Alarm management

Alarm management refers to the systematic management of alarms in a process control system in order to ensure usability for the plant operator. An alarm is defined as an event that requires an immediate reaction from the plant operator. In modern control systems it is very easy to configure isolated individual alarms. In cases of doubt, it is often preferable to configure one alarm too many rather than one too few. Even in undisturbed normal operation, many processes generate numerous alarms (average values ​​of over 2,000 alarms per day and system operator are not uncommon).

It is easy to understand that such a high base load of alarms (more than one alarm per minute) leads to a desensitization of the plant operators - who mostly have many other tasks in addition to monitoring the alarm system - so that a possibly important alarm in one Mass of unimportant alarms can easily be overlooked. The EEMUA 191 guideline , which was published in Great Britain in 1999, has now developed into a quasi-standard for alarm management that is accepted worldwide. The main concern of EEMUA 191 is to make the alarm system as helpful a tool as possible for plant operators. Since the human capacity for information is limited, it must be ensured that the alarm rate of a plant is within reasonable limits. EEMUA 191 mentions an alarm in ten minutes in normal operation as a rough guide. Typical symptoms of poor alarm management are:

• Alarms are "blindly" acknowledged without ever being recorded.
• Alarm screens are largely ignored.
• Alarm horns are deactivated, as otherwise there would be permanent noise pollution.

Alarm flood

Process disturbances often lead to a flood of alarms, as one cause can trigger a large number of causally linked alarms. There is a risk that the plant operators, who are often under great stress in such situations, will be overwhelmed by the flood of alarms.

The explosion at the Milford Haven refinery in 1994 showed what bad alarm management can do. 26 people were injured, some seriously, in the event of this accident, resulting in damage of around 70 million euros. Defects in the alarm system were a major cause of the accident: the plant operators had to react to 275 different alarms in the last eleven minutes before the explosion. EEMUA 191 recommends that no more than 10 alarms should be generated in the first 10 minutes after a process fault. In many systems, however, such a value can only be achieved with great effort.

Alarm philosophy

For every system there should be a written alarm concept that describes what is alarmed when and how. The document should contain an assignment rule for alarm priorities , for example depending on the potential damage in the event of non-compliance and the time available for a reaction.

Alarm analysis

An essential first step in alarm management is the logging of all alarms in a database and their statistical evaluation. On the basis of the characteristic values ​​obtained (average alarm rate per system operator, peak alarm values, etc.), the quality of the alarm system can be assessed and suitable measures can be justified. An alarm analysis is also the basis for efficient alarm reduction. Experience shows that a few, often unimportant, configurations are responsible for the majority of the alarms reported. A significant improvement in the alarm system can often be achieved with limited effort.

Alarm reduction

There are many reasons for alarms without value for the plant operator, such as:

• Defective or dirty sensors continuously generate false alarms ;
• Alarms were used in the commissioning phase and were never removed later;
• Poorly set control loops periodically exceed the alarm limits;
• Events that do not require a reaction from the plant operator are reported as an alarm;
• Alarm limits set too narrow;
• Incorrectly set alarm parameters (hysteresis, filter).

The elimination of such alarms accordingly ranges from very simple to very complex.

Alarm rationalization

A team, in which an experienced plant operator should always be involved, compares alarm after alarm with the alarm concept. To facilitate subsequent change management, every decision should be documented in as much detail as possible.

Advanced alerting

The concept of alarm analysis and reduction described in EEMUA 191 enables the quality of the alarm system to be significantly improved with little effort in many systems. However, in order to get the problem of the alarm flood in the event of process disruptions under control, further (and often complex) measures are required. For example, causal relationships between alarms must be analyzed and alarms made dependent on the current status of the system.

literature

• EEMUA 191 Alarm Systems - A Guide to Design, Management and Procurement (1999) ISBN 0-85931-076-0
• Advanced Control Room Alarm System: Requirements and Implementation Guidance (2005) Palo Alto, CA. EPRI report 1010076.

Web links

• NA 102 Alarm Management ( Memento from December 15, 2011 in the Internet Archive ), NAMUR October 31, 2003 (PDF file; 228 kB)
• VdS 2556 Securing process engineering systems using process control technology (PDF file; 127 kB)
• Better handling of alarms (PDF file; 32 kB)
• ISA-SP18 - Alarm Systems Management and Design Guide ( Memento from September 7, 2012 in the Internet Archive ) (PDF file; 122 kB)