Professional Documents
Culture Documents
2
Alarm Management Standard
York Region
Alarm Management Program
Training Outline
• Review of Alarm System
• What is ISA-18.2
• Overview of 18.2
• Alarm Life Cycle
• break
• lunch
• break
Introduction to ISA18.2 3
Alarm Management Training
Alarm System Review
Introduction to ISA18.2 4
Alarm Management Training
Review: The Alarm System
Hardwired
PACs Alarm Dialers
alarms
Operating Processes
Introduction to ISA18.2 5
Alarm Management Training
Common Alarm Problems
• Too many alarms
• TOO MANY ALARMS
• Nuisance alarms
• Alarms about conditions operator already knows about
• Alarms that do not require an operator response
• Alarms being routed to the wrong person
Introduction to ISA18.2 6
Alarm Management Training
Introduction to ISA18.2 7
Alarm Management Training
Introduction to ISA18.2 8
Alarm Management Training
Common Alarm Problems – cont’d
• “Too many alarms”
– Alarms that serve no purpose
– Nuisance alarms
– Chattering & fleeting alarms
– Stale alarms
– Alarms with no response
– Alarms with the wrong priority
– Redundant alarms
– Alarm floods
Introduction to ISA18.2 9
Alarm Management Training
We also don’t want to miss important alarms
Introduction to ISA18.2 10
Alarm Management Training
Common Alarm Problems – cont’d
• Hard to track/control changes to alarm setpoints
• Hard to track/control unauthorized disabling of alarms
• Operators spending too much time dealing with alarms, rather than using
their time to ensure plants run efficiently
Introduction to ISA18.2 11
Alarm Management Training
What is the ISA 18.2 Standard?
Introduction to ISA18.2 12
Alarm Management Training
What is ISA 18.2?
• Alarm Management Standard
by the ISA – International Society of Automation
• Released in June 2009
• Currently being adopted as IEC 62682
• Consists of:
– Core Standard: 80 pages
– Seven Technical Reports: 3 published + 4 coming
Introduction to ISA18.2 13
Alarm Management Training
18.2 “Standards Family”
• The standard
– ANSI/ISA-ISA18.2-2009 – Alarm Management for the Process Industries
• Technical Reports
– ISA-TR18.2.1 – Alarm Philosophy
– ISA-TR18.2.2 – Alarm Identification and Rationalization
– ISA-TR18.2.3 – Basic Alarm Design
– ISA-TR18.2.4-2012 – Enhanced and Advanced Alarm Methods
– ISA-TR18.2.5-2012 – Alarm System Monitoring, Assessment and Auditing
– ISA-TR18.2.6-2012 – Alarm System for Batch and Discrete Processes
– ISA-TR18.2.7 – Alarm Management for Packaged Systems
Introduction to ISA18.2 14
Alarm Management Training
ISA 18.2 in a Nutshell
• Set of work processes for managing the alarm system
• Alarm system is meant to be used by Operators
• Central coordinating document is used: Alarm Philosophy
Introduction to ISA18.2 15
Alarm Management Training
The 18.2 Work Processes
Introduction to ISA18.2 16
Alarm Management Training
Where is 18.2 being used
• Oil & Gas Plants
• Refineries
• Offshore Oil Platforms
• Pipelines
• Chemical Plants
• Pulp & Paper
• Mines & Mine Processing
• Pharmaceutical Plants
• Power Plants
• Water & Wastewater Facilities
Introduction to ISA18.2 18
Alarm Management Training
Motivations behind 18.2
ANSI/ISA-18.2-2009,
Management of Alarm Systems for the Process Industries
Alarm: An audible and/or visible means of indicating to the operator an
equipment malfunction, process deviation or abnormal condition requiring a
response.
Typical example of
results of 18.2 being
implemented
(showing before/after)
Introduction to ISA18.2 19
Alarm Management Training
19
Major Features of ISA 18.2
Introduction to ISA18.2 20
Alarm Management Training
Major 18.2 Features
• Alarm Philosophy Document
• Operator-centric definition of an alarm
• Master Alarm Database (MADB)
• Alarm Shelving
• Ability to take alarms out of service for maintenance
Introduction to ISA18.2 21
Alarm Management Training
Major 18.2 Features – cont’d
• Improved HMI Alarm Display techniques
• Management of Change
• Using Master Alarm Database to track changes
Introduction to ISA18.2 22
Alarm Management Training
Alarm Lifecycle
Introduction to ISA18.2 23
Alarm Management Training
The 18.2 Work Processes
Introduction to ISA18.2 24
Alarm Management Training
Alarm Philosophy
• Main Document which defines the Alarm Management Program
• Organization specific, written based on 18.2 & stakeholder input
Introduction to ISA18.2 25
Alarm Management Training
Identification
• Identifies alarms to be brought under alarm management
• Gather information from existing alarm logs
• New Sites
– Get preliminary list of alarms from process designer
– Get input from stakeholders (operations, maint., etc.) on possible alarms
• Existing Sites
– Get list of all existing configured alarms & settings
– Get copy of alarm log for X months
• Identify low hanging fruit – Bad Actor Analysis
• Calculate overall statistics on performance
Introduction to ISA18.2 26
Alarm Management Training
Rationalization
• Evaluate draft alarms in the “Master Alarm Database”
• Alarm Entries are reviewed one at a time to ensure they meet the
“alarm criteria” in AP to be an alarm. If not, they are deleted.
Introduction to ISA18.2 28
Alarm Management Training
Implementation
• Program the actual alarms into the SCADA System
• Combination PAC and HMI programming – use Region
standards
Introduction to ISA18.2 29
Alarm Management Training
Operation
• Operators are trained on how to use the alarm system
– Control Room Operators
– Field Operators
– On-Call operators that receive alarm dialer call-outs
Introduction to ISA18.2 30
Alarm Management Training
Maintenance
• Formal Procedures
– Record Keeping
• Alarm Shelving
– Equipment “not in use”
– Calibration of Instruments
– Equipment down for maintenance
– Shelving alarms arising from a known problem
Introduction to ISA18.2 31
Alarm Management Training
Management of Change
Any changes to alarms must be tracked, evaluated and documented
Examples of changes:
• Addition of new alarms
• Removal of existing alarms
• Modification to alarm settings
– Setpoints
– Deadband
– On-Delay/Off-delay
– When alarm is programmatically enabled/disabled
– Any automated alarm actions (interlocks, triggers, etc.)
• The Alarm Philosophy will define what is measured and how often
Common Metrics
• Percent alarms rationalized (initially will just be pilot sites)
• Average number of alarms per 10 minutes
• Max number of alarms per 10 minutes each day
• Percent of time system is in “flood” (e.g. 10+ per 10 min)
• Alarm priority distribution (percentages)
• Number/percent of shelved alarms and average duration
• Number/percent of Out of Service Alarms
• List and count of most frequent alarms
• Etc.
Introduction to ISA18.2 33
Alarm Management Training
Audit
• Audit of reality vs. what is written in alarm philosophy
• Review of records/logs to see that work processes are being carried out
Introduction to ISA18.2 34
Alarm Management Training
BREAK
Introduction to ISA18.2 35
Alarm Management Training
Post Break Review
• ISA 18.2 is an international standard for Alarm Management
• Operators have ability to “shelve alarms” for maintenance and/or known issues
• Periodic Monitoring and Assessment of Alarm System
• Alarm Setpoints
• Additional Alarm Attributes: ON-Delay, OFF-Delay, Deadband
• Designed Alarm Suppression
Re-Alarm
B
Process RTN UnackAlarm
Alarm Clears Process: Alarm
Alm: Alarm
Operator
Ack: Unack
Acks Alarm C Operator
Operator
or
Resets
Auto Ack
AckAlarm Acks Alarm
Alarm Process: Alarm
Alm: Alarm
Ack: Ack
Process
Alarm RTN
Occurs
Process RTN
D Alarm Clears
RTN Unack
Process Process: OK
RTN Alm: OK
Ack: Unack
F
Latch Ack Operator E
Process: OK Resets Latch Unack
Alm: Alarm Alarm Process: OK
Ack: Ack Alm: Alarm
Ack: Unack
Operator
Acks Alarm
H I
G
Suppressed Out Of
Shelved
Process: N/A By Design Service
Process: N/A Process: N/A
Alm: N/A
Introduction to ISA18.2 Alm: N/A
Alm: N/A 38
Alarm Management Training
18.2 Definition of an Alarm
• Old Definition
“Alarm calls attention to an abnormal condition”
• Simplified:
“Notification of an abnormal condition to an operator requiring an
immediate response”
Introduction to ISA18.2 40
Alarm Management Training
18.2 Definition of Alarm: Response
• An alarm is an interruption to the operator
– If don’t do that something quickly, the situation will get worse (there
is a defined consequence)
Introduction to ISA18.2 41
Alarm Management Training
18.2 Definitions: Alarm Consequence
• Alarm notifies the operator so they do something to avoid a
consequence.
Introduction to ISA18.2 42
Alarm Management Training
18.2 Definitions: Alarm Timeline
• How long does operator have to respond?
• How soon will the defined consequence occur?
Introduction to ISA18.2 43
Alarm Management Training
18.2 Definitions: Operator Notification
• 18.2 was originally written based on an operator being a
“control board operator”
– 24/7 staffing of a control room by an operator who is in charge
– Operator continually monitors the process via the HMI
– They receive alarms via the HMI and/or an annunciator panel
• Visual & auditory notifications, which interrupt them
CAUTION:
• As per 18.2, the operator is expected to keep situational
awareness of processes as part of their normal duties
• Operators are expected to keep an eye on process screens
regularly to “keep tabs” on what is going on
• Large “overview” screens on the HMI make this easier
• The alarm system should never be used give situational
awareness
Introduction to ISA18.2 45
Alarm Management Training
18.2 Definition of Alarm: Threshold 2
• Thresholds are defined in the Alarm Philosophy (more later)
** for operator notifying other personnel about something that does not require
immediate attention, there are often better ways of doing this than using an alarm
Introduction to ISA18.2 46
Alarm Management Training
18.2 Definition of Alarm: Threshold 3
• Alarm responses need to have a time limit to them:
– How long does the operator have to make their response?
– How long can they delay?
– Is it better if they react quicker?
Introduction to ISA18.2 47
Alarm Management Training
18.2 Master Alarm Database
• Central Location to document details for every alarm
– Typically an “Excel Spreadsheet” or “Access Database”
– Specialized software can also be used
– Note: This is separate from the actual SCADA programming.
Introduction to ISA18.2 48
Alarm Management Training
18.2 Management of Change
• Formal procedures are used to manage changes to the alarm
system
Introduction to ISA18.2 49
Alarm Management Training
18.2 Management of Change 2
• Example of procedures used in one plant for permanent alarm
changes:
• Formal MOC – a full review by the appropriate people or departments, full documentation
and formal classroom training for operations and maintenance department personnel are
required.
• Informal MOC – documentation requirements are the same as for a formal MOC. There
may be a smaller number of reviewers and the training may be face to face.
• Change log – the change is entered into the operations log. If the alarm is restored to its
original state, that change is also entered into the log.
• Change Log – a log book is used to log any changes to the alarm
system that have been made, in addition to updating MADB
Introduction to ISA18.2 50
Alarm Management Training
18.2 Management of Change 3
• Example of a formal/informal MOC determination:
Introduction to ISA18.2 51
Alarm Management Training
18.2 Alarm Priorities
• In the alarm system all alarms are assigned “priorities”
• When multiple alarms come in, priorities help the operator decide
which alarms to address first
Introduction to ISA18.2 53
Alarm Management Training
18.2 Alarm Classes
• Not to be confused with alarm priorities
• These are logical groupings of alarms based on what they are for
and/or the type of alarm
Introduction to ISA18.2 54
Alarm Management Training
18.2 Highly Managed Alarms
• This is a special class of alarms, which additional administrative
requirements are used
• Reserved for alarms that have significant environmental, safety or
compliance consequences associated with them
• Examples:
– Low Chlorine Residual in a Drinking Water Distribution System (MOE limit)
– UV Disinfection Unit Failure
– CSO Tank High High Level that could lead to CSO Overflow
Introduction to ISA18.2 55
Alarm Management Training
18.2 Highly Managed Alarms 2
• Typical additional requirements for HMAs:
– Restrictions on Alarm Shelving
– Additional data logging, security, access control and/or paperwork
for Alarm Shelving
– Additional procedures for taking HMA out of service for maintenance
– Additional staff training requirements
– Increased HMA testing requirements and test documentation – initial
and periodic
– Increased Auditing requirements, including type and frequency
Introduction to ISA18.2 56
Alarm Management Training
18.2 Alarm Routing
• Alarms are grouped into “alarm areas” so that the alarms get
routed to the right operator
– Can also be used to route “maintenance” notifications to
maintenance personnel
• “Alarm areas” are also used for sorting alarms on the HMI, in the
historian, and for alarm statistics
Introduction to ISA18.2 57
Alarm Management Training
18.2 Alarm Setpoints
• As part of the Alarm Rationalization / Alarm Design work process,
alarm setpoints are calculated for every alarm
Introduction to ISA18.2 58
Alarm Management Training
18.2 Other Alarm Attributes
• In 18.2 alarms can have several attributes in addition to Setpoint
• ON-DELAY in seconds
– How long the alarm condition has to be true before the alarm is triggered
– Make sure condition has been “bad for long enough” for it to matter
– Helps prevent unnecessary nuisance alarms
• OFF-DELAY in seconds
• How long the alarm condition has to be false before alarm returns to normal
• Helps prevent nuisance alarms that keep triggering over and over again
• DEADBAND in percent
– For an analog alarm, provides hysteresis so alarm won’t chatter on/off
– Example: High alarm of 8m on a signal of 0-10m with 1% deadband:
• Alarm ON: rises above 8 m
• Alarm OFF: drops below 7.9 m
Introduction to ISA18.2 59
Alarm Management Training
18.2 Other Alarm Attributes 2
• Commonly used deadbands and ON-Delays
Introduction to ISA18.2 60
Alarm Management Training
18.2 Alarm Setpoint Enforcement
• Some industries will use automated means to enforce setpoints
– Scripts that “copy over” proper setpoints once per day
– Hard-coded setpoints that cannot be changed
Introduction to ISA18.2 61
Alarm Management Training
18.2 Designed Suppression
• Designed Suppression is when logic on the PAC is used to
prevent alarms from happening under specific conditions
• Example 1
• On a pump with a flow meter on its discharge
• The “low flow” alarm that uses the flow meter signal will be
programmed so that it is not active when the pump is off
• Example 2
• On a packaged bar screen system when the “equipment online” signal
from the vendor panel is not active, process alarms from the bar
screen’s vendor control system are automatically disabled in SCADA
Introduction to ISA18.2 62
Alarm Management Training
18.2 Alarm Shelving
• This is a new feature in 18.2
• Benefits
– Prevents nuisance alarms from known problems
• Equipment Out of Service
• Instrument taking offline for Calibration
• Known broken equipment
• Ability to take problem alarm Out-of-Service, until alarm can be fixed
– Operator knows which alarms have been disabled by looking
at the “Shelved Alarm List” on the HMI
Introduction to ISA18.2 63
Alarm Management Training
18.2 Alarm Out-of-Service
• This is a new feature in 18.2
Introduction to ISA18.2 64
Alarm Management Training
18.2 HMI Display of Alarms
• Recommends alarms be displayed on the HMI several ways
Introduction to ISA18.2 65
Alarm Management Training
18.2 HMI Alarm Log Example
Introduction to ISA18.2 66
Alarm Management Training
18.2 HMI Alarm Status Example
S
480.1 psi 480.1 psi
No alarm Suppressed alarm
in effect condition
H M L D
480.1 psi 480.1 psi 480.1 psi 480.1 psi
High Priority Medium Priority Low Priority Diagnostic
Priority
• When alarm are active they are displayed on the HMI in an “alarm
log” screen
– Sometimes two alarm log screens are used – one for high priority alarms and
the other for regular alarms
Introduction to ISA18.2 68
Alarm Management Training
18.2 Alarm System Performance
• The alarm system is regularly monitored for how well it is
performing
Introduction to ISA18.2 69
Alarm Management Training
18.2 Sample KPI targets
Introduction to ISA18.2 70
Alarm Management Training
BREAK FOR LUNCH
Introduction to ISA18.2 71
Alarm Management Training
Post Break Review
• ISA 18.2 is an international standard for Alarm Management
• Alarms are prioritized, classified and routed to help the right operator get them
• Alarms should only interrupt the operator for them to make immediate response
• Situational awareness should come from monitoring the process, not alarms
• Alarm records are kept, and alarm system performance is regularly measured
Introduction to ISA18.2 72
Alarm Management Training
Part 3: “Alarm Philosophy” Outline
• Review of the Purpose of Alarm Philosophy
• Alarm Philosophy Contents
• Alarm Definition
• Documentation Requirements
• Identification & Rationalization
• Design
• Implementation
• Operations & Maintenance
• Performance Monitoring
• Audit
Introduction to ISA18.2 73
Alarm Management Training
Alarm Philosophy
• Cornerstone of the Alarm Management Program
Introduction to ISA18.2 74
Alarm Management Training
Typical Contents
• Statement of Purpose
• Roles & Responsibilities
• Definition of an Alarm
• Terminology
Introduction to ISA18.2 76
Alarm Management Training
Define: Definition of Alarm
• Document the alarm definition being used
• E.g., “Notification of an abnormal condition to the operator that requires
an immediate response”
Introduction to ISA18.2 77
Alarm Management Training
Define: Roles & Responsibilities
• Define who does what!
Introduction to ISA18.2 78
Alarm Management Training
Define: Terminology
• People use words differently
• The Alarm Philosophy must define any alarming related terms
that the Region will be using to avoid confusion
Introduction to ISA18.2 79
Alarm Management Training
Define: Identification
• Existing Sites
– Get list of all configured alarms
– Get copy of alarm logs for previous X months
– Method for collecting feedback from Operators, Maint., etc. who use that site
– List of out what stats to gather from alarm log data
– Define how to the stats should be used
• New Sites
– What groups of people need to be consulted to generate preliminary lists of
alarms
– Standard lists of alarms that should be considered for typical site types
– What format the alarm list should be generated in (spreadsheet template)
Introduction to ISA18.2 80
Alarm Management Training
Define: Documentation
Introduction to ISA18.2 82
Alarm Management Training
Define: Design Techniques
• It is important to design what standard alarm designs are going to
be used. E.g. for a “high level alarm” this is how it works,
Introduction to ISA18.2 84
Alarm Management Training
Define: Implementation
• Define procedures for what workflow is to be used when alarms
are to be programmed into the SCADA system, how they are
checked, tested and deployed
• Done in collaboration with existing Region SCADA Standards
Introduction to ISA18.2 87
Alarm Management Training
Define: Training Requirements
• Who needs training and when?
– Operators
– Control Room Operators
– Maintenance
– PCS Group
Introduction to ISA18.2 88
Alarm Management Training
Define: Measuring Performance
• What metrics (KPIs)
are tracked
• Written targets
for each metric
Introduction to ISA18.2 89
Alarm Management Training
Define: Management of Change
• Define Management of Change Procedures
• How changes are tracked
• Paperwork/forms if required
• How the Master Alarm Database is kept up to date
• Procedures for New Sites
• Procedures for upgrading Existing Sites
Introduction to ISA18.2 90
Alarm Management Training
Define: Audit
• Reviews the managerial and work practices associated with the
alarm system
• Review of Procedures vs. Actual Practice
• Typically only done once per year
Introduction to ISA18.2 91
Alarm Management Training
Define: Control System Details
• Appendices to Alarm Philosophy
Introduction to ISA18.2 92
Alarm Management Training
BREAK
Introduction to ISA18.2 93
Alarm Management Training
Post Break Review
• ISA 18.2 is an international standard for Alarm Management
• Alarms are prioritized, classified and routed to help the right operator get them
• Alarms should only interrupt the operator for them to make immediate response
• Situational awareness should come from monitoring the process, not alarms
• Alarm records are kept, and alarm system performance is regularly measured
Introduction to ISA18.2 94
Alarm Management Training
Part 4: “Using the Alarm Philosophy” Outline
• Identification Workflow
– Get List of Existing Alarms
– Gather Alarm Logs
– Analyze the Logs to look for trends and stats
• Bad Actor Analysis
– Populating the Master Alarm Database
• Rationalization Workflow
– Starting List of Alarms
– Gathering Reference Materials
– Team Composition
– Outcomes of Rationalization
Introduction to ISA18.2 96
Alarm Management Training
Alarm Rationalization Workflow
• Start with the completed MADB List from Identification
• Assemble reference documents:
– Site Floor Plan, P&IDs, Process Narratives, SOPs, Design Briefs, etc.
• Assemble the team to rationalize the alarms
– Reps from: Operations, Management, Maintenance, PCS Group, Compliance,
Engineering, Process, Team Leader
– Facilitator to help process
Introduction to ISA18.2 98
Alarm Management Training
18.2 Work Processes Review
Introduction to ISA18.2 99
Alarm Management Training
18.2 Benefits Summary
• Cuts down the number of alarms to a manageable/more-useful level, so
that operations can focus running sites effectively
• Ensures that all active alarms are documented, and their configuration
and reason for existing has been reviewed and recorded
Typical example of
results of 18.2 being
implemented
(showing before/after)