429052 Process Safety - a Systems Perspective

Thursday, November 12, 2015: 4:45 PM
Salon G (Salt Lake Marriott Downtown at City Creek)
Warren D. Seider, Department of Chemical and Biomolecular Engineering, University of Pennsylvania, Philadelphia, PA, Jeffrey E. Arbogast, Applied Mathematics R&D, American Air Liquide, Newark, DE, Ulku G. Oktem, Risk Management and Decision Center, Wharton School,University of Pennsylvania, Philadelphia, PA and Masoud Soroush, Department of Chemical and Biological Engineering, Drexel University, Philadelphia, PA

A modern process plant has several layers of automated protection systems that work independently but in concert to ensure the economical operation of the plant within its safety, environmental, and product quality limits.  These systems are typically control systems, alarm systems, and emergency shutdown (ESD) systems.  Control systems including conventional and model-based controllers [1] are used to operate process plants properly and produce high-quality products consistently, alarm systems are used to alert operators to plant variables that are about to exceed or have already exceeded design limits, and ESD systems are used to halt plants that are in danger of exceeding plant limits. As safety systems are the last line of defense to prevent shut-downs and accidents, they must be independent of control systems.  While control systems occasionally fail, safety systems must be highly reliable, and must be able to override control systems whenever necessary.

Alarm systems are designed such that important (primary) variables are paired with actionable safety systems [2].  As a result of the digital computer revolution, nowadays alarms are easy and inexpensive to configure and deploy; modern field alarm systems often have hundreds or thousands of configured alarms, and therefore, during plant operation (even normal operation), operators can receive a huge number of alarms [3]. Despite many studies on alarm system design and management [4, 5, 6], there are still many critical challenges that need to be addressed to further improve existing traditional alarm systems. For example, existing alarm systems are generally configured only for individual measured process variables. While this simplicity is a strength of existing alarm systems, it is also their weakness as they are unable to consider interactions among variables, leading to an excessive number of false alarms related to the interacting variables. Furthermore, they can alert plant personnel only to the present operation hazards that can be identified from process measurements and have already impacted processing plants.  

The focus of this work is on the upper two layers of the automated protection systems; i.e., alarm systems and ESD systems. We will survey the present state of these systems and will put these systems in perspective from a systems engineering point of view. We will classify the existing systems into reactive and proactive systems. It will be shown (a) that existing safety systems are mostly reactive and (b) how these systems can benefit from having proactive capabilities. For example, a proactive model-based alarm system [7] can systematically address many weaknesses of the existing alarm systems. First, it systematically accounts for plant nonlinearities and interactions among plant variables. Second, it can provide alarms tied to unmeasured state variables.  Third, it can identify current and future hazards in plant operation. These are capabilities that current alarm systems do not have.  Also, leading indicators [8, 9] can alert operators that an accident or a plant trip may occur before it actually does, giving operators time to make corrective actions to dampen the effect of the upcoming abnormal event before it occurs, or before it propagates to an emergency shutdown or worse.  Therefore, it is desirable to program automated safety systems to respond to leading indicators, thus having an immediate automated response to specific indicators.


[1] Leveson, N.G., and Stephanopoulos, G., “A System-Theoretic, Control-Inspired View and Approach to Process Safety”, AIChE J., 60(1), 2-14, 2014

[2] Modarres, M., and Cadman, T. "A Method of Alarm System Analysis for Process Plants", Comput. Chem. Eng., 10(6), 557-565, 1986.

[3] Hollifield, B. R., and Habibi, E., Alarm Management: A Comprehensive Guide: Practical and Proven Methods to Optimize the Performance of Alarm Management Systems. ISA, 2011

[4] Wei, L., Guo, W., Wen, F., Ledwich, G., Liao, Z., and Xin, J., “An Online Intelligent Alarm-processing System for Digital Substations”, IEEE Trans. Power Deliv., 26(3), 1615-1624, 2011.

[5] Zhao, J., and Zhu, J., “Data Filtering Based Alarm Processing Strategy for Repeating Alarms”, J. Tsinghua Univ. Sci. Tech., 52(3), 277-281, 2012.

[6] Schleburg, M., Christiansen, L., Thornhill, N. F., and Fay, A., “A Combined Analysis of Plant Connectivity and Alarm Logs to Reduce the Number of Alerts in an Automation System”, J. Proc. Cont., 23(6), 839-851, 2013.

[7] Mohseni Ahooyi, T., Arbogast, J., Seider, W.D., Oktem, U.G., Soroush, M., “A Method of Proactive Model-based (Soft) Alarm System Design”, AIChE Annual Meeting, 2015.

[8] Pariyani, A., Seider, W. D., Oktem, U. G., and Soroush, M. "Dynamic Risk Analysis Using Alarm Databases to Improve Process Safety and Product Quality: Part II—Bayesian Analysis", AIChE J., 58, 3, 826-841, 2012.

[9] Siu, N., "Risk Assessment for Dynamic Systems: an Overview", Reliab. Eng. Sys. Safety, 43(1), 43-73, 1994.

Extended Abstract: File Not Uploaded
See more of this Session: Advances in Information Management
See more of this Group/Topical: Computing and Systems Technology Division