Defining operational states and codifying these into control strategies has many advantages in improving safety and overall operational performance.
The thrust of his message to the attendees was that by using dynamic alarm management and operating discipline in a state-based control environment, organizations can strike the necessary balance between human operation and automation support to enhance operability and improve safety performance.
It’s best to limit reliance on safeguards by implementing good operating discipline into the control systems. The Center for Chemical Process Safety (CCPS) recognizes three levels of safeguard reliability—passive, active and procedural. Passive safeguards such as using less toxic chemistry are most reliable and operating procedures are least reliable.
Tom noted that state-based control is not typical basic process control, advanced regulatory control or model predictive control. It is the capture of operating discipline into the automation. Through this automation, the correct operating discipline is executed consistently even under conditions of stress and fatigue.
Effective operating discipline limits reliance on safeguards and is proactive. Instead of waiting for safeguards to protect people and the plant, good operating discipline actively works to keep processes within their operating boundaries to avoid alarms and trips.
For a particular state, such as startup, alarms can be enabled and disabled for what makes sense for the state and controller modes set properly for the relevant loops. Operators need to get correct, timely and unambiguous alarms that indicate what they need to do, and the operating discipline needs to execute correctly. It boils down to proper detection, knowledge and action.
Alarms should be designed to the ANSI/ISA 18.2 Management of Alarm Systems for the Process Industries standard to avoid alarm flood conditions. This includes dynamic alarm management (DM)—disabling alarms that aren’t relevant for a particular state.
Tom cited a statistic where 75% of plant incidents occur in non-steady state conditions, such as during startup and shutdowns. These and other states need to be identified and alarms dynamically optimized for the state. These states can either be inferred from process parameters or from a distributed control system (DCS) state-drive approach.
The DCS state-driven approach uses a combination of operator-initiated state transitions along with DCS logic to enable the operator to drive the process to the desired state. It is used for dynamic alarm management, but also provides the option of higher levels of automation through the automation of operating discipline.
For example, a burner management system may have states such as not in service, purging, preparing to light, light pilots, etc. The operators may initiate the light off but then the burner management system manages the mechanics of a safe light off.
By optimizing alarm-induced requests for operator action and automating processes that require precise timing and conditions to avoid hazard, organizations can more easily avoid the most serious safety, environmental, and disruptive incidents.
These states also provide the opportunity for coordinated safety responses with safety instrumented functions. This interconnectivity is very important in properly starting up the process as well as in normal shutdowns, emergency shutdowns, and degradations from the normal running state.
The safety function operates, as it should, independent of the basic process control system. The state-based control uses one or more safe states within the unit to manage the other ramifications of the trip with in the unit. This lets the other units know whether they can provide services or need to use services.
Tom concluded explaining that state-based control maximizes the investment return in the DCS by capturing knowledge in the form of operating discipline that can be leveraged to greatly reduce the likelihood of unplanned incidents in the plant environment.
Good operating discipline is proactive and with state-based control, safety and operability are enhanced through the uses of dynamic alarm management and automation of safe states in units, going beyond a safety instrumented function to optimize the response to degradation scenarios.
The associated dynamic alarm management should surgically prompt operators as they are needed to interact with the process and control system. The operators’ skills are needed to act on a higher level and manage the process through normal operation, start up, shutdown, and upset conditions.
Visit the Alarm Management section on Emerson.com for more on applying these practices.