Managing alarms to eliminate overload

As had Flixborough twenty years before it, the 1994 fire and explosion at the Texaco Refinery in Milford Haven, Pembroke, helped focus attention on some critical aspects of process plant safety.

In the aftermath of Flixborough came a culture of safety that should have significantly lessened the likelihood of major events such as Pembroke. Ironically, though, it was that very safety culture that contributed to Pembroke.

One of the factors highlighted by the HSE in its report on the accident was the number and frequency of alarms that the plant operators had to cope with in the run up to the explosion, following an earlier lightning strike on the refinery. The plant's control systems simply overloaded the operators with information.

At the time of the accident, the Pembroke refinery was largely under the control of a then state-of-the-art Honeywell TDC 3000 distributed control system, with a conventional alarm management system based on priority levels - emergency, high, low, 'journal' (recorded but not displayed), or 'no action'. Unfortunately, most (87 per cent) of the alarms were configured as 'high' priority and, as alarms were going off at a rate of one every two or three seconds, the operators couldn't tell which were critical to safety and which weren't.

To quote from the HSE report's recommendations: 'The use and configuration of alarms should be such that: safety critical alarms are distinguishable from other operational alarms; alarms are limited to the number that an operator can effectively monitor; and ultimate plant safety should not rely on operator response to a control system alarm.'

Even before the HSE had reported on the incident, Pembroke had decided to upgrade its alarm management system for the rebuilt plant, after learning that a sister refinery was using a dynamic alarm management software package from ProSys of Baton Rouge, Louisiana. Called Selective Alarm Suppression (SAS), ProSys' software was installed at Pembroke in 1995.

According to ProSys president Leslie Jensen, a second-generation Dynamic Configuration Software (DCS) package supplanted the original software throughout Pembroke in 1997 and the refinery is now scheduling installation for the software's latest version.

Like its predecessors, this version of Prosys' DCS software supports Honeywell's TDC 3000 and TPS control systems. The new version has an added PC interface with ActiveX controls that can be seamlessly integrated with existing process graphics. Other additions include an analogue alarm module that is said to allow for intelligent management of PV-related alarm priorities and trip points.

As said earlier, one effect of major incidents such as Pembroke is to refocus industry's attention on safety. In 1995 Honeywell and a group of major process industry companies (such as BP Amoco, Shell, Texaco, ExxonMobil, Celanese and Union Carbide) joined forces with other suppliers and university researchers to form, with US government backing, the Abnormal Situation Management (ASM) Consortium. The results of their research efforts are now being brought to market and Honeywell has incorporated many of the ASM ideas into its latest system platform, Experion PKS.

Integrated ASM functions within Experion PKS include Operator Performance Solutions, a suite of alarm performance and management software. The Alarm Configuration Manager software, for example, compares the alarm configuration currently in a plant's control system with a master alarm database and reports any differences - enforcing the engineered configuration if so requested. It runs on an NT workstation and operates with systems that have an OPC server.

Also OPC compatible, the alarm management system that Emerson Process Management features in its DeltaV control system closely follows the guidelines on alarm system design published by the UK's Engineering Equipment and Materials Users Association, EEMUA. DeltaV's displays summarise alarms within operating units, so that 'operators can suppress or shelve alarms where needed, and view all the suppressed alarms in a single summary.' The displays can show the highest priority alarms for modules within a unit in just one click by the operator, which EEMUA recommends.

According to UK distributor Pantek, the latest release of Wonderware's InTouch monitoring and control software package has undergone 'a major architectural change 'under the hood' to provide several benefits over previous versions.' The alarm and alarm logging features have been re-engineered to incorporate features designed for 'openness, longevity and performance'.

In its new Distributed Alarm Subsystem, InTouch now has three alarm acknowledgement modules - 'traditional' alarms are now called condition-oriented alarms. Event-oriented alarms support compatibility with the OPC alarm model, where an acknowledgement must be made for the most recent transition to an alarmed state.

An entirely new approach to process operator displays for alarms is currently undergoing field trials in the UK at Ineos Chlor and Mallinckrodt. This is the Curvaceous Visual Explorer (CVE), developed by Curvaceous Software and now supported by a DTI Smart grant of £45 000.

Originally developed to allow users to analyse historical process data and improve plant performance without significant capital investment, CVE has now been applied to alarm systems.

Behind the product lies a novel way of representing multi-dimensional relationships on a two-dimensional screen, so that multiple process alarm values can be related to each other and to the current operating point of the process.

Sidebar: Honeywell builds on experience

The company may have had its well-documented problems at the corporate level, with on and off merger plans, but behind the scenes Honeywell has quietly been building on one of its main strengths - its extensive experience in and knowledge of the process industries. Last month the company unveiled the result of several years' development activity in the form of its new system platform, Experion PKS (Process Knowledge System).

With a $15billion installed base in process automation systems worldwide, Honeywell knows the importance of continuity and to this end Experion draws together all its existing distributed control systems - TDC (oil and petrochemical), TPS (Total Plant Solutions, chemicals), Alcont (pulp and paper), PlantScape (for fine chemicals and batch) and other systems - all within a single, scaleable system architecture.

But PKS is clearly intended to go beyond the DCS level. According to John O'Higgins, vice president of Honeywell Industry Solutions EMEA, 'Experion is making a link for the first time from the plant level control systems to the business level'. Apart from the company's DCS expertise, the PKS system incorporates Foundation fieldbus, Abnormal Situation Management, asset management and information management technologies.

Linking all these together, while still retaining the integrity of existing 'legacy' systems, is no easy task but Honeywell has developed a Distributed Server Architecture (DSA) to provide the 'glue'. DSA is a data transmission technique that integrates multiple servers to form large control systems and optimise traffic around control centres. Peter Zornio, director of product marketing, says DSA 'means data needs building only once and can be distributed anywhere geographically. It gives one single view of the whole system as though it were a local system.'

New elements within Experion PKS include a new family of I/O, a new controller, the C200, and prebuilt applications stemming from the best practices established by the ASM Consortium.

At the control network level Experion currently uses ControlNet, but the PKS system 'backbone' is Honeywell's new, patent-pending Fault-Tolerant Ethernet technology.

According to Zornio, 'using off-the-shelf devices and switches, we have developed a redundancy scheme for Ethernet that is hardware and application transparent.' That said, however, Zornio also offers his opinion that the de facto plant level network of the future will be OPC DX, if only because that's what other manufacturers seem agreed on at the moment.

Other key features of the PKS platform include a consistent Web-based approach to HMI displays. This uses Microsoft's Internet Explorer browser technology, with native HTML serving as the file type for all displays. An example of how 'industry knowledge' is being brought to bear is the Loop Scout. This is a diagnostic tool based on an analysis of 180 000 control loops worldwide. Similarly, the APC Scout can help maintain advanced process control functions at their optimum performance.

The first major implementation of Experion PKS is likely to be in the petro-chemical industry. ExxonMobil Chemical last month announced that it has selected Honeywell Industry Solutions to upgrade its process control systems at multiple sites in Europe and North America in a 'multi-year migration programme'. Honeywell plans to replace the earlier PMX control systems - based on TDC 2000 DCS systems and installed in the 1970s and '80s - with its latest technology.

To further emphasis its broadening horizons, Honeywell has announced an agreement with WAM Systems to deliver 'Business.FLEX value chain management', a supply chain planning solution for chemical and petrochemical producers.