In Part I, It was mentioned how many plant disturbances can be reduced both in frequency and severity, with surprisingly little additional instrument hardware. Part II continues;
Preventing and minimising disturbancies
While it is true that with better quality process equipment, well trained process operators and good maintenance practice, which will ultimately lead to fewer plant disturbances, industry is seeing the opposite trend developing. This is being driven by operating companies reducing their staff overheads to satisfy management/shareholder directives. Field instrumentation and associated central control systems with ergonomic human machine interfaces (HMI) and their embedded intelligence, seems to be the only option in addressing this growing problem.
Instrumentation sensors, transmitters and control valves have the capability to validate their own performance, this self checking diagnostic information is available to the control system and associated on-line and offline software maintenance packages. The action on detecting any instrument failure is usually user configurable, with options such as to drive the measured variable to one end of scale or to hold the last valid data input. But the greatest single advantage is in predicting possible failure problems and trends, in order to perform proactive maintenance. On critical measurements, voting logic is often applied to maintain the required loop availability. Some of the most costly plant shutdowns occur due to the failure of large rotating mechanical equipment such as compressors. Fired heater or furnace explosions are also a source of large economic loss, usually accompanied with serious injuries or fatalities. The majority of these can be avoided with correctly applied monitoring and shutdown protection systems. A number of well-known compressor anti-surge control and vibration/displacement monitoring systems are available to diagnose operational problems and impending failure (refer API 612 and 670). Burner management systems with the necessary interlocks to ensure correct purging, pilot ignition and main flame monitoring, are essential to prevent short-cuts in the complex sequential start-up and operation with this type of equipment (refer NFPA 8502).
A process plant usually consists of several inter-connected operating units, each of these units will have several key risk items of equipment that are critical to that units overall operation. Performance of process equipment such as large pumps, shell/tube heat exchangers, fired heaters, centrifugal compressors etc, can be evaluated in realtime ie on-line, via simple algorithms provided that their basic operating variables are measured. A popular term being used lately for this type of data capture is enterprise asset management (EAM). This information can be linked to a computerised maintenance management system (CMMS) and used in associated reliability, availability and maintainability (RAM) programs to determine real 'cost of ownership'. The critical equipment items or assets that are selected to be individually monitored for optimised performance efficiency, are often checked against an overlay theoretical baseline or thumb print curve taken from the new or reconditioned equipment operating state. Should deviations from the expected 'norm' occur, they are immediately brought to the operator's attention. Informative instructions can also be included as to the probable cause, recommended corrective action and likely consequence if no action is taken. These 'decision support' tools are often derived from an associated 'expert system' suitably tuned for the respective equipment's operating environment. If the associated action to be taken is clear, as with certain alarms, then there is no reason why this should not be accomplished automatically. On trip alarms, automatic shutdown is always applied, but why wait for this drastic end event! In many cases automatic corrective action can be applied on pre-trip warning alarms, by decreasing or ramping controller setpoints or outputs (bringing the process to a lower energy state) or starting standby equipment, ie emulate what a good operator would normally do. Design to avoid tripping a unit, as apart from lost production, shutdown and subsequent start-up phases are historically when most plant accidents occur. Prevention is always better than cure, we can install sophisticated monitoring and protection systems, but due attention at the lower end of basic operating and maintenance practice give the best returns. A simple example is ensuring correct and good quality (cleanliness) lubricating oil, which can increase the operating life and efficiency of rotating machinery by up to four-fold.
Alarm management
The purpose of an alarm is to bring to the operator's attention, an abnormal situation that requires some action. This action may be automatic via the control system or by manual (operator) intervention. Should no or late corrective action take place, depending on the type and priority of the alarm, production loss or equipment damage may occur. To prevent possible equipment damage and any consequential personnel injuries or fatalities, an instrumented trip protection system is normally installed in addition to mandatory devices such as pressure safety valves. There will always be some incidents where major process upsets or plant trips can not be predicted or avoided. During these periods, the operators are usually in their most active mode and often under some stress. It is important that the alarm system helps reduce this stress level and not add to it, thereby increasing the risk of operator error at this critical time. During an upset period, it is not uncommon in many control rooms for the operator to be presented with a flood of alarms, with the majority of these being accepted and ignored because the operator simply does not have the time for effective response. The UK Health and Safety Executive report on "the explosion and fires at the Texaco Refinery in Milford Haven on 24 July 1994", has some interesting lessons to learn in alarm and safety management including operator DCS displays. This incident at Texaco cost approximately R480m to recommission the plant, with a further R3,4 million in prosecution fines. In the 10 minutes prior to the explosion, two operators had to respond to 275 alarms, peaking at three every second.
Various surveys conducted for EEMUA 191, have estimated that an average alarm rate under steady plant operation of 1 in 5 minutes is manageable, however, 1 in 10 minutes would be more desirable. During major plant upsets, more than five alarms per minute are difficult to manage. An overall guideline is that operators should not spend more than 25% of their time responding to alarms. As an example, if the average alarm rate is 30 per hour (which is on the high side) and an operator spends on average 30 s to respond including any corrective action, then this would just be acceptable. It is not uncommon for less than 5% of specific alarms to contribute more than 50% of the total alarm activity following major upsets.
To be continued in the next issue: Part III
© Technews Publishing (Pty) Ltd | All Rights Reserved