Eliminate "False" Alarms
According to the Engineering Equipment and Materials Users’ Association (EEMUA), "The purpose of an alarm system is to direct the operator’s attention towards plant conditions requiring timely assessment or action."
This basic message provides plant owners and designers with the first principle of alarm development: Alarms should not exist for something that does not require operator action.
If a signal needs to be collected historically, or if a signal has some diagnostic value but does not satisfy the litmus test of requiring operator action, then it may be treated as a "journal event" or an "alert." In turn, in order for a signal to be an alert, it should be capable of being ignored without negative repercussions to the equipment, system, or plant operation.
Alarm suppression should be evaluated as an addendum to prudent alarm system design rather than a means of keeping alarms that may not meet the original alarm design principles. The five following levels of suppression are described in EEMUA 191.
Redundant Alarm Suppression. This level may be applied when several input/output (I/O) points are used for a single status. This situation may occur in safety instrumented systems, protection systems, and the like.
If this situation occurs, the alarm state for the redundant I/O should be designed appropriately to reduce the number of alarms and to retain the integrity of the system logic design intentions. For example, if a burner management system has redundant inputs for tripping (two out of three energize to trip), then an alarm associated with that condition should be conditioned so that it is only active when two out of the three inputs are active.
Eclipsing Logic. This level may be added to the alarm system to address situations in which several alarm points are generated from one process measurement. An example of this situation would be a vessel level. If the high-high level is reached in a vessel, then it is obvious that the high level has also been passed. Therefore, in this case, the alarm system should be designed so that the high level is masked by the actuation of the high-high level alarm.
Out-of-Service Conditions. This problem at either the equipment, system, or plant level can often create alarms that are unnecessary. Hence, the alarm system should be designed to include masking conditions addressing an out-of-service state. An example of a condition requiring out-of-service suppression would be low-flow monitoring on a pump (or a set of pumps). When the pump (or set of pumps) is not running, the alarm for low-flow condition should be masked.
Operating Mode Alarm Suppression. This level is somewhat similar to the out-of-service suppression but is addressed separately. Operating mode alarm suppression can be applied so that particular alarms associated with a mode of operation are enabled or masked according to the real-time operating conditions of the plant, system, or equipment. Some recommended operating modes that may be used for suppression include start-up, shutdown, steady state operation, plant maintenance, or load change (such as increase, decrease, or runback).
Because some operating states may overlap, great care should be taken to fully analyze how the operating state suppression logic is formulated.
Major Event Alarm Suppression. This level may be applied to help reduce alarm floods during periods of time in which alarm traffic may be drastically increased. For example, during a plant trip condition, several actions should be automatically taken to ensure that failsafe operation is achieved (such as master fuel trip relay tripped, combustion air removed, and forced draft retained at the National Fire Protection Association’s prescribed levels).
Given all of this activity, it is possible to experience an alarm flood. Therefore, it is useful and possible to design suppression logic that, based upon operational state, would essentially evaluate the inverted alarm conditions. For example, in the case of a coal-fired plant trip, it may be most useful for the operator to know what fuel path equipment is still in operation, which is the direct opposite of what would be of interest during normal operation. This form of suppression would likely take the most effort to implement.
By eliminating all false alarms, and suppressing unnecessary alarms, plant operators will be able to focus on priority and critical alarms in a more effective and efficient manner.
Email
Comments
Print
Reuse
