rockwell automation_psug educ alarm mgmt final1

Copyright © 2009 Rockwell Automation, Inc. All rights reserved.

Insert Photo Here

Alarm Management Standardsand Best Practices

Ben MansfieldProcess Business

Copyright © 2009 Rockwell Automation, Inc. All rights reserved. 2

Overview

• An effective alarm system is crucial to safe operations• Originally, alarms were expensive, physical alerts• Over time, alarm have become less expensive and more

prevalent• This change has led to an excessive number of alarms,

with the result being an ineffective alarming solution• The industry has responded with standards and best

practices for making alarm systems more effective

2


The Good Old Days…


Misapplication of Modern Technology


Despite Best Intentions…

BP Texas City - 2005

Olympic Pipeline - 1999

Chernobyl - 1983

Seveso Italy - 1976


PlantPAx Alarm Strategy:Sources of Information

• 1992+ ASM Consortium• 1992 SCADA systems are subjected to MOC• 1997 FDA 21 CFR Part 11• 1998 HSE Studies• 1999 EEMUA 191• 2001 Norwegian Petroleum Directorate

YA-710/11• 2003 NAMUR NA102• 2005 National Transportation Safety Board

Safety Study• 2006 API/AGA Alarm management projects• 2007 EEMUA 191 Version 2• 2009 ISA 18.2-2009• 2009 Standards Australia• API RP 1167

In-House Research Industry Standards & Legislation

• Customer Interviews / Discussions• PSUG CAB Interviews Spring 2008• Other confidential customer

discussions• PSUG user-led priorities sessions• Competitive analysis• Independent consultants• Alarm management partners

• Matrikon• TiPS• Specter Instruments


Alarm Management Lifecycle

Monitoring &Assessment

Philosophy

Audit

Rationalization

Identification

Detailed Design

Implementation

Maintenance

Operation

Managementof Change

D

C

E

AAAAAAAA

J

B

G

HF

I

Source: International Society of Automation. (2009). ANSI/ISA-18.2-2009 - Management of Alarm Systems for the Process Industries.Research Triangle Park: ISA




Philosophy

Audit

Rationalization

Identification

Detailed Design

Implementation

Maintenance

Operation

Managementof Change

D

C

E

AAAAAAAA

J

B

G

HF

I



ALARM PHILOSOPHYPlantPAx Alarm Management Overview


Alarm Philosophy Document

• What is an alarm?• Rationalization requirements• Alarm class definitions, design,

requirements• Alarm priorities, definitions, etc.• Alarm shelving / suppression rules• Alarm system monitoring requirements• Management of change• Audit requirements

Recommend securing agreement from Senior Management on these issues…Recommend securing agreement from Senior Management on these issues…


Writing Your Alarm Philosophy Document

1. Form a committee of stakeholders, involve an alarmmanagement expert if possible

2. Get educated – learn the fundamentals of alarm management,common mistakes, performance metrics, what defines wellperforming systems, etc.

3. Study the current state of the alarm system (if existing),compare & contrast against industry best practices (sadly notindustry norms)

4. Leverage the experts, and make use of the recommendations& standards

5. Draft, review, edit, review, repeat as necessary6. Once approved, review the alarm philosophy periodically for

any necessary changes


ALARM RATIONALIZATIONPlantPAx Alarm Management Overview


Alarm Rationalization Process

• For every event suspected to possibly be an alarm:– Determine if the event is an alarm

• What is the required corrective action to be performedby the operator?

• What is the immediate consequence if action is nottaken?

– Events which are NOT alarms:• Nothing for the operator to do to correct the condition• Event is not an indication of a problem• No consequences if no response is taken• Same problem indicated elsewhere

(i.e. more than one alarm for one root cause)


Alarm Rationalization:“Wow, this is a lot of work”

• For every alarm, document:– The alarm type– The alarm class– The alarm priority (based on rules in the alarm philosophy)– Alarm limit or condition– Required operator action– Consequences of not carrying out operator

action in a timely manner

• Then verify:– Alarm priorities align with consequences of

operator inaction– Alarm limits or conditions allow time for

operator action– Reasonable and observable operator action is identified


DETAILED DESIGNPlantPAx Alarm Management Overview


Detailed Design Phase

• Understand the capabilities and limitations of the processcontrol system

• Document how the results of the alarm rationalizationeffort will be implemented

• Consider special considerations & needs for highlymanaged alarms– Where possible, apply standard treatments to advanced alarming

scenarios, for example:

What happens if I have a high level alarm, and the value crossesthe high-high alarm threshold? Does the high alarm getsuppressed? Does the high alarm get acknowledged?

– Create this logic as standard, and apply it in every applicablesituation.


Detailed Design - Logic

•Define & document, for every alarm:– Alarm limits– Alarm deadbands– Alarm debounce timer (delay timers)– Programmatic changes to alarm settings (i.e. process

state driven changes)

Above all else, avoid the common mistake ofconfiguring unnecessary alarms


Detailed Design - HMI

• How to effectively indicate:– Points in alarm– Alarm states, priorities, types,

messages, etc.• Allow the operator to:

– Acknowledge alarms– Silence audible alarms– Determine the proper response & perform it

• Additional considerations:– Color conventions, iconic representations, etc.– Rules for acknowledgement, suppression, etc.– Mechanisms for sorting, filtering, etc.– Representation in the alarm banner, summary, etc. as well as area overviews, unit

displays, detail pages, faceplates, etc.Arguably the most critical issue, as this is the part

of the system with which the operator interacts directly




Philosophy

Audit

Rationalization

Identification

Detailed Design

Implementation

Maintenance

Operation

Managementof Change

D

C

E

AAAAAAAA

J

B

G

HF

I



IMPLEMENTATIONPlantPAx Alarm Management Overview


Alarm System Implementation

Alarms are configured and maintained in the controller(ala traditional DCS)

OR

Alarms are configured and maintained in the alarm server(ala traditional PLC + SCADA)

OR

Both methods are used in combination

As with most things, the optimum solution is often a combination whichwill vary based on user requirements and system architecture

As with most things, the optimum solution is often a combination whichwill vary based on user requirements and system architecture


Controller-based Alarm Detection

Advantages• Alarm detection instructions

are programmed only once, inthe controller itself, reducingprogramming effort anderrors.

• Alarm conditions are detectedmore quickly.

• HMI tags are not required,reducing overhead and tagmapping errors.

• Alarm state is managed,processed, and preserved bycontrollers, even if acomputer goes down.

• Data polling is reduced whichimproves;

– Controller processing– Network overhead– Overall system performance.

• Timestamps on alarmconditions are accurate,because they are applied inthe controller, and notdelayed until they reach theHMI software.

Infosharingreducesnetworktraffic.

8

Costs• Increased controller memory usage• Increased controller scan times• Quantity limited in redundant controller configurations


Server-based Alarm Detection

Advantages• Makes it possible for PLC-5,

SLC 500, and other OPC-DAdevices (including third partydevices) to participate in theintegrated alarms and eventssystem.

• FactoryTalk services processand route alarm information.

• FactoryTalk services managenetwork traffic.

• Simple to bulk-generate manyalarms via input file

Costs• Configuration stored and

managed in the alarm server• Alarm points polled by the

alarm server


Controller-based Alarm Configuration


Server-based Alarm Configuration


General Configuration Recommendations:Deadbands & Counters & Time Delays, Oh My!

Source: Engineering Equipment and Materials Users’ Association (EEMUA). (2007). Publication 191 Edition 2 – Alarm Systems: A Guideto Design, Management and Procurement

Signal Type DelayTime

Flow 15 seconds

Level 60 seconds

Pressure 15 seconds

Temperature 60 seconds

Other 5 seconds

Signal Type Deadband

Flow 5% of span

Level 5% of span

Pressure 2% of span

Temperature 1% of span

Other Depends!


Some “Managed Alarm” Techniques

Roll-up / Group–Based SuppressionRoll-up / Group–Based Suppression

Matrix / State-based AlarmingMatrix / State-based Alarming

Time-limited Suppression (Shelving)Time-limited Suppression (Shelving)

Counter-based SuppressionCounter-based Suppression


Configuration of Visualization Objects:Alarm Summary


Configuration of Visualization Objects:Alarm Banner


Configuration of Visualization Objects:Alarm Log Viewer


Configuration of Visualization Objects:Alarm Status Explorer


OPERATIONPlantPAx Alarm Management Overview


Operations(i.e. Run Time Components)

Alarm Summary

Alarm Banner

A Full Compliment of Run-Time ComponentsA Full Compliment of Run-Time ComponentsAlarm Status Explorer

Alarm Log Viewer


Alarm “Breadcrumbs” Guide the Operator

1. Filtered alarmbanner notifiesoperator of aproblem. Double-click to go right tothe appropriatedisplay.

3. Display clearlyshows alarm andother problems

2. Area buttonindicates an alarmin the area; Drop-down shows whichunits have alarms


Alarm “Breadcrumbs” Guide the Operator

35

4. Faceplate givesindication ofproblem.

5. Alarm tab showsmore detail,complete withdiagnosticinformation whereavailable.


Alarm Banner

• Up to 5 most current,highest priority alarms

• New FT View dockingfeature allows it to bestationed as a permanentfixture on the HMIclient.

• Launch Summary directlyfrom bottom of Bannerfor more details

Docked in Client window toalways appear at top orbottom of any graphic screen

Docked in Client window toalways appear at top orbottom of any graphic screen


AcknowledgeAcknowledge

Alarm Summary

• Provides all the details• No HMI effort required, configuration only

Acknowledgew/commentAcknowledgew/comment

Ack pageAck pageSuppressSuppressStatusExplorerStatusExplorer

Run ViewCommandRun ViewCommand

PrintPrint Select FilterSelect Filter

Number ofEventsNumber ofEvents

In Alarm /UnAckIn Alarm /UnAck

In Alarm /AckIn Alarm /Ack

Normal /UnAckNormal /UnAck

Faults /Display ListFaults /Display List


Alarm Status Explorer

• Use to manage allalarm subscriptionson this server

• Identify whichalarms aresuppressed ordisabled

• Sort by alarmcondition andstatus

• Launch from theSummary


Alarm Log Viewer Object

• Alarm Server points to anySQL data base for alarmhistory– Microsoft SQL Express

installation included• Multiple Alarm Servers can

point to the same data base.• Log Viewer Object allows

display of historical alarmdata in FactoyTalk View– Or, write you own SQL query

to access the databasedirectly

– 4 different “Views” are pre-configured

• Simple to use powerfulfiltering and sorting optionswith controller driven timestamp allow easy recreationof SOE trail (Sequence ofEvents)




Philosophy

Audit

Rationalization

Identification

Detailed Design

Implementation

Maintenance

Operation

Managementof Change

D

C

E

AAAAAAAA

J

B

G

HF

I



MONITORING & ASSESSMENTPlantPAx Alarm Management Overview


Alarm System KPIs

Source: The Engineering Equipment and Material Users' Association. (2007). EEMUA 191 - Alarm Systems - A Guide to Design,Management and Procurement. Eastbourne: CPI Antony Rowe.

1. Average Alarm Rate2. Maximum Alarm Rate

(High Water Mark)3. % of Time Alarm Rate is

Outside of Limit

1. Average Alarm Rate2. Maximum Alarm Rate

(High Water Mark)3. % of Time Alarm Rate is

Outside of Limit

EEMUA’s “Big 3” KPIsEEMUA’s “Big 3” KPIs


… and Some Recommended Benchmarks

% of Time Alarm Rate is Outside of Limit

Maximum Alarm Rate (alarms / 10 minutes)

Aver

age

Ala

rm R

ate

(ala

rms

/ 10

min

utes

)

1% 5% 25% 50%

10 100 1000

Source: The Engineering Equipment and Material Users' Association. (2007). EEMUA 191 - Alarm Systems - A Guide to Design,Management and Procurement. Eastbourne: CPI Antony Rowe.

1

10

100

PredictivePredictive

RobustRobust StableStable

ReactiveReactive

OverloadOverload


Other Useful Alarm System KPIs…

Number of suppressed/ shelved alarms


Number of longstanding / stale alarms


Top 10-20 mostfrequently occurring

alarms


alarms

Number of alarm peaksper time period(alarm floods)


Priority distribution ofalarms


Number of alarms pertime period


Chattering alarmsChattering alarms Alarm rate withoutchattering alarms

Alarm rate withoutchattering alarms

Sources: International Society of Automation. (2009). ANSI/ISA-18.2-2009 - Management of Alarm Systems for the Process Industries.Research Triangle Park: ISAThe Engineering Equipment and Material Users' Association. (2007). EEMUA 191 - Alarm Systems - A Guide to Design, Managementand Procurement. Eastbourne: CPI Antony Rowe.


… and Some Recommended Benchmarks






alarms


alarms







Chattering alarmsChattering alarms Alarm rate withoutchattering alarms

Alarm rate withoutchattering alarms

Sources: International Society of Automation. (2009). ANSI/ISA-18.2-2009 - Management of Alarm Systems for the Process Industries.Research Triangle Park: ISAThe Engineering Equipment and Material Users' Association. (2007). EEMUA 191 - Alarm Systems - A Guide to Design, Managementand Procurement. Eastbourne: CPI Antony Rowe.

< 30< 10

80% Low15% Medium

5% High

0

< 20%of Total

∑ (100 alarms/ 10 min) 0

5 Alarms /10 Min

5 Alarms /10 Min


Monitoring & Assessment Tools

Excel-based query direct to alarmhistory

Alarm “Grid” view in controllerconfiguration environment

Basic Analysis Tools Native to Core PlantPAx SystemBasic Analysis Tools Native to Core PlantPAx System


Pre-Built Alarm Reporting


MANAGEMENT OF CHANGEPlantPAx Alarm Management Overview


Changes to Audit

1. Alarm Shelving and Suppression– Alarms may be suppressed many ways in a typical system –

Consider:• List of suppressed alarms• Logged events associated with suppressed alarms• Accumulated time each alarm was suppressed• Number of times each alarm was suppressed

2. Alarm Setpoint Changes (*)– Follow MOC procedures, update alarm rationalization documents,

identify any other alarms or functions effected

3. Alarm Priority Changes (*)– Follow MOC procedures, update alarm rationalization documents,

identify any other alarms or functions effected

*: Audit these modifications for permanent changes, not those madeautomatically by the system via matrix alarming techniques


Management of Change

•Features / Functions– Authentication

•Prevent unauthorizedchanges

– Audit•Track authorized userchanges

– Archive•Centralized, versioned,secure configurationstorage

– Disaster Recovery•Automated backup andchange detection


ADVANCED ALARMINGPARTNERSHIPS

PlantPAx Alarm Management Overview


Advanced Alarming Capabilities

AlarmNotificationSoftware


BENEFITS AND SUMMARYPlantPAx Alarm Management Overview


Benefits of Alarm Management

• Regulatory compliance & incident prevention• Possibility to regain what studies have shown as 3 – 8%

production losses due to abnormal situations• Identification of process problems

– Excessive variability / tuning problems– Valve / equipment problems– Operator actions indicative of training needs

• Improved productivity – both equipment & personnel• Possibility to reduce insurance premiums• More true & balanced operator workload – possible to

consolidate control rooms / operator responsibilities

Source: Gould, Jeff – Matrikon. (n.d.). Institutionalizing Alarm Management. Retrieved October, 15, 2009 from Automation.com:http://www.automation.com/resources-tools/articles-white-papers/manufacturing-intelligence-industrial-information-management/institutionalizing-alarm-management


Questions?

rockwell automation_psug educ alarm mgmt final1

Documents