Implementing Alarm Management per the IEC-62682 Standard
Introduction
In process industries, alarm systems are used to notify operators and other plant personnel of abnormal process conditions, or equipment malfunctions. Alarm systems are meant to help operators operate processes safely; under both normal and abnormal states and operating conditions. It is of the utmost importance for each alarm system to be correctly designed -- providing the best opportunity for safe and efficient operation.
As additions and changes are made to modern control systems, a simple reconfiguring of software allows for a virtually unlimited number of alarms. This ease-of-use provides opportunity for alarm system improvement, but can also lead to overly complex systems which are not useful to operators during process upsets and adds to a more challenging alarm management environment – more commonly known as alarm flooding.
Proper management of alarm systems is essential in addressing alarm flooding and other related issues. As noted by Douglas H. Rothenberg in the book “Alarm Management for Process Control”, alarm flooding can cause serious environmental damage, production loss, injury, or even death to plant personnel.
To improve alarm management globally, the International Society for Automation (ISA) issued standard ANSI/ISA-18.2 in 2009 – aptly named “Management of Alarm Systems for Process Industries.” When issuing this standard, the ISA considered other existing documents as well, including the Engineering Equipment and Materials Users’ Association (EEMUA) standard 191 – “Alarm Systems: A Guide to Design, Management and Procurement.” The International Electrotechnical Commission (IEC) uses ISA-18.2 as the basis for international alarm management standard IEC-62682, which is becoming more widely adapted, globally since its release in 2013.
IEC-62682 defines an alarm as “An audible and/or visible means of indicating to the operator of an equipment malfunction, process deviation, or abnormal condition requiring a response.” This means an alarm is more than a message or an event, as it indicates a condition demanding quick and decisive action from the operator.
Ideally, each alarm will provide the operator with related information such as priority, possible root cause, and a recommended response procedure. The operator will then be able to respond to the alarm quickly and effectively. Limiting alarms, prioritizing alarms, and providing alarms with the necessary and related information can reduce the chance of a delay in operator response to an alarm, or even ignoring of the alarm all together.
What is alarm management?
In figure 2, activities associated with the stages in the IEC-62682 lifecycle model of alarm management are shown. Courtesy: Yokogawa Alarm management is the proper implementation of documentation, design, usage, and maintenance procedures to construct an effective alarm system. IEC-62682 defines the processes and procedures required to create an effective alarm management system. Figure 1 shows the IEC-62682 lifecycle model of alarm management; this model can be applied to a new or an existing alarm system.
As shown in Figure 2, stage activities logically follow one another, and correct completion of all activities will result in a properly designed and effectively operating alarm management system. The lifecycle model also includes stages for ongoing maintenance of the system, essential for sustaining effective operation.
The 10 stages in the lifecycle model can be roughly categorized into four general tasks. To perform these tasks, it’s essential that a process plant create a cross-functional team including all functional plant areas that are relevant – including, but not limited to, management, engineering, safety, operations, and maintenance.
Task 1: Optimizing System Design
This task encompasses lifecycle model stages A through E: Philosophy, Identification, Rationalization, Detailed Design, and Implementation. When properly executed, this task supports the design of an alarm system that prevents alarm flooding and other undesirable alarm system occurrences. It also provides operators with the information they need to take proper action when alarms occur.
An important activity within this task is to specify the causes of current alarms that are a nuisance, then eliminate them, or at least greatly reduce their frequency. In many cases, alarms can be reclassified as an event to be recorded by the automation system for later review, rather than items requiring immediate operator attention. This is an essential step toward reducing alarm flooding.
Once the total number of alarms has been reduced as much as possible, the next step is to prioritize the remaining alarms. Prioritization can be quite complex, as it requires plant personnel to identify possible abnormal operating conditions, list the alarms that might occur for each condition, and then prioritize them. After the alarms are reduced and prioritized, then the recommended action, or multiple actions, for each alarm can be created.
Performing the steps listed in the lifecycle model stages A through E will result in the creation of an effective alarm system.
Task 2: Advanced Support to Operators
This task encompasses lifecycle model stages F and G: Operation and Maintenance. An effective tool in implementing this task is the creation of alarm summary windows in the automation system (see Figure 3). Modern automation systems will include the functionality to creating these windows in the alarm creation process
An alarm summary window typically displays the list of currently active alarms. In most automation systems, the alarm summary window will provide sort, filter, shelving, and other functions to help improve displayed information to the operators. These functions can be used to prevent alarms that are of higher priority from being overlooked by operators.
Each alarm will require some type of response from the operator, with advanced alarm summary windows displaying the sequence of actions that should be performed by the operator, in response to specific alarms (see Figure 4). An effective method for displaying the sequence of actions is a flow chart. Flow charts are effective in displaying the proper actions, but can also be used as an effective tool in guiding the operator through the proper response sequence.
A flow chart can be a very effective tool because it can contain “if/then” instructions, guiding operators to take different actions depending on how the process responds to operator actions and other conditions.
Task 3: Performance Evaluation
This task is similar to lifecycle model stage H: Monitoring and Assessment - with the purpose of evaluating the performance of the existing alarm system. In IEC-62682, key performance indicators (KPIs) are suggested as a useful tool to perform the activities in this stage.
One example of a suggested KPI would be to monitor the number of alarms within a fixed time during operation. As shown in the following table, IEC-62682 lists the number of alarms that are very likely to be acceptable, and maximum manageable number of alarms, for various time periods.
The alarm system will provide a host of data that can be used to evaluate performance. This data includes alarm frequency, operator response time, specific operation actions, and much more. – which than can be used to provide more effective operator training and improve the alarm system as a whole.
Further supporting this point, it is possible and often very useful to evaluate alarm system data from several viewpoints. For instance, the number of alarms in each area and the number of hourly alarms, are both important data points, and can be evaluated separately or together. By using this kind of data, the conditions in which operator errors occur frequently can be specified, and these results can be used to improve operator response.
Modern automation systems provide tools for creating detailed reports;these reports can be particularly useful for evaluating alarm system performance (see Figure 5). Modern automation systems can be configured to collect a host of data concerning alarm system performance which can be presented to plant personnel in a variety of formats, ranging from simple KPIs to charts and graphs. Alarm system performance can be evaluated and greatly improved using this information
Task 4: Continuous improvement
This task encompasses lifecycle model stages I and J: Management of Change and Audit. Continuous alarm system improvement is supported by performing uniform management of the enormous amount of alarm-related data, typically contained in an alarm master database.
For example, alarm system design parameters can be compared with actual alarm system performance figures stored in the database. When significant discrepancies exist between design parameters and actual data, then corrective action can be recommended. Recommended corrective actions can then be reviewed and implemented as required, using a comprehensive change management procedure.
Conclusion
In summary, a plant with poorly designed alarms can create confusion in the operating environment, resulting in hazardous situations due to inadequate operator responses. Standards such as IEC-62682 and available software offer a systematic approach for the analysis and design of alarm management programs. In turn, more alarm systems can deliver useful plant performance data, serving as a guide to vast improvements.
Did you enjoy reading this article?? Do you have any comments?? Send us an email or leave a comment below.
...and please share this article by clicking the social media tabs at the bottom and left side of this page!
This post is based on an article published by Marcus Tennant for Control Engineering Magazine, on the topic of ANSI/ISA 18.2. Download the pdf here.