Safety: An ALARMING Concept - WEATftp.weat.org/Presentations/2018Safety.pdf · 2018. 3. 27. · THE...
Transcript of Safety: An ALARMING Concept - WEATftp.weat.org/Presentations/2018Safety.pdf · 2018. 3. 27. · THE...
Water Environment Association of Texas
Safety: An ALARMING Concept
“SITUATIONAL AWARENESS IN THE CONTROL ROOM”Rob Brooks – VP of Operations, User Centered Design Services
PanelistKevin Patel, PE – Vice President, Signature Automation
WEAT Safety & Security Committee Member and Webinar HostPhilip Gaberdiel, PE – EMA Inc.
Go to www.weat.org/cybersecuritywebinar.shtmlto view the webinar, presentation slides, multi-site user sign in sheets, and webinar questions for CEU credit.
Safety: An ALARMING ConceptSituational Awareness in the Control Room• BACKGROUND• ALARM MANAGEMENT• HIGH PERFORMANCE GRAPHICS• CONSOLE DESIGN
www.mycontrolroom.com
ANSI/ISA-18.2-2016Management of Alarm Systems for the Process Industries
STANDARDS
ANSI/ISA-101.01-2015, Human Machine Interfaces for Process Automation Systems
All ANSI/ISA text cited in this presentation is underlined.
BACKGROUND
www.mycontrolroom.com
The relationship between the operator’s perception of the plant’s condition and it’s actual condition at any time.
SITUATIONAL AWARENESS
DEFINITIONS
www.mycontrolroom.com
HUMAN ERROR
Analysis of Industrial Accidents have concluded that ‘human error’ is the determining factor in 70-80% of the cases. Rasmussen
Occurrences
20% EquipmentFailure
80 % Human Error
Human Factors
70% LatentOrganizationWeakness
30%Individual
Department of Energy StandardHUMAN PERFORMANCE IMPROVEMENT HANDBOOK
“Events are not so much the result of error-prone workers as they are the outcome of error-prone tasks and error-prone work environments, which are controlled by the organization.”
ALARM MANAGEMENT
www.mycontrolroom.com
audible and/or visible means of indicating to the operator an equipment malfunction, process deviation, or abnormal condition requiring a timely response.
ALARM
DEFINITIONS
www.mycontrolroom.com
Alarm management lifecycle
ISA 18.2
Rationalization
www.mycontrolroom.com
RATIONALIZATION
ISA-18.2009 stated, “In order to maximize the functionality of the alarm system it is important that the operator receive only those alarms that are meaningful and actionable. Ensuring that an alarm is actionable is done through alarm rationalization”.
www.mycontrolroom.com
Alarm Text / Description Alarm type (HI, DEV, LO, STATE) Class (i.e. Highly Managed) Alarm set point or logical condition Initiating Cause Verification (Other measurements, field operator) Operator Action Consequence of inaction or incorrect action Priority (Risk Matrix)
TYPICAL INFORMATION CAPTURED DURING RATIONALIZATION
RATIONALIZATION
www.mycontrolroom.com
Documentation & Training Maintenance & Testing Suppression MOC
alarm belonging to a class with additional requirements above general alarms
RATIONALIZATION: HIGHLY MANAGED (25 X)
Jeff Skiles
www.mycontrolroom.com
Alarm Text / Description Alarm type (HI, DEV, LO, STATE) Class (i.e. Highly Managed) Alarm set point or logical condition Initiating Cause Verification (Other measurements, field operator) Operator Action Consequence of inaction or incorrect action Priority (Risk Matrix)
TYPICAL INFORMATION CAPTURED DURING RATIONALIZATION
RATIONALIZATION
www.mycontrolroom.com
Alarm Text / Description Alarm type (HI, DEV, LO, STATE) Class (i.e. Highly Managed) Alarm set point or logical condition Initiating Cause Verification (Other measurements, field operator) Operator Action Consequence of inaction or incorrect action Priority (Risk Matrix)
TYPICAL INFORMATION CAPTURED DURING RATIONALIZATION
RATIONALIZATION
www.mycontrolroom.com
RATIONALIZATION: PRIORITY DETERMINATION
Unmitigated Consequence (No operator action)Area None Minor Major Severe
Safety None Minor / First
Aide
One or more
severe injuries
Fatality or
permanently
disabling injury
Environmental None Non-Reportable
Release
Agency
reportable/
permit violation
Serious release
with offsite
impact
Financial None Equipment or
production loss
<$ 50K
Equipment or
production loss
<$50K to $500K
Equipment or
production loss
> $500K
Time to Respond
Non-Urgent15 to 30 minutes
No Alarm Low Low Medium
Prompt5 to 15 minutes
No Alarm Low Medium High
Immediate5 < minutes
No Alarm Medium High High
www.mycontrolroom.com
RATIONALIZATION: PRIORITY TARGETS
ALARM PRIORITY ALARMS CONFIGURED
HIGH 5%
MEDIUM 15%
LOW 80%
Monitoring and Assessment
www.mycontrolroom.com
Monitoringthe measurement and reporting of quantitative (objective) aspects of alarm system performance.
Assessmentcomparison of information from monitoring and additional qualitative (subjective) measurements, against stated goals and defined performance metrics
Monitoring & Assessment
Definitions
www.mycontrolroom.com
MONITORING: METRICS
www.mycontrolroom.com
ON AVERAGE HOW MANY ITEMS CAN BE STORED?
MONITORING: SHORT TERM MEMORY
ON AVERAGE THE DURATION OF SHORT TERM MEMORY?
7
15 to 30 seconds
Storage is very fragile and information can be lost with distraction
www.mycontrolroom.com
HUMAN ERROR?
“In the last 11 minutes before the explosion the two operators had to recognize, acknowledge and act on 275 alarms”
HIGH PERFORMANCE GRAPHICS
www.mycontrolroom.com
The role of the HMI is to transform data into information
and put that information into context.
Color or lack there of
www.mycontrolroom.com
The Background should be an unsaturated color or neutral color (e.g. light gray)…. the use of backgrounds colors that may cause excessive contrast (e.g. black) should be avoided
DISPLAY BACKGROUND
– Neutral means without color.
– Saturation is the intensity of a hue from gray tone (no saturation) to pure, vivid color (high saturation).
www.mycontrolroom.com
DISPLAY BACKGROUND
Excessive Contrast = Eye Strain Eye Strain = FatigueFatigue = Loss of Situational Awareness
www.mycontrolroom.com
Distinctiveness, prominence, obviousness, or conspicuousness …
Definition
Salience
As the process deviates from expectations, the HMI should provide … appropriate salience for the situation.
Situational Awareness
www.mycontrolroom.com
Salience
www.mycontrolroom.com
www.mycontrolroom.com
HMI Structure
www.mycontrolroom.com
LEVELS
www.mycontrolroom.com
Display Hierarchy
Level 1 – Operation OverviewLevel 2 – Unit Overview Level 3 - DetailsLevel 4 - Diagnostic
www.mycontrolroom.com
World War II– Army Air Corps / Forces
Wright Field in Dayton Ohio
HISTORY: Human Factors Engineering
BACKGROUND: OPERATIONAL OVERVIEW
Do you know your operators Sacred Six?
www.mycontrolroom.com
Display Hierarchy
Level 1 – Operation OverviewLevel 2 – Unit Overview Level 3 - DetailsLevel 4 - Diagnostic
HMI Components
www.mycontrolroom.com
ANALOG VALUES
Sickbay medical readout, from the classic 1960’s Star Trek:
Is the guy in the red shirt dead yet ?
www.mycontrolroom.com
STEPHANIE GUERLAIN
CAT BLOODWORK EXAMPLE
www.mycontrolroom.com
Is Buttercup
sick?
Good or bad?
Example: My cat’s blood work results…
www.mycontrolroom.com
and now?
www.mycontrolroom.com
and now?
www.mycontrolroom.com
Analog Values
www.mycontrolroom.com
It is important to consider thresholds and upper limits of the users' sensory systems while also considering common sensory system deficiencies (e.g., color blindness, hearing loss, vision impairment)
Color Blindness
www.mycontrolroom.com
Color Blindness
Traffic Signs
www.mycontrolroom.com
Alarm Indicators
Alarm Priority Icons
LMHCAcknowledgedUnacknowledged
The alarm priority icon is a graphical means to quickly identify alarm priority and status.
Shape, text designation, and color identify the the
alarms priority and its status is unacknowledged
When acknowledged only the priority text
designation remains. Shape and color are gone
C MHL
Triple Coding
www.mycontrolroom.com
Generally non-schematic layout for Level 1 & 2Limited use of colorColor use is consistGray backgrounds to minimize glareEmbedded trends where appropriateAnalog representation of important measurementsA hierarchy of displaysLow-contrast depictions, no 3DConsistent navigation Flow left to right top to bottom
Characteristics
HMI Design
www.mycontrolroom.com
• What information is needed when critical alarms activate
• What information is needed to be able to undertake each task step?
• What is the best way of presenting information to the operator?
• How should this information be organized?
• How should the information be controlled/input?
CADET
CRITICAL ACTION AND DECISION EVALUATION TECHNIQUE
www.mycontrolroom.com
MEETING
ULTIMATEGOAL
ACTIVATION
DEFINE TASKSIDENTIFY
INTERPRET
EVALUATE
AMBIGUITY
TASK
ALERT PROCEDURE
SYSTEMSTATE
GOALSTATE
SET OFOBSERVATIONS
EXECUTE
OBSERVE FORMULATE TASK
Rasmussen Ladder Diagram
Console Design
What do I want from my console operator?
www.mycontrolroom.com
THE GOOD
CONSOLE SPECIFICATIONThe good, the bad and the ugly
• Sit-stand design
• Large screen displays
• Ergonomic design
• ISO 11064 compliant
• Directional speakers
• Individual environmental control
www.mycontrolroom.com
THE BAD
CONSOLE SPECIFICATIONThe good, the bad and the ugly
• Dual-tier design leads to neck
stress
• Ergonomically unfriendly
• No usable space
www.mycontrolroom.com
THE UGLY
CONSOLE SPECIFICATIONThe good, the bad and the ugly
• ‘Makeshift’ design
• Operator contortion
• Poor situation awareness
• Sitting is the new
‘Smoking’
www.mycontrolroom.com
NEW DESIGNS ARE
ERGONOMIC-FRIENDLY
CONSOLE SPECIFICATIONErgonomics
• Room for operator
training
• Heightened situation
awareness
• Effective communication
www.mycontrolroom.com
CONSIDER THE
MASSES
CONSOLE SPECIFICATIONAnthropometrics
• Users come in unique
body sizes
• 95th to 5th percentile
• Adjustability is a must
Water Environment Association of Texas
CE Questions
• What does alarm management have to do with high performance HMI? – The alarm and graphical system work together to
provide the operator with situation awareness. In order to gain the benefit from High Performance Graphics a robust Alarm System is required.
• When designing a control room, what are the most important things to consider?– The ergonomics of your operators. A well
designed ergonomic control room will keep your operator focus where it belongs on your process.
Water Environment Association of Texas
Panel Discussion
Go to
www.weat.org/cybersecuritywebinar.shtml to view the webinar,
presentation slides, multi-site user sign in sheets, and webinar questions for CEU credit.
Phil Gaberdiel, PEEngineering Practice Director
EMA
Kevin Patel, PEVice President
Signature Automation
Rob BrooksVP of Operations
User Centered Design Services
MODERATOR
Water Environment Association of Texas
Future Safety & Security
Committee Webinars
The next Safety & Security committee webinar will be held on:
June 20, 2018
August 8, 2018“Operational Preparedness from a Cyber Security,
Safety, Electrical, and Instrumentation Perspective”
8:00 AM – 4:30 PMAddison Conference and Theatre Centre15650 Addison Road, Addison, TX 75001
SAVE THE DATE for our upcoming specialty conference
! !