Ive been to the promised land twice, Nick Sands of DuPont, co-chair of the ISA18 Alarm Management Standard committee, proclaimed in his talk today at the Honeywell User Group Symposium going on this week in Phoenix. Fifteen years ago, I worked at a plant where, with a much older generation DCS than we have now, we were able to get to the point where there were no alarms for days on end. Ive been there again, and the new plant Im working on will go there too.
The promised land is the land of rational alarm management. Like most process engineers, Sands did not get there easily. Once upon a time, there was a young engineer who happened on an exceedingly well-done alarm management situation. There was a process unit that used concentrated nitric acid. If there was a leak, trenches led the acid to a sump, where a pH analyzer was installed. At low pH, an alarm caused the operator to go look for the leak. A young engineer came along and put a pH control system in on the sump. The pipe leaked, but the alarm never went off because the young engineer had forgotten all about the alarm.
The alarm system is a key indicator of operational excellence. DuPonts Nick Sands discussed the importance of a comprehensive, life-cycle approach to alarm management.
The answer, Sands said, is to implement a life-cycle-based approach, as the ISA18 committee is recommending in its soon-to-be released standard.
There are two starting points, Sands explained. First is to develop an alarm management philosophy, including roles and responsibilities, definitions, guidance for rationalization, guidance for design, guidance for implementation and guidance for operation and maintenance. The philosophy should establish clear performance goals for monitoring, metrics with goals and action points and describe a management-of-change process and audit requirements, including frequency and areas of focus.
The other important step is to begin to monitor alarms. I wouldnt start without data. Get some system installed, Sands said, so you can see what is going on.
Once youve established your philosophy, you can begin to identify potential alarms through P&ID reviews, operating procedure reviews, incident investigations and quality reviews, Sands said. Alarms should be set at optional performance boundaries. Alarms in normal operation range are nuisance alarms. Potential alarms are rationalized and documented. Classification and prioritization are included in rationalization. Sands defined classification as grouping alarms by management requirements (critical, Layers of Protection [LOPA], environmental, ISO quality, etc.) while prioritization is for the operator, grouped by urgency of response, consequence, time to respond and the kind of response required.
The ISA18 draft alarm management life cycle includes practices for new facilities and existing plants, builds on the work of ASM and EEMUA and includes practices to solve the common alarm problems.
Then you move into operation mode, and you find out how well the designed alarms work. There are two very important modes here: suppression, which is any method to hide an alarm from the operator; and shelving, which temporarily prevents indication according to specific rules. The other mode is out-of-service, which removes the alarm from the operator and sends it to maintenance mode. You need to know what bad is, Sands said, and when you see it, get up out of your chair and go fix it.
No alarm management life cycle is complete without an effective management of change (MoC) procedure and an audit component. Alarm management, Sands reiterated, is a process, not a project. If you only fix one alarm a week, he said, you can gain a significant reduction in alarms after a time.
The alarm system is a key indicator of operational excellence, Sands said, It improves safety, reliability and efficiency. Dont wait for incidents. Use the life-cycle approach.
