www.controleng.com Siemen

s sca

labili

ty b

etwee

n contro

ller f

amili

es yi

elds

engin

eerin

g effic

iencie

s. See

page

21 fo

r deta

ils

www.controleng.com ● CONTROL ENGINEERING SEPTEMBER 2014 ● 5

8 Think Again Control Engineering 60 years and beyond

10 Apps for Engineers Conversion applications

12 Product Exclusive All-in-one control platform in a 15.6-in. HMI panel

14 Application Updates World’s tallest observation wheel

18 Technology Update Wireless tutorial: Antenna

basics, types

22 Anniversary Computers, better automation software, and open systems

25 Future of Engineering Impact of technology on industry, life

30 Future of Engineering 2020: Future automation

34 Technology Update New day for wireless control

38 International Intelligent plant upsurge

42 IT & Engineering Insight Developing good coding habits

departments

46 IMTS productivity roundup

47 Industrial Internet of Things

48 Better helmets; News headlines; correction

news

125 Engineering system design software; Rotary actuators for automation processes

125 Rackmount IO server; motorized test stands

126 Pneumatic series; Robotsfor processing large parts

products

Inside ProcessStarts after p. 108. If not, see www.controleng.com/archives for September.

P1 Next-generation � eldbus device couplers simplify chemical plant upgrade Petrochemical plant adds new physical-layer technology to its long-running � eldbus networks.

P10 Can luck cover for a lack of alarm management? Is it safe to run a plant without alarm management? An effective alarm manage-

ment program will let you run the plant harder while still remaining safe.

PRODUCT EXCLUSIVE

PRODUCTS

COVERING CONTROL, INSTRUMENTATION, AND AUTOMATION SYSTEMS WORLDWIDEOVERING CONTROL, ONTROL, ONTROL, INSTRUMENTATION, AND AUTOMATION ®

SEPTEMBER 2014

CONTROL ENGINEERING (ISSN 0010-8049, Vol. 61, No. 9, GST #123397457) is published 12x per year, Monthly by CFE Media, LLC, 1111 W. 22nd Street, Suite #250, Oak Brook, IL 60523. Jim Langhenry, Group Publisher /Co-Founder; Steve Rourke CEO/COO/Co-Founder. CONTROL ENGINEERING copyright 2014 by CFE Media, LLC. All rights reserved. CONTROL ENGINEERING is a registered trademark of CFE Media, LLC used under license. Periodicals postage paid at Oak Brook, IL 60523 and additional mailing offices. Circulation records are maintained at CFE Media, LLC, 1111 W. 22nd Street, Suite #250, Oak Brook, IL 60523. E-mail: customerservice@cfemedia.com. Postmaster: send address changes to CONTROL ENGINEERING, 1111 W. 22nd Street, Suite #250, Oak Brook, IL 60523. Publications Mail Agreement No. 40685520. Return undeliverable Canadian addresses to: 1111 W. 22nd Street, Suite #250, Oak Brook, IL 60523. Email: customerservice@cfemedia.com. Rates for nonqualified subscriptions, including all issues: USA, $150/yr; Canada/Mexico, $180/yr (includes 7% GST, GST#123397457); International air delivery $325/yr. Except for special issues where price changes are indicated, single copies are available for $30.00 US and $35.00 foreign. Please address all subscription mail to CONTROL ENGINEERING, 1111 W. 22nd Street, Suite #250, Oak Brook, IL 60523. Printed in the USA. CFE Media, LLC does not assume and hereby disclaims any liability to any person for any loss or damage caused by errors or omissions in the material contained herein, regardless of whether such errors result from negligence, accident or any other cause whatsoever.

44 International First in-line � owmeter with SAW-based technology

63 Machine Safety Crossing the yellow line

128 Back to Basics Neher-McGrath formula

APPLICATION UPDATE

P10 ● SEPTEMBER 2014 CONTROL ENGINEERING ● www.controleng.com

In the industrial world, process alarm sys-tems affect the bottom line. Well-function-ing alarms can help a process run closer to its ideal operating point, enabling high-er yields, lower production costs, and

improved quality, all of which add up to greater profits.

At many other facilities, however, there is no formal strategy for managing alarm perfor-mance. These sites are confident their alarm systems are in order and assets are fully protect-ed, yet they fail to recognize the potential for failures.

A lack of effective alarm management can result in billions of dollars lost every year to accidents, equipment damage, unplanned plant or unit outages, off-spec production, regulatory fines, and huge intangible costs related to envi-ronmental and safety infractions.

Today’s safety challengesEmployers, irrespective of the size or nature

of their business, have responsibility for the day-to-day health, safety, and welfare of employ-ees and visitors to the workplace. This duty of care is usually set out in the occupational health and safety (OH&S) legislation of the relevant country.

Companies, as well as individuals from the supervisor to CEO level, have been legally prosecuted for breaches in OH&S regulations.

Duty of care typically mandates that employ-ers in automated industries provide a suitable alarm system that gives adequate warning of impending abnormal situations to operators so they have time to take action to prevent upsets or incidents from occurring. Duty of care also includes the provision of an appropriate control system for manufacturing facilities.

In principle, the distributed control system (DCS) alarm system is a vital, productive tool for managing industrial processes, and it can be configured to identify and notify personnel of a wide variety of abnormal conditions in plant operation. Alarms provide a unique layer of pro-tection against scenarios impacting safety, the environment, or financial loss. They combine the flexibility and adaptability of the plant oper-ator with the power of technology. However, in practice, poor initial design and lack of effective alarm management often result in alarm systems that are not “fit for purpose.”

Why alarms deserve attentionAt many industrial facilities, alarm systems

do not receive the attention and resources they deserve. This is understandable, because alarm-ing appears to be a deceptively simple activity. Facilities often retain the alarm design philos-ophy developed by the engineering firm at the time of their original construction.

Justifying the cost of a comprehensive alarm management program can be a difficult task. Operations and engineering people realize alarm system performance is a serious issue, but may have trouble convincing senior level plant man-agement that the company should invest scarce resources in an advanced alarm technology.

Alarm management is one of those difficult areas where financial returns aren’t immediate-ly apparent. The return is realized when prop-erly designed alarms help the company avoid a production loss. It’s a concept often overlooked at the expense of other higher profile improve-ment programs. Why? Financial resources may

MaintenanceOperational Process Poor MOC Alarmmanagement

Incident

Figure 1: In alarm system assessments, the “Swiss Cheese” model is commonly used for risk analysis and management. Graphics courtesy: Honeywell

Can luck cover for a lack of alarm management?Is it safe to run a plant without alarm management? An effective alarm managementprogram will let you run the plant harder while still remaining safe.

Keyconcepts� An effective alarm man-agement program is criti-cal to a plant that operates safely and effectively.

� The fact that a specific plant or process unit has not had an accident in some period of time does not indicate an effective program.

� An effective program requires careful planning and ongoing evaluation following appropriate standards.

inside process

12 ● SEPTEMBER 2014 CONTROL ENGINEERING ● www.controleng.com

inside process

be limited. On paper, process optimization and performance monitoring yield a better finan-cial gain. There is also a common lack of under-standing of what alarm management is.

At complex processing plants, there are many potential reper-

cussions from disregarding alarm management. These

can range from process upsets (downtime/loss of production) and plant shutdowns to loss of con-

tainment and catastrophic failure.

Recent industrial disastersAbnormal situations cost industry billions

of dollars every year. A number of plant inci-dents partly attributed to alarm management issues have tragically resulted in injury and death of personnel and huge financial losses.

For example, during the 2005 explosion at BP’s Texas City, Texas, refin-ery, key level alarms failed to notify operators of the unsafe and abnormal condi-tions that existed within the tower and blowdown drum. The resulting explosion and fire killed 15 people and injured 170 more.

The tank overflow and resultant fire at the Bunce-field oil depot in the UK caused a £1 billion (1.6 bil-lion USD) loss. The incident could have been prevented if the tank’s high-level safety switch, per design, had notified the operator of the unsafe tank condition or had automatically shut off the incoming flow.

At the Bayer facility in Institute, W.V., improper procedures, worker fatigue, and lack of operator training on a new control system led to a residue treater overcharging with Metho-myl—resulting in an explosion and chemical release.

Applicable industry standardsSeveral institutions and societies have pro-

duced standards on alarm management to assist in the best practice use of alarms in industrial manufacturing systems. Among them are the UK-based Engineering Equipment and Materi-als Users Association (EEMUA), and the U.S.-based American National Standards Institute (ANSI), International Society of Automation

(ISA) and American Petroleum Institute (API).EEMUA Publication 191 (“Alarm Sys-

tems—A Guide to Design, Management, and Procurement”) was first released in 1999 and is acknowledged as the de facto industry standard for alarm management. (The second and third editions were released in 2007 and 2013.) This standard provides a detailed description of the tools and techniques for various aspects of alarm management (e.g., rationalization, risk assess-ments, and graphics design).

ISA and ANSI approved ANSI/ISA-18.2-2009 (“Management of Alarm Systems for the Process Industries”) in June 2009 to speci-fy an overall lifecycle approach to alarm man-agement. ISA-18.2 has many similarities to the Safety Instrumented System (SIS) standard IEC 61508/11.

Both of these publications have similar key performance indicators (KPIs) for alarm system performance. So how can process plants ensure

their compliance with the standards and avoid the like-lihood of alarm-related fail-ures or incidents?

Assessing potential risks

The first step in address-ing a lack of alarm manage-ment is to understand the relevant issues and acknowl-edge where problems exist. This requires a thorough assessment of alarm perfor-mance, which can help deter-mine alarm requirements to minimize risk potential.

In alarm system assess-ments, a tool known as the “Swiss Cheese” model of accident causation is commonly used for risk analysis and management. Originally developed by Dante Orlandella and James T. Reason of the University of Manchester, it is sometimes called the cumulative act effect.

With the Swiss Cheese model, an organiza-tion’s defenses against failure are modeled as a series of barriers, depicted as slices of cheese. The holes in the slices represent weaknesses in individual parts of the system and continually vary in size and position across the slices. The system produces failures when a hole in each slice momentarily aligns, so that a hazard pass-es through holes in all of the slices, leading to a failure (see Figure 1).

This model includes both active and latent failures. Active failures encompass unsafe acts directly linked to an accident, such as (in the

Figure 2: Alarm management should be a comprehen-sive process employing the concept of layers of protection.

‘There are many potential repercussions

from disregarding alarm management.

These can range from process upsets to loss of containment and

catastrophic failure.’

case of plant accidents) operator error. Latent failures include contributing factors that may lie dormant for days, weeks, or months until they contribute to the accident.

Here is an example of a true incident ana-lyzed with the Swiss Cheese risk model:

1. Plant operation is relatively unstable toward the end of a 12-hour shift (opera-tional factor).

2. Tank containing hot material reaches high-high level (process factor)

3. High-high level DCS pump interlock was disabled to replace an instrument, but had not been re-enabled (management of change factor)

4. Control room operators miss the alarm because they are overloaded and distract-ed by an alarm flood (alarm management factor)

5. Safety level switches in the safety integri-ty level (SIL) loop for tripping the incom-ing pump power supply have not been tested for over two years and fail to oper-ate (maintenance factor), and

6. Tank overflows with workers in close vicinity (incident result).

Keys to better performanceBased on real-world experience across many

process industries, it is obvious that the lack of an effective alarm management strategy has a direct negative impact on plant operations, per-formance, profitability, and safety.

Quite simply, some plants do not take alarm management seriously. It is not unusual for facilities to address the performance of process alarms and then forget about them. This is fool-hardy, since plant processes are dynamic and alarm conditions are constantly changing.

All too often, the ownership of an alarm management program resides with the control system department, and not with the opera-tions manager where it belongs. This is because alarms that are flooding or not annunciating correctly are typically viewed as a control or instrumentation problem.

Operations personnel need to realize the pro-cess control system belongs to them and how it functions is determined by their requirements. The DCS group can make required changes to the alarm system, but it must be driven by oper-ations. The alarm is a tool used by the operator; thus, it is in the operator’s best interest for this

inside process

‘ It is not unusual for facilities to address the performance of process alarms and then forget about them. This is foolhardy, since plant processes are dynamic and alarm conditions are constantly changing.’

WHY MONITOR POWER INSTEAD OF JUST AMPS?

NO LOAD NO LOAD

Power is Linear-Equal Sensitivity at Both Low and High Loads

No Sensitivity For Low Loads

FULL LOAD FULL LOAD

POW

ER

AM

PS

WWW.LOADCONTROLS.COMCALL NOW FOR YOUR FREE 30-DAY TRIAL 888-600-3247

PROTECT PUMPSDRY RUNNING • CAVITATION • BEARING FAILURE • OVERLOAD

MONITOR PUMP POWER• Best Sensitivity• Digital Display

TWO ADJUSTABLE SET POINTS• Relay Outputs• Adjustable Delay Timers

4-20 MILLIAMP ANALOG OUTPUT

COMPACT EASY MOUNTINGOnly 3.25" x 6.25" x 2"• Starter Door • Panel • Raceway • Wall

UNIQUE RANGE FINDER SENSOR• Works on Wide-range of Motors• Simplifi es Installation

PUMP POWER

PUMPING

VALVE CLOSING

VALVE OPENING NO FLUID

input #66 at www.controleng.com/information

tool to function correctly and meet the opera-tor’s specifications.

Alarm management is a comprehensive pro-cess by which alarms are engineered, moni-tored, and managed to ensure safe, reliable operations. At the heart of this process is the concept of layers of protection, which provides

independent layers of protection around hazard-ous processes to reduce the risk of undesired consequences such as fire, toxic releases, and so on. Alarms are considered to be a layer of pro-tection (LOP) and are often used in SIL analysis (see Figure 2).

Education is the best remedy for improving—

Figure 3: Some automation system suppliers conduct workshops at customer sites to help make alarm management efforts more fruitful.

3D DESIGN SOFTWARE & DESIGN SERVICESDownload our free WELS 3D software that lets you design, visualize and cost

your ideal control room solution. Or contact us for free design services.

GET IT AT: WINSTED.COM/WELS

FREE

WEB: winsted.com • EMAIL: info@winsted.com • TEL: 800.447.2257 • FAX: 800.421.3839

From single control room consoles to the largest integrated command centers, only Winsted has more fl exible solutions for you to meet your exact requirements for function, style and cost. Select the confi guration, design and features you want in modular, modifi ed or full custom console environments. WITH WINSTED YOU’RE IN CONTROL.

Choose from 6 modular platforms built to order, or design your custom consoles

CONTROL ROOM CONSOLES THAT PUT YOU IN CONTROL

Versatile Slat-Wall Accessory Mounting

Multiple Work Surface Options and Styles

Curved, Corner or Linear, Multi-Bay Confi gurations

Articulated Tilt/Pivot Monitor Versatility

Dozens of Accessories, Hundreds of Confi gurations,

Unlimited Possibilities

Multiple Depths and Confi gurations

PC/Device/Instrument Security with Swing-Out Authorized Accessibility

Standard Modular, Modifi ed or Full Custom Console Solutions

Monitor Mounts to 63-inch, Up to Full Video Walls 19-Inch Rack

Mount Solutions

3 Monitor MountPost Heights

Integrated Power and Data

Accessible Cable Management Solutions

End Panel Color, Material and Graphics Options

input #67 at www.controleng.com/information

inside process

For more information, visit:www.honeywellprocess.comwww.isa.orgRead more about alarm management at www.controleng.com/archivesImplementing alarm management per the ANSI/ISA-18.2 standard, Sept. 2013A rational approach to alarm rationalization, Apr. 2012

Go Online

and maintaining—alarm system perfor-mance. Personnel across all areas of plant operation, including control room opera-tors, field operators, process engineers, and instrument technicians, should be instructed in proper alarm management and then buy into the program. This is a proactive approach to alarms.

Some automation system suppli-ers conduct workshops at customer sites to help make alarm management efforts more fruitful. This training can begin with a general orientation for all plant stakeholders, followed by specif-ic instruction according to job function using approved alarm philosophy docu-

ments. The workshop is a valuable tool for help-ing workers understand how they are expected to engineer, manage, and maintain their alarm system (see Figure 3).

Confusion increases riskAlarm management is imperative to assess-

ing, improving, and optimizing process alarms, thereby increasing the effectiveness of the plant. Without an effective alarm program in place,

nuisance alarms, alarm floods, and improperly prioritized alarms can lead to operator confu-sion, and thus increase the risk of accidents.

However, it is important to remember that alarm management is not a one-time project; it is a redesign/reengineering and a lifecycle process. All new alarms are designed on how they fit into the process and the benefit they give the oper-ator. Therefore, the performance of the alarm system is continuously being improved and opti-mized. ce

- Tyron Vardy is an alarm management con-sultant for Honeywell Process Solutions.

‘ Without effective management, nuisance alarms, alarm floods, and improperly prioritized alarms can lead to operator confusion, and increase the risk of accidents.’

Presenting the NTM Series:• 20 Models in Plastic or Metal Housing

• Nuclear, Military and Industrial Grades

• Loop, Signal or Externally Powered

• Input Failure Alarm and Isolated Serial I/O

• Only 10-80mW Power Required

• Auto Tri-Color Bargraph

• 1 to 4 Channels

• Relays / Analog Output / Ethernet

• Lifetime Warranty

To learn more about OTEK’s NTM Series, please visit: www.otekcorp.com or call (520)748-7900

Model: NTM-96 x 1.74”

Model: NTM-34” ANSI Switchboard

input #68 at www.controleng.com/information