Best Practices in Process Plant Alarm Management

Peter Andow Honeywell Hi-Spec Solutions

Best Practices

The EEMUA Guidance the de facto

standard multiple recommendations

Most effective options:

Create a realistic Alarm Philosophy document
often based on performance analysis

Basic Alarm Rationalisation (based on Alarm

Philosophy). Initial focus on bad actors

Regular alarm configuration enforcement Alarm suppression Improved graphics

2 2003 Honeywell Industry Solutions

Alarm Philosophy: Elements

Purpose of the Alarm System principles

Interplay with procedures

Alarm design

Key performance indicators Approved techniques Priority assignment Alarm presentation Operator roles
3

How people are trained How alarm system will

be maintained

Management of change Escalation policy

When to stop trying to
return to normal

When to initiate disaster

management

2003 Honeywell Industry Solutions

Philosophy Element: Consequence vs. Priority

Safety Environmental Production loss Equipment damage Inefficient operation Consequence Urgency Now ( < 5 min) Next ( 5-15 min) Later ( >15 min)
4

Site-specific categories for Events, Consequences and Urgency

Minor

Moderate

Major

Extreme

2003 Honeywell Industry Solutions

Philosophy Element: Consequence vs. Priority

Safety Environmental Minor release inside boundary Safety Shower Out Potential fatality or of Service worse Significant release Notifiable release inside boundary

Production loss Lower efficiency, Non-spared Non-spared Downtime more Increased fouling equipment trip equipment will trip than Equipment Pump damage Pump damage (no Damage to major Critical equipment damage (spare on hand) spare) equipment likely destroyed Inefficient < $50k $50 to 100k > $100k operation Consequence Minor Moderate Major Extreme Urgency Now ( < 5 min) Next ( 5-15 min) Later ( >15 min)
5 2003 Honeywell Industry Solutions

Philosophy Element: Consequence vs. Priority

Safety Environmental Minor release inside boundary Safety Shower Out Potential fatality or of Service worse Significant release Notifiable release inside boundary

Production loss Lower efficiency, Non-spared Non-spared Downtime more Increased fouling equipment trip equipment will trip than Equipment Pump damage Pump damage (no Damage to major Critical equipment damage (spare on hand) spare) equipment likely destroyed Inefficient < $50k $50 to 100k > $100k operation Consequence Minor Moderate Major Extreme Urgency Now ( < 5 min) High High Emergncy Critical Next ( 5-15 min) Low High Emergncy Critical Later ( >15 min) Low Low High Critical
6 2003 Honeywell Industry Solutions

Alarm Rationalisation

The process by which the alarm database is investigated

1. Reduce the number of configured alarms significantly

AND
Intent: Each alarm activation is informative and provides proper directional diagnosis 2. Ensure that the remaining alarm parameters are correctly specified giving fewer activations

2003 Honeywell Industry Solutions

Alarm Rationalisation: Safety-Related Alarms

Safety-Related alarms (as per the IEC 61508 definition) need special treatment. They should not be DCSbased. They will usually require careful engineering, dedicated displays etc.

2003 Honeywell Industry Solutions

Rationalisation Data
Operations Expertise PIDs + HAZOP etc.

Tag and Event data (from EA)

Alarm performance data (from AEA)

2003 Honeywell Industry Solutions

Alarm Rationalisation Details

For each alarm: Review the data may have used an analysis tool before
the meeting but additional queries may be required

What is the cause(s) of the alarm event? What is the consequence(s) of no action? What ACTION(s) is required? (No Action means No Alarm!)

Is the alarm TYPE correct?

Is the TRIP POINT correct? (May relate to other alarms etc.) Is the DEAD BAND (if used) appropriate? Is the PRIORITY correct? (As per the Philosophy) Identify any housekeeping changes required Document the results

10

2003 Honeywell Industry Solutions

Definition of Alarm Settings

PV

Normal Efficient Operation (depends on other conditions)

Time
11 2003 Honeywell Industry Solutions

Definition of Alarm Settings

In many systems, these are the alarm limits!

PV
Current Operating Target Range

Time
12 2003 Honeywell Industry Solutions

Definition of Alarm Settings

Fastest rate of change that operator is expected to handle

Slower rate of change

PV
Current Operating Target Range

Time
13 2003 Honeywell Industry Solutions

Definition of Alarm Settings

Trip System Limit

PV
Current Operating Target Range

Time
14 2003 Honeywell Industry Solutions

Definition of Alarm Settings

Possible alarm limit .. could be lower .. but should not overlap the green area

PV
Current Operating Target Range

Time
15 2003 Honeywell Industry Solutions

Definition of Alarm Settings

T Operator + Plant Response Time (for fastest disturbance)

PV
Current Operating Target Range

Time
16 2003 Honeywell Industry Solutions

Definition of Alarm Settings

Upper Margin

If there is no upper margin the chance of the trip occurring will increase

PV
Current Operating Target Range

Time
17 2003 Honeywell Industry Solutions

Definition of Alarm Settings

T If there is no lower margin alarms will occur too often

PV

Lower Margin

Current Operating Target Range

Time
18 2003 Honeywell Industry Solutions

Definition of Alarm Settings

PV
Current Operating Target Range

Time
19 2003 Honeywell Industry Solutions

Rationalisation Resources

Data gathering and annotation can take to 4 days or more. Dont forget time to verify plant drawings & P&IDs

Can typically rationalise from 15 to 40 alarms per day

Add time for validation and post audit

Add time for: APPROVALS MOC TESTING TRAINING CUTOVER

Enhanced techniques and graphics modifications - too variable to estimate. Depends on plant standards and current system

20

2003 Honeywell Industry Solutions

Regular Monitoring and Enforcement

Regularly compare
Engineered and DCS settings: By scheduling On demand

Engineered Alarm Setting Database

Alarm Setting Management

DCS Alarm Settings

Generate exceptions list and display to operator

DCS Alarming

Sensors

21

2003 Honeywell Industry Solutions

Regular Monitoring and Enforcement

Conditional Alarm Enforcement:

Operator views list of exceptions (e.g. at end of shift) Can selectively restore the Engineered alarm settings Can retain as is settings (if required by temporary plant operating conditions)

Engineered Alarm Setting Database

Alarm Setting Management

DCS Alarm Settings

DCS Alarming

Sensors

22

2003 Honeywell Industry Solutions

Example exceptions list from ACM

Operator can override exceptions by moving them to the OverrideWhen ready the Enforcement pane operator starts the enforcement

All exceptions in the To Be Enforced pane initially

23

2003 Honeywell Industry Solutions

Regular Monitoring and Enforcement

Engineered Alarm Setting Database

Enforcement results form basis for shift handover

Alarm Setting Management

DCS Alarm Settings

DCS Alarming

Sensors

24

2003 Honeywell Industry Solutions

Tracking Plant Operational Modes

When the plant operational mode changes, the alarm settings should follow but on most plants the alarm settings dont change.

Engineered Alarm Setting Database

As mode changes

Alarm Setting Management

DCS Alarm Settings

DCS Alarming

Sensors

25

2003 Honeywell Industry Solutions

Alarm Suppression

Use of multiple modes is one way of

suppressing alarms that are not relevant to a particular plant operating configuration

Custom code for suppression of

consequential alarms is also possible but no general agreement on the best techniques

26

2003 Honeywell Industry Solutions

Improved Graphics

Graphics style and effectiveness varies

enormously

The ASM Consortium has produced

guidelines for graphics that are intended to improve operator effectiveness during abnormal situations

The ASM guidance includes

recommendations for alarm display and management

27

2003 Honeywell Industry Solutions

Abnormal Situation Management

Joint Research and Development Consortium

Plant Sensors
FI 121 1

TI 436 7

Plant Actuators

LI 116 7

Operat ions Personnel

BAW Architecture

Innovating and Fielding ASM Solution Concepts

Abnormal Situation Management and ASM are U.S. registered trademarks of Honeywell Inc.

ASM Graphics Guidance Groups

G1. Display Types G2. Task Appropriate Information G3. Display Style G4. Display Layout G5. Navigation Techniques G6. Use of Color G7. Use of Symbols and Process Connections G8. Use of Text and Numbers G9. Interaction with Displays G10. Configuration Scheme G11. Audible Annunciation G12. Visual Annunciation G13. Training Program G14. On-line Guidance G15. Design Methodology G16. Management of Change
29 2003 Honeywell Industry Solutions

Each of the 16 groups has a number of separate guidelines around 90 guidelines in all.

An ASM-Style Schematic Display

Process values and abnormal conditions have the most contrast with background bringing them to the foreground.

30

2003 Honeywell Industry Solutions

Summary and Conclusions

The EEMUA guidance is the accepted source

of Alarm Management best practice

The most effective options for improvement

require a coherent Alarm Philosophy and a rationalised alarm system

Alarm configuration management, alarm

suppression and better graphics can also yield significant improvements

Substantial improvements are possible

31 2003 Honeywell Industry Solutions