Alarm Management Blueprint: Achieving Pacesetter Status · Equipment and Materials Users Association’s “Alarm Systems, a guide to design, management and procurement” EEMUA publication

Alarm Management Blueprint: Achieving

Pacesetter Status

Matrikon Inc.

July 2007

Alarm Management Blueprint: Achieving Pacesetter Status 2 of 18

Introduction

The purpose of this document is to provide an overview of how facilities are leveraging their

investment in Alarm Management (AM) technology for maximum benefit to production, productivity and safety. By providing this overview document of the functional Alarm Management elements that make up a typical Pacesetter in this area, the process and benefits therein, will become evident. The intention is to use this document in conjunction with Matrikon’s industry wide

experience, so that an Alarm Management model can be developed that makes the best business sense for each facility and their unique goals while fully leveraging the “lessons-learned” within the appropriate industry. Maximizing the potential of Alarm Management technology will produce an

Alarm Management model that improves operational performance while meeting regulatory compliance and safety standards.

The following are the characteristics of a pacesetter facility:

• Developing and adopting an alarm philosophy

• Understanding of industry standards and corporate governance requirements

• Incorporating an alarms and events database

• Defining primary alarm management work processes

• Leveraging technology in all business areas

• Defining metrics for tracking

• Visibility and accountability

• Proven execution methodology

• Continuous improvement model

Each of these areas is discussed in further detail below.

Alarm Philosophy

Pacesetter facilities have a developed alarm philosophy that provides the guiding principles and

targets by which alarm systems are configured and alarm system performance is measured. The alarm philosophy is clearly communicated to all stakeholders in the organization. There is a clear understanding of the standards and compliance requirements within the organization. The Alarm

Philosophy covers the following topics:

• Define the goals and objectives of the alarm management system.

• Define any compliance requirements to industry standards.

• Define roles and responsibilities.

• Define alarm generation criteria.

• Differentiate between process alarms, system alarms, annunciator alarms, and alerts.

• Define the alarm identification procedures and the integration with process safety management processes.

• Describe how to prioritize alarms, and define implementation requirements.


• Describe expected alarm change control procedures.

• Explain alarm performance monitoring techniques.

• Define a continuous improvement model and compliance-tracking mechanism.

After the Alarm Philosophy document is developed, best practices require it to be used in the following ways:

• The document is distributed to personnel outlined in its “roles & responsibilities” section.

• The document is periodically (annually) reviewed and modified to ensure it is up-to-date.

• The document is applied by performing an alarm rationalization for existing alarms.

• New alarms from expansion projects are reviewed using the methodology described.

• New alarms arising from incident investigations adhere to Alarm Philosophy practices.

• The compliance-tracking requirements are reviewed annually to ensure that the system is delivering on the continuous improvement requirements

Through these practices, the site can be confident that the Alarm Philosophy document is part of

the plant lifecycle and fully institutionalized.

Industry Standards and Corporate Governance

Requirements

The Pacesetters have anchored their alarm management program to a well-established standard or

industry best practice. A well-known guide in the area of alarm management is the Engineering Equipment and Materials Users Association’s “Alarm Systems, a guide to design, management and procurement” EEMUA publication No. 191. The ISA SP18.2 standard is currently under development

and will also be providing clear guidelines in this area.

OSHA (Appendix C TO 1910.119-Compliance Guidelines and Recommendations for Process Safety Management) clearly outlines a need for best practices in the area of alarm management. Similar guidelines are also provided by other organizations such as HSE, Responsible Care™, OSH, ISO,

global regulatory bodies, and insurance companies. For example, the insurance industry spends $22 billion per year on equipment damage claims and, as a result, is forcing many insured facilities to implement alarm management solutions. The Health and Safety Executive is also cracking down

on alarm management by enforcing deadlines for facilities if they want to retain their operating licenses. Finally, many companies that are members of the Responsible Care™ program are likely in the midst of improving their alarm management programs, as this has been strongly recommended over the past few years.

Alarms and Events Database

A history of alarm system performance is necessary to provide concrete evidence of facility’s performance. The database makes it possible to define practical and concrete goals within the

alarm management philosophy that are realistic and achievable. More importantly, it is this information that guides the alarm management process, enabling the organization to focus on problem areas and achieve measurable improvements.


Enterprise alarm and event (A&E) historians that collect alarms and events in real time also act as an operational and engineering support tool. For example, the inside and outside operators can

leverage an alarm & events historian for shift hand-off procedures, or as a tool to review and monitor what happened in the previous shift. It may also be leveraged to review incidents by correlating alarms and operator actions with process data, and to verify safe shutdowns and startups.

It is critical that the alarm and event historian collect data from all informational points. In other words, audible alarms, non-audible alerts, system messages, and operator actions should all be archived in the A&E historian. Operator actions, in particular, can help to demonstrate:

• Automation opportunities (new advanced or regulatory controllers)

• Automation problems (range/sizing issues, tuning problems, or valve problems)

• Alarm system effectiveness (through ratio analysis with alarms)

If this data is organized properly, made readily available, and communicated to plant personnel,

then a strong foundation is in place to succeed in the area of alarm management.

Primary Alarm Management Work Processes

For Pacesetter facilities, just generating results is not sufficient. To realize full value from investment, the results generated must be acted upon. This requires the technology to interact

with the plant workflow processes and be fully integrated with daily standard operating practices. Clear roles and responsibilities are usually defined in the Alarm Philosophy, and Pacesetter facilities ensure that these functions are integrated into standard work processes. In other words, work

processes are clearly identified, understood, and executed. The following summarizes the normal functional roles in a plant-operating environment and summarizes best practices procedures and responsibilities.

Plant/Operations Manager

The responsibilities of a plant senior Operational Management team with respect to the alarm management program include:

• Understanding the goals and objectives of the AM program.

• Providing leadership and commitment to the AM program.

• Understanding the industry standards and corporate governance requirements.

• Having established high-level metrics to ensure that the AM program is achieving the defined goals and objectives, and ensure periodic review and reporting of these metrics.

• Supporting an organizational structure capable and committed to executing and sustaining an AM program.

• Reporting into corporate-level requirements for tracking of enterprise-level goals.


Operating Supervisors

The typical responsibilities of an operating supervisor/superintendent are similar to those of a plant manager, but deal more with the day-to-day monitoring and enforcement of the defined AM work processes. In particular, operating supervisors/superintendents must sustain performance for their

own operating areas by monitoring performance and ensuring that the AM technology is being fully utilized for operational improvement and benefit.

The key responsibility for a shift supervisor is to identify and communicate the best practices to

operations. Specifically, this means conducting training for panel operators using past alarm and event data. The shift supervisor also participates in alarm change practices, such as approving/rejecting “shelved” or “inhibited” alarms. The supervisor should ensure maintenance is acting on these alarms (work tickets submitted) and that they are not forgotten over time.

Responsibilities include:

• Ensuring that the alarm management system is providing the support required to the Operators in ensuring the safe and reliable operation of the unit.

• Daily reviewing of unit-level operating alarm targets.

• Identifying problems and ensuring problem resolution.

• Leveraging the historical alarm and events data to benchmark operator performance, loading, and work distribution.


• Ensuring that the operating teams are following the goals and work processes defined in the plant Alarm Philosophy document.

• Ensuring that effective Management of Change (MOC) procedures are being followed.

• Ensuring that the operating teams are fully leveraging the A&E data for process understanding and effective operation.

Engineers

Process engineers, operating engineers, and process control engineers support the safety, reliability, and optimization of all units. A poorly designed or operated alarm management system

will have a negative impact on these goals and, thus the Engineering team is an integral part in ensuring that the AM is respected across the entire AM life cycle. Some of the engineering tasks that can support the AM requirements or leverage the AM technology include:

• Leveraging the historical A&E database for incident reviews and process analysis.

• Identifying control opportunities and poorly performing automation assets.

• Participating in review of alarm system problems and supporting required modifications (e.g., change DCS settings as required to remove chattering)

• Ensuring effective integration of process safety management procedures with alarm management requirements

• Supporting integrity of DCS alarm system with respect to AM audit requirements (ensuring

control system settings match the Engineered settings)

• Ensuring integrity of the master alarm database and AM MOC procedures (ensuring documentation & references are maintained)

• Supporting the rationalization process.


Maintenance Technician

Alarm and events data contain useful information for the Maintenance Technician. The data can be used both in daily maintenance and for preparation of a turn-around. Alarm management standards also focus on the maintenance and support of the instrumentation systems to ensure

that the end devices are properly supported within the context of the AM program. The plant maintenance functions can interact and be greatly impacted by a well-defined AM program. Some of the more common interactions include:

• Establishing a maintenance program that includes written procedures for maintaining,

testing, and repairing alarm systems.

• Understanding the alarm system maintenance requirements and the definition of these requirements in the alarm philosophy document.

• Leveraging the A&E historical database to optimize the maintenance workload. For example, prior to turn-around, list safety instruments that have actuated “recently.” It may be possible to exclude these from turn-around activities, thus minimizing time.

• Leveraging the automated collection and storage of A&E data to facilitate any equipment

data recording requirements for condition-based monitoring requirements.

Panel Operator

The Panel Operator is the primary client for the AM system and will drive much of the requirements. Effective interaction with the system and ability to fully leverage the technology for operational improvement are essential in any facility. The Panel Operator is expected to interact

with the AM system in the following ways:

• Understanding and supporting the goals and objectives of the alarm management program.

• Supporting the development, update, and access of alarm assistance information.

• Understanding and recording the impact of poorly performing alarm systems on the

operation of the facility.

• Effectively processing and managing the real-time information of an alarm system.

• Understanding and supporting the MOC processes for the effective maintenance of the DCS

alarm settings.

• Fully leveraging the A&E historical database for improved operational performance, including standard reports for shift change, reports for outside operators, incident capture, and training review.



Leveraging Alarm Management Technology

Pacesetter plants not only use the implemented technology for its primary alarm management

purposes, but also leverage the technology in other business areas. This enables the facilities to truly “institutionalize” alarm management within the organization. The diagram below shows the different areas where the alarms and events data and technology can be leveraged across the organization.

Alarm&Events

Database

Alarm&Events

Database

Alarm Monitoring

Alarm Analysis

Alarm Management

Alarm Monitoring

Alarm Analysis

Alarm Management

Maintenance SupportMaintenance Support

Engineering SupportEngineering Support

Operations SupportOperations Support

Environmental, Health and SafetyEnvironmental, Health and Safety

Optimize & Manage Resource AllocationOptimize & Manage Resource Allocation

Maintenance Support

Open access to electronically stored alarm and events data will provide immense maintenance support. It allows plant maintenance teams to use this data in their analysis and have it automatically integrated into condition-based maintenance requirements. The ability to also flag

certain types of alarms as maintenance-based alarms allows simple access and automated reporting. Some specific examples of such applications applied in facilities include:

• DCS integrity alarms.

• Tracking and verifying interlocks, safety alarms requiring routine test.

• Identifying and tracking transmitter errors.

• Identifying, via operator actions, problematic control loops.

• Integration into “Predictive Maintenance Program” such as Vibration Monitoring to predict

compressor failures and Heat Exchanger temperature analysis to track fouling and predict failures.



Engineering Support

Alarms and events data can also be used for engineering support. Specific areas where the data is being used for engineering support are outlined below:

• Integrating alarm & events data with process data directly in the historian tool set. This

reduces the time and effort in troubleshooting process upsets.

• Integrating reliability analysis with supporting data from the alarm & events database.

• Analyzing the impact of process upsets and poor unit performance on overall plant profitability.

Optimizing and Managing Operations Resource Allocation

Traditional data (operator loop count) are poor metrics for optimizing staffing levels. The alarm & events database contains the information required to best assess and optimize DCS operator staffing. The data is analyzed to assess the impact of:

• Operator attrition

• Control room consolidation

• New unit integration

• Tracking Operator training requirements


HSE

The Health, Safety, and Environment (HSE) personnel can benefit from the alarm management system by simplifying the access to critical alarms and the automated reporting of key incidents. Typical uses of an AM system include:

• Compliance reporting

• Quickly identifying and troubleshooting environmental/safety alarms

• Providing a secure database for post-audit analysis.

• Integration with enforcement and assist tools.

Defined Metrics for Tracking

An important item for the success of alarm management is to clearly define performance metrics as well as a system to track these metrics. Alarm system performance metrics can be broken down by the functional roles and should be monitored and integrated into standard plant reporting at set

frequency.

Plant Management (Monthly Reporting)

High-level Alarm Performance Indicators (API) reports consolidate facility-unit level alarms into an indication of plant operating stability and safety. These KPIs for the processing industries are designed to identify whether a plant or operating unit is operating with the standards or norms of

the EEMUA 191 guidelines, such that a plant can be assigned to on of these operating environments:


• Overloaded: Both the peak alarm rate and average number of alarms in this facility is such

that a single operator cannot effectively process the alarm information. Thus, the alarm information is of little value and the plant is at risk of serious incident.

• Reactive: Both the peak alarm rate and average number of alarms in this facility is such that a single operator can only process a limited amount of the alarm information and

typically is acting in a purely reactive nature to the alarm information. This could be considered the minimum ‘entry level’ for most plants. Some improvements have been made for the average alarm rate, by comparison with the Overloaded state, but the peak rate during upset is still unmanageable and the alarm system will continue to represent an

unhelpful distraction to the operator for long periods. Thus, the alarm information is of limited value and the plant is somewhat at risk of a serious incident.

• Stable: Typically, by careful selection of which variables to alarm either via a rationalization

exercise or via rational selection of alarms up-front during a project phase, improvements have now been made to both the average alarm and peak alarm rates. Problems due to nuisance alarms have been kept under control by regular review and continuous improvement, but there still remains a problem with the alarm burst alarm rate. In general,

the alarms have been well defined for normal operation. However, the system is less useful during plant upset and, thus is still somewhat susceptible to missed alarms or a potential plant incident.

• Robust: Possibly at the limit of what is achievable with commercially available technology today, this level of performance represents a realizable aspiration for most plants today. The rate of alarming is such that an Operator can effectively process all incoming information and has time to relate alarm system information to required operating actions.

Both the average and the peak alarm rates are under control, the latter under the full range of foreseeable plant operating scenarios. Considered a “Pacesetter” performance region for today’s operating environment.

• Predictive: This level of performance meets the ideal targets set in EEMUA Publication 191,

but for many plants may not be achievable today with commercially available technology; even when achievable, it may not be justified for most plants. It will require fully adaptive alarming, whereby the alarm system predicts the future state of the plant and adjusts its

configuration to meet the needs of the moment, to achieve breakthrough performance on both the average and the peak alarm rate. This is typically the domain of research and development activity, and is likely to be an important step in achieving paradigm shift towards remote manning and the facilities models of the future.

The objective of the management level KPIs is simply to ensure that the business- and safety-level objectives of the facility are not being compromised by the alarm system performance, and to identify on a unit level the areas that are compliant with the goals of the organization. These

metrics are typically visible in the facility monthly reporting structure.


Operating Supervisors (Weekly or Daily Reporting)

The role of the Operating Supervisor is to review dynamic alarm system performance on a daily or weekly basis, in an effort to ensure that performance targets are being met and that any violation

from desired benchmarks can be related to specific unit-level operating problems. Operating Supervisors also ensure that these benchmark performance metrics are visible to the operating and maintenance teams that must provide corrective action to reestablish compliance with goals and

targets.

The dynamic alarm system metrics most often tracked at this level include:

• Average Alarm Rate (should be under 20 per hour per operator)

• Peak Alarm Rate (should be under 15 alarms in 10 minutes)

• Percent Upset (should be under 2%)

• Standing Alarms (should be less than 10 on average)

• Average Action Rate (should be 15-30 per hour)

• Operator Actions to Alarms Ratio (should be >1)

• Top 20 Alarm Percent (should contribute <20% of total)

• Top 20 Action Percent (should contribute <20% of total)

• Priority Distribution (priority 1 << priority 2 << priority 3)


The Operating Supervisors must also track compliance with the established management of change

procedures. This ensures that the work processes defined in the alarm philosophy are being adopted by the plant and that the static configurations of the alarm systems are compliant with design and change practices. The performance metrics typically tracked at this level include:

• DCS settings to alarm master database discrepancies

• Audit trail of who and when modifications to alarm settings were made

Engineers (Monthly or Weekly Reporting)

The Engineer plays a key role in designing and sustaining any alarm management system. If the

alarm system is not configured according to standard industry guidelines, it is most probable that its dynamic performance will not produce alarm rates within the guidelines. Thus, monitoring and reporting of the configuration side will help ensure that an effective alarm management system is being designed. Also, reports of the discrepancies between the DCS settings and the master alarm

database will ensure that the proper MOC procedures are being followed and any alarm setting that has been improperly modified or set, will be flagged.

The performance metrics typically tracked at this level include:

• Configuring alarm metrics (# of alarms per tag, priority distribution, total alarms per

Operator console, etc.).

• Auditing reports on alarm setting deviations from master database.


Visibility and Accountability

The Alarm Management Technology is implemented in a manner that provides clear and accessible information to all plant layers. Visualization becomes a critical element in the effort to present the

right results to the right people at the right time. Pacesetter facilities have adopted Web-based visualization and collaboration tools to address this need. The power of visualization is to provide large amounts of alarm data in a few performance metrics that enable users to identify problem

areas. Results from the different process areas are shared within the individual site and within the overall corporation, such that the goals of the entire enterprise can be tracked.

Execution Methodology

Pacesetter facilities have adopted a life cycle approach to their alarm management initiative. This

life cycle ultimately defines the overall workflow required to deliver on the objectives of the alarm philosophy. The workflow of these general steps is outlined in greater detail through the following alarm management life cycle in the figure below. This pertains to plants embarking on an alarm

management initiative and plants that have a well-established program.


Alarm Management Life Cycle

Continuous Improvement

Continuous improvement is an essential part of any Pacesetter AM strategy. Although the maintenance and monitoring tasks can ensure that performance is sustained, the continuous

improvement element is designed to identify and flag areas where improvements/enhancements are possible and changes can bring added business value to the alarm management initiative. The feedback loops in the alarm management life cycle diagram shown in the diagram above are designed to ensure that any new items or areas for improvement are clearly identified and

integrated into an action plan.

Philosophy & System Requirements

Audit

Rationalization &

Design Requirements

Identification

Design

Implementation

& Initial Training

Maintenance

& Refresher Training

Operation

Management

of Change

Monitoring &

Assessment

4

3

5

1 10

2

7

8 6

9


On a broader scale, some of the typical elements adopted by plant Pacesetters to ensure that they

are adopting a best practices approach to alarm management include:

• Yearly review of Alarm Philosophy document

• Yearly review of alarm management MOC procedures

• Yearly review of industry standards and best practices guidelines

• Corporate benchmarking of facilities

© Copyright 2007, Matrikon Inc.

Documents

Alarm Management Blueprint: Achieving Pacesetter Status · Equipment and Materials Users Association’s “Alarm Systems, a guide to design, management and procurement” EEMUA publication