The Formentor story
Technical success but maintenance failure
Formentor is a research program being implemented in Europe under an Eureka (project #19) by CAP GEMINI SOGETI, the JOINT RESEARCH CENTER of the Commission of the European Communities and AEROSPATIALE PROTECTION SYSTEMS. The goal of this team was to develop a risk management solution in the form of an intelligent watchdog. Formentor is a decision support system that provides the process operator in charge of process supervision with:
- situation assessment,
- diagnosis support,
- reactive planning,
- prediction capabilities
Formentor was intended as an added-value system to the existing control systems, to provide a global and permanent overview of the process state, helping to react to deteriorated or disturbed operation, allowing the anticipation of severe process states by detection of precursor signs and malfunctions, measuring decisions impact on the process behavior, limiting the shutdowns and improving quality of the products.
Lesson: Nonmonolithic solutions
The Formentor team have completed two industrial prototypes one in BP Grangemouth in Scotland, and the other at Total in LeHave, France. Both of these applications have been abandoned by the industrial sponsors due to the high cost and required knowledge skill set to maintain the application. As small changes in the plant equipment or the process operation occurred over time specialist computer experts were required to change the models within Formentor.
Also the display for Formentor was not incorporated within the control system platform but on a separate independent system. This meant that when an operator had a disturbance they would have to move away from their main view of the process and their only means of real control the DCS control system. Operators will not do this regardless of the extra information that may be available in a box somewhere else in the control room. For a diagnostic or decision support tool to work it must not add to the confusion but must seamlessly work with the existing control system. The Abnormal Situation Management (ASM) team have discovered that there are distinct modes of operation one being normal operation and the another being abnormal operation and the interface for the two modes may be completely different. What is required is context sensitive views based on what is happening and what is being achieved. Formantor tried to maintain both views which could be confusing to the operator and may show conflicts that do not exist.
Designing this type of solution independently for each plant application is not cost effective and may not be necessary as we consider the history of plants and processes and the number of similar and repeatable faults.
Segmentation of problem space
The ASM team have confirmed that the type of problems presented by the petrochemical industry are not unique but any single fault needs to be resolved from thousands of variables with hundreds of possible scenarios relative to a single failure. The trick is isolation and elimination in a lot of cases. This type of workspace does not lend itself to a single solution and we have discovered that multiple assessment and evaluation/comparison techniques are required. The production of tools to eliminate or identify sensor faults is only one step in the process. Early identification of the initial occurrence of the fault is important and unfortunately the fault may be masked by control system compensation before the fast and often catastrophic consequences occur.
The User Interface domain currently supports reactive response to problems, however, this is not to successful due to the speed of response required and the elimination of nuisance and conflicting data. The introduction of diagnostic information needs to managed and the lessons learnt from poor alarm management practices needs to be applied. Formentor had a interesting User interface that visualized risk to existing safety, quality and production goals but the lack of context with the existing control strategies and information limited its use to the plant operator.
Multiple applications for each problem
Formentor has died within BP and Total due to support and integration issues and AEGIS must learn the lessons that have led to its down fall. Poor and inconsistent Human Interface has resulted in many failed advanced technology problems in the past. Solving a single unrepeatable problem is not a cost effective business proposition. The idea of identifying common problems and having common repeatable tools is by far a way of making progress in this area. By eliminating all the recurring faults will allow the man and machine to work together to resolve the more complex and unidentified problems.
The Advanced Air Traffic Control system story
Billions spent solving hard technical integration problems, but human factors issues intractable; system abandoned.
Lesson: When designing supervisory system, design for the USER
The AEGIS Story
AEGIS or the Abnormal Event Guidance Information System1 was not designed in isolation by creative thoughts of individual scientists. The ASM program spent over a year identifying the problem, creating Functional requirements and investigating available technologies. From the collective sources of information a basic design was implemented, tested and refined until a model of the solution was created. This model we call AEGIS and is being tested against known industrial problems.
OK, paid attention to cultural issues, nonmonolithic approach, and it is user centered... Success not known, but issues include:
- integration with existing technologies
- emergent effects of connecting previously isolated functions
- Paradigm shift-impact on role of DCS in operations
- Impact on the culture of operations
- Field now in the loop again
- accommodation of various styles in member companies
- Need to prepare the way for the paradigm shift--just introducing it will fail.