Asset Management

Next Steps: From Batch to Procedure-Controlled Automation

The Principles of Batch Automation Are Being Used in Continuous Process to Improve Process Safety and Quality, and to Compensate for Losing Older, Highly Experienced Operators

By Walt Boyes

The ISA S88 Standard Committee, whose work resulted in the ISA-88 Batch Standard, may never have foreseen that the principles and best practices it developed for batching processes in the food, chemical and pharmaceutical industries might one day be the spearhead of an entirely new way to control all types of process plants, whether continuous, batch or hybrid.

Or maybe they did. After WBF, the organization founded to promote batch process technology, and MESA, the organization for manufacturing excellence that grew out of manufacturing execution systems, merged on May 31 (See "FAQ - MESA/WBF Merger"), some of the same people who brought you ISA-88 are now working very hard on ISA-106. ISA-106 is the Procedure-Controlled Automation standard. ISA-106 was designed to leverage the state- and procedure-based functionality of batch processes across the continuous process industries.

About Batch and the ISA-88 Standard

Dave Emerson, director of the U.S. Development Center for Yokogawa, and co-author of BatchML (the language that makes ISA-88 work) says, "The ISA-88 standard has allowed manufacturing companies to focus more on their process and production, and less on software and configuration to automate the processes."

Eddie Habibi, founder and CEO of PAS Inc. concurs. "Yes. Absolutely! The adoption of ISA-88 in the batch industries has yielded incredible benefits in both quality and throughput. Automated batch processes are inherently safer and more optimized," he says. "Leveraging the ISA-88 standards, the batch industries have been able to capture and repeat the performance of their best operators [that is, creating the "Golden Batch"] automatically, every time."

Emerson continues, "ISA-88 enables manufacturing companies to apply more sophisticated automation, and automate processes where there might not have been a business case to automate. The increased attention to more
sophisticated automation enables quality, and increases production and the ability to introduce new products more quickly at lower cost."

Process Automation Hall of Fame member Dr. Maurice Wilkins, who spent most of his career as an end user with companies such as Exxon Chemical, Millennium Specialty Chemicals and Lyondell Petroleum, and is now head of strategic marketing at Yokogawa, is blunt in assessing of the standard's effect. "ISA-88 has also forced suppliers to deal in a common language that all users also understand, with modularity around the way the plant operates and the products are made, rather than how their specific system operates."

Chris Morse, batch product manager at Honeywell Process Solutions, agrees. "ISA-88 enables us to use the same structure and terminology  used by all other stakeholders in the industry. With this foundation, we've invested in features that result in users producing a greater range of products from the same assets, increased throughput from those asseta and higher quality."

Safety and Alarm Management

Many batch and control system theorists believe that ISA-88 started a new trend toward a philosophy of safer control systems. This is somewhat different than having an emergency shut down (ESD) system or a safety instrumented system (SIS) that springs into action when the inherently unsafe control system sees an abnormal situation.

Dr. Peter Martin, vice president and fellow at Invensys Operations Management and author of Bottom Line Automation, says, "Traditionally, the service logic of a batch project was often added in as an afterthought, which diminished its effectiveness and increased its cost of implementation. I believe those who understand and utilize the ISA-88 standard and the concepts on which it's built are much more likely to design the service logic into the procedure from inception. This will potentially improve the safety of the operation."

Joe Shingara, vice president of marketing for NovaTech, a supplier of batch and procedure-controlled distributed control systems, mostly in the fine chemical and pharmaceuticals industries, says, "A more consistent and standardized approach to automation control strategy inherently results in safer plant operations. An empowered and informed operations staff, using consistent recipe development, scheduling and HMI, results in fewer mistakes and fewer abnormal situations. Furthermore, control systems that take full advantage of ISA-88 programming techniques do more work and can monitor and react to abnormal situations without operator intervention."

It's becoming clear that we may have been working on the wrong end of the problem all this time. Serious accidents, such as BP Texas City, Deepwater Horizon and the Hanshin-Awaji earthquake, keep happening, and nearly always one of the root causes identified in the post-mortem analysis is the set of errors made by plant operators, themselves confused, frightened or untrained.

"The operator will be in a state of panic immediately after an earthquake," says Wilkins. "Don't expect complex decisions." He adds that the same holds true for an abnormal situation in the process industries.

David Strobhar, director of the Center for Operator Performance notes, "The actual state of the system needs to be transparent for matching with the state the operator believes [emphasis added – ed.] the system to be in. Mismatches of this type have resulted in significant problems in aviation." In other words, operators need to be able to compare what's really happening in the system to what they think is happening.

Yet as an industry we have been working on alarms and alarm management techniques and technologies for decades, and we have imposed extensive shutdown and safety systems on plants. Clearly these are becoming understood to be band-aids on the real problem.

Wilkins points this out. "In times of abnormal operations, systems are configured to produce lots of data—humans are not configured to handle or interpret it."

Strohbar says, "Operators frequently take manual control due to the 'slowness' of the control system in an upset." Yet, as the data from Texas City and other accidents show, this often makes the situation worse.

The alarm handling can also make the situation worse. In the Deepwater Horizon accident, an alarm cascade so confused the operators on duty that they were paralyzed with indecision beyond the point of no return for the accident.

Abnormal Situations and the Continuous Process Control System

The start-stop nature of batch processing made it necessary for the ISA-88 standard to specify ways to include accurate descriptions of process states in the programming. Most continuous process systems are not designed with recipes and states in mind. This means that when abnormal conditions hit, the operators do not automatically know what to do or how to get the control system to a safe state and gracefully shut down the systems.

SIS or ESD systems are generally designed not to shut down the plant gracefully, but immediately. This can have far-reaching consequences, such as needing many weeks to recover from a single spurious trip. So alarms are often ignored, and sometimes the safety systems are bypassed.

Dr. John Lambshead, professor emeritus of evolutionary biology at London's Museum of Natural History, calls this phenomenon the "leopard in the grass" issue. "This is hardwired primate behavior, not just humans," he says. "The grass rustles, the leopard leaps, and all the primates that are left run. But after the grass rustles a few times with no leopard, things go back to normal until the leopard shows up to lunch again."

Wilkins points out, as in the cases of Texaco Milford Haven and BP Texas City, the inexperience of the operators in handling alarm floods contributed to the disaster, and sometimes it is averted only by sheer good luck. In the case of Qantas Fight 32, when in the midst of a flight from Singapore to Sydney in 2010 one of its engines self-destructed, the pilots were inundated with over 50 alarm messages, but could only display eight to ten messages at a time on their screens. By great good luck, the plane was carrying three experienced captains as well as first and second officers. It still took nearly an hour to prioritize and work through each of the messages—necessary steps to determine the status of the plane. When you add in the age of control systems and their process plants (typically plants in North America and Western Europe are 40 or so years old) and the as-builts that have not been updated since the plant was first brought online, the conditions plant operators face in similar situations are way worse than the one on Flight 32. As they are paging through the procedure manuals, trying to read all the sticky notes, they waste valuable time and do things that make the situation more dangerous, rather than less.

Operator Effectiveness

The Abnormal Situation Management Consortium, led by Honeywell and Strohbar's Center for Operator Performance, have been applying lessons from aerospace and military studies of operator effectiveness to the practices and procedures in the process industries.

We know that alarms need to be few and accurate and relevant. Chris Morse of Honeywell says, "Only the relevant alarms should be active at any state, which should significantly reduce the number of irrelevant alarms and let the true alarm conditions be discernable." He continues, "Often control strategies have been optimized to the most common operating state of processes and plans. The less common states are typically left up to manual intervention."

Training the New Workforce

Now add to the mix that the operators and technicians who have grown up with most plants are retiring, and new employees without the institutional knowledge of the more-experienced workers are replacing them.

Habibi says, "There is a significant shortage of experienced automation professionals at work today. Capturing, contextualizing and pushing plant-critical knowledge is key to sustainable safety and profitability of every plant."
Dave Emerson notes, "As older workers retire, there is a stress on engineering organizations. Using a standardized approach for automation engineering helps by letting younger engineers spin up faster, and allows them greater re-use of engineers' past products and techniques."

Wilkins warns, "These younger employees don't seem to want to put in the time to learn and become proficient."
It will take new methods of training to teach them the situational awareness their predecessors got over time. Wilkins continues, "Using different operating states for process equipment makes it easier to explain how it 'looks' in those states, how different alarms may or may not apply, and what moving from one state to another means in terms of different control actions."

Procedure-Controlled Automation

In the 1960s, some companies, particularly the Dow Chemical Co., pioneered the concept of state-based control strategies. Dow's Levi Leathers drove the company philosophy toward the development of safe states in the control system design, so that operators' difficulties in making correct decisions in the middle of a crisis were minimized. This philosophy underpinned the creation of ISA-88.

This concept has now come full circle and is being standardized by the ISA-106 Procedure-Controlled Automation standard. Shingara describes it. "State-based control facilitates a consistent and robust control strategy that
ensures that plant equipment operates efficiently and safely under all operating conditions. When standards are developed and systems are deployed consistently across an entire enterprise, operators have a clear understanding of how the equipment operates, are able to cross-train easily, and corporations reap the benefits for decades."

Shingara paints the future for procedure-controlled or state-based automation. "Fully automated, state-based control strategies are routinely used to schedule production allocate equipment, control plant devices, manage analog loops, dynamically adjust alarm parameters and detect abnormal situations. Using this strategy, operators focus more on running the entire plant and less on running individual pieces of equipment [or processes – ed.]. They have a better understanding of overall plant operation and are able to analyze KPIs related to efficiency, quality and profitability. Consequently, operators focus more on business-related KPIs, feel like they play a key and more important role in the company's success and are more easily trained."