In 2005 the US National Transportation Safety Board (NTSB) concluded that an effective alarm review/audit system would increase the likelihood of controllers appropriately responding to alarms associated with pipeline leaks.
In 1992 OSHA formalised the Management of Change (MOC) as one of the 14 elements of its process safety management regulation. Shortly thereafter, the US Office of Pipeline Safety issued an advisory suggesting that pipeline scada systems be subjected to MOC procedures. Generally speaking it was viewed that changes to limit values, etc, could lead to safety problems and there were several incidents to support that view. Adding alarms appeared to be a benign effort. However, the cumulative effect of adding alarms leads to alarm floods and a burden on the scada controller.
Advisory Bulletin ADB 03-09 was published in the Federal Register in 2003 and stated that a good practice for pipeline owners and operators was to periodically review their scada system configurations, operating procedures, and performance measurements. Alarms are part of the configuration, alarm response part of the operating procedures.
The NTSB safety study reported that controllers viewed the alarm as the most important safety feature of the scada system, yet some companies are experiencing rates of 100 alarms per hour.
History
The modern day context of alarm management started to form around 1988 with the creation of the ASM consortium. This was followed by a great interest in human factors research in the mid-nineties and subsequently resulted in:
* 1988+ ASM Consortium.
* 1997 FDA 21 CFR Part 11.
* 1998 HSE Studies.
* 1999 EEMUA 191.
* 2001 Norwegian Petroleum Directorate YA-710/11.
* 2003 NAMUR NA102.
* 2005 National Transportation Safety Board Safety Study.
* 2006 API/AGA Alarm management projects.
* 2007 ISA SP18.02, Management of Alarm Systems for the Process Industries.
The EEMUA (Electrical Engineering Manufacturers Users Association) 191 document is the de facto world standard. Within this recommended practice are a series of measurements or key performance indicators (KPIs) that take human capabilities into account. The ISA SP18.02 committee's work will build upon EEMUA even further and is scheduled for release in 2007.
Alarm management best practices
Best practices advocate the following steps:
* Create and document an alarm philosophy: this process can be as valuable as the document itself. It helps standardise the configuration across multiple lines, especially where pipelines have been acquired rather than built by the operating company.
* Benchmark and performance audit: each of the KPIs defined in the alarm philosophy, which may match those of EEMUA 191 where they are applicable, are calculated and interpreted. To complete the audit, the alarms and events must be historised in a fashion that allows for alarm and event analysis.
* Rationalise alarms: clean up bad-acting tags, which can contribute up to 50% of the daily alarm load. Alarm rationalisation involves a team of people from operations and engineering, together with an impartial facilitator to methodically review alarm settings on each alarmable scada tag.
* Investigate dynamic and state-based alarming: this is not a simple activity and takes a solid understanding of the operational and control philosophies of the facilities during all relevant states.
* Implement changes: based on results of rationalisation and investigation.
* Continuous improvement: alarm management has a life cycle and is not a one-time project. Continuous performance monitoring helps to identify new opportunities for improvement.
* Manage change and corporate culture: organisations successful at alarm management integrate the practices into the workflow to optimise performance over the long term.
Scada perspective
Does the pipeline scada system differ from the DCS system in a process facility? Technically, the capabilities of the two are very similar. There are differences in communication methods, scan rates, RTUs vs. I/O modules, etc, but from the controller's perspective, both systems provide a window into their operating environment through which they monitor the pipeline, control it and respond to abnormal situations.
The consequences associated with an individual alarm affect the setting of priorities, and the distances involved can make for vastly different times to respond, especially where the dispatching of field operators is involved. Fundamentally, though, the principles of alarm management best practices are as valid for the scada application as for the DCS application.
Source: This article is abstracted from ‘Alarm Management for Pipelines’, Mark McTavish, Matrikon, Canada. The full paper can be found at www.matrikon.com
For more information contact Eric Hore, Moore Process Controls, +27 (0)11 466 1673, [email protected], www.moore.co.za
| Tel: | +27 11 466 1673/9 |
| Fax: | +27 11 466 1618 |
| Email: | [email protected] |
| www: | www.moore.co.za |
| Articles: | More information and articles about Moore Process Controls |
© Technews Publishing (Pty) Ltd | All Rights Reserved
printer friendly version