ISA first with alarm standard
By Nicholas Sands and Donald Dunn
Alarm management has been a problem in plants since the development of control systems. The problem intensified with the development of distributed control systems (DCSs) and programmable logic controllers. These types of systems have increased the span of control for process operators; yet operators are still expected to maintain control of complex processes during steady state and abnormal conditions. This makes effective alarm management an important consideration for the operator, the automation professional, and operations management.
That is why the ISA18 standards committee on alarm management spent the past five years building consensus to finally produce the first standard for the management of alarm systems in the process industry, ANSI/ISA 18.00.02.
The ISA-18.2 standard focuses primarily on the work processes and practices that an owner/operator should follow to determine, document, design, operate, monitor, and maintain an alarm system. This is one of the first standards within our industry that focuses on work processes and practices in lieu of equipment or hardware.
Following incidents in the U.S. in the late 1980s and early 1990s, organizations such as the Abnormal Situation Management Consortium (ASM), the Health Safety Executive (HSE) in the U.K., and the Engineering Equipment and Materials Users Association (EEMUA) began to develop practices to minimize the consequences of plant upsets. While the automation profession has embraced these practices globally, ISA-18.2 is the first consensus standard on alarm management that expands on the work of ASM, HSE, and EEMUA. With approval of the American National Standards Institute (ANSI), the standard should become a recognized and generally accepted good engineering practice.
The alarm system notifies the operator of abnormal situations so the operator can take corrective action and prevent an undesired consequence. The system must be designed for effective communication of a single alarm during normal operation and the communication of many alarms during a major plant upset. The purpose of each individual alarm is to notify the operator of a specific condition that requires a corrective action. It is important for the effectiveness of the entire alarm system that each alarm is an audible and/or visible means of indicating to the operator an equipment malfunction, process deviation, or abnormal condition requiring a response.
The ISA-18.2 committee has placed the existing alarm management work practices into a holistic system for managing an alarm system, represented by the lifecycle model for an alarm system. The lifecycle approach is more consistent than cycling between improvement projects and periodic incidents when performance is not maintained. Reducing upsets, incidents, and costs are the benefits, also known as operational excellence within the process industries.
The alarm management lifecycle covers the design and maintenance activities including the following components: philosophy, identification, rationalization, detailed design, implementation, management of change, operation, maintenance, monitoring, and assessment and audit. The lifecycle model can be useful in identifying the requirements and roles for implementing an alarm management system.
The foundation of alarm management is the development of an alarm philosophy that documents the objectives of the alarm system and the processes to meet those objectives. The definition of alarm priorities, classes, performance metrics, performance limits, and reporting requirements are determined based on the objectives, definitions, and principles. The philosophy specifies the processes used for each of the lifecycle stages, such as the threshold for the management of change process and the specific requirements for change. The philosophy is maintained to ensure consistent alarm management throughout the lifecycle of the alarm system. The development of an alarm philosophy is a requirement of the ISA-18.2 standard.
Rationalization is a process that enforces the definition of alarm and documents the abnormal condition, corrective action, and consequence for each alarm. The process also documents the alarm class, priority, and the time the operator has to respond before the undesired consequence results.
Monitoring is the process of gathering and reporting data on the alarm system. Assessment is the comparison of the system performance against the performance goals. Monitoring and assessment are critical requirements of the ISA-18.2 standard.
The lifecycle model developed by the ISA18 committee puts the known practices of good alarm management together into a usable framework. These practices address the known problems in alarm systems within the process industries. By following these practices, end users will increase operational excellence, resulting in improved business performance.
ABOUT THE AUTHORS
Donald Dunn is a consulting engineer at Aramco Services in Houston and co-chair of the ISA18 standards committee. E-mail him at firstname.lastname@example.org. Nicholas Sands is a process control engineer at DuPont in Newark, Del., and co-chair of the ISA18 standards committee. E-mail him at email@example.com.