Managing the alarms in a process manufacturing plant is typically a large part of a plant operator’s day. As process complexity has increased, the control system operator interface technologies have also had to improve to better communicate the abnormal conditions, which must be addressed. At a recent ISA France Section meeting, Emerson’s Hervé Gubernati presented “How to improve operator efficiency while ensuring the safe operation of the plant?”
In the introduction to Hervé’s presentation, the ISA moderator commented that 42% of accidents are due to human errors (or factors) and 35% due to equipment failures. Systems to help protect and predict equipment failure are important, as is the management of alarms.
In the presentation, Hervé described the challenges in process operations as well as solutions in alarm systems, alarm monitoring and assessment, and alarm rationalization required to address these issues.
The performance of the alarm system has a large impact on productivity and it has direct economic, environmental and safety implications. In plants where the alarm system is well designed and operating properly, operators have more time to spend fine-tuning the process, instead of having to chase nuisance alarms. There is also trust that each alarm is legitimate, and that there is sufficient time to determine the cause and respond with the appropriate course of action. A well-designed alarm system provides the operators alarms, which indicate the correct action to take and the time window required to take appropriate action.
A poorly performing alarm system compromises operator performance. In many plants, the process knowledge and experience necessary to respond correctly to an alarm is not properly documented and this knowledge can be lost through employee turnover. As plants have reduced the overall number of personnel, operators have increasing spans of control and plant area responsibilities. Hervé cites some common alarm issues:
- Alarms missed or ignored
- Not knowing how to respond when an alarm occurs
- Duplicate alarms for a single condition
- Alarm floods obscuring abnormal condition sources
- Incorrect or missing alarm prioritization
- False alarms displayed when nothing is wrong
- Alarms remaining active for long periods
- Alarm settings changed from one shift to the next
Many process manufacturers have already implemented alarm management programs using the U.K.-based Engineering Equipment & Materials Users’ Association’s EEMUA-191 as a guide. It reflects best practices for alarm management in the chemical industry in the U.K. For many years, it has stood as a de facto standard although it contains no normative (shall) clauses.
ISA-18.2 was adopted as an ANSI standard in June 2009. It builds on the EEMUA guideline, but is significantly different in that it contains normative clauses that provide the basis for audits by the insurance industry and regulatory bodies, which cite ISA-18.2 as “good engineering practice”. ISA-18.2 introduced an alarm management life cycle framework and it lays out consistent terminology for such terms as “alarm”, “alert” and “shelving”. The IEC equivalent to the ISA 18.2 standard is in the process of being formalized and is designated IEC 62682.
You may have seen a recent announcement, New Emerson alarm management program helps process industries meet engineering standards, government regulations which is designed to help process manufacturers address the alarm management lifecycle. The program is designed to help plant staff measure, report, analyze and optimize alarm systems and responses per these standards throughout the lifecycle.
The program combines an alliance with automation safety certification and consulting firm exida whose alarm rationalization software can optimize Emerson’s DeltaV control system alarms. exida’s SILAlarm provides a master alarm database and assists with the alarm philosophy, identification, and rationalization phases of the alarm management lifecycle. It guides a plant’s alarm rationalization team through a process of reviewing, justifying, and documenting the design of each alarm, including:
- Evaluation of consequences and time to respond
- Document cause, consequence, confirmation, corrective action, design intent, testing requirements
- Setpoint (limit) determination
- Setting of deadbands and on/off delays
- Alarm suppression / advanced alarming
- Functional safety management
- Routing of alarm messages
The DeltaV system addresses the detailed design, implementation, operation, and maintenance steps in the lifecycle with real-time alarming and alarm help, which provides guidance on appropriate alarm responses and response times.
The announcement also highlighted an update to the DeltaV Analyze software, which provides the monitoring and assessment required for the operations and maintenance phases of the alarm management lifecycle. The software provides reports that measure alarm system performance as prescribed by the new standards, such as peak and average incoming alarm rate and priority distribution.
The reports contain “top 20” lists of nuisance alarms of various types, such as the sources of the most frequently occurring alarms and those that remain active for the longest time. Often, fewer than 10 loops may cause 40% or more of the control system’s alarm activations. Addressing just a few of these alarms can significantly reduce operator alarm loading.
In earlier posts, I touched on the research of the Center for Operator Performance (COP) and how this research has helped shape the technologies in operator workstation software and alarm systems. Emerson was a founding member of COP to better understand how to design technologies to help improve operator performance.
As Hervé highlighted in the opening of his presentation, getting the alarm management lifecycle optimized has direct economic, environmental and safety implications.