Primary Objectives .............................................................................................................. 3
Secondary Objectives .......................................................................................................... 3
Existing Process .................................................................................................................. 4
2.0 Requirement Gathering ................................................................................... 4
Computer Applications Group ............................................................................................ 4
Santan/Kyrene Site Visit..................................................................................................... 5
Security Operations ............................................................................................................ 5
Distribution Operations ...................................................................................................... 5
Central Dispatch ................................................................................................................. 6
Summary of Need ..................................................................................................................... 6
3.0 Proposed Solution ............................................................................................. 7
Newly Found Requirement ..................................................................................................7
IP Enabled Substation .............................................................................................................. 8
Process Change ................................................................................................................... 8
Requisite Hardware ............................................................................................................ 8
Benefit ................................................................................................................................. 9
Offline Substation ..................................................................................................................... 9
Process Change ................................................................................................................... 9
Requisite Hardware ...........................................................................................................10
Benefit ................................................................................................................................10
Database Considerations .........................................................................................................10
4.0 Cost Analysis ................................................................................................... 11
IP Enabled Costs ................................................................................................................ 11
Offline Costs ....................................................................................................................... 11
5.0 Appendix ......................................................................................................... 12
3
Executive Summary
The Eller SRP Team is addressing the need of SRP Computer Applications group to improve its
Substation Entry Management Module and its associated processes.
The current system utilized at the different SRP facilities and maintained by the Computer
Applications Support Group has inadequate safety measures. The maintenance of logging the
coming and going of personnel to the many substations is a manual process and falls short of
desired safety insurances. The University of Arizona Eller SRP Team will provide a proposal
and requisite documentation to update the Substation Entry Management Module. In this
document, the Eller SRP Team will propose two solutions and analyze their cost v. benefit and
implementation ease and scalability.
1.0 Project Objectives
Primary Objectives
By result of this proposal, the Eller SRP Team will:
Improve the safety of substations for SRP employees and its associated vendors
Integrate physical entry and exit of substation with substation entry log
Identify a best of breed or complete solution for logging substation access
Evaluate the necessity of data migration and legacy system coexistence
Deliver a solution that addresses the needs of all key stakeholders –field users, implementation team, and system operators
Identify solutions for “perfect environment” and “non-technology enabled environment”
Secondary Objectives
Secondary to the proposal, but equally influenced by this proposal, the Eller SRP Team will:
Address the standardization of field definitions and substation characteristics
Improve risk management practices
4
Existing Process
The current process of using the Substation Entry Log Management Module in coordination
with a substation entry and exit can be summarized into seven steps:
1 Dispatch sends personnel to substation
2 Personnel arrives at substation, dials into dispatch
3 Dispatcher logs entry data in Substation Entry Log Management Module
4 Personnel unlocks padlock at substation, performs work
5 Personnel finishes work, locks padlock
6 Personnel dials into Dispatch
7 Dispatch logs exit data in Substation Entry Log Management Module
Optional Nightly, unresolved entry data is given batch exit
2.0 Requirement Gathering
To completely understand SRP’s needs regarding an update to the Substation Entry
Management Module, the Computer Applications Group was more than helpful to arrange
meetings with various end users and stakeholders. The Eller SRP Team thanks the below
contributors for their time and support on the project:
Computer Applications Group
SRP Personnel:
Mathew Weber, Murali Kothapalli, Maureen Kempton
Summary:
The Computer Applications Group is the project sponsor and main point of project. Combined,
Matthew, Murali, and Maureen provided excellent guidance and feedback each and every week
to our questions and proposal iterations. Without their aide, this project would be for not.
Requirements Identified:
Scalability Concerns – 300 substations, 400 users
Demonstrated existing Substation Entry Management Module –disjoint user/substation data
5
Santan/Kyrene Site Visit
SRP Personnel:
Donald Hughes
Summary:
The O&M Manager for the Santan/Kyrene Generating Station, Donald’s team hosted us for a
site visit in early March. They educated us on the end-to-end generation of power, as well as
gave a substation tour and identify their current processes.
Requirements Identified:
Personnel manually lock and unlock gates upon each visit
there is an active computing house, with communication capability, on-site at most substations
Security Operations
SRP Personnel:
Earl Blades
Summary:
As a manager of the Security Operations group, Earl was able to summarize the access control
method approach at each substation and provide an overview of how, typically, a personnel
member is granted access to a substation, is given adequate privilege to possess a key for
unlocking substations, and how third party vendors interact with SRP to access substations.
Earl mentioned that currently nine of the substations are equipped with C-Cure HID readers for
security purposes. There was no mention of integrating HID readers at gate entry, however.
Requirements Identified:
The existing C-Cure system only records entrance. There is no process for recording exit.
Distribution Operations
SRP Personnel:
Jeffery Packer
Summary:
Jeffery outlined for us the procedure of emergency response to a substation. He informed us
that when work is to be remotely initiated from central management, or in the case of
emergency, the accuracy of the Substation Entry Management Module is vital. Before
performing work, or sending emergency personnel to a substation, the log is checked to see who
is physically present.
Requirements Identified:
For the safety of personnel, accurate and reliable entry and exit data is necessary.
6
Central Dispatch
SRP Personnel:
Jean LeJeune
Isaac (intern)
Summary:
We had the benefit of having dispatch in on a conference call, as well as meeting the group
physically in person. They toured us around the central control room and identified the
importance of the Substation Entry Management Module for sending personnel to perform work
on substations.
Jean was able to clarify for us that the data for the Substation Entry Management Module is
editable, and is not a 1:1 match for personnel data.
Isaac, an intern, was able to clarify for us the batch exit process that occurs nightly.
Requirements Identified:
The nightly substation batch checkout is unsafe and in an ideal system, would not exist.
Summary of Need
By working with the aforementioned personnel groups from SRP, we were able to narrow our
requirements list to these four succinct items:
1 Log both entry and exit of substations
2 Complete accuracy of physical presence
3 Cohesive and accurate substation and employee data
4 Elimination of nightly batch checkout
Upon this initial assessment, we based our solution to meet these five requirements.
7
3.0 Proposed Solution
Based off the initial assessment we researched traditional access control methods. By looking
into different forms of physical barriers, (varying from mass-transit access control to military
base access control), we arrived at an initial solution that met the five needs while physically
securing the substations.
This solution comprised of purchasing new equipment, new gates, and a completely new
software suite to handle the data that would be collected from what is now, essentially, a locked
down substation.
You can view this alternate solution in the appendix.
In this earlier solution, access to a substation would only be granted once the user was able to
verify their identity, an electronic lock fired, and the gate allowed to be opened. However, the
Computer Applications Group brought up significant points of weakness regarding our approach
using physical access control:
What about when a substation is ‘offline’ and without internet and power?
How does the system address tailgating? How can it grant access to multiple users?
This scenario of a powerless, communication-less, substation presented our team a new
challenge, and revealed a new sixth requirement:
Newly Found Requirement
The client needs an offline solution that is always available and provides no physical barrier to
entry.
1 Log both entry and exit of substations
2 Complete accuracy of physical presence
3 Cohesive and accurate substation and employee data
4 Elimination of nightly batch checkout
5 Always available system with no physical barrier to entry
8
Eller SRP Team Proposal:
With the client’s needs fully justified, we can now specify how two different approaches will
coexist to satisfy the needs of end users of the Substation Entry Log Management Module:
This proposed solution meets the mentioned requirements, with both models
existing independently of one another, allowing SRP the flexibility to implement
either model at their own pace and scale.
Most importantly however, the proposed models insure that SRP personnel is accounted for
while in a substation, providing the highest measure of safety possible before work is completed,
or emergency crew is required.
IP Enabled Substation
To automate the process of substation entry and exit recording and provide the scalability to
meet business needs, we recommend utilizing C-Cure HID Readers at each substation point of
entry:
Requisite Hardware
The purchase of a C-Cure ProxPro II HID Reader would be required where this model is to be
implemented. The reader will capture data off existing SRP personnel badges and send the time
of entry, substation ID, and employee ID of any personnel who unlocked/locked the point of
entry.
To see technical specification and capability of the C-Cure ProxPro II HID Reader, visit the
appendix.
HID Reader
Existing Substation Log Module
IVR System
IP Enabled Substation Offline Substation
9
Process Change
When looking at the existing process, there is room for human error. By implementing a HID
reader at gate entry, this process becomes simplified, but more importantly, more accurate.
1 Dispatch sends personnel to substation
2 Personnel arrives at substation
3 Personnel unlocks padlock at substation, entry is recorded into Substation Log
4 Personnel finishes work, locks padlock, exit is recorded into Substation Log
Benefit
The IP Enabled Substation model meets end user requirements while providing added benefit:
Scalability: Can be used to include vehicles (see appendix)
Compatibility: Integrable with C-Cure security systems
Accuracy: With little human interaction, entry and exit data is logged automatically
Offline Substation
To minimize the likelihood of human error in logging substation entry, and to minimize the
likelihood of personnel forgetting to check out of a substation upon exit, we recommend
utilizing an automated IVR system process for every entry and exit.
Process Change
When looking at the existing process, there is room for human error. By implementing an
automated IVR system required as part of entry process, this process becomes simplified, but
more importantly, more accurate.
1 Dispatch sends personnel to substation
2 Personnel arrives at substation, calls into IVR for check-in, inputs visit data
3 Personnel unlocks padlock at substation
4 Personnel finishes work, locks padlock, calls into IVR for check-0ut
Optional IVR automated follow-up after timeout (upon missed check-out)
This process change introduces an automated phone system, rather than the two operators who
physically tend to the central dispatch substation check-in/check-out phone system.
(2) The automated system would prompt for the personnel member’s employee ID, the posted
substation ID of their visit, and the duration (in hours) of their visit -- a graphical overview.
10
(Optional) Upon finishing work, if the personnel member forgot to checkout, the IVR system
will dial back to the personnel member’s listed phone number and confirm their presence. If the
personnel member does not extend their visit duration, or simply does not answer the phone
call, the supervisor or designated next point-of-contact for that personnel member contacted.
This process insures that each and every check-in to the Substation Entry Management Log has
a corresponding checkout. If the original personnel member does not provide the checkout, the
system automatically follows up with the next point of contact until the issue is resolved.
Requisite Hardware
The offline substation model will leverage SRP’s current infrastructure. SRP currently uses
NICE IVR to correspond with customers for customer billing and customer service. NICE was
not available to the Eller SRP Team for correspondence, but utilization of SRP’s pre-existing
relationship with the company can surely provide the process mentioned above.
In the event NICE IVR is incapable of supporting this process, there are alternative approaches
to this proposal.
Benefit
The Offline Substation model meets end user requirements while providing the below benefit:
Availability: The IVR system operates independently of substation power and capability,
in case of power outage or substation work, the IVR is still available for logging
Accuracy: Eliminates the need for a batch nightly checkout by constantly checking for
personnel who have overstayed their provided visit duration.
Database Considerations
Both the IP Enabled and Offline Substation models require user data and substation data to be
accurate and usable cohesively.
However, currently, the Substation Entry Management Module operates off a separate data
source than the data source that provides active employee data. This disjointed view of data will
have to either be consolidated into a single database or the employee data source made available
to the Computer Applications Group for integration with the Substation Entry Management
Module for accurate, automated, check-in and check-out.
11
4.0 Cost Analysis
IP Enabled Substations
In the IP Enabled model, the only requisite purchase is of C-Cure ProxPro II HID readers.
Item Item Cost Units
C-Cure ProxPro II HID Reader $130.00 300 (1 per substation) Extended Cost: $39,000
Offline Substations
In the Offline Substation model, the only requisite purchase is the expansion of SRP’s NICE IVR
capability.
However, to see cost of related systems, see related technologies in the appendix.
12
5.0 Appendix
The appendix contains technical specification of recommended hardware, alternative solutions,
the alternative costs, the corresponding use case scenarios for these alternative solutions, and a
sample data flow of the alternative solution.
Technical Specification of C-Cure ProxPro II:
13
Technical Specification of IVR Interaction:
14
Alternative Solutions
IP Enabled Substations
Ademco 5355AGK00HID Reader:
Item Item Cost Units
Ademco 5355AGK00HID Reader $170.00 300 (1 per substation) Extended Cost: $51,000
Maxiprox 5375AGN00 HID Reader:
Item Item Cost Units
Maxiprox 5375AGN00 HID Reader $380.00 300 (1 per substation) Extended Cost: $114,000
Offline Substations
QuickFuseApps– A web hosted automated IVR system.
Toll-free numbers Inbound Outbound Transfer SMS
Rates $10 /DID every 30d $0.10 /min $0.10 /min $0.03 /min $0.10 /msg
Twilio Voice – A web hosted automated IVR and PBX system.
Twilio
Voice Inbound/minute Outbound/minute Toll-free/minute
First 500k
Minutes /
month
$0.010 $0.020 $0.030
15
Supplemental Solution - Physically Access Controlled Substations
An ideal substation access solution for SRP insures the safety of its employees and attendants by
logging entry and exit data with as little reliance on human interaction possible. For this reason,
a three-part system combining RFID authentication, electrically locked gates, and a centrally
accessible system is recommended:
Three Component Solution:
GAO RFID Access Control Software System
LockMaster LM148 Electronic Locks
Blackberry Grabba Remote RFID System
Bear in mind, these components are not dependent on each other for operation. This recommendation provides flexibility and modularity based need and implementation cost of each substation.
Component 1: GAO RFID Access Control Software System
GAO RFID Access Control Software System is an integrated access control software package that is suitable for different types of RFID access control applications. With RFID hardware and an everyday PC, the system is able to handle personnel and vehicle access control for an entire building Benefits:
24 hour Unmanned Operation Once the system is set up and configured, no additional user input is required. Access will be automatically granted to those who present a valid registered RFID tag at an access point. Remote Management through Web Interface The system can be managed remotely through a Web interface. Tags and tag holders can be added, edited, and removed by the responsible staff at the head office without them having to travel to the site. Applies to Both Personnel and Vehicle Access Control Access to the front gate, parking lot and any other type of access point can be controlled simultaneously in the same system. Compatible with Various RFID Hardware Passive LF, HF and UHF and semi-passive and active technologies can all be flexibly used together in the same system. A typical application is to use HF short range card tags for personnel access and UHF long range windshield tags for vehicle access. Real-Time Map View Through the software interface, the user is able to create a map for the site and monitor the activities at different access points on the desktop in real time.
16
Group Management Tag holders can be divided into different groups. The user can specify access points each group can access, as well as different time restrictions for access. Customizable Reporting Activities are stored in the database and reports can be generated by specifying different criteria such as dates, group names, access points and tag holder names.
Component 2: LockMaster LM148 Electronic Locks
While it is possible to purchase these items standalone from an RFID reader and electric relay, it is advisable to purchase these items collectively as a whole to insure product standardization and compatibility.
The LockMaster LM148 works with any 24V gate opening mechanism. For added security, the device unlocks and locks automatically as gates open and close. Also, when in a powerless state, the device comes with a keypad and keyed manual release. Other recommendations:
Chamberlain 915GA Automatic Gate Lock Designed for push-to-open and pull-to-open gates, unlike the sliding gate mechanism provided by LockMaster. Works with any 24V gate opening mechanism. As a fail safe, this lock sits in a restful locked state until an electric current forces the lock into the unlocked position.
Mighty Mule #FM143 Instead of RFID, the Mighty Mule is designed for interaction with automatic opening systems. It’s best to consider purchasing this component as part of a bigger system.
Component 3: Blackberry Grabba
The Blackberry Grabba device can act as a remote RFID authentication device. At a substation where internet access is not available, the Grabba can serve as the authenticating party for substation attendants to verify their identity and be granted access. Features in a Grabba?
Beyond RFID, the Grabba is expandable to support other authentication forms:
2D Barcodes – all industry standard codes supported OCR Reader – OCR-4, OCR-8 Infra Red transmit/Receive – Standard IR (custom formats available) Signature Capture Fingerprint Reading
Advantages:
17
The Grabba is directly connected to the BlackBerry® smartphone via the USB port This direct connection provides the ultimate in data security as nothing is ever transmitted wirelessly. The Grabba uses its own internal rechargeable battery to carry out all of its data collection. It does not need to be plugged in.
Category Brand Name Price
RFID GAO RFID access control $3,500.00
Electronic Lock LockMaster Electric Lock LM148 $179.00/unit
RELAY OMRON MY2NJDC24+PYF08A-E $10/unit
Remote RFID Grabba Software $500
Supplemental Use Cases with Alternative Solution
USE CASE – UC 1
Check-in Personnel
TYPE OF USE CASE: Front-end/Basic
NAME OF USE CASE: Check-in Personnel
USE CASE NUMBER: 1
PROJECT Substation Log Entry
STATUS
Process Identification: 03/21/12
Basic Flow: First draft 03/23/12
DESCRIPTION:
This Use Case describes the process of checking-in personnel at a substation facility.
BUSINESS REQUIREMENTS:
Substation log entry application shall allow the users to maintain check-in/check-out
information of the personnel who have accessed the substation facilities.
USER REQUIREMENTS:
18
User should be able to check-in to a substation
BUSINESS RULES:
N/A
PRIMARY ACTORS:
SRP Substation personnel , SRP System Admin
Triggers:
An authorized employee/contractor has arrived at a substation.
Pre-conditions:
1. The employee/contractor must have been created in the system database.
Post condition on Failure:
1. The employee/contractor was not checked-in successfully.
BASIC FLOW:
1. The employee scans his RFID enabled ID at the RFID reader.
2. If the signal strength and the duration criteria have been met, the system will
authorize that tag/employee - if they exist in the system database
3. An entry is made into the log file which updates the clock-In time.
4. Access into the substation is granted by unlocking the door
5. The system administrated at the back end is notified via the GUI about occurence
ALTERNATE FLOWS:
1. In case an employee forgets his or her id card
SRP personnel/security at the substation entry can use his her/her employee id
to check-in the employee.
There can be a keypad on the external reader for PIN numbers to override a No
Card situation or for enhanced security.
2. For a visitor
An SRP employee needs to company the visitor and his if will be scanned at the
reader
19
DESIGN SPECIFICATIONS:
Access information can also be tied to a Windows Active Directory or LDAP for user
authentication and therefore be synchronized to an authorized access scheme
ASSUMPTIONS:
N/A
PROMPTS AND MESSAGES:
N/A
NON-FUNCTIONAL REQUIREMENTS:
USE CASE – UC 2
Check-out Personnel
TYPE OF USE CASE: Front-end/Basic
NAME OF USE CASE: Check-out Personnel
USE CASE NUMBER: UC 2
PROJECT Substation Log Entry
STATUS
Process Identification: 03/21/12
Basic Flow: First draft 03/23/12
DESCRIPTION:
This Use Case describes the process of checking-out personnel from a substation facility.
BUSINESS REQUIREMENTS:
Substation log entry application shall allow the users to maintain check-in/check-out
information of the personnel who have accessed the substation facilities
USER REQUIREMENTS:
User should be able to check-out to a substation
20
BUSINESS RULES:
N/A
PRIMARY ACTORS:
SRP Substation personnel
SECONDARY ACTORS:
N/A
Triggers:
An authorized employee/contractor is departing a substation.
Pre-conditions:
2. The employee/contractor must have been created in the system database.
Post Conditions on Success:
1. The employee/contractor has been checked-out successfully.
Post condition on Failure:
2. The employee/contractor was not checked-out successfully.
BASIC FLOW:
1. The employee scans his RFID enabled ID at the RFID reader.
2. If the signal strength and the duration criteria have been met, the system will
authorize that tag/employee - if they exist in the system database
3. An entry is made into the log file which updates the clock-Out time.
4. Employee is checked out by unlocking the door
5. The system administrated at the back end is notified via the GUI about an action
being taken place
ALTERNATE FLOWS:
1. In case an employee doesn’t have his id card
SRP personnel/security at the substation entry can use his her/her employee id
to check-in the employee.
There can be a keypad on the external reader for PIN numbers to override a No
21
Card situation or for enhanced security.
2. For a visitor
An SRP employee needs to company the visitor and his if will be scanned at the
reader
DESIGN SPECIFICATIONS:
Access information can also be tied to a Windows Active Directory or LDAP for user
authentication and therefore be synchronized to an authorized access scheme
ASSUMPTIONS:
N/A
PROMPTS AND MESSAGES:
N/A
USE CASE – UC 3
End-of-Day Checkout
TYPE OF USE CASE: Front-end/Basic
NAME OF USE CASE: End-of-Day Check-out
USE CASE NUMBER: UC 3
PROJECT Substation Log Entry
STATUS
Process Identification: 03/21/12
Basic Flow: First draft 03/23/12
DESCRIPTION:
This Use Case describes the process of checking-out personnel at the end of the day from a
substation facility.
BUSINESS REQUIREMENTS:
Substation log entry application shall allow the users to maintain check-in/check-out
information of the personnel who have accessed the substation facilities
22
USER REQUIREMENTS:
Perform an end of day check-out
BUSINESS RULES:
N/A
PRIMARY ACTORS: SRP Substation personnel
SECONDARY ACTORS: N/A
Triggers: End of day time trigger
Pre-conditions:
3. The employee/contractor must have been created in the system database.
Post Conditions on Success:
2. The employee/contractor has been checked-out successfully.
BASIC FLOW:
The RFID time clocks are used to set the duration until when an employee can be in the
substation. It keeps track of employee clock-IN/OUT time.
1. At the end of the report are generated to check if every employee has checked-out of
the substation.
2. If not then the employee is contacted to be check out of the system
PROMPTS AND MESSAGES:
N/A
NON-FUNCTIONAL REQUIREMENTS:
N/A
EXTERNAL INTERFACES:
N/A
23
Data Flow of GAO RFID System
1.0Receive and Process
Access Request
D1: User FileD3: Log File
D2: Substation File
User
System Admin
System Configuration and Maintenance
Database Administrator
User&Substation Database Entry and Modification
Management
Substation Log Check ResponseSubstation Log Check Request
Access Request
Access Request Response
User Information
2.0Receive and
Update Customer Information File
User Records Update
Substation Records Update
Update Log File
4.0Receive and Process
Access Request
3.0Receive and Process Log Check Request
Retrieve Log File
D4: Configuration
FileUpdate Configuration