Alarm Management at Bayer
27 April 2009
Felix Hanisch, from Bayer Material Science, and Stefan Ochs from Bayer Technology Services, jointly presented an approach to alarm management and its results. In their combined presentation, they indicated that the primary driver for alarm management is concern about avoiding disasters, such as the explosion at the BP Texas refinery in November 2005. Additional drivers are regulations, for example from the German federal environmental agency, and contractual obligations to insurance companies.
In general, practice, operators evaluate the alarms displayed by the DCS and take appropriate action. However, alarms are cheap, and too many alarms are usually configured. As a result, operators are flooded by alarms, distracting them from operating the plant. Operators ignore many alarms, or acknowledge them without examination, although systematic evaluation is necessary. Usually alarms are defined by tag and not by function. Displays are mostly simple lists, and the historical alarm archive is limited.
Ideally, the control system and the operator drive the process to its optimised target, situated at the boundaries of the envelope of normal operating conditions. They should prevent the process from make excursions into abnormal, upset, or unsafe operating conditions that could lead to product losses, shutdowns, or disasters. The purpose of the alarm system is to indicate where the process is, where it is heading, and what the operator needs to do.
Bayer applies the following approach, inspired by guidelines such as EEMUA, IEC 6508, and the NAMUR Alarm Management Working Group.
To start with, alarm engineering guidelines are needed to meet the goal of one alarm per ten minutes during normal operation, and ten alarms per ten minutes during abnormal operation.
Alarm classes should be defined, each with a required reaction time. These should be linked to the state of the process (normal or abnormal operation, start-up, steady-state, transition, shut down). Process and system alarms should be differentiated.
The alarm management improvement process has three steps:
1. ALARM ANALYSIS: First, the archiving, reporting, and display of alarms must be made uniform. Each alarm must be discussed individually, checked for consistency with the engineering guideline, and operator reactions must be evaluated. Wrong alarms, such as the ones related to temporary equipment problems or consequential alarms, must be identified. KPIs must be defined and benchmarked. Benchmarking shows that not all plants are doing well, when comparing actual alarm KPIs with optimal value.
2. STATIC ALARM MANAGEMENT: In this phase, the alarms are reengineered for compliance with the engineering guideline. In addition, interventions, reaction time, consequences, and priorities are defined for each alarm. A team analysing and reengineering alarms can reduce the amounts of alarms by 50 per cent in a first round. The team is initially very effective since top 10 alarms correspond to 50 per cent of alarm occurrences. If this phase yields insufficient results, dynamic alarm management is required.
3. DYNAMIC ALARM MANAGEMENT: Alarms can be made state-based and aggregated. Alarms can be suppressed for certain areas or equipment. As a last resort, alarm flood suppression can be used. Alarm management is more than just installing a system; it is an interdisciplinary team effort that requires commitment from production and should be part of the metrics of operations management. It requires monitoring progress of KPIs that may change with the process state. Benefits are increased safety and increased operator confidence through reduction of abnormal situations. Operating efficiency improves when improperly working controls or inappropriate operator interventions are detected and improved.
Contact Details and Archive...
Most Viewed Articles...