Why alarms can act as stress-raisers

 

The automation and digitization of the process industry does not have only positive sides, because with the introduction of every solution you can introduce another new problem. A process operator has the clean task of running, or in other words controlling, the process in a chemical plant in a controlled manner. Of course, he does not do this entirely on his own, but for this he has in his hands, in the form of an automatic control system (DCS), a piece of equipment that can help him (or her) do this. An easy job, you might say, because everything is automatically controlled, isn't it?
I deliberately mentioned can, because it can also work against him. The processes are becoming increasingly complex, the factories larger and larger and the organizations thinner: one operator has to keep an eye on more and more. If a process value goes outside a certain set limit, the operator is alerted with a sound and/or light signal: an alarm

The feeling of uncontrollability

In control rooms of the past, controllers were built into a panel and actually took up space. Full was full. An alarm was physically tied to the controller in the form of a (flashing) light or horn. So every alarm had to be carefully considered, because it cost money and space was just limited.
How different it is in modern times. Modern DCS systems have hardly any limitations. Multiple alarms per instrument are possible by default, so their cost is nil. There is no longer any barrier to adding alarms and alerts. When the plant is running quietly, those alerts and alarms help keep the process within operational limits. But when a failure occurs that changes things. The operator soon receives many more signals than he can handle and starts to feel out of control.
Instead of helping the operator, the DCS alarm system turns against him.

The picture to the right shows the amount of alarms during a power failure in a plant. A complete "alarm-flood" occurs, up to about 1 alarm per second and a total of > 15000 alarms during this incident.
Obviously, the alarms in this case are working against the operator rather than helping him.

ALARM: As Low As Reasonably Manageable

Malfunctioning alarm systems have often been the cause of major industrial incidents:

  • More alarms than the operator can handle
    If something fails, an alarm will go off, the process will be disrupted and a whole series of follow-up alarms will soon follow, arising further down the process (low pressure, high temperature, etc.). For an operator, this creates a sense of uncontrollability and will increase stress levels. Not something you want as an operator in an emergency situation, where there is already enough stress.
  • Recurring alarms (chattering alarms).
    When an alarm comes in, the operator can "accept" it. He then presses a button so the system knows he has seen it. Sometimes these alarms are repeated after a certain amount of time.
  • Alarms that remain on for long periods (standing alarms).
    A pump that is off does not deliver pressure. If it has a low pressure alarm, it will come on and stay on until the pump is put into operation.
  • Alarms due to normal process fluctuations or routine operator actions
    A process never runs completely stable and always moves slightly between some limits. If those limits are chosen too tightly, an alarm frequently comes in when nothing is happening.
  • Incorrect distribution of alarm priorities (everything is important)
    In a disturbance, is low flow (flow) as important as low pressure or high temperature? Perhaps low flow is a precursor to the other two?
  • Desired response to alarms not clear, no alarm documentation
    An alarm goes off, but what is the operator actually expected to do?
  • Lack of a clear alarm philosophy
    In safety studies, it is far too easy to say, "just put an alarm on it." This is often not based on a thoughtful plan, but is more of an ad hoc decision. Thus, the design should already consider where to put an alarm on and what the desired action is. In safety studies, the term ALARP is common: As Low As Reasonably Practicable. You can never completely reduce the risk to "0"(See: PHA/HAZOP). At some point the risk is acceptable and not practical to add more "bells and whistles" to it.

I would suggest that the term ALARM be taken as an abbreviation in the future:

As Low As Reasonably Manageable

For every alarm introduced to an instrument, think about what you want to accomplish with it and what kind of action you expect. You'd be doing your fellow operators a big favor.

Do you have an opinion on this? If so, give the editors a tip and we can write a blog about it or respond to it and we can all learn something from it.