- honeywell · ments, a tool known as the “swiss cheese” model of accident causation is...
TRANSCRIPT
www.controleng.com Siemen
s sca
labili
ty b
etwee
n contro
ller f
amili
es yi
elds
engin
eerin
g effic
iencie
s. See
page
21 fo
r deta
ils
www.controleng.com ● CONTROL ENGINEERING SEPTEMBER 2014 ● 5
8 Think Again Control Engineering 60 years and beyond
10 Apps for Engineers Conversion applications
12 Product Exclusive All-in-one control platform in a 15.6-in. HMI panel
14 Application Updates World’s tallest observation wheel
18 Technology Update Wireless tutorial: Antenna
basics, types
22 Anniversary Computers, better automation software, and open systems
25 Future of Engineering Impact of technology on industry, life
30 Future of Engineering 2020: Future automation
34 Technology Update New day for wireless control
38 International Intelligent plant upsurge
42 IT & Engineering Insight Developing good coding habits
departments
46 IMTS productivity roundup
47 Industrial Internet of Things
48 Better helmets; News headlines; correction
news
125 Engineering system design software; Rotary actuators for automation processes
125 Rackmount IO server; motorized test stands
126 Pneumatic series; Robotsfor processing large parts
products
Inside ProcessStarts after p. 108. If not, see www.controleng.com/archives for September.
P1 Next-generation � eldbus device couplers simplify chemical plant upgrade Petrochemical plant adds new physical-layer technology to its long-running � eldbus networks.
P10 Can luck cover for a lack of alarm management? Is it safe to run a plant without alarm management? An effective alarm manage-
ment program will let you run the plant harder while still remaining safe.
PRODUCT EXCLUSIVE
PRODUCTS
COVERING CONTROL, INSTRUMENTATION, AND AUTOMATION SYSTEMS WORLDWIDEOVERING CONTROL, ONTROL, ONTROL, INSTRUMENTATION, AND AUTOMATION ®
SEPTEMBER 2014
CONTROL ENGINEERING (ISSN 0010-8049, Vol. 61, No. 9, GST #123397457) is published 12x per year, Monthly by CFE Media, LLC, 1111 W. 22nd Street, Suite #250, Oak Brook, IL 60523. Jim Langhenry, Group Publisher /Co-Founder; Steve Rourke CEO/COO/Co-Founder. CONTROL ENGINEERING copyright 2014 by CFE Media, LLC. All rights reserved. CONTROL ENGINEERING is a registered trademark of CFE Media, LLC used under license. Periodicals postage paid at Oak Brook, IL 60523 and additional mailing offices. Circulation records are maintained at CFE Media, LLC, 1111 W. 22nd Street, Suite #250, Oak Brook, IL 60523. E-mail: [email protected]. Postmaster: send address changes to CONTROL ENGINEERING, 1111 W. 22nd Street, Suite #250, Oak Brook, IL 60523. Publications Mail Agreement No. 40685520. Return undeliverable Canadian addresses to: 1111 W. 22nd Street, Suite #250, Oak Brook, IL 60523. Email: [email protected]. Rates for nonqualified subscriptions, including all issues: USA, $150/yr; Canada/Mexico, $180/yr (includes 7% GST, GST#123397457); International air delivery $325/yr. Except for special issues where price changes are indicated, single copies are available for $30.00 US and $35.00 foreign. Please address all subscription mail to CONTROL ENGINEERING, 1111 W. 22nd Street, Suite #250, Oak Brook, IL 60523. Printed in the USA. CFE Media, LLC does not assume and hereby disclaims any liability to any person for any loss or damage caused by errors or omissions in the material contained herein, regardless of whether such errors result from negligence, accident or any other cause whatsoever.
44 International First in-line � owmeter with SAW-based technology
63 Machine Safety Crossing the yellow line
128 Back to Basics Neher-McGrath formula
APPLICATION UPDATE
P10 ● SEPTEMBER 2014 CONTROL ENGINEERING ● www.controleng.com
In the industrial world, process alarm sys-tems affect the bottom line. Well-function-ing alarms can help a process run closer to its ideal operating point, enabling high-er yields, lower production costs, and
improved quality, all of which add up to greater profits.
At many other facilities, however, there is no formal strategy for managing alarm perfor-mance. These sites are confident their alarm systems are in order and assets are fully protect-ed, yet they fail to recognize the potential for failures.
A lack of effective alarm management can result in billions of dollars lost every year to accidents, equipment damage, unplanned plant or unit outages, off-spec production, regulatory fines, and huge intangible costs related to envi-ronmental and safety infractions.
Today’s safety challengesEmployers, irrespective of the size or nature
of their business, have responsibility for the day-to-day health, safety, and welfare of employ-ees and visitors to the workplace. This duty of care is usually set out in the occupational health and safety (OH&S) legislation of the relevant country.
Companies, as well as individuals from the supervisor to CEO level, have been legally prosecuted for breaches in OH&S regulations.
Duty of care typically mandates that employ-ers in automated industries provide a suitable alarm system that gives adequate warning of impending abnormal situations to operators so they have time to take action to prevent upsets or incidents from occurring. Duty of care also includes the provision of an appropriate control system for manufacturing facilities.
In principle, the distributed control system (DCS) alarm system is a vital, productive tool for managing industrial processes, and it can be configured to identify and notify personnel of a wide variety of abnormal conditions in plant operation. Alarms provide a unique layer of pro-tection against scenarios impacting safety, the environment, or financial loss. They combine the flexibility and adaptability of the plant oper-ator with the power of technology. However, in practice, poor initial design and lack of effective alarm management often result in alarm systems that are not “fit for purpose.”
Why alarms deserve attentionAt many industrial facilities, alarm systems
do not receive the attention and resources they deserve. This is understandable, because alarm-ing appears to be a deceptively simple activity. Facilities often retain the alarm design philos-ophy developed by the engineering firm at the time of their original construction.
Justifying the cost of a comprehensive alarm management program can be a difficult task. Operations and engineering people realize alarm system performance is a serious issue, but may have trouble convincing senior level plant man-agement that the company should invest scarce resources in an advanced alarm technology.
Alarm management is one of those difficult areas where financial returns aren’t immediate-ly apparent. The return is realized when prop-erly designed alarms help the company avoid a production loss. It’s a concept often overlooked at the expense of other higher profile improve-ment programs. Why? Financial resources may
MaintenanceOperational Process Poor MOC Alarmmanagement
Incident
Figure 1: In alarm system assessments, the “Swiss Cheese” model is commonly used for risk analysis and management. Graphics courtesy: Honeywell
Can luck cover for a lack of alarm management?Is it safe to run a plant without alarm management? An effective alarm managementprogram will let you run the plant harder while still remaining safe.
Keyconcepts� An effective alarm man-agement program is criti-cal to a plant that operates safely and effectively.
� The fact that a specific plant or process unit has not had an accident in some period of time does not indicate an effective program.
� An effective program requires careful planning and ongoing evaluation following appropriate standards.
inside process
12 ● SEPTEMBER 2014 CONTROL ENGINEERING ● www.controleng.com
inside process
be limited. On paper, process optimization and performance monitoring yield a better finan-cial gain. There is also a common lack of under-standing of what alarm management is.
At complex processing plants, there are many potential reper-
cussions from disregarding alarm management. These
can range from process upsets (downtime/loss of production) and plant shutdowns to loss of con-
tainment and catastrophic failure.
Recent industrial disastersAbnormal situations cost industry billions
of dollars every year. A number of plant inci-dents partly attributed to alarm management issues have tragically resulted in injury and death of personnel and huge financial losses.
For example, during the 2005 explosion at BP’s Texas City, Texas, refin-ery, key level alarms failed to notify operators of the unsafe and abnormal condi-tions that existed within the tower and blowdown drum. The resulting explosion and fire killed 15 people and injured 170 more.
The tank overflow and resultant fire at the Bunce-field oil depot in the UK caused a £1 billion (1.6 bil-lion USD) loss. The incident could have been prevented if the tank’s high-level safety switch, per design, had notified the operator of the unsafe tank condition or had automatically shut off the incoming flow.
At the Bayer facility in Institute, W.V., improper procedures, worker fatigue, and lack of operator training on a new control system led to a residue treater overcharging with Metho-myl—resulting in an explosion and chemical release.
Applicable industry standardsSeveral institutions and societies have pro-
duced standards on alarm management to assist in the best practice use of alarms in industrial manufacturing systems. Among them are the UK-based Engineering Equipment and Materi-als Users Association (EEMUA), and the U.S.-based American National Standards Institute (ANSI), International Society of Automation
(ISA) and American Petroleum Institute (API).EEMUA Publication 191 (“Alarm Sys-
tems—A Guide to Design, Management, and Procurement”) was first released in 1999 and is acknowledged as the de facto industry standard for alarm management. (The second and third editions were released in 2007 and 2013.) This standard provides a detailed description of the tools and techniques for various aspects of alarm management (e.g., rationalization, risk assess-ments, and graphics design).
ISA and ANSI approved ANSI/ISA-18.2-2009 (“Management of Alarm Systems for the Process Industries”) in June 2009 to speci-fy an overall lifecycle approach to alarm man-agement. ISA-18.2 has many similarities to the Safety Instrumented System (SIS) standard IEC 61508/11.
Both of these publications have similar key performance indicators (KPIs) for alarm system performance. So how can process plants ensure
their compliance with the standards and avoid the like-lihood of alarm-related fail-ures or incidents?
Assessing potential risks
The first step in address-ing a lack of alarm manage-ment is to understand the relevant issues and acknowl-edge where problems exist. This requires a thorough assessment of alarm perfor-mance, which can help deter-mine alarm requirements to minimize risk potential.
In alarm system assess-ments, a tool known as the “Swiss Cheese” model of accident causation is commonly used for risk analysis and management. Originally developed by Dante Orlandella and James T. Reason of the University of Manchester, it is sometimes called the cumulative act effect.
With the Swiss Cheese model, an organiza-tion’s defenses against failure are modeled as a series of barriers, depicted as slices of cheese. The holes in the slices represent weaknesses in individual parts of the system and continually vary in size and position across the slices. The system produces failures when a hole in each slice momentarily aligns, so that a hazard pass-es through holes in all of the slices, leading to a failure (see Figure 1).
This model includes both active and latent failures. Active failures encompass unsafe acts directly linked to an accident, such as (in the
Figure 2: Alarm management should be a comprehen-sive process employing the concept of layers of protection.
‘There are many potential repercussions
from disregarding alarm management.
These can range from process upsets to loss of containment and
catastrophic failure.’
case of plant accidents) operator error. Latent failures include contributing factors that may lie dormant for days, weeks, or months until they contribute to the accident.
Here is an example of a true incident ana-lyzed with the Swiss Cheese risk model:
1. Plant operation is relatively unstable toward the end of a 12-hour shift (opera-tional factor).
2. Tank containing hot material reaches high-high level (process factor)
3. High-high level DCS pump interlock was disabled to replace an instrument, but had not been re-enabled (management of change factor)
4. Control room operators miss the alarm because they are overloaded and distract-ed by an alarm flood (alarm management factor)
5. Safety level switches in the safety integri-ty level (SIL) loop for tripping the incom-ing pump power supply have not been tested for over two years and fail to oper-ate (maintenance factor), and
6. Tank overflows with workers in close vicinity (incident result).
Keys to better performanceBased on real-world experience across many
process industries, it is obvious that the lack of an effective alarm management strategy has a direct negative impact on plant operations, per-formance, profitability, and safety.
Quite simply, some plants do not take alarm management seriously. It is not unusual for facilities to address the performance of process alarms and then forget about them. This is fool-hardy, since plant processes are dynamic and alarm conditions are constantly changing.
All too often, the ownership of an alarm management program resides with the control system department, and not with the opera-tions manager where it belongs. This is because alarms that are flooding or not annunciating correctly are typically viewed as a control or instrumentation problem.
Operations personnel need to realize the pro-cess control system belongs to them and how it functions is determined by their requirements. The DCS group can make required changes to the alarm system, but it must be driven by oper-ations. The alarm is a tool used by the operator; thus, it is in the operator’s best interest for this
inside process
‘ It is not unusual for facilities to address the performance of process alarms and then forget about them. This is foolhardy, since plant processes are dynamic and alarm conditions are constantly changing.’
WHY MONITOR POWER INSTEAD OF JUST AMPS?
NO LOAD NO LOAD
Power is Linear-Equal Sensitivity at Both Low and High Loads
No Sensitivity For Low Loads
FULL LOAD FULL LOAD
POW
ER
AM
PS
WWW.LOADCONTROLS.COMCALL NOW FOR YOUR FREE 30-DAY TRIAL 888-600-3247
PROTECT PUMPSDRY RUNNING • CAVITATION • BEARING FAILURE • OVERLOAD
MONITOR PUMP POWER• Best Sensitivity• Digital Display
TWO ADJUSTABLE SET POINTS• Relay Outputs• Adjustable Delay Timers
4-20 MILLIAMP ANALOG OUTPUT
COMPACT EASY MOUNTINGOnly 3.25" x 6.25" x 2"• Starter Door • Panel • Raceway • Wall
UNIQUE RANGE FINDER SENSOR• Works on Wide-range of Motors• Simplifi es Installation
PUMP POWER
PUMPING
VALVE CLOSING
VALVE OPENING NO FLUID
input #66 at www.controleng.com/information
tool to function correctly and meet the opera-tor’s specifications.
Alarm management is a comprehensive pro-cess by which alarms are engineered, moni-tored, and managed to ensure safe, reliable operations. At the heart of this process is the concept of layers of protection, which provides
independent layers of protection around hazard-ous processes to reduce the risk of undesired consequences such as fire, toxic releases, and so on. Alarms are considered to be a layer of pro-tection (LOP) and are often used in SIL analysis (see Figure 2).
Education is the best remedy for improving—
Figure 3: Some automation system suppliers conduct workshops at customer sites to help make alarm management efforts more fruitful.
3D DESIGN SOFTWARE & DESIGN SERVICESDownload our free WELS 3D software that lets you design, visualize and cost
your ideal control room solution. Or contact us for free design services.
GET IT AT: WINSTED.COM/WELS
FREE
WEB: winsted.com • EMAIL: [email protected] • TEL: 800.447.2257 • FAX: 800.421.3839
From single control room consoles to the largest integrated command centers, only Winsted has more fl exible solutions for you to meet your exact requirements for function, style and cost. Select the confi guration, design and features you want in modular, modifi ed or full custom console environments. WITH WINSTED YOU’RE IN CONTROL.
Choose from 6 modular platforms built to order, or design your custom consoles
CONTROL ROOM CONSOLES THAT PUT YOU IN CONTROL
Versatile Slat-Wall Accessory Mounting
Multiple Work Surface Options and Styles
Curved, Corner or Linear, Multi-Bay Confi gurations
Articulated Tilt/Pivot Monitor Versatility
Dozens of Accessories, Hundreds of Confi gurations,
Unlimited Possibilities
Multiple Depths and Confi gurations
PC/Device/Instrument Security with Swing-Out Authorized Accessibility
Standard Modular, Modifi ed or Full Custom Console Solutions
Monitor Mounts to 63-inch, Up to Full Video Walls 19-Inch Rack
Mount Solutions
3 Monitor MountPost Heights
Integrated Power and Data
Accessible Cable Management Solutions
End Panel Color, Material and Graphics Options
input #67 at www.controleng.com/information
inside process
For more information, visit:www.honeywellprocess.comwww.isa.orgRead more about alarm management at www.controleng.com/archivesImplementing alarm management per the ANSI/ISA-18.2 standard, Sept. 2013A rational approach to alarm rationalization, Apr. 2012
Go Online
and maintaining—alarm system perfor-mance. Personnel across all areas of plant operation, including control room opera-tors, field operators, process engineers, and instrument technicians, should be instructed in proper alarm management and then buy into the program. This is a proactive approach to alarms.
Some automation system suppli-ers conduct workshops at customer sites to help make alarm management efforts more fruitful. This training can begin with a general orientation for all plant stakeholders, followed by specif-ic instruction according to job function using approved alarm philosophy docu-
ments. The workshop is a valuable tool for help-ing workers understand how they are expected to engineer, manage, and maintain their alarm system (see Figure 3).
Confusion increases riskAlarm management is imperative to assess-
ing, improving, and optimizing process alarms, thereby increasing the effectiveness of the plant. Without an effective alarm program in place,
nuisance alarms, alarm floods, and improperly prioritized alarms can lead to operator confu-sion, and thus increase the risk of accidents.
However, it is important to remember that alarm management is not a one-time project; it is a redesign/reengineering and a lifecycle process. All new alarms are designed on how they fit into the process and the benefit they give the oper-ator. Therefore, the performance of the alarm system is continuously being improved and opti-mized. ce
- Tyron Vardy is an alarm management con-sultant for Honeywell Process Solutions.
‘ Without effective management, nuisance alarms, alarm floods, and improperly prioritized alarms can lead to operator confusion, and increase the risk of accidents.’
Presenting the NTM Series:• 20 Models in Plastic or Metal Housing
• Nuclear, Military and Industrial Grades
• Loop, Signal or Externally Powered
• Input Failure Alarm and Isolated Serial I/O
• Only 10-80mW Power Required
• Auto Tri-Color Bargraph
• 1 to 4 Channels
• Relays / Analog Output / Ethernet
• Lifetime Warranty
To learn more about OTEK’s NTM Series, please visit: www.otekcorp.com or call (520)748-7900
Model: NTM-96 x 1.74”
Model: NTM-34” ANSI Switchboard
input #68 at www.controleng.com/information