Human Performance Models for Response to Alarm Notifications in the Process Industries: An Industrial Case Study

Similar documents
Functional Versus Schematic Overview Displays: Impact on Operator Situation Awareness in Process Monitoring

Where Technology Shapes Solutions. Alarm management : Wasn t that problem already solved years ago?

Communication and Coordination Failures in the Process Industries

DYNAMO ALARM MANAGEMENT

Table of Contents PART I: The History and Current Status of the Industrial HMI PART II: Fundamentals of HMI Design and Best Practices

The Abnormal Situation Management Consortium: Past and Future of Abnormal Situation Management

Alarm Management Optimization (AMO) at Saudi Aramco

DynAMo Alarm & Operations Management

Effective Alarm Management for Dynamic and Vessel Control Systems

Critical Condition Management on a Corporate Scale. Lyondell Is a Major Global Chemical Company

White Paper: CCPS Process Safety Metrics Review Considerations from an ASM Perspective

The Top 10 Worst Performing Alarm Systems in Industry

2012 Honeywell Pacific Users Group. Sus tain.ability.

Practical Distributed Control Systems (DCS) for Engineers & Technicians. Contents

2013 Honeywell Users Group Americas. Jeff England & Dal Vernon Reising Successes & Challenges for Designing Effective Level 1 and Level 2 Displays

ALARMING NEWS FROM INVENSYS PROCESS SYSTEMS, INC.

ADIPEC 2013 Technical Conference Manuscript

Alarm Management. Version Prepared by: Michael Davis- Hannibal. Softcon Software Control Services (Pty) Ltd.

Improved safety system in a nitric acid plant

1.1. SYSTEM MODELING

COMPUTER ENGINEERING PROGRAM

Alarm Management for Pipelines

DeltaV Operate. DeltaV Operate. Introduction. DeltaV Product Data Sheet. Robust and secure plant operations

DON T JUST REPORT ON ALARMS, TAKE

Alarm Management for SCADA control rooms

Q&A Session from Alarm Management Workflow Webinar (Apr.24/2013)

CHAPTER I: INTRODUCTION

Scope of Work Urban Design Review Framework Monitoring Program Item #7.1

Fire Risks of Loviisa NPP During Shutdown States

Proxemic Interactions in Ubiquitous Computing Ecologies

Improvements in Transmission Control Center Alarm Management Practices

Exaquantum/ARA Alarm Reporting and Analysis

Improved Dryer Control

KELTRON LS 7000 ALARM MANAGEMENT SYSTEM Keltron Alarm Monitoring, Dispatch, and Reporting Software

Performance of control room operators in alarm management

PERFORMANCE HUMAN NEXT-GENERATION SCADA HIGH. MACHINE INTERFACES Configuring HMIs to Display Operator-centric Information

Serie 3 Interaction Design Basics, HCI in the Software Process & Design Rules

Monitor Alarms and Events

Product introduction Layers of Protection Layer 3: Safety System Instrumented & Mechanical. Layer 2: Alarms Manual action needed

Enhance Alarm Management

Failure Modes, Effects and Diagnostic Analysis

ABB Ability System 800xA Alarm Management

Monitor Alarms and Events

The Effects of Woody Vegetation on Levees

Stavros Chrysanthou Madrid DynAMo Alarm Management Secrets to unlocking complete Operational Integrity

Alarm System Example

Real-Time Root Cause Analysis for Complex Technical Systems

1 Descriptions of Function

Security Management System - Configuring Video Analytics

DATA SHEET BENEFITS CURRENT CHALLENGES SSM INFOTECH S X-FORCE AMS - THE IDEAL SOLUTION

Universal Tag Locator. Operations management software for process facilities

Overview. Executive Summary. Solution Description CHAPTER

Planning and Operational Applications of TRANSIMS

SIL DETERMINATION AND PROBLEMS WITH THE APPLICATION OF LOPA

Martin Huber 26September 2017 F&G SOLUTIONS FOR THE PROCESS INDUSTRY

Alarm Management Standards Are You Taking Them Seriously?

Demonstration of 2nd Generation Ducted GE "Brillion" Hybrid Water Heater in the PNNL Lab Homes

Battery Performance Alert: A TOOL FOR IMPROVED PATIENT MANAGEMENT FOR DEVICES UNDER BATTERY ADVISORY

ETSI TS V1.2.1 ( )

Building Emergency Response Scenario

Application of Air Source Variable Refrigerant Flow in Cold Climates

APPENDIX Q SFO DESIGN WHITE PAPER

Y. ORMIERES. Fire risk analysis method for nuclear installations

Fire evacuation drill

Applications and Examples

Safety in the process industry

RESOLUTION MSC.86(70) (adopted on 8 December 1998) ADOPTION OF NEW AND AMENDED PERFORMANCE STANDARDS FOR NAVIGATIONAL EQUIPMENT

Next Generation Alarm Management With DynAMo Alarm and Operations Management

Compact Product Suite Compact HMI 6.0 Overview ABB

USER APPROVAL OF SAFETY INSTRUMENTED SYSTEM DEVICES

Rt 29 Solutions Hydraulic Planning Advisory Panel. September 14, 2017

Figure 1. Typical console operator work loading. Figure 2. Line of communication and collaboration between console operators.

I/A Series A 2 Software FoxAlert Alarm Manager

ONYXWORKS AND FIRSTVISION. Version 4

FAST/TOOLS. Alarm System Performance Analysis (ASPA) Bulletin 50A01A00-02EN

PM-ANALYZE. Overview 1. System Configuration 2. Operation 3. Analysis of Alarms and process values. User Interface 4

Alarm Management Services

DeltaV Operate. Product Data Sheet DeltaV Operate December 2006 Page 1. Introduction. Benefits

2015 Honeywell Users Group Europe, Middle East and Africa

PREPARED FOR: PLATTEVIEW ROAD CORRIDOR STUDY EXECUTIVE SUMMARY

Alarms play a significant role in maintaining plant

excellence in Dependable Automation The Alarm Shelving ebook

Welcome to a world where technology flows through the heart of your business environment. Welcome to CDC

Sustain.Ability. Alarm Management: Be Pro-active, not Re-active Honeywell Users Group Europe, Middle East and Africa. Tyron Vardy, Honeywell

excellence in Dependable Automation ALARM MANAGEMENT

USING A REAL TIME SIMULATOR IN A LARGE AND COMPLEX ROAD TUNNEL FOR TIME AND COST SAVINGS

2017 Residential Wi-Fi Thermostat DR Evaluation

Economic and Effective Alarm Management

Impact of Fire-Sprinkler Trade-offs on Occupant and Building Safety. An AMCA International White Paper r.classen/shutterstock.

SoCalGas Cold Water Default Clothes Washer Process Evaluation

EU Guidelines on Sustainable Urban Mobility Plans

Measurement of Attic Temperatures and Cooling Energy Use in Vented and Sealed Attics in Las Vegas, Nevada


Is your current safety system compliant to today's safety standard?

DESIGN CONCEPTS OF MULTIFUNCTIONAL FURNITURE FOR SITTING AND LYING RELATED TO THE INDUSTRY

Brine Generation Study

Advance Warning Flasher System at High Speed

CombustionONE. Improving and Sustaining the Combustion Asset. Driven by the New Standards. Bulletin 53A90A01-01E-A

La Marche Manufacturing Company Option 46 Series. Digital Combined Accessory Package. Installation and Operation Manual

Modeling water-mist based suppression of 34 GJ car-deck fires using FDS

Transcription:

Human Performance Models for Response to Alarm Notifications in the Process Industries: An Industrial Case Study Dal Vernon C. Reising Joshua L. Downs Danni Bayn ACS Advanced Technology Department of Psychology Center for Cognitive Science Honeywell International, Inc. University of Central Florida University of Minnesota 3360 Technology Dr. 4000 Central Florida Blvd. 75 East River Road Minneapolis, MN, 55418 Orlando, FL 32816 Minneapolis, MN 55455 The 48 th Annual Meeting of the Human Factors and Ergonomics Society New Orleans, LA 20-24 September 2004 ASM

ASM Consortium USER CENTERED DESIGN SERVICES Achieving Excellence in Control Room Operations Innovating and Fielding ASM Solution Concepts 2 HFES2004ModelsforAlarmResponse.ppt 24 Sep 2004

Driving Motivation Behind the Research Alarm Floods have been an issue for the hydrocarbon processing industry since the introduction of the distributed control system in the late 70s and early 80s - In many cases, the alarm system and its flooding performance has actually contributed to or lead to a severe accident (e.g., Texaco Pembroke Refinery explosion & fire) The ASM Consortium has been working on alarm management solutions since the early 90s, such as - Alarm rationalization (Mostia, 2003) - User-initiated notifications (Guerlain & Bullemer, 1996) - Alarm setting reinforcements - Tracking & address worst actors - Best Practice guidelines Alarm flooding and Operator overload is still an Issue 3 HFES2004ModelsforAlarmResponse.ppt 24 Sep 2004

Driving Motivation Behind the Research The Engineering Equipment and Materials Users Association (EEMUA) has published a de facto industry guideline on alarm system performance Two of recommendations of this guideline relates to acceptable alarm rates - For normal operations, less than 1 alarm per 10 minute period - Following upset conditions, less than 10 alarms per 10 minute period These numeric recommendations were not based on fundamental human performance theory - Rather, they were based on the professional experience of those researchers that surveyed the process industries on alarm system performance (see Bransby & Jenkinson, 1998) 4 HFES2004ModelsforAlarmResponse.ppt 24 Sep 2004

Driving Motivation Behind the Research Previous research in the literature tends to focus on - The design and implementation of visual or auditory alarms (O Hara et al, 1994; Stanton, 1994; Special Issue of Ergonomics, 1995) - The rate at which text alarm message can be read (e.g., Hollywell & Marshall, 1994) So the question remains What is the maximum alarm rate at which refining and petrochemical plant operators may still reliably respond to those alarms? - The underlying question from the operating companies in the ASM Consortium was: Are the EEMUA recommendations overly aggressive, or are they justifiable with respect to human performance limits? How fast can an operator respond to an alarm? 5 HFES2004ModelsforAlarmResponse.ppt 24 Sep 2004

Approach to Answering the Question We made two different attempts at answering this question - The first was an analytical Keystroke-Level Modeling (KLM) analysis (Kieras, 2001) - The second was a Markov modeling analysis (Kemeny & Snell, 1976) 6 HFES2004ModelsforAlarmResponse.ppt 24 Sep 2004

KLM Analysis Assumptions on Time Times associated with various GOMS operators (Kieras, 2001) - Mental act, 0.5-1.35 sec (Avg. 1.2) - Eye movement, 0.03 sec - Perceive binary info (e.g., icon) 0.1 sec - Perceive complex info (e.g., 6 letter word) 0.29 sec Assumption Value - Execute one Key Stroke 0.12-1.2 sec (Avg. 0.28) DCS Graphical Display Page Call-up Time - Execute Key Stroke Sequence, n Key Stroke - Mouse Point, Alarm Summary Page Call-upTime 0.8-1.5 sec (Avg. 1.1) - Hand movement, 0.4 sec Process lag in response to control input 2.0 sec 0.25 sec 30 sec Alarm resolution lag Number of key presses per alarm to affect change in system Old event size (number of alarms validated in the alarm summary display, i.e., standing alarms) New event size (number of simultaneous alarms initially NOT validated in the alarm summary display) 60 sec 3 10 alarms 1-30 alarms 7 HFES2004ModelsforAlarmResponse.ppt 24 Sep 2004

KLM Analysis Assumptions on Joint Cognitive System Behavior Assumption The operator using the TDC 3000 is an expert who is trained and capable of error-free recall of required actions for a given alarm. The Alarm Summary display is continuously present on a dedicated screen. Alarms are displayed in chronological order (as opposed to alarm priority). Alarm priority is indicated redundantly through both visual and auditory coding. Alarms are independent, each requiring specific actions to resolve. Prior to alarm coming in, the operator is attentively engaged and monitoring the TDC. Prior to alarm coming in, the operator is NOT looking directly at the Alarm Summary display. The operator responds immediately to an incoming alarm. Qualitative Validity Moderate Strong Moderate Strong Weak Moderate Strong Strong 8 HFES2004ModelsforAlarmResponse.ppt 24 Sep 2004

KLM Analysis Results Model Structure (seconds) GOMS Model Logic Modifier Code Est. Time Super GOAL: Respond to notification of alarm 201.56 GOAL 1.0: Assess notification 44.74 GOAL 1.1.0: Perceive and process alarm 12.83 KLM Model Logic Modifier Code Est. Time Super GOAL: Respond to notification of alarm 201.56 GOAL 1.0: Assess notification 44.74 GOAL 1.1.0: Perceive and process alarm 12.83 GOAL 1.2.0: Validate alarm 19.91 GOAL 1.3.0: Determine cause for alarm 12.00 GOAL 2.0: Determine appropriate action 21.11 GOAL 2.1: Choose control movement 4.80 GOAL 2.2.0: Verify preconditions 15.11 GOAL 3.0: Execute action 12.93 GOAL 3.1: Locate control 2.50 GOAL 3.2: Affect control 9.20 GOAL 4.0: Determine effect of action 122.78 GOAL 4.1.0: Verify change of state to be reviewed) THEN 40.31 GOAL 4.2.0: Establish alarm state 21.27 LOGIC 4.0: IF(alarms remain to be resolved) THEN 0.00 1.00 M 1.20 Iterate GOAL 2.0 0.00 Iterate GOAL 3.0 0.00 Iterate GOAL 4.0 0.00 Total alarm resolution lag (time waiting for alarm state to change) 1.00 AL 60.00 GOAL 1.1.1: Orient to the Alarm Summary Page 2.04 GOAL 1.1.1.1: Silence auditory signal 0.71 GOAL 1.1.2.0: Search for newest, highest priority alarm 9.92 GOAL 1.1.2.1: Visual Search 3.92 LOGIC 1.1.2.1: IF (new alarm NOT on current Alarm Summary Page) THEN 0.00 1.00 M 1.20 Iterate GOAL 1.1.2.1 0.00 GOAL 1.1.2.2: Establish priority of alarm 3.60 LOGIC 1.1.2: IF (more new events discovered) THEN 0.00 1.00 M 1.20 Iterate GOAL 1.1.2.1 0.00 Iterate GOAL 1.1.2.2 0.00 GOAL 1.1.3: Read alarm line 0.87 GOAL 1.2.0: Validate alarm 19.91 GOAL 1.2.1.0: Establish point value 16.31 GOAL 1.2.1.1: Read variable value 15.08 LOGIC 1.2.1.1: IF (point value NOT on current System Page) THEN 0.00 1.00 M 1.20 LOGIC 1.2.1.2: IF (point value needs more detail from current System Page) THEN 0.00 1.00 M 1.20 LOGIC 1.2.1: IF (points remain to be reviewed) THEN 0.00 1.00 M 1.20 Iterate GOAL 1.2.1.0 0.00 GOAL 1.3.0: Determine cause for alarm 12.00 GOAL 1.3.1: Establish criticality of alarm 7.20 LOGIC 1.3.1: IF (alarm value does NOT exceed critical limit) THEN 0.00 1.00 M 1.20 GOAL 1.3.2: Establish cause of alarm (target or process change?) 4.80 LOGIC 1.3.2: IF (alarms remain to be validated) THEN 0.00 1.00 M 1.20 Iterate GOAL 1.0 0.00 GOAL 2.0: Determine appropriate action 21.11 GOAL 2.1: Choose control movement 4.80 GOAL 2.2.0: Verify preconditions 15.11 GOAL 2.2.1.0: Establish point value 13.91 GOAL 2.2.1.1: Read variable value 12.68 LOGIC 2.2.1.1: IF (point value NOT on current System Page) THEN 0.00 1.00 M 1.20 LOGIC 2.2.1.2: IF (point value needs more detail from current System Page) THEN 0.00 1.00 M 1.20 LOGIC 2.2.1: IF (precondition SATISFIED) AND (points remain to be reviewed) THEN 0.00 1.00 M 1.20 Iterate GOAL 2.2.1.0 0.00 LOGIC 2.2.2: IF (ALL necessary points SATISFY precondition) AND (preconditions remain 0.00 1.00 M 1.20 Iterate GOAL 2.2.0 0.00 LOGIC 2.2.3: IF (precondition NOT satisfied) THEN 0.00 1.00 M 1.20 Iterate GOAL 2.1 0.00 GOAL 3.0: Execute action 12.93 GOAL 3.1: Locate control 2.50 LOGIC 3.1: IF (control NOT on current System Page) THEN 0.00 1.00 M 1.20 Iterate GOAL 3.1 0.00 GOAL 3.2: Affect control 9.20 LOGIC 3.2: IF (action NOT complete) THEN 2.00 3.00 M 3.60 Iterate GOAL 3.2 3.40 GOAL 4.0: Determine effect of action 122.78 GOAL 4.1.0: Verify change of state 40.31 GOAL 4.1.1.0: Establish point value 39.11 GOAL 4.1.1.1: Read variable value 5.48 LOGIC 4.1.1.1: IF (point value NOT on current System Page) THEN 0.00 1.00 M 1.20 LOGIC 4.1.1.2: IF (point value needs more detail from current System Page) THEN 0.00 1.00 M 1.20 GOAL 4.2.0: Establish alarm state 21.27 GOAL 4.2.1: Visual Search for target alarm(s) 2.72 LOGIC 4.2.1: IF (target alarm NOT on current Alarm Summary Page) THEN 0.00 1.00 M 1.20 Iterate GOAL 4.2.1 0.00 GOAL 4.2.2.0: Identify alarm state 16.12 LOGIC 4.2.2: IF (alarm state has changed) THEN 1.00 2.00 M 2.40 GOAL 4.2.2.1.0: Verify new state is within operating limits (target or 12.42 process within limits?) GOAL 4.2.2.1.1: Read variable value 5.19 LOGIC 4.2.2.1.1.1: IF (point value NOT on current System Page) THEN 0.00 1.00 M 1.20 LOGIC 4.2.2.1.1.2: IF (point value needs more detail from current 0.00 1.00 M 1.20 System Page) THEN LOGIC 4.2.2.1: IF (points remain to be viewed) THEN 0.00 1.00 M 1.20 Iterate GOAL 4.2.2.1.0 0.00 LOGIC 4.2.0: IF (more alarms affected by action remain to be found) THEN 0.00 1.00 M 1.20 Iterate GOAL 4.2.0 0.00 LOGIC 4.0: IF(alarms remain to be resolved) THEN 0.00 1.00 M 1.20 Iterate GOAL 2.0 0.00 Iterate GOAL 3.0 0.00 Iterate GOAL 4.0 0.00 Total alarm resolution lag (time waiting for alarm state to change) 1.00 AL 60.00 9 HFES2004ModelsforAlarmResponse.ppt 24 Sep 2004

KLM Analysis Results Time Estimates Time to Resolve ALL Alarms (minutes) Predicted Time (minutes) to Respond as a function of Alarm Burst Size 180 160 140 120 100 80 60 40 20 0 1 3 5 7 9 11 13 15 17 19 21 23 25 27 29 Number of New, Simultaneous Alarms (seconds) GOMS Model Logic Modifier Code Est. Time Super GOAL: Respond to notification of alarm 201.56 GOAL 1.0: Assess notification 44.74 GOAL 1.1.0: Perceive and process alarm 12.83 GOAL 1.1.1: Orient to the Alarm Summary Page 2.04 GOAL 1.1.1.1: Silence auditory signal 0.71 GOAL 1.1.2.0: Search for newest, highest priority alarm 9.92 GOAL 1.1.2.1: Visual Search 3.92 LOGIC 1.1.2.1: IF (new alarm NOT on current Alarm Summary Page) THEN 0.00 1.00 M 1.20 Iterate GOAL 1.1.2.1 0.00 GOAL 1.1.2.2: Establish priority of alarm 3.60 LOGIC 1.1.2: IF (more new events discovered) THEN 0.00 1.00 M 1.20 Iterate GOAL 1.1.2.1 0.00 Iterate GOAL 1.1.2.2 0.00 GOAL 1.1.3: Read alarm line 0.87 GOAL 1.2.0: Validate alarm 19.91 GOAL 1.2.1.0: Establish point value 16.31 GOAL 1.2.1.1: Read variable value 15.08 LOGIC 1.2.1.1: IF (point value NOT on current System Page) THEN 0.00 1.00 M 1.20 LOGIC 1.2.1.2: IF (point value needs more detail from current System Page) THEN 0.00 1.00 M 1.20 LOGIC 1.2.1: IF (points remain to be reviewed) THEN 0.00 1.00 M 1.20 Iterate GOAL 1.2.1.0 0.00 GOAL 1.3.0: Determine cause for alarm 12.00 GOAL 1.3.1: Establish criticality of alarm 7.20 LOGIC 1.3.1: IF (alarm value does NOT exceed critical limit) THEN 0.00 1.00 M 1.20 GOAL 1.3.2: Establish cause of alarm (target or process change?) 4.80 LOGIC 1.3.2: IF (alarms remain to be validated) THEN 0.00 1.00 M 1.20 Iterate GOAL 1.0 0.00 GOAL 2.0: Determine appropriate action 21.11 GOAL 2.1: Choose control movement 4.80 GOAL 2.2.0: Verify preconditions 15.11 GOAL 2.2.1.0: Establish point value Total T 13.91 GOAL 2.2.1.1: Read variable value 12.68 LOGIC 2.2.1.1: IF (point value NOT on current System Page) THEN 0.00 1.00 M 1.20 LOGIC 2.2.1.2: IF (point value needs more detail from current System Page) THEN 0.00 1.00 M 1.20 LOGIC 2.2.1: IF (precondition SATISFIED) AND (points remain Goal to be reviewed) 1THEN 0.00 1.00 M 1.20 Iterate GOAL 2.2.1.0 0.00 LOGIC 2.2.2: IF (ALL necessary points SATISFY precondition) AND (preconditions remain 0.00 1.00 M 1.20 to be reviewed) THEN Goal 2 Iterate GOAL 2.2.0 0.00 LOGIC 2.2.3: IF (precondition NOT satisfied) THEN 0.00 1.00 M 1.20 Iterate GOAL 2.1 0.00 GOAL 3.0: Execute action Goal 3 12.93 GOAL 3.1: Locate control 2.50 LOGIC 3.1: IF (control NOT on current System Page) THEN 0.00 1.00 M 1.20 Iterate GOAL 3.1 Goal 4 0.00 GOAL 3.2: Affect control 9.20 LOGIC 3.2: IF (action NOT complete) THEN 2.00 3.00 M 3.60 Iterate GOAL 3.2 3.40 GOAL 4.0: Determine effect of action 122.78 GOAL 4.1.0: Verify change of state 40.31 GOAL 4.1.1.0: Establish point value 39.11 GOAL 4.1.1.1: Read variable value 5.48 LOGIC 4.1.1.1: IF (point value NOT on current System Page) THEN 0.00 1.00 M 1.20 LOGIC 4.1.1.2: IF (point value needs more detail from current System Page) THEN 0.00 1.00 M 1.20 GOAL 4.2.0: Establish alarm state 21.27 GOAL 4.2.1: Visual Search for target alarm(s) 2.72 LOGIC 4.2.1: IF (target alarm NOT on current Alarm Summary Page) THEN 0.00 1.00 M 1.20 Iterate GOAL 4.2.1 0.00 GOAL 4.2.2.0: Identify alarm state 16.12 LOGIC 4.2.2: IF (alarm state has changed) THEN 1.00 2.00 M 2.40 GOAL 4.2.2.1.0: Verify new state is within operating limits (target or 12.42 process within limits?) GOAL 4.2.2.1.1: Read variable value 5.19 LOGIC 4.2.2.1.1.1: IF (point value NOT on current System Page) THEN 0.00 1.00 M 1.20 LOGIC 4.2.2.1.1.2: IF (point value needs more detail from current 0.00 1.00 M 1.20 System Page) THEN LOGIC 4.2.2.1: IF (points remain to be viewed) THEN 0.00 1.00 M 1.20 Iterate GOAL 4.2.2.1.0 0.00 LOGIC 4.2.0: IF (more alarms affected by action remain to be found) THEN 0.00 1.00 M 1.20 Iterate GOAL 4.2.0 0.00 LOGIC 4.0: IF(alarms remain to be resolved) THEN 0.00 1.00 M 1.20 Iterate GOAL 2.0 0.00 Iterate GOAL 3.0 0.00 Iterate GOAL 4.0 0.00 Total alarm resolution lag (time waiting for alarm state to change) 1.00 AL 60.00 10 alarms per 10 minutes does not appear reasonable (with the current assumptions) 10 HFES2004ModelsforAlarmResponse.ppt 24 Sep 2004

KLM Analysis Assumptions on Joint Cognitive System Behavior Assumption The operator using the TDC 3000 is an expert who is trained and capable of error-free recall of required actions for a given alarm. The Alarm Summary display is continuously present on a dedicated screen. Alarms are displayed in chronological order (as opposed to alarm priority). Alarm priority is indicated redundantly through both visual and auditory coding. Alarms are independent, each requiring specific actions to resolve. Prior to alarm coming in, the operator is attentively engaged and monitoring the TDC. Prior to alarm coming in, the operator is NOT looking directly at the Alarm Summary display. The operator responds immediately to an incoming alarm. Qualitative Validity Moderate Strong Moderate Strong Weak Moderate Strong Strong 11 HFES2004ModelsforAlarmResponse.ppt 24 Sep 2004

Markov Modeling Analysis Characterizing Observed Operator Response Conducted observational study at an ASM operating company member site Video-recorded operators during simulator training - Three different process units were included - In total, five (5) operators participated in the observations/ video recording Avg. time in current position: 1.6 years Avg. industry experience: 12.3 years - Each operator participated in ~5 scenarios similar across units, but not identical totaling ~1 hour per operator Prototypical scenarios: tripped reflux pump, failed valve open (or close), turbo expander trip, pump interlock trip, condensate fan & pump trips with interlocks (one scenario) Asked console operator to behave as s/he would at the console Concluded scenario when Trainer and Operator agreed that process was under control e.g., stabilized and ready to initiate a recovery procedure or re-setting equipment changes done to stabilize 12 HFES2004ModelsforAlarmResponse.ppt 24 Sep 2004

Markov Modeling Analysis Encoding videotaped Behavior Activity Code for Process Trace AL: Alarm comes in SA: Silences horn LA: Looks at alarm summary page LD: Looks at process display ND: Navigates to new process display BM: Makes a board move RQ: Makes a request to the field FO: Field operator communication FU: Console follow up communication AC: Acknowledge Field Action BA: Banter PC: Participant comment (to self) CA: Clear alarm summary page ES: End of Scenario Scenario [ ] Time Start Time End Event 1 1.01 TS No. of new alarms 1 1.15 AL 1 1 1.17 SH 1 1.22 ND 1 1.26 ND 1 1.27 LD Comments 1 1.33 1.36 RQ 1 P: K, I need you to go check the 321 pump please 1 1.36 SA 1 1.4 ND 1 1.44 AL 1 1 1.59 FO 1 2.00 2.02 RQ 2 P: Both pumps are down? Well could you start one up please [ ] 13 HFES2004ModelsforAlarmResponse.ppt 24 Sep 2004

Markov Modeling Analysis Averaged Transition Probabilities and Dwell Times Calculated state transitions probabilities for each scenario Calculated probabilistic time averages (based on average dwell times of each state and the probability of being in that state) for each scenario Operator 1 Operator 3 Operator 3 Operator 4 Operator 5 Scenario 1 Scenario 2 Scenario 3 Scenario 4 Scenario 5 Prototypical Time Est. Prototypical Time Est. Prototypical Time Est. Prototypical Time Est. Prototypical Time Est. 49.1 sec per Alarm 14 HFES2004ModelsforAlarmResponse.ppt 24 Sep 2004

Markov Modeling Analysis Time Estimate Given 49.1 seconds, which is approximately 80% of a minute And given Parks & Boucek (1988), whose work suggests not overloading an operator more than 80% of the time It would appear that EEMUA s recommendation of less than 10 alarms per 10 minute period following an upset condition are legitimate - At the very least, it could be considered the upper limit on human performance with today s alarm system technology - And today s process industry should be striving to achieve those recommendations 15 HFES2004ModelsforAlarmResponse.ppt 24 Sep 2004

Qualifications/Improvement Opportunities to the Markov Modeling The trainer approximated the communications between field and console - Anecdotal sharing suggests that the times were shorter in the simulator training than they would be in practice. Establish the duration (e.g., 10 minutes, 10 hours, 10 days) that an operator could maintain the pace of one alarm every 49 seconds 10 alarms per 10 minute is very likely the ceiling on operator response performance 16 HFES2004ModelsforAlarmResponse.ppt 24 Sep 2004

Qualifications/Improvement Opportunities to the KLM Add and elaborate on interaction with Field Operators to improve sub-tasks and subsequent time estimates Address the assumption that operators immediately engage in knowledge-based behavior (Rasmussen, 1986) Account for operator expectation of sets of alarms (cf., Kragt & Bonten, 1983). Account for parallel activity, as observed in the observations for the Markov Modeling efforts 17 HFES2004ModelsforAlarmResponse.ppt 24 Sep 2004

Practical Implications Use of sophisticated alarm management techniques could be applied to aid the operator in assessing the notification (i.e., Goal 1 of the KLM model) - e.g., alarm filtering or modal alarming (O Hara et al, 1994) Perhaps most significantly, to achieve peak alarm rate targets, there is a need to - (1) consider upset conditions as part of the alarm rationalization processes asking how a given point will contribute to either the understanding of the upset or to the alarm flood that might be associated with the event, and - (2) analyze alarm system performance as part of incident investigations when incidents or accidents do occur to determine if alarm configuration improvements are needed 18 HFES2004ModelsforAlarmResponse.ppt 24 Sep 2004

Future Research Improve the validity of the KLM and its predictive worth - Relate the observed behavioral sequences coded for the Markov Analysis back to the analytical KLM elements We are currently investigating to what extent sequential analysis techniques (Bakeman & Gottman, 1997) can be applied to relating the observed behavior sequences to those in the KLM Other future work related to human response to alarm notifications includes: - Establish a duration for which a peak alarm rate of 10 alarms per 10 minute period remains acceptable - Conducting a more comprehensive observational study, across both the refining and petrochemicals industries, involving multiple companies, etc. To offset potential idiosyncrasies that might arise due to an individual site s training program, user interface design approach, alarm system sophistication, and so on. 19 HFES2004ModelsforAlarmResponse.ppt 24 Sep 2004

www.asmconsortium.org www.honeywell.com

2024 © homedocbox.com Privacy Policy | Terms of Service | Feedback