10 alarm management tips for the busy control engineer
Alarm management has been a great success for the process industry. Initial challenges have largely been met, but new challenges have emerged. Alarm management is most effective as an operations tool, not a safety tool.
Alarm management has been one of the great successes in process manufacturing. They were quick to recognize the hazards posed by the proliferation of unmanaged alarms as it moved to computer-based control systems. Alarm management best practices, industry consensus and an industry standard — ISA 18.2 Alarm Management for the Process Industries — soon emerged.
Operating companies developed in-house alarm philosophy documents (complementary to ISA 18.2) and made transparent commitments to alarm management and alarm rationalization campaigns. A suite of metrics emerged, which were widely adopted. Today, they’re used throughout the process industry to keep alarm systems evergreen (see Figure 1).
Companies also implemented secure master alarm databases and adopted management of change (MoC) policies for alarm related changes going forward. Today, the importance of good alarm design and alarm system management, and the core principles in achieving these, are widely understood in industrial process operating culture, from the operations console through engineering and management. This is how the process industry is supposed to work.
For all that success, the work of alarm management is not quite complete. Alarms have a lifecycle and require a degree of maintenance and periodic audits. Many companies, having met the initial challenges, are often unsure how to move forward. They are reluctant to repeat alarm rationalization, as the oft-recommended five-year audit cycle suggests they should, but they do want to assure their achievements and benefits remain evergreen. This article offers 10 tips to mitigate this dilemma and establish a path forward of continuous and sustainable alarm management.
Ten tips to improve alarm management
1. Identify owners for every alarm, not only for highly managed alarms. In the early days of alarm management, it was recognized some alarms are “highly managed” — usually certain safety, environmental or mechanical integrity alarms. With time, the process industry has realized all alarms warrant owners and MoC. Assigning alarm owners allows alarms, in large part, to be managed as needed by their respective owners, without having to convene the entire alarm management team (see Figure 2).
2. Alarm rationalization (AR) does not have to mean marathon meetings. There are many ways to mitigate and even eliminate lengthy AR meetings. While it can be useful to have the entire team in a room to review every alarm, due to the extended availability of large teams of high-demand personnel, many people now feel, it should be a one-time deal. Going forward, we must make do with the results of that effort, plus assorted best practices, to keep the results evergreen. These best practices include mini-AR meetings associated with process changes, project AR meetings included in project scopes, and ongoing (weekly) metric-driven alarm bad-actor remediation practices.
3. Operations have veto power. There is such thing as “good to know.” A maxim of early alarm management that remains oft-repeated today is if there is no specific action for the operator to take, there should not be an alarm in the first place. But operators in the room often will make the case that certain alarms are good to be aware of, even if there is no immediate action. Or, conversely, some alarms are so problematic they should be removed regardless of their intended role, because the alarm will become disabled or defeated (somehow), or it will become a distraction and a nuisance. In such cases, it is up to the engineers in the room to find a better solution by identifying an alternative choice of alarm or applying one of many alarm design tools and techniques, such as filtering, delay, deadband, dynamic alarming and so forth.
4. Alarm priority is two parts severity-of-consequences and only one part time-to-respond (TTR). While the severity/time matrix has been a centerpiece of alarm management, it often adds as much ambiguity as value (see Figure 3). Operations and engineering personnel prioritize alarms based on potential severity of consequences. For potentially high severity situations, they want to know and respond immediately. When rationalizing alarm priority, this approach — a straight translation from severity to priority, regardless of time — is less ambiguous, less time-consuming during AR, and better reflects the safe instincts of operations.
5. AR is not about removing alarms. A prominent aspect of alarm rationalization has been the idea that removing (deleting) configured alarms is one of the main objectives. Today, many people realize this misses the point. Alarms are identified based on the needs of each process, with no preordained quantities. The important aspect, when it comes to excessive alarms, is the number of alarms that occur rather than the number that are configured. When someone says an alarm will almost never occur, the appropriate challenge is, “If it did occur, would you want to know?” There is no penalty (or shouldn’t be) for a configured alarm that rarely occurs.
6. Capture an alarm configuration guideline document. One of the greatest operational and engineering aids is, of course, control system and alarm design consistency. Guidelines (or standards), such as alarm design for routine level controllers or for safety function pre-alarms, can be defined in the company alarm philosophy document. As the guideline document grows, a shrinking number of alarms remain to be individually rationalized. This helps achieve widespread consistency and efficiency and allows companies to focus resources on the alarms that require individual attention.
7. Bring knowledge of design conditions. Also bring knowledge of constraint limits and historical trends to every alarm rationalization discussion. This is the necessary information to quickly arrive at effective alarm settings. Alarms normally are set to envelop design conditions or prevent reaching constraint limits. If a historical trend of actual values reveals such a setting is not available without sometimes being a standing alarm, then mode-based alarming may be needed.
8. Leverage the value of the AR results. Make them available to the people who need it when they need it. While AR identifies the right alarms, settings and priorities, it also generates useful information such as potential consequences and appropriate operational responses. Make this information available at the operations console, preferably within the control system itself via one click on the alarm itself.
9. Deploy metrics and ongoing bad-actor remediation practices. even where an initial AR has not yet been carried out. Steady metric-driven remediation practices can ultimately lead to a healthy alarm system and achieve EEMUA 191 Level 4 or Level 5 performance even in the absence of an initial AR meeting.
10. Alarm management is about efficient and stable operations rather than safety. Safety is ultimately assured by safety systems, not alarm systems. Alarm management progress often has been undermined by the idea it needs to be overly rigorous – in essence applying more meticulous safety system analysis to alarm management, resulting in unrealistic resource demands, given the sheer quantity of configured alarms in many facilities (thousands and even tens of thousands). While some alarms are dictated by process hazard analyses (PHAs) and safety systems, alarms are primarily an operational effectiveness tool, and as such are best treated practically, acknowledging limited resources, the Pareto principle and the actual role of alarms in operation.
Alarm management practice to date is probably most represented by the image of an arduous marathon alarm rationalization meeting. That phase is now largely behind industry. Going forward, the effective and efficient alarm management paradigm can be based on the following elements:
- Automated metrics and continuous bad-actor remediation
- Control system integration (bring AR results to operators in context)
- A guideline document that should address the majority of alarms
- Ownership of all alarms
- Envision alarm management as an operational effectiveness tool.
KEYWORDS: Alarm management, alarm rationalization
Identify owners for every alarm, not only for highly managed alarms.
Alarm rationalization is not about removing alarms.
Bring knowledge of design conditions, constraint limits and historical trends to every alarm rationalization discussion.
Is alarm management in your plant used as an operations tool or a safety tool?