Alarm system
Transcription
Alarm system
Part VIII Alarm system 205 Chapter 33 Introduction An alarm system will be an integrated part of any monitoring or controller system. Very often will the alarm system be integrated with several of the monitoring and controller system present, it is desire to have only one alarm system. Any alarm system should be based on the YA-7111 speci…cation for alarm system design (YA711 2001). The alarm system will monitoring the states of the system (process) and give warning or alarms at an abnormal or irregular condition or situation in the system. The operator has to deal with this warning or alarm. All alarms will be generated by the computer systems, often the monitoring system, the alarms will not be generated by the process. The alarms will be generated based on signals or events from the process or the computer system itself. The alarm system will be a module in the SCADA system as shown in Figure 33.1. The main function of an alarm system is to inform the operator abount a situation that is not normal. In addition to process alarm system other alarm systems exist as well like …re alarm system, intruder alarm system, and car alarm system to meantion some. 1 YA-710 is the Norwegian speci…cation and YA-711 is the English speci…cation. 206 CHAPTER 33. INTRODUCTION 207 Figure 33.1: The alarm system will often be a part of the SCADA system. The alarms will only be generated based on signals and events from the plan, and internal events from the SCADA system. Chapter 34 Alarm systems An alarm system is a system that will monitors the process and give a warning or indication when an abnormal or speci…c condition is met. 34.1 Stand-alone system A stand-alone alarm system consists of the input devices, the alarm system, and the output devices for giving the warnings and alarms. An example can be an intruder alarm for a building and such a system is shown in Figure 34.1. A stand-alone system contains the sensors, the computer, and the actuator as a complete system. 34.2 Integrated An integrated alarm system consists of a complete monitoring and control system where the alarm system is an integrated part of this monitoring and control system. This is shown in Figure 34.2. 34.3 Distributed A distributed alarm system consists of several monitoring and control systems where the alarm system is integrated to all of these monitoring and control systems. This is shown in Figure 34.3. Figure 34.1: A stand-alone alarm system with the necessary I/O devices conneded directly to the system. 208 CHAPTER 34. ALARM SYSTEMS Figure 34.2: The alarm system is an integrated part of the monitoring and controller system. Figure 34.3: Several monitoring and/or controller system is sharing a common alarm system. 209 Chapter 35 Speci…cations An alarm system contains a set of speci…cations de…ning the alarm types, alarm priority, alarm colors to meantion some. The speci…cation will often be part of a company alarm management or alarm philosophy system, a document describing the alarm handling and procedures. 35.1 Alarm Types Alarms are always generated by the monitoring (or SCADA) system based on signals and events. The most used alarm types are (YA711 2001): 1. Basic alarms; generated by detecting deviations on single process measurement, either analog or digital, or single pieces of equipment, 2. Aggregated alarms; generated by combining the state of a number of basic alarms. This combination should describe the state of the process system or equipement/sub-system more precisely than a single alarm, 3. Model based alarms; generated based on online simulations by mathematical models of the process or part of the process, 4. Key alarms; selection of important alarms presented in a way that makes them available and usable even during alarm overloads. All important safety-related alarms must be de…ned as key alarms, other alarms could also be included if appropriate. 35.2 Priority An alarm system will be responsible for any alarms, warnings and informations in a monitoring and control system. An alarm system should be able to prioritize between alarms, warnings and information, but also prioritize between di¤erent types of alarms. A system contains di¤erent alarms like: 1. Critical level alarms like High High (HH) or Low Low (LL) alarms. These alarms can generated from analog or binary signals, 2. “Normal” alarm condition like High or Low alarms. These alarms can generated from analog or binary signals, 3. Di¤erence or change alarms, analog signals changing too much or too fast/slow. These alarms can be either a critical alarm or a normal alarm condition. 4. I/O device error, 5. System device error. A system contains di¤erent warnings like: 1. Timeout; no input from a sensor or another computer system within a speci…c amount of time. Warnings for a short amount of time and an alarm if a large amount of time. 210 CHAPTER 35. SPECIFICATIONS 211 Figure 35.1: The main functions of an alarm system (YA711 2001). 2. Out of range; the measrued signal is outside a valid range for the process but still inside the range of the sensor device. This should be an alarm if outside the range of the sensor, for example 20:5 mA for a 4 20 mA sensor. 35.3 Alarm colors The alarm color should be red, and the red color should be used only for alarm indication. Yellow and blue (or purple) can also be used for subfunctions in an alarm system like warnings etc. Lamps can have di¤erent colors as well in cooperation with a horn. The alarm management system or the alarm philosophy will de…ne the colors to be used in addition to the red color. When designing an alarm system take into consideration that the operator can be color blind, meaning that they can mix the information with green and red color. Blinking should be avoided as it is annoying and it is possible to see an empty display if looking when the text is o¤. 35.4 Response Time The responstime of an alarm system should be maximum two seconds, preferably a maximum time of one second. The operator will often redo the operation if there is no response within a second. 35.5 Alarm System Functions The main functions of an alarm system is shown in Figure 35.1. The alarms are generated inside the SCADA system due to a set of system limits, process behaviour and/or process status. The main functions of an alarm system as shown in Figure 35.1 are: 1. Signal …ltering; processing of the raw input signals to the alarm system in order to remove signal noise and other information that is unimportant for the purpose of an alarm system, such as small, rapid oscillations. 2. Alarm generation; comparing the input signal with signal limits and checking the process and system states. 3. Alarm …ltering; preventing an alarm signal so that it is not available for the operator in any part of the system. Disable an alarm. CHAPTER 35. SPECIFICATIONS 212 Figure 35.2: A value is making an alarm condition at time t1 , the alarm is acknowledged at time t2 , and the alarm condition is passive at time t3 . The alarm is created in the alarm system at time t1 and is removed from the alarm system at time t3 . 4. Alarm suppression; preventing an alarm from being presented in main alarm displays, e.g. overview displays, but the alarm is still available in the system at a more detailed level. A set of rules or logic de…nes which alarms to present in which displays. One reason can be if part of the system is out of order waiting for repair or new parts, or if part of the system is not important for daily usage. 5. Alarm shelving is a facility for manually removing an alarm from the main list and placing it on a shelve list, temporarily preventing the alarm from re-occurring on the main list until it is removed form the shelf. Shelving will normally be controlled by the operator, and is intended as a "last resort" for handling irrelevant nuisance alarms that have not been caught by signal …ltering or alarm suppression mechanisms. One reason can be for maintenance of part of the system, for testing, or part of the system is currently not i use. The di¤erence between the Alarm suppression and Alarm shelving is that the operator can control alarm shelving and system designers or the suprevisor can control the alarm suppresion. 35.6 Alarm States Warnings are not critical states and will just be on and o¤ states. An alarm is treated as a critical state and must be acknowledged by an operator. It is the responsibility of the operator to do the right actions for this type of alarm. An alarm will then have 3 di¤erent states like: 1. Passive alarms; no alarm, the condition is within the normal operating range. This condition will not be present i an alarm system. 2. Active alarms; the condition has crossed an alarm boundary and the operator is noticed by some sort of output device. The alarm will be present unntil the alarm is acknowledged by an operator. This state of the condition will be present in the alarm system, often together with some blinking indicators and/or horns, 3. Aknowledge alarms; an active alarm that is aknowledged by an operator. The aknowledged alarm will be passiv when the condition is within the normal operating range. This state of the condition will be present in the alarm system, often together with some sort of steady indicators. The alarm condition will be removed from the alarm system when returning to the normal operating range or when the alarm is turned o¤. Di¤erent combinations of these alarm states are shown in the Figures 35.2 and 35.3. Figure 35.2 shows a situation where the value is entering an alarm state at time t1 , the user is acknowledging the alarm at time t2 , and the value is no longer in alarm state at time t3 . Figure CHAPTER 35. SPECIFICATIONS 213 Figure 35.3: A value is making an alarm condition at time t1 , but the alarm condition is passive before the alarm is acknowledged at time t2 . The alarm is created in the alarm system at time t1 , but is not removed from the alarm system unntil the alarm is acknowledged at time t2 . The acknowledged time t2 is equal to the removal time t3 . 35.3 shows a situation where the value is entering an alarm state at time t1 , the user is delaying the acknowledging of the alarm so the value is no longer in alarm state before the alarm is acknowleded. The alarm condition is still an active alarm unntil the alarm state is acknowledged by the user. Chapter 36 Con…guration An alarm needs an active band with di¤erent on and o¤ limits otherwise wil the system generate a lot of on and o¤ events. This wll be part of the alarm generation section. Deadband; A Deadband (sometimes called a neutral zone) is an area of a signal range or band where no action occurs (the system is dead). Deadband is used in voltage regulators and other controllers. The purpose is common, to prevent oscillation or repeated activation-deactivation cycles (called ’hunting’in proportional control systems). Deadband is di¤erent from hysteresis. With hysteresis there is no dead zone, the output is always in one direction or another. Hysteresis; Use di¤erent values to turn the alarm on and o¤. The reason is to use di¤erent limits for turning the alarm on and o¤, otherwise can if the process value is stable at the alarm limit trigger the alarm on and o¤ at the same. Hysteresis will see to that the alarm will be triggered at di¤erent values for on and o¤ state of the alarm. See Figure 36.1 for how the alarm can be turned on at the unloading graph and turned o¤ at the loading graph. Alarm limits; The alarm limits will be the value for activating the alarm. A high alarm will be activating when the process value is equal or higher, a low alarm will be activated when the process value is equal or lower. Typical alarm limits: 1. High; activated when equal or higher, 2. High High; security alarm, activated when equal or higher, 3. Low; activated when equal or lower, 4. Low Low; security alarm, activated when equal or lower, 5. Di¤erence; activated when the di¤erence between two process values is equal or larger than this limit, or one process limit is larger than this limit. It must be able to con…gure the alarm limits and the alarm enable/disable for all alarmtypes in a speci…c system, but this should be an adminstration option. Fail/Safe; Fail-safe or fail-secure describes a device or feature which, in the event of failure, responds in a way that will cause no harm or at least a minimum of harm to other devices or danger to personnel. Fail-safe devices are distinguished from fail-secure devices in that failure disables any security features. Thus, a fail-safe lock will unlock during a failure whereas a fail-secure lock will remain locked during a failure, but cannot be unlocked. 36.1 Alarm devices The I/O devices used for alarm handling: 1. Screen; display the alarms, 2. Keyboard; alarm operations, 3. Horn; indicate an active alarm, or security alarm, 214 CHAPTER 36. CONFIGURATION 215 Figure 36.1: Hysteresis, using di¤erent di¤erent values for turning the alarm in on and o¤ states (www.wikipedia.org 2006). Figure 36.2: A small selection of lamps and horn for alarm indications (www.tormatic.no: nov-08). 4. Lamp; indicate an active alarm, or an active alarm by blinking and an acknowledge alarm by a steady light. Di¤erent lamp colors can be used in cooperation with horn to indicate di¤erent type of alarms. Di¤erent type of alarm lamps are shon in Figure 36.2. 5. Printer; logging of the alarm states. 36.2 Alarm list Reports and/or list of the current alarms in the system indicating the: 1. alarm id, 2. tag, 3. text description, 4. type of alarm, 5. alarm limit, CHAPTER 36. CONFIGURATION Figure 36.3: A printed alarm report with information about each alarm in a system. 6. priority, 7. activation time, 8. acknowledge time, if any. An example of an alarm report is shown in Figure 36.3 indicating these properties. 36.3 Alarm logging Often an alarm system will have some requirements for logging. The condition for logging can be: 1. The change of an alarm condition (Active/Acknowledge/Passive), 2. The change of the alarm limits for the process condition, 3. The change of the alarm activation (on/o¤), 4. The change of the alarm con…guration, 5. Who changed the alarm setting(s), 6. Time of change. 216