HMI Lifecycle Bridget Fitzpatrick Ian Nimmo
Transcription
HMI Lifecycle Bridget Fitzpatrick Ian Nimmo
HMI Lifecycle Bridget Fitzpatrick Ian Nimmo HMI Philosophy • The philosophy is a comprehensive document that provides best practice guidance for the establishment and maintenance of the HMI. The Philosophy document should provide a road map that documents the design basis, such that new users can grasp the underlying principles and technical rationales, allowing the HMI to be maintained successfully over time. • The HMI Philosophy document provides an overview of the design basis for the HMI and provides insight into the rationale behind the design decisions. It does not go into implementation specifics, which are covered in the HMI Style Guide. HMI Philosophy • General Principles – The Philosophy should describe the design principles that support: – alignment with the human psychological capabilities, including mental capacity and sensory limits, models for human interaction, and the effect of stress and sensory overload, – alignment with physiological limits, such as color blindness, limited peripheral perception, and the effect of the overall control console design, – provides interaction devices that are sensitive to human errors and deficiencies. HMI Philosophy • Scope - The HMI Philosophy specifies the scope of the varied parts of the HMI and the HMI as a whole. Specific design decisions allow the HMI to be an effective tool for the safe and efficient control of the process, in all possible modes of operation, both normal and abnormal. HMI Philosophy • Purpose – The Philosophy document spells out the specific design purpose for the HMI. This purpose includes the operating graphics, as well as graphics to support maintenance, testing, training and engineering support, as long as they reside within the control system. This technical report does not cover the entire scope of support of, for example, operator training simulators. • The purpose should spell out HMI support for: – operations at optimal conditions managing multiple constraints, – early detection, diagnosis, and proper response to abnormal situations, – operation during upset and shutdown conditions, – instrument maintenance activities, – shutdown system testing, – operator training, – engineering troubleshooting. HMI Philosophy • Design Work Processes - The Philosophy should spell out the HMI work processes, detailing the personnel involved, review requirements and the general work flow for: design, implementation, training, testing, commissioning and maintenance processes. – Should we discuss: • • • • User Security Model Designing for Redundancy Backups and Recovery Varied Methods of HMI Development – From existing graphics, from P&ID, from sketches? – Continuously iterative, Set # of Formal Reviews, etc. HMI Philosophy • Framework: Research in the area of effective operator graphics is underway and will continue in the future, the documentation must be established in a manner that allows for continual improvement. – Are we covering: – Tablet PCs and things like handhelds (example Intellatrac)? – Wearable computers? – Advanced advice and state detection systems? General Principles • • • • • • • • • • • Simplicity in the design of graphics is important. Visual clutter and unneeded data are avoided for clarity. Displays should be consistent in their presentation methods for similar information. Displays should be designed to support user situational awareness. The prominence of the appearance of a screen object is associated with its importance, creating a salience hierarchy in the design and presentation decisions. Displays should be designed with timeliness and feedback taken into careful consideration. Feedback on completion of action and/or of failure to complete action should be provided. User interaction techniques should be clear and consistent. Error tolerance in user interaction for critical devices should be included, with simple notification of error and effective methods for recovery. Status of field instrumentation and communication status should be shown clearly and consistently. Display content should support all types of tasks and activities required of the operator. Symbols and process arrangement are depicted in a simple, meaningful, unambiguous, and consistent manner. Navigation and layout schemes should be consistent and varied, to support an intuitive fast navigation scheme. Style Guide • The HMI Style Guide takes the Philosophy one step closer to implementation, detailing the specifics of the presentation and methods of interacting with the objects on the displays, as well as an overall view of the operating console itself. • The presentation specifics should include the use of: – – – – – static elements (for process representation), static text, lines and limitations on animation of lines, sound (both for alarms and any other use), dynamic symbols (for equipment status representation), – dynamic process values, – navigation schemes embedded in the displays, – menu and tool bars. Style Guide • For all of the major objects, the HMI Style guide will contain a description of the objects behavior, presentation specifics (size, color, etc.) and illustrations of each of the possible states. • The overall console section should include: – support for trending, – interaction with third-party applications, – navigation schemes not embedded in the displays (including context shortcut menus), – windows management, – input methods (keyboard, mouse, etc.). Issues • Split of information across the Philosophy and Style Guide tends to vary by user. HMI Toolkit • As the name implies, the HMI Toolkit is the collection of all of the design elements for the displays (all of the static and dynamic objects) and the related operating console. The design specifics are contained in the HMI Style Guide. The toolkit is a separate element, since one set will exists for each control or SCADA system in use. Issues for Toolkit • Inclusion in the life cycle since it exists, but also to provide some guidance on how to manage toolkits across multiple releases, etc. • Advice on level of testing required? • One at each major release • One for each operating area • To allow for different patch levels • To limit scope of loss if an error is made – What else? User Requirements • All aspects of the HMI is intended for a specific set of purposes (primary and secondary) and a set of users (again primary and secondary). The User Requirements activity develops and documents the specific needs of the users. This is an input to the design stage. • Do we want to get into methods for developing User Requirements? Task Analysis and Functional Requirements • Once the basic user requirements are defined, the actual tasks to be performed by the users are captured, reviewed and potentially optimized. The terminology in use by the user and the user model of the process is also documented in this process. The need for online or offline user support should also be evaluated. The functional HMI support needs are captured in this process. • Different techniques are available to do this analysis. Perhaps the most thorough routinely used technique is Hierarchical Task Analysis. Timeline analysis is a charting technique that records events versus time. Link Analysis demonstrates the frequency of linkage between tasks. It is useful for streamlining tasks and can also be used to identify how often a user has to navigate from one display to another. • Other more advanced techniques such Abstraction Hierarchical Analysis, Cognitive Work Analysis and Ecological Analysis exist but may require Human Factor expertise to complete them. • Do we want Appendices that cover these methods? Navigation • Navigation design is one of the most critical aspects of HMI design, since an effective and intuitive navigation scheme can directly impact the speed of operator intervention. • The key design basics for navigation are consistency and intuitiveness. • The navigation scheme includes navigation from: – Alarm summary to point detail or display, – Display to faceplate or interaction zone, point detail, trending, alarm history, change history, and other third party devices, – Display to Display, – Display to Detailed Display and vice versa, – Display to Overview and vice versa. Navigation • There are other navigation methods to consider, including: – – – – Keyboard buttons, Menu buttons, Toolbar buttons, Context shortcut menus. • Integration of Third Party Interfaces to the HMI also includes navigation methods. Common third party interfaces include: – – – – – – Advanced Process Control systems, Historians, Trend packages, Process models, Other OPC packages (e.g. tank farm levels), Alarm rationalization information, etc. Navigation Issues • Do we want to talk about best practices in Implementation? – Symbology – Use of Microsoft/Web Standards – Scripting Error Messages – Use of different technologies to avoid loss of navigation or limit its scope – Concept of providing a manual method on loss of navigation Design • The HMI should be conceptually designed with the known information and then reviewed by a cross-functional team which includes the primary and secondary users (generally operations and support staff). This is an iterative process known as prototype development. It is relatively common to perform a first “layout” review where the basic content is shown, followed by a final review with all information and interaction devices completed. • An effective HMI is achieved by refining the user requirements and task and functional specifications in an iterative process, ensuring that the final HMI supports the user models and needs. The review cycle (L) is shown as a parallel process to design, implement and test to emphasize the ongoing nature of this part of the HMI lifecycle. • Often a specific validation and documentation plan will be required for this stage of the lifecycle. Implementation • Implementation is the construction of the HMI in the actual control system interface. The HMI is built and tested by the developer offline. Often a specific validation and documentation plan will be required for this stage of the lifecycle. Test • Formal testing, is also commonly done offline or in a simulated environment. This is the formal testing against user needs and task/functional requirements. Ideally, this is performed with real operators performing relevant tasks with the system they will be operating, thereby affording observation of issues with the interface of which even the operators might not be aware. If available, simulated upsets and other abnormal conditions can test the effectiveness of the HMI under all modes of operation. • Any implementation issues that result in redesign are most effectively handled at this point in the process and therefore minimize the cost and effort related to re-work on graphics that have already been commissioned. • Often a specific validation and documentation plan will be required for this stage of the lifecycle. • Advice on failure modes to test? Commission • Commissioning is basically a final testing with the process devices connected. The level of online testing will likely vary with the level of customization and the relative acceptance level of the toolkit objects. Often a specific validation and documentation plan will be required for this stage of the lifecycle. Train • Training is often completed in parallel to commissioning, where all operators are trained prior to using the new HMI, but not all operators are trained prior to the start of commissioning. The relative detail and documentation of the training step will vary with the complexity of the HMI and the base requirements of the process. Often a specific validation and documentation plan will be required for this stage of the lifecycle. Maintain • Once the HMI is in service, any changes to the HMI must be handled in a controlled manner. The process must not be cumbersome, in order to not hamper continuous improvement. • Often a specific validation, documentation and management of change plan will be required for this stage of the lifecycle. Validation, Documentation, Management of Change • Validation, Documentation, and Management of Change are an activities that may be mandated to be performed in a particular manner, depending on the application. It is a continuous effort during the life cycle of an HMI.