Many process plants devote considerable resources to rationalizing their alarm systems — to allow operators to effectively manage the process instead of merely responding to alarms throughout the shift. A properly designed and well-functioning alarm system is crucial to plant safety, but simply staying within alarm boundaries isn't enough. Managers must know if units are running in a range that will satisfy production plans as well as critical limits (equipment- and control-related, economic, environmental, etc.).
THE OPERATING ENVELOPE
Studies by the Abnormal Situation Management (ASM) Consortium (www.asmconsortium.net) have shown that worker actions cause 42% of abnormal situations or upsets in processing operations. Equipment problems lead to 36% of upsets, with half of these attributable to equipment or process units functioning outside of their "operating envelope."
An operating envelope is a collection of boundary limits that, when exceeded, put the integrity of assets at risk. These limits typically are based on combinations of factors such as unit capacity, equipment constraints and safety concerns. They can be implemented in alarm systems and serve as operating targets.
Managing an operating envelope once consisted of counting the number of alarm breaches for a given variable. This frequently resulted in hundreds, if not thousands, of operating envelope "excursions" per month. Most weren't legitimate breaches, but rather indications of the control system or operator quickly moving the process back within established constraints.
It's critical for control room personnel to distinguish between false and genuine boundary excursions, and ensure deviations are relevant. Operating envelope deviations aren't real-time alarms like those on a control console; operators only want to react or respond to real deviations. A variable that briefly strays out-of-bounds once per hour isn't necessarily a meaningful deviation.
Unfortunately, using a generic notification tool or trying to use the alarm system to monitor the operating envelope likely will lead to many false positives. That's why technology has been purposely designed to monitor the operating envelope, to identify only real deviations. By accurately identifying genuine excursions, it makes more manageable retrospective analyses that can prompt both short- and long-term steps to minimize the occurrence of process upsets or, worse yet, loss of containment.
To maximize the life of an asset, it must be operated according to design parameters, not simply within process alarm ranges (Figure 1). However, operating strategies must extend beyond operator visibility to the entire operations team and all those interacting with the process. Without a comprehensive limit-management solution, operators simply lack the insight needed to run the plant within operating envelope boundaries.
Most sites typically rely on multiple types of process control applications, each of which can be used to independently enter and control respective targets, constraints or limits. Although these applications may relate to the same process measurements, they sometimes may use inconsistent or conflicting limits (Figure 2). This situation results in inefficient operation, costly plant incidents and frequent process shutdowns.
Various groups within the plant are responsible for maintaining safe operating limit information. As these variables often are system configuration parameters entered by people, it's possible values may fall outside of the safety and compliance envelope. Additionally, some processes have dynamic, continually changing safe operating limits — a situation that's challenging for operators to manage.
Plant owners must understand the operating envelope encompasses both operating and alarm limits. However, without linkage between these limits, it's impossible to keep them consistent. In principle, operating and alarm limits should match — this allows alarm limits and their rationalization to benefit from the economic understanding of operating limits that exists in most plants. The common disparity between alarm and operating limits stems from the inability to see, compare and work within the operating envelope.
Managing alarms largely is a matter of correctly monitoring and managing operating envelopes. It involves having operators and process engineers ensure alarms, operations monitoring, operating instructions and alerts are consistent with process and equipment limits imposed by the equipment and process design, as well as environmental and safety constraints.
When embarking on a program to capture the plant operating envelope and then monitor and validate activities against the associated limits, it's imperative the alarm system be well rationalized. Trying to monitor against an operating envelope with an unhealthy alarm system just won't work. Instead, plants must strive to implement a solution that changes the culture of console operators from operating to alarms to operating to the operating envelope (i.e., "secondary alarms"). This results in operators paying attention to notifications of operating envelope deviations rather than constantly reacting to alarms. They immediately can review cause, consequence and action information, and plan the appropriate response.
Many plant operations departments are rethinking their approach to operational excellence to gain the maximum benefit from ongoing technology developments. Instead of simply managing the effects of operating outside established boundaries, they're striving to expose the operating envelope to all appropriate stakeholders and ensure it's well understood across operations and related groups.
Today's operations management tools, coupled with well-designed work processes, provide the proper visibility and communication to allow operators, planners, engineers and others to accurately steer an operation within true operating envelope boundaries. This is key to ensuring safety, reliability and profitability.
The effective management of boundary limit information and its dissemination through uniform work processes constitute best practices for optimizing asset and people effectiveness. Accurate boundary data should be available to operators via operating instructions to establish proper limits for production processes, embodied in the control system as a managed set of alarms and alerts consistent with unit constraints and limits, and presented as unified results that can serve as a yardstick for learning and continuous improvement efforts.
Without this broader view, each role is working with data that lack the larger context.
For example, planners who can't validate the weekly production plan against limits potentially could overdrive equipment that may have units operating in alarm, leading to damage and possibly even failure. The ripple effect of planning without an understanding of all limits (e.g., operating, environmental, design and reliability) can result in injury to plant workers, harm to other equipment, shutdowns and environmental releases.
Operations management products can effectively manage information such as planning targets, key performance indicators, standard operating limits and procedures, safety and environmental limits, and the causes of deviations. They improve plant performance by systematically setting and communicating operating plans, monitoring process data against limits, and highlighting the priorities of deviations. By providing a better understanding of performance versus industry norms, and knowledge of true operating limits for better reliability and agility, they help reduce energy usage while improving yield, product consistency and run lengths.
Moreover, they impose a standard, structured way to activate the operating plan, thus improving coordination between the planning and operating staffs. Once the plan is in place, actual data are systematically evaluated against operating targets. Plant personnel gain access to the information needed to determine the causes of downtime and production inefficiencies, so they can make appropriate changes.
Some tools even display safe operating limits for multiple applications and assets in real-time and in context — regardless of their source — within the plant human-machine interface. This enables operators to know the operating envelope for a particular monitored point or asset, and proactively take action before an excursion occurs. A single data model of the limit space (e.g., variables, boundaries, constraints, operating limits and modes) also allows limits to be consistently managed for storage and retrieval.
The development of a "limit repository" helps plant personnel monitor and maintain consistency between applications in the business and control networks. For example, if modification of a limit used by the planner application makes it inconsistent with the limit in any other application, the limit repository can serve to notify the other application of the problem. This includes informing the application how the limit is inconsistent and what steps are needed to re-establish consistency. The application then executes the appropriate changes or actions based on the input. Reports to engineering or management identify unresolved inconsistencies and the responsible entities. This allows operations to continue without inconsistent or conflicting limits (Figure 3).
With a single limit repository, inconsistency becomes a non-issue — all the limits can be managed, even those owned by another source. Plus, this approach eliminates the need to determine which limit is valid (i.e., if there's only one limit, it must be the correct one).
An operations management initiative also can give engineers the means to develop a boundary hierarchy, to detect and report deviations such as an alarm setting that's higher than a safety-instrumented-system trip point. This provides additional assurance that modifications to configuration parameters, including alarm limits and instrument ranges, remain within the safe operating envelope.
In addition, operations monitoring tools give control room personnel the ability to analyze and act upon information associated with multiple boundaries affecting operations, and determine the plant's current state relative to its safe operating limits. Each boundary corresponds to at least one of multiple hierarchical levels associated with different levels of criticality within the process. The tools allow operators to compare process variables against various configured limits and filter out certain types of limits to de-clutter the view. Thus, operators can choose whether to stay within one set of boundaries while violating another less-critical boundary.
Imagine if operators were presented with boundaries indicating environmental limits, equipment design constraints or economic efficiency. This information might show it's better to operate in the bottom third of the range between alarms. Perhaps the weekly plan suggests ramping up production, which means moving out of the ideal operating range. Operators would have enough information to decide whether or not to sacrifice efficiency — by using more fuel, for instance.
When just running the process to alarms, operators may believe they're doing the right thing. However, they inadvertently are shortening the life of equipment or prompting earlier maintenance work.
Software applications also are available for maintaining an electronic record of the occurrences during a plant shift. They enable operators to automatically capture all excursions and enter comments as to how they dealt with the deviations. These data are crucial to communicate during shift handover to help the entire operations staff maintain situational awareness. Plus, they are valuable to process engineers charged with addressing recurring problems.
Electronic logbooks are equally useful for managing a site-wide task list because they can indicate status updates such as pending, deferred, overdue and complete. Authorized users view tasks assigned to them and mark the work as complete; otherwise, they reassign, reschedule, defer and change their duties.
Finally, planners can utilize operations management tools to create daily or weekly instructions for operating strategies that have been validated against multiple proven boundary limits maintained in a single location. This ensures processes will not be run outside of the safe operating envelope.
Thanks to continued development in operations management technology, plants can better track their operating performance against targets and highlight problem areas. Improved operations monitoring also helps to determine the causes of downtime and production inefficiencies.
By learning from operations history, plant personnel more efficiently can manage and control a wide range of processes. This leads to less spending on equipment maintenance, greater asset reliability and fewer safety incidents.
Through better information and decisions, today's operations management strategies enable reduced operating costs, improved yields and increased production. They also help ensure compliance with increasingly demanding regulatory standards. Plants ultimately achieve optimal use of capital improvements.
CHRIS STEARNS is a Hudson, Ohio-based senior product manager for Honeywell Process Solutions. E-mail him at [email protected].