Alarm system

Transcription

Alarm system
Part VIII
Alarm system
205
Chapter 33
Introduction
An alarm system will be an integrated part of any monitoring or controller system. Very often will the
alarm system be integrated with several of the monitoring and controller system present, it is desire to
have only one alarm system. Any alarm system should be based on the YA-7111 speci…cation for alarm
system design (YA711 2001).
The alarm system will monitoring the states of the system (process) and give warning or alarms at an
abnormal or irregular condition or situation in the system. The operator has to deal with this warning or
alarm. All alarms will be generated by the computer systems, often the monitoring system, the alarms
will not be generated by the process. The alarms will be generated based on signals or events from the
process or the computer system itself. The alarm system will be a module in the SCADA system as
shown in Figure 33.1. The main function of an alarm system is to inform the operator abount a situation
that is not normal.
In addition to process alarm system other alarm systems exist as well like …re alarm system, intruder
alarm system, and car alarm system to meantion some.
1 YA-710
is the Norwegian speci…cation and YA-711 is the English speci…cation.
206
CHAPTER 33. INTRODUCTION
207
Figure 33.1: The alarm system will often be a part of the SCADA system. The alarms will only be
generated based on signals and events from the plan, and internal events from the SCADA system.
Chapter 34
Alarm systems
An alarm system is a system that will monitors the process and give a warning or indication when an
abnormal or speci…c condition is met.
34.1
Stand-alone system
A stand-alone alarm system consists of the input devices, the alarm system, and the output devices for
giving the warnings and alarms. An example can be an intruder alarm for a building and such a system
is shown in Figure 34.1.
A stand-alone system contains the sensors, the computer, and the actuator as a complete system.
34.2
Integrated
An integrated alarm system consists of a complete monitoring and control system where the alarm system
is an integrated part of this monitoring and control system. This is shown in Figure 34.2.
34.3
Distributed
A distributed alarm system consists of several monitoring and control systems where the alarm system
is integrated to all of these monitoring and control systems. This is shown in Figure 34.3.
Figure 34.1: A stand-alone alarm system with the necessary I/O devices conneded directly to the system.
208
CHAPTER 34. ALARM SYSTEMS
Figure 34.2: The alarm system is an integrated part of the monitoring and controller system.
Figure 34.3: Several monitoring and/or controller system is sharing a common alarm system.
209
Chapter 35
Speci…cations
An alarm system contains a set of speci…cations de…ning the alarm types, alarm priority, alarm colors to
meantion some. The speci…cation will often be part of a company alarm management or alarm philosophy
system, a document describing the alarm handling and procedures.
35.1
Alarm Types
Alarms are always generated by the monitoring (or SCADA) system based on signals and events. The
most used alarm types are (YA711 2001):
1. Basic alarms; generated by detecting deviations on single process measurement, either analog or
digital, or single pieces of equipment,
2. Aggregated alarms; generated by combining the state of a number of basic alarms. This combination should describe the state of the process system or equipement/sub-system more precisely
than a single alarm,
3. Model based alarms; generated based on online simulations by mathematical models of the process
or part of the process,
4. Key alarms; selection of important alarms presented in a way that makes them available and usable
even during alarm overloads. All important safety-related alarms must be de…ned as key alarms,
other alarms could also be included if appropriate.
35.2
Priority
An alarm system will be responsible for any alarms, warnings and informations in a monitoring and
control system. An alarm system should be able to prioritize between alarms, warnings and information,
but also prioritize between di¤erent types of alarms. A system contains di¤erent alarms like:
1. Critical level alarms like High High (HH) or Low Low (LL) alarms. These alarms can generated
from analog or binary signals,
2. “Normal” alarm condition like High or Low alarms. These alarms can generated from analog or
binary signals,
3. Di¤erence or change alarms, analog signals changing too much or too fast/slow. These alarms can
be either a critical alarm or a normal alarm condition.
4. I/O device error,
5. System device error.
A system contains di¤erent warnings like:
1. Timeout; no input from a sensor or another computer system within a speci…c amount of time.
Warnings for a short amount of time and an alarm if a large amount of time.
210
CHAPTER 35. SPECIFICATIONS
211
Figure 35.1: The main functions of an alarm system (YA711 2001).
2. Out of range; the measrued signal is outside a valid range for the process but still inside the range
of the sensor device. This should be an alarm if outside the range of the sensor, for example 20:5
mA for a 4 20 mA sensor.
35.3
Alarm colors
The alarm color should be red, and the red color should be used only for alarm indication. Yellow and
blue (or purple) can also be used for subfunctions in an alarm system like warnings etc. Lamps can
have di¤erent colors as well in cooperation with a horn. The alarm management system or the alarm
philosophy will de…ne the colors to be used in addition to the red color.
When designing an alarm system take into consideration that the operator can be color blind, meaning
that they can mix the information with green and red color.
Blinking should be avoided as it is annoying and it is possible to see an empty display if looking when
the text is o¤.
35.4
Response Time
The responstime of an alarm system should be maximum two seconds, preferably a maximum time of
one second. The operator will often redo the operation if there is no response within a second.
35.5
Alarm System Functions
The main functions of an alarm system is shown in Figure 35.1. The alarms are generated inside the
SCADA system due to a set of system limits, process behaviour and/or process status.
The main functions of an alarm system as shown in Figure 35.1 are:
1. Signal …ltering; processing of the raw input signals to the alarm system in order to remove signal
noise and other information that is unimportant for the purpose of an alarm system, such as small,
rapid oscillations.
2. Alarm generation; comparing the input signal with signal limits and checking the process and
system states.
3. Alarm …ltering; preventing an alarm signal so that it is not available for the operator in any part
of the system. Disable an alarm.
CHAPTER 35. SPECIFICATIONS
212
Figure 35.2: A value is making an alarm condition at time t1 , the alarm is acknowledged at time t2 , and
the alarm condition is passive at time t3 . The alarm is created in the alarm system at time t1 and is
removed from the alarm system at time t3 .
4. Alarm suppression; preventing an alarm from being presented in main alarm displays, e.g. overview
displays, but the alarm is still available in the system at a more detailed level. A set of rules or
logic de…nes which alarms to present in which displays. One reason can be if part of the system
is out of order waiting for repair or new parts, or if part of the system is not important for daily
usage.
5. Alarm shelving is a facility for manually removing an alarm from the main list and placing it
on a shelve list, temporarily preventing the alarm from re-occurring on the main list until it is
removed form the shelf. Shelving will normally be controlled by the operator, and is intended as a
"last resort" for handling irrelevant nuisance alarms that have not been caught by signal …ltering
or alarm suppression mechanisms. One reason can be for maintenance of part of the system, for
testing, or part of the system is currently not i use.
The di¤erence between the Alarm suppression and Alarm shelving is that the operator can control
alarm shelving and system designers or the suprevisor can control the alarm suppresion.
35.6
Alarm States
Warnings are not critical states and will just be on and o¤ states. An alarm is treated as a critical state
and must be acknowledged by an operator. It is the responsibility of the operator to do the right actions
for this type of alarm. An alarm will then have 3 di¤erent states like:
1. Passive alarms; no alarm, the condition is within the normal operating range. This condition will
not be present i an alarm system.
2. Active alarms; the condition has crossed an alarm boundary and the operator is noticed by some
sort of output device. The alarm will be present unntil the alarm is acknowledged by an operator.
This state of the condition will be present in the alarm system, often together with some blinking
indicators and/or horns,
3. Aknowledge alarms; an active alarm that is aknowledged by an operator. The aknowledged alarm
will be passiv when the condition is within the normal operating range. This state of the condition
will be present in the alarm system, often together with some sort of steady indicators. The alarm
condition will be removed from the alarm system when returning to the normal operating range or
when the alarm is turned o¤.
Di¤erent combinations of these alarm states are shown in the Figures 35.2 and 35.3.
Figure 35.2 shows a situation where the value is entering an alarm state at time t1 , the user is
acknowledging the alarm at time t2 , and the value is no longer in alarm state at time t3 . Figure
CHAPTER 35. SPECIFICATIONS
213
Figure 35.3: A value is making an alarm condition at time t1 , but the alarm condition is passive before
the alarm is acknowledged at time t2 . The alarm is created in the alarm system at time t1 , but is not
removed from the alarm system unntil the alarm is acknowledged at time t2 . The acknowledged time t2
is equal to the removal time t3 .
35.3 shows a situation where the value is entering an alarm state at time t1 , the user is delaying the
acknowledging of the alarm so the value is no longer in alarm state before the alarm is acknowleded.
The alarm condition is still an active alarm unntil the alarm state is acknowledged by the user.
Chapter 36
Con…guration
An alarm needs an active band with di¤erent on and o¤ limits otherwise wil the system generate a lot
of on and o¤ events. This wll be part of the alarm generation section.
Deadband; A Deadband (sometimes called a neutral zone) is an area of a signal range or band where
no action occurs (the system is dead). Deadband is used in voltage regulators and other controllers. The
purpose is common, to prevent oscillation or repeated activation-deactivation cycles (called ’hunting’in
proportional control systems). Deadband is di¤erent from hysteresis. With hysteresis there is no dead
zone, the output is always in one direction or another.
Hysteresis; Use di¤erent values to turn the alarm on and o¤. The reason is to use di¤erent limits for
turning the alarm on and o¤, otherwise can if the process value is stable at the alarm limit trigger the
alarm on and o¤ at the same. Hysteresis will see to that the alarm will be triggered at di¤erent values
for on and o¤ state of the alarm. See Figure 36.1 for how the alarm can be turned on at the unloading
graph and turned o¤ at the loading graph.
Alarm limits; The alarm limits will be the value for activating the alarm. A high alarm will be
activating when the process value is equal or higher, a low alarm will be activated when the process
value is equal or lower. Typical alarm limits:
1. High; activated when equal or higher,
2. High High; security alarm, activated when equal or higher,
3. Low; activated when equal or lower,
4. Low Low; security alarm, activated when equal or lower,
5. Di¤erence; activated when the di¤erence between two process values is equal or larger than this
limit, or one process limit is larger than this limit.
It must be able to con…gure the alarm limits and the alarm enable/disable for all alarmtypes in a
speci…c system, but this should be an adminstration option.
Fail/Safe; Fail-safe or fail-secure describes a device or feature which, in the event of failure, responds
in a way that will cause no harm or at least a minimum of harm to other devices or danger to personnel.
Fail-safe devices are distinguished from fail-secure devices in that failure disables any security features.
Thus, a fail-safe lock will unlock during a failure whereas a fail-secure lock will remain locked during a
failure, but cannot be unlocked.
36.1
Alarm devices
The I/O devices used for alarm handling:
1. Screen; display the alarms,
2. Keyboard; alarm operations,
3. Horn; indicate an active alarm, or security alarm,
214
CHAPTER 36. CONFIGURATION
215
Figure 36.1: Hysteresis, using di¤erent di¤erent values for turning the alarm in on and o¤ states
(www.wikipedia.org 2006).
Figure 36.2: A small selection of lamps and horn for alarm indications (www.tormatic.no: nov-08).
4. Lamp; indicate an active alarm, or an active alarm by blinking and an acknowledge alarm by a
steady light. Di¤erent lamp colors can be used in cooperation with horn to indicate di¤erent type
of alarms. Di¤erent type of alarm lamps are shon in Figure 36.2.
5. Printer; logging of the alarm states.
36.2
Alarm list
Reports and/or list of the current alarms in the system indicating the:
1. alarm id,
2. tag,
3. text description,
4. type of alarm,
5. alarm limit,
CHAPTER 36. CONFIGURATION
Figure 36.3: A printed alarm report with information about each alarm in a system.
6. priority,
7. activation time,
8. acknowledge time, if any.
An example of an alarm report is shown in Figure 36.3 indicating these properties.
36.3
Alarm logging
Often an alarm system will have some requirements for logging. The condition for logging can be:
1. The change of an alarm condition (Active/Acknowledge/Passive),
2. The change of the alarm limits for the process condition,
3. The change of the alarm activation (on/o¤),
4. The change of the alarm con…guration,
5. Who changed the alarm setting(s),
6. Time of change.
216