Best Practices in Process Plant Alarm Management

1
Best Practicesin Process Plant Alarm Management

• Peter Andow
• Honeywell Hi-Spec Solutions

2
Best Practices

• The EEMUA Guidance the de facto standard
  multiple recommendations
• Most effective options
• Create a realistic Alarm Philosophy document
  often based on performance analysis
• Basic Alarm Rationalisation (based on Alarm
  Philosophy). Initial focus on bad actors
• Regular alarm configuration enforcement
• Alarm suppression
• Improved graphics

3
Alarm Philosophy Elements

• Purpose of the Alarm System
• Alarm design principles
• Key performance indicators
• Approved techniques
• Priority assignment
• Alarm presentation
• Operator roles

• Interplay with procedures
• How people are trained
• How alarm system will be maintained
• Management of change
• Escalation policy
• When to stop trying to return to normal
• When to initiate disaster management

4
Philosophy Element Consequence vs. Priority
Site-specific categories for Events, Consequences
and Urgency
Consequence
5
Philosophy Element Consequence vs. Priority
Consequence
6
Philosophy Element Consequence vs. Priority
Consequence
7
Alarm Rationalisation
8
Alarm Rationalisation Safety-Related Alarms

• Safety-Related alarms (as per the IEC 61508
  definition) need special treatment. They should
  not be DCS-based. They will usually require
  careful engineering, dedicated displays etc.

9
Rationalisation Data
PIDs HAZOP etc.
Operations Expertise
Tag and Event data (from EA)
Alarm performance data (from AEA)
10
Alarm Rationalisation Details

• For each alarm
• Review the data may have used an analysis tool
  before the meeting but additional queries may
  be required
• What is the cause(s) of the alarm event?
• What is the consequence(s) of no action?
• What ACTION(s) is required? (No Action means No
  Alarm!)
• Is the alarm TYPE correct?
• Is the TRIP POINT correct? (May relate to other
  alarms etc.)
• Is the DEAD BAND (if used) appropriate?
• Is the PRIORITY correct? (As per the Philosophy)
• Identify any housekeeping changes required
• Document the results

11
Definition of Alarm Settings
PV
Normal Efficient Operation (depends on other
conditions)
Time
12
Definition of Alarm Settings
In many systems, these are the alarm limits!
PV
Current Operating Target Range
Time
13
Definition of Alarm Settings
Fastest rate of change that operator is expected
to handle
PV
Current Operating Target Range
Time
14
Definition of Alarm Settings
Trip System Limit
PV
Current Operating Target Range
Time
15
Definition of Alarm Settings
T
Possible alarm limit .. could be lower .. but
should not overlap the green area
A
PV
Current Operating Target Range
Time
16
Definition of Alarm Settings
T
Operator Plant Response Time (for fastest
disturbance)
A
PV
Current Operating Target Range
Time
17
Definition of Alarm Settings
T
Upper Margin
If there is no upper margin the chance of the
trip occurring will increase
A
PV
Current Operating Target Range
Time
18
Definition of Alarm Settings
T
If there is no lower margin alarms will occur
too often
A
Lower Margin
PV
Current Operating Target Range
Time
19
Definition of Alarm Settings
T
A
PV
Current Operating Target Range
Time
20
Rationalisation Resources
Data gathering and annotation can take ½ to 4
days or more. Dont forget time to verify plant
drawings PIDs
Can typically rationalise from 15 to 40 alarms
per day
Enhanced techniques and graphics modifications -
too variable to estimate. Depends on plant
standards and current system
Add time forAPPROVALSMOCTESTINGTRAININGCUTOV
ER
Add time for validation and post audit
21
Regular Monitoring and Enforcement

• Regularly compare Engineered and DCS settings
• By scheduling
• On demand
• Generate exceptions list and display to
  operator

22
Regular Monitoring and Enforcement

• Conditional Alarm Enforcement
• Operator views list of exceptions (e.g. at end
  of shift)
• Can selectively restore the Engineered alarm
  settings
• Can retain as is settings (if required by
  temporary plant operating conditions)

23
Example exceptions list from ACM
24
Regular Monitoring and Enforcement
Enforcement results form basis for shift handover
25
Tracking Plant Operational Modes

• When the plant operational mode changes, the
  alarm settings should follow but on most plants
  the alarm settings dont change.

As mode changes
26
Alarm Suppression

• Use of multiple modes is one way of suppressing
  alarms that are not relevant to a particular
  plant operating configuration
• Custom code for suppression of consequential
  alarms is also possible but no general
  agreement on the best techniques

27
Improved Graphics

• Graphics style and effectiveness varies
  enormously
• The ASM Consortium has produced guidelines for
  graphics that are intended to improve operator
  effectiveness during abnormal situations
• The ASM guidance includes recommendations for
  alarm display and management

28
Abnormal Situation Management
Joint Research and Development Consortium
Innovating and Fielding ASM Solution Concepts
Abnormal Situation Management and ASM are U.S.
registered trademarks of Honeywell Inc.
29
ASM Graphics Guidance Groups
Each of the 16 groups has a number of separate
guidelines around 90 guidelines in all.
30
An ASM-Style Schematic Display
Process values and abnormal conditions have the
most contrast with background bringing them to
the foreground.
31
Summary and Conclusions

• The EEMUA guidance is the accepted source of
  Alarm Management best practice
• The most effective options for improvement
  require a coherent Alarm Philosophy and a
  rationalised alarm system
• Alarm configuration management, alarm suppression
  and better graphics can also yield significant
  improvements
• Substantial improvements are possible