safety: an alarming concept - weatftp.weat.org/presentations/2018safety.pdf · 2018. 3. 27. · the...

Water Environment Association of Texas

Safety: An ALARMING Concept

“SITUATIONAL AWARENESS IN THE CONTROL ROOM”Rob Brooks – VP of Operations, User Centered Design Services

PanelistKevin Patel, PE – Vice President, Signature Automation

WEAT Safety & Security Committee Member and Webinar HostPhilip Gaberdiel, PE – EMA Inc.

Go to www.weat.org/cybersecuritywebinar.shtmlto view the webinar, presentation slides, multi-site user sign in sheets, and webinar questions for CEU credit.

Safety: An ALARMING ConceptSituational Awareness in the Control Room• BACKGROUND• ALARM MANAGEMENT• HIGH PERFORMANCE GRAPHICS• CONSOLE DESIGN

www.mycontrolroom.com

ANSI/ISA-18.2-2016Management of Alarm Systems for the Process Industries

STANDARDS

ANSI/ISA-101.01-2015, Human Machine Interfaces for Process Automation Systems

All ANSI/ISA text cited in this presentation is underlined.

BACKGROUND

The relationship between the operator’s perception of the plant’s condition and it’s actual condition at any time.

SITUATIONAL AWARENESS

DEFINITIONS

HUMAN ERROR

Analysis of Industrial Accidents have concluded that ‘human error’ is the determining factor in 70-80% of the cases. Rasmussen

Occurrences

20% EquipmentFailure

80 % Human Error

Human Factors

70% LatentOrganizationWeakness

30%Individual

Department of Energy StandardHUMAN PERFORMANCE IMPROVEMENT HANDBOOK

“Events are not so much the result of error-prone workers as they are the outcome of error-prone tasks and error-prone work environments, which are controlled by the organization.”

ALARM MANAGEMENT

audible and/or visible means of indicating to the operator an equipment malfunction, process deviation, or abnormal condition requiring a timely response.

DEFINITIONS

Alarm management lifecycle

ISA 18.2

Rationalization

RATIONALIZATION

ISA-18.2009 stated, “In order to maximize the functionality of the alarm system it is important that the operator receive only those alarms that are meaningful and actionable. Ensuring that an alarm is actionable is done through alarm rationalization”.

Alarm Text / Description Alarm type (HI, DEV, LO, STATE) Class (i.e. Highly Managed) Alarm set point or logical condition Initiating Cause Verification (Other measurements, field operator) Operator Action Consequence of inaction or incorrect action Priority (Risk Matrix)

TYPICAL INFORMATION CAPTURED DURING RATIONALIZATION

RATIONALIZATION

Documentation & Training Maintenance & Testing Suppression MOC

alarm belonging to a class with additional requirements above general alarms

RATIONALIZATION: HIGHLY MANAGED (25 X)

Jeff Skiles

RATIONALIZATION

RATIONALIZATION: PRIORITY DETERMINATION

Unmitigated Consequence (No operator action)Area None Minor Major Severe

Safety None Minor / First

One or more

severe injuries

Fatality or

permanently

disabling injury

Environmental None Non-Reportable

Release

Agency

reportable/

permit violation

Serious release

with offsite

impact

Financial None Equipment or

production loss

<$ 50K

Equipment or

production loss

<$50K to $500K

Equipment or

production loss

> $500K

Time to Respond

Non-Urgent15 to 30 minutes

No Alarm Low Low Medium

Prompt5 to 15 minutes

No Alarm Low Medium High

Immediate5 < minutes

No Alarm Medium High High

RATIONALIZATION: PRIORITY TARGETS

ALARM PRIORITY ALARMS CONFIGURED

HIGH 5%

MEDIUM 15%

LOW 80%

Monitoring and Assessment

Monitoringthe measurement and reporting of quantitative (objective) aspects of alarm system performance.

Assessmentcomparison of information from monitoring and additional qualitative (subjective) measurements, against stated goals and defined performance metrics

Monitoring & Assessment

Definitions

MONITORING: METRICS

ON AVERAGE HOW MANY ITEMS CAN BE STORED?

MONITORING: SHORT TERM MEMORY

ON AVERAGE THE DURATION OF SHORT TERM MEMORY?

15 to 30 seconds

Storage is very fragile and information can be lost with distraction

HUMAN ERROR?

“In the last 11 minutes before the explosion the two operators had to recognize, acknowledge and act on 275 alarms”

HIGH PERFORMANCE GRAPHICS

The role of the HMI is to transform data into information

and put that information into context.

Color or lack there of

The Background should be an unsaturated color or neutral color (e.g. light gray)…. the use of backgrounds colors that may cause excessive contrast (e.g. black) should be avoided

DISPLAY BACKGROUND

– Neutral means without color.

– Saturation is the intensity of a hue from gray tone (no saturation) to pure, vivid color (high saturation).

DISPLAY BACKGROUND

Excessive Contrast = Eye Strain Eye Strain = FatigueFatigue = Loss of Situational Awareness

Distinctiveness, prominence, obviousness, or conspicuousness …

Definition

Salience

As the process deviates from expectations, the HMI should provide … appropriate salience for the situation.

Situational Awareness

Salience

HMI Structure

LEVELS

Display Hierarchy

Level 1 – Operation OverviewLevel 2 – Unit Overview Level 3 - DetailsLevel 4 - Diagnostic

World War II– Army Air Corps / Forces

Wright Field in Dayton Ohio

HISTORY: Human Factors Engineering

BACKGROUND: OPERATIONAL OVERVIEW

Do you know your operators Sacred Six?

Display Hierarchy

Level 1 – Operation OverviewLevel 2 – Unit Overview Level 3 - DetailsLevel 4 - Diagnostic

HMI Components

ANALOG VALUES

Sickbay medical readout, from the classic 1960’s Star Trek:

Is the guy in the red shirt dead yet ?

STEPHANIE GUERLAIN

CAT BLOODWORK EXAMPLE

guerlain@virginia.edu

Is Buttercup

Good or bad?

Example: My cat’s blood work results…

and now?

Analog Values

It is important to consider thresholds and upper limits of the users' sensory systems while also considering common sensory system deficiencies (e.g., color blindness, hearing loss, vision impairment)

Color Blindness

Traffic Signs

Alarm Indicators

Alarm Priority Icons

LMHCAcknowledgedUnacknowledged

The alarm priority icon is a graphical means to quickly identify alarm priority and status.

Shape, text designation, and color identify the the

alarms priority and its status is unacknowledged

When acknowledged only the priority text

designation remains. Shape and color are gone

Triple Coding

Generally non-schematic layout for Level 1 & 2Limited use of colorColor use is consistGray backgrounds to minimize glareEmbedded trends where appropriateAnalog representation of important measurementsA hierarchy of displaysLow-contrast depictions, no 3DConsistent navigation Flow left to right top to bottom

Characteristics

HMI Design

• What information is needed when critical alarms activate

• What information is needed to be able to undertake each task step?

• What is the best way of presenting information to the operator?

• How should this information be organized?

• How should the information be controlled/input?

CRITICAL ACTION AND DECISION EVALUATION TECHNIQUE

MEETING

ULTIMATEGOAL

ACTIVATION

DEFINE TASKSIDENTIFY

INTERPRET

EVALUATE

AMBIGUITY

ALERT PROCEDURE

SYSTEMSTATE

GOALSTATE

SET OFOBSERVATIONS

EXECUTE

OBSERVE FORMULATE TASK

Rasmussen Ladder Diagram

Console Design

What do I want from my console operator?

THE GOOD

CONSOLE SPECIFICATIONThe good, the bad and the ugly

• Sit-stand design

• Large screen displays

• Ergonomic design

• ISO 11064 compliant

• Directional speakers

• Individual environmental control

THE BAD

• Dual-tier design leads to neck

stress

• Ergonomically unfriendly

• No usable space

THE UGLY

• ‘Makeshift’ design

• Operator contortion

• Poor situation awareness

• Sitting is the new

‘Smoking’

NEW DESIGNS ARE

ERGONOMIC-FRIENDLY

CONSOLE SPECIFICATIONErgonomics

• Room for operator

training

• Heightened situation

awareness

• Effective communication

CONSIDER THE

MASSES

CONSOLE SPECIFICATIONAnthropometrics

• Users come in unique

body sizes

• 95th to 5th percentile

• Adjustability is a must

CE Questions

• What does alarm management have to do with high performance HMI? – The alarm and graphical system work together to

provide the operator with situation awareness. In order to gain the benefit from High Performance Graphics a robust Alarm System is required.

• When designing a control room, what are the most important things to consider?– The ergonomics of your operators. A well

designed ergonomic control room will keep your operator focus where it belongs on your process.

Panel Discussion

www.weat.org/cybersecuritywebinar.shtml to view the webinar,

presentation slides, multi-site user sign in sheets, and webinar questions for CEU credit.

Phil Gaberdiel, PEEngineering Practice Director

Kevin Patel, PEVice President

Signature Automation

Rob BrooksVP of Operations

User Centered Design Services

MODERATOR

Future Safety & Security

Committee Webinars

The next Safety & Security committee webinar will be held on:

June 20, 2018

August 8, 2018“Operational Preparedness from a Cyber Security,

Safety, Electrical, and Instrumentation Perspective”

8:00 AM – 4:30 PMAddison Conference and Theatre Centre15650 Addison Road, Addison, TX 75001

SAVE THE DATE for our upcoming specialty conference

safety: an alarming concept - weatftp.weat.org/presentations/2018safety.pdf · 2018. 3. 27. · the...

Documents

lesson 4: alarming reasons some fall away (galatians)

alarming signs of aged insulation

network monitoring & alarming

the sentry personal alarming dosimeter and rate meter

ceilometer + heat = alarming

pollinator species are disappearing at alarming rates...

food crises-an alarming threat for balochistan by

smart alarming management

ifa exposes alarming scott county financials

vb280 content extractor - · pdf filedetection/alarming and...

sci alarming contracts

improved oscillation detection for alarming and daily .......

alarming scarcity of water in india

alarming signs in a pregnancy - india parenting

narcolepsy: alarming facts from wake up narcolepsy

safety and alarming applications using isa100 wireless

quite alarming alarm management - cheryl herrmann

network monitoring and alarming system

advanced fire alarming system through mobile phone

poverty an alarming threat