CT534: Alarm Management - Rockwell Automation · PDF filePUBLIC PUBLIC CT534: Alarm...

PUBLIC

PUBLIC

www.rockwellautomation.com www.us.endress.com

CT534: Alarm Management How to Create an Effective Alarm Management Program

Name – Todd Stauffer Title – Director Alarm Management, exida Date – March 25 – 26, 2015

http://www.rockwellautomation.com/�

http://www.endresshauser.com/�

PUBLIC CHICAGO PROCESS SOLUTIONS SUMMIT

Agenda

Alarm Management Program – Why, What, How?

Critical Success Factors

Solving Common Issues

Benefits

Sustain & Maintain

Questions?


Alarm Management Program – Why?

Common Alarm Management Issues

□ Alarm Overload (Too many alarms for the operator)

□ Alarm Floods

□ Nuisance Alarms

□ Chattering Alarms

□ Standing / Stale Alarms

□ Bad Actors / Frequently Occurring

□ Redundant Alarms

□ Alarms which have no response

□ Alarms with the Wrong Priority

Operator Performance

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0CAcQjRw&url=http://www.neuralenergy.info/2011/09/san-diego-outage.html&ei=KJY9VLLuAoOSyQT74IKIDg&bvm=bv.77412846,d.aWw&psig=AFQjCNFliluuUZWqtbZEA_aUXn0BGy_tqw&ust=1413408500116093�


Alarm Management Program – Why?

Operator missed a critical alarm, leading to an incident Unplanned downtime Equipment damage Accident Environment Loss of Product

Operator performance / loss of experienced operators Increased Corporate or Management Interest (Risk Management) Insurance Regulatory (e.g., OSHA, PHMSA, FDA)

http://www.google.com/url?sa=i&rct=j&q=dollar+signs&source=images&cd=&cad=rja&docid=jobr56WD2oMbYM&tbnid=3pyPIROIgcTC8M:&ved=0CAUQjRw&url=http://kootation.com/stock-image-of-dollar-signs.html&ei=rfcCUozrGKzk4AO2woDIAQ&bvm=bv.50500085,d.dmg&psig=AFQjCNEcdG-UOmOQ326cTphZXRBVqrOnlw&ust=1376012406689023�


Alarm Management Program – What?

Alarm Management Lifecycle Requirements & Recommendations (or IEC 62682)

ISA-18.2 Standard on Alarm Management


What is an Alarm? (ISA-18.2)

An audible and/or visual indication to the operator

that an equipment malfunction, process deviation or other abnormal condition

requires a response.

Operator Must Act FYI to the

Operator

Abnormal

Expected

Alarm

Prompt Message

Alert


Key Design Principles

Every alarm should have a defined response

Adequate time should be allowed for the operator to carry out a defined response

Every alarm presented to the operator should be useful, relevant and unique

Operators should not get more alarms than they can reasonably respond to

Alarms should be prioritized and understandable

*Ref EEMUA 191 (2013)

If Operator Response (Action) Can Not Be Defined → Not an alarm*


Tools for Helping Comply with ISA-18.2

Rationalization Tool & Master Alarm

Database

Alarm

Philosophy Template

Alarm Shelving Alarm Suppression

Alarm Disable Alarm Deadband

On / Off Delay P_Gate

P_Alarm Alarm Analytics

and Metrics


Creating an Effective Program based on ISA-18.2

Benchmark Initial Performance Create Alarm Philosophy Rationalize the Alarms Create Alarm Response

Procedures Implement Alarm Shelving /

Suppression Measure Performance

(Monthly) Audit

Alarm Management Program – How?


Getting Started

Starting Point (Brownfield)

Starting Point (Greenfield)

Legend


Performance Benchmarking & Gap Analysis

Create Baseline Initial Performance Current Processes

Identify Issues Systematic design problems Improvements that are most critical to the

operators Areas that can be improved /addressed by

development of a philosophy

Alarm Management Gap Analysis

Benchmark Initial Performance & Identify Alarm

Management Issues

http://www.qafunctions.com/process-services/gap-analysis�


Average Number of Alarms / Day (Alarm Overload)

Very Likely to be Acceptable Maximum Manageable ~150 Alarms per day ~300 Alarms per day ~6 Alarms per hour (average) ~12 Alarms per hour (average) ~1 Alarm per 10 minutes (average) ~2 Alarms per 10 minutes (average)


Stale Alarms

Definition: An alarm that remains in the alarm state for an extended period of time (e.g., 24 hours).) [ISA-18.2]

Ref: ANSI/ISA-18.2

Metric Target Value Stale Alarms Less than 5 present on any day, with action plans to address


Frequently Occurring Alarms (Bad Actors)

Metric Target Value

Percentage contribution of the top 10 most frequent alarms to the overall alarm load

~<1% to 5% maximum, with action plans to address deficiencies.


Operator Survey – Qualitative Feedback from the Users of the Alarm System


Operator Survey results (8 operators)

On average how many alarms are displayed on the alarm summary list continuously for more than 24 hours ?

Avg # of Stale Alarms

15-20 35 100 100 100 200 1000 N/A

Metric Target Value

Stale Alarms Less than 5 present on any day, with action plans to address


Alarm Philosophy Development

Key Topics for PlantPAx System Users

Roles & Responsibilities

Operator notifications: Alarms vs. Alerts vs. Messages

Alarm Prioritization

How to treat diagnostic alarms (e.g. PV BAD)

Alarm Classification

Defining and Measuring KPIs

Use of Alarm Shelving (Manual Suppression)

ISA-18.2 Requirements


Consequences of Inaction

Impact Areas Consequence

Category 1 (None) Consequence

Category 2 (Minor) Consequence

Category 3 (Major) Consequence

Category 4 (Severe)

Personnel None Minor or no injury, no lost time.

One or more severe injury(s).

Fatality or permanently

disabling injury.

Environmental None Minor

Release which results in agency

notification, permit violation or fine.

Significant release with serious offsite

impact.

Financial None Impact to

equipment or production <$50K.

Impact to equipment or production $50K to $500K

Impact to equipment or production

> $500K

Operator Urgency (Time to Respond)

Not Urgent (> 30 mins) No Alarm Re-engineer the alarm for urgency

Prompt (15 to 30 mins) No Alarm Medium Medium High

Rapid (5 to 15 mins) No Alarm Medium High Highest

Immediate (< 5 mins) No Alarm High Highest Invalid (redesign)

Alarm Prioritization Methodology


Establish Alarm System KPIs to Measure Against

Performance Metrics

Diagnostic Metrics

Metric Target Action Limit Review Frequency

Average Alarm Rate (alarms per day per operator) < 150 > 300 Monthly

Percent of time the alarm system is in flood < 1% > 5% Monthly Percent of hours containing > 30 alarms < 1% > 5% Monthly Average Number of Alarms Out of Service <1% > 5% Monthly Annunciated Priority Distribution (Low Priority) ~80% < 50% Monthly

Annunciated Priority Distribution (Med Priority) ~15% > 25% Monthly

Annunciated Priority Distribution (High Priority) ~5% >15% Monthly

Metric Target Action Limit Review Frequency

Percent contribution of top 10 most frequent alarms < 1% to ~5% > 20% Monthly Stale Alarms (number of alarms >24 hours) < 5 on any day > 5 Monthly Quantity of Chattering and Fleeting Alarms 0 > 5 Monthly Unauthorized Alarm Changes 0 Monthly

Real-time Data (at least 30 days)

KPIs can be measured and analyzed using

FactoryTalk VantagePoint


Color Coding based on Alarm State and Priority

Redundant Coding of Alarm Information

Color coding reflects alarm priority / state

Indication for an active suppressed alarm


Alarm Suppression (ISA-18.2) Suppression: Any mechanism to prevent the indication of the

alarm to the operator when the base alarm condition is present

Designed Suppression: Suppresses alarms based on operating conditions or plant states. Under control of logic that determines the relevance of the alarm

Shelved: A mechanism, typically initiated by the operator, to temporarily suppress an alarm

Out of Service: The state of an alarm during which the alarm indication is suppressed, typically manually, for reasons such as

maintenance. (Different from the equipment state.)

https://www.google.com/imgres?imgurl&imgrefurl=http://www.mysafetysign.com/Safety-Signs/Out-Of-Service-Repairs-Sign/SAF-SKU-S-2704.aspx&h=0&w=0&sz=1&tbnid=1p0PIqoDokHQ_M&tbnh=191&tbnw=264&zoom=1&docid=-AWF5kHHIy8eCM&ei=CSCAUobdHef54AOJsYHoAg&ved=0CAEQsCU�


Process Library Alarm Suppression

Operator Shelve

Suppression type determined by process role.

ShelvedUnshelved

Operator Unshelve

Shelving Expires

Program Unshelve

NewAlarm

Program Suppression

Maintenance Disable

SuppressedUnsuppressed

Program Unsuppress

NewAlarm

DisabledEnabled

Enable

NewAlarm


Alarm Shelving (Manual Suppression) Operator temporarily suppresses the alarm for a fixed

length of time (i.e. a “snooze” button)

What alarms can be shelved? By who, When, For How Long ?

What alarms cannot be shelved? Shelving Procedures

Authorization / Approval Process? Record Reasons for Shelving? Review List on Shift Change?

Operator Settable Shelving Time (< Max)


Manual Suppression (Shelving)

• The system must provide a list of shelved alarms to the operator

Copyri


Out of Service (Disable)

Alarm Status Explorer can filter on Disable status to show all disabled alarms in the system

Maintenance can place alarms “out of service” by disabling the alarm on the alarm faceplate.

Alarms which are disabled do not transition alarm status and are not logged in the historical database.


Performance Improvement


Alarm Rationalization

Create list of existing / potential alarms

Review against alarm criteria in an alarm philosophy document

Document alarm purpose / objective

Document design (limit, priority, classification…)

Record Results in a Master Alarm Database (MADB)

Goal is to create the minimum set of alarms needed to keep the plant safe and within normal operating limits.


Creating a PlantPAx Master Alarm Database

MADB & Rationalization

Tool

Alarm Philosophy

.csv, xls file Greenfield

Alarm List from

P&IDs HAZOP / PHA

Safe / Critical Operating Limits

Export Alarms using PlantPAx Alarm Builder Tool

Brownfield


Alarm “Knock Out” Criteria

Alarm Rationalization Process

Check Alarm Validity Determine Consequence of Inaction Document Cause, Confirmation, and Corrective

Actions Document Operator Response Time Assign Alarm Priority Alarm Classification Determine Alarm Activation Point (Limit) Verify remainder of alarm attributes Assess need for special handling

Ref (ISA-18.2 TR2)

Rationalization Team w/ facilitator

Tools can guide you through the process and document the results


How to Determine if an Alarm is Valid

Criteria for Alarm Does it indicate a malfunction, deviation or abnormal

condition? Does it require a timely operator action in order to avoid

defined consequences? Is it unique (or are there other alarms that indicate the same

condition)? Is it the best indicator of the root cause of the abnormal

situation ? If it does not meet criteria, document the rationale for why alarm is not needed

If Does Not Meet Criteria -> Not an alarm


Rationalization Step 1: Alarm Objective Analysis

Cause(s)

Consequence

Corrective Action

Confirmation

If… No Consequence No Corrective Action => Not an Alarm

Expected vs. Unexpected

Alarm Ack

Direct vs. Ultimate


Prioritize the Alarm

Alarm Priority: The importance assigned to an alarm within the alarm system to indicate the urgency of response

Alarms should be prioritized based on:

The severity of the consequences

The time available to take corrective action


Set Alarm Attributes: Deadband Noisy Process

Signal

Alarm Trip PointWith No Deadband

Four Alarm Events produced as the process passes through the

Alarm Trip PointNoisy Process

Signal

Alarm Trip Point

Only One Alarm Event produced

Proper Deadband

Without Deadband With Deadband


Alarm Response Procedure - Help the Operator respond more effectively What happened? (Likely cause(s) for the alarm) What will happen if I don’t respond? (Consequences of Inaction) What should I do? (Operator Action) How can I verify its not a false alarm? (Confirmation) How much time do I have to respond?

Operator Response Model

DETECT DIAGNOSE RESPOND

Logic Solver Sensor Final Element

t


Alarm Response Procedures in pdf

Create Alarm Response Procedures (Alarm Help) directly from the results of Rationalization


Design to Prevent Alarm Floods (Example Compressor Trip)

Define a Common Alarm to be triggered

List of Alarms to be

Suppressed Safety Implications of

Suppression

The condition(s) or triggering events that must be satisfied

for it to become active

Max Suppression time

Ref SILAlarm


State-Based (Static) Suppression

Used to suppress alarms that are always active and not meaningful when a process area, unit or piece of equipment is in a particular operating state (mode).

State for which suppression

algorithm is applied (defined separately)

List of Alarms to be included in the Group

Alarm List Explorer View

Ref SILAlarm


Implementing Alarm Suppression in the Process Library

Each configured alarm may be suppressed by external logic.

Global object indicates that an alarm has been suppressed.

Faceplate indicates that the alarm has been suppressed by Program.


Application Example – Pump Designed to alarm on low discharge pressure (indicates

process supply problem)

Alarm is triggered when pump is shut down (nuisance)

State Based Alarming:

Suppress Low Pressure alarm when pump is not running and pressure is low

Basic Alarm Design

Configure logic so low pressure alarm is not triggered unless pump is running (P Gate)

Implementation easier using Basic Alarm Design (depends on how many alarms)

Copyri

PT

P-100


Monitoring & Assessment with Factory Talk Vantage Point

Automatic generation of reports to facilitate performance review & problem resolution Annunciated Alarm Rate Alarm Flood Analysis Alarms Out of Service Annunciated Alarm Priority Stale / Standing Alarms Frequently Occurring Alarms Chattering Alarm List Redundant Alarms Shelved Alarm List Modification of Alarm Attributes

Copyri


Audit (Verifying Alarm System Integrity)


Audit Differences between PlantPAx System and Master Alarm Database

Master Alarm

Database vs. PlantPAx

Configuration (Actual)

Export Audit File for Offline Review

Create file of Changes to be

Enforced

Review & Disposition of

Individual Changes Each difference can be set individually

to Accept, Reject or Enforce

Summary of Changes Detected


Business Results Achieved

Establish Alarm Management Goals, Guidelines & Framework

Create Sustainable Continuous Improvement Process

Improve Operator Effectiveness Document Performance Improvement

over time Use Alarm System to drive process

efficiency


Summary – Putting ISA-18.2 into Practice

Benchmark Initial Performance

Create Alarm Philosophy

Rationalize Your Alarms

Create Alarm Response Procedures

Implement Alarm Shelving / Suppression

Measure Performance (Monthly)

Audit


Questions?

Rockwell Automation Literature Library PlantPAx Reference Manual: PROCES-RM001 PlantPAx Selection Guide: PROCES-SG001 Library of Process Objects: PROCES-RM002

www.exida.com Alarm management product and service descriptions

Reading ANSI/ISA-18.2-2009 Management of Alarm Systems for the

Process Industries ISBN 978-1-9360007-19-6 Implement an Effective Alarm Management Program –

Chemical Engineering Progress, July 2012

For More Information:

http://www.exida.com/�



CT534: Alarm Management - Rockwell Automation · PDF filePUBLIC PUBLIC CT534: Alarm...

Documents

Transcript of CT534: Alarm Management - Rockwell Automation · PDF filePUBLIC PUBLIC CT534: Alarm...