Earlier today I commissioned a project I have been working on for the last year, ESD Dynamic Alarm Suppression.
When the Emergency Shutdown (ESD) System is activated, shutdown valves will close and pumps will stop. This normally causes a significant flood of extra alarms as the normal control system warns that there are low flows or low pressures when (during normal operation) there should not be.
This flood of alarms can can cause problems in a number of ways:
- The constant noise of the alarms can distract the operator from focusing on the task in hand.
- Important alarms can be lost in amongst the many non important alarms.
This project consists of control system logic that monitors the ESD system. This logic will then disable alarms that would normally activate as a direct response to the shutdown action.
When a shutown valve closes, you would expect the flow in the line to drop, so don't bother warning the operator if there is normally a low flow alarm.
The project was started prior to myself joining the company, let alone working in the control team and has taken a long time to get through all the stages of design and review.
The process consisted of:
- For each ESD output, what alarms are expected to be triggered as a DIRECT consequence of this action.
- For each of these alarms, are they triggers or pre warnings of any other shutdown actions.
- For each alarm work out when the alarm should be re-enabled.
We only want to identify alarms that are direct consequences of the ESD action rather than blanket disabling of alarms. We also need to consider the specific type of alarm, if we expect a low flow, only disable the low flow alarm, keep the high flow alarm active in case the shutdown valve does not actually close properly.
We also need to ensure that the masking does not accidentally hide a real shutdown initiation. If a low flow causes the valve to close (perhaps to avoid reverse flow), we need to make sure we don't disable that low flow alarm when the valve is closed. Otherwise, we risk getting no alarms at all when the low flow trip is triggered.
Finally for each alarm, we need to decide when is best to re-activate the alarm. We don't want to immediately activate the alarms when the ESD valve is opened because this would just lead to a flood of alarms during the commissioning phase. In each case we need to work out when the operators are attempting to restart the process and then give some time for the normal process conditions to be established.
Going forward, ideally when installing a new alarm, we should aim to ask 'When do we NOT need the alarm?' and 'When should this alarm be ignored?'. Then logic should be constructed at that occasion to avoid floods in future.
Hopefully this will reduce the alarm flooding and make it easier to cope with the next trip incident. This is one project however I hope does not get fully tested for some time.Go Top