Harvey Dearden, Director of SISSuite Ltd., will be presenting at Hazardex Live about original research that postulates a new model for the probability of effective alarm diagnosis as a function of available time.
Despite advances in technology the human operator remains a major component of the system. One of their critical roles is detecting, diagnosing, and responding to unplanned and unwanted situations. We provide alarms to inform them about these situations and prompt appropriate action.
A curious situation has arisen. We give operators a high degree of responsibility and autonomy to operate hazardous plant because we know that in many cases the human capability to evaluate situations is superior. On the other hand, we are reluctant to take credit for human response to alarms because we are concerned about human reliability. One of the issues to contend with, is the time it will take for the operator to respond to an alarm.
To take credit for operator response to some alarms they can be categorised as “highly managed” or “safety related.” This small subset of the total alarm system is set up to ensure high human reliability, which must include sufficient time to respond.
It is routinely said that any safety related alarm must have an available operator response time of 10-30 minutes. Many users find this stipulation to be unrealistic: their expectations are of effective operator responses in much shorter time intervals. In fact, there are many ‘normal’ alarms where they would expect a response within this timescale, so it can be difficult to understand what this really means in practice.
Whilst it may seem to be safe to always take a conservative view when considering safety there is the danger that, in being denied the opportunity to make a risk reduction claim for an alarm, there may be no incentive to improve an alarm provision. Also, the implication is that a greater burden will fall on other safety instrumented functions, adding complexity and using unwarranted resources that could be deployed elsewhere for a better safety return.
On closer investigation it appears that the 40-year old reference that underpins the widely cited figures (of 10-30 minutes) is not well aligned with the circumstances prevailing in modern process plant that have properly managed alarm systems.
This paper considers the provenance of these figures and uses the original research to postulate a new model for the probability of effective alarm diagnosis as a function of available time. This is then coupled with other factors such as alarm annunciation techniques and control room staffing, and required action execution time, to identify the overall available time requirement.
Consideration is also given to the effect of the annunciation method and action execution system reliabilities, which if a given risk reduction claim is to be achieved, dictate the reliability requirement on the operator. This is turn will influence the available operator response time requirement.
Being able to justify shorter alarm response times and potentially taking some credit for response to a wider range of alarm types could result in lower demand rates on trip functions with a correspondingly reduced safety integrity level requirement.
The approach outlined offers a more discerning view of the risk reduction contribution from well-designed alarm systems, which will in turn drive improvement in alarm system design and management.
About the author:
Harvey T. Dearden is Engineering Director of HTS Engineering Group and a Director of SISSuite Ltd. and Time Domain Solutions Ltd. He is actively involved with the Institute of Measurement & Control and specialities include: Implementation of IEC61508/61511 (SIL), DSEAR/ATEX; Development/troubleshooting of control systems/strategies; Development of engineering management policy/procedures; Auditing of fiscal measurement systems and Training on control/measurement/protection systems. He previously held senior engineering positions at Great Lakes Chemical, Associated Octel Company, Costain Oil and Gas & Process Ltd.