Today, I have an interesting post courtesy of our friend Martin Hollender from ABB's corporate research group in Germany. Martin has been doing some work on the IEC 62682 Alarm Management standard and he was good enough to share his thoughts with us.
The report of the U.S. Chemical Safety and Hazard Investigation Board about the Methyl Chloride Release (January 22, 2010) in the DuPont Belle plant in West Virginia found that problems with alarms were a major factor contributing to this accident (The report can be downloaded here: http://www.csb.gov/assets/document/CSB Final Report.pdf). As a response to the accident, the US Chemical Safety Board (CSB) recommends to “Establish and implement a corporate alarm management program as part of the DuPont PSM Program, including measures to prevent nuisance alarms and other malfunctions in those systems.“
With alarm management regulation getting tighter, standards defining alarm management become essential. The probably most well-known alarm management guideline is EEMUA 191 (EEMUA - The Engineering Equipment & Materials Users’ Association - is a non-profit membership organization headquartered in London) which was first published in 1999. This document has had an enormous influence on alarm management, but as the name says, it is only a guideline and not a normative standard.
Later ISA developed the standard ANSI/ISA 18.2 which was published in 2009 (see http://www.isa18.org). The ISA 18.2 committee has wide representation from users, vendors and consultants and is co-chaired by Donald Dunn and Nick Sands. The purpose of ISA 18.2 is to establish terminology and practices for alarm systems, including the definition, design, installation, operation, maintenance and modification and work processes recommended to effectively maintain an alarm system over time.
ISA 18.2 defines three suppression mechanisms:
● Shelving is typically initiated by the operator, to temporarily suppress an alarm.
● Suppressed by Design is a mechanism implemented within the alarm system that prevents the transmission of the alarm indication to the operator based on plant state or other conditions.
● Out-of-service is the state of an alarm during which the alarm indication is suppressed, typically manually, for reasons such as maintenance.
The terms “suppressed by Design“ and “out-of-service“ might sound a bit unfamiliar, but given the fact that each control system vendor defines terms like “disable“, “inhibit“ and “blocked“ a little bit different, it was necessary to define new vendor-neutral terms.
The standard requires that all alarms currently shelved, suppressed by design and out-of-service can be listed. Alarms must be under access control to be placed out-of-service. If an alarm is placed out of service this needs to be recorded.
Currently the working group (WG) 15 of the IEC Technical Committee 65A is working on a new international standard IEC 62682 “Management of Alarm Systems for the Process Industries“. This working group is also led by Donald Dunn and Nick Sands and starts from the existing ISA 18.2-2009 document. Current members of the working group come from Australia, Brazil, Canada, Germany, Japan, Norway, UK, and the US with backgrounds mainly in Oil & Gas, Chemicals and Control Systems. The group ensures that the standard can be used internationally.
One good example is the term “process safety“ which inside the US is known as a well-defined regulation, promulgated by the U.S. Occupational Safety and Health Administration (OSHA), but outside the US this term is often not seen in that context. Besides this “internationalization“ of the document, new eyes looking on the document help to improve it, for example by making it more precise and consistent. These improvements will be fed back to ISA 18.2 via the national US committee.
In the next months and years, alarm management will be more and more required by legislators. Inside the US, ISA/ANSI 18.2 is already a good basis for legislation and IEC 62682 will be the legal basis for alarm management worldwide. It will become a must for all safety critical plants.