SILalarm guides you step-by-step through the rationalization process. Each step prompts the user to document the necessary information and make the appropriate design decisions. This reduces the amount of training needed to use the tool and expands the number of personnel that can effectively use it. The user manual includes tips and techniques showing how to apply good engineering practices to rationalization taken from ISA-18.2 and EEMUA 191.The rationalization process can be customized by the user to fit the applicable Alarm Management Philosophy, aligning the rationalization steps to your alarm management process.
Having an alarm philosophy document in place is a pre-requisite to a successful alarm rationalization. SILalarm can be setup to take on the rules defined in your philosophy document. This ensures consistency and traceability by enforcing these rules during the rationalization process. Typical philosophy-specific settings include:
Alarm priority helps the operator determine which alarm they should respond to first. Prioritizing alarms following a consistent methodology based on potential consequences and/or time to respond, helps build operator confidence and trust in the alarm system. It also helps optimize their response during upset conditions so that they are always responding to the situation which is most business-critical.
SILalarm supports several methods of prioritization:
To improve the operator’s response it is important to make sure they do not receive an excessive number of high priority alarms. SILalarm calculates the configured alarm priority distribution and provides a comparison to the benchmarks of IEC 62682, ANSI/ISA- 18.2, and EEMUA 191. It allows non-alarm notifications to be categorized (e.g., alerts, prompts, messages) if they don’t meet the criteria for being an alarm.
Rationalization involves reviewing and justifying potential alarms to ensure that they are truly necessary and that they meet the criteria for being an alarm as defined in the philosophy. Each alarm is examined to ensure it indicates an abnormal condition requiring a response (corrective action) from the operator. If an alarm has minimal consequences, or there is no defined operator response, then it can be disabled or designated for decommissioning.
SILalarm makes it easy to document the design intent (purpose of the alarm), potential consequences, cause of the alarm, methods for confirming that the alarm is legitimate, and the recommended operator corrective action. This information can be output in a report format from the master alarm database as an alarm response manual or individual alarm response procedures for each tag. These documents allow the results of rationalization to be used for operator training or integrated into the Human Machine Interface (HMI) to aid the operator’s response.
Classification allows groups of alarms with similar characteristics and requirements for training, testing, documentation, data retention, reporting, or management of change to be lumped together for easier management. Alarms can be assigned to more than one classification. The origin of the alarm (P&ID, HAZOP, environmental permit, cGMP, etc.) can be documented along with any specific testing requirements which might be required to comply with pertinent regulations.
SILalarm helps you establish alarm limits systematically based on knowledge of the dynamics of the process , operating conditions, and operating boundaries. This helps to prevent nuisance alarms and ensures that the operator has sufficient time to diagnose and respond to the alarm. Recommended alarm limits are determined based on the following:
The rationale used for alarm setpoint determination can also be documented.
Operator performance can be improved by suppressing alarms when they are not relevant based on plant operating conditions. SILalarm allows you to define various advanced alarming methods such as shelving, first-out alarming, state based suppression, and alarm flood suppression that can be implemented in the control system using its native functionality. The alarm flood suppression interface in SILalarm allows the user to define the trigger conditions for suppression, designate a common alarm, specify a maximum suppression time and indicate which alarms are to be suppressed. It also helps you to verify that the alarm can safely be suppressed by displaying the classification, priority, and whether the alarm is used as a safeguard or an independent protection layer.
State-based alarming scenarios can also be defined by specifying alarm limit, priority, cause, consequence, and operator response as a function of operating state / mode, product type, or the phase of a batch.
Safety related alarms are critical for maintaining the safety of the process, plant, and personnel. Alarms can serve as a safeguard in a HAZOP, as an independent protection layer in a LOPA, or they can be identified in a Safety Requirements Specification. SILalarm integrates the functional safety design requirements into the master alarm database and makes them available during rationalization. This provides traceability, creates a means for feeding alarm design details to the appropriate safety personnel, and ensures that safety-critical alarms are treated appropriately during the rationalization process.
To help document relevant information about the alarm design, user-defined fields can be setup in SILalarm to tailor the master alarm database to your requirements. For example these fields can be used to record safe operating limits, operating boundaries, equipment constraints (e.g. design, safety, corrosion, process, reliability, environmental), relevant interlocks, or whatever process safety information is required for compliance with OSHA 1910.119. This helps to create a consistent reference point for alarm system design and how it relates to operations. User Defined fields can be assigned at all of the alarm rationalization work process steps.
Alarm rationalization is an ongoing process that is often implemented in stages. SILAlarm helps manage and track the rationalization status of each alarm. Changes to alarm rationalization status (e.g. Under Review, On Hold, Open Action Item, Pending Approval, Approved, etc.) are recorded in a change log, along with relevant comments and the session (including associated team members) during which the alarm status was changed. Once approved, alarms become “read only” and cannot be modified without first changing their status.
To maintain the integrity of the alarm system it is recommended to periodically compare the settings in the master alarm database vs. those in the control system. SILalarm can create a report on demand that identifies any alarm parameters that are different based on evaluating a snapshot of the engineering configuration. The comparison is done independent of the running control system, thereby ensuring that the alarm audit does not interfere with the running process. Each change can be reviewed to identify whether it should be accepted, rejected or set for enforcement. The differences report can be distributed to plant personnel for offline review and disposition.
The SILalarm Alarm List View is the cockpit for managing the master alarm database and the status of the rationalization process. The viewer can be sorted and filtered to make it easy to segment a large database into small manageable pieces. It allows you to view key attributes of each alarm including alarm type, block type, process area / unit / equipment, alarm enable status, priority and the rationalization status.
The tool also allows you to categorize the source of each alarm for segmentation and tracking purposes. For example the source attribute could be used to differentiate the alarm’s origin by control system type (SIS, BPCS, PLC , SCADA), by system (Utilities, Packaging, Production areas, OEM Skid), by batch construct (Control Module, Phase, Equipment Module) or by type of alarm (Process, Fieldbus, Instrument Diagnostic, System Diagnostic), etc.
SILalarm makes it easy to get data in and out for exchange with design tools, the control system configurations, or existing alarm databases. Alarm information can be imported to SILalarm. Both generic and control-system specific import formats are available. Rationalized alarm information can be exported from SILalarm enabling alarm configuration details to be propagated into the control system without requiring manual reentry of data.
Alarm rationalization can be a resource intensive process. An effective tool streamlines the process by allowing you to apply the results from one alarm to other similar alarms.
This eliminates the need to review all alarms in detail thus increasing productivity and reducing the overall rationalization time. SILalarm contains many features for optimizing the rationalization process, such as:
SILalarm™ is available on different licensing platforms, including single user licenses, concurrent user licenses, and software as a service. SILalarm™ can be licenses individually or in combination with other modules within the exSILentia® suite of lifecycle engineering tools. This provides flexibility in how you deploy it and allows you to coordinate / standardize its use between sites.
License for a single user. Requires no special connectivity (can be used in the office or remotely)
Multiuser license for 5 or 10 concurrent users. Users must be connected to the same network as the license server for the application to run.
Application and database(s) are hosted remotely on an exida server. To access the application, users must have a web browser, an internet connection, and the Citrix® interface client installed. Projects can be stored on the exida servers as well as locally.
Application and database(s) are hosted on the customer’s Citrix® Presentation Server. Users must have a web browser on their local machines and the Citrix® interface client installed to be able to access the application.
To help you realize the benefits of rationalization, exida offers the following optional services:
|Create Alarm Philosophy Document||
Training on Alarm Management Practices & Principles
Alarm Philosophy Development Workshop (3 days)
Completion of Alarm Philosophy document for review & approval
|SILalarm Getting Started Package||
On-site SILalarm Training Class (2-day, Hands-On)
Rationalization Ready Service (preloading of master alarm database)
|Alarm Rationalization Workshop / Facilitation||
Identification of which Alarms to Prioritize first
Facilitated Alarm Rationalization Exercise (typically 10 days) Resolution of selected Bad Actors
Documentation of Rationalization results in SILalarm
Training of local Facilitator to lead future rationalization activities
|Review, Assessment & Benchmarking of Alarm System Performance||
Operator Interviews (onsite)
Analysis of Alarm System Performance
Analysis of Alarm System Configuration
Identification of Bad Actors and First Alarms to Rationalize Gap Analysis report
exida has developed courses that will familiarize users with all facets of the exSILentia tool to ensure efficient implementation of the Safety Lifecycle tasks.