System Integrity Protection Schemes: Naming Conventions and the Need for Standardization

: The energy transition is placing increased strain on power systems and making it challenging for Transmission System Operators (TSOs) to securely operate power systems. System Integrity Protection Schemes (SIPSs) are one of the solutions to address these challenges. SIPSs are a type of over-arching power system control; their goals are to increase the secure utilization of power system assets and to limit the impact of large disturbances on the system. Due to societal developments, the interest in utilizing SIPSs is increasing internationally, highlighting the importance of the standardization of terms and deﬁnitions to support collaboration between internationally interconnected power systems. This paper addresses the issue of increasing SIPS literature and the efﬁcient exchange of knowledge about SIPSs by providing a new, up-to-date literature review and proposal for the standardization of SIPS terminology. The need for standardized terminology is highlighted by gathering various terms used to describe SIPSs and proposing a standardization of deﬁnitions, terms, and SIPS operational execution steps. The goal of the proposed standardization is to provide clarity and to decrease the sources of misinterpretation in an international collaborative environment. The analyzed literature is further classiﬁed according to the SIPS features it addresses, and conclusions about well-established and interesting future research areas are drawn. For example, it has been observed that the most commonly considered SIPS action is load shedding, while more sophisticated actions, e


Introduction
The role of a modern transmission system is to provide a safe, reliable, and economically feasible interface for the exchange of electrical energy between producers, prosumers, and consumers.To do so, Transmission System Operators (TSO) have to make sure that the system remains stable and secure for different operating scenarios in case of the occurrence of plausible disturbances affecting the system's operation.In the literature and in industry practice, such conditions are widely known as the N-1 criteria.
With increasing shares of renewables, faster power system dynamics, and demand from electricity markets for higher transfer capacities, the ability to satisfy the N-1 criteria may be jeopardized.If the N-1 criteria are not satisfied, a prompt adequate and fast set of actions may be needed to preserve the stable operation of the system in the case of the occurrence of a critical contingency.A manual intervention by a system operator in the control room may not be fast enough in this case and, therefore, the solution lies in deploying an automatic set of remedial actions.These automatic schemes are commonly known in the literature as System Protection Schemes, Special Protection Schemes, Remedial Action Schemes or, as referenced in this paper, System Integrity Protection Schemes (SIPSs).

•
The standardization of terms and definitions: providing a common platform for the exchange of knowledge and experience of SIPSs arising from different countries with different SIPS terminology and standards; • Updated comprehensive literature reviews: analysis and classification based on up-todate literature on SIPSs to identify which areas of SIPS research and application are becoming established and which areas with research gaps remain to be addressed in the future.
This paper contributes to addressing these two challenges by providing recommendations on the standardization of SIPS nomenclature, the standardization of SIPS phases and execution steps, and by providing an up-to-date literature review and SIPS classification.
To address the issue of standardization, this paper gathers and compares terminology and definitions of SIPSs from different countries and authorities, outlining their similarities and main differences.From this comparison, recommendations on updates of certain definitions are proposed with emphasis on the need for the international standardization of terminology.Furthermore, this paper proposes a platform for knowledge exchange by providing a common description for the planning and operational phases of SIPSs, including a description of the main steps and actions which these phases encompass.The common description of SIPSs is drawn primarily by comparing descriptions originating from IEEE [1] and ENTSO-E [2], and attempting to emphasize their similarities and minimize their differences.
To provide an up-to-date literature review, this paper analyses literature going back twenty years, with emphasis on the most recent publications.The analyzed literature is classified according to SIPS objectives and mitigative action types, as well as on the detection methods for triggering, and of decision-making architecture.Compared to [20,52], this paper uses the literature classification to underline well-established SIPS solutions and to identify suitable areas for future research.Furthermore, the literature classification in this paper tries to answer questions related to the most considered SIPS actions and how these actions are used to address SIPS objectives.To illustrate SIPS implementation, as part of the literature review, the paper presents Nordic examples in a dedicated section, highlights the main objectives, and provides statistics on SIPS operation and terminology.From the described terminology, the issue of standardization is once more made apparent.
The paper is organized into seven sections: Conclusions.

Definitions and Terminology
The variety of terms and definitions used for solutions related to SIPS makes it difficult to address such solutions from an international perspective.Therefore, in this section, we have gathered some of the definitions used today with the intention to outline the similarities and main differences and to provide recommendations on a common definition.Furthermore, the usage of terms with different meanings constitutes a risk for misunderstanding.A list of preferred terms is therefore presented, together with the descriptions of a variety of terms used to express the functionalities and structures of SIPSs.
Throughout this report, we use the expression SIPS (System Integrity Protection Scheme), as proposed by [5], referring to control schemes of a similar type, such as Special Protection Schemes, System Protection Schemes, and Remedial Action Schemes.The expressions Special Protection Schemes and System Protection Schemes come with two disadvantages: firstly, their use is mixed and has changed historically [4]; secondly, the acronym SPS may refer to both expressions.RAS is another commonly used expression which is inhibited by a stringent definition [49].Integrity is a term seen as a central part of control scheme functionality [1,6,51], intending to preserve the interconnected operation of power systems from a broad perspective.Furthermore, with SIPS being an acronym less prone to create confusion, we believe that the expression of System Integrity Protection Scheme is the most appropriate to use.

SIPS Definitions
The role of SIPSs has been defined by different entities across the world.Some of the commonly used definitions are provided by: the European Network of Transmission System Operators for Electricity (ENTSO-E), the North American Electric Reliability Corporation (NERC), and the Institute of Electrical and Electronics Engineers (IEEE).
In [1], IEEE describes SIPSs as enhancing security and preventing the propagation of disturbances for severe system emergencies.SIPSs are used to stabilize power systems by taking mitigative control actions.Both the IEEE and CIGRE [51] consider SIPSs to encompass Special Protection Systems and RAS, as well as underfrequency and undervoltage load shedding (UFLS, UVLS) and out-of-step (OOS) protection schemes.
In [2], ENTSO-E distinguishes between System Protection Schemes (SyPSs) and Special Protection Schemes (SpPSs).SyPS are designed to stabilize the power system when a widespread collapse is imminent.SpPSs are designed to provide acceptable system performance in systems or scenarios where there is a lack of N-1 redundancy.SyPSs are generally response-based, while SpPSs are mainly event-based.
In [49], NERC prefers the term RAS, considering schemes with objectives including maintaining the stability of the bulk power system and limiting the impact of cascading or extreme events.RAS are designed to take corrective actions, including, e.g., generation adjustment or tripping, load tripping, or system reconfiguration.Several items are listed as not individually constituting a RAS, including UFLS, UVLS, and OOS.The main reason for this exclusion is that they are considered protective functions, and not explicit schemes themselves, and therefore are covered by other standards, [7].
There are several details differentiating the views of the SIPSs presented above.However, common factors relate to the support of stability and security, and to mitigating the extent of large disturbances.Our proposal is to highlight the three parts of the SIPS definition related to the goals, the objectives, and the means of SIPSs: A SIPS is defined by its goals, objectives, and means, which are: Goals: Increase the power system reliability and/or capacity; Objectives: Prevent the degradation of the power system technical performance in cases where the pre-contingency state of the system is nonsecure or in cases of extreme contingencies, regarding stability and/or overloading phenomena; Means: The objectives are met through the use of selected mitigative actions which are automatic, predetermined, and coordinated.
Thus, this proposed definition can be used to describe SIPSs in general, and to clearly distinguish specific implemented SIPS solutions.This implies a limited need for additional definitions; instead, the definition can support the classification of sub-categories of SIPSs with the same basic definition, further clarifying naming conventions.

SIPS Terminology
SIPSs encompass a comprehensive set of concepts and solutions, ranging from widely implemented schemes to complex site-specific solutions.There are, however, several important actions which are part of the design of any SIPS solution, namely: arming, triggering, and mitigation.Due to the inconsistency in nomenclature, standardization would also be preferable here.The proposed terms, as presented in Table 1, are suggestions to decrease the risk of misunderstanding.The significance of this risk is highlighted by terms used in the literature, which are partly included in the table under the heading "other terms".

Mitigative action extent
Quantity of SIPS action determined based on system conditions and on the needs to fulfill the SIPS objective in case the triggering criteria are met.Could be quantified in: MW, Mvar, etc.
Volume; Level

Phases and Execution Steps
As discussed in the previous section, countries and their authorities quite often have different definitions of System Protection Schemes, Special Protection Schemes, Remedial Actions, and System Integrity Protection Schemes.They all describe a set of actions executed in a specific order and manner to preserve a power system in its operational constraints when subjected to foreseen or unforeseen disturbances.While the actions themselves are quite similar, the main differences in the definitions are related to the terms that are used to describe these actions and the steps in their execution.For example, some TSOs may refer to the term activating SIPSs as deploying mitigative actions.Others may use activating to mean the arming of SIPSs.Furthermore, a comparison of solutions from the literature may often lead to ambiguities as to when certain functions are executed, e.g., at which phase the extent of SIPS mitigative actions is decided.To compare different solutions of SIPSs, besides using the same terminology, it is important to also use the same or at least similar frameworks to classify SIPS execution steps and the actions contained in these execution steps.This section intends to provide a common framework by comparing some of the already proposed frameworks, highlighting their similarities, and bridging their differences.
The process of SIPS deployment can, in general, be divided into two phases: the planning phase and the operational phase.The literature is mostly consistent when stating that the planning phase consists of the initial calculations for mitigative action extent and their arming and triggering criteria.More pronounced differences exist in describing the structure of the operational phase and its main steps.To illustrate the differences and similarities, the operational phases, as described by IEEE [1] and ENTSO-E [2], are compared.
The IEEE/PES Power System Relaying Committee [1] defines three main steps in the SIPS operational phase: 1.
Monitoring and Detection: The monitoring of the system states and deciding if there is a need to arm a particular SIPS; 2.
SIPS Logic Processing: Arming calculations including decisions on the extent of mitigation actions; 3. Mitigation: The monitoring of system states and, in case thresholds are exceeded, the triggering of mitigation actions.
The ENTSO-E [2] does not explicitly distinguish between the three steps as IEEE does.However, [2] does mention the logic that is supposed to detect if the system is in a normal, alert, or emergency state.This logic could be equivalenced with the Monitoring and Detection step as proposed by IEEE.Furthermore, depending if the system transitions from normal to an alert or emergency state, a set of Special Protection Schemes or System Protection Schemes are armed, respectively, as proposed by ENTSO-E.Special Protection Schemes and System Protection Schemes together form a Defense Plan which might be the term ENTSO-E [2] uses as an equivalent to SIPSs as used by IEEE [1].Therefore, the ENTSO-E step to decide which Special Protection Schemes or System Protection Schemes should be armed corresponds to the IEEE second step of SIPS execution: SIPS Logic Processing.Ultimately, both the IEEE and ENTSO-E envision a step for the deployment of SIPS mitigative actions named the Activation Step by the ENTSO-E and the Mitigation Step by the IEEE.
To avoid discrepancy between the definitions of the main steps of SIPS execution, and to provide a platform for comparison and knowledge exchange between the SIPS solutions described by either IEEE [1] or ENTSO-E [2] definitions, this paper proposes and motivates the use of the SIPS planning and operational phases illustrated in Figure 1.The execution steps of the operational phase present a consistent logic of describing the intended outcome of the actions encompassed by each step.First is the Arming step, which corresponds to the IEEE Monitoring and Detection step and the corresponding definitions of ENTSO-E.Instead of naming the step after its input as proposed by IEEE, we name it after its expected outcome which is the decision to arm or not to arm the SIPS.The second step encompasses actions which decide on the extent of the mitigative actions and their triggering mechanisms.The definition of this step is maybe the most problematic, as the aforementioned actions vary significantly from country to country.Here, the obvious advantage of naming the step according to its intendent outcome is obvious.In this case, the step outcome is the parameterizing of the SIPS for a specific operating state of the system.Therefore, this is named the SIPS Parameterization step.The final execution step in Figure 1 includes actions which monitor system states of interest, predetermined in the previous Parameterization step, and triggers the mitigative actions if these states reach the predetermined criteria.Thus, named after its outcome, this is called the Triggering step and corresponds to what the IEEE defines as the Mitigation step or the ENTSO-E defines as the Activation step.
The choice of the execution steps shown in Figure 1 and their naming has been established based on the following principles:

•
Consistency: All execution steps are named after the outcome of the set of actions they represent.For example, the Arming step represents a set of actions that lead to SIPS being armed or not.Similarly, the Triggering step describes a set of actions that lead to the triggering of SIPS mitigative actions or not; • Uniqueness: Each step name uniquely defines the set of actions that it represents.For example, the Parameterization step is describing actions used to set the SIPS triggering criteria and the mitigative action extent.On the other hand, the name "Parameterization" is hard to confuse with the first or third step in the operational phase as the first and the third steps do not include any actions that set the parameters of SIPSs.In case of Energies 2022, 15, 3920 6 of 16 IEEE naming, the first step named Monitoring and Detection can be confused with the third step, as both steps include actions related to monitoring and detection.

•
Generality: The name of each execution step should be general enough not to exclude any action comprised in the particular step.
The following subsections go into more detail of each of the execution steps from Figure 1.The choice of the execution steps shown in Figure 1 and their naming has been established based on the following principles: • Consistency: All execution steps are named after the outcome of the set of actions they represent.For example, the Arming step represents a set of actions that lead to SIPS being armed or not.Similarly, the Triggering step describes a set of actions that lead to the triggering of SIPS mitigative actions or not; • Uniqueness: Each step name uniquely defines the set of actions that it represents.For example, the Parameterization step is describing actions used to set the SIPS triggering criteria and the mitigative action extent.On the other hand, the name "Parameterization" is hard to confuse with the first or third step in the operational phase as the first and the third steps do not include any actions that set the parameters of SIPSs.In case of IEEE naming, the first step named Monitoring and Detection can be confused with the third step, as both steps include actions related to monitoring and detection.

•
Generality: The name of each execution step should be general enough not to exclude any action comprised in the particular step.
The following subsections go into more detail of each of the execution steps from Figure 1.

Arming
By the earlier mentioned definitions, SIPSs are supposed to mitigate the effects of certain contingencies that can lead to power system instability and consequent possible widespread blackouts.The actions from the Arming step are supposed to detect the state of the system in which a contingency event may jeopardize a stable system operation.ENTSO-E [2] classifies these states as alert and emergency states, with respect to the increasing severity of the possible contingency event.To identify the need for SIPS arming, the actions in the Arming step continuously monitor and evaluate the system against one or several of the following phenomena, in accordance with the SIPS objective:

Arming
By the earlier mentioned definitions, SIPSs are supposed to mitigate the effects of certain contingencies that can lead to power system instability and consequent possible widespread blackouts.The actions from the Arming step are supposed to detect the state of the system in which a contingency event may jeopardize a stable system operation.ENTSO-E [2] classifies these states as alert and emergency states, with respect to the increasing severity of the possible contingency event.To identify the need for SIPS arming, the actions in the Arming step continuously monitor and evaluate the system against one or several of the following phenomena, in accordance with the SIPS objective: 1.
Components' thermal overloading, If it is detected that the system has an operational state where there is an increased risk that a contingency might lead to any of the listed phenomena, the SIPS is armed.This is often completed by comparing the operational state to a pre-defined arming criteria identified in the planning phase.

Parameterization
After the need for the arming of the SIPS has been identified in the Arming step, a choice must be made on which mitigative actions should be used and how those should be triggered.In other words, SIPS parameters should be configured to efficiently and reliably address a non-secure or-as the ENTSO-E [2] defines it-alert/emergency state of the system.SIPS parameters, as defined by this paper, may be of a discrete or continuous nature.An example of discrete SIPS parameters is the choice of particular SIPS actions, or the choice of signals monitored for making a decision on the triggering of the actions, etc. Continuous SIPS parameters would be threshold levels for triggering mitigative actions, the extent of the mitigative actions, etc.Some or all of these parameter values may have already been determined during the SIPS planning phase.However, the assumptions used in planning may not correspond to the conditions in operation.In this case, to preserve SIPS efficiency and reliability, SIPSs might benefit from parameterization in the operational phase.As proposed by this paper, the set of actions used to parameterize SIPSs in the operational phase is named the Parameterization step.
To configure the parameters of SIPSs in the operational phase, information including the current operating point of the system, system configuration, availability and the cost of resources for mitigation, as well as possible contingencies that may steer the system towards instability phenomena and subsequent black-out, may be needed.Furthermore, depending on the SIPS objective, required mitigative actions have to be deployed within a specific timeframe, as indicated in Figure 2. As an initial point for determining SIPS parameters, the parameter values calculated in the SIPS planning phase can be used.
liably address a non-secure or-as the ENTSO-E [2] defines it-alert/emergency state of the system.
SIPS parameters, as defined by this paper, may be of a discrete or continuous nature.An example of discrete SIPS parameters is the choice of particular SIPS actions, or the choice of signals monitored for making a decision on the triggering of the actions, etc. Continuous SIPS parameters would be threshold levels for triggering mitigative actions, the extent of the mitigative actions, etc.Some or all of these parameter values may have already been determined during the SIPS planning phase.However, the assumptions used in planning may not correspond to the conditions in operation.In this case, to preserve SIPS efficiency and reliability, SIPSs might benefit from parameterization in the operational phase.As proposed by this paper, the set of actions used to parameterize SIPSs in the operational phase is named the Parameterization step.
To configure the parameters of SIPSs in the operational phase, information including the current operating point of the system, system configuration, availability and the cost of resources for mitigation, as well as possible contingencies that may steer the system towards instability phenomena and subsequent black-out, may be needed.Furthermore, depending on the SIPS objective, required mitigative actions have to be deployed within a specific timeframe, as indicated in Figure 2. As an initial point for determining SIPS parameters, the parameter values calculated in the SIPS planning phase can be used.Based on how the information for setting SIPS parameters is collected, and how mitigative actions are to be deployed, SIPSs can be parameterized in the following manners: • Decentralized: o Local: SIPS parameterization is performed locally, including the measuring of system states needed for making a decision on the value of SIPS parameters; Based on how the information for setting SIPS parameters is collected, and how mitigative actions are to be deployed, SIPSs can be parameterized in the following manners: • Decentralized: Local: SIPS parameterization is performed locally, including the measuring of system states needed for making a decision on the value of SIPS parameters; Distributed: System states are measured locally; however, the SIPS is parameterized by exchanging information between neighboring local devices, e.g., Intelligent Electronic Devices (IEDs), that participate in the SIPS parameterization; • Centralized: Measurements are collected centrally, and a centralized decision is made on the SIPS parameter settings.It should be noted that the triggering of a SIPS is usually not performed by the centralized system but by the local devices, e.g., IEDs, which are instructed by the centralized system on when and how to trigger mitigative actions.The main reason for this is to increase the speed of deploying mitigative actions.
After the Parameterization step, armed SIPSs are ready to detect and appropriately respond to critical system contingencies by the triggering of chosen mitigative actions.

Triggering
The Triggering step of SIPS execution from Figure 1 includes a set of actions for the monitoring and detection of critical system contingencies and their mitigation.A contingency (or a set of contingencies) that results in an undesirable system state, requiring the triggering of mitigative action or the actions of the SIPS can, according to [2,[22][23][24], be detected by two different types of methods:

•
Event-based: The system registers discrete signals indicating the status change of certain components, e.g., the opening of a circuit breaker or the activation of a protective relay, and makes a decision based on these to trigger dedicated SIPS mitigative actions;

•
Response-based: The system observes the continuous dynamic system response, e.g., voltage measurements, and based on it determines if there is a need to trigger the SIPSs' mitigative actions.
Other instances in the literature [9,25,26] propose three types of detection methods: event-based, parameter-based, and response-based.While the here-mentioned eventbased methods correspond to the above-defined one, parameter-based and response-based methods, as defined by [9,25,26], can be regarded as subsets of the above-defined responsebased method by [2,[22][23][24].To avoid confusion in the naming and classification between the methods from [2,[22][23][24] and [9,25,26], we propose the following classification of the detection methods for triggering: 1.
Response-based: defined as above; (a) Limit-based: Monitoring the dynamic system response, e.g., voltage measurements, and if the monitored quantity reaches the limit (threshold set in Parameterization step), predetermined SIPS mitigative actions are triggered.These methods correspond to the parameter-based methods as defined in [9,25,26]; (b) Trajectory-based: Monitoring the dynamic system response and deciding on the type and extent of mitigative actions based on the real time response of the system and the severity of the contingencies.These methods correspond to the response-based methods as defined in [9,25,26].
Upon the occurrence of a contingency in the system, timely SIPS reaction is of essence to prevent potentially serious consequences.Therefore, detection methods identifying the need for the triggering of mitigative actions, in addition to needing to be reliable, also have to be fast enough.For that purpose, event-based and limit-based methods usually use look-up tables [27].When it comes to trajectory-based methods, the use of look-up tables may not be feasible due to the complexity of making decisions on triggering and the extent of the mitigative actions.Instead, some literature examples propose the use of machine learning and data-mining approaches [26,[28][29][30].For example, machine learning methods can be used to classify post-contingency system responses into the ones requiring and not requiring the deployment of mitigative actions.Furthermore, classification can be expanded such that certain system responses trigger specific sets of mitigative actions.Compared to mathematical methods, machine learning methods can generally be faster in identifying a need for the triggering of mitigative actions, as they do not require carrying out computationally demanding tasks in real time.
While being a very powerful tool, machine learning methods also have their limitations.The training of machine learning models requires representative data of the possible scenarios that the system may encounter.Therefore, the performance of machine learning models can be directly correlated with the quality of the training data [32][33][34].While the quality of the data may be enhanced with pre-processing, issues such as over-fitting, misrepresentation, or the non-equal representation of scenarios may appear [32][33][34].For example, if there exists a scenario (e.g., different operating points or different contingency combinations) that is not well represented in the training data, there is a risk that the detection method would fail to correctly trigger the SIPS in the case of the occurrence of such a scenario.On the other hand, mathematical methods do not depend so much on historical data but instead use more physics-driven models for the analysis of the system's phenomena making them more reliable and trustworthy, as seen by system operators so far.

Literature Survey and Classification
After defining SIPSs and describing their main execution steps in the previous two sections, this section tries to provide information on the most common SIPS types, i.e., which are the most common combinations of their features as analyzed/described in the literature.For this purpose, a literature review has been carried out.Most of the analyzed references come from academia with some also describing industry practice.The references have been classified according to the type of SIPS features that they are addressing.The classifications are provided in Tables 2 and 3. Based on Table 2, the most considered mitigating action in the literature is load shedding, followed by generation rejection and generation rescheduling.These type of actions are historically the most used in practice, so it is no surprise that they are well represented in the literature.However, recent references propose less expensive-but not so practice-proven-mitigating actions involving the use of power electronics to, e.g., provide a more flexible mitigation strategy, and intelligent controlled network splitting and reconfiguration.The latter methods, while not so proven in practice, show considerable potential for the future development of more advanced SIPSs.Looking further at Table 2, it can be seen that the mitigative actions that target the adjustment of active power flows in the grids are much more considered than the methods where reactive power is used.It is not certain why this is the case.However, one reason might be that the objectives of SIPSs are more easily satisfied by altering active power flows than reactive power flows.A follow-up question that needs to be answered is: what are the costs of methods that alter active power versus methods that alter reactive power flows in the grid?

•
What are the most considered mitigating actions in the literature for certain SIPS objectives?
Among the analyzed references, the most pronounced correlation is between voltage stability objective and load shedding as a mitigation to improve it.It is also worth noting that controlled islanding and FACTs control as mitigation were considered in the analyzed literature only for improving the transient angle stability objective.

•
What are the most considered detection methods for SIPS triggering events in the literature?
From Table 3, it seems that the analyzed literature targets equally event-based and response-based detection methods for triggering.Among response-based methods, trajectory triggering is more represented.This means that the literature opts for more advanced detection methods (trajectory triggering) when the measurement of the system response is available.This is somewhat reasonable, as trajectory-triggering detection methods allow the extent of mitigative actions to be scaled more precisely, making them less expensive and possibly more reliable than limit triggering.On the other hand, when it comes to reliability and simplicity, practice tends to favor event-based detection methods.This may be one of the reasons why they are equally well represented in the literature as more advanced, but also more complex, response-based methods.

Implementations in the Nordic Power System
The purpose of this section is to share information from the real-life implementation of SIPSs.The Nordic interconnected power system is managed by the TSOs of the four Nordic countries: Denmark, Finland, Norway and Sweden.As mentioned in the section on definitions and terms, the fact that there is no general nomenclature used for terms and definitions related to SIPSs might cause confusion.This is also the case for Nordic terminology.
In [53], Nordic TSOs describe that System Protection Schemes are used to preserve system integrity and provide acceptable system performance.Furthermore, in [50], System Protections are described to limit the impact of faults and to securely increase the capacity of the transmission network.
On a national level, the nomenclature differs: the TSO in Norway (Statnett) uses System Protection (Norwegian: Systemvern [54]) as a general term for SIPSs, while the TSO in Sweden (Svenska kraftnät) considers Network Protection (Swedish: Nätvärn [3]) as the main term.Svenska kraftnät considers System Protection (Swedish: Systemvärn [3]) as one type of Network Protection, and as a voltage or frequency controlled and used to counteract system collapse, i.e., similar to the ENTSO-E definition of System Protection Schemes.Additionally, the terminology used for arming and triggering can easily become confusing: the Swedish TSO uses the terms in operation for arming and activate for triggering (Swedish: i drift/aktivera [3]), while the Norwegian TSO uses activate for arming and trigger for triggering (Norwegian: aktivering/utløse [54]).
The collaboration between the Nordic TSOs includes detailed agreements regarding SIPSs, as described in the Nordic System Operation Agreement [15].Table 4 presents a mapping of SIPSs in the Nordic power system.As illustrated in the table, SIPS are implemented with several design objectives utilizing various mitigating action types and detection methods.
SIPSs with the goal to increase both system reliability and capacity are utilized in the Nordic system.The latter type is subject to several requirements which may, depending on the consequence of a SIPS malfunction, include the redundancy and reliability levels of the SIPS's functionality as well as a mutual agreement between all Nordic TSOs if a SIPS function might result in an event larger than the dimensioning fault [55].
Table 4. Classification of SIPS 1 integrated in the Nordic power system, based on information available in [3,15].

SIPS
1 Detection method for triggering: event-based (X) and response-based (O). 2 Additionally, including the mitigating action type: generation start-up.
In [15], several SIPSs are mentioned to support stability without defining which stability phenomena they relate to.Therefore, an objective called "Stability undefined" is included in the table.Regarding SIPSs with the objective to support frequency stability, mitigating actions are adapted to the combined operational reserves where the trigger levels for response-based SIPSs are set to act in case the frequency continues to drop or rise even after the frequency-controlled disturbance reserves have been used [15].HVDC control (emergency power) is a mitigating action available for all DC installations in Nordic power systems and other AC systems [15].The HVDC control is used in situations where the frequency is above or below a pre-defined limit and the link is not already providing its maximum possible contribution.Additionally, load shedding, generation start-up and grid reconfiguration are used by response-based (limit-based) SIPSs for monitoring frequency deviation.Grid reconfiguration is a remedial action type not explicitly identified in the literature survey which, in Nordic systems, is a commonly used action type for SIPSs with objectives related to both stability and overloading.
Event-based SIPSs are often complex and involve mitigating actions for controlling facilities far from the relays which trigger the SIPSs.These SIPSs are not always armed: it rather depends on the operational situation.
SIPSs are deployed to various degrees, with national strategies largely influencing the level of SIPS deployment.In the Nordic power system, the Norwegian TSO Statnett employs SIPSs to a large extent to enable transfer capacities above the conventional N-1 levels [54], while the Swedish TSO Svenska kraftnät uses SIPSs to a lesser extent.There are, however, ongoing activities to further use SIPSs to increase the capacities of limited bottlenecks in Sweden [56].In the Norwegian power system, SIPS implementation has been progressing since the 1980s, and the intensified SIPS penetration implies an augmented operational demand in terms of both utilization and the complexity of the power system [21].
The extensive use of SIPSs may originate from the fact that the Norwegian TSO, Statnett, considers the use SIPSs as a social, economic, rational solution to mitigate local constraints or operational restrictions [54].In the Norwegian regulations describing the practices related to SIPSs, it is, however, underlined that the system operator must balance the risk and cost related to a potential triggering of a SIPS to the cost of other system controls (like the operators themselves limiting the power flow on certain lines so the system will manage a lost line even without SIPS remedial action) [54].The risk evaluation considers different conditions, such as the weather.In an extreme weather situation, with a higher risk of triggering a SIPS, the operator might find it more reasonable to control the power flow than to arm a SIPS.The regulation also states that the system operator should consider that armed SIPSs increase the system complexity and might introduce an imbalance into the system.The manual arming of SIPSs is based on analyses from the planning phase applied in the operational phase, depending on the actual operational situation.Similarly, the extent of mitigating actions is updated in the operational phase based on state estimator data [12].
In the Chilean power system, SIPSs are utilized in a similar manner as in the Norwegian case: to increase the capacity of the transmission grid.This is well described in [11], where four economical drivers are presented for Chilean SIPSs: releasing congestion for an economical dispatch; time shifting between generation and transmission; maximizing the availability of generation assets; and avoiding rationing risk by relieving congestion.
The operational cost of SIPSs in Norway is presented in Statnett's annual report [57], and includes the cost for the triggering of generation rejection (or rescheduling) and load shedding.Production units connected to a SIPSs receive a yearly fee and, on top of this, they also receive pre-defined compensation in case the unit is triggered.In case of load shedding, the TSO compensates according to the penalty fees which the network owners have for non-delivered energy.The yearly cost is thus dependent on the number of times these types of SIPSs are triggered, and on the amount of load or production which is affected (the mitigative action extent).
Figure 3 presents the number of load shedding and generation rejection events and the corresponding cost for the years 2015 to 2020 [58].There is a clear peak in 2019 which relates to load shedding, which was triggered on five occasions resulting in a load shedding amount of about 1730 MW (the durations of the disconnections are not available).This could be compared with the load shedding of about 560 MW in 2017, which also had the same number of triggering occasions.It should be noted that the total number of triggered SIPSs in Norway also includ grid reconfiguration and emergency power from the HVDC.For example, the total nu ber of SIPS triggering events in 2020 was 30, and in 2019 the corresponding number w 17.The additional triggers were mainly related to grid reconfiguration.
Figure 4 presents how the SIPS-related costs developed during the years 2006 to 20 together with the total SIPS triggering events.As seen in the figure, there is a low corr tion between the cost and the number of triggering events.In addition to the lack of in mation on the extent of the mitigating action, many of the triggering events relate to g reconfiguration, which does not result in a direct SIPS-related operational cost.It should be noted that the total number of triggered SIPSs in Norway also included grid reconfiguration and emergency power from the HVDC.For example, the total number of SIPS triggering events in 2020 was 30, and in 2019 the corresponding number was 17.The additional triggers were mainly related to grid reconfiguration.
Figure 4 presents how the SIPS-related costs developed during the years 2006 to 2020, together with the total SIPS triggering events.As seen in the figure, there is a low correlation between the cost and the number of triggering events.In addition to the lack of Energies 2022, 15, 3920 13 of 16 information on the extent of the mitigating action, many of the triggering events relate to grid reconfiguration, which does not result in a direct SIPS-related operational cost.
It should be noted that the total number of triggered SIPSs in Norway also includ grid reconfiguration and emergency power from the HVDC.For example, the total nu ber of SIPS triggering events in 2020 was 30, and in 2019 the corresponding number w 17.The additional triggers were mainly related to grid reconfiguration.
Figure 4 presents how the SIPS-related costs developed during the years 2006 to 20 together with the total SIPS triggering events.As seen in the figure, there is a low corre tion between the cost and the number of triggering events.In addition to the lack of inf mation on the extent of the mitigating action, many of the triggering events relate to g reconfiguration, which does not result in a direct SIPS-related operational cost.

Discussion
The naming conventions and terms used to relate to various solutions broadly plac under the SIPS umbrella complicate the development of new SIPS solutions a knowledge sharing.We believe that creating a common definition which can describe a type of SIPS has a value and is something which the industry should aim for.This pap therefore, proposes such a definition where a SIPS is defined by its overall goal, its obj tive, and the specific means of which it acts.The standardization of terms, as proposed Table 1, aims to further decrease the risk of misinterpretation.

Discussion
The naming conventions and terms used to relate to various solutions broadly placed under the SIPS umbrella complicate the development of new SIPS solutions and knowledge sharing.We believe that creating a common definition which can describe any type of SIPS has a value and is something which the industry should aim for.This paper, therefore, proposes such a definition where a SIPS is defined by its overall goal, its objective, and the specific means of which it acts.The standardization of terms, as proposed in Table 1, aims to further decrease the risk of misinterpretation.
To further facilitate knowledge sharing, this paper proposes a way to classify SIPSs by structuring the planning and operational phases.The proposed structure presented in Figure 1 is derived from analyzing and comparing the most common ways to group SIPS actions into general steps according to their similar objectives, i.e., SIPS arming, parameterizing, and triggering.While the proposed structure intends to overcome the downsides of previously proposed structures, it is likely that, with time, the proposed structure may also become obsolete.Each proposal for the structuring of SIPS phases and steps creates a framework to classify research and SIPS solutions which may, in colloquial language, be interpreted as creating a "box" in which to put the research.However, it is widely known that some of the most innovative and revolutionary results in science come from thinking outside of the "box".Sticking hard to any of the proposed SIPS structures of research phases may hinder the innovation component of future research.Therefore, the authors of this paper would like to see the proposed structure not as a "box", but more as a guideline on how current state-of-the-art SIPS research and current industry implementation can be classified and to provide a classification framework for future developed methods by sharing the principles of already existing ones.
It is interesting to note that, according to public literature, there are no SIPSs in Nordic countries used to prevent transient angle stability, which is an objective quite commonly described in the other reviewed literature.Whether this is due to this being included in the objective called stability in an unspecified sense has not been further investigated in this review.Additionally, the public literature available is from 2013, and whether this has changed is not known to the authors.
Although the statistics available from the Norwegian TSO give a sense of how often SIPSs are triggered in a country where SIPS solutions are deployed to quite a wide extent, it would be interesting to compare these figures to the corresponding data of other countries.Additionally, the value of the statistics of SIPS-related costs would increase if placed in relation to the gains of using SIPS in a cost-benefit assessment.For example, in relation to the savings by customers due to lower energy prices related to the use of SIPSs, or to the additional earnings of electricity producers (or increased governmental tax-related income).Investigating the views of other countries using SIPSs for socio-economic effects, and how they evaluate risk versus value, is also a subject worth further investigation.
We have found that using SIPSs to increase grid capacity is a practical solution to an escalating problem, given that the increased complexity must be considered.The growing use of SIPSs implies the need for more research in the area, and thus the need for the standardization of terms related to SIPSs.

Conclusions
It is important to realize that there are currently no common definitions or nomenclature for SIPSs.In this paper, we show clear examples of terms which can be interpreted in different ways.Thus, the terms proposed in this paper-Arming, Triggering, and Mitigative actions-are intended to support a standardized SIPS nomenclature.Furthermore, clear and consistent descriptions of the SIPS execution steps, here proposed as Arming, Parameterization, and Triggering, provide additional support for the development and implementation of SIPS solutions.
Although a common definition might be desirable, a practical way to obtain a clear understanding without the need for a global classification of SIPSs or potential sub-categories could be to define each SIPS by its goal, objective, and means.This would distinguish each control scheme by:

•
Goal: Whether the SIPS is there to increase the power system's reliability and/or capacity.

•
Objective: Which phenomena or various type of stability and/or overloading the SIPS targets for mitigation by preventing the degradation of the power system's technical performance, i.e., in cases of nonsecure pre-contingency system states or extreme contingencies.

•
Means: Which Mitigative actions the SIPS can utilize.
There are, however, challenges in reaching an international consensus and standardizing nomenclature and definitions, but the values of these should not be underestimated.To support the integration of SIPSs in power systems worldwide, and to provide clarity in communication, standardized nomenclature has significant benefits.With several international interconnections already equipped with SIPSs, and a foreseen increase in SIPS use in general, the risk of misunderstanding, which ultimately may lead to faulty implementation, will escalate if different terminologies continue to be in use.
With increasing interest in SIPSs, the literature on SIPSs is also increasing.In order to maintain a comprehensive view of current accomplishments and relevant future topics, up-to-date literature reviews are needed.This paper provides one of such reviews with an emphasis on the classification of the current literature according to different SIPS features.From this classification, conclusions about well-established and areas of future research are drawn.One of these conclusions is that the most commonly considered SIPS mitigative action is load shedding for the purpose of addressing voltage instability and thermal overloading.However, more sophisticated SIPS actions, e.g., HVDC and FACTS control, var rescheduling and grid reconfiguration, are much less present in the literature, presenting a gap for future research.

17 Figure 1 .
Figure 1.SIPS planning and operation phases and execution steps.

Figure 1 .
Figure 1.SIPS planning and operation phases and execution steps.

Energies 2022 ,Figure 3 .
Figure 3. Number of load shedding and generation rejection events as well as SIPS-related costs the years 2015-2020, based on information available in [58].

Figure 3 .
Figure 3. Number of load shedding and generation rejection events as well as SIPS-related costs for the years 2015-2020, based on information available in [58].

Figure 4 .
Figure 4. SIPS-related costs (based on information available in [58]) and total number of SIPS tri gers (input provided by Statnett).

Figure 4 .
Figure 4. SIPS-related costs (based on information available in [58]) and total number of SIPS triggers (input provided by Statnett).

Table 1 .
List of terms related to the design of System Integrity Protection Schemes.