Tech Focus: Power plant alarm systems
, March 13th, 2012
Bill Hollifield, PAS Principal Alarm Management and HMI Consultant and Randy Cole, PAS Director Technology Applications – Power, discuss the need for effective alarm systems in infrastructure facilities
The power sector in the Middle East is experiencing record-setting growth in both demand and capacity. Significant population growth, industrialisation and construction are the main factors influencing this trend. Some analysts expect capacity growth to be approximately seven to eight per cent throughout the region, higher in some countries, and lasting for many years.
Private investment strategies in some countries are attracting significant development of new capacity. These projects are accomplished quickly and efficiently by large engineering and construction companies but unfortunately, these companies have little to no actual operating experience and the plants they produce are often copied from previous designs.
In practice, those designs have been shown to be seriously deficient in a very important area – the alarm system used by plant operators. New plants often come online with a sub-optimal alarm system, and this leaves the plant operations group to sort out this difficult problem after the plant is commissioned; an issue that many operations groups do not have the experience or knowledge to address.
Contrary to its purpose, a poorly configured and performing alarm system in a power plant can actually hinder the operator’s ability to effectively manage abnormal situations. Increasingly, we have found that alarm system failures are a contributing factor to power generation incidents and accidents.
These are common problems throughout the power industry and have resulted in unplanned outages and decreased profitability. An effective alarm system is a key element for reliable power generation operations.
By exploring the origins of the problem, its nature, and applying a proven seven-step methodology, we will illustrate how significant improvements to both existing alarm systems and new designs can be made.
The widespread use of modern Distributed Control Systems (DCSs) is the catalyst for today’s alarm system problems. Effective alarm system design best practices were unknown when most of these systems were initially installed, resulting in inconsistent application and a near-exponential growth in the number of configured alarms.
The creation of alarms in modern control systems is performed through software configuration and has no incremental cost. Prior to this, adding an alarm involved the installation of hardware and the costs associated with that, which ensured that every alarm was justified and meaningful.
It is not unusual to see a single operator console with 3,500+ configured alarms, which can result in hundreds to thousands of annunciated alarm occurrences per day. This overwhelms the operator, making it impossible to acknowledge and respond to each one,
and making it easy to miss the important notifications.
In the power industry, the alarm system configuration is often improperly carried out by system integrators, without much involvement of the end user of the system. Poor initial alarm configurations can result from the reuse of engineering from prior designs or using rules of thumb. As such, the alarm system will not prioritise alarms correctly and they may not be consistently classified, causing trivial alarms and important situations to appear equal to the operator.
Proper routing of alarms can also improve other aspects of plant reliability. For example, routing the relevant low-priority alarms to a predictive maintenance system can help detect trends and pre-empt future problems.
Another common problem is that many companies do not have proper alarm system management-of-change (MOC) policies. Some allow operators to change alarm settings at their individual preference, or to suppress their annunciation, without documentation or proper consideration of engineering design.
Such practices cause an alarm system to change almost randomly over time and become even more inconsistent – especially when operations staff move on. Some of the most prevalent alarm system problems include:
• High continuous alarm rates – Alarm rates are often far above the ability of an operator to handle. Thousands of alarms must be ignored each week in such a system, with no guarantee that the right ones are always acted upon.
• Alarm floods – An operator may experience hundreds of alarms within a few minutes of a minor upset, which may mask critical alarms and prevent timely corrective action.
• Improperly suppressed alarms – Without records or notifications, improperly suppressed alarms can indefinitely eliminate the annunciation of other important alarms.
• Chattering and nuisance alarms – Such inappropriate alarm behaviours contribute to operator fatigue and make detection of valid alarms more difficult.
• Stale or long-standing alarms – These clutter the alarm system, also making detection of valid alarms difficult.
Article continues on next page ...
Seven Steps to Creating a Highly Effective Alarm System
Quick and accurate response to a well-designed alarm results in continued production and profitability. To achieve this goal, power generation facilities should implement an effective and comprehensive alarm management methodology.
From our extensive experience in this field, PAS has developed a proven seven-step methodology for optimally managing alarm systems, based on hundreds of successful projects.
Performing these steps will help achieve alignment with the recently issued ISA 18.2 standard on Alarm Management. This is an important document about alarm management and is in the process of being adopted as an international IEC standard.
Step 1: Create and Adopt an Alarm Philosophy
An Alarm Philosophy is a comprehensive document providing best practice guidelines for proper definition, design, implementation, and ongoing maintenance of a new or existing alarm system. It is a critical success factor for creating an effective alarm system and should be used in-house, as well as for contractors working on projects. Alarm philosophy development involves engineers, operators, and management.
Some basic principles for proper alarming that are generally not followed in the power industry include alarms only being used for situations requiring operator action, alarms are not used to indicate normal status changes and alarm prioritisation must be meaningful and consistent.
Step 2: Alarm Performance Benchmarking
Existing alarm systems should be benchmarked against industry best practices to plan an improvement project. A benchmark is essential because it not only establishes the current system’s performance, but provides for a data-driven decision process and supplies a basis for measuring improvement.
One area for immediate improvement is so-called ‘bad-actor’ alarms, which provide significant improvement opportunities with minimal effort. The following analyses are typically included in a benchmark: alarm rates per operating position, alarm flood periods, magnitudes and characteristics, number of nuisance alarms, controlled and uncontrolled alarm suppressions, distribution of alarm priorities and evaluation of MOC processes against best practices.
Step 3: Bad-Actor Alarm Resolution
Nuisance or bad actor alarms are a common problem in most alarm systems and can render an alarm system virtually useless. Usually the top twenty most frequent alarms comprise anywhere from 25% per cent to 95 per cent of the entire alarm system load.
Dealing with them successfully will result in major system improvement with comparatively minor effort.
Bad-actor alarms are generally resolved by establishing appropriate alarm settings, deadbands and time delays, then process value filtering with proper point ranging and measurement.
It is common for engineering companies to be unaware of these principles and to produce initial configurations for alarm systems that do not reflect them. As a result, new facilities often experience start-ups accompanied by thousands of nuisance and irrelevant alarms.
Article continues on next page ...
Step 4: Alarm Documentation and Rationalisation
Alarm Documentation and Rationalisation (D&R) is a consistent methodology for rationalising, prioritising, documenting, and revising alarms. D&R involves a thorough re-examination of an existing alarm system to ensure it complies with the alarm philosophy. D&R is also an important task in designing new alarm systems.
During D&R, a team of knowledgeable people discuss each configured and possible alarm, verifying that each alarm should exist. It is then verified that all alarms represent an abnormal situation that requires operator action, and these genuine alarms assigned an appropriate priority.
During this process, any duplicate alarms can also be eliminated. The alarm causes, consequences, and proper operator responses are then documented for every alarm. Any special alarm handling e.g. special logic or advanced techniques must also be included so that operators are made aware of any hidden dependencies that could be disruptive.
Performing a D&R creates a Master Alarm Database, which is the collection of proper settings and information for each alarm.
This document will be used in the rest of the process for state-based alarm management, flood suppression, audit and enforcement mechanisms, management of change, and for operator information during commissioning and operation.
Step 5: Alarm System Audit and Enforcement
Proper Management of Change (MOC) is an essential practice. Without it, benefits achieved from proper design or alarm improvement efforts can be lost in a relatively short period.
Alarm audit and enforcement is a software function that periodically and automatically checks for differences between the current alarm settings and the Master Alarm Database.
It then reports any differences, and may optionally restore the system to the proper settings. This functionality helps manage the ongoing, and often undocumented, changes made by operators and others, in order to ensure the alarm system remains in the proper configuration.
Step 6: Implement Real-Time Alarm Management
Power generation is a complex process subject to many abnormal situations including equipment trips, unit trips, and post-outage restarts. One way to help operators deal with the many challenges of power generation alarming is to employ sophisticated, real-time alarm management capabilities.
Alarm shelving is the operator-initiated temporary suppression of alarms in a highly controlled manner, and we recommend a software solution since paper-based procedures and tracking processes have historically been proven to be both cumbersome and unreliable. Limits should be placed on suppression authorisation and duration. Accurate lists of suppressed alarms should be very easily available and reviewed at shift change.
State-based alarming is the adaptation of the alarm system to the current operating mode of the facility. This can include partial generation, load shedding, startup, spinning reserve, or similar modes. State-based alarming dynamically modifies the alarm system settings in predetermined ways based on detecting changes in the process state. This ensures that alarms are always meaningful and accurate.
Alarm flood suppression is the dynamic management of pre-defined groups of alarms based on triggering events, such as equipment trips. They are characterised by the annunciation of a large number of alarms in a short period, which overwhelms the operator and renders the alarm system unusable. The risks of having a major process upset or an accident are much higher during an alarm flood.
Step 7: Control and Maintain Alarm System Performance
Processes and sensors change over time, and alarm behaviour will change with them. Alarms working correctly now may become nuisances or malfunction in the future. Therefore, alarm system Key Performance Indicators should be developed and routinely reported to appropriate personnel.
Additionally, effective management of change methodologies, as well as an ongoing program of system analysis and correction of problems as they occur, is needed to maintain an effective alarm system. Modern alarm management software is an essential element to monitoring and maintaining alarm system performance.
Overloaded and malfunctioning alarm systems continue to negatively impact the profitability, safety, and environmental performance of such facilities worldwide.
The rapid development of Middle East power networks is resulting sub-optimal alarm management, but it is also an opportunity for the region’s power generation
companies to start as they mean to go on – with reliable and profitable operations.
Article continues on next page ...
Meet Bill R. Hollifield
Principal consultant at PAS, Bill is responsible for the Alarm Management work processes and products, intellectual property, and software product directions. He is a voting member of the ISA-18.2 Alarm Management Standard committee, and has international, multi-company experience in all aspects of alarm management.
His career spans 35 years of chemical industry experience with focus in project management, chemical production, and control systems. Bill is co-author of the Electric Power Research Institute’s Guideline for Alarm Management for the Power Industry, The Alarm Management Handbook, and The High Performance HMI Handbook.
Meet Randy M. Cole
Randy has 40 years’ experience power generation. His experience includes 19 years as a power plant manager/general manager where he was chiefly responsible for all aspects of power generation including environmental, health, and safety, finance, operations, engineering, maintenance, fuels, major unit overhauls, and capital projects.
He has held positions with TVA, PG&E, EPRI, and has consulted with numerous US and international companies to improve generation capability, and reliability. Presently, he is the Director of Technology Applications–Power for PAS, a leading provider of Operations and Automation Effectiveness solutions to petrochemical and power generation facilities worldwide.