Improve Alarm System Performance and Comply with new Alarm Management standards and regulations.
Alarm Rationalization made easy with SILalarm
SILalarmTM is a tool for facilitating the alarm rationalization process and documenting the results in a master alarm database. It guides a rationalization team through a systematic process of reviewing, justifying and documenting the design of each alarm, ensuring compliance with a corporate or site alarm philosophy document. 
It supports data exchange with new (greenfield) and existing (brownfield) control systems via a flexible import/export system. Developed in accordance with the IEC 62682 and ANSI/ISA- 18.2 standards as well as with the EEMUA 191 guideline, it can be used by novices and experts alike to comply with alarm management good engineering practices.
Guiding you through the Rationalization Process
SILalarm guides you step-by-step through the rationalization process. Each step prompts the user to document the necessary information and make the appropriate design decisions. This reduces the amount of training needed to use the tool and expands the number of personnel that can effectively use it. The user manual includes tips and techniques showing how to apply good engineering practices to rationalization taken from ISA-18.2 and EEMUA 191.The rationalization process can be customized by the user to fit the applicable Alarm Management Philosophy, aligning the rationalization steps to your alarm management process.
Tailorable to your Alarm Management Practices
Having an alarm philosophy document in place is a pre-requisite to a successful alarm rationalization. SILalarm can be setup to take on the rules defined in your philosophy document. This ensures consistency and traceability by enforcing these rules during the rationalization process. Typical philosophy-specific settings include:
- Alarm Prioritization (number of different alarm priorities / priority names, prioritization matrix)
- Consequences of Not Responding (impact categories and descriptions for evaluating potential consequences)
- Operator Response Time
- Alarm Classes
- Alarm Tuning (deadband / hysteresis, on / off delays)
Prioritize to Ensure Operators Know Which Alarms to Respond to First
Alarm priority helps the operator determine which alarm they should respond to first. Prioritizing alarms following a consistent methodology based on potential consequences and/or time to respond, helps build operator confidence and trust in the alarm system. It also helps optimize their response during upset conditions so that they are always responding to the situation which is most business-critical.
SILalarm supports several methods of prioritization:
- Severity Matrix (Time to Respond vs. Consequences)
- Maximum Consequences: (EEMUA 191)
- Summating Consequences: Quantitative (EEMUA 191)
- Sum of all severities modified by urgency
To improve the operator’s response it is important to make sure they do not receive an excessive number of high priority alarms. SILalarm calculates the configured alarm priority distribution and provides a comparison to the benchmarks of IEC 62682, ANSI/ISA- 18.2, and EEMUA 191. It allows non-alarm notifications to be categorized (e.g., alerts, prompts, messages) if they don’t meet the criteria for being an alarm.
Completing alarm rationalization with SILalarm helps you to “deliver the right alarm at the right time to the right operator so that he / she can take the right corrective action to achieve the right result”
Alarm Objective Analysis / Justification Establishes the Need for an Alarm
Rationalization involves reviewing and justifying potential alarms to ensure that they are truly necessary and that they meet the criteria for being an alarm as defined in the philosophy. Each alarm is examined to ensure it indicates an abnormal condition requiring a response (corrective action) from the operator. If an alarm has minimal consequences, or there is no defined operator response, then it can be disabled or designated for decommissioning.
SILalarm makes it easy to document the design intent (purpose of the alarm), potential consequences, cause of the alarm, methods for confirming that the alarm is legitimate, and the recommended operator corrective action. This information can be output in a report format from the master alarm database as an alarm response manual or individual alarm response procedures for each tag. These documents allow the results of rationalization to be used for operator training or integrated into the Human Machine Interface (HMI) to aid the operator’s response.
Classification Helps Manage & Administer Alarms
Classification allows groups of alarms with similar characteristics and requirements for training, testing, documentation, data retention, reporting, or management of change to be lumped together for easier management. Alarms can be assigned to more than one classification. The origin of the alarm (P&ID, HAZOP, environmental permit, cGMP, etc.) can be documented along with any specific testing requirements which might be required to comply with pertinent regulations.
Set Alarm Limits to Provide Operators with Adequate time to respond
SILalarm helps you establish alarm limits systematically based on knowledge of the dynamics of the process , operating conditions, and operating boundaries. This helps to prevent nuisance alarms and ensures that the operator has sufficient time to diagnose and respond to the alarm. Recommended alarm limits are determined based on the following:
- Normal operating limit
- Consequence Threshold (Constraint)
- Process Dynamics (Rate-of-Change, Process Deadtime)
- Process Safety Time – the time between the fault and the occurrence of a hazard
- Minimum Operator Response Time – the minimum time that must be provided for the operator’s response
- Current limit in the control system (current setpoint)
- In relation to safe operating limits or other operational constraints (MADP, MADT)
The rationale used for alarm setpoint determination can also be documented.
Suppress Alarms from the Operator when they are not Relevant
Operator performance can be improved by suppressing alarms when they are not relevant based on plant operating conditions. SILalarm allows you to define various advanced alarming methods such as shelving, first-out alarming, state based suppression, and alarm flood suppression that can be implemented in the control system using its native functionality. The alarm flood suppression interface in SILalarm allows the user to define the trigger conditions for suppression, designate a common alarm, specify a maximum suppression time and indicate which alarms are to be suppressed. It also helps you to verify that the alarm can safely be suppressed by displaying the classification, priority, and whether the alarm is used as a safeguard or an independent protection layer.
State-based alarming scenarios can also be defined by specifying alarm limit, priority, cause, consequence, and operator response as a function of operating state / mode, product type, or the phase of a batch.
Maximize Risk Reduction of Safety Related Alarms
Safety related alarms are critical for maintaining the safety of the process, plant, and personnel. Alarms can serve as a safeguard in a HAZOP, as an independent protection layer in a LOPA, or they can be identified in a Safety Requirements Specification. SILalarm integrates the functional safety design requirements into the master alarm database and makes them available during rationalization. This provides traceability, creates a means for feeding alarm design details to the appropriate safety personnel, and ensures that safety-critical alarms are treated appropriately during the rationalization process.
User Defined Fields to Tailor the Master Alarm Database (MADB)
To help document relevant information about the alarm design, user-defined fields can be setup in SILalarm to tailor the master alarm database to your requirements. For example these fields can be used to record safe operating limits, operating boundaries, equipment constraints (e.g. design, safety, corrosion, process, reliability, environmental), relevant interlocks, or whatever process safety information is required for compliance with OSHA 1910.119. This helps to create a consistent reference point for alarm system design and how it relates to operations. User Defined fields can be assigned at all of the alarm rationalization work process steps.
Managing & Tracking the Rationalization Process
Alarm rationalization is an ongoing process that is often implemented in stages. SILAlarm helps manage and track the rationalization status of each alarm. Changes to alarm rationalization status (e.g. Under Review, On Hold, Open Action Item, Pending Approval, Approved, etc.) are recorded in a change log, along with relevant comments and the session (including associated team members) during which the alarm status was changed. Once approved, alarms become “read only” and cannot be modified without first changing their status.
Audit and Enforce to Identify Unauthorized Alarm System Changes
To maintain the integrity of the alarm system it is recommended to periodically compare the settings in the master alarm database vs. those in the control system. SILalarm can create a report on demand that identifies any alarm parameters that are different based on evaluating a snapshot of the engineering configuration. The comparison is done independent of the running control system, thereby ensuring that the alarm audit does not interfere with the running process. Each change can be reviewed to identify whether it should be accepted, rejected or set for enforcement. The differences report can be distributed to plant personnel for offline review and disposition.
The Cockpit for Viewing the Master Alarm Database
The SILalarm Alarm List View is the cockpit for managing the master alarm database and the status of the rationalization process. The viewer can be sorted and filtered to make it easy to segment a large database into small manageable pieces. It allows you to view key attributes of each alarm including alarm type, block type, process area / unit / equipment, alarm enable status, priority and the rationalization status.
The tool also allows you to categorize the source of each alarm for segmentation and tracking purposes. For example the source attribute could be used to differentiate the alarm’s origin by control system type (SIS, BPCS, PLC , SCADA), by system (Utilities, Packaging, Production areas, OEM Skid), by batch construct (Control Module, Phase, Equipment Module) or by type of alarm (Process, Fieldbus, Instrument Diagnostic, System Diagnostic), etc.
Connecting SILalarm to your Control System or Existing Alarm Database
SILalarm makes it easy to get data in and out for exchange with design tools, the control system configurations, or existing alarm databases. Alarm information can be imported to SILalarm. Both generic and control-system specific import formats are available. Rationalized alarm information can be exported from SILalarm enabling alarm configuration details to be propagated into the control system without requiring manual reentry of data.
Optimizing the Rationalization Process
Alarm rationalization can be a resource intensive process. An effective tool streamlines the process by allowing you to apply the results from one alarm to other similar alarms.
This eliminates the need to review all alarms in detail thus increasing productivity and reducing the overall rationalization time. SILalarm contains many features for optimizing the rationalization process, such as:
- Copying selected rationalization results (such as prioritization) from one alarm to another
- Copying the complete alarm design from one alarm to many
- Creating new alarms by cloning from a template
- Rationalizing / displaying details for up to 10 alarms at the same time (for direct comparison and copy / paste)
Options for Deploying SILalarm
SILalarm™ is available on different licensing platforms, including single user licenses, concurrent user licenses, and software as a service. SILalarm™ can be licenses individually or in combination with other modules within the exSILentia® suite of lifecycle engineering tools. This provides flexibility in how you deploy it and allows you to coordinate / standardize its use between sites.
| License Option | Description |
|---|---|
| Standalone |
License for a single user. Requires no special connectivity (can be used in the office or remotely) |
| Site |
Multiuser license for 5 or 10 concurrent users. Users must be connected to the same network as the license server for the application to run. |
| Cloud |
Application and database(s) are hosted remotely on an exida server. To access the application, users must have a web browser, an internet connection, and the Citrix® interface client installed. Projects can be stored on the exida servers as well as locally. |
| Server |
Application and database(s) are hosted on the customer’s Citrix® Presentation Server. Users must have a web browser on their local machines and the Citrix® interface client installed to be able to access the application. |
Alarm Rationalization Services
To help you realize the benefits of rationalization, exida offers the following optional services:
| Service | Description |
|---|---|
| Create Alarm Philosophy Document |
Training on Alarm Management Practices & Principles Alarm Philosophy Development Workshop (3 days) Completion of Alarm Philosophy document for review & approval |
| SILalarm Getting Started Package |
On-site SILalarm Training Class (2-day, Hands-On) Rationalization Ready Service (preloading of master alarm database) |
| Alarm Rationalization Workshop / Facilitation |
Identification of which Alarms to Prioritize first Facilitated Alarm Rationalization Exercise (typically 10 days) Resolution of selected Bad Actors Documentation of Rationalization results in SILalarm Training of local Facilitator to lead future rationalization activities |
| Review, Assessment & Benchmarking of Alarm System Performance |
Operator Interviews (onsite) Analysis of Alarm System Performance Analysis of Alarm System Configuration Identification of Bad Actors and First Alarms to Rationalize Gap Analysis report |