Fine-tuning your alarm management system
In the wake of the Deepwater Horizon disaster, alarm management has moved once again into the forefront for many companies as they ask: “What is the best way to keep an operator from missing a key alarm when things start to go wrong? What are the obstacles to having an effective alarm management system?” In my experience, the decision to have, or not have, an alarm is more often cultural than it is based on a good operational analysis of the process. That’s why the alarm rationalization process is so necessary and beneficial. It strips away the cultural, “I want the operator to know about…” and replaces it with, “This is the most important thing the operator has to do.”
Many plant personnel do not appreciate just how significant this change is. Almost from the introduction of the DCS, its ability to generate more alarms than a human can effectively deal with was not appreciated by non-operators. Engineers and plant managers wanted the operators to know everything that was happening in their unit with the end result being just the opposite, particularly in upset situations. The DCS suppliers eventually gave us the tools to do conditional alarming which, for the most part, went unused by the typical project execution team because it wasn’t part of the scope. Process designers felt that every measurement should have the full suite of alarms and no one had the brief to question that. But things are changing.
ISA 18.2 outlines a methodology for developing an effective alarm management system by first requiring the plant to create an alarm philosophy document that defines the criteria for rating an alarm’s severity and urgency. The typical document classifies four levels of severity based on safety, environmental impact, or financial impact, and four levels of urgency based on how quickly the operator has to take a corrective action. A required operator response, other than to acknowledge that the alarm occurred, is a significant paradigm shift for most plants as a high percentage of current alarms are really for operator notification, often about something for which there is no corrective action. When one of the more catastrophic of those occur, all the operators can do is sit back, watch the flood of alarms resulting from the event that couldn’t be prevented in the first place, and, of course, wear out the horn acknowledge button.
The final solution rests with the management of the facilities, because ultimately it costs money to do the work required to implement and maintain a good alarm management system. It has to be in the culture of the facility that safety is a priority or the time and money required won’t be allocated. It also has to be in the culture that an alarm requires the operator to take a corrective action to prevent an undesirable incident.
This post was written by Bruce Brandt. Bruce is the DeltaV technology leader at MAVERICK Technologies, a leading system integrator providing industrial automation, operational support and control systems engineering services in the manufacturing and process industries. MAVERICK delivers expertise and consulting in a wide variety of areas including industrial automation controls, distributed control systems, manufacturing execution systems, operational strategy, and business process optimization. The company provides a full range of automation and controls services – ranging from PID controller tuning and HMI programming to serving as a main automation contractor. Additionally MAVERICK offers industrial and technical staffing services, placing on-site automation, instrumentation and controls engineers.