THE PROCESS control industry’s understanding of human machine interfaces (HMI) has evolved. In the early days of automation, the pneumatic panel became the first process industry HMI. These panels (See Figure 1 below) were well planned and broken down into task-specific sections, optimizing the panel operator’s performance. Without incorporating task analysis and forethought into the optimal instrument layout, the panel operator would have had to run backward and forward and up and down the panel.
Early panels allowed operators to manage specific equipment, such as a boiler or a furnace, from one position with clear understanding and separation of controls. For example, a fuel gas system and boiler feed water were grouped into a logical concentration. The ignition system also was in a logical location with appropriate alarms and interlock mechanisms within easy reach. These panels often had an overview mimic of the process, which was very comprehensive, but often out of date.
FIGURE 1: TRADITIONAL PANEL
Early control panels only indicated equipment status (lights at left), annunciated alarms (two-deck component at right), displayed process variables (windows at center), and relied on human perception (operator in foreground).
In the 1970s, this panel was replaced with an early DCS which didn’t have an overview feature, and only allowed the operator access to a group of eight controllers (See Figure 2 below). This initial DCS had many pages of these groups, and operators managed to memorize which controller was on which page. Less familiar operators relied on special keyboards to navigate to relevant groups. Plus alarms within a group caused the keyboard button to annunciate the alarm.
Each controller was a software representation of the pneumatic or electronic equivalent controller located on the panel. The group was configured based on layouts on the panel, and no new task analysis was done. So, sometimes due to the limit of only eight controllers per page, a necessary grouping was lost, and operators had to navigate other pages to make appropriate moves to resolve an abnormal condition. Though operators lost the trend that was with the controller, they could navigate to a detail display to retrieve this information. This was only done during the diagnostic process, so normal operation lost a valuable insight to changing variables and direction of change. The big picture provided by the mimic panel soon became outdated, leaving operators with only a keyhole view to the process. The only overview the system provided was an Area and Unit overview display, which provided a summary of the group display.
The discipline of task analysis was also lost in this transition, and the operator became adept at finding information, but often suffered from tunnel vision. Hence, the need for additional alarms was conceived, and DCS vendors applied software capability to the solution. Though the system had some minimal trending provision, it was difficult to use and not always user friendly, so operators became reluctant to use the trending system. Some managers tried to reuse some independent trending equipment, but because there was no dedicated person to service the trending equipment, they too became superfluous.
FIGURE 2: DCS: THE EARLY YEARS
Originally, DCSs didn’t have an overview feature, and only gave operators access to a group of eight controllers.
The next DCSs came with powerful capabilities, and allowed any single point the ability to configure multiple alarms per controller. Unfortunately, without any disciple or management of change, the plants’ alarms went from 75 hardwired alarms to 24,000 alarms with some duplication. A single event could initiate several of these functions such as level, plus rate of change, and sometimes bad process variable as the transmitter went out of range.
This generation of DCSs (See Figure 3 below) also provided simple graphical representations of the process. These early graphics were crude and fairly low resolution, and their design was based on simple segregation of the plant P&ID. This was the control engineers’ perception of the process, and how they related to it. Before long, operators complained about the graphic or schematic designs because they didn’t reinforce the operator’s mental model of the plant, and the loss of task organization needed the operator to redesign the graphics.
|FIGURE 3: STICK FIGURES|
Initial, DCS-based process representation graphics were crude and fairly low resolution, and their design was based on simple segregation of the plant P&ID.
Operating Display Problems
Graphical shortcomings have contributed to human errors and incidents, some with severe consequences. For example, regulatory inspectors identified several HMI-related issues as contributing to the July 1994 explosion and fire at the Texaco Pembroke refinery in Wales, U.K. Under the fluid catalytic cracking unit (FCCU) control system that existed on the day of that incident, any imbalance in liquid flow through the FCCU could lead to liquid accumulation. Therefore, it was important that any imbalance in liquid flow be detected, so the mass flow of the unit could be returned to a balanced position. The plant was well equipped with alarms, which showed where liquid was accumulating, but it was more difficult to assess the relative flows through the vessels and the overall mass balance of the unit. The process of fractional distillation requires that one raw material be divided into many fractions.
While it was easy to assess the unit feed rate, the various outputs of the process were spread over five product streams. This caused a practical problem because the accumulated outputs of the system may be spread across several different control display units, and the overall output of the unit wouldn’t be readily apparent unless the control system were configured to meet this need.
Unfortunately, this need reportedly wasn’t met at Texaco Pembroke. There were no displays providing an overview with an appropriate time scale on the FCCU. Therefore, it was difficult to obtain a complete picture of the whole or large sections of the process. In a mostly display-screen-based operating system, the provision of good overview displays is especially important because the operator doesn’t have a continuously available set of panel indicators.
During the incident, no one from the operations department had a complete picture of the FCCU. The actual FCCU graphics on the operating displays weren’t best designed or configured to help operators control the process. The operating graphics on the FCCU contained limited amounts of process data per graphic, and didn’t use color and intensity to highlight process data. Some graphics contained details of the internal structure of plant items. However, displaying the structure of plant items is only useful if measurements or derived information, such as pressure, temperature and flow, also are displayed to give the operator information relevant to plant status. At times, the text was unnecessary in the FCCU graphics. Text takes up large amounts of space on a graphic, and there were instances where the same information could have been better indicated by color change, according to U.K. Health and Safwety Executive (HSE) investigators, reporting on the disaster in "Investigation into the Explision and Fires on the Pembroke Cracking Co.'s Plant at the Texaco Refiner."
The HSE investigators' recommendations on human factors are of immediate interest in designing HMIs, especially the report's Recommendation #3: Display systems should be configured to provide an overview of the condition of the process including, where appropriate, mass and volumetric balance summaries.
Other studies into these types of human errors have identified that 30% of errors are attributed to the operator not becoming aware of an abnormal situation due to information overload, vague or misleading information, inappropriate levels of detail and operator vigilance decrement. Further research identified that an additional 20% of errors were attributed to the operator’s inability to identify the root causes in a timely manner due to insufficient knowledge, lack of operator experience, conflicting priorities, inaccurate labeling or information presentation, and excessive mental tasks. Many of these issues can be resolved by a well designed HMI.
Many of these traditional problems were initially introduced by poor guidelines from DCS manufacturers and even worse project implementation practices by vendors. Fortunately, vendors have continued to evolve the DCS, and now the graphics are high resolution, and are becoming web based. Unfortunately, the vendors again haven’t invested in human factor education (See Figure 4 below), and now promote 3-D objects that take over 60% of the screen. This means that 60% of the screen’s fixed data is unfortunately in the foreground, while real data useful for detecting and diagnosing abnormal situations is shoved to the remaining 40% of space in the graphic’s background.
FIGURE 4: HMI DESIGN MISTAKES REDUX
A lack of human factor education had led HMI makers to promote 3-D objects that fix more 60% of a screen’s data in the foreground, while real data useful for detecting and diagnosing abnormal situations shoved into the remaining 40% of the graphic’s background.
Ergonomics Can Resolve Operator Errors
In addition, the process industry hasn’t responded to the human error problem by following guidance that’s now available for alarm management. EEMUA, the organization that produced the well known "Alarm Management Guidelines," Publication 191, has also produced a similar guideline for graphics called "Process Plant Control Desks Utilizing Human-Computer Interfaces: a Guide to Design, Operational and Human Interface Issues," Publication 201. This document hasn’t had the same publicity or exposure, and needs further detail, but it’s a great start to improving the standards and current HMI or HCI practices. As knowledge and papers available on this subject are examined, a researcher will discover it’s not that information is lacking.
Other industries, such as the nuclear field, have good guidelines for HMI developers, and many of these are directly relevant to the process industry. Likewise, ISA has produced recommended practices for Fossil Fuels on HCI and task analysis, which appeared in the organization's RP 77.60.05-2001 report, "Fossil Fuel Power Plant HMI Task Analysis."
In fact, the latest recommended practices for developing graphics includes starting with, not just a task analysis as was done 50 years ago for the control panel layout, but more in-depth analysis using a variety of techniques. These formats include:
- Hierarchical task analysis
- Tabular task analysis
- Timeline analysis
- Link analysis diagram
- Human error analysis tabular
Some of the latest practices associated with HCI development directly address these human factor issues by first providing a good graphic style guide. Many of these practices are identified in the EEMUA 201 document.
The background of HMI graphics also has changed from the traditional black to a grey background to mitigate glare. Most lighting schemes will produce glare and contrast issues when first delivered through glass VDUs. This problem was dramatically reduced as technology changes allowed LCD screens to be implemented. Black backgrounds facilitated operators turning the control room lights out, but use of multiple bright colors on these black backgrounds added to their complexity.
Graphics also have become easier to read as developers moved to brighter grey backgrounds, and reduced use of added colors by using high and low-intensity hues. Glare and reflection were reduced, but potential problems can still arise. Moving to brighter background color can introduce new problems if a control room’s lights are still turned out. Ideally, the control room should be designed to facilitate operator vigilance, especially with 12 hour shifts, by illuminating the control room between 500 and 800 LUX.
As mentioned above, the practice of using grey on grey for lines and vessels has allowed developers to put the fixed information into the background of the graphic, and place the variable information in the foreground.
Reserving colors and limiting color adoption in the graphic enables easier identification of off-normal or abnormal operation using grey on grey as normal and color as an attention getter. When a high-priority alarm annunciates on these displays, it becomes very visible on the graphic. And when the alarm is acknowledged, the color intensity is reduced to half, making the alarm still visible, but not the highest attention. This allows priority to become part of the graphic design.
Some investigations have been done about using graphical analog instruments, rather than just using digital numbers. Level and flow gauges are easier to read and make estimates of than relying on purely digital information. The aircraft industry mixes digital and analog data to provide good situational awareness, and uses analog indicators and accuracy where needed with its digital data. These new graphic systems use objects to represent mathematical solutions, such as mass energy balance and polar star techniques to represent change, and how it impacts other physical variables. This provides a better understanding of how to correct problems.
The technology now allows integration of information outside the DCS, such as Microsoft Word and Excel documents to be integrated into the graphic. By using pull-down menus, one of these IT based documents can be launched to provide calculations, lookup tables, procedures, and diagnostic information. This may include alarm information, stating the purpose for the alarm, typical problems that initiate the alarm, what corrective action is expected, consequences of no action, and other supporting information that would be useful to the operator.
As the HMI or HCI world continues to change, we have the power, but we need the discipline and knowledge of how to use this technology. We need to recognize that the problem we’re solving is called “situation awareness,” and alarms, trends and graphics are an integral part of the awareness solution.
This solution requires a true overview display, one that allows operators to monitor the important equipment within their scope of control, and provides clear indication of the highest level of alarms. The display needs to provide production information that will help the operator monitor the most important key performance indications (KPIs). Some solutions may include a graphical bar chart showing normal, the ± off-normal indication, and relevant alarm data.
The graphic system of the future will have trending embedded into the displays, operators again will use trends to predict off-normal, and they’ll be less dependent on alarms. The new system will exploit new navigation techniques, such as hierarchical navigation, which moves from overview to unit view to detail view, and finally down to diagnostic views and controller change zones. This form of navigation allows use of yoking techniques. This will allow automatic screen setup based on selecting a point, and populating the other displays with the relevant information associated with that point from overview to unit to detail to trend and alarm data.
Recent graphic projects also have exploited large overview screens and video walls, which reduce the amount of glass required at the console, and can significantly reduce the cost of the console because fewer workstations are required.
Another anomaly with HCI development is that graphics should be developed before the console, and the console should be developed before the control room. Unfortunately, we do this in reverse order, which causes problems with the flow and concentration of information.
Consequently, the future of the process industry should be driven by standards organizations such as ISA. Industry needs to free up and encourage engineers to address this topic. Research should be done first to identify what has worked well during this evolutionary process, looking back at how operators and supervisors used the panel, as well as how operators adapted to group displays and the new transition to cool graphics that provide good situation awareness. As an industry, we also need understand the research and knowledge that the nuclear, fossil fuels and aircraft industry have identified as best practices in HMI development.
The final solution will not be driven by operators or control engineers, but by a management team that understands the issues with the existing culture, is brave enough to follow the leaders in industry, and invest in good task management and up-front project loading. Investment is needed in graphical style guidelines suitable for all DCS vendors systems and project-specific requirement specifications. This specification is a how-to guide to implementing the style guide on a specific system and/or project. Investment in graphical object libraries is also required to provide more than traditional valve, pump, and compressor objects, so the new systems will have diagnostic modules that help the operator understand more advanced information, such as material mass and volumetric balance.
Driving human error out of systems and improving safe work practices is a management responsibility, but so far management still lacks knowledge and experience to prevent those errors. They have a poor understanding of human factors, and are complacent to the needs of their operators. The control engineer can do a service to his company by raising awareness of this topic at the highest levels in an organization, and pursuing best practices on the control system upgrade projects.
|About the Author|