Industrial human-machine interface (HMI) has been a lively topic of discussion and development for decades. The Abnormal Situation Management (ASM) style started in the 1990s with the ASM Consortium. ASM style evolved, and the best-practice HMI gained a series of names, including different spellings of “high“ performance, etc. Many names were trademarked by different parties, including ASM style.
The ANSI/ISA-101.01, Human Machine Interfaces for Process Automation Systems standard was published in 2015. Its most significant contributions were the introduction of a lifecycle to manage the entire HMI, and a common set of terms and definitions for HMI components.
As standards and guidelines developed, technology evolved and open systems platforms matured, enabling HMI capabilities to become quite advanced. Research into presentation formats, color selection and interaction methods led to a common set of concepts for best-practice HMI presentation, performance and interaction. However, methods to determine the content of an entire HMI or even one screen are not as defined in industrial settings. In my experience, some of the best methods to define and refine requirements for HMIs include using questionnaires and interviews, Level 1 and 2 workshops, storyboarding, and more advanced methods.
Four HMI levels
ANSI/ISA-101.01 discusses different navigation methods and display styles. For the examples below, it's assumed that a hierarchical navigation design will be used and that most displays will be Level 1, 2, 3 or 4. For this discussion, the following general definitions of levels apply:
- Level 1 displays are overviews for monitoring span of control;
- Level 2 displays are operating displays for major areas of the span of control;
- Level 3 displays are detailed displays used for general troubleshooting; and
- Level 4 displays are auxiliary displays used for focused troubleshooting or intermittent task support.
What are HMI requirements?
Defining an HMI's requirements may seem straightforward. A well-designed HMI philosophy and style guide will set the presentation formats and interaction methods. However, how the objects on the screen behave is only the first step in an effective HMI. Other key concepts include: scope of each display, navigation hierarchy and methods, support for all modes of operation, online or offline help, links to procedures, and requirements related to user roles and account privileges.
Consider a simple demineralized (demin) water tank with a set of three pumps, auto-started on pressure control, with a recycle loop (Figure 1). Its HMI needs seem likely to be rudimentary—it's just a water tank. The tank instruments and regulatory controls need to be displayed. The device controls for the pumps must be available. What else could there be?
Using questionnaires and interviews
Using questionnaires to get the operations team thinking about the HMI can be a useful first step, though generally it's not the only interaction required to define requirements. The most effective use of the questionnaire is in combination with face-to-face interviews or workshops with a representative set of users. The pre-work related to the questionnaire will help guide the discussion or workshop.
The same process can be used to derive requirements for existing or new process operations. For existing displays, the questionnaire can target displays in use. For a new process, past experience with similar processes, process and instrumentation drawings (P&ID), and process flow diagrams (PFD) can be used as source documents.
Some of the questionnaire will be focused on the overall process and the entire HMI, while other sections will focus on key operating displays and key performance indicators (KPIs) for the process. Key topics for questionnaires include:
- What parts of the process are operated together, and when are multiple displays used together (and result in constantly swapping back and forth between displays)?
- Are there different modes of operation that require different monitoring and controls?
- Are there special HMI needs related to loss of utilities, such as instrument air, power, steam, etc.?
- Could additional pieces of information be shown?
- Would on-demand access to additional information speed operations team response?
- For existing facilities, what's the worst day related to the proposed display?
- For new facilities, what's the most severe process risk related to the proposed display scope?
Key results from the questionnaire process include setting the scope of the displays and identifying additional content for the displays. Major modes of operation and significant areas of impact related to loss of utilities may also be identified.
Display scope: Displays often roughly match the boundaries of existing P&ID drawings, but P&IDs weren't drawn with operability or safety in mind, so they're unlikely to have the correct scope. Over time, other salient information was likely added, though often not in the best location or context. Defining the best scope of a display is critical managing the underlying process. The interview focuses on how the process is operated.
The first observation may be that the simple water tank by itself is not a good scope for a major operating display. In this scenario, the tank is part of an integrated demin water system. It's the main storage for the demin water and supplies the rest of the facility. If the tank level and the distribution pressure are not in alarm, the operations team isn't terribly interested in the tank by itself. As such, key information from the tank must be shown on related displays that are monitored continuously. This identifies that the example display may exist as a Level 3 detail display, or that it needs to be combined with other portions of the process into a Level 2 display.
Display content: Discussion of prior upsets may indicate that operations of the three common pumps isn't clear. Depending on user demand, only one or two of the pumps remain in operation.
Further discussion may indicate that cost of operation often exceeds budget, commonly when a pump auto-starts and then stays online when not needed. Adding an alert and/or advice on the display when this condition is detected will help the operations team manage the budget. If the cost concern is significant, an alarm may be configured; in Figure 1, a “high recycle” advice is shown. This could alternately be sent to an operator alert or message system.
Observation also noted that tank level has an interlock to an incoming block valve, so that detail is also added to the display. It's also likely that the tank would be blanketed with nitrogen and vented on high pressure. This blanketing may or may not be instrumented, depending on design.
A storyboard is a graphic organizer that uses either labels or images arranged in sequence for the purpose of pre-visualizing an overall system. The storyboarding process was developed at Walt Disney Productions during the early 1930s.
The storyboarding workshop applies this general Disney concept by organizing graphics into a visual structure using existing display images, new P&IDs or PFDs, a whiteboard, or a wall with Post-it notes. The operations team reviews the scope of each existing display and/or identifies the scope of new displays on new engineering drawings.
As the storyboarding team reviews the structure, focused questions are used to prompt storytelling (another reason to call it storyboarding). For example, how the process is run, what past upsets have been (or what the biggest risks are for new processes), what the interactions are between parts of the process, or what the impact of utilities loss is expected to be.
Display scope: As the displays get organized, they're divided into main operating areas (Level 2) and details in that area (Level 3 and 4). The focus of storyboarding isn't detailed content, but rather main groupings for Level 2, main types of Level 3 and 4, and interactions.
Navigation hierarchy: During general discussions on operations, details will emerge from past experience and/or from safety studies. After storyboarding, a navigation hierarchy will be developed.
Display content: Discussion of upsets may highlight analyzers and lab values required to certify quality of the water. In more regulated systems, ongoing certification of quality may be critical to downstream demin water users. Online analyzers are likely to be shown, but adding lab values from a local unit lab and/or the official central lab certification point may not have been considered. This identifies new content for the Level 3 display and items to be considered for Level 2.
Further discussion may identify users that must be isolated from the system when online analyzer or lab certification fails. This may result in adding more data to the displays, and perhaps identify the need for links to emergency operations procedures. If this isolation isn't an automated shutdown, display changes may be pivotal in avoiding losses related to contamination of users.
Figure 2 adds the isolation valve and interlock on conductivity for pharmaceutical users. The online analyzer isn't local to the tank, so it wasn't originally shown. The isolation valve is managed by the pharma unit, but is shown on the display for reference in the demin area.
Demin tank unit and main lab readings are also added to the display. The overall tank status, noted here as “certified,” is also shown. This information may be made available only on demand if there are no routine contamination issues.
Level 1 and 2 workshop
For existing systems, an HMI improvement project may only add new Level 1 and Level 2 displays as a first phase. Some of this workshop content is similar to the storyboarding workshop, which both focus on setting the scope for each Level 2 display.
During a Level 1 and Level 2 workshop, a review of three to six months of alarm and event data for an existing process will uncover areas of focus for the Level 1 and Level 2 displays. This effort may also uncover process or control design deficiencies that require an unexpected and often overlooked level of interaction. Review of output and setpoint changes will identify key controls for inclusion at Level 2.
Operating modes: It's critical to understand that, even in a continuous process, there are different modes of operation when support for maintenance, upset and shutdown conditions are included. For batch and discrete operations, modes of “normal” operation are routinely changed. Every HMI system should support the operations team during all normal and abnormal operating conditions. Abnormal considerations include critical utilities impacts, upstream and downstream effects, maintenance and shutdown/start-up impacts. Any of these may impact display scope.
For demin production, there are modes of operation impacting the tank and its status. Demin water processes generally have anion and cation resin beds and degasification steps that produce purified water. The resin beds periodically go through a regeneration step (often once or more per day). While in regeneration, the product tank level will drop and regain level once water production resumes. The tank level is important during regeneration to ensure continuity of water supply.
When in regeneration, however, the actual display for the demin area may not be focused on the storage tank and may need additional details on the regeneration. As such, it may be more effective to put the general information from the demin system on an overview and customize the operating displays to the mode of operation in the demin area. During normal online operation, a steady drop of tank level is cause for concern and should be supported by highlighting the direction and pace of the change. However, highlighting this during regeneration or offline operation may not be important unless the level is forecast to drop below acceptable levels.
The routine variability in the level makes selecting a single “normal” value impossible. However, assisting the operations team across all modes of operation is warranted. Developing different “normal” operating limits is justified only when the possible consequences are large and nuisance alerts are likely.
Figure 2 also shows the direction of level change (blue arrow), a simple mass balance shape by the tank level (small balance showing higher input). The second image shows the mass balance with a yellow tooltip detailing supply and demand and hours to tank reaching capacity. The lab information can also be hidden and available as a popup from the info area near the “certified" status on the tank.
During Level 2 discussions, mode-based displays may be recommended to focus attention on normal and regeneration modes of operation. Combining key elements from multiple Level 3 displays can create a very effective Level 2. Adjusting displays to reflect different modes of operation must be executed carefully to ensure the operations team maintains situational awareness of any developing issues on inactive process areas. For sequential operation areas, awareness of program status can be important. During regeneration, the current phase and step of the program, the status of any holds and forecast time to completion are important to the operations team.
Display scope: Depending on the span of control, it's recommended that Level 1 include all indicators with Priority 1 alarms (highest alarm priority), and Level 2 include tags with Priority 1 or 2 alarms (two highest alarm priorities). This may not be feasible. At minimum, alarm groups or other aggregation methods should provide situational awareness and navigation links to Level 3 displays with developing or escalating alarms.
Display content: Perhaps the hardest part of developing best-in-class Level 1 displays is to identify KPIs and calculations that reflect overall area performance. When the operations team is responsible for budget performance, it can be very effective to "dollarize" these KPIs and compare them to budget expectations. This enables real-time cost control. Obviously, safety is the most critical aspect of operations, so these KPIs musn't clutter or obscure more important information. It can be effective to mask this type of information if the area's unacknowledged alarm count is high.
Discussion of KPI performance may show cost of operation exceeds budget. Therefore, dollarizing the cost of operation and adding alarms, alerts or messages to significant deviations may be worth considering for the Level 1 display.
When researching methods for requirements definition, more advanced methods are commonly referenced. It's important to understand these methods are likely warranted for use with complex tasks, infrequent tasks, or complex controls and applications. Commonly cited methods include:
- Hierarchical task analysis (HTA) is one of the most routinely referenced techniques. In simple terms, an overall task is decomposed into steps. A cursory step is further refined only when a potential benefit is seen. The downside is many tasks don't require special HMI support. In many ways, discussing modes of operation and review of alarms and events can also identify areas of focus and need for HMI support.
- Review of existing emergency operating procedures may highlight added, useful information for a display. Loss of demin tank level procedures may include a shedding plan where some users could be supplied with lower-quality water. Providing online forecasting tools to show the effect of shedding may be an effective support tool. The decision to provide this may depend on frequency of expected use. Location of the tool could be on the operating displays or on the business LAN using historian data.
- Timeline analysis (TA) arranges steps on a timeline. This can be effective for time-sensitive tasks or those with complex interactions. This analysis can identify areas where multiple displays are required. If the task is complex or done infrequently, this analysis can be effective in the design process. If the task’s duration is important, this analysis may indicate the need to alert operations to deviations.
- Link analysis (LA) demonstrates the frequency of linkage between tasks. It's useful for streamlining tasks and identifying how often a user has to navigate from one display to another. Perhaps the most effective use of this analysis in HMI design is for existing displays where the navigation is recorded and unknown interdependencies are revealed.
- Other more advanced techniques to consider include cognitive work analysis and ecological analysis.
|Questionnaires & interviews||
|Level 1 & 2 workshops||
Ask the right questions
Ultimately, designing the best HMI requires designers to find the correct knowledge base to use. For existing processes, this is the operations team (including support personnel). For new processes, this is the design team (including operations and maintenance). Once the correct knowledge base is identified, the right questions must be asked to define and refine requirements. This may require multiple methods. The effort and level of detail should be driven by overall risk and benefit potential.