The purpose of alarm management system is to alert the operator to relevant abnormal operating situations. They include situations that have a necessary or possible operator response to ensure:
- Personnel and Environmental Safety,
- Equipment Integrity,
- Product Quality Control.
Alarms were added to alert the operator to a condition that was about to exceed a design limit, or had already exceeded a design limit. Additionally, Emergency Shut Down (ESD) systems were employed to halt a process that was in danger of exceeding either safety, environmental or monetarily acceptable process limits.
Alarm were indicated to the operator by annunciator horns, and lights of different colours. (For instance, green lights meant OK, Yellow meant not OK, and Red meant BAD.) Panel boards were usually laid out in a manner that replicated the process flow in the plant.
So instrumentation indicating operating units with the plant was grouped together for recognition sake and ease of problem solution. It was a simple matter to look at the entire panel board, and discern whether any section of the plant was running poorly. This was due to both the design of the instruments and the implementation of the alarms associated with the instruments.
Instrumentation companies put a lot of effort into the design and individual layout of the instruments they manufactured. To do this they employed behavioural psychology practices which revealed how much information a human being could collect in a quick glance. More complex plants had more complex panel boards, and therefore often more human operators or controllers.
Alarm Management System
Alarm systems alert operators to plant conditions, such as deviation from normal operating limits and to abnormal events, which require timely action or assessment.
Alarm systems are not normally safety related, but do have a role in enabling operators to reduce the demand on the safety related systems, thus improving overall plant safety.
However, where a risk reduction of better than 10-1 failures on demand is claimed then the alarm system, including the operator, is a safety related system which requires a suitable safety integrity level (SIL 1 or SIL 2 as defined by IEC61508).
It provides the following guidance in regard to safety related alarm systems:
- The alarm system should be designed in accordance with IEC 61508 to SIL 1 or 2, with the designated reliability;
- The alarm system should be independent from the process control system and other alarms unless it has also been designated safety related;
- The operator should have a clear written alarm response procedure for each alarm which his simple, obvious and invariant, and in which he is trained;
- The alarms should be presented in an obvious manner, distinguishable from other alarms, have the highest priority, and remain on view at all times when it is active;
- The claimed operator workload and performance should be stated and verified.
Alarms which are not designated as safety should be carefully designed to ensure that they fulfill their role in reducing demands on safety related systems.
For all alarms, regardless of their safety designation, attention is required to ensure that under abnormal condition such as severe disturbance, onset of hazard, or emergency situations, the alarm system is remains effective given the limitations of human response. The extent to which the alarm system survives common cause failures, such as a power loss, should also be adequately defined.
The type of alarm and its setting should be established so as to enable the operator to make the necessary assessment and take the required timely action. Settings should be documented and controlled in accordance with the alarm system management controls.
Human interface (alarm presentation)
The human interface should be suitable. Alarms may be presented either on annunciator panel, individual indicators, VDU screen, or programmable display device.
Alarms lists should be carefully designed to ensure that high priority alarms are readily identified, that low priority alarms are not overlooked, and that the list remains readable even during times of high alarm activity or with repeat alarms.
Alarms should be prioritised in terms of which alarms require the most urgent operator attention.
Alarms should be presented within the operators field of view, and use consistent presentation style (colour, flash rate, naming convention).
Each alarm should provide sufficient operator information for the alarm condition, plant affected, action required, alarm priority, time of alarm and alarm status to be readily identified.
The visual display device may be augmented by audible warnings which should at a level considerably higher than the ambient noise at the signal frequency. Where there are multiple audible warnings, they should be designed so that they are readily distinguished from each other and from emergency alarm systems. They should be designed to avoid distraction of the operator in high operator workload situations. Where both constant frequency and variable frequency (including pulsed or intermittent) signals are used, then the later should denote a higher level of danger or a more urgent need for intervention.
The alarms should be processed in such a manner as to avoid operator overload at all times (alarm floods). The alarm processing should ensure that fleeting or repeating alarms do not result in operator overload even under the most severe conditions.
The presentation of alarms should not exceed that which the operator is capable of acting upon, or alternatively the alarms should be prioritised and presented in such a way that the operator may deal with the most important alarms without distraction of the others.
Applicable alarm processing techniques include grouping and first-up alarms, eclipsing of lower grade alarms (e.g. suppression high alarm when the high-high activates) suppression of out of service plant alarms, suppression of selected alarms during certain operating modes, automatic alarm load shedding and shelving.
Care should be taken in the use of shelving or suppression to ensure that controls exist to ensure that alarms are returned to an active state when they are relevant to plant operation.
Why Alarm Management ?
Alarm management is usually necessary in a process manufacturing environment that is controlled by an operator using a supervisory control system, such as a DCS, a SCADA or a programmable logic controller (PLC). Such a system may have hundreds of individual alarms that up until very recently have probably been designed with only limited consideration of other alarms in the system.
Since humans can only do one thing at a time and can pay attention to a limited number of things at a time, there needs to be a way to ensure that alarms are presented at a rate that can be assimilated by a human operator, particularly when the plant is upset or in an unusual condition.
Alarms also need to be capable of directing the operator’s attention to the most important problem that he or she needs to act upon, using a priority to indicate degree of importance or rank, for instance. To ensure a continuous production, a seamless service, a perfect quality at any time of day or night, there must be an organisation which implies several teams of people handling, one after the other, the occurring events.
Alarm System Management Procedures
Management systems should be in place to ensure that the alarm system is operated, maintained and modified in a controlled manner. Alarm response procedures should be available, and alarm parameters should be documented.
The performance of the alarms system should be assessed and monitored to ensure that it is effective during normal and abnormal plant conditions. The monitoring should include evaluation of the alarm presentation rate, operator acceptance and response times, operator workload, standing alarm count and duration, repeat or nuisance alarms, and operator views of operability of the system. Monitoring may be achieved by regular and systematic auditing.
Matters which are not worthy of operator attention should not be alarmed.
Logging may be a suitable alternative for engineering or discrepancy events to prevent unnecessary standing alarms. A system for assessing the significance of such logged events to ensure timely intervention by maintenance personnel may be required.
7 Steps to Alarm Management
The following are the basic 7 steps for AMS :
Step 1: Create and adopt an alarm philosophy
A comprehensive design and guideline document is produced which defines a plant standard employing a best-practise alarm management methodology.
Step 2: Alarm performance benchmarking
Analyze the alarm system to determine its strengths and deficiencies, and effectively map out a practical solution to improve it.
Step 3: “Bad actor” alarm resolution
From experience, it is known that around half of the entire alarm load usually comes from a relatively few alarms. The methods for making them work properly are documented, and can be applied with minimum effort and maximum performance improvement.
Step 4: Alarm documentation and rationalisation (D&R)
A full overhaul of the alarm system to ensure that each alarm complies with the alarm philosophy and the principles of good alarm management.
Step 5: Alarm system audit and enforcement
DCS alarm systems are notoriously easy to change and generally lack proper security. Methods are needed to ensure that the alarm system does not drift from its rationalised state.
Step 6: Real-time alarm management
More advanced alarm management techniques are often needed to ensure that the alarm system properly supports, rather than hinders, the operator in all operating scenarios. These include Alarm Shelving, State-Based Alarming, and Alarm Flood Suppression technologies.
Step 7: Control and maintain alarm system performance
Proper management of change and longer term analysis and KPI monitoring are needed, to ensure that the gains that have been achieved from performing the steps above do not dwindle away over time. Otherwise they will; the principle of “entropy” definitely applies to an alarm system.
Alarm Management Problems