Situational Awareness

SME Rob Kambach

2010 Invensys. All Rights Reserved. The names, logos, and taglines identifying the products and services of Invensys are proprietary marks of Invensys or its subsidiaries. All third party trademarks and service marks are the proprietary marks of their respective owners.

Slide 2

Invensys 00/00/00

Invensys proprietary & confidential

1
Alarm Management State off Business.
Slide 3

Current state around alarming.

Configured alarms per operator: Number of Alarms a operator Can theoretically respond to:

So that means in systems overall as of today operators get overwhelmed with alarms and messages. Affecting several crucial areas of plant operations: - Reducing the operational effectives. - Economical impact: Unnecessary plant shut downs.( in the USA alone this costs $20 Billion a year) - Poor alarm management causes also Loss in product quality, danger to Humans and environment and or Image loss of a respective company.

Where are we today?

Why did alarms increase?

Automation brought enhancements to systems and visibility to control rooms, on the downside it added complexity. So a sensor that 10 years ago was brought in by 4-20mA is Now a intelligent field device. A device that reports back alarm states, condition and configuration, in essence the alarm model has changed and we did not change we still have the same alarm, sub systems as 10 years ago. Another part is that systems even when they are traditionally wired by default generate more data. So for example a valve will not only have open close it will also report its state back. A motor in the olden days had start / stop now it has a frequency drive that Gives back Start, Stop, Speed feedback, set point, alarm state. So a motor had two signals now it has 5, multiply these scenarios over hundreds of Assets and you get thousands of possible alarms and states back into the system. Compared with hundreds 10 years ago So this also requires on our side a different approach to alarm handling giving More ways and options to rationalize all this data even before it gets to the operator.

What are the maximums on Alarms a Operator respond properly two?

Alarm Performance Metrics per Controller Position Based upon at least 30 days of data Metric Annunciated Alarms per Time: Annunciated Alarms Per Day per Controller Position Annunciated Alarms Per Hour per Controller Position Annunciated Alarms Per 10 Minutes per Controller Position Metric Percentage of hours containing > 30 alarms Percentage of 10-minute periods containing >5 alarms Maximum number of alarms in a 10 minute period Percentage of time alarm system is in a flood condition Percentage contribution of the top 10 most frequent alarms to the overall alarm load Target Value Target Value: Very Likely to be Acceptable ~150 alarms per day ~6 (average) ~1 (average) ~ <1% ~ <1% 10 or less ~ <1% ~<1% to 5% maximum, with action plans to address deficiencies. Target Value: Maximum Manageable ~300 alarms per day ~12 (average) ~2 (average) Target Value

Quantity of chattering and fleeting alarms

Stale Alarms

Annunciated or Configured Priority Distribution

Unauthorized Alarm Suppression

Improper Alarm Attribute Change
Slide 6

Zero, action plans to correct any that occur. Less than 5 present on any day, with action plans to address 3 priorities: ~80% P3, ~15% P2, ~5% P1 or 4 priorities: ~80% P3, ~15% P2, ~5% P1, ~<1% Priority Critical. Other special-purpose priorities (Diagnostic) excluded from the calculations Zero alarms suppressed outside of controlled or approved methodologies Zero alarm attribute changes outside of approved methodologies or MOC

What happens when we dont react to abnormal situations?

A single plant shutdown resulting from an abnormal situation not detected by operating personal can wipe out instantly all the benefits achieved through optimization and APC.
According to studies 20$ Billion in the USA is lost on an annual basis in production because of abnormal situations.

Slide 7

Standards.

RFQs incorporate more often mandatory standards and guidelines:

EEMUA 191, Alarm systems a guide to design. Namur NA 102 Worksheet, Alarm Management. NPD YA 711, Principles for alarm design (Norwegian petroleum doctorate slowly adopted throughout Europe as the standard) VDI/VDE Guideline 3699 (process control using monitors) ISA s18.02, Management of alarm systems for the process industry.

ANSI/ISA 18.2 Manageme nt of Alarm Systems for the Process Industries

API RP-1167 Alarm Management For Pipeline Systems

Market positioning systems.

DCS Market Foxboro I/A, Honeywell experion, Ovation Power, Refinerys, Nuclear, LNG

Complexity

Hybrid DCS System Platform,Eurotherm Esuite, Delta V, ABB 800 XA, PCS 7, Controllogix PlantPax Water, waste water, chemical, batch, Pharmaceutical, food and beverage.
HMI SCADA Market Indusoft, Iconics, InTouch OEM panels, Skids, Stand alone machines, Discrete Manufacturing. 10 100 1K 10K
I/O Count

Basic Alarm management

100K

1M

The difference between basic and Advanced Alarm Management

Basic Alarm Management Alarm Shelving Advanced Alarm Management Integration with procedures and workflow Analytics and pattern recognition Statistics and reports Semantic modeling and contextualizing

Alarm Folding Alarm Inhibit Alarm Masking Alarm Historisation Alarm Queries

Runtime 100%
Slide 10

Historical 80% Runtime 20%

Competition Capabilities (Min compliance)

Competition Honeywell Alarm Type Basic Advanced Yokogawa Basic Advanced Emerson Basic Advanced ABB Basic Advanced SIEMENS Basic Compliance Yes Yes (In house) Yes Yes (In House) Yes Partial (In House) Yes Partial (Matrikon) Yes Notes
Abnormal Situation Management (ASM) founder and worked closely with Shell to ensure safe production (ESP).

Working closely to meet ESP requirements & ARAMCO standards, plus Shells condition based operations (CBO)

Yes based on feedback from BP Upstream requirements, otherwise suspect.

Yes based on feedback from Statoil. Have embedded Matrikon software who provide some multivariate analysis, otherwise suspect.

Yes based on feedback from Statoil and BASF requirements, otherwise suspect

Advanced
11
Invensys proprietary & confidential Invensys 5/12/2011

Partial

Current Solution
InFusion
Alarm Logger IA Alarm Provider InTouch Alarm Database

UREASON Alarm Management Basic and Advanced

InTouch Alarm Manager

Application Server
Alarm Provider

Pas Alarm Management Basic and Advanced

Area object

AppObject

InTouch
Alarm Provider

3rd Party Application

Alarm Provider InTouch Alarm Provider Toolkit Clients

Slide 12

Roadmap Alarm Program:

Phase 2 LongTerm Scalability, Performance and interoperability

Phase 0 (today) Best Practices around Situational awareness

Phase 1 OpsManage 2012 Basic Alarm Management

Phase 3 Future Connectivity and contextualization

Slide 13

Phase 1 deliverables
User Defined Alarm records for AppServer Event priority changeable Suppression of duplicate messages. Alarm Shelving, the ability to shelve alarms based on a definable maximum time if proper authentication is met.

Alarm Grouping the ability to group alarms that are related so collapse them into one message.
Quickly be able to navigate from the Alarm to the graphic the alarm originates from. Redundancy improvements Alarm Logger.

UI client based on new requirements.

Alarm Masking the ability to dynamicly supress Areas by production state of the diffrent Areas. Support of a new alarmtype on Field Attributes, Bit Pattern.

Slide 14

2
Phase 0 Best Practices Situational awareness (PAS)
API RP-1167 Alarm Management For Pipeline Systems
Slide 15

A quick google for HMI Screens.

Lots of colors and pretty pictures

Slide 16

Setting priorities properly

Have only 4 to 5 priorities in the Alarm Sub System. Have very View Priority 1 Alarms these should be only for very critical or safety related. Events are not Alarms so they should not show in a Alarm view and have Priority 5 or 4. The system shall only represent four active alarm priorities: Priority 1 Priority 2 Priority 3 Priority 4 Priority 5
Slide 17

Critical (only Safety and Emergency related) High Medium Low Events and logging only no Alarms.

Ranking and economical scale:

Tie a value to the priorities before you classify Alarms:

Operational risk of the Alarms.

Slide 18

Colors and markings of Alarms

Choose colors of alarms shall not be used in any process graphic or state representation make sure they can be read by people that are color blind most important these should be the brightest colors in the system.
Priority 1: Red Critical, Safety or Emergency related RGB 255, 0, WWL 750 WWH Ex. 999

Priority 2: Yellow High Priority

255, 255, 0 213, 43, 213 99, 231, 231 185, 116, 104

500

749

Priority 3: Margenta Medium Priority

250

499

Priority 4: Dim cyan Low Priority

249

Priority 5: Events and logging

Slide 19

Represent these same colors in the Alarm grid on a neutral background

Addional colors:

RGB 0, Blue colour is used to indicate that an instrument or 0, equipment is in a mode where safety, control and alarming 255 functions are disabled. Blocked / suppressed / hidden / shelved Ack or Unck Return to Normal Grey background colour is used to indicate the alarm returned to normal condition RGB 153, 153, 153

Slide 20

Resulting in Alarm grids that are easy to read and point out priorities
Flash On

Flash Off

Standard Configuration

Slide 21

Display Design..
How can I do things different then today with what I have.?

Slide 22

A quick Reminder
Level_1 Plant Overview Graphic, Typical on Large Screens Level_2 Production Line or Plant Section Graphic. Most important controls visible and usable. Level_3 Process Cell or Unit Graphic. All process control shall be possible from these pages. Level_4 Loop, Motor, Pump, Valve Faceplates Etc. or Axillary pages.

Slide 23

High Performance HMI Benefits

Time after time, poor HMIs are cited as contributing factors to major accidents
Study by Nova Chemicals and ASM Consortium
Task
Detecting Abnormal Situations Before Alarms Occur Success Rate in Handling Abnormal Situation Time to Complete Abnormal Situation Tasks

Improvement

A 5X increase 37% over base case 41% reduction

$800,000 per year savings anticipated on 1 ethylene plant

Data is Not Information: Is Fluffy Sick?

Blood Tests for Fluffy -1 Test Results

HCT
HGB MCHC WBC GRANS

31.7%
10.2 g/dl 32.2 6/dl 9.2 x109 /L 6.5 x109 /L

L/M
PLT

2.7 x109 /L
310 x109 /L

Answer: Unless you are

vet, how can you know?

How About Now?

Blood Tests for Fluffy -3

Test
HCT HGB MCHC

Results
31.7% 10.2 g/dl 32.2 6/dl

Range
24.0 45.0 8.0 15.0 30.0 - 36.9

Indicator Low Normal - High

WBC
GRANS L/M PLT

9.2 x109 /L
6.5 x109 /L 2.7 x109 /L 310 x109 /L

5.0 18.9
2.5 12.5 1.5 7.8 175 - 500

ABNORMAL VALUES can be seen at a glance.

Data is Not Information:

96.2% XYZ 45.1 98.2 MPPH 221.2 PSI 42.9 48.2 50.6 53.8 54.9 DP INH20 12-15 22.8 1-12 16.3 1-15 39.1
55.7 psig 65.1 155.2

F
Cooler

108.2

190.5 psig 166.1 F 2.77 MSCFH

135.1 psig

Oil 155.2 F Oil 85.1 psi

West

East

W. Vibration: 2.77

E. Vibration: 3.07

Drive: 232.2 amps

22.5%

77.8 MPPH 60.1 22.3% ABC

Lots of Data but Not Much Information! Poor Presentation

P&IDs are NOT HMIs!

High Mental Workload to Decipher

Show INFORMATION not DATA

Compressor Status Showing Alarm/Shutdown Limits
RECYCLE COMPRESSOR K43
Cool gpm Suct psig Inter psig Dsch psig Suct degF Inter degF Dsch degF E. Vib mil N. Vib mil W. Vib mil Motor Amps Oil psig Oil degF

Alarm Indicator Appears here with Priority Level and Color Alarm Range depicted and (for some) shutdown value Desirable Operating Range shown as pale blue area

290 170

38.7 93.1 185 95

120

12 8

170 80

42.7

Show Values

Show Trends

Alarm Range depicted and (for some) interlock value

Buttons for additional functionality

Operational status is obvious at a single glance!

Analog is powerful!
20.1 24.2 25.6 27.8 28.9

Optional: Line color indicates abnormality, alarm is not yet activated

+1.1 +0.8

-0.7

A good profile?

Yes, this one is.

Too hot at the top, too cold at the bottom

Deviation or absolute numbers optionally toggled

A Column Temperature Profile

Example of a poor Level 3 Display

Slide 30

A Better Level_3 Display running Normal

Slide 31

Same Level 3 with Alarms.

Slide 32

Level 1 High Performance HMI view of the Plant

Reactor 1
Comp A Comp B

Run Plan: Actual:

Cool CPC CRM LVL

Hydrog A
Prod: Thionite State: Mid-Run Agit: ON Locks: CLEAR Balance
IN OUT

Key Performance Indicators

Bed A1 Bed A2

Cycle Comp A
Suct Dsch

Conversion Efficiency
80

%
500

80.0

Rate
72.0 2 HR VIB: BRG: OIL: Locks: OK OK OK CLEAR

F L O W
470 2 HR

70

12 HR

Emissions Limit Ratio

1.0

Reactor 2
Comp A Comp B

Run Plan: Actual:

Hydrog B
2
CRM LVL

Cool

CPC

Prod: State: Agit: Locks:

IN

CRM-114 Mid-Run ON CLEAR

OUT

Cycle Comp B
Suct Dsch

Bed B1

Bed B2

0.5

12 HR

Balance 500 68.0

Feed System
Feed A Feed B Feed C SynG

Aux Systems
CWT CWP S10 S200

Rate
60.0 2 HR VIB: BRG: OIL: Locks: OK OK OK CLEAR

F L O W
470 2 HR
Atv 1 Atv 2 Pres %IP PWR VentP VentT MGA

Alarms: ACK UNACK

P1 0 0

P2 1 0

P3 2 1

P4 4 1

Toggle List /Summary

Main Menu

Reactor 1

Reactor 2

Hydrog A

Hydrog B
Clr T-In T-Out Visc C57D Null-A Jup2 Grok

2 071608 08:55:07 RX2 LOW CRM QUALITY EXC Slide 33

Trend Control

Feed Sys

Aux Sys

Menus L2 L3 L4

Level 3 view High Performance HMI of the Reactor.

Feed Components: A - B - C

Main Feed P 76.8 MPH S 76.0 O 88.5 % AUTO 80.0 Main Feed MPH

Reactor M5 40.0

Agitator ON

VENT SYS M5 Pressure P 98.0 psig S 95.0 O 44.3 % AUTO

Product: Thionite

State:

Mid-Run

Material Balance

Analysis: Purity %

SHUT DOWN M5

Reset IN OUT +10%

+/- 5 psi, 2hr

32.0 72.0 Additive 1 P 11.9 MPH S 12.0 O 22.3 % AUTO 14.0 Additive 1 MPH 6.0 -90 -60 -30 2 Hours

-90

-60

-30 2 Hours

+/- 1 %, 2hr

FREEZE M5
-10%

Analysis: Inhibitor Concentration % M5 Level % P 71.0 % S 70.0 O 54.3 % AUTO

ISOLATE M5

19301 Calc Diff: 2.1 %

Hours: 238.1 Since: 06/02/07 14:00:00

19707

4.0

-90

-60

-30 2 Hours 5.0 %

Run Plan: Actual:

92.0 MPH 52.3 %

PRODUCT

10.0 Additive 2 P 4.0 MPH 4.0 S O 44.3 % AUTO 6.0

Hours -90 -60 -30 2 Pumps Pump 1 Diagnostics Pump 2 Needed 1 RUNNING 1-OK 2-BAD STOPPED 4 To Coils M5 Temp P 45.0 C S 45.0 O 54.3 % AUTO 48.0 Temperature C

Additive 2 MPH

Coolant Flow

2.0
Slide 34

-90

-60

-30 2 Hours

Purge Cat. Rate Activity Coolant Conversion Reserve Temp Efficiency Capacity

COOLING SYS

40.0

-90

-60

-30 2 Hours

Main Menu

Level 1 Reaction Overview

M4

M6

Trend Control

Feed System

Product Recovery

M5 Startup Overlay

M5 Sequence Overlay

- Level 3 M5 Interlocks

- Level 3 M5 Cooling System

7 Steps for Creating High Performance Displays

Step 1: Develop a High Performance HMI Philosophy and Style Guide Step 2: Assess and benchmark existing graphics against the HMI Philosophy Step 3: Determine specific performance and goal objectives for the control of the process, for all modes of operation Step 4: Perform task analysis to determine the control manipulations needed to achieve the performance and goal objectives Step 5: Design and build high performance graphics, using the design principles in the HMI Philosophy and elements from the Style Guide, to address the identified tasks Step 6: Install, commission, and provide training on the new HMI Step 7: Control, maintain, and periodically reassess the HMI performance

Key points to take home:

Alarms should be a integral part of the design of a system a thought up front and not an after thought. During the design a important consideration should be how can I effectively represent an abnormal situation.

How can I quickly guide the operator to the source of the Alarm.
Alarm states should be an integral part of the design of the process graphics.

Slide 36

3
Roadmap High Performance HMI
Slide 37

High Performance HMI Roadmap

Delivery of ArchestrA high performance HMI symbol library: OpsManage 2012

Slide 38

1
Introduction
Slide 40