By Ellen Fussell Policastro
Human response is the same no matter what process you are running.
So, whether you’re making chemicals, pharmaceuticals, or using a batch process or continuous process, users need alarm system management because human response will apply the same in any situation.
The problems are the same across industries, said Bill Hollifield, principal alarm management and HMI consultant at PAS during a webcast Wednesday giving an overview of ANSI/ISA-18.2-2009, Management of Alarm Systems for the Process Industries.
“If you have a DCS, or any control system presenting alarms to any operators, and they’re doing something based on it, then it applies to you,” Hollifield said.
The standard is a framework for alarm management lifecycle steps and activities. However, it doesn’t tell you how to do these steps, only what to do. There are so many mandatory things in the standard identified by the word shall. “The first one has to do with alarm philosophy.”
“You shall have one,” he said. It’s a comprehensive document on how to do alarms right. There’s also a diagram about the lifecycle. “The document is written in a set of lifecycle stages. The lifecycle is a requirement and document structure, a way to write a document so the right information gets in the right place and is not repeated.”
“It’s not a project plan; it’s a document structure,” he said. “Don’t get hung up about what order to do these things in.” What you see in the lifecycle graphic goes beyond that into best practices. A comprehensive alarm philosophy will take a lot less time and effort. “If you don’t have one you need to get one.”
One of the most important definitions in the standard is the actual word, alarm, defined as “an audible and/or visible means of indicating to the operator an equipment malfunction, process deviation, or abnormal condition requiring a response.”
“So you need to reserve your alarm for things that meet this definition, not a bunch of mess that has no business being considered an alarm,” Hollifield said. “There should be a push notification to the operator – an intentional interruption to the operator. The alarm system better be something important.”
One important aspect of alarm management is keeping the number of alarms manageable. “If you say your operators can handle up to 200 alarms per day, nobody will believe you,” he said. A practical solution is software “because nobody wants to count alarms and do spreadsheets. You’re not interested in doing the analysis but in seeing the results of the analysis so you can publish it on the Intranet.” It’s required that you use the principles and practices in alarm rationalization.
Once you have an alarm philosophy, it’s important to have a way to examine existing alarms to ensure they’re in compliance with your philosophy. “You use those principles to determine alarm types, setpoints, logical conditions, alarm classification, and the like. You must have information about all your alarms.”
There are requirements for operators, such as training and documentation. “If you modify anything, you need to do some kind of training,” he said. A practical way to comply with that is to make your master alarm database accessible to your operator. Maybe you can have a browser they can click and call up the information. Or embed it in the HMI, so when an operator sees it onscreen, he can call up that element that retrieves the information to give him the guidance he needs.
The standard does not require you test your alarms. But it does require you determine if any alarms need testing and you follow procedures for documenting those tests. Users also must have a management of change (MoC) for those alarms.
Beware of Alarm Classification
There is one new concept in the standard called alarm classification.
“Think of it as a group of buckets,” Hollifield said. “You have to put your alarms in different buckets that all hold a set of rules.” Alarms that need periodic training is one bucket. You’re required to classify your alarms, but there’s no certain class you have to have or any certain amount. “We recommend you keep it simple. Don’t confuse it with priority or type.”
But he warned of one specific classification in the standard — highly managed alarms. “My advice is to never ever declare you have any alarms in this classification. When you read the standard, you’ll find 17 different, explicit, mandatory administrative requirements of any alarms you put in that classification. It’s doubtful you’ll have any that need all 17, so don’t shoot yourself in the foot. If you have any alarms that have special administrative requirements, write those down and make up your own classification of those. Call it almost highly managed or anything you want, but don’t call them highly managed.”
Standards Become Regulations
Because development was in accordance with a strict ANSI methodology, a standard has a status or a recognized and generally accepted good engineering practice (RAGAGEP). One general-duty clause from OSHA said you shall document your equipment so it complies with RAGAGEP. So a standard then becomes a regulation.
“You can be expected to show you’re doing something that’s just as good or better or that you’re following the standards. So then a standard can be the basis for fines or other enforcement action,” he said. In fact, the standard is in the process of undergoing adoption as an international IEC standard, IEC 62682 Ed. 1.0, Management of Alarm Systems for the Process Industries. That standard is on schedule for a final vote this October.
Hollifield cited the 2005 BP refinery explosion in Texas City as an example because several years after the incident, there were additional fines assessed by OSHA that had to do with follow-up actions.
Although people might think writing all these standards is making it more difficult for those in the industry to comply, “it’s better for those of us in industry with expertise to take some time to write something and make sure it’s practical rather than to have a bunch of lawyers sit in a room and write something they don’t know much about,” Hollifield said.
The FDA has something similar to RAGAGEP in the pharmaceutical industry, called current good manufacturing practices. (cGMP). “If you look at all the information, you won’t find a lot of detail about control and alarm systems, but they look at performance measures. And they require that you follow up on abnormal situations. So if you use alarms, then you have regulatory expectations of keeping up and controlling those. So you’re not immune if your regulator is the FDA.”
Ellen Fussell Policastro is a freelance writer based out of Raleigh, NC.