Professional Documents
Culture Documents
(2005)
INTRODUCTION
Recently, major incidents have been caused or worsened by
the excessive and undisciplined growth in the quantity of
alarms and for that reason, effective alarm management
(A.M.) has moved to the top of many plant project lists.
Many currently installed computer control systems provide only limited information regarding abnormal operation.
The operator information is often not enhanced by the computer control system, and the operator is forced to search out
trends and use intuition and experience to evaluate abnormal
plant status.
Alarm growth is a natural outcome of the increased information load provided by modern control systems. However,
if alarms are not managed in a disciplined manner, uncontrolled alarm growth can result, leading to ineffective and
potentially dangerous alarm situations.
A structured approach to alarm management has emerged
to increase alarm effectiveness and thereby overall plant safety.
History of Alarm Systems
In the not-too-distant past, alarm systems consisted of a few
selected process measurements, which were hard-wire connected to panel board mounted annunciators or indicator lights,
which activated when the measurements exceeded some predefined limits. These panels provided alarm annunciation to
the plant operator. The panels were large but limited in capacity
and thereby tended to limit the number of configured alarms.
Modern distributed control systems (DCS) and programmable electronic systems (PES) are capable of defining limits
for each field measurement. Furthermore, calculated parameters, such as rate of change or a combination of field measurements could also have defined limits. Therefore, computer-based control systems have the capability to vastly
increase the number of configured alarms.
Alarms not only increase the amount of information provided to the operator but can often also be a source of operator
overload and confusion. There have been a number of major
incidents that might have been prevented if the plant operator
had recognized critical alarms among the flood of alarms that
1
were activated. One notable example of an alarm problem
was the Three Mile Island accident in 1979, where important
alarms were missed because of the flood of alarms received.
60
General
management as an existing layer of protection, thereby assigning the alarm system components some designated level of
reliability.
Alarms that are not designated as safety should be carefully designed to ensure that they fulfill their role in reducing
demands on the safety-related systems.
For all alarms, regardless of their safety designation, attention is required to ensure that under abnormal conditions or
under severe emergency situations, the alarm system remains
effective and the limitations of the speed of human response are
recognized in its design.
Normal
operating
range
Alerts
Operator alarm
Protective systems
FIG. 1.6a
Graphic description of the relationship between alerts and safetyrelated alarms.
FIG. 1.6b
Alerts can progress into alarms and eventually into safety shutdowns.
Alarm Processing
61
62
General
Operational metrics must also be used, such as production rate, off-quality production, number of upsets, and any
other factors that the plant considers important or relevant.
Safety and environmental metrics that must be used are the
number of plant shutdowns, number of incidents/near misses,
releases to the atmosphere, and pressure relief activations or
releases to flare.
The amount of information needed to develop these metrics is daunting, thereby requiring special software to sort the
alarm journals in an efficient manner. Many DCS and Supervisory Control and Data Acquisition (SCADA) systems and
vendors provide alarm management features or products.
However, some of these are either primitive or do not provide
the necessary purpose by themselves, though they are generally improving.
There also are some add-on alarm software products on
the market that enhance a control systems basic alarm capabilities by providing online A.M., advanced logical processing
of alarms, alarm pattern recognition, and dynamic reconfiguration of the alarm system for varying operating conditions.
Developing an A.M. Philosophy Document A consistent, comprehensive alarm management procedure/philosophy is necessary before beginning an alarm rationalization project.
This procedure typically covers alarm type (quality, safety,
environmental, maintenance information), method of prioritization of alarms, alarm logical processing methods, and testing
requirements.
Reviewing the Basis for Alarm Set Points Evaluation of the
alarm configuration file and the accompanying engineering
reports is required to verify the basis for the alarm set points.
If not available, then an engineering study must be made to
recreate the basis for the alarm set points.
Identifying the purpose of the alarm and its correlation
to other alarms is particularly important. Analysis of the
alarm purpose includes defining the consequences of inaction
to alarm notification.
Analyzing Alarm Histories Dynamic analysis of the alarm
journals of several previous months is required to get a statistically valid sample. Disadvantages include correlation with operational, process, or equipment events which may not be available
in the electronic database.
Prioritizing the Alarms The significance of the alarm must
be determined through a ranking scheme or identified during
the HAZOP study. The process hazard/risk analysis must
determine the level of importance that is associated with the
operator detecting the alarm and performing the expected
action. Prioritization helps ensure that the operator understands
the importance of the alarm itself as well as the importance of
the alarm in relationship to other alarms.
The prioritization scheme is generally limited to the control
systems capabilities along with third-party alarm management
software on the system. The number of prioritization levels
should be kept to a minimum to minimize operator confusion.
Typical alarm priority categories can be critical, high, medium,
and low.
Incorporating Operator Actions in Procedures In addition to
ensuring that each alarm has a defined operator response, operator reliability must be enhanced by lowering the workload,
reducing the number of false alarms, and making the alarm
displays obvious and the operator responses simple. Management should be made responsible to ensure that the operators
are well trained and that their performance is tested.
Considering Advanced Logical Processing Techniques In addition to grouping alarms, various suppression techniques and
artificial intelligence techniques may be piloted and then incorporated into the alarm system.
Updating the Alarm Presentation Techniques The latest techniques in DCS graphic design and control system design should
be considered to enhance operator effectiveness.
Implementing the Rationalization Project Since the rationalization may add or remove alarms and change presentation
techniques or configuration parameters, it is necessary to have
an implementation plan that involves the participation of the
appropriate personnel, such as the operators and operating
staff.
References
1.
2.
3.
Benchmarking the New Alarm System Once the alarm rationalization is implemented, the final system should be evaluated
to determine the degree of success of the rationalization effort.
For example, the alarm rate should be less than one per
10 minutes (some plants suggest that one per 5 minutes is
63
4.
5.
6.