CT534: Alarm Management - Rockwell Automation · PDF filePUBLIC PUBLIC CT534: Alarm...
Transcript of CT534: Alarm Management - Rockwell Automation · PDF filePUBLIC PUBLIC CT534: Alarm...
PUBLIC
PUBLIC
www.rockwellautomation.com www.us.endress.com
CT534: Alarm Management How to Create an Effective Alarm Management Program
Name – Todd Stauffer Title – Director Alarm Management, exida Date – March 25 – 26, 2015
PUBLIC CHICAGO PROCESS SOLUTIONS SUMMIT
Agenda
Alarm Management Program – Why, What, How?
Critical Success Factors
Solving Common Issues
Benefits
Sustain & Maintain
Questions?
PUBLIC CHICAGO PROCESS SOLUTIONS SUMMIT
Alarm Management Program – Why?
Common Alarm Management Issues
□ Alarm Overload (Too many alarms for the operator)
□ Alarm Floods
□ Nuisance Alarms
□ Chattering Alarms
□ Standing / Stale Alarms
□ Bad Actors / Frequently Occurring
□ Redundant Alarms
□ Alarms which have no response
□ Alarms with the Wrong Priority
Operator Performance
PUBLIC CHICAGO PROCESS SOLUTIONS SUMMIT
Alarm Management Program – Why?
Operator missed a critical alarm, leading to an incident Unplanned downtime Equipment damage Accident Environment Loss of Product
Operator performance / loss of experienced operators Increased Corporate or Management Interest (Risk Management) Insurance Regulatory (e.g., OSHA, PHMSA, FDA)
PUBLIC CHICAGO PROCESS SOLUTIONS SUMMIT
Alarm Management Program – What?
Alarm Management Lifecycle Requirements & Recommendations (or IEC 62682)
ISA-18.2 Standard on Alarm Management
PUBLIC CHICAGO PROCESS SOLUTIONS SUMMIT
What is an Alarm? (ISA-18.2)
An audible and/or visual indication to the operator
that an equipment malfunction, process deviation or other abnormal condition
requires a response.
Operator Must Act FYI to the
Operator
Abnormal
Expected
Alarm
Prompt Message
Alert
PUBLIC CHICAGO PROCESS SOLUTIONS SUMMIT
Key Design Principles
Every alarm should have a defined response
Adequate time should be allowed for the operator to carry out a defined response
Every alarm presented to the operator should be useful, relevant and unique
Operators should not get more alarms than they can reasonably respond to
Alarms should be prioritized and understandable
*Ref EEMUA 191 (2013)
If Operator Response (Action) Can Not Be Defined → Not an alarm*
PUBLIC CHICAGO PROCESS SOLUTIONS SUMMIT
Tools for Helping Comply with ISA-18.2
Rationalization Tool & Master Alarm
Database
Alarm
Philosophy Template
Alarm Shelving Alarm Suppression
Alarm Disable Alarm Deadband
On / Off Delay P_Gate
P_Alarm Alarm Analytics
and Metrics
PUBLIC CHICAGO PROCESS SOLUTIONS SUMMIT
Creating an Effective Program based on ISA-18.2
Benchmark Initial Performance Create Alarm Philosophy Rationalize the Alarms Create Alarm Response
Procedures Implement Alarm Shelving /
Suppression Measure Performance
(Monthly) Audit
Alarm Management Program – How?
PUBLIC CHICAGO PROCESS SOLUTIONS SUMMIT
Getting Started
Starting Point (Brownfield)
Starting Point (Greenfield)
Legend
PUBLIC CHICAGO PROCESS SOLUTIONS SUMMIT
Performance Benchmarking & Gap Analysis
Create Baseline Initial Performance Current Processes
Identify Issues Systematic design problems Improvements that are most critical to the
operators Areas that can be improved /addressed by
development of a philosophy
Alarm Management Gap Analysis
Benchmark Initial Performance & Identify Alarm
Management Issues
PUBLIC CHICAGO PROCESS SOLUTIONS SUMMIT
Average Number of Alarms / Day (Alarm Overload)
Very Likely to be Acceptable Maximum Manageable ~150 Alarms per day ~300 Alarms per day ~6 Alarms per hour (average) ~12 Alarms per hour (average) ~1 Alarm per 10 minutes (average) ~2 Alarms per 10 minutes (average)
PUBLIC CHICAGO PROCESS SOLUTIONS SUMMIT
Stale Alarms
Definition: An alarm that remains in the alarm state for an extended period of time (e.g., 24 hours).) [ISA-18.2]
Ref: ANSI/ISA-18.2
Metric Target Value Stale Alarms Less than 5 present on any day, with action plans to address
PUBLIC CHICAGO PROCESS SOLUTIONS SUMMIT
Frequently Occurring Alarms (Bad Actors)
Metric Target Value
Percentage contribution of the top 10 most frequent alarms to the overall alarm load
~<1% to 5% maximum, with action plans to address deficiencies.
PUBLIC CHICAGO PROCESS SOLUTIONS SUMMIT
Operator Survey – Qualitative Feedback from the Users of the Alarm System
PUBLIC CHICAGO PROCESS SOLUTIONS SUMMIT
Operator Survey results (8 operators)
On average how many alarms are displayed on the alarm summary list continuously for more than 24 hours ?
Avg # of Stale Alarms
15-20 35 100 100 100 200 1000 N/A
Metric Target Value
Stale Alarms Less than 5 present on any day, with action plans to address
PUBLIC CHICAGO PROCESS SOLUTIONS SUMMIT
Alarm Philosophy Development
Key Topics for PlantPAx System Users
Roles & Responsibilities
Operator notifications: Alarms vs. Alerts vs. Messages
Alarm Prioritization
How to treat diagnostic alarms (e.g. PV BAD)
Alarm Classification
Defining and Measuring KPIs
Use of Alarm Shelving (Manual Suppression)
ISA-18.2 Requirements
PUBLIC CHICAGO PROCESS SOLUTIONS SUMMIT
Consequences of Inaction
Impact Areas Consequence
Category 1 (None) Consequence
Category 2 (Minor) Consequence
Category 3 (Major) Consequence
Category 4 (Severe)
Personnel None Minor or no injury, no lost time.
One or more severe injury(s).
Fatality or permanently
disabling injury.
Environmental None Minor
Release which results in agency
notification, permit violation or fine.
Significant release with serious offsite
impact.
Financial None Impact to
equipment or production <$50K.
Impact to equipment or production $50K to $500K
Impact to equipment or production
> $500K
Operator Urgency (Time to Respond)
Not Urgent (> 30 mins) No Alarm Re-engineer the alarm for urgency
Prompt (15 to 30 mins) No Alarm Medium Medium High
Rapid (5 to 15 mins) No Alarm Medium High Highest
Immediate (< 5 mins) No Alarm High Highest Invalid (redesign)
Alarm Prioritization Methodology
PUBLIC CHICAGO PROCESS SOLUTIONS SUMMIT
Establish Alarm System KPIs to Measure Against
Performance Metrics
Diagnostic Metrics
Metric Target Action Limit Review Frequency
Average Alarm Rate (alarms per day per operator) < 150 > 300 Monthly
Percent of time the alarm system is in flood < 1% > 5% Monthly Percent of hours containing > 30 alarms < 1% > 5% Monthly Average Number of Alarms Out of Service <1% > 5% Monthly Annunciated Priority Distribution (Low Priority) ~80% < 50% Monthly
Annunciated Priority Distribution (Med Priority) ~15% > 25% Monthly
Annunciated Priority Distribution (High Priority) ~5% >15% Monthly
Metric Target Action Limit Review Frequency
Percent contribution of top 10 most frequent alarms < 1% to ~5% > 20% Monthly Stale Alarms (number of alarms >24 hours) < 5 on any day > 5 Monthly Quantity of Chattering and Fleeting Alarms 0 > 5 Monthly Unauthorized Alarm Changes 0 Monthly
Real-time Data (at least 30 days)
KPIs can be measured and analyzed using
FactoryTalk VantagePoint
PUBLIC CHICAGO PROCESS SOLUTIONS SUMMIT
Color Coding based on Alarm State and Priority
Redundant Coding of Alarm Information
Color coding reflects alarm priority / state
Indication for an active suppressed alarm
PUBLIC CHICAGO PROCESS SOLUTIONS SUMMIT
Alarm Suppression (ISA-18.2) Suppression: Any mechanism to prevent the indication of the
alarm to the operator when the base alarm condition is present
Designed Suppression: Suppresses alarms based on operating conditions or plant states. Under control of logic that determines the relevance of the alarm
Shelved: A mechanism, typically initiated by the operator, to temporarily suppress an alarm
Out of Service: The state of an alarm during which the alarm indication is suppressed, typically manually, for reasons such as
maintenance. (Different from the equipment state.)
PUBLIC CHICAGO PROCESS SOLUTIONS SUMMIT
Process Library Alarm Suppression
Operator Shelve
Suppression type determined by process role.
ShelvedUnshelved
Operator Unshelve
Shelving Expires
Program Unshelve
NewAlarm
Program Suppression
Maintenance Disable
SuppressedUnsuppressed
Program Unsuppress
NewAlarm
DisabledEnabled
Enable
NewAlarm
PUBLIC CHICAGO PROCESS SOLUTIONS SUMMIT
Alarm Shelving (Manual Suppression) Operator temporarily suppresses the alarm for a fixed
length of time (i.e. a “snooze” button)
What alarms can be shelved? By who, When, For How Long ?
What alarms cannot be shelved? Shelving Procedures
Authorization / Approval Process? Record Reasons for Shelving? Review List on Shift Change?
Operator Settable Shelving Time (< Max)
PUBLIC CHICAGO PROCESS SOLUTIONS SUMMIT
Manual Suppression (Shelving)
• The system must provide a list of shelved alarms to the operator
Copyri
PUBLIC CHICAGO PROCESS SOLUTIONS SUMMIT
Out of Service (Disable)
Alarm Status Explorer can filter on Disable status to show all disabled alarms in the system
Maintenance can place alarms “out of service” by disabling the alarm on the alarm faceplate.
Alarms which are disabled do not transition alarm status and are not logged in the historical database.
PUBLIC CHICAGO PROCESS SOLUTIONS SUMMIT
Performance Improvement
PUBLIC CHICAGO PROCESS SOLUTIONS SUMMIT
Alarm Rationalization
Create list of existing / potential alarms
Review against alarm criteria in an alarm philosophy document
Document alarm purpose / objective
Document design (limit, priority, classification…)
Record Results in a Master Alarm Database (MADB)
Goal is to create the minimum set of alarms needed to keep the plant safe and within normal operating limits.
PUBLIC CHICAGO PROCESS SOLUTIONS SUMMIT
Creating a PlantPAx Master Alarm Database
MADB & Rationalization
Tool
Alarm Philosophy
.csv, xls file Greenfield
Alarm List from
P&IDs HAZOP / PHA
Safe / Critical Operating Limits
Export Alarms using PlantPAx Alarm Builder Tool
Brownfield
PUBLIC CHICAGO PROCESS SOLUTIONS SUMMIT
Alarm “Knock Out” Criteria
Alarm Rationalization Process
Check Alarm Validity Determine Consequence of Inaction Document Cause, Confirmation, and Corrective
Actions Document Operator Response Time Assign Alarm Priority Alarm Classification Determine Alarm Activation Point (Limit) Verify remainder of alarm attributes Assess need for special handling
Ref (ISA-18.2 TR2)
Rationalization Team w/ facilitator
Tools can guide you through the process and document the results
PUBLIC CHICAGO PROCESS SOLUTIONS SUMMIT
How to Determine if an Alarm is Valid
Criteria for Alarm Does it indicate a malfunction, deviation or abnormal
condition? Does it require a timely operator action in order to avoid
defined consequences? Is it unique (or are there other alarms that indicate the same
condition)? Is it the best indicator of the root cause of the abnormal
situation ? If it does not meet criteria, document the rationale for why alarm is not needed
If Does Not Meet Criteria -> Not an alarm
PUBLIC CHICAGO PROCESS SOLUTIONS SUMMIT
Rationalization Step 1: Alarm Objective Analysis
Cause(s)
Consequence
Corrective Action
Confirmation
If… No Consequence No Corrective Action => Not an Alarm
Expected vs. Unexpected
Alarm Ack
Direct vs. Ultimate
PUBLIC CHICAGO PROCESS SOLUTIONS SUMMIT
Prioritize the Alarm
Alarm Priority: The importance assigned to an alarm within the alarm system to indicate the urgency of response
Alarms should be prioritized based on:
The severity of the consequences
The time available to take corrective action
PUBLIC CHICAGO PROCESS SOLUTIONS SUMMIT
Set Alarm Attributes: Deadband Noisy Process
Signal
Alarm Trip PointWith No Deadband
Four Alarm Events produced as the process passes through the
Alarm Trip PointNoisy Process
Signal
Alarm Trip Point
Only One Alarm Event produced
Proper Deadband
Without Deadband With Deadband
PUBLIC CHICAGO PROCESS SOLUTIONS SUMMIT
Alarm Response Procedure - Help the Operator respond more effectively What happened? (Likely cause(s) for the alarm) What will happen if I don’t respond? (Consequences of Inaction) What should I do? (Operator Action) How can I verify its not a false alarm? (Confirmation) How much time do I have to respond?
Operator Response Model
DETECT DIAGNOSE RESPOND
Logic Solver Sensor Final Element
t
PUBLIC CHICAGO PROCESS SOLUTIONS SUMMIT
Alarm Response Procedures in pdf
Create Alarm Response Procedures (Alarm Help) directly from the results of Rationalization
PUBLIC CHICAGO PROCESS SOLUTIONS SUMMIT
Design to Prevent Alarm Floods (Example Compressor Trip)
Define a Common Alarm to be triggered
List of Alarms to be
Suppressed Safety Implications of
Suppression
The condition(s) or triggering events that must be satisfied
for it to become active
Max Suppression time
Ref SILAlarm
PUBLIC CHICAGO PROCESS SOLUTIONS SUMMIT
State-Based (Static) Suppression
Used to suppress alarms that are always active and not meaningful when a process area, unit or piece of equipment is in a particular operating state (mode).
State for which suppression
algorithm is applied (defined separately)
List of Alarms to be included in the Group
Alarm List Explorer View
Ref SILAlarm
PUBLIC CHICAGO PROCESS SOLUTIONS SUMMIT
Implementing Alarm Suppression in the Process Library
Each configured alarm may be suppressed by external logic.
Global object indicates that an alarm has been suppressed.
Faceplate indicates that the alarm has been suppressed by Program.
PUBLIC CHICAGO PROCESS SOLUTIONS SUMMIT
Application Example – Pump Designed to alarm on low discharge pressure (indicates
process supply problem)
Alarm is triggered when pump is shut down (nuisance)
State Based Alarming:
Suppress Low Pressure alarm when pump is not running and pressure is low
Basic Alarm Design
Configure logic so low pressure alarm is not triggered unless pump is running (P Gate)
Implementation easier using Basic Alarm Design (depends on how many alarms)
Copyri
PT
P-100
PUBLIC CHICAGO PROCESS SOLUTIONS SUMMIT
Monitoring & Assessment with Factory Talk Vantage Point
Automatic generation of reports to facilitate performance review & problem resolution Annunciated Alarm Rate Alarm Flood Analysis Alarms Out of Service Annunciated Alarm Priority Stale / Standing Alarms Frequently Occurring Alarms Chattering Alarm List Redundant Alarms Shelved Alarm List Modification of Alarm Attributes
Copyri
PUBLIC CHICAGO PROCESS SOLUTIONS SUMMIT
Audit (Verifying Alarm System Integrity)
PUBLIC CHICAGO PROCESS SOLUTIONS SUMMIT
Audit Differences between PlantPAx System and Master Alarm Database
Master Alarm
Database vs. PlantPAx
Configuration (Actual)
Export Audit File for Offline Review
Create file of Changes to be
Enforced
Review & Disposition of
Individual Changes Each difference can be set individually
to Accept, Reject or Enforce
Summary of Changes Detected
PUBLIC CHICAGO PROCESS SOLUTIONS SUMMIT
Business Results Achieved
Establish Alarm Management Goals, Guidelines & Framework
Create Sustainable Continuous Improvement Process
Improve Operator Effectiveness Document Performance Improvement
over time Use Alarm System to drive process
efficiency
PUBLIC CHICAGO PROCESS SOLUTIONS SUMMIT
Summary – Putting ISA-18.2 into Practice
Benchmark Initial Performance
Create Alarm Philosophy
Rationalize Your Alarms
Create Alarm Response Procedures
Implement Alarm Shelving / Suppression
Measure Performance (Monthly)
Audit
PUBLIC CHICAGO PROCESS SOLUTIONS SUMMIT
Questions?
Rockwell Automation Literature Library PlantPAx Reference Manual: PROCES-RM001 PlantPAx Selection Guide: PROCES-SG001 Library of Process Objects: PROCES-RM002
www.exida.com Alarm management product and service descriptions
Reading ANSI/ISA-18.2-2009 Management of Alarm Systems for the
Process Industries ISBN 978-1-9360007-19-6 Implement an Effective Alarm Management Program –
Chemical Engineering Progress, July 2012
For More Information: