PROCESS

ALARM MANAGMENT- AN
INVESTMENT TOWARDS SAFE AND
RELIABLE OPERATIONS

Sudarsan Prathipati

1I PROCESS ALARM – DESIGN AND CHANGE MANAGEMENT

 Faculty of Science and Technology

MASTER’S THESIS
Study program/ Specialization:
Spring semester, 2017
Masters of Technology and Operations
Management

Writer: Open / Restricted access

Sudarsan Prathipati …………………………………………
Faculty supervisor: Prof. Preben Hempel Lindøe (UiS) (Writer’s signature)

External supervisor(s): Mr. Bjarne Andre Asheim, Mr. Arvid Halrynjo

Thesis title:
PROCESS ALARM MANAGEMENT – AN INVESTMENT TOWARDS SAFE AND
RELIABLE OPERATIONS

Credits (ECTS): 30

Key words:
• Alarm Management Pages: 121
• Alarm system performance
• Alarm system Regulations
• Business case
+ enclosure: …………
• Investment drivers
• Safe Operations Stavanger, 15-12-2017
• Procedures

Stavanger, ………………..
Date/year

Abstract
Most of the commercial buildings and private homes are configured with a certain number of alarms to
deal with emergency situations, such as fire alarms, HVAC fail alarms, theft alarms, water leakage
alarms etc. However, for an industrial process plant, all alarms and their configuration parameters
collectively feed into a big database. For a typical offshore installation, the alarm database for the
integrated control and safety system may consist of 40000 to 150000 alarms which must be monitored.

Considering the vastness of an alarm database for a process installation, and the risk of missing
critical alarms, there is a need for a regulated and a guided system to handle and integrate all
aspects of alarm engineering to create a functional alarm system.
Such an alarm system must:
• Be built on “principles of alarm design” for process industries
• Be complaint with applicable regulations
• Be usable by process operators in management of abnormal situations
• Perform in line with organisational performance measures

As process industries are getting increasingly complex, with new technologies and expansion projects,
process operators are becoming overloaded with new systems and new alarms dominate the
unnecessary disturbance. Alarm systems need to be well specified and maintained to ensure safe
operations.

During the period between August 2000 and September 2002, NPD (Norwegian Petroleum Directorate)
has carried out the supervision of alarm systems on seven production facilities within the Norwegian
Continental Shelf. Authorised mapping of alarm systems revealed essentially the same weaknesses
and same problem areas, independent of system vendor, operating company, type of facility and age of
device. Despite the limited mapping that has been made, NPD find it reasonable to assume that, the
results from these activities are somewhat representative of the challenges of other facilities on the
Norwegian continental shelf.

This thesis will choose to provide a proactive approach to draft various procedures for a functional alarm
system with all the specifics mentioned above for an alarm system within the frame work of regulations
limited to Norwegian continental shelf.

A well-functioned alarm system combines with coordinated operations management can drive not only
safety and ensure regulatory compliance but promote better plant availability and throughput, delivering
real business value. (Honeywell, 2017)

1 I PROCESS ALARM MANAGEMENT – AN INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS

Acknowledgements
There are many people to whom I am extremely grateful for their support and assistance during
my time of study. I am grateful to my employer, Eldor AS, for permitting me to undertake this
study, for allowing me the time and the finances to make this a reality. Specifically, I wish to
acknowledge my immediate supervisor, Gisle Ersdal, Arvid Halrynjo and external mentor
Bjarne Andre Asheim who provided me with suggestions and directions to achieve what this
thesis aimed to achieve. They believed in me and encouraged dialogue through various levels
of this research.

A significant portion of credit goes to my advisor Professor. Preben Hempel Lindøe (UiS), who
always knew the right questions to ask, provided insight and new possibilities to explore and
is truly the consummate teacher – inspiring and encouraging his students in the pursuit of
knowledge. I am extremely blessed that I was able to undergo this process under your tutelage.

To my many friends, colleagues, and associates, I extend a heartfelt thank you for all that you
have done during the course of my writing of this thesis. Particularly noteworthy, for your
insight, wisdom, guidance, instruction, encouragement, and assistance: Pål Fister, Asbjørn
Ueland, Jan Ketil Moberg, Erik Oaland, Kenneth Larsen, Henrik Holm Larsen, Reidar Risholt,
Hanne Svaasand Humblen, Anita Misje, Nils Totland, Kim Grottenberg, Håkon Rørtveit,
Kristian Dyb Strand, Magnus Skår Hansen, Jøstein and Are.

Finally, I am most of all indebted to my wife Sowjanya Kakara for her support, encouragement
as well as the many sacrifices that she has made over the course of this journey. A special
mention here is my son Ivan Prathipati for his remarkable understanding and support in various
ways. A special thanks to Manoj Prathipati, Viswanadh Komanduri and Subhashini Prathipati,
Kirity Rapuru for providing me unfailing support when it was needed during this long phase of
dissertation. I am confident in saying that this would not have been possible without your
support. Thank you.

P ROCESS A LARM M ANAGEMENT – A N INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS I 2

Dedication

Dedicated to

My Father Prathipati Samuel Williams

My Mother Prathipati Padma

Who taught me being humble and responsible, and the importance of hard work

3 I PROCESS ALARM MANAGEMENT – AN INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS

Table of Contents
Abstract ............................................................................................................................. 1
Acknowledgements ............................................................................................................ 2
Dedication .......................................................................................................................... 3
Table of Contents ............................................................................................................... 4
Figures ............................................................................................................................... 6
Tables ................................................................................................................................ 7
Abbreviations ..................................................................................................................... 8
Glossary ........................................................................................................................... 10
1. Introduction ............................................................................................................ 11
1.1. Research Area ............................................................................................................ 11
1.2. Research focus ........................................................................................................... 13
1.3. Value of research ....................................................................................................... 14
2. The Technical Backdrop ........................................................................................... 15
2.1. Background ................................................................................................................ 15
2.2. Alarm and Alarm System ............................................................................................ 16
2.3. Alarm Management ................................................................................................... 18
2.4. Performance Attributes .............................................................................................. 19
2.5. Evolution of Practices and Life cycle stages ................................................................. 21
2.6. Performance is the Key .............................................................................................. 23
2.7. Process Disturbance Model ........................................................................................ 25
3. The Norwegian Offshore Context ............................................................................. 28
3.1. General Background ................................................................................................... 28
3.2. The Stakeholders ........................................................................................................ 30
3.2.1. State Organisation ....................................................................................................... 30
3.2.2. The tripartite system .................................................................................................... 32
3.2.3. The role of Labour Inspection Authority ...................................................................... 32
3.2.4. Petroleum Safety Authority ......................................................................................... 33
3.2.4.1. Supervision .............................................................................................................. 33
3.3. Offshore HSE Regulations ........................................................................................... 34
3.3.1. Prescriptive Vs Performance-Based ............................................................................. 34
3.3.2. The HSE regulations in general .................................................................................... 35
3.3.3. Working environment regulations ............................................................................... 36
3.3.4. Guidelines and Principles ............................................................................................. 36
3.3.5. Regulation of Control and Monitoring System ............................................................ 37
3.3.5.1. Regulations – Different Regimes ............................................................................. 37
3.3.5.2. Regulations – PSA ................................................................................................... 38
4. Theoretical Perspectives .......................................................................................... 41
4.1. Safety Critical Hierarchy ............................................................................................. 42
4.2. The Experiential Learning ........................................................................................... 43
5. Methodology ........................................................................................................... 46
5.1. Strategy ..................................................................................................................... 47
5.1.1. Time Horizon ................................................................................................................ 48

P ROCESS A LARM M ANAGEMENT – A N INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS I 4

 5.1.2. Levels of Research ........................................................................................................ 49
5.2. Questionnaires ........................................................................................................... 49
5.2.1. Operator Questionnaire ............................................................................................... 49
5.2.2. Audit Questionnaire ..................................................................................................... 50
5.3. Preparation and Preliminary Screening ...................................................................... 50
5.3.1. Interviews .................................................................................................................... 51
5.3.2. Data Analysis and Final Interpretation ......................................................................... 52
5.4. Validity and Reliability ............................................................................................... 52
6. Findings Analysis and Discussions ............................................................................ 53
6.1. Interview Results ....................................................................................................... 53
6.1.1. Design Constrains ......................................................................................................... 54
6.1.2. Complexity creates Confusion ..................................................................................... 54
6.1.3. Cost Incurred ................................................................................................................ 55
6.2. Quantitative Phase Results ......................................................................................... 55
6.3. Qualitative Phase Results ........................................................................................... 59
6.3.1. Analysis- Alarm Optimisation Process .......................................................................... 62
6.4. Connecting the Quantitative and Qualitative Findings ................................................ 63
6.5. Discussions ................................................................................................................. 66
6.5.1. Active Experimentation - Procedures .......................................................................... 67
6.5.1.1. Major Event Detector – Alarm Rush ....................................................................... 68
6.5.1.1.1. Cost Effectiveness ................................................................................................... 70
6.5.1.2. Alarms on Equipment OutofOperation – Standing Alarms ..................................... 70
6.5.1.2.1. Cost Effectiveness ................................................................................................... 72
6.5.1.3. Chattering Alarms – Faulty Equipment ................................................................... 73
6.5.1.3.1. Cost Effectiveness ................................................................................................... 74
6.5.2. Active Experimentation – Templates ........................................................................... 75
6.5.2.1. Alarm Optimisation ................................................................................................. 75
6.5.2.2. Change Management .............................................................................................. 77
6.6. Business Case Development ....................................................................................... 79
6.7. Research Case Study ................................................................................................... 83
7. Conclusions ............................................................................................................. 85
7.1. Research Focus: Summary of Findings and Conclusion ................................................ 85
7.1.1. Regulations .................................................................................................................. 85
7.1.2. Procedures ................................................................................................................... 86
7.1.3. Justification .................................................................................................................. 87
7.2. Contribution to Knowledge ........................................................................................ 88
7.2.1. Recommendations ....................................................................................................... 88
7.3. Self-Reflection ............................................................................................................ 89
7.4. Limitations and Future Scope ..................................................................................... 90
7.5. Works Cited ........................................................................................................ 92
Appendixes ...................................................................................................................... 96
Appendix (I) Eldor Management System ................................................................................... 96
Appendix (II) EMS Process Map – Process Alarm Management ................................................. 98
Appendix (III) Regulations- Different Regimes and Agencies ................................................... 101
Appendix (IV) Operators Questionnaire .................................................................................. 104
Appendix (V) Audit Questionnaire .......................................................................................... 114
Appendix (VI) Interviews- Quantitative phase descriptive statistics ........................................ 118
Appendix (VII) Alarm Optimisation Template .......................................................................... 121

5 I PROCESS ALARM MANAGEMENT – AN INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS

Figures
Figure 1 Modes of risk regulations (Lindøe, 2017) ................................................................. 13
Figure 2 Smoke detector (NDLA, 2017) ................................................................................. 15
Figure 3 Texaco Refinery explosion (idc-online.com, 2014) .................................................. 16
Figure 4 Process Alarm - Primary Function ........................................................................... 17
Figure 5 Alarm window panel - Rotating Equipment .............................................................. 17
Figure 6 Alarm list presentation in a control system ............................................................... 18
Figure 7 Alarm System Under Performance Symptoms ........................................................ 19
Figure 8 Alarm Management Life-Cycle ISA 18.2 .................................................................. 22
Figure 9: Alarm load histogram .............................................................................................. 24
Figure 10 Process Disturbance model ................................................................................... 25
Figure 11 State Organisation of Petroleum Activities (Source: The Ministry of Petroleum and
Energy -Norway) ............................................................................................................. 31
Figure 12 Stakeholders in the tripartite system – A foot note taken from "Risk Governance &
Communication" classwork by (Lindøe, 2015) ............................................................... 32
Figure 13 Regulation Principles - An illustration drawn based on PSA presentation ............. 37
Figure 14 Hierarchical model for safe and reliable operations - Derived from (Hollnagel, et al.,
2006) .............................................................................................................................. 42
Figure 15 The Experiential learning cycle with in an Organisational Learning Cycle (Dixon,
1999) .............................................................................................................................. 44
Figure 16 Research Methodology - Process Alarm System Dimensions ............................... 47
Figure 17 Respondents portfolio & Participation percentage ................................................. 51
Figure 18 Operators ranking of alarm system ........................................................................ 58
Figure 19 Alarm Project - Optimisation activity effect on improved operations ...................... 63
Figure 20 Hierarchical model - System development (Research Focus identified) ................ 67
Figure 21 Alarm Suppression configuration – A typical offshore installation .......................... 71
Figure 22 Top 2000 Alarm distribution - A typical offshore installation .................................. 73
Figure 23 Management of Change - Alarm Projects .............................................................. 78
Figure 24 Eldor Management System .................................................................................... 96

P ROCESS A LARM M ANAGEMENT – A N INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS I 6

Tables
Table 1 An illustration of severity vs urgency matrix .............................................................. 20
Table 2 EEMUA Recommendation (Metric: Average alarm rate, Time unit:10 minutes) ....... 20
Table 3 EEMUA Recommendation (Metric: Maximum alarm rate) ........................................ 21
Table 4 A framework model for OSH regulation (Karlsen & Lindøe, 2006) ............................ 28
Table 5 Regulatory tasks: the DREAM framework ................................................................. 34
Table 6 Performance based Supervision – The supervisory regime by PSA ......................... 35
Table 7 HSE Regulations -Petroleum Safety Authority-Norway ............................................. 35
Table 8 Alarm Management Regulatory Framework –Different Regimes .............................. 38
Table 9 Regulations pertaining to control and monitoring system - Framework HSE (PSA) . 40
Table 10 Levels of Research .................................................................................................. 49
Table 11 Quantitative descriptive statistical analysis - Alarm System Specifications ............ 57
Table 12 Qualitative analysis - Alarm System Specifications ................................................. 61
Table 13 Research findings chosen for active experimentation ............................................. 65
Table 14 Active experimentation measures ........................................................................... 68
Table 15 Procedural stages to handle Alarm Rush ................................................................ 69
Table 16 Cost benefit analysis - Alarm Rush Procedure ........................................................ 70
Table 17 Procedural stages to handle Standing Alarms ........................................................ 72
Table 18 Cost benefit analysis - Standing Alarm Procedures ................................................ 72
Table 19 Procedural stages to handle Chattering Alarms ...................................................... 74
Table 20 Cost benefit analysis - Chattering Alarm procedures .............................................. 74
Table 21 Alarm Optimisation Template Specifics ................................................................... 77
Table 22 Alarm Change Request Form Template .................................................................. 79
Table 23 Financial Losses Illustration - Process Shutdown ................................................... 81
Table 24 Calculation of loss due to missing alarm ................................................................. 82
Table 25 Cost benefit calculation from improving alarm system ............................................ 82
Table 26 Evidence Report Analysis - Major Event Detector .................................................. 83
Table 27 Evidence Report Analysis – Equipment OutofOrder ............................................... 84
Table 28 Evidence Report Analysis – Chattering Alarms ....................................................... 84
Table 29 Alarm Management Guidelines – Norway ............................................................. 101
Table 30 Alarm Management Guidelines - Germany ........................................................... 101
Table 31 Alarm Management Guidelines – UK .................................................................... 102
Table 32 Alarm Management Guidelines – USA .................................................................. 102
Table 33 Alarm Management Guidelines – ISA ................................................................... 103
Table 34 Alarm Management Guidelines –EEMUA ............................................................. 103
Table 35 Alarm Management Guidelines - IEC .................................................................... 103

7 I PROCESS ALARM MANAGEMENT – AN INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS

Abbreviations
ALL Action LowLow
ANSI American National Standards Institute
ASM Abnormal Situation Management
CAP Critical Action Panel
CCR Central Control Room
CCTV Closed-Circuit Television
CSB Chemical Safety Board (U.S)
DREAM Detecting, Responding, Enforcing, Assessing and Modifying
EEMUA The Engineering Equipment & Materials Users Association
EMS Eldor Management System
ESD Emergency Shutdown
FAT Factory Acceptance Test
ESH Environmental, Health & Safety
HMI Human Machine Interface
HSE Health, Safety and Environment
HSE Health and Safety Executive (UK)
HVAC Heating, Ventilation and Air Conditioning
IAT Internal Acceptance Test
IEC International Electrotechnical Commission
ISA International Society of Automation
LSD Large Screen Display
MCB Miniature Circuit Breaker
NA Not Applicable
NCS Norwegian Continental Shelf
NDLA Norwegian Digital Learning Arena
NOK Norwegian Kroner
NPD Norwegian Petroleum Directorate
OEE Overall Equipment Effectiveness
O&G Oil and Gas
OSH Occupational Safety and Health
OSHA Occupational Safety and Health Administration
P&ID Pipe and Instrument Diagram
PA Public Announcement

P ROCESS A LARM M ANAGEMENT – A N INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS I 8

PSA Petroleum Safety Authority
PSD Process Shutdown
PT Pressure Transmitter
SAS Safety and Automation Systems
SDFI State´s Direct Financial Interest
VDU Visual Display Unit
WH Warning High
WL Warning Low
YA-711 Principles for alarm system design – Norwegian Petroleum Directorate
YF Feedback Failure

9 I PROCESS ALARM MANAGEMENT – AN INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS

Glossary
Alarm services: Referred to alarm engineering service provider company.

Chattering Alarm: An alarm that repeatedly transitions between the alarm state and the normal
state in a short period of time. (International Society of Automation, 2009)

Customer: Referred to the company who owns the process installation.

Depressurised shutdown: A complete shutdown with blowdown. Total pressure within system
will be released. Start-up time required to come back to normal operations is longer and
normally referred as cold start-up.

Engineering company: Referred to an engineering company.

Event: Any status change in equipment, process parameter changes and operator performed
actions logged as events. Operators will not be notified.

ESD: Emergency Shutdown System (designed to minimise the consequences of emergency

situations).

Pressurised Shutdown: A partial shutdown without blowdown. Pressure within the system will
be retained and start-up time required to come back to normal operations is less compared to
depressurised shutdown. Normally referred as warm start-up.

PSD: Process Shutdown System (designed to minimise the consequences of unwanted

process control thereby avoiding further escalation into ESD).

Suppression: Any mechanism to prevent the indication of the alarm to the operator when the
base alarm condition is present. (International Society of Automation, 2009)

Operator: Process Control Room Operator or Central Control Room Operator.

Organisation: referred to the company who owns the process installation.

Standing alarm: An alarm in an active alarm state. (International Society of Automation, 2009)

Top-N: A certain number of first few alarms in descending order in terms of number of
occurrences for a particular period.

Vendor: Referred to control system vendor company.

P ROCESS A LARM M ANAGEMENT – A N INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS I 10

1. Introduction
An audit conducted by Petroleum Safety Authority (PSA) for North Atlantic Drilling alarm
system, PSA identified non-conformity relating to deficient routines for establishing and
following up the alarm system's performance as an active barrier against potential incidents
(Petroleum Safety Authority, Norway, 2014). This is one of the problems among many
identified at such installations.

An alarm system´s improved performance leads to safe and secure plant operations. A well
designed alarm system with established routines to maintain, leads to better performance. The
evolution in technical excellence of process automation, helps us in many ways to optimize
the alarm design and change management.

This study will highlight the importance of planning alarm management activities right through
early stages of an installation. Moreover, an alarm is meant to save equipment from getting
damaged or alert an operator to counteract for an unwanted situation. In either case, it saves
the cost involved with a shutdown or equipment damage, and create a safe working
environment for employees by reducing escalating events.

1.1. Research Area

The inspiration for this research began while evaluating the Eldor Management System (EMS)
with respect to alarm engineering processes. Eldor AS is a leading company in Alarm
Management for the Oil and Gas industry in Norway. Eldor AS believes:
- “An optimized alarm system gives optimized decisions” and “Alarm systems need to be
specified and maintained to ensure safe operations”.

As the process industries are becoming more complicated by upgrading to new technologies,
increased integration, more information from each sensor, increased digitalisation and reduced
number of operators, becoming a challenge considering alarm load on operators with new
systems and new alarms. Alarm systems need to be specified and maintained to ensure safe
operations (Eldor AS).

Most process industries have their own alarm philosophy defined as per the plant operating
conditions. But with expansion projects, it is quite mandatory to define the alarm strategy also
to address alarms from different process sections efficiently.

11 I PROCESS ALARM MANAGEMENT – AN INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS

Alarm philosophy is a document which specifies how and when the alarm should be generated,
presented and archived on a general basis. Philosophy can vary from process section to
process section keeping organization values intact.

Alarm strategy is a document which identifies different process sections and their inter-relation.
It also describes where these alarms should be presented and who will be the responsible to
take action on alarms from different process sections.

This research has identified 4 dimensions of an alarm system to justify the

requirement for any alarm management activity:
1. Cost of Poor Performance of Alarm System (Risk to people, Environmental, Financial)
2. Alarm system is large and complex (A database consists of several thousand alarms)
3. Not a one-time fix (Continuous Improvement and Change Management)
4. Valid KPIs (An indication of safe and reliable operations rather than a statutory
requirement)

Process operator’s day to day experience with process controls and their insight into alarm
systems is the key to establish principles of alarm design for effective operations. Along with
process operators’ insights, this thesis will try to gather inputs from discipline leads, regulatory
authorities and control system engineers to establish the frame work to deliver a well-
functional alarm system for safe and reliable operations.

Recognizing assorted regulations related to alarm system requirements in process industries,

the obligation towards their compliance, and procedures and processes to aid will be the part
of this research.

This paper will try to maintain that decorum while representing various sections, meanwhile
not losing track of main research area and goal of this research which is producing a functional
alarm system for safe, reliable and complaint operations.

P ROCESS A LARM M ANAGEMENT – A N INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS I 12

 1.2. Research focus
(Lindøe, 2017) has developed two contrasting modes of risk regulation, coined as command-
and-control and enforced self-regulation. Here in these contrasting modes command-and-
control regulation developed by state in its capacity to dictate legally binding norms. As a main
characteristic, the US regime has relied on the command-and-control approach, in which the
state forces the industry to comply with the relevant laws and the prescriptive rules (Referring
to (Baram & Lindøe, 2014) work on US regime cited by (Lindøe, 2017) in his text).

Figure 1 Modes of risk regulations (Lindøe, 2017)

In contrast, Industry as “self-regulator” with internal control principle allows the companies to
check its own operations in systematic manner by establishing internal management systems
to meet the targets set by the regulator. The Norwegian regime has been developed step by
step in the direction of increased user of functional requirements expressed in legislation. The
supervisory regime on Norwegian Continental Shelf (NCS) builds on the view that a regulator
cannot “inspect” quality into the Norwegian petroleum sector, the responsibility for operating in
compliance with regulations rests with the industry itself.

As (Lindøe, 2017) raised concerns about this approach – Industry as “self-regulator”: The
uncertainty about what is required for compliance, given that each industrial activity has a
unique mix of characteristics, and ambiguity about governmental intervention and
enforcement. This research has noted concerns related to industry as “self-regulator” approach
and established relevant effort to find:

“What are the key regulations for an Alarm management activity within the frame work of
Health, Safety, and Environmental (HSE) regulations for process industries?”

13 I PROCESS ALARM MANAGEMENT – AN INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS

Examining these regulations and evaluating process operators´ requirements through
interviews based on their valuable experience from various installations, so that results may
be imparted into “Alarm Engineering” procedures proven to be cost effective solutions. This
research believes in keeping this impeccable relation between regulator and regulated to
ensure safe and reliable operations.

After all this reasoning, this research has narrowed down its focus to address:
1. How to develop a supportive system for process alarm management describing
procedures based on key regulations related to HSE framework?
2. Justification for an alarm management activity to evaluate and support a
business case having key investment drivers in terms of losses due to poor
performance of alarm system.

1.3. Value of research

Thanks to the technology of digitalisation and telecommunications, it is now easier than ever
before to conduct remote operations and utilise completely unmanned remote platforms.
Remote operations can mitigate multiple challenges, including talent shortage, HSE exposure,
employee security concerns, cost of service delivery (Schlumberger, 2017). But this also brings
uncertainty in safe operations until and unless a functional alarm system is defined and
maintained throughout all stages of life cycle.

Using one year’s data from three hydrocarbon processing plants, it has been estimated that
small disturbances from optimal production account for 3-8% of plant throughput. For a typical
oil refinery, this equates to an annual cost of NOK 30-100 million. Not all this loss will be
recoverable just from installing better alarm systems, but some part of it should be. It should
be recognised that good alarms systems can play a significant part in reducing the likelihood
of these kind of disturbances. (EEMUA, 2007)

Interviewing operators, team leads and various stakeholders and getting their insight into both
financial losses and accidents due to alarm system failure, brings in required decision-
supportive processes and improvement in procedures for alarm handling projects.

This research can be developed further, beyond the scope of this dissertation, and will
elaborate and result in enhanced framework for alarm engineering processes in future. The
specified research objects mentioned above shall be the basis for this research and serve as
guidance in the examination of existing literature.

P ROCESS A LARM M ANAGEMENT – A N INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS I 14

2. The Technical Backdrop
2.1. Background

Whether it’s a process plant, a manufacturing industry, or simply our home, things can go
wrong in many ways. Process parameter deviations, plant dynamics, electrical disturbances,
or human errors, whatever the event, these deviations must be “detected and alerted”.

Alarms generated by detecting deviations on single process measurement or single pieces of

equipment (Norwegian Petroleum Directorage, 2001)

Every year there are about 1,500 accidents in private homes due to fire. The reasons might be
dry cooking, smoking, unauthorized repair of electrical installations etc. (NDLA, 2017).

Figure 2 Smoke detector (NDLA, 2017)

In a process industry, any deviation in a process parameter (pressure, temperature, flow, or

any other variable) from its normal operating range may lead to numerous consequences.
Consequences may affect personnel safety, the environment, or financial considerations, up
to and including the safety integrity of the plant itself.

The explosion and fires at the Texaco Refinery in Milford Haven, is one of many examples to
be considered when it comes to failure of control systems and underperformance of an alarm
system.

15 I PROCESS ALARM MANAGEMENT – AN INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS

 Figure 3 Texaco Refinery explosion (idc-online.com, 2014)

In a manufacturing industry, any deviation in a process parameter directly effects the quality
of the final product and in some cases, it may lead to an HSE incident. Production facilities
work within very narrow band of deviation envelope, which means a strict vigilant alert system
should be in place to limit the consequences. e.g. cement, metal, textiles, car assembly lines,
etc.
Events outside of these parameters could not only affect quality issues, but could jeopardise
the company profile itself by producing defective products. Alarm systems play a vital role,
irrespective of industry, to keep things under control.

2.2. Alarm and Alarm System

Brasnby Automation and Tekton Engineering jointly produced a report for the Health and
Safety Executive on the management of alarm systems (Bransby & Jenkinson, 1998). Though
there are number of ways to explain what is an alarm and what is an alarm system, this
research has adopted definitions from (Bransby & Jenkinson, 1998) report.

Alarm: In mechanistic nuts-and-bolts terms, an alarm is some signal designed to “alert, inform,
guide or confirm”
Alarm System: A system for “generating and processing alarms and presenting them to
users”.

P ROCESS A LARM M ANAGEMENT – A N INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS I 16

 The primary function
for an “Alarm” is to
notify operator about
an abnormal situation
so that operator can
regulate and avoid
escalation

Figure 4 Process Alarm - Primary Function

Usually, alarms are presented to the control room operator in different ways depending upon
the system they are supporting.
i. Alarms displaying on an individual alarm window on a unit control panel. The example
shown below gives an overview of rotating equipment alarms, and the lamps indicate
their severity.

Figure 5 Alarm window panel - Rotating Equipment

ii. Alarms presented in the form of lists on visual display unit (VDU) screens as shown in
Figure 5. The list is dynamic and keeps the status of alarms like New, Acknowledged,
cleared etc. The colour of the alarm text line indicates its severity.

17 I PROCESS ALARM MANAGEMENT – AN INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS

 Figure 6 Alarm list presentation in a control system

The focus of this research is mainly the type described in alternative ii above, a computer
based control system and its alarm list. Alarm lists are increasingly becoming overloaded with
unnecessary information and status messages, overriding the principle purpose of an alarm
system, which is to alert control room operators in case of an unwanted situation. Accidents
such as the one which occurred at the Dupont plant in Belle, West Virginia in 2010 and the
Texaco Milford Haven refinery accident in 1994, keep reminding us of the significance of a
good alarm system and its management.

The CSB (U.S. Chemical Safety Board) investigation found common deficiencies in DuPont
Belle plant management systems springing from all three accidents: Maintenance and
inspections, alarm recognition and management, accident investigation, emergency response
and communications, and hazard recognition. (U.S. CSB, 2011).

2.3. Alarm Management

Alarm management is all about the understanding, design, implementation, and operation of
an effective alerting capability for plant operators. (Rothenberg, 2009). This research has
outlined some of the symptoms based upon observations from various installations with
respect to alarm system performance. The need for an alarm management activity review will
be triggered by some or all of the symptoms, but not limited to the ones shown below.

P ROCESS A LARM M ANAGEMENT – A N INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS I 18

 Too many
alarms/time
unit
Too many
Alarm
Chattering standing
alarms

Need for
Alarm
Not
understandable
Management Alarm rush
Alarm followed by
texts/description major event

Alarms have Many alarms

with wrong
no value priority

Figure 7 Alarm System Under Performance Symptoms

2.4. Performance Attributes

Alarm Value: Every alarm shall require an operator response, to ensure that no unnecessary
alarms are defined in the system (Alarms with no action or no value are just noise)

Tag Name: The alphanumerical string of project specific equipment /area codes and tag name
of filed device and alarm initiate by tag name. All tag names shall be unique.
e.g. 65-PT-1104, in this example 65 is area/system code, PT represents pressure transmitter,
and 1104 is loop number.
Tag
65-PT-1104

Alarm Description: The text consists of equipment/process area details and service of
equipment, it also consists of information about the placement of the filed device.
Tag Description
65-PT-1104 1st Stage Separator Gas Pressure

Alarm Text: Constitutes type of alarm (High, HighHigh, Low, LowLow, Fault etc.)
Tag Description Alarm Text
65-PT-1104 1st Stage Separator Gas Pressure High

19 I PROCESS ALARM MANAGEMENT – AN INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS

Priority: The relative importance assigned to an alarm within the alarm system to indicate the
urgency of response. Priority shall be mapped in combination with severity of consequence
and urgency of the alarm. Each organisation has their own definition of priority distributions
according to their risk tolerance. Basically, It’s a mapping matrix of consequence severity vs.
urgency.
Urgency vs. Severity Minor Major Severe
Soon (> 15mnt) Level - 3 Level - 3 Level - 2
Prompt (5 to 15mnt) Level - 3 Level - 2 Level - 1
Immediate (<5mnt) Level - 3 Level - 2 Level - 1
Table 1 An illustration of severity vs urgency matrix

Here the severity of consequence: Minor, Major, and Severe, is according to respective
organisation policies and alarm philosophy document which must discuss these prioritisation
methods. The following philosophy shall be covered:

• The basis for alarm prioritisation (time to respond, severity of consequence etc.)
• The metrics for alarm configuration (distribution of alarms among priorities)
• Impact of classification on prioritisation (Personnel, Environmental & Financial)

(International Society of Automation, 2009)

Alarm Load: This is represented in terms of the number of alarms received per operator per
single time unit (1 minute, 10 minutes or 1 hour). Companies have the flexibility to choose
reasonable alarm load criteria in line with company safety policies or adapt given
recommendations from applicable standards.
Predictive Robust Stable Reactive Overload
<1 <10 <10 <100 >100
Table 2 EEMUA Recommendation (Metric: Average alarm rate, Time unit:10 minutes)

Standing Alarm: An alarm is called standing if the alarm condition persists for an extended
period of time (varies between 1shift-12 hours to 1day-24 hours). EEMUA suggests target for
this is under 10.

Alarm Rush: This is also referred as alarm flood, typically a situation in which more alarms
are received than can be processed by a single console operator. EEMUA defines this as
Maximum Alarm Rate (expressed as number of alarms in a 10-minute period)

P ROCESS A LARM M ANAGEMENT – A N INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS I 20

 Predictive Robust Stable Reactive Overload
<10 <100 <1000 >1000 >1000
Table 3 EEMUA Recommendation (Metric: Maximum alarm rate)

Alarm Chattering: This is a situation where a particular alarm keeps coming and going quite
often, as often as 30 to 40 times per a minute. A typical scenario as “Ballast tank level” on a
floating vessel offshore, due to high tide as the liquid level in the tank keeps touching level
measuring probes due to wobbling.

2.5. Evolution of Practices and Life cycle stages

Accidents like the explosion at the Texaco Milford Haven Refinery in 1994, where two
operators received more than 200 alarms within the final 10 minutes elevates the situation of
alarm overload. The usability of the alarm system when it was needed the most, became
overloaded and jeopardised the integrity of total plant. This kind of alarm system is neither
acceptable nor useful, and resulted in the development of guidelines to design, manage, and
procure alarm systems by EEMUA first published in 1999. EEMUA publication No. 191 is a
guideline document which describes various engineering aspects of the performance attributes
described above.

Ten years later, the International Society of Automation prepared a standard towards a goal of
uniformity in the field of instrumentation called ISA 18.2 - Management of Alarm Systems for
the Process Industries. This standard introduced the life cycle approach in alarm management
and suggested various stages with in the life cycle as show in Figure 8.

In 2014, IEC (International Electrotechnical Commission) developed a standard, IEC 62682 –

Management of Alarms Systems for the Process Industries, which is an extension to existing
ISA 18.2 standard. As it is noticed, both ISA 18.2 and IEC 62682 are standards, whereas
EEMUA Publication 191 is a guidelines document.

The various stages identified both in ISA 18.2 and IEC 62682 were identical, and required
systems to follow a life-cycle which covers alarm system specification, design, implementation,
operation, performance monitoring, maintenance and change management from initial
conception through decommissioning.

21 I PROCESS ALARM MANAGEMENT – AN INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS

 Figure 8 Alarm Management Life-Cycle ISA 18.2

Philosophy: This document specifies the various processes used in each stage of the life
cycle, such as: alarm generation, design principles, roles and responsibilities, management of
change, performance metrics, etc.

Identification: A predefined process to identify alarms through various process such as

hazard analysis, P&ID development, review of operating procedures and good manufacturing
practices.

Optimisation: Is an activity which is initiated by the need for an improvement in an alarm

system, and it mainly includes defining understandable alarm text, prioritisation of alarms,
identifying cause, consequence, and operator action for an alarm.

Design: Apart from basic alarm attributes specified in Optimisation, detailed design stage
includes definition of HMI representation, annunciation of alarms along with advanced alarm
techniques. Alarm applicability based on context of operations, grouping of alarms based on
similarity in operator action and tuning of alarms by adjusting dead bands and filter times are
some of the advanced alarm techniques.

Implementation: This stage specifies the activities necessary to install alarms and functional
verification of system.

P ROCESS A LARM M ANAGEMENT – A N INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS I 22

Operation: Alarm system is active and it performs as intended. Purpose of each alarm is
supposed to be validated during this stage.

Maintenance: This is the testing phase of an alarm system, and periodic maintenance activity
should ensure that the alarm system is performing as designed.

Monitoring & Assessment: This is in parallel with operations and maintenance. Routines
should be established to monitor and asses the alarm system performance. The usability of
the alarm system, alarm load and other performance metrics are specified in the alarm
philosophy document.

Management of Change: Modifications to alarm systems are proposed and approved as per
the roles defined in the alarm philosophy document. This change management process should
be followed from identification to implementation stages to avoid any uncontrolled changes,
considering the complexity and vastness of the alarm system.

Audit: Periodic reviews are conducted to maintain the integrity of alarm system and
coordination among various stages in alarm management. This stage will ensure that
necessary routines are established and maintained according to alarm philosophy.

2.6. Performance is the Key

Process system owners, suppliers, and vendors are starting to notice the importance of
effective alarm system performance. All stakeholders including process owners, control
system suppliers, and vendors are making sure that alarm management solutions are
integrated into main control system delivery. If not implemented at the beginning, systems are
capable of adopting alarm management solutions even after installation and long periods of
service. To quote ABB, one of leading process automation system suppliers, “21st Century
automation system technology frequently delivers centralised control and operations,
improved equipment reliability and significant maintenance savings. However, all too
frequently these benefits fail to be translated into increased uptime and improvement in OEE
(Overall Equipment Effectiveness) due to ineffective alarm system performance.” (ABB
Consulting, 2015)

Missing a systemic approach to control alarm system performance while adding new systems
or enhancing existing systems for better throughput, may lead to catastrophic events. Martin
Hollender and his team have done a review entitled, “Alarming Discoveries” for ABB and

23 I PROCESS ALARM MANAGEMENT – AN INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS

identified that alarm “floods” remain one of the biggest challenges for industrial facilities using
distributed control systems (Hollender, et al., 2017). A classic example of an overloaded alarm
system is the explosion at the Texaco Milford Haven refinery, where the two operators received
275 alarms in the last 11 minutes before the explosion. This is now seen as a characteristic of
an overloaded alarm system, which makes it impossible for an operator to be properly aware
of a situation and to diagnose and correct it.

Having control over safety incidents, which companies proudly present in their indexes, may
not be the case of reality. There were several near misses which could have been potential
incidents which should have been registered and actions identified. The Abnormal Situation
Management (ASM) consortium emphasized gaps in reporting systems, for example in alarms
which protect the process from potential problems other than safety – such as (non-safety)
environmental release, product quality, equipment life, and economic objectives. However, the
mechanisms of control, loss of control, and recovery are essentially the same for all these
potential problems. Hence it can be argued that any loss of control so detected “under slightly
different circumstances” could result in a safety incident, and thus should be categorized as a
near miss. (Bullemer & Metzger, 2008)

Any incident, safety or non-safety, detected by alarm system needs to be registered as an

observation. Creating an alarm management activity always requires analytical data in terms
of these observations to support the decision of investing into an alarm project.

Figure 9: Alarm load histogram

The above picture represents an alarm load histogram for a typical land based industry. Alarm
load variations and the intensity of the alarm load for the span of six-month period are
represented. During a disturbance in a plant, the load may reach up to 500 to 600 alarms,
whereas in normal operations there are about 20 alarms per day. The variation of alarm load

P ROCESS A LARM M ANAGEMENT – A N INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS I 24

during normal and disturbed plant conditions explains the control room scenario of “Alarm-To-
Alarm”. A situation may exist where an operator is attending and responding to alarm after
alarm, with relevant actions, without having enough space for regular mandatory checks and
observations.

For instance, from the above histogram it is evident that the alarm load has been increased in
late months, particularly during warmer months of the year where the alarm load is relatively
high. Process measurements are so sensitive in such a way that there may be many factors
contributing the disturbances in an industry including weather like ambient temperature. During
this period, operators are more or less occupied with responding to alarms only. This kind of
operations introduce uncertainty in safe operations.

2.7. Process Disturbance Model

Figure 10 Process Disturbance model

The above illustration of process model is taken from (International Society of Automation,
2009), and the primary focus for this illustration lies in the transitions between different process
conditions. In a typical process plant, there are several process areas, and each area has its
own target zone. It is the responsibility of a process operator to keep all these areas within

25 I PROCESS ALARM MANAGEMENT – AN INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS

their target zones for safe and reliable operations. e.g Kårstø gas processing plant has several
process sections or process areas: (GASSCO, 2003)
• Inbound logistics: Åsgard transport line operated by Gassco AS to the treatment plant
at Kårstø
• Hydrocarbon products: This processing plant separates the rich gas arriving in the
Statpipe and Åsgard Transport pipelines into its various components.
• Ethane separation plant: This production is sold under long-term contracts and shipped
from the plant by sea.
• Outbound logistics: Natural gas is exported from Kårstø through the Europipe II pipeline
to Dornum in Germany and through the Statpipe/Norpipe system to Emden

Any deviation from the operational target with in these mentioned process areas will have the
possibility of uncertainty in quality of production and safe operations.

Off target indication: Process is not optimal anymore as targeted and getting into off-spec
production but still in normal operating range. This is the time when an operator needs to
interfere and streamline the process to get back into target zone. This is only possible if the
operator is not engaged with Alarm-To-Alarm scenario.

Pre-Upset Warning: A transition where the process envelop is slipping beyond normal
operating zone and getting into disturbance.

Upset Indication: An indication saying that the process has become disturbed and continuing
with that disturbance could result in off-spec production, poor quality and escalation into a
safety incident. Every transition may not be an alarm to an operator, but the consequence of
an upset indication will be the guidance to determine the necessity for an alarm.

Pre-Trip Warning: The transition at this phase is normally configured with an alarm to alert
the operator, if he/she is busy enough to capture the disturbance/upset situation earlier in
affected area. This is the last opportunity for the operator to avoid going into shutdown mode.

Trip indication: An indication that a shutdown has occurred, and it is the point of no return
past which that product is unusable. The operator has to act upon this alarm to do the post-
trip analysis and secure the rest of the process areas to maintain the integrity of the plant as
well as for quick start-up.

P ROCESS A LARM M ANAGEMENT – A N INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS I 26

As it has been discussed earlier, alarms can be configured on different transitions based on
the severity of consequence and time to respond for an operator, to avoid disposition limit
violation. So, alarm system performance is the key when defining plant integrity in terms of
safe and reliable operations.

27 I PROCESS ALARM MANAGEMENT – AN INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS

3. The Norwegian Offshore Context
3.1. General Background
In late 1950s the discovery of gas at Groningen in Netherlands caused people to look for more
opportunities in North Sea. In October 1962 after an attempt by Philips Petroleum to get
exclusive rights over whole shelf and turned down by authorities, 22 production licenses for
total of 78 blocks were awarded to groups of oil companies. The first discovery by Ekofisk in
1969 actually ignited the Norwegian oil adventure and production started in 1971 followed by
many major discoveries.

(Karlsen & Lindøe, 2006) identified four distinct modes that have been applied in the
development of OSH regulation in the Nordic countries during past 100 years. As depicted in
Table 4, OSH regimes can build on a mixture of different regulatory principles: Protection by
specific rules, participative action, knowledge-based development, and a market-based
mechanism.

Organisational Approach

Direct Indirect

1 2
Statutory
Protection by specific rules Participative action
Legislative Basis 3
4
Voluntary Knowledge-based
Market-based mechanism
development
Table 4 A framework model for OSH regulation (Karlsen & Lindøe, 2006)

During 1980s, while increases in production and wealth were followed by the systematic
production of technologically deduced hazards, medical and social risks became obvious. Both
regulator and regulated were in need of better understanding, knowledge and methods to
mitigate these risks, which demanded a large-scale reform in public administration and
regulatory bodies.

(Feldman & Khademian, 2001) derives the trade-off between accountability and flexible
management within government organisations. Public administration is held responsible for
utilising public resources in a flexible manner. Flexible management can cut across structures
or procedures that have traditionally provided a form of legitimacy for the expenditure of funds
or exercise of government authority. Reformers within the “New Public Management”

P ROCESS A LARM M ANAGEMENT – A N INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS I 28

emphasize the bottom line, or the performance, of an agency as a form of accountability that
can also accommodate flexibility. (Feldman & Khademian, 2001)

Public administration and regulatory bodies took on a more modern look due to reformation in
public management system. Countries like Norway aimed at becoming more decentralised
mechanisms of steering and control regarding risk-based regulation and risk-based safety
management.

The Nordic model progresses through different phases due to various inflection points caused
by Sevesco 1976, Bravo 1977, Alexander Kjelland 1980, Chernobyl 1986 and Pipher Alpha
1988. Now the Nordic model has taken its shape, and is mainly influenced by market forces
and stake holders such as authorities, customers, suppliers, vendors and workers.

During this evolution process after two major accidents, Bravo and Alexander Kjelland, within
the Norwegian continental shelf, the role of the Norwegian Petroleum Directorate (NPD) has
strengthened. The era of New Public Management gives a decentralised mechanism of
steering to the NPD, and has helped to create the possibly of the world´s most stringent labour
legislation.

Norway established worker health and safety legislation known as the “Working Environment
Act” on February 4th, 1977. The Act contains provisions about employers and employees'
obligations with respect to ensuring an acceptable working environment. Enterprises are
required to have safety delegates and working environment committees, and some enterprises
are required to have a corporate health service where necessary.

The Norwegian Petroleum Directorate (NPD) has through supervisory activities revealed
unsatisfactory conditions related to alarm systems on petroleum production installations on
the Norwegian Continental Shelf.

Statoil was created in 1972 with 50 percent state participation. Later on, it was split into 2 parts,
one linked to the company and the other becoming part of the State´s Direct Financial Interest
(SDFI) in petroleum operations. But in spring 2001, the SDFI was resolved by Norwegian
Parliament (Storting) and made the way for the privatisation of Statoil.

In the last 40 years, production of only 42 percent of expected resources on Norwegian

continental shelf (NCS) has been produced. A total of 8,000 km of offshore gas pipelines with

29 I PROCESS ALARM MANAGEMENT – AN INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS

landing ports in four countries and 53 companies are currently licensees of NCS. (Ministry of
Petroleum and Energy, 2013)

3.2. The Stakeholders

The regime developed for the Norwegian continental shelf (NCS) has balanced interests
between the different groups of stakeholders, being largely successful and flexible in response
to challenges within and outside the system. A major challenge in risk management and risk
regulation is coordination and adjusting feedback from respectively; a self-regulation process
with industrial stakeholders and professionals, and the enforcement process by laws and
regulations enacted by inspectorates (Lindøe, 2017). This research has identified below
stakeholders for alarm management activities with in NCS.

3.2.1. State Organisation

Framework for petroleum activities in Norway is set by The Storting (Norwegian Parliament)
through its legislative powers. The Ministry of Petroleum and Energy regulates the petroleum
sector and state ownership interests of various state-owned companies like Statoil ASA,
Petoro AS and Gassco AS.

The Norwegian Petroleum Directorate (NPD) is an important advisory body for the Ministry of
Petroleum. The Directorate have administrative authority over petroleum exploration and
production on NCS and it has the power to adopt regulations and make decisions through
petroleum legislation.

Whereas the Ministry of Labour and Social Affairs has the responsibility for safety and
emergency preparedness in the petroleum sector, and the Petroleum Safety Authority is a
subordinate agency which looks over the responsibilities for safe operations, emergency
preparedness and working environment.

P ROCESS A LARM M ANAGEMENT – A N INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS I 30

 Figure 11 State Organisation of Petroleum Activities (Source: The Ministry of Petroleum and Energy -Norway)

Regulation is often thought of as an activity that restricts behaviour and prevents the
occurrence of certain undesirable activities (Baldwin, et al., 2012). A whitepaper issued by
Siemens regarding alarm management elevates the requirement of statutory guidelines
(Siemens, 2008). The dreadful conditions in the control rooms caused diverse organizations
and committees to issue instructions and bodies of rules for the conception, application, and
maintenance of alarm management systems years ago. There are thus many standards of
various origins existing parallel to each other that, depending of the background of the
publishers, focus on different aspects.

When designing new systems, a certain degree of care is required and more attention is
deserved during procurement of new systems. The statutory requirements also emphasis
improving existing alarm systems as a mandatory measure.

(Macdonald, 2004) illustrates the legal requirements for hazard studies in his work about
practical hazops, but the same can be applicable here for alarm management activities in
terms of legal requirements.

31 I PROCESS ALARM MANAGEMENT – AN INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS

 3.2.2. The tripartite system

(Lindøe, 2015) has defined “Stakeholders in tripartite” in one of his works, mentioning
employer, employee and union as tripartite and a regulation body as a supervising birds-eye
to ensure safe operations within an organisation.

Authority

National (working life)

Employer Tripartite collaboration Unions

Safety
organisation Industry
Individual
working contract
Workplace
Employee

Figure 12 Stakeholders in the tripartite system – A foot note taken from "Risk Governance & Communication"
classwork by (Lindøe, 2015)

3.2.3. The role of Labour Inspection Authority

The Isosceles Group Norway ESH audit protocol highlights the role of the Labour Inspection
Authority. The authority ensures that enterprises comply with the requirements of the Working
Environment Act and associated regulations. Supervision will mainly be aimed at enterprises
with the poorest working conditions, where there is little willingness to correct problems, and
where the agency's efforts will have the greatest effect (The Isosceles Group, 2014). This is
done by:
1. Internal Control Audits

Reviews of enterprises' internal control systems to reveal whether regulations and

procedures are being followed. An audit can take place over several days.

2. Verifications/Inspections

Intermittent tests are used to check whether internal control systems function well and whether
companies meet legal requirements.

P ROCESS A LARM M ANAGEMENT – A N INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS I 32

 3. Investigating Accidents
All serious and life-threatening accidents are investigated by the Labour Inspection Authority.

Within this research our discussion is limited to employer and employee compliance and
regulatory supervision requirements for risk management incurred by poor performance of
alarm systems. The element of unions not particularly related to subject of Alarm management
scope for this thesis work and other elements of workplace is compliant enough to reduce the
complexity of our study.

Experience has shown that alarm systems could have been given more attention during design
and procurement of new systems as well as during modification and operation of existing
systems. Since alarm systems are essential in safe and reliable operations in petroleum
installations, the essential role played by an alarm system is recognised by NPD, and
recommended to be designed based on principles for HMI design and human factor
knowledge. This is applicable for both procurement of new systems and updates to existing
alarm systems. (Norwegian Petroleum Directorage, 2001)

3.2.4. Petroleum Safety Authority

The Petroleum Safety Authority in Norway is an agency under the Ministry of Labour and Social
welfare having core responsibility towards Safe operations, emergency preparedness
including accidents and wilful acts along with the Working Environment Act. (Ministry of
Petroleum and Energy, 2013). The key regulations relating to HSE on both offshore and
onshore facilities and working environment are two sets of regulations subjected to PSAs
supervisory authority.

3.2.4.1. Supervision

Supervision includes, but means more than, an audit of both offshore and land based plants,
this refers to all possible contact between authority (PSA) and regulated (Company), says
PSA. (PSA, 2017)

(Baldwin, et al., 2012) defines a framework called DREAM to organize a discussion of the main
challenges that regulators encounter in seeking to apply enforcement on the ground.

33 I PROCESS ALARM MANAGEMENT – AN INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS

 1 DETECTING The gaining of information on undesirable and non-complaint
behaviour.
2 RESPONDING The developing of policies, rules, and tools to deal with the problems
discovered.
3 ENFORCING The application of policies, rules, and tools on the ground.
4 ASSESSING The measuring of success or failure in enforcement activities.
5 MODIFYING Adjusting tools and strategies in order to improve compliance and
address problematic behaviour

Table 5 Regulatory tasks: the DREAM framework

Looking at the challenges posed by regulators, the NCS supervisory regime builds on the view
that a regulator cannot “inspect” quality into the Norwegian petroleum sector. The responsibility
for operating in compliance with regulations rests with the industry itself. PSAs perspective
towards regulating safety, moved in the direction of performance management over past 2
decades just like in any other part of the world.

3.3. Offshore HSE Regulations

3.3.1. Prescriptive Vs Performance-Based

The prescriptive approach sets detailed requirements through statutory regulations for
structures, technical equipment, and operations to prevent any Health, Safety and
Environmental hazard. Regulators determine the necessary requirements and checks that the
companies comply.

This kind of approach often encourages a passive attitude among companies and a lack of
commitment. Companies wait for the safety regulator to audit, identity faults and explain
corrective measures to be taken. This allows companies to push the responsibility for safe
operations towards the authorities, which is not a suitable way to ensure safe and reliable
operations.
In contrast, the performance-based approach regulations are formulated to describe
performance goals which need to be achieved. Here the task of regulators is limited to only
“Responding” and “Enforcing” as defined in DREAM framework by (Baldwin, et al., 2012).
Describing safety targets a company must meet, and checking that company has established
a management system will ensure these goals are met. Of course, companies will have high
degree of freedom in this approach to choose their own choice of solutions for satisfying
regulatory requirements.

P ROCESS A LARM M ANAGEMENT – A N INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS I 34

 Prescriptive
Regulator sets detailed requirements
Regulator determines the checks that company
must comply
The Government ends up as the guarantor that
safety in the industry is adequate
Encourage passive attitude and lack of
commitment among the companies – Wait for
the safety regulator to identify faults
Table 6 Performance based Supervision – The supervisory regime by PSA
Performance Management
Regulator set the safety target a company must
meet
Company establishes the management system
to meet targets set by the Regulator
Company has an independent duty to comply
operating acceptably
Adoption of “Internal Control Principle” by
companies, which allow the company to check
its own operations in a systematic manner.

3.3.2. The HSE regulations in general

Integrated and specific regulations for HSE in both offshore and onshore facilities are prepared
and enforced jointly by the regulators for their respective areas of authority. A total of 5 sets of
regulations have been adopted for HSE regulations in both offshore and onshore facilities, and
consists largely of Risk and Performance based requirements.

1 The Framework • Apply for both offshore and onshore

Regulations • Provides frame work for risk reduction principles
• Principles for HSE, including requirement for a good HSE culture

2 The Management • Apply for both offshore and onshore

Regulations • Brings overall management requirements relating to HSE
• Barriers, processes and handling of non-conformities and
improvements

3 The Activities • Apply only offshore

Regulations • Governing regulatory requirements for planning, operational
preconditions, emergency preparedness and maintenance

4 The Facilities • Apply only offshore

Regulations • Governing regulatory requirements for safety functions and loads,
materials, physical barriers, drilling and well systems and robust
solutions

5 The Technical and • Apply to land based facilities – Similar to Activity Regulations
Operational Regulations offshore
• Governing regulatory requirements for planning, operational
preconditions, emergency preparedness and maintenance

Table 7 HSE Regulations -Petroleum Safety Authority-Norway

35 I PROCESS ALARM MANAGEMENT – AN INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS

 3.3.3. Working environment regulations

These regulations are issued by the Ministry of Labour and enforced by the Norwegian
Inspection Authority and PSA within their respective areas of authority. Regulations are
pursuant to Norwegian Working Environment Act.

As of January 1st, 2013, there were 6 six regulations were brought into force and replaced a
total of 47 regulations issued under the Norway Working Environment Act:

1. Regulations relating to organisation, management, and participation

2. Regulations relating to design and layout of workplaces and work premises
3. Regulations relating to administrative arrangements
4. Regulations relating to abatement and threshold values
5. Regulations relating to conduct of work
6. Regulations relating to construction, design and production of work equipment

3.3.4. Guidelines and Principles

Neither of the HSE nor Working Environment regulations are legally binding. For all the given
regulations in HSE, corresponding guidelines have been given to demonstrate how provisions
in the regulations can be met. Similarly, the Norwegian Labour inspection authority has
prepared guidelines on application of working environment regulations.

The prominence of PSA regarding regulations and the guidelines is that, they should be viewed
jointly in order to obtain the best possible understanding of what the government wishes to
achieve by their means.

(Hood, et al., 2001) referred to (Baldwin and Hawkins) work of toothpaste-tube-like

characteristics of regulatory systems in one of their works regarding risk regulation regimes.
The tendency of a toothpaste-tube which is squeezed in one place, is to bulge out in another.
If a standard-setting component of regulation experiences a ´squeeze´ in terms of great rigour
or transparency, there may be corresponding ´bulges´ somewhere. These may be in terms of
increasing discretion or opacity of the implementation process, resulting in companies inclining
towards a passive attitude of letting authorities come, inspect, identify the faults, and propose
required solutions.

PSA has begun to accentuate the involvement of regulations for safe and reliable operations
and has generated a mandate in relation to regulatory principles. What are risk-based

P ROCESS A LARM M ANAGEMENT – A N INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS I 36

regulations and performance based requirements? The discussion of this topic left us with the
following set of regulation principles on Norwegian continental shelf.

Risk-based regulations Performance-based requirements

Regulations formed based on functional

Great emphasis to principles for reducing requirements, expressed in terms of performance
HSE risk which the process or service to achive.

Responsible Party:
Operator and others partcipating in
operations are pusuant to regulations and
must ensure comaplaince with
requiremens specified
Fulfilling requirements:
Both regulations and guidelines must be viewed
together to extract best possible understanding of
standard

Generalised requirements:
These risk-based regulations are apply to
all other regulations, but they appear just
once
Recommended solutions:
Applying recommended solution fulfils the
requirement complaince, any alternative solution,
possible to document that requirment is fulfilled
bettter than recommended.

Figure 13 Regulation Principles - An illustration drawn based on PSA presentation

3.3.5. Regulation of Control and Monitoring System

In the early stages of any project involving potential hazards the question of regulations is
bound to arise: Where do we stand with regard to legal requirements for safety? What does
the law require us to do? The simple answer is the most industrialized countries have legal
frameworks in place that similar in nature and have been substantially improved in the past 10
years. (Macdonald, 2004)

The concern noticed by this research earlier in the section 1.2 related to industry as “self-
regulator” approach and relevant effort to find:
“What are the key regulations for an Alarm management activity within the frame work of
Health, Safety and Environmental (HSE) regulations for process industries?”

does include examining these regulations to understand the role of the regulator, and the
responsibilities of the regulated for an approved alarm system definition and design.

3.3.5.1. Regulations – Different Regimes

The new international standard for management of alarms systems for the process industries
IEC 62682, provides a comprehensive method of applying alarm engineering processes. Apart
from these international standard different industrial regions have different standards. The list
is only the sample within the range of practices available.

37 I PROCESS ALARM MANAGEMENT – AN INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS

Region Regulatory Body Framework Standards/Guidelines

Norway Petroleumstilsynet - http://www.ptil.no/ NPD Regulation Principles of alarm design –YA

(Petroleum Safety Authority) 711
(PTIL, 2001)
Germany Interessengemeinschaft NAMUR Worksheets Alarm Management – NAMUR
Automatisierungstechnik der NA 102
Prozessindustrie - (NAMUR, 2008)
http://www.namur.net/ *These papers are neither
(Automation Systems Interest Group of normative standards nor
the Process Industry) guidelines.
UK Health and Safety Executive - HSE Guidance The Management of alarm
http://www.hse.gov.uk/ systems – Contract Research
Report 166/1998
(HSE, 2017)
USA United States Department of Labour - Occupational Safety 29 CFR 1910.119-
https://www.osha.gov/ and Health Standards Process safety management of
highly hazardous chemicals.
(OSHA, 2017)
International ISA- International Society of ISA Standards ANSI/ISA-18.2-2016,
Automation - https://www.isa.org/ Management of Alarm Systems
for the Process Industries
(ISA, 2016)

International EEMUA - The Engineering Equipment International Standard

EEMUA Publication 191 Alarm
& Materials Users Association - systems - a guide to design,
https://www.eemua.org/home.aspx management and procurement
(EEMUA, 2017)
International IEC - International International Standard IEC 62682:2015
Electrotechnical Management of alarm systems
Commission - for the process industries
http://www.iec.ch/ (IEC, 2014)
Table 8 Alarm Management Regulatory Framework –Different Regimes

Appendix (III) Regulations- Different Regimes and Agencies refers to full details of various
regulatory regimes across the globe and their emphasis subjected to alarm management
activities.

3.3.5.2. Regulations – PSA

Though there is a possibility of scrutinising vast number of regulations and standards, this
research chooses to limit the scope of examining the regulatory requirements with in Petroleum
Safety Authority (PSA) relevant to petroleum activities with in NCS.

Refer to the section The HSE regulations, except technical and operational regulations all other
four regulations are applicable to offshore installations. The following table provides an
overview of HSE regulations addressing control and monitoring systems, both offshore and
onshore. PSA has extended their help in understanding these regulations by providing relevant
guidelines for almost all regulations. After a close examination of the regulations, management
and activity regulations are exempted from further analysis, considering the fact that process
control and monitoring systems are not covered by these.

P ROCESS A LARM M ANAGEMENT – A N INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS I 38

 Key Regulations and Provisions w.r.t Alarm
Management
Section 11 Risk reduction principles
In reducing the risk, the responsible party
shall choose the technical, operational or
organisational solutions that, according to
an individual and overall evaluation of the
potential harm and present and future use,
offer the best results, provided the costs are
not significantly disproportionate to the risk
reduction achieved.
Section 17 Duty to establish, follow up
and further develop a management
system
The responsible party shall establish, follow
up and further develop a management
system designed to ensure compliance with
requirements in the health, safety and
environment legislation.
(The Framework Regulations, 2016)
Section 21 Human-machine interface
and information presentation
Monitor-based equipment and other
technical equipment for monitoring,
controlling and operating machines,
installations, or production processes, shall
be designed to reduce the risk of mistakes
that can have an impact on safety.
The presented information shall be correct
and easily understandable. Information
systems shall be designed for both normal
and critical situations.
Section 34a Control and monitoring
system
Facilities shall have control and monitoring
systems which, using associated alarms,
warn of incidents, nonconformities or faults
that are significant for safety. The alarms
shall be issued such that they can be
perceived and responded to within the time
required for safe use of equipment, plants,
and processes.
(The Facilities Regulations, 2015) – Apply
only offshore
Section 21 Human-machine interface
and information presentation
Monitor-based equipment and other
technical equipment for monitoring,
controlling and running machines,
39 I PROCESS ALARM MANAGEMENT – AN INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS
Guidelines
Re Section 11 Risk reduction principles
• Risk means the consequences of the activities, with
associated uncertainty. The term “consequences” is
here used as a collective term for all potential
consequences of the activities.
• Associated uncertainty here means uncertainty related
to the potential consequences of the activities.
• The risk associated with the activities will depend on the
context, including the information base and that which
must be evaluated, planned and implemented
Re Section 17 The content of management systems
• Management systems shall cover the organisation,
processes, procedures and resources necessary to
ensure compliance with requirements stipulated in the
health, safety and environment legislation. More
detailed provisions regarding management systems,
including the content, are stated in the supplementary
Management Regulations.
(Guidelilnes-Frame Regulations., 2015)
Re Section 34a Control and monitoring system
Alarms should be defined and designed such that
• The alarms that are presented, are relevant, easy to
register and understand, and clearly show where
possible nonconformities and hazardous situations have
arisen
• The alarms are coded, categorised and assigned
priority based on the safety significance of the alarms
and how quickly measures must be taken to avoid
undesirable consequences
• The alarm systems allow for suppressing and reducing
alarms, so as to avoid mental stress for control room
personnel during interruptions in operations and
accident incidents.
With regard to the design of the alarm systems, the
principles of the Norwegian Petroleum Directorate's (now the
Petroleum Safety Authority Norway’s) publication YA-710
(English edition YA-711) should be used.
(Guidelines-Facilities Regulations., 2016)
Re Section 33a Control and monitoring system
Alarms should be defined and designed such that
• The alarms that are presented are relevant, easy to
register and understand, and clearly show where any
 Key Regulations and Provisions w.r.t Alarm
Management
installations or production processes, shall
be designed so as to reduce the risk of
mistakes that can be significant to safety.
The presented information shall be correct
and easily understandable.
Section 33a Control and monitoring
system
Onshore facilities shall have control and
monitoring systems which, using associated
alarms, warn the operator of incidents,
nonconformities or faults that are significant
for safety. The alarms shall be issued such
that they can be perceived and responded
to within the time required for safe use of
equipment, plants and processes.
Section 51 Training in safety and
working environment
The individual employee and manager shall
be provided with training in working
environment factors of significance for
conducting their work.
The training shall be adapted to changed or
new risk in the enterprise, and repeated
when necessary.
Guidelines
nonconformities and hazardous situations have
arisen,
• The alarms are coded, categorised and assigned
priority based on the safety significance of the alarms
and how quickly measures must be taken to avoid
undesirable consequences,
• The alarm systems allow for suppressing and
reducing alarms, so as to avoid mental stress for
control room personnel during interruptions in
operations and accident incidents.
With regard to the design of the alarm systems, the
principles of the Norwegian Petroleum Directorate's (now the
Petroleum Safety Authority Norway’s) publication YA-710
(English edition YA-711) should be applied.
Re Section 51 Training in safety and working
environment
There exist minimum requirements are set for training for
self-protection measures and trainings mentioned in various
subsections. But this does not exempt the business from its
obligation to carry out additional training measures if risk and
emergency preparedness analyses show a need beyond the
minimum requirements.
(Guidelines-T&O Regulations., 2016)

(Technical and Operational Regulations,

2016) – Apply to land based facilities
Table 9 Regulations pertaining to control and monitoring system - Framework HSE (PSA)

Identification of relevant regulations left us with greater responsibility to comply within their
areas of application. The control and monitoring system plays a vital role managing safe and
reliable operations. The regulated (Company) has to communicate these requirements to
operations management, thereby creating work instructions for the successful implementation
of these regulations with given guidelines.

P ROCESS A LARM M ANAGEMENT – A N INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS I 40

4. Theoretical Perspectives
Having understood the technical backdrop and relevant regulations within the Norwegian
offshore context, a model is required to continue this study for successful results. The model
should be enable us to address the hierarchical flow of instructions from “Regulations – to –
Realise Operations”. Effective communication must be at the core of any successful activity to
asses and manage risks (Renn, 2008). This research study tries to establish this
communication among various stakeholders mentioned in previous sections, and translates
the needs and requirements into procedures and processes.

(Lindøe, 2017) discussed about handling flexibility saying that, effective and safe production
is enhanced by introducing rules, procedures, and routines to guide organisational activities.
By implementing procedures and technical processes, human activities and practices become
more predictable and safer. Developing and establishing procedures keeping a blind eye on
requirements from operations is proven to be a useless effort in several occasions. The
interaction between system development and system operations is mandatory for learning,
and thereby contributes those experiences back into system development.

A theoretical perspective of safety critical hierarchy cited by (Hollnagel, et al., 2006), has been
used for this study, considering the guidance this model imparted to this study while
determining the interaction between system development and system operations. Though this
study is more focused on system development wing of the model, the interaction that Hollnagel
established is the core element for this study.

This study also recognised the importance of learning phases in an organisation at various
levels. This “experienced learning” is a vital element in generating, integrating, and interpreting
ideas to act in order to propagate those experiences back into system for greater good. This
thesis has adopted the “Experienced Learning Cycle” model referenced by (Dixon, 1999),
looking at the possibility of preferred framework given by this model.

41 I PROCESS ALARM MANAGEMENT – AN INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS

 4.1. Safety Critical Hierarchy
(Hollnagel, et al., 2006), elaborated resilience engineering into safety critical systems. By
definition, when a system continues to operate or recovers to operate in stable state after a
mishap, this is called resilience. This thesis would like to adapt a model from (Hollnagel, et al.,
2006) work, which depicts a general form of socio-technical control shown below.

Figure 14 Hierarchical model for safe and reliable operations - Derived from (Hollnagel, et al., 2006)

Though the original model integrates all aspects of risk including organizational and social, this
study chooses to limit its discussion related to organisational aspects and models which have
been rebuilt based on our constraints and scope of research. This model emphasizes the
interaction between system development and system operations. Without such interaction, the
inherent safe design within the development will not benefit during system operations.

Applying this model to an alarm management system enhances the opportunity for clear and
effective communication channels between the various stakeholders mentioned earlier in this
chapter. Effective communication channels need to be established within this hierarchy,
whereas the downward reference channel provides instruction and the upward reference
channel provides measurements. Instructions are discussed in terms of regulations,

P ROCESS A LARM M ANAGEMENT – A N INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS I 42

standards, specifications, work instructions, etc., while measurements are considered to be
reports, schedules, and performance indexes.

Development of an alarm system following this hierarchy, along with cost effectiveness,
demands a management system. A system which can accommodate the interaction between
system development and system operations, transforming regulations into standard practices
with a built-in “safety aspect.”

Incorporating this safety embedded design into operations provides effective results so that
the motive of inherent safe design is accomplished successfully. Refer to section 6.7
“Research Case Study,” for the achieved results and accomplished goals rendering the focus
defined by this research.

4.2. The Experiential Learning

Whether it is an alarm system or any other support system, it takes a collective effort by all
stake holders involved to understand the system and to lay out continuous improvement plans
by learning the core purpose of the system. Organisational learning is a cyclic process defined
by (Dixon, 1999) consisting of four major steps including generation of information, integration
of new information, collective interpretation and taking responsible action based on
interpretation.

As it is shown Figure 15, Dixon has laid out the individual experiential circle (known as Kolb´s
circle) within a greater learning circle, a complete fit for an organisation learning. An individual
learning progress is represented by this inner circle and represents the seed for greater
learning.
• The ´concrete experience´ does not mean the vicarious experience we receive through
books, but a real experience.
• The ´reflective observation´ is a conscious reflection of what has occurred through
experience and it is prominently influenced by our expectations.

43 I PROCESS ALARM MANAGEMENT – AN INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS

 Figure 15 The Experiential learning cycle with in an Organisational Learning Cycle (Dixon, 1999)

• The ´Abstract Conceptualization´ involves relating the new information we have

experienced to existing meaning structures and create a new meaning.
• The ´Active experimentation´ is the final step in Kolb´s model and at this step we test
out the meaning that we have constructed by taking action in the world.

The term meaning refers to “making sense out of what we have experienced or learned”, Dixon
has referred (McClellan, 1983) to work regarding categorisation of this meaning as private,
accessible, and collective.

Private meaning can be referred to that meaning which the individual constructs from his/her
learning or experiences, but does not make accessible to others in the organisation. A second
category of meaning is that which individuals do make available to others within the
organisation, and it is known as accessible meaning. Whereas the collective meaning is that
which organisational members hold in common such as norms, strategies, policies, etc.

In her work, Dixon mainly underscores accessible meaning, and she believes in organisations
learning in the “hallways”, a concept of sharing acquired knowledge freely among co-workers,
team leads and stake holders.

The greater circle including the steps of generating, integrating, interpreting, and acting which
represents an organisational learning circle, is typically carried out by different departments
within the organisation, and may severely limit the capability of organisation learning. This part
of the model highlights the fact that the organisational members who generate new ideas will
need to be involved in the interpretation, and need to have complete understanding of the

P ROCESS A LARM M ANAGEMENT – A N INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS I 44

context. The organisational members who make their interpretation, need to act on it to learn
the extent to which their interpretation made sense. (Dixon, 1999)

However, this research limited its focus to the internal circle of experiential learning having
stages of concrete experience in alarm systems from various control rooms and reflective
observations by operators through their learning during all their years of experience. The
methodology of this research referred to in further sections allows us to abstract and
conceptualise the findings through interviews conducted.

There are many opportunities for research in the area of alarm management activities related
to life cycle activities as shown in Figure 8. The stage of active experimentation consists of
testing the meaning we have constructed through interview findings and identifying required
procedures to fit into the “Eldor Management System” (EMS) for successful implementation in
future projects. (See Appendix (I) Eldor Management System).

45 I PROCESS ALARM MANAGEMENT – AN INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS

5. Methodology
Many past accidents such as the Texaco oil refineries of (1994) reported some unpremeditated
influences but not limited to, failure in alarm response, high alarm rates, wrong prioritisation of
alarms, inconsistency in presentation of alarms, and lack of systematic training of the control
room operators in dealing with critical situations.

As a consequence of these events, many standards and guidelines have been established as
we discussed earlier in 2.5. However, it is not certain to what extent these design principles
and recommendations have been applied to operational systems.

This research has identified four dimensions of an alarm system as shown in Figure 16, and
established a questionnaire to address these challenges. By adopting the concept of
experiential learning stage 1 ´concrete experience´, interviews have been conducted with
various process control room operators covering both offshore and onshore, to reflect their
observations during their experience with alarm systems.

A separate set of questionnaires has been developed for the regulatory authorities to abstract
a conceptualisation from the experience of various supervision audits conducted by petroleum
safety authority in Norwegian continental shelf.

(Bockelmann, et al., 2017) highlight having a comprehensive checklist to analyse the current
design quality of alarm systems and alarm management routines to use in various control
rooms across different branches of industry.

With the identified regulations for alarm system management and performance requirements,
the questionnaires have been carefully laid out to address the rest of the research focus area:

How to develop a supportive system for process alarm management describing

procedures based on key regulations related to HSE framework?

P ROCESS A LARM M ANAGEMENT – A N INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS I 46

 Figure 16 Research Methodology - Process Alarm System Dimensions

5.1. Strategy
Significant research into existing regulations and understanding of organisation policies does
partially identify the specifics of an alarm system. As shown in the above methodology triangle,
for a reasonable completion of defining all specifics of an alarm system, a research strategy
should be in place.

47 I PROCESS ALARM MANAGEMENT – AN INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS

Mixed methods research is a methodology for conducting research that involves collecting,
analysing, and integrating both quantitative and qualitative research. This strategy has been
used for this research as it provides a better understanding of the research problem than either
a pure quantitative or pure qualitative approach.

Quantitative data includes close-ended information in order to help us measure various

dimensions of an issue through observations and behaviours. The analysis of this type of data
consists of statistically analysing scores collected on tools used, in this case “questionnaires”
to answer research questions.

Qualitative data consists of open-ended information that the researcher usually gathers
through interviews, focus groups and observations. The analysis of the qualitative data
typically follows the path of aggregating it into categories of information and presenting the
diversity of ideas gathered during data collection. (ResourceCentre, 2016)

(McKim, 2017) mentioned the value of mixed methods research and specifically cited
passages of purely quantitative and purely qualitative approaches. The increase in perceived
value of research using mixed methods is comparable with a purely quantitative or purely
qualitative study. Mixed methods research requires additional time due to the need to collect
and analyse data in two different ways.

5.1.1. Time Horizon

Researchers compare many different variables at the same time, characterised by cross-
sectional study, in contrast to longitudinal study researches which make several observations
on the same subject over a period of time, sometimes lasting up to many years (AT WORK,
2015). Both types of research studies are observational, and researchers record information
about their subjects without manipulating the study environment.

This research is a combination of both longitudinal and cross-sectional study. The competent
experience of operators on alarm systems for so many years brings the longitudinal
characteristics along with acquired expertise from various participants imparts cross-sectional
features to this research.
As it is clearly evident that, the longitudinal feature of this research is intangible phenomenon,
keeping a set period of 8 months’ time horizon been chosen, especially with the necessity of
data collection and analysis from various interviews, chosen time horizon proved to be optimal.

P ROCESS A LARM M ANAGEMENT – A N INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS I 48

 5.1.2. Levels of Research

As opposed to a traditional purely quantitative approach or purely qualitative approach, this

thesis administrated participants a questionnaire and conducted interviews. The results were
presented in a typically quantitative format with included statistics median and mode values,
along with derived specifics of alarm management requirements through interviews. The
detailed levels in this research are explained below.

The research has been divided into various levels as shown in table below, and each level has
its own significance in carrying relative meaning towards the final stage of research outcomes.

Level 1 Questionnaire development

Level 2 Identify relevant Offshore/Onshore fields and
organisations
Level 3 Informal introduction and preliminary screening
Level 4 Fine tuning of Questionnaire

Level 5 Interviews and Data gathering

Level 6 Abstract Conceptualisation (Median/Mode)
Level 7 Final interpretation (Active experimentation)
Table 10 Levels of Research

5.2. Questionnaires

With the given problem defined and corresponding research focus identified in section 1.2, a
research questionnaire was developed during the first level of this research. Various sets of
questions were prepared conferring to the target group, covering the following to achieve the
specifics required for the research focus specified above.
i. Operators Questionnaire: A questionnaire to realise CCR operators experience and
reflect their observations

ii. Alarm System Audit Questionnaire: A questionnaire to gather alarm system audit
essentials and regulatory authority’s perspective for an acceptable alarm system in
both Offshore/Onshore industries.

5.2.1. Operator Questionnaire

This questionnaire was mainly divided into 4 sections. Section 1 and section 2 focused on the
personnel profiles of interviewees, and the working environment of control rooms in process
industry cover the following:

49 I PROCESS ALARM MANAGEMENT – AN INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS

 1. Position in the organisation, length of service, and roles and responsibilities
2. Working environment conditions and alarm system role as a support function

Section 3 and 4 were specifically designed to assess the quality of present alarm systems and
post alarm project improvements, covering the following:
3. What is the quality of the alarm system in process control room?
4. What are the consequences due to poor performance of the alarm system in terms of
personnel, environmental and financial losses?
5. What are the operator’s expectations and their team leader’s confidence with regards
to support they are getting during normal and disturbed operational conditions?
6. What was their previous experience in alarm projects?
7. What would be the requirements for a change management aspect considering
maintaining alarm system in line with specified performance standards?

5.2.2. Audit Questionnaire

This questionnaire has been designed particularly to conceptualise the alarm system audit
supervision essentials, such as:
1. Regulations and their compliance requirements
2. The role of various government agencies while drafting regulations
3. Understanding auditing processes and tools which support the auditing process
4. How to assess the quality of alarm system design
5. Companies’ obligatory requirement towards compliance

5.3. Preparation and Preliminary Screening

During the initial phases of this research, the emphasis was to select organisations and their
operational profile, focusing on learning and reflecting their observations from various types of
assets, offshore and onshore, mainly in oil and gas sector.

A team of 3 participants (One Operator, Engineering Manager and Department Manager)

having expertise in alarm management activities at various stages were presented the concept
with the draft version of questionnaire. Interviewees were asked to depict characteristics that
they felt were relevant and suggestions to improve the questionnaire. The “words and
expressions” used by these interviewees were taken into consideration carefully, to see if they
could be modified in cases where the existing words were too complex to understand (or) failed
to convey the point of interest.

P ROCESS A LARM M ANAGEMENT – A N INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS I 50

Through this preliminary screening, roughly around 17 alarm performance characteristics,
changes in various sections and meaningful wording in questions were suggested. Both
questionnaires, Operators Questionnaire and Audit Questionnaire were adjusted according to
these findings and it will be the basis for final interviews.

See Appendix (IV) Operators Questionnaire and Appendix (V) Audit Questionnaire.

5.3.1. Interviews

As the questionnaire was restructured based on preliminary interview suggestions, the process
of face-to-face interviews was initiated. Interview schedules were based on offshore rotations
and simulator training sessions in such a way that participants were able to give the interviews
their full attention. Broadly, the respondents were divided into 4 categories: Process
Coordinator (n=2), Control Room Technician (n=4), CCR Operators (n=3) and Automation
Engineer (n=1)

The organisations were grouped considering the fact that responsibilities shared by particular
positions in any organisation are more or less similar in nature. The experience carried by each
category varies from 36 months to 228 months, with statistical median of 84 months. See
Appendix (VI) Interviews- Quantitative phase descriptive statistics for statistical results of
quantitative data included in this research.

Figure 17 Respondents portfolio & Participation percentage

This level of the research is a result of concrete experience and reflective observations
mentioned in Kolb´s circle shown in Figure 15 and the work cited by (Dixon, 1999) as discussed

51 I PROCESS ALARM MANAGEMENT – AN INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS

in our earlier sections. To abstract and conceptualise the reflections observed through
interviews, this research used quantitative data analysis.

5.3.2. Data Analysis and Final Interpretation

The system development hierarchical model suggested by (Hollnagel, et al., 2006), which we
defined in section 4.1, underlines the steps that may lead to design documentation based on
the requirements as a result of experience based reflections. It also identified regulations and
individual organisational policies overlaying set criteria for design basis, but the result of
quantitative data analysis added additional elements of alarm system specifics for better
operational support.

The observations both quantitative and qualitative, will be discussed in a short while and these
findings will clarify the elements required for alarm system specifics.

5.4. Validity and Reliability

The team of interviewees and organisations chosen for this research contributed to successful
dialogue and predominantly set the right course of action throughout the process. The
questionnaire administered and the respondent´s belief in it, has been the key reliable factor
to continue with the methodology this thesis believed to practice. As each individual has been
interviewed face-to-face and completed the interview within a limited period (say 60 minutes),
and has provided the necessary information required, there was no misunderstanding or failure
in perception of the existing meaning.

It is made to maintain the confidentiality of the respondent to ensure that the participants
response is valid. The assurance was given to participants through thesis consent that their
participation in this research would not be revealed either implicitly or explicitly. As the research
was conducted within various organisations and the length of experience of participants differs
greatly, the results should be representative of experience from present systems or experience
from the installations in the past.

P ROCESS A LARM M ANAGEMENT – A N INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS I 52

6. Findings Analysis and Discussions
The research area and research focus identified in section 1.2 continues to be in focus while
transferring the empirical findings into relevant processes for alarm system specifics.

How to develop a supportive system for process alarm management describing

procedures based on key regulations related to HSE framework?

Therefore, to answer one of this research question, the supportive functionalities which may
need to be included must be examined for overall alarm system performance. The underlined
findings, and their analysis, synthesis against existing literature, and lastly literature, will be
produced.

6.1. Interview Results

Following is a quick summary of interview findings and their meaning related to a functional
alarm system before getting into quantitative and qualitative data analysis:

Most of the alarm Confusing Alarm Cost incurred due to

systems designed only for Systems poor performance
normal operations
•Too many standing alarms •Plant shutdowns caused by
•Alarm flood after a plant causes difficulty to find missing important alarms
shutdown must be taken care recent alarms •Time spent on trying to
•Lot of alarm noise from utility • Too many control system understand alarms
systems, where as main diagnostic alams hard to •Dedicated resources to
process area is well tuned understand handle Top-10 nuisance
• Recommended to have •Alarms without any process alarms
different alarm settings display creates confusion of •Lack of reporting procedures
during start-up and normal where this alarms comes leads to repetetive
operations from Optimisation projects

As cited in Kolb’s circle, shown in Figure 15, data has been collected based on operators’
experience with alarm systems and their reflective observations, it’s a phase of conceptualising
the given data and abstracting the interview results.

53 I PROCESS ALARM MANAGEMENT – AN INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS

 6.1.1. Design Constrains

Based on the results, it is quite evident that most of the alarm systems are designed only for
normal operations. When there is a plant shutdown or a disturbance, there are a large number
of consequential alarms (e.g. Equipment not running, pump discharge pressure low etc.) which
come from the equipment which is out of operation. These alarms are not relevant in that
context, and they fill up the alarm list creating a situation called alarm flood or alarm rush. Most
of these alarms in the alarm flood belong to supportive systems (utility systems) rather than
the main process area.

Similarly, it is challenging to use or rely on alarm systems during plant start-up, where the
majority of the plant dynamics operate at different working levels compared to regular
operations (e.g. The buy-back gas flow value is relatively high during start-up, whereas it’s
almost zero during normal operations). The alarm settings on individual process parameters
are different during the start-up operating envelope, resulting in a lot of alarm noise during
plant start-up. This kind of noise in alarm system will result in abandoned alarm system core
functionality such as “Alerting an operator about deviation in process parameter.”

6.1.2. Complexity creates Confusion

Enhanced technology in control systems and its feasibility to accept multiple communication
interfaces makes it easier for control system engineers and vendors to interface a large
number of 3rd party packages with the main control system. This simplicity in engineering level
brings a lot of complexity at the operations level. Process engineers or control room operators
who were typically competent with process knowledge are not quite comfortable with
technology related diagnostic alarms. As highlighted in his own words by one of the senior
operators:
“System diagnostic alarms are the most annoying thing in alarm system”
System diagnostic alarms do not carry any useful information either to operators or team
supervisors. This challenge is further intensified by a lack of proper display or control system
panel/cabinet details within the alarm text or alarm help. It has been observed that most of the
fire and gas alarms detector alarms are also missing proper process displays, without which it
is quite hard to evaluate the consequence of an alarm and action which needs to be taken due
to lack of alarm whereabouts.

The second most annoying thing about alarm systems is “Standing Alarm”, an alarm which
has been active for quite long period, typically more than 24 Hrs. A high number of standing

P ROCESS A LARM M ANAGEMENT – A N INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS I 54

alarms will result in the whole alarm screen being filled up and difficulty in finding the most
recent alarms.

6.1.3. Cost Incurred

Though its unsure to impart poor performance of an alarm system towards an unwanted
incident such as safety incident, environmental spillage, or plant shutdown, it certainly plays a
vital role whenever there is an unwanted incident. As revealed during the interviews, an
unwanted incident may not necessarily be an incident which has happened, but an uncertainty
in plant operations due to non-understandable alarms, too many alarms, alarms without any
value etc.

A functional and supportive alarm system was stressed in both regulations and organisational
policies during normal and plant disturbed conditions. Interviewees also agreed about the
same regarding lack of proper procedures to assess the performance of an alarm system
periodically. The management routines to assess the performance of an alarm system were
specified as an important stage in alarm management life cycle during operations and
maintenance (See Figure 8 Alarm Management Life-Cycle ISA 18.2). Any incident which we
think of as alarm system failure should be reported and documented, missing these routines
makes it harder to make any investment decisions to further improve alarm systems.

Most of the installations usually have a dedicated team to deal with the top 10 nuisance alarms,
chattering alarms and standing alarms. Usually, failed instrument diagnostic alarms and
chattering alarms cause a lot of noise and fill up nearly 70 to 80 percentage of total alarm load.
Proper management routines and reporting processes help the engineering team deal with
these alarms well before they become actual noise, thereby reducing the cost incurred.

6.2. Quantitative Phase Results

Descriptive statistics were calculated for each alarm system specification based on interviews,
where the specifications were projected as questions. The results, calculated using statistical
analysis, are presented below (see Table 11 Quantitative descriptive statistical analysis -
Alarm System Specifications). The descriptive statistics revealed several interesting facts
about control and safety alarm system improvement specifications as a result of abstractive
conceptualisations based on experienced operator’s reflections.

55 I PROCESS ALARM MANAGEMENT – AN INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS

The descriptive statistic results shown below are purely based on the interviews conducted
with participants with portfolio discussed in section 5.3.1 with respondent’s portfolio and
participation percentage as shown in Figure 17.
Working Median Mode Minimum Maximum Result
Environment/Alarm Statistic Statistic Statistic Statistic
System Specification
No: of days per rotation in 14 10 240 14 days Rotation
CCR?
Do you serve in Field as 50 40 100 50 % field position
well?
Length of experience in site 84 36 228 84 months
/installation –Yrs./Mon?
Does this process plant 1 1 2 1 Central Control Room
have more than one control
room?
No: of operators per shift in 2 1 3 2 Operators
CCR?
No: of Operator stations? 4 1 5 4 Operator Stations

Alarm Response Allocation, 0 0 6 Based on operator

when new alarm comes?
Supporting systems for
process monitoring /
emergency?
Other means of alerting
apart from control and
safety alarm system?
Does Alarm system support
you as it should for different
plant conditions?
How often alarm comes in
normal operations?
availability
6 6 6 Alarm Systems, HMI,
Radio, Lamps, PA, CAP,
CCTV, LSD
-2 -2 6 No Others
8 0 10 OK (Designed to support
during normal operations
only not very supportive
during plant shutdown)
10 2 10 Very Often

What is the most annoying 12 2 26 Too Many Standing Alarms

thing about the alarm
(700 standing alarms)
system – 1st
What is the most annoying 2 2 26 Non-Understandable Alarm
thing about the alarm text
system – 2nd
What is the most annoying 8 6 26 Alarms without any value
thing about the alarm
system – 3rd
Do you believe in better 10 6 10 Yes
control of operations if alarm
system improved?
Do you think of any incident 10 10 10 Yes
connected to poor
performance of alarm
system?
How many incidents? 2 -2 12 1-5
Any Health, Safety and 6 2 6 Environmental Damage
Environmental incident
among these?

P ROCESS A LARM M ANAGEMENT – A N INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS I 56

 Working Median Mode Minimum Maximum Result
Environment/Alarm Statistic Statistic Statistic Statistic
System Specification
Major consequence for a 4 2 6 Economic Losses
process shutdown

Time to get back to normal 12 6 12 12 Hours

production after Pressurised
shutdown?
Time to get back to normal 24 8 48 24 Hours
production after De-
Pressurised shutdown?
Typical financial loss in case 6 2.5 200 6 Million Dollars Per day
of a process shutdown?

Investment drivers for an 4 4 6 Reducing Downtime and

alarm engineering project Regulatory Compliance

Does your team 10 -1 10 Yes

leads/Supervisor takes
alarm system in
confidence?
Previous experience with in 0 -2 16 Optimisation Projects
alarm projects?

Alarms per Workshop (Time 500 500 500 500 Alarms per 5 days’
spent on Optimisation) workshop

Difference in alarm system 16 2 32 Less number of standing

performance before and alarms
after (If there is an alarm
project) – 1st
Difference in alarm system 2 2 32 Understandable Alarms
performance before and
after (If there is an alarm
project) – 2nd
Alarm load after alarm 2 0 6 Stable: 1 to 10 Alarms/ 10
project (If there is an alarm minutes
project)
Did alarm project had all 8 6 10 To some extent
aspects of alarm
engineering (If there is an
alarm project)
Continuous improvement 12 6 24 Maintain Alarm philosophy
aspect among alarm system
specifications? – 1st
Continuous improvement 8 6 24 Alarms on Removed
aspect among alarm system Equipment
specifications? – 2nd
Usability of improved alarm 8 -1 10 OK (Still there is possibility
system (If there is an alarm to improve thereby
project) enhance the plant
operations)
Table 11 Quantitative descriptive statistical analysis - Alarm System Specifications

The results have been derived based on descriptive statistics evaluated among working
environment in CCR, operators experience on alarm systems, and alarm projects’ role in

57 I PROCESS ALARM MANAGEMENT – AN INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS

improving operations. To accommodate all possible results both (Median: A number in
statistics that tells where the middle of a data set is) and (Mode: The value that occurs the
most often in a data set) have been used. Wherever the operator must select multiple choices
among given alternatives, “Mode” formula has been used, otherwise “Median” formula used in
all other instances.

A further analysis of these results enable us to understand the core problems related to alarm
systems, control room operating conditions and operator’s response allocation. As
differentiated by various shades in above table the results are grouped into three categories
1. Control room operator experience profile and working environment
2. Control room operator experience on control and safety alarm system
3. Commencement of alarm projects role in improved operations

For instance, operators were asked to rank design constrains in an alarm system on which
they are working, among four different ratings given below.
• Very Good: Alarm system is supportive during both normal operations and plant
disturbed conditions
• OK: Alarm system is supportive during normal operations only
• Poor: Alarm system is supportive partially
• Very Poor: Alarm system is not supportive

The below graph represents the participants’ ranking of the alarm systems they are working
on among four given ratings.

Figure 18 Operators ranking of alarm system

P ROCESS A LARM M ANAGEMENT – A N INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS I 58

Similar kind of ratings and participants’ ranking for various specifications of alarm system have
been collected and analysed to abstract the operators experience and their reflections. For a
complete analysis, see Appendix (VI) Interviews- Quantitative phase descriptive statistics.

6.3. Qualitative Phase Results

The qualitative component of this study pursued to answer those questions which were not
possible to be addressed in the quantitative phase of study such as documentation
requirements, management routines etc. This component of the study allows this research to
further understand qualitative features of the alarm systems by taking inputs from both
questionnaires (see Appendix (IV) Operators Questionnaire and Appendix (V) Audit
Questionnaire).

Participants were asked about alarm system specifics on which they work, performance, past
experience with alarm projects, working environment in CCR, and other supportive systems,
the findings were interesting, and the value of this qualitative study was twofold. First, it helps
to understand the operator’s view about alarm systems not just as a supportive system, rather
as an important functional element in safe operations. Second, this study reveals the basic
building blocks required to design and establish a functional alarm system.

Alarm System Findings Remarks

Attribute
Documentation • Alarm system functionality has not been
formed based on documentation
available
• More or less alarm systems are
designed and presented based on SAS
system vendor standard solutions
In a typical process plant,
offshore or onshore the control
systems are delivered by
multiple vendors.
Without a common integrated
system philosophy, operators
will be presented with alarms
differently on different systems,
which may lead to confusion
about understanding alarms
and possibility of missing
required operator action.

59 I PROCESS ALARM MANAGEMENT – AN INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS

Alarm System Findings Remarks
Attribute
Management • Most of the organisations have not such as
Routines established routines and systematic Routines for measuring alarm
procedures to maintain alarm system, system performance are
though this is one of the defined safety missing
barrier
• Minimum focus on alarm system Definition of Roles and
problems in formal reporting, based on Responsibilities corresponding
regulations for registering and to alarm system improvements
following up of unwanted incidents are not clearly established

Alarm Load • Operators are presented with so many 5000 events per second in
(Alarms per time alarms in both normal operations and case of ESD 1.0 (Highest level
period, e.g. disturbed conditions of shutdown).
10minutes) • Emergency shutdown causes several
The stress levels of operators
consequence alarms leads to alarm
tend to increase due to high
rush
alarm rush.

Alarm Value • A greater part of the alarms presented
(The purpose of to the operator have less or no value
alarm) to the operator
• Sometimes signals are not configured
as alarms where they supposed to be.
It misleads operators and spends lot
of time to investigate shutdowns
Most of the alarms just carry
the status information rather
than the situation which needs
some action from operator
Investigation to find root cause
of a shutdown nearly takes 50
minutes

Alarm • Difficult to understand text/ Too many abbreviations in

Description/ Text Abbreviations in alarm description alarm description leads to
• difficult to understand the
context of alarm

System Related • Too many control system diagnostic Control system generates too
Alarms alarms rather than process alarms many diagnostic alarms and
(Control system they are hard to understand.
Diagnostic The uncertainty about operator
Alarms) action for system diagnostic
alarms leads to mistrust alarm
system.

P ROCESS A LARM M ANAGEMENT – A N INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS I 60

 Alarm System Findings Remarks
Attribute
Prioritisation • Alarms not been prioritised in a way, it The risk tolerance defined by
(Criticality helps the operator to identify and take urgency vs severity is not
assigned to necessary action in various properly defined or not followed
alarm based on operational conditions
severity of
consequence
and urgency for
operator action)

Presentation • Inconsistency in alarm presentation for Operators fatigue due to too

different systems due to lack
integrated philosophy and control
system vendor dependability for
designing alarm systems
• Navigation between alarm screen is
not consistent
many colours and audible
sound frequencies.
Stress on operators to
memorise various layouts of
alarm screen for different
systems

Unnecessary • A large quantity of alarms have been A large number of nuisance

Alarms observed coming from equipment alarms come from marine and
(Alarms comes which has been stopped (Standby utility systems such as cooling
from the equipment), or equipment under water, ballast and storage
removed maintenance tanks, sewage and cargo
equipment or out systems etc.
• 4 extra alarms on each real alarm
of operation)
2 or 3 alarms are only useful
out of 10 random alarms

Safety Related • Safety related alarms are not explicitly It is a requirement to

Alarms identified. distinguish between normal
process alarms and safety
It is important to present in a different related alarms presentation
way to make sure that operators
cannot oversee or misunderstand
information

Training • Training on new systems and their Implementing in simulator and

alarm behaviour is missing training for the operators could
have been given more
awareness of newly adapted
design

Table 12 Qualitative analysis - Alarm System Specifications

61 I PROCESS ALARM MANAGEMENT – AN INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS

 6.3.1. Analysis- Alarm Optimisation Process

The Optimisation activity predominantly consists of:

• Removing unnecessary alarms (Alarm clean-up)
• Configuring alarms with meaningful and understandable text
• Correct prioritisation
• Alarm help preparation including: cause, consequence, and operator action

Though there are some additional methods of alarm management activities such as alarm
suppression, alarm grouping and alarm tuning are part of alarm Optimisation, these activities
will be called upon during either Top- 10 (sometimes its referred as Top- N) analysis, standing
alarm analysis or to reduce alarm chattering.

Here are some findings and observations which dramatically change the perception of “Activity
of Optimisation” during this study. Optimisation is not a one-time event, it is a continuous clean-
up activity, and revision of work and reporting of bad actors shall be in place. An Optimisation
level of 100% is only achieved right at the start, and over the course of some years, the
performance will be degraded. Continuous focus, reporting and revising on the alarm
engineering works is necessary, and a change management process should be in place.

This study also reveals that, most of the alarm projects did not assign a dedicated team for
Optimisation. An alarm team which is chosen during the early stages of the project should
continue to improve the efficiency by keeping the same focus and philosophy. Failure to
maintain the same team throughout the Optimisation process leads to loss of consistency in
work and clear understanding. It is very important to have experts from different systems on
the team during Optimisation, it gives operators confidence in prioritisation, good text, and on
top of that it saves a lot of time in workshops.

This thesis chose to use the term optimisation instead of rationalisation. The process of
optimisation and the improvement effect on operations is not linear, achieving 30%
optimisation does not mean you will get 30% better performance. An illustration of the progress
of an alarm project- Optimisation progress and its effect on improved operations is shown
below.

P ROCESS A LARM M ANAGEMENT – A N INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS I 62

 Figure 19 Alarm Project - Optimisation activity effect on improved operations

As shown in the above diagram, the result of Optimisation project activity will not be visible
until it reaches the tail end of the project stage. Both operators and control system engineers
agree upon the fact that alarm projects like Optimisation activities shall be performed for the
whole plant to realise improved operations. Largely, the focus for alarm projects is on random
systems, based on high alarm load at that moment rather than a systematic Optimisation
methodology. A detailed pre-study is required to ensure the subprojects (different activities)
come in the correct order to optimise workflow.

During alarm clean up activity, which is a part of Optimisation, participants observed that while
the project is undergoing commissioning, one should follow a more stringent alarm philosophy
and be more restrictive when implementing alarms from 3rd party systems. “Implement-all-
available-alarms-during commissioning” as it will be hard to clean up alarms afterwards when
all the “Vendors are gone”, as they figuratively drown in “black boxes”.

6.4. Connecting the Quantitative and Qualitative Findings

Overall, the quantitative results show the consequences of poor performance of alarm systems
in terms of number of plant shutdowns, time to get back to normal production, economic
consequences, and time spent on alarm projects. A qualitative study shows operators’
concerns about the quality of alarm systems when it comes to validity of alarms during
disturbed plant conditions, management routines for reporting, and training.

The findings from the qualitative phase also reveal that, organisation expenses are mainly
based on the value it produces at the moment, so any production shutdown creates a deficit

63 I PROCESS ALARM MANAGEMENT – AN INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS

and equates to spending money with no return. Economic loss may not be directly related to
the deficit created by plant shutdown but also consists of:
1. Time spent on trying to understand alarms
2. Time spent without fixing the issue is a type of economic loss.
3. Moving focus from regular operations to fixing the alarm issues

This part of the research represents the “Active experimentation” stage of experiential learning
cycle, referred to by (Dixon, 1999) in his work on organisational learning. Though there are
several aspects of alarm systems, which were abstracted through both quantitative and
qualitative findings, this part of the research is only interested in addressing the core issues
identified by the participants as given below for active experimentation.

Research and relevant regulations serve as a benchmark to measure and estimate the gap
between the findings identified through quantitative and qualitative study. The estimated gap
and associated findings lead us to the development of required processes. The system
development of the (Hollnagel, et al., 2006) model described in section 4.1 suggests this
hierarchy for further design and interface into operations:

Aspect of Research Regulation Quantitative finding Qualitative finding

Alarm system support (The Facilities Regulations,
2015) § 21
The presented information
shall be correct and easily
understandable.
Information systems shall
be designed for both
normal and critical
situations.
Alarm system design Alarm systems are
constrains limited its designed only for normal
performance to 80%, a operations and limited
further possibility of 20 functionality during plant
% improvement is shutdown
identified

Alarm Rush (The Facilities Regulations,
2015) § 34a
(Technical and Operational
Regulations, 2016) §33a
5000 events per second The stress levels of
in case of emergency operators tend to
shutdown increase due to high
alarm rush

The alarm systems allow

for suppressing and
reducing alarms, so as to
avoid mental stress for
control room personnel
during interruptions in
operations and accident
incidents.

P ROCESS A LARM M ANAGEMENT – A N INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS I 64

 Standing Alarms and (The Facilities Regulations,
Chattering Alarms 2015) § 21
Monitor-based equipment
and other technical
equipment for monitoring,
controlling and operating
machines, installations or
production processes, shall
be designed to reduce the
risk of mistakes that can
have an impact on safety.
Management routines (The Framework
and Optimisation Regulations, 2016) §17
templates The responsible party shall
establish, follow up and
further develop a
management system
designed to ensure
compliance with
requirements in the health,
safety and environment
legislation.
(The Management
Regulations, 2016) § 8
The responsible party shall
set internal requirements
that put regulatory
requirements in concrete
terms, and that contribute
to achieving the objectives
for health, safety and the
environment, cf. Section 7
regarding objectives and
strategies. If the internal
requirements are
expressed as functional
requirements, achievement
criteria shall be set.
Economic loss NA
nearly 6 million dollars
per day
Table 13 Research findings chosen for active experimentation
65 I PROCESS ALARM MANAGEMENT – AN INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS
Nearly 700 Standing Hard to manoeuvre
alarms between alarm screen to
find recent alarm
2 or 3 alarms are only
useful out of 10 random Unwanted consequential
alarms alarms from equipment
out of operation
Faulty equipment
No dead band sets
No 'delay-off' set
Instrument out of range
errors
NA Most of the organisations
have not established
routines and systematic
procedures to maintain
alarm system, though
this is one of the defined
safety barrier
Implement-all-available-
alarms-philosophy during
commissioning is hard to
clean afterwards when all
the “Vendor’s are gone”,
as they sort of drown in
“black boxes”.
12 to 24 hours to revive Loss of time spent on
from a major shutdown understanding alarms
Moving focus from
1 to 5 shutdowns per regular operations to
year accredited to poor fixing alarm issues
performance of alarm
system
 6.5. Discussions

Recalling our research focus, identifying regulations and adapting these findings will help us
to define procedures to build a functional alarm system.
How to develop a supportive system for process alarm management describing
procedures based on key regulations related to HSE framework?
and
“Justification for an alarm management activity to evaluate and support a business
case having key investment drivers in terms of losses due to poor performance of
alarm system”
Referring to the model chosen for this research derived from (Hollnagel, et al., 2006), the
system development is one step closer to redefining and adapting this research methodology.
(See Figure 14 Hierarchical model for safe and reliable operations - Derived from Hollnagel,
et al., 2006). The interaction between system development and system operations suggested
by this model has been studied partially during this research through answering the
questionnaire “Section 4: Alarm Management Activity Experience” (See Appendix (IV)
Operators Questionnaire).

As shown further below in the hierarchical model (See Figure 20), each and every organisation
has their own philosophy document which they use to design alarm systems. By definition,
“The alarm philosophy serves as the framework to establish the criteria, definitions, and
principles for the alarm lifecycle stages by specifying items including; the methods for alarm
identification, rationalization, classification, prioritization, monitoring, management of change,
and audit to be followed”. (International Society of Automation, 2009)

Regulations and guidelines will establish the rule set of “Shalls” and “Shoulds” on various
aspects of alarm systems. The same set of rules will be inherited by companies and adapted
to their organisation policies to recreate a modified rule set called “Alarm Philosophy”. None
of these documents clearly mentions “How to achieve” this rule set of “Shalls” and “Shoulds”,
and that will be the core focus area for this research as depicted in below illustration.

P ROCESS A LARM M ANAGEMENT – A N INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS I 66

 System Development
Regulatory Agencies

Identified Regulations
And Guidelines

Regulated (Companies)
Company defined
Alarm Philosophy Document Research Focus

Quantitative Findings Qualitative Findings

Design Documentation & Justification

• Procedures
• Templates/Check lists
• Business Case

Implementation
Improved Operations

Figure 20 Hierarchical model - System development (Research Focus identified)

6.5.1. Active Experimentation - Procedures

As this research has already delineated in previous sections, “Eldor Management System”
(EMS) has been used as an intermediate accompanying system to compare and there by
producing necessary processes to answer those research findings chosen for active
experimentation stated in Table 13.

A further examination of the existing process map within EMS (see Appendix (II) EMS Process
Map – Process Alarm Management), the following actions are recommended to address the
findings chosen for this stage.

67 I PROCESS ALARM MANAGEMENT – AN INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS

 Aspect of Potential Recommended Method(s) for
Typical Cause(s)
Research Consequence Action(s) Addressing Issue
1. Alarm Rush ESD / PSD Using the status of the Automatically hide
Alarm floods (ESD 1.0/ ESD 2.1/ ESD plant, recommended to alarms according to
overwhelm an 2.2 /PSD 4.0) hide all the alarms. the operating mode
operator’s ability to of the plant
properly respond to Depressurised shutdown
alarms
Main Power Loss

2. Number of Standing alarms can Equipment not running Recommended auto Automatically
standing become “stale” and suppression based on suppress alarms
alarms at any after some period, Equipment out of order equipment status (e.g. based on equipment
instance in become Running status, Out of status.
time meaningless. One Service or
needs to consider if Decommissioned)
the alarm does not
clear, is a hazard still
present.

3. Unnecessary Alarms that Faulty equipment Check alarm Tune alarm settings
and chattering annunciate and clear configuration i.e. dead on nuisance alarms
alarms before the operator No dead band sets band, delay-off, filter
can respond, will Adjust dead bands
No 'delay-off' set Check instrument on alarms which
create a situation
Instrument out of range installation, often repeat
where the operator
becomes insensitive errors configuration, etc.
to the alarms that Carryout data analysis
could one day be to determine conditions
genuine that causes the fleeting
alarms

Table 14 Active experimentation measures

6.5.1.1. Major Event Detector – Alarm Rush

Many installations have the following Emergency Shutdown (ESD) levels which will trigger
power outage called “Main Power Loss”. This will lead to an alarm rush with in first 10
minuets with almost 400 Alarms and nearly 5,000 status messages.

ESD1.0 – Main Power Isolation – Safeguarding of Non-Hazardous Area

ESD 2.0 – Depressurization –Blow down –Safeguarding of Hazardous Area

ESD 3.0 –Safeguarding of Process

This study has noticed that a large number of alarms come from the electrical equipment on/off
status due to main power loss therefore contributing to the major portion of alarm rush. All
these alarms are an expected consequence of main power loss. This research has taken this
as a primary measure to control alarm rush in the event of emergency shutdown. (Rothenberg,
2009) referred to it as a “Major Event” detector and the detector must be capable of identifying

P ROCESS A LARM M ANAGEMENT – A N INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS I 68

events such as breaker open, feeder tripped, and feedback error as mentioned above. The
following actions have been identified as a guidance for this activity:

Process Activities

• Identify correct ESD level and respective power outage blocks with
in the plant due to this shutdown

• Identify all relevant electrical equipment and alarms configured on

Design phase these equipment (Group of Alarms)

• Prepare a design basis for workshop for further justification.

• The workshop team might consist of process operators,

system/electrical engineer and workshop facilitator

• Tools to be used: Emergency shutdown reports, Single line

diagrams, Emergency shutdown level diagrams and Motor control
centre details
Workshop

• Justify for each group, its non-validity during emergency shutdown

and safe to hide these alarms from operator visibility

• Prepare a design basis for Implementation

• Vendor to review and update implementation typical per each group

of alarms
Review and Work Package
• Based on review comments and implementation typicals prepare a
work package for software updates

• Implement the required changes in software in test system and

Implementation prepare the software for testing

Internal Approval test (IAT) IAT: Full function test internally

and
Factory Approval test (FAT) FAT: spot checks (Along with approval authority and system owners)

• Install approved changes offshore (Remote implementation)

Installation offshore

• Update documentation as built

As build Documentation

Table 15 Procedural stages to handle Alarm Rush

69 I PROCESS ALARM MANAGEMENT – AN INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS

 6.5.1.1.1. Cost Effectiveness

Looking at the number of alarms (nearly 400 to 5,000), the volume of work involved in making
any software changes on individual alarms is huge. Software configuration for each alarm is
time consuming and cost involved in terms of resources, offshore travel, and safety approvals.
The suggested procedural stages mentioned in Table 15, have following cost benefits.
With Procedural Stages Without Procedural stages
A group of alarms hided based on major event Individual alarm hiding in place
(ESD 1.0 or ESD 2.0)
Grouping of alarms do not need logical changes Individual alarm hiding needs logical changes in
with in controllers controllers
No logical changes mean, no work permits or Needs work permits and safe job analysis
safe job analysis
Grouping can be implemented from onshore, no Offshore travel is mandatory for logical changes
offshore travel (considering changes in safety nodes)
Easy maintenance and less changes in existing As builds need to be developed
documentation
Table 16 Cost benefit analysis - Alarm Rush Procedure

6.5.1.2. Alarms on Equipment OutofOperation – Standing Alarms

Alarm suppression is a mechanism to prevent the indication of the alarm to an operator

(International Society of Automation, 2009). Process parameters such as pressure, flow,
temperature, and level on various process equipment need to be monitored to indicate if
there is any deviation. Alarms such as “High Pressure/Low Pressure”, “Low Level /High
Level”, “No Flow” or “High temperature/ Low Temperature” are mostly relevant and useful
during normal operations.

During process shutdowns, when equipment is under maintenance, or completely removed

from operations, some of these alarms are not relevant and operators were not necessarily
being informed about these alarms. In such cases, alarm suppression will be used based
on equipment status or shutdown status. Usually low pressure and low flow alarms will be
supressed when the equipment is not in operation using an Equipment Non-Running
signal.

The below scatter chart gives an overview of the total number of low alarms configured
and relevant suppression mechanism implemented by Equipment Non-Running signal for
a typical offshore installation. From this scatter chart, it is clearly evident that out of the

P ROCESS A LARM M ANAGEMENT – A N INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS I 70

 total configured alarms (indicated by Orange colour), only a minor percentage of alarms
are taken under suppression mechanism (indicated by Blue colour). This may be due to
the unavailability of running signal for most of the alarms.

Figure 21 Alarm Suppression configuration – A typical offshore installation

Note: WL indicates “Warning Low” Alarm, ALL indicates “Action LowLow” alarm

Nearly 40 to 50% of configured alarms can be supressed using process shutdown status
instead of equipment non-running status. Without proper suppression, most of these alarms
remain in the alarm list during equipment idle period and they become standing alarms. This
thesis tries to capture this potential and recommended procedural guidance to supress these
alarms based on process shutdown status.

Process Activities
• Identify all configured low pressure and low flow alarms on
various process equipment
• Ignore those alarms which already been taken into
Design phase suppression using equipment non-running status
• Prepare a design basis for workshop for further justification

• The workshop team might consist of process operators,

process engineer and workshop facilitator

• Tools to be used: Process Shutdown Level Diagrams,

Pipe and Instrumentation Diagrams, Process Graphics

• Justify each alarm for its non-validity during process

Workshop
shutdown and safe to hide this alarm from operator
visibility

• Prepare a design basis for Implementation

“Special measures shall be considered to allow independence

between safety systems”

71 I PROCESS ALARM MANAGEMENT – AN INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS

 Process Activities
• Vendor to review and update implementation typical per
each alarm
Review and Work Package
• Based on review comments and implementation typicals
prepare a work package for software updates

Implementation • Implement the required changes in software in test

system and prepare the software for testing

IAT: Full function test internally

Internal Approval test (IAT)
and FAT: spot checks (Along with approval authority and system
Factory Approval test (FAT) owners)

Installation offshore • Install approved changes offshore

As build Documentation • Update documentation as built

Table 17 Procedural stages to handle Standing Alarms

6.5.1.2.1. Cost Effectiveness

As a safety measure, standing alarms due to equipment out of operation can only be
suppressed using Equipment Non-Running signal (Hardwired Signal), in case of no hardwired
running signal availability it is not allowed to supress an alarm. Having understood the concept
of independence between safety systems (i.e. a failure in one system shall not adversely affect
the intended safety function of another system), no communication shall occur between a non-
safety system and any safety system. If special measures are implemented, a limited degree
of interconnection can be allowed. (The Norwegian Oil Industry Association, 2004). The
procedural stages suggested above have inherited those necessary special measures and
having the following cost benefits:
With Procedural Stages Without Procedural stages
Standing alarms hide using process shutdown New hardwired signal need to laid out for
levels (Provided valid interconnection is implementation of suppression
possible)
Easy to implement only logic level changes Hard to implement, requires space in panel,
spare capacity, competent resources
No shutdown required Shutdown required
Less updates on documentation As builds need to be developed
Table 18 Cost benefit analysis - Standing Alarm Procedures

P ROCESS A LARM M ANAGEMENT – A N INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS I 72

 6.5.1.3. Chattering Alarms – Faulty Equipment
Chattering Alarm is an alarm that repeatedly transitions between the alarm state and the
normal state in a short period of time. (International Society of Automation, 2009)

A detailed analysis of alarm loads reveals that only a small number of repetitive alarms
contribute to nearly 70% of the alarm load. In any typical offshore installation, alarm load is
largely contributed by only the top 10 repetitive (Or Chattering) alarms. The below illustration
is drawn based on top 2,000 alarms for a particular period. It clearly shows that the first four
alarms (YF, Y, WL and WH) cumulatively contribute 63% of the total number of alarms. (1250
out of 2000 alarms).

By looking at the distribution shown in Figure 22, the importance of Top- 10 alarm supervision
is quite apparent for improved operations, without which the operator soon abandons the alarm
system due to fatigue created by the large number of chattering alarms.

Figure 22 Top 2000 Alarm distribution - A typical offshore installation

This thesis chooses to adopt this challenge and recommended a procedural guidance to
reduce the chattering to the least possible level. The complete avoidance of chattering is hard
to achieve as the plant dynamics are too large to control only using recommended procedures.

Process Activities
• Select the time period to limit the scope of analysis
(Recommended to select 1 year)

• Select a criterion to filter out less noisy alarms (e.g. alarm

comes more than 100 times with in a selected period)

Design phase • List out all the alarms including both analog and digital
signals along with frequency of occurring within a selected
period

• Prepare a design basis for workshop for further justification

73 I PROCESS ALARM MANAGEMENT – AN INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS

 Process Activities
• The workshop team might consist of process operators,
process engineer and workshop facilitator

• Scrutinise each alarm for its repeated occurrence

• Tools to be used: Past trends, pending work orders (If

Workshop equipment is in maintenance or repair), Plant dynamics
based on age of the installation.

• Justification to increase dead band or delay time for each

alarm

• Prepare a design basis for Implementation

• Vendor to review and update implementation typical per

each alarm
Review and Work Package
• Based on review comments and implementation typicals
prepare a work package for software updates

• Implement the required changes in software in test system

Implementation
and prepare the software for testing

IAT: Full function test internally

Internal Approval test (IAT)
and FAT: spot checks (Along with approval authority and system
Factory Approval test (FAT) owners)

Installation offshore • Install approved changes offshore

As build Documentation • Update documentation as built

Table 19 Procedural stages to handle Chattering Alarms

6.5.1.3.1. Cost Effectiveness

Most organisations have an internal team to handle top-N alarms, the suggested process and
its implementation may not completely eliminate the challenges involved with repeated alarms,
but still have the following cost benefits:
With Procedural Stages Without Procedural stages
One time analysis for repetitive alarms and Loss of time and resources for repetitive
suggested measures analysis on same kind of problem
Moving focus from repetitive analysis to Repetitive analysis on same issue sets in loss of
operational improvements confidence
Improvement in performance indicators Few repetitive alarms create large deviation in
performance indexes
Table 20 Cost benefit analysis - Chattering Alarm procedures

P ROCESS A LARM M ANAGEMENT – A N INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS I 74

 6.5.2. Active Experimentation – Templates

6.5.2.1. Alarm Optimisation

It is very common to leave the detailed configuration of alarms to a later stage in major
development projects. The Process and Safety systems will be engineered and installed
leaving behind the alarm configuration. Most of the Alarm projects or Alarm Management
activities will be realized only on demand in terms of unwanted incidents or audit findings from
Authorities (Such as PSA).

During this study, it has been repeatedly stressed by various stakeholders that commencement
of alarm project activities should begin right from the start. “Implement-all-available-alarms-
during commissioning”, it will be hard to clean afterwards when all the “Vendor’s are gone”, as
they sort of drown in “black boxes”.

During the phase of qualitative study as mentioned in 6.3.1, the alarm optimisation process
and its importance should be highlighted right from the beginning during green field
development projects. This thesis has developed a standard temple which can be deployed
and maintained throughout the life cycle of alarms projects. (See Appendix (VII) Alarm
Optimisation Template)

Alarm Specific Configurable Parameter Remarks

Alarm Text Alarm Description Understandable text to describe, such as

“Equipment>service> destination area”
This syntax is only for guidance
Alarm Type High alarm, Low Alarm etc.
Alarm Message Any additional information related to alarms
(e.g. Alarm on driving end bearing etc.)
Alarm Help Purpose of Alarm Describe purpose of alarm
(e.g. to warn about high level in tank)
Possible Cause Describe cause of alarm
(e.g. Downstream valve closed)
Consequence Describe consequence of alarm
(e.g. May lead to oil spill on platform)
Operator Action Describe relevant actions necessary
(e.g. Visual check and open downstream valve)

75 I PROCESS ALARM MANAGEMENT – AN INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS

Alarm Specific Configurable Parameter Remarks

Priority Time to Respond Complex parameter to asses, but based on operator’s

Evaluation experience define some time scales such as (5 Min, 15
Min, 1 Hours and > 12Hrs etc.)
Urgency Define urgency in terms of time available to respond
(Refer company guidelines and operational procedures)
Severity Asses the severity of consequence (Refer company
guidelines and safety policies)
Priority Based on above three asses the priority (Ref company
specific Alarm Philosophy document)
Context Sensitivity Start-up Check if alarm is relevant during start-up
Process Shutdown Check if alarm is relevant during process shutdown
Emergency Shutdown Check if alarm is relevant during emergency shutdown
Alarm Hiding Based on context sensitivity hide the alarm from
operator visibility
Signal Alarm Delay default settings are available in (EEMUA, 2017), but its
Conditioning recommended to asses each alarm during optimisation
process and suggest relevant setting
Dead band default settings are available in (EEMUA, 2017), but its
recommended to asses each alarm during optimisation
process and suggest relevant setting
Grouping Validity Check if the alarm can be grouped with any other
alarm.
(Alarms having same operator actions can be grouped,
individual alarms in group will be hided from operator
visibility) *
Details List of all alarms that need to be grouped

Group Name Mention relevant group name

Classification Personnel Safety Classify according to identified consequence

Financial Consequence Classify according to identified consequence

Environmental Protection Classify according to identified consequence

Key Alarm Validity All Fire and Gas alarms are key alarms, but apart from
Fire and Gas alarms if there is any alarm which need
special focus to avoid escalation into safety incident,
then classify that alarm as key alarm
Likely Check if recommended operator action most likely
removes the alarm situation

P ROCESS A LARM M ANAGEMENT – A N INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS I 76

 Alarm Specific Configurable Parameter Remarks

Operator Challenging Check if recommended operator action is good enough

Response to control the situation but challenging to remove the
Effectiveness alarm condition
Unlikely Check if recommended operator action is not good
enough and needs further support to remove alarm
situation #
Table 21 Alarm Optimisation Template Specifics

*During this research, the result of an audit questionnaire observed that safety authorities are
not so lenient towards alarm grouping as it creates uncertainty due to operator unawareness
of individual alarm status.

# Alarms with “Unlikely” response effectiveness can be considered as maintenance alarms so

that the load on the operator is reduced

6.5.2.2. Change Management

The responsible party shall establish, follow up and further develop a management system
designed to ensure compliance with requirements in health, safety, and environmental
legislation. (The Framework Regulations, 2016)

So far, this research has identified the required processes and procedures considered to be
cost effective for successful deployment in alarm projects. To achieve control over the project
activities among various stakeholders, there must be a plan. It is the management process,
which enables us to lay out a sequence of activities for successful transition between various
processes.

77 I PROCESS ALARM MANAGEMENT – AN INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS

 Figure 23 Management of Change - Alarm Projects

P ROCESS A LARM M ANAGEMENT – A N INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS I 78

The management process described in Figure 23 is highly applicable for various activities
within alarm projects. The stakeholders involved in this process must have their boundary
mapping defined. It ensures that stakeholders (including vendors, customers, and engineering
companies) are properly represented in planning and decision making. The transition among
various activities in the management process is carefully designed to meet the needs of the
different levels in the management system.

The defined structure within this management model is suitable for both “New Installations”
and “Updates in existing installations”. The alarm optimisation process discussed in 6.5.2.1 is
valid in both cases except for the updates in existing installations, changes need to be validated
before they have been subjected to optimisation process. To fulfil the purpose of this study,
the template for a change request form has been developed and suggested to make
appropriate changes where necessary.
Alarm Configuration Change Request Form

Description Answer

Please explain the reason to make changes to e.g. Due to aging of well, the pressure reduced,
this Alarm. so need to change alarm low limit
e.g. Same as before no change
What is the purpose of the Alarm?
e.g. Same as before no change
What is the consequence of no response to the
Alarm?
e.g. Same as before no change
What is the required operator response to the
Alarm?
Do we still consider this as an Alarm or a status e.g. Yes - alarm - priority changed from Prio 2 to
message? Prio 1
Is there an existing Alarm in the system equal to e.g NO
this? (If so, is this Alarm necessary?)
How much time is it expected that the operator e.g. Same as before no change
response would require?
Is this a trip Alarm? e.g. No
Is this a warning Alarm? e.g. Yes
If warning alarm, has the operator time to e.g Yes
intervene before an associated trip occur?
e.g. Not relevant
Can this alarm be grouped with other existing
alarms?
Select the correct alarm priority according to the Alarm priority 1
alarm philosophy
Table 22 Alarm Change Request Form Template

6.6. Business Case Development

Considering that, the suggested cost-effective solutions and management routines will provide
organisations a motivation to invest in alarm projects for better performance, but organisations

79 I PROCESS ALARM MANAGEMENT – AN INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS

still need a justification and reason for capital investment in alarm projects. This is in line with
this research focus final question:

“Justification for an alarm management activity to evaluate and support a business

case having key investment drivers in terms of losses due to poor performance of
alarm system”
The purpose of the business case theme is to establish a mechanism to judge whether the
project is desirable, viable, and achievable as a means to support decision making in its
(Continued) investment (Axelos, 2014).

Financial losses and accidents occur for a multitude of different reasons in process plants.
Often, because designers have tried hard to prevent such incidents, the ones that do happen
are due to combinations of several unexpected events occurring simultaneously. In addition, it
is difficult to collect data about all incidents involving financial loss or risk to people or the
environment, especially smaller incidents and near misses (EEMUA, 2007). Because of these
difficulties, it is hard to make an exact assessment of cost incurred due to poor performance
of alarm system.

However, this thesis will try to adapt a potential method for estimating the cost of poor alarm
system performance by use of a risk-based approach suggested by (Bransby & Jenkinson,
1998) along with the data abstracted through these research quantitative and qualitative
findings.

It would be desirable to be able to estimate figures for what poor performance of an alarm
system “costs” in terms of financial losses and increased hazards. If this were done, it would
provide a sound basis for making decisions about investments in alarm system improvements.
This section suggests how this might be done. The contract report by (Bransby & Jenkinson,
1998) suggested that the cost of poor alarm system performance may be expressed as:

Loss = Cost of missing x Frequency of demand x Chance of missing

where
Loss = the cost of not having a good system for presenting a specific alarm.

Cost of missing = the cost of the event that the detailed alarm protects against. In a well
organised design, this figure should be exposed in the trip/alarm justification process - either
in financial terms or in risk to life terms.

P ROCESS A LARM M ANAGEMENT – A N INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS I 80

Frequency of demand = frequency of the event protected by the alarm. Again, this figure
should be exposed in the trip/alarm justification process.

Chance of missing = the chance of the operator missing the alarm. This figure is hard to
quantify accurately. However, it will depend on the overall adequacy of the alarm system. It
will be correlated with things like average rate of alarms, % usefulness of alarms,
effectiveness of alarm display on operator interface, etc.

This research does not claim that the following illustration is a result of rigorous analysis, and
it may need to be further refined, considering the fact not all the parameters assumed for this
calculation were statistically proven. However, it does provide a pointer to an approach than
might usefully be taken for a plant where there has already been in-depth risk analysis.

Offshore Installation: (Size of 40,000 Alarms)

Refer to the section 6.2, the quantitative phase results as shown below provides an
estimation of financial losses due to an unwanted process shutdown.
Research Question Finding
No of unwanted shutdowns per year due to poor 1 to 5
performance of alarm system
Length of shutdown period for partial shutdown 12 Hours

Length of shutdown period for full shutdown 24 Hours

Typical financial loss per shutdown $ 6M per day

Table 23 Financial Losses Illustration - Process Shutdown

Based on these findings, it is assumed that on an average 3 shutdowns in a year, 1 partial

and 2 full shutdowns imparted to poor performance of alarm systems. (Missing a high-level
alarm)

1x 12 hours + 2 x 24 hours = 60 hours of process shutdown. This results in cost of missing

an alarm approximately
C = 60/24 * $ 6M = $ 15M

81 I PROCESS ALARM MANAGEMENT – AN INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS

If it is assumed that the probability of the high-level alarm occurring without operator action
will be: Once in 2000 years.
F = 500 x 10-6 per year

If it is assumed that the probability of the operator missing the high-level alarms is: 1/100
P = 10-2 per year

Cost of Fault due to an alarm Frequency of that alarm Probability of Operator

missing without operator action missing this alarm
C = $ 15M F = 500 x 10-6 per year P = 10-2 per year
Calculated loss attributed to missing alarm
$ 15M x 500 x 10-6 x 10-2 per year = $ 75 per year
Table 24 Calculation of loss due to missing alarm
This is a small figure - as indeed the offshore systems are well-designed. It represents the
annual saving that might be made by eliminating the chance of the operator missing a single
high-level alarm. However, these would not be the only alarms on the plant or the only faults
that could occur, and the losses must be integrated across all the alarms.

With an offshore installation having 40,000 alarms configured, there might be few trip alarms
(Say 2,000 trip alarms). ignoring these 2,000 alarms results in 38,000 high-level alarms and
each alarm with loss of $ 75 associated with it.

Cost of Fault due to an alarm Frequency of that alarm Probability of Operator

missing without operator action missing this alarm
C = $ 15M F = 500 x 10-6 per year P = 10-2 per year
Calculated loss attributed to missing alarm
$ 15M x 500 x 10-6 x 10-2 per year = $ 75 per year
The total benefit from improving the alarm system would be:
38000 *$ 75 = $ 2.85M per year » NOK 23.6M per year
Table 25 Cost benefit calculation from improving alarm system

Justification
This might be used to justify a capital expenditure of NOK 30 to 40M for argument’s sake
having payback period of 1 to 2 years. Remember that improvements in an alarm system are
not only for financial benefits, but could be seen to look at the benefits in terms of reduction of
hazards, improvements in operations and various other intangible benefits from improving the
alarm system.

P ROCESS A LARM M ANAGEMENT – A N INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS I 82

 6.7. Research Case Study
This research study is a combination of both the cross-sectional and the longitudinal study.
Referring to section 5.1.1, the time horizon for this study is certainly more than the time set for
this thesis. The suggested processes, procedures, and templates would be the result of a
prolonged study rather than the time available for this study.

The validity of this research is taken into consideration and the suggested processes are
applied to realise the benefits and cost effectiveness in a pilot project. The results observed
were promising and approved for full life cycle projects on various installations of the
organisation. Since confidentiality and data protection have been agreed upon in all
circumstances, this research has decided to address the case study results as anonymous.

The result of executing procedural stages suggested in section 6.5.1.1, to control alarm rush
in the event of major shutdown, in terms of performance gain and cost effectiveness shown
below.
Process Alarm Rush (Case study shutdown ESD 4.4)

Procedural stages to control Alarm Before implementation After implementation of

Rush as shown in Table 15
No: of Alarms observed during study
Performance gain
Safe and Improved Operations
Cost Effectiveness
of procedure described procedure described in
in Table 15 Table 15
577 alarms per 208 alarms per
Minute Minute
Nearly 300 alarms per Minute rush has been
reduced
Since the numbers of alarms has been reduced,
operator have the possibility to check the root
cause of the event quickly and revive the plant
operations safely in short time.
Saving cost and resources required to implement
logical changes for nearly 300 alarms, as this
method uses grouping instead of logical changes.

(For instance, a single logical change needs nearly

4 to 5 offshore hours from engineering to
implementation)
Table 26 Evidence Report Analysis - Major Event Detector

The result of executing procedural stages suggested in section 6.5.1.2, by reducing standing
alarms during equipment out of operation due to process shutdown, in terms of performance
gain and cost effectiveness shown below.

83 I PROCESS ALARM MANAGEMENT – AN INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS

 Process Equipment OutofOperation

Procedural stages to handle Implementation of procedure described in Table

standing alarms as shown in 17 on selected list of unwanted consequential
Table 17 alarms due to equipment out of operation.
Performance gain 63 Standing alarms will be taken away from
operator screens.
(assume one full screen can accommodate 30
alarms, meaning that 2 full screens of scrolling is
avoided)
Safe and Improved It’s easy to get overview of recent alarms. Helps
Operations the operator to gain confidence on plant situation.
Cost Effectiveness Saving cost, resources and competency required
to mount hardwired running signals from field
panels.
(For instance, for each hardwired signal it may
take anywhere between 2 to 3 days of offshore
days)
Table 27 Evidence Report Analysis – Equipment OutofOrder

The result of executing procedural stages suggested in section 6.5.1.3, by reducing alarm
chattering due to bad tuning of alarm dead bands and alarm delays, in terms of performance
gain and cost effectiveness shown below

Process Chattering Alarms

Procedural stages to handle standing Implementation of procedure described in Table

alarms as shown in Table 19
Performance gain
Safe and Improved Operations
19 on selected list of top 101 alarms
A result of tuning these 101 alarms with correct
dead band and delay time settings causes,
27708 repeated occurrences has been
eliminated.
The noise and fatigue created by 100 alarms
repeated occurrences (27000 + times) is highly
stressful and distractive.

Implementing these measures relieves the

operator from this noise and helps to
concentrate more on safe operations.
Cost Effectiveness Saving cost on having a dedicated team to
analyse the alarm noise repeatedly.
Table 28 Evidence Report Analysis – Chattering Alarms

P ROCESS A LARM M ANAGEMENT – A N INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS I 84

7. Conclusions
This research sought to determine, if it is possible to find any cost-effective solutions within
process industry alarm management activities, considering the challenges in the industry due
to cost cutting measures. There have been times when alarm management was not given
enough emphasis while considering safe operations. But accidents like the explosion in
Texaco Milford Haven Refinery in 1994, where two operators receive more than 200 alarms
with in last 10 minutes elevates the situation of alarm overload and the necessity of its
management.

7.1. Research Focus: Summary of Findings and Conclusion

In 2004, when safety responsibility was separated from the Norwegian Petroleum Directorate
and a separate entity was formed called PSA (Petroleum Safety Authority), a clear definition
of regulations was made possible. Further, the Norwegian Oil and Gas association developed
guidelines for application of IEC 61508 and IEC 61511 in the petroleum activities on the
continental shelf (previously known OLF guidelines). This way both government and regulation
authorities ensure that the necessary regulations and necessary guidelines have been
established for safe operations for use in the Norwegian petroleum industry.

7.1.1. Regulations

This research started with its primary focus on finding out key regulations for alarm
management activities within the framework of HSE compliance. Though this research is
predominantly confined to Norwegian continental shelf, encouraged to explore regulations and
standards defined in various regions across the globe. The acknowledged awareness gained
through regulations, worksheets, standards and guidelines led this research in right direction
to establish relevant procedures as a result of this study. This study also reveals that
Norwegian continental shelf (NCS) have more balanced regime among various stakeholders
within and outside system than any other regions.

The supervisory regime on the Norwegian continental shelf builds on the fact that, the regulator
cannot “supervise and inspect” quality and the responsibility lies within the operating company
in the Norwegian petroleum sector. The responsibility for operating in compliance with
regulations rests with the industry itself. (Lindøe, 2017) has explained the step by step
development of the Norwegian regime in more detail in his work.

85 I PROCESS ALARM MANAGEMENT – AN INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS

The importance of a performance-based approach as opposed to a prescriptive approach is
noticed during this study. The performance-based approach being adopted as an “Internal
Control Principle” allows the companies to check their own operations in a systematic manner.
This approach gives companies enough freedom to establish internal management systems
to meet the targets set by the regulator. Providing necessary framework to help organisations
to establish required management routines for successful deployment of alarm management
activities is an underlying objective of this research.

As a unique feature of this research, all key regulations concerning alarm systems within the
framework of petroleum safety authority HSE regulations are identified. Key regulations and
corresponding guidelines were basic building blocks to what this thesis believed to build on,
and took the responsibility to convey what they mean in safe operations.

7.1.2. Procedures

A total of 10 participants were interviewed having different roles and responsibilities but a
unique similarity, to strive for better alarm systems. Operators, Engineers, Leaders, and
Authorities, everyone takes it as a challenge to address the issues, contribute their own
experience based observations, suggestions, lessons, and specifics about the alarm system
they are working on. Some results were quantified, some were qualitative, but the abstract
conceptualisation is carrying more than what individual process results are speaking about.
Due to time limitations and resources available for this study only three aspects of alarm
engineering were taken into detailed experimentation in coordination with Eldor Management
System.

The package of three selected aspects such as alarm rush, standing alarms and chattering
alarms are unique in nature and have a high focus being observed by organisations and
authorities. The procedural stages for the package which I would like to call “Dynamic Alarm
Handling” activities have been drafted and been validated to implement on one offshore
installation.

To answer the very basic unspoken objective of this research “find cost-effective solutions”,
the proposed solutions were tested hypothetically for their cost-effectiveness and results were
satisfactory. Though this research wanted to limit its scope by defining procedures only for
selected aspects, the relevance gained by the “alarm optimisation” process from qualitative
study, left me with no choice except to produce a suitable template for alarm optimisation
process both in green filed and brown field projects.

P ROCESS A LARM M ANAGEMENT – A N INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS I 86

Referring to clause (The Management Regulations, 2016) § 8, “responsible party shall set
internal requirements that put regulatory requirements in concrete terms, and that contribute
to achieving the objectives for health, safety and the environment”. This research has started
to understand the significance of this clause more in details concerning to alarm management
as a result of dialogue with authorities. “Audit Questionnaire” was the tool used to
conceptualise the interview findings and this research suggested a relevant management
model for alarm management activities.

The procedures, templates and management model suggested by this research as an “active
experimental” measure, provides a guidance and is flexible in nature. These methods can be
adjusted and adopted according to organisational policies, performance measures and internal
management routines.

7.1.3. Justification

It has been a demanding question, since beginning of this research, “Why should organisations
focus on alarm management activities?” Understanding the improvement of performance in
operations and the operator’s availability for safety operations instead of fixing alarm issues,
does not give enough justification for a capital investment. This thesis tries to quantify the
benefits and thereby provides a justification to have focus on alarm management activities in
both offshore and onshore industries.

Based on the facts derived from interviews and a contract report produced by Bransby
Automation Limited (Bransby & Jenkinson, 1998) for “The Health and Safety Executive –UK”,
the justification for the alarm management is derived. The loss due to poor performance of
alarm systems is derived in terms of the cost of the shutdown that the detailed alarm protects
against, frequency of shutdown protected by the alarm and the chance of the operator missing
the alarm.

Determining cost and associated financial loss due to poor performance of an alarm system
might be used to justify an investment plan which will focus on alarm management activities.
This research does not claim that the above represents a rigorous analysis, and it may need
to be further refined. However, it does provide a pointer to an approach than might usefully be
taken for plant where there has already been in-depth risk analysis.

87 I PROCESS ALARM MANAGEMENT – AN INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS

 7.2. Contribution to Knowledge
This research identifies the power of “Research focus defined,” which empowers and enables
organisations to identify key regulations concerning alarm management activities. It was not
long before that all of the concerned regulations were identified and had sufficient knowledge
to apply these regulations in various alarm management activities. By creating a question
about developing required procedures, much of the details of the alarm engineering methods
were solved and created safety integrated solutions.

The justification to keep focus on alarm management activities and estimation of incurring
losses due to poor performance of alarm system does generates an awareness of this
intangible aspect of alarm systems and helps the organisation to keep continue this focus
throughout the life cycle.

7.2.1. Recommendations

Based upon the experience gained by this research and the knowledge acquired through
various levels of this research, the best advice about working with alarm systems summarised
below:
• Organisations, support functions and leaders who is involved in safety operations,
need to maintain a continuous focus on new and updated versions of management of
alarm systems within the process industry. (Includes regulations and industry
standards)
• Every organisation’s internal management routines must ensure that, alarm system
performance metrics must be defined and tracked on regular basis. Any deviation
found needs to be addressed and take necessary measures to keep the performance
metrics with in the specified limits.
• Though deployment of processes defined in this thesis reduce the intervention of
repeated analysis of alarm systems, it is recommended to have a team to deal with
top 10 nuisance alarms on continuous basis to be able to maintain the alarm system
within the specified limits.
• Once the need for an alarm project is identified, the integration of various aspects of
alarm projects (Discussed elsewhere, not in the scope of this thesis) need to be
maintained for better results.
• While executing alarm projects, care should be taken to maintain the same team and
ensure respective system experts are available based on the desire for successful
project completion as scheduled.

P ROCESS A LARM M ANAGEMENT – A N INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS I 88

 • After the alarm project is finished, often alarm systems are allowed to degrade over a
period of time due to lack of discipline in following change management procedures.
This must be avoided so that expensive and time-consuming alarm project upgrades
can be avoided in later stages.

With these recommendations, I’m concluding my research on process alarm management –

an investment towards safe and reliable operations.

7.3. Self-Reflection
This research study has been an educational and inspirational process. As I’m approaching
the end of the journey and looking forward to the thesis being submitted, accepted, I can see
graduation as a reality. I would highly recommend others to obtain a research based Master’s
Degree. During this study, I often found myself not being able to help but to bring up the
concepts I have learned during discussions on regular basis. I quote those findings, comments,
send links and emails for further clarification of my understanding based on conversations of
related matters.

The concept of building the context was difficult to truly grasp at first. There are so many others
who have researched much more than I have, spent years of studying, and even working in
the areas of alarm management. How to define the focus for this research considering the
numerous problems to solve and make this study unique? But later I realised that, these are
not the questions I have raised to solve, but the chosen methodology and unspoken objective
of this thesis “cost-effective solutions” brings the uniqueness to this study.

The knowledge gained through existing literature review, understanding offshore context and
HSE regulations will certainly affect my project management skills going forward. The concept
of identifying the relevant regulations will help to understand the Norwegian offshore context
in a greater way not limited to alarm management activities only.

In response, the number of characteristics to be evaluated in the questionnaire have been

increased and became diversified among various disciplines. This diversification helps to
develop individual questionnaires, so that there could have been more focused questions on
specific characteristics, yet with fewer questions in each questionnaire.

The multitude of the work required due to the utilisation of cross-sectional and longitudinal
study methodologies created an extra workload that was nearly unmanageable for a 35-week
dissertation process. A fair amount of research work resulted in analysing various offshore

89 I PROCESS ALARM MANAGEMENT – AN INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS

installations for their nature in production, supportive systems they are using for process
control, and working culture was digested, as this was needed to establish a viable research
instrument to gather the data needed for interviews. But the process itself did not factor into
thesis work due to the irrelevance it created for the topic chosen. However as in the end, the
data took me to analyse interview results in more simple way.

In addition, I have learned to work more disciplined and structured than I have in the past. The
financial obligation, even though on the part of my employer, is a good motivation to reach the
goal. The process of data collection and storing the information in a systematic way has been
a great challenge, but believing in receiving my Master’s encouraged me enough to find
methods and manners in which I could accomplish this.

I have also learned about research and analysis, and this too will be helpful in my current
position. I was so surprised to see that I enjoyed the part of analysis thoroughly. I never been
a statistical mathematician, so I enjoyed doing the data analysis and was surprised to see the
results coming in and fitting the purpose.

I’m pretty sure that I am not the first person who has said that eight months is not a lot of time
for process such as this. The amount of work and consideration needed in research study took
me off guard and delayed my progress significantly at some point of time. I am pleased with
the result and I’m glad that I made the investment of time.

As an end note, I wonder if the goal chosen for this research is vast and I am not certain if I
identified all relevant aspects of alarm management, but certainly that the processes identified
has proven to facilitate successful implementation resulting in performance improvement in
alarm systems, and the end result would be safer and more reliable operations in process
industries.

I’m glad that I chose to get a Master of Technology and Operations Management and look
forward to the possibility of a doctorate to further investigate this.

7.4. Limitations and Future Scope

As repeatedly mentioned, this research is more or less confined to process alarm systems
within the petroleum industry on the Norwegian continental shelf. The idea this thesis
generates from the concept of covering vast range of process industries and regulation
regimes with respect to alarm systems. Though the regulation regime is more or less the same

P ROCESS A LARM M ANAGEMENT – A N INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS I 90

in various regions (Limited to Alarm Management regulations), the variations in process
industry might pose an altogether different set of alarm system specifics to deal with.

There seems to be a reasonable suggestion of generalisation in this research addressing

various types of process industries, but an increased sample size would be required to further
confirm this.

91 I PROCESS ALARM MANAGEMENT – AN INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS

 7.5. Works Cited
ABB Consulting, 2015. Alarm system project audit, Cheshire: ABB.

AT WORK, 2015. Inspections with penalties linked to lower injuries: IWH review, s.l.: Institute for Work
& Health.

Axelos, 2014. Managing Successful Projects with PRINCE 2. Fifth Edition, Fourth Impression ed.
London: The Stationery Office.

Baldwin, R., Cave, M. & Lodge, M., 2012. Understanding Regulation - Theory, Strategy, and Practice.
2nd Edition ed. Oxford: Oxford University Press.

Baram, M. & Lindøe, P. H., 2014. The U.S Regulatory Regime for Preventing Major Accidents in
Offshore Operations, in P.H Lindøe , M Baram and O Renn (eds), Risk Governance of Offshore
Oil and Gas Operations, pp.34-55. Cambridge: Cambridge University Press.

Bockelmann, M., Nickel, P. & Nachreiner, F., 2017. Development of an Online Checklist for the
Assessment of Alarm Systems and Alarm Management in Process Control. Oldenburg:
Springer International Publishing.

Bransby, M. L. & Jenkinson, J., 1998. The managment of alarm systems - Contract Research Report
166/1998. Norwich: Crown.

Bullemer, P. & Metzger, D., 2008. CCPS Process Safety Metrics Review: Considerations from an
ASM Perspective, s.l.: ASM Consortium Metrics Work Group.

Dixon, N. M., 1999. The Organizational Learning Cycle - How We Can Learn Collectively. 2nd Ed. ed.
Hampshire: Gower Publishing Limited.

EEMUA, 2007. Alarm Systems A Guide to Design, Management and Procurement. 2nd Edition ed.
London: EEMUA.

EEMUA, 2017. EEMUA Publication 191 Alarm systems - a guide to design, management and
procurement. [Online]
Available at: https://www.eemua.org/Products/Publications/Print/EEMUA-Publication-
191.aspx[Accessed 20 08 2017].

Feldman, M. S. & Khademian, A. M., 2001. Principles for Public Managment Practice : From
Dichotomies to Interdependence. Governance: An International Journal of Policy and
Administration, 14(3).

GASSCO, 2003. Kårstø Gasplant. [Online]

Available at: http://www.gassco.no/en/media/news-archive/Karsto-
Gasplant/#sthash.GOBIrTEl.dpuf[Accessed 22 08 2017].

Government.no, 2008. The Working Environment Act. [Online]

Available at: https://www.regjeringen.no/en/topics/labour/the-working-environment-and-
safety/innsikt/the-working-environment-act/id447107/[Accessed 2017].

Guidelilnes-Frame Regulations., 2015. GUIDELINES REGARDING THE FRAMEWORK

REGULATIONS. s.l.:Petroleum Safety Authority.

Guidelines-Facilities Regulations., 2016. GUIDELINES REGARDING THE FACILITIES

REGULATIONS. s.l.:Petroleum Safety Authority.

Guidelines-T&O Regulations., 2016. GUIDELINES REGARDING THE TECHNICAL AND

OPERATIONAL REGULATIONS. s.l.:Petroleum Safety Authority.

Heizer, J. & Render, B., 2014. Operations Management Sustainability and Supply Chain Management.
11th Edition ed. England: Pearson Education Limited.

P ROCESS A LARM M ANAGEMENT – A N INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS I 92

Hollender, M., Evans, J., Skovholt, T. C. & Tanner, R., 2017. Alarming discoveries-Improving operator
effectiveness through alarm life-cycle support, Germany: ABB Review.

Hollnagel, E., Woods, D. D. & Leveson, N., 2006. Resilience Engineering - Concepts and Precepts.
Hampshire: Ashgate Publishing Limited.

Honeywell, 2017. Alarm and Operations Management: Think Proactive, Not Reactive. [Online]
Available at: http://hwll.co/DynAMo

Hood, C., Rothstein, H. & Baldwin, R., 2001. The Government of Risk - Understanding Risk
Regulation Regimes. 1st Edition ed. OXFORD: OXFORD University Press.

HSE, 2017. Health and Safety Executive-Human factors: Alarm management. [Online]
Available at: http://www.hse.gov.uk/humanfactors/topics/alarm-management.htm
[Accessed 20 09 2017].

idc-online.com, 2014. www.slideshare.net. [Online]

Available at: https://www.slideshare.net/idctechnologies/safety-instrumentation
[Accessed 23 08 2017].

IEC, 2014. International Electrotechnical Commission::TC 65/SC 65A - System aspects: Management
of alarm systems for the process industries. [Online]
Available at:
http://www.iec.ch/dyn/www/f?p=103:22:3232348143755::::FSP_ORG_ID,FSP_LANG_ID:1369,
25[Accessed 15 09 2017].

International Society of Automation, 2009. Management of Alarm Systems for the Process Industries.
ANSI/ISA–18.2 ed. s.l.:International Society of Automation.

ISA, 2016. International Society of Automation : ANSI/ISA-18.2-2016, Management of Alarm Systems

for the Process Industries. [Online]
Available at: https://www.isa.org/store/ansi/isa-182-2016,-management-of-alarm-systems-for-
the-process-industries/46962374[Accessed 21 09 2017].

Karlsen, J. E. & Lindøe, P. H., 2006. The Nordic OSH model at a turning point?, Stavanger: IOSH
Services Limited.

Lindøe, P. H., 2003. Erfaringslæring og evaluering. Oslo: TIDEN NORSK FORLAG.

Lindøe, P. H., 2015. Risk Governance and Communication - Stakeholder Involvement. Stavanger, s.n.

Lindøe, P. H., 2017. Risk Regulation and Resilience in Offshore Oil and Gas Operation. In A.Herwig
and M.Simoncini (eds.) Law and managment of disasters. London: s.n.

Lindøe, P. H., n.d. Risk Regulation and Resilience in Offshore Oil and Gas Operation, Stavanger:
University Of Stavanger.

Macdonald, D., 2004. Practical Hazops, Trips and Alarms. 1st Edition ed. Cape Town: Newnes.

Martin Hollender, J. E. T.-C. S. R. T., n.d. Alarming discoveries-Improving operator effectiveness

through alarm life-cycle support, Germany: ABB Review.

McClellan, J., 1983. Toward a General Model of Collective Learning: A Critique of Existing Models of
Specific Social Systems and a Sketch of a Model for Social Systems in General. s.l.:UMI.

McKim, C. A., 2017. The Value of Mixed Methods Research: A Mixed Methods Study. Mixed Methods
Research, Volume 11(2).

Ministry of Petroleum and Energy, 2013. Norway’s oil history in 5 minutes. 09 10.

93 I PROCESS ALARM MANAGEMENT – AN INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS

NAMUR, 2008. Current NAMUR Recommendations (NE) and Worksheets (NA): Alarm Management.
[Online] Available at: http://www.namur.net/en/recommendations-and-worksheets/current-
nena.html[Accessed 14 09 2017].

NDLA, 2017. Helsearbeiderfag Vg2. [Online] Available at:

http://ndla.no/nb/node/46517?fag=52[Accessed 1 August 2017].

Norwegian Petroleum Directorage, 2001. Principles for alarm system design YA-711. 1st Edition ed.
s.l.:s.n.

Norwegian Petroleum Directorate, 2011. Principles for Alarm system design YA-711. Norway: NPD.

OSHA, 2017. United States Department of Labor - Occupational Safety and Health Standards:Process
safety management of highly hazardous chemicals. [Online]
Available at:
https://www.osha.gov/pls/oshaweb/owadisp.show_document?p_table=STANDARDS&p_id=976
0[Accessed 20 09 2017].

Petroleum Safety Authority, Norway, 2014. Tilsyn med drift av alarmsystemer – West Elara, s.l.:
Petroleum Safety Authority, Norway.

PSA, 2017. Performance-based supervision - Petroleum Safety Authority Norway. [Online]

Available at: http://www.ptil.no/performance-based-supervision/category945.html
[Accessed 23 07 2017].

PTIL, 2001. Petroleum Safety Authority - Principles for alarm system design. [Online]
Available at: http://www.ptil.no/getfile.php/135975/Regelverket/Alarm_system_design_e.pdf
[Accessed 14 08 2017].

Renn, O., 2008. Risk Governance - Coping with Uncertainity in a Complex World. s.l.:Earhscan.

ResourceCentre, 2016. Mixed Methods Research. [Online]

Available at: http://resourcecentre.foodrisc.org/mixed-methods-research_185.html

Rothenberg, D. H., 2009. Alarm Managment for Process Control. First Edition ed. New Jersery:
Momentum Press.

Schlumberger, 2017. Schlumberger Remote Drilling. [Online]

Available at: http://www.slb.com/services/drilling/engineering_modeling/remote_operations.aspx
[Accessed 20 08 2017].

Schlumberger, n.d. Schlumberger Remote Drilling. [Online]

Available at: http://www.slb.com/services/drilling/engineering_modeling/remote_operations.aspx
[Accessed 20 08 2017].

Siemens, 2008. Alarm Management, Germany: Siemens AG.

Technical and Operational Regulations, 2016. REGULATIONS RELATING TO TECHNICAL AND

OPERATIONAL MATTERS AT ONSHORE FACILITIES IN THE PETROLEUM ACTIVITIES,
ETC.. s.l.:Petroleum Safety Authority.

The Facilities Regulations, 2015. REGULATIONS RELATING TO DESIGN AND OUTFITTING OF

FACILITIES, ETC. IN THE PETROLEUM ACTIVITIES. s.l.:Petroleum Safety Authority.

The Framework Regulations, 2016. Regulations relating to health, safety and the environment in the
petroleum activities and at certain onshore facilities. s.l.:Petroleum Safety Authority.

The Isosceles Group, 2014. Norway Environment, Health & Safety Profile and Checklist. In: NORWAY
ESH AUDIT PROTOCOL. Boston: The Isosceles Group.

P ROCESS A LARM M ANAGEMENT – A N INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS I 94

The Management Regulations, 2016. Regulations relating to Managment and the duty to provide
information in the petroleum activities and at certain onshore facilities. s.l.:Petroleum Safety
Authority.

The Norwegian Oil Industry Association, 2004. Application of IEC 61508 and IEC 61511 in the
Norwegian Petroleum Industry. 02 ed. s.l.:s.n.

U.S. CSB, 2011. DuPont Accident Belle, West Virginia. [Online]

Available at: http://www.csb.gov/csb-investigation-finds-three-dupont-accidents-in-belle-west-
virginia-resulted-from-numerous-safety-deficiencies-including-lack-of-safe-equipment-design-
ineffective-mechanical-integrity-programs-and-incomplete-investigations-of-previous-near-
misses/
[Accessed 12 10 2017].

95 I PROCESS ALARM MANAGEMENT – AN INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS

Appendixes
Appendix (I) Eldor Management System

Eldor AS has been providing alarm services for past 10 years leaving its foot print in various
offshore plants and now expanding its horizons towards digitalisation into operational support
by notifying upcoming alarm situation based on plant model.

Moving from core specialization towards more varied services may improve the quality of work
life and this flexibility thus benefits the employee and the organization. (Heizer & Render,
2014). By looking at the Eldor Management system and its implementation for various alarm
projects over the last few years, through a pre-dialogue with process owners, regulator and
control system vendors its observed that challenges have arisen due to variation in
requirements for the job from different clients and different control systems.

(Heizer & Render, 2014) mentioned, variation in job improves the quality of work life, but only
if it is clearly defined. It is hoped this research will bring some standardized routines and
procedures for the alarm engineering process in EMS and same can be inherited to other
processes as well.

Figure 24 Eldor Management System

The above figure shows various services provided by Eldor and their processes with in the
EMS system, such as system engineering, alarm management, life time extension and human
factor engineering. This research will choose to constrain its study related to procedures
involved in alarm management process.

P ROCESS A LARM M ANAGEMENT – A N INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS I 96

The service of alarm management consists of following processes
• Sales
o Procedures related but not limited to marketing, sales and business
case development are covered within this process
• Project Management
o Procedures related but not limited to project initiation, scheduling,
management and deliverables are covered with in this process
• Alarm Engineering
o Engineering aspects of alarm engineering including checklists,
templates, standards, guidelines and quality assurance procedures are
covered with in this process.
• Testing
o Testing requirements for an alarm system is specified
• Evaluation & Close
o Performance measures after implementations, customer feedbacks,
lessons learned and change management procedures are involved with
in this process.

97 I PROCESS ALARM MANAGEMENT – AN INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS

Appendix (II) EMS Process Map – Process Alarm Management

Process Alarm Management

Department Alarm Management Document Type Processmap

Process Alarm Management Process Owner Arvid Halrynjo

([email protected])

Document Level Standard Ref.

2
This is an uncontrolled copy printed from the Management System. Please refer to online system for latest version

Revision Description
Updated link to Process Evaluation

Alarm Management Process

Responsible HSEQ risk DM: Department Manager DC: Document Control

Accountable Financial risk PM: Project Manager HM: HSEQ Manager

Consulted Checker PE: Project Engineer AM: Administration Manager

Informed EM: Engineering Manager R: Risk

AA: Add Item

No Activity DM PM PE EM HM AM AA R Comment

Process Project Management

0.0 Alarm Guidelines and Standards

EEMUA 191

YA711

ISA 18.2

IEC 62682

1.0 Philosophy

1.1 Write alarm philosophy Philosophy

example / FDS

1.2 Write a site technical specification Template Alarm

System FDS
2.0 Identification

2.1 Interviev of operators Template Interview

of Operators

Template Report
after interview of
Operators

Document ID: 390093

Rev. date: 29 Sep 2017 Page 1 of 4

Generert av Antenor Management System ©

P ROCESS A LARM M ANAGEMENT – A N INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS I 98

 Process Alarm Management
2.2 Evaluate work process and training of
users to use the workprocess
2.3 Master alarm database with candidate
alarms, or current alarms in the case of
an existing system
2.4 Identification and removal of "Bad Actors"
in existing system by use of top 10 lists
3.0 Alarm Rationalization

3.1 Define rules and regulations valid for the Template Alarm
This is an uncontrolled copy printed from the Management System. Please refer to online system for latest version

project System FDS

Write a Alarm Project Study report Alarm Study Report

Template

Template MDR
Update of MDR/MDL as required. Change Request

Change request to be sent to project Template Request

DCC. for doc issue

3.2 Get offer from control system vendor for

participating in the project
3.3 Make information and training plan for Alarm Management
stakeholders training
3.4 Get SAS vendor to make test and
installtion philosophy
3.5 Define members in workshops and get
customer approval
3.6 Define output format from workshops and Template Design
get it approved from control system Input 800xA
vendor and customer.
Template Design
input ABB
MP_Advant
Ensure that all Output formats are
delivered with identical setup of Template Design
coulumnes and cells within the same input Kongsberg
project
3.7 Make workshop plan and invite all
members
3.8 Get lists with process alarms

3.9 Make list with system alarms for Alarm priority query
prioritizing list
3.10 Make list with fire and gas alarms

3.11 Make list of alarms on communication links

and communication usses to be prioritized

3.12 Make document of alarm parameters for

different objects

3.13 Make list of alarms suitable for using in

workshops
3.14 Make set of valid P&ID for use in
workshops
3.15 Make a set of valid ESD&PSD C&E, block

Document ID: 390093

Rev. date: 29 Sep 2017 Page 2 of 4

Generert av Antenor Management System ©

99 I PROCESS ALARM MANAGEMENT – AN INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS

 Process Alarm Management
diagrams and F&G C&E for workshops
3.16 Checklist output from Workshops Check list Alarm
Rationalization
Project
4.0 Detailed Design

4.1 After workshops send design basis

to control system vendor.
4.2 Make control system vendor to write
work packages
This is an uncontrolled copy printed from the Management System. Please refer to online system for latest version

4.3 Get work shop outcome approved by

process technical autohrity
4.5 Get wellhead priorities approved by well
engineer
4.6 Get F&G priorities approved by safety
technical authority
4.7 Present continues reports of distribution Template Progress
of priorities during the Alarm project. report_results
(According to goal figuers)
5.0 Implementation

5.1 Update installtion timeestimate and Template Alarm

schedule Rationalization WS
and installation plan

Template Project
progress tracking
master
5.2 Make a report of alarm priorites before
and after workshop
6.0 Operation

5.3 Arrange MOC Alarm modification

MOC form
5.4 Arrange information meetings

5.5 Implement installtion activities in customer

maintenace system
7.0 Maintanance

7.1 Periodic review of key performance Alarm Integration

indicators against the defined alarm Report_KPI
philosophy
7.2 Auditable documentation showing alarm Alarm modification
system changes are done in accordance MOC form
with the site alarm philosophy, MOC
7.3 Training Alarm Management Alarm Management
training
8.0 Audit

8.1 A audit report documenting that the alarm

management system is performing as
described in the site alarm philosophy and
fulfilling the necessary guidelines and
standards
Process
Evaluation

Document ID: 390093

Rev. date: 29 Sep 2017 Page 3 of 4

Generert av Antenor Management System ©

P ROCESS A LARM M ANAGEMENT – A N INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS I 100
Appendix (III) Regulations- Different Regimes and Agencies
The purpose of this section is only for informative and should not be considered to be a legal
advice, safe operation or any other advice. This thesis will not discuss any other regulation
with in Norway or any other part of the world with the exception of those explicitly mentioned
by the name.
Regulatory Regimes and Their Emphasis

Each regulation is emphasizing on various dimensions of the alarm management activity. In

jurisdictions where the governing authorities (e.g., national, federal, state, county) have
established process safety design, process safety management, or alarm management
requirements, these should be taken into consideration along with available international
standards.
Principles of Alarm Design – YA 711

Version History February 2010

Regional Version Prinsipper for utforming av Alarmsystemer –YA 710

Emphasis • Alarm generation, structuring, prioritisation, presentation and alarm
handling
• Intended to help both in improving existing systems as well as during
development of new systems and modifications

Table 29 Alarm Management Guidelines – Norway

NAMUR Worksheet
Alarm Management NA 102

Version History Current Edition :02.10.2008

First Edition : 31.10.2003
Regional NAMUR-Arbeitsblatt – NA 102
Version/Comments *These papers are neither normative standards nor guidelines.
Emphasis • Sets out a procedure for designing alarm management within a process
control system starting from a global view of the process as a whole. It
includes message signals but focuses on alarms
• During the engineering and erection phase, the worksheet is intended as a
general guide from which a part of an individual PCS specification can be
derived by tailoring it to fit a particular unit of Equipment

Table 30 Alarm Management Guidelines - Germany

101 I PROCESS ALARM MANAGEMENT – AN INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS
 HSE: The Management of alarm systems – Contract Research Report 166/1998

Version History First Published 1997

Regional It has been produced as a part of a research project funded by the UK Health &
Version/Comments Safety Executive. The project objectives were to survey alarm systems in the power
and chemical industries and hence identify and report current industry best practice
Emphasis • Gives recommendations on current best practice in the procurement,
design and management of alarm systems
• Describes alarm improvement exercises and provide a rapid way of
obtaining an insight into the potential for alarm reduction

Table 31 Alarm Management Guidelines – UK

29 CFR 1910.119-
Process safety management of highly hazardous chemicals.

Version History Last updated October 10, 2017

Regional Version Part of Federal Regulations

Emphasis • This section contains requirements for preventing or minimizing the
consequences of catastrophic releases of toxic, reactive, flammable, or
explosive chemicals
• Describes about process hazard analysis, emergency preparedness,
operator training requirements, operational efficiency procedures including
proper alarm management

Table 32 Alarm Management Guidelines – USA

ANSI/ISA-18.2-2016, Management of Alarm Systems for the Process Industries

Version History ANSI/ISA-18.2-2016 supersedes the original edition (2009)

Regional To achieve uniformity in the field of instrumentation, this standard was prepared by
Version/Comments ISA (International Society of Automation).

In 1955 ISA formed a survey committee titled Instrument Alarms and Interlocks.
The committee evolved to Standard & Practices committee 18. In 1965 the
committee completed ISA–RP18.1, Specifications and Guides for the Use of
General Purpose Annunciators. In 1979 ISA released, as a product of the ISA18
and ISA67 committees, ISA–18.1–1979 (R2004), Annunciator Sequences and
Specifications

P ROCESS A LARM M ANAGEMENT – A N INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS I 102
 Emphasis • This standard specifies general principles and processes for the lifecycle
management of alarm systems based on programmable electronic
controller and computer-based human-machine interface (HMI)
technology for facilities in the process industries
• The practices in this standard are applicable to continuous, batch, and
discrete processes

Table 33 Alarm Management Guidelines – ISA

EEMUA Publication 191 Alarm systems - a guide to design, management and

procurement

Version History First published in 1999

December 2013, EEMUA has launched the Third Edition of Publication 191

Regional The publication, developed by users of alarm systems with input from the UK
Version/Comments Health and Safety Executive
Emphasis • The aim of this Guide, EEMUA 191, is to assist in the design,
development, procurement, operation, maintenance and management of
industrial alarm systems
• This guide provides clear – and now tried-and-tested – guidance on alarm
system design, maintenance and continuous improvement.
Table 34 Alarm Management Guidelines –EEMUA

IEC 62682:2015
Management of alarm systems for the process industries

Version History First Edition Publication: 2014-10-15

Regional International Standard IEC 62682 has been prepared by subcommittee 65A:
Version/Comments System aspects, of IEC technical committee 65: Industrial-process measurement,
control and automation
Emphasis IEC 62682:2014 specifies general principles and processes for the lifecycle
management of alarm systems based on programmable electronic controller and
computer-based human-machine interface (HMI) technology for facilities in the
process industries. It covers all alarms presented to the operator, which includes
alarms from basic process control systems, annunciator panels, safety
instrumented systems, fire and gas systems, and emergency response systems
Table 35 Alarm Management Guidelines - IEC

103 I PROCESS ALARM MANAGEMENT – AN INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS
Appendix (IV) Operators Questionnaire

Thesis Questionnaire
Process Alarm Management
In Coordination with University of Stavanger and Eldor AS

This questionnaire is a part of a master thesis “Process Alarm Management – An Investment

towards Safe and Reliable Operations”.
This questionnaire will focus on understanding a control room operator insight into an alarm system
and requirements for well-functioning alarm system for safe and reliable operations. This research
has identified 4 dimensions of an alarm system to justify the requirement for any alarm
management activity
1. Cost of Poor Performance (Financial, Risk to people, environmental)
2. Large and Complex (A database consists of several thousand alarms)
3. Not -one time fix (Continuous Improvement and Change Management)
4. Valid KPIs (An indication of safe and reliable operations rather than a statutory requirement)
Process operator’s day to day experience with process controls and their insight into alarm systems
is the key to establish principles of alarm design for smoother operations. Along with process
operator’s insight, this thesis will try to gather inputs from discipline leads, regulatory authorities
and control system engineers to establish the frame work to deliver a well-functional alarm system
for safe and reliable operations.

Eldor AS is a leading company in Alarm Management for the Oil and Gas industry in Norway for past
10 years. Eldor AS believes in
• Optimized alarm system gives optimized decisions
• Alarm systems needs to be specified and maintained to ensure safe operations
Eldor Management system (EMS) is the framework of strategy, goals, processes and procedures used by
Eldor AS to ensure that the tasks delivered by the organisation is in line with their vision and mission.
“Alarm Engineering” is one of the core process in EMS where it describes several procedures for various
alarm management activities.

This results from this research will primarily evaluate and recommend improvements in existing EMS-
Alarm engineering process according to principle of alarm design (Norwegian Petroleum Directorate,
2011). Keeping the principles of design intact, this study will also try to identify the key invest
drivers behind the desire to improve alarm management such as
1. Regulatory compliance and safety concerns
2. Improving operations and reducing trips/downtime
3. Retention of operator knowledge
A well-functioned alarm system combines with coordinated operations management can drive not only safety
and ensure regulatory compliance but promote better plant availability and throughput, delivering real
business value. (Honeywell, 2017)

P ROCESS A LARM M ANAGEMENT – A N INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS I 104
 Thesis Consent

Name of the Researcher: Sudarsan Prathipati

University of Stavanger
Master in Technology and Operations Management

This interview will take about 50mnts to answer these questions. Considering their complexity of
questions with regards to technical details involved, this questionnaire is designed for face to face
interview instead of online survey.

Each question will carry a weighted score and median of all these weighted scores from all
participants will be taken for further analysis.

Thank you for taking time to participate and before we begin, could you please read the following
statements and then confirm your participation?

• I understand that this questionnaire is designed to gather information about academic work
for faculty of science and technology – University of Stavanger.

• I understand that I will be one of the 10 people being interviewed for this research

• I understand that this research involves, answering questions related to day to day activities
related to alarm systems in my organisation

• I understand that interviewer will make the notes during interview and no audio tapes will be
used for this interview

• I understand that information about me will be treated in strict confidence and researcher
will not identify me by name but my position. My confidentiality as a participant in this
study will remain secure.

• I understand that no one will have access to raw notes or transcripts other than researcher
from my interview.

• I have read and understand the explanation provided to me regarding this research and
agreed to participate in this study.

• I have been given a copy of this thesis consent form

Participant Signature Researcher Signature

Offshore Prod´n Coordinator Sudarsan Prathipati

105 I PROCESS ALARM MANAGEMENT – AN INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS
Section – 1: Alarm System Performance
1 ABOUT YOU
1.1 Position in Organisation? Offshore Production Coordinator (OPK)
1.2 How many days per rotation working in 7 out of 14 days.
process control room?
1.3 Do you serve as an area operator in the Sometimes, but mostly coordination work when
field? (always/sometimes/never) it comes to field activities.
1.4 How long you have been working in this Started March 2010
site/installation –Yrs./Mon?

2 WORKING ENVIRONMENT
2.1 Does this process plant have more than one control room?
- Unit based control rooms / Central No, only CCR. (We have some alternative OS’s,
control room (CCR) but they are not manned)
2.2 How many operators for per shift in CCR?
- CCR or Area or Unit control room 3
2.3 How many Operator stations in CCR and Operators per station?
- Process control, F&G, Subsea, Marine 3 manned OS’s in CCR, that means one OS
etc.. each operator. Operator dedicated for marine
operations, but work task overlap. There is two
additional OS’s available in CCR for use in
special work or special occasions.
2.4 How the alarm response actions are allocated among the available operators?
- Operator availability Both system and operator availability. Same
- Process system alarm filter (predefined) is default on all OS’s.

- Operator station etc.

2.5 What are the supporting systems for process monitoring and control for daily operations?
- HMI, Radio, Well controls, Alarm Kongsberg AIM control system, four screens on
systems, Lamps, LSD etc. each OS. Kongsberg LSD (4 overview displays).
1 display CCTV-camera. Tetra radio
communication (UHF), but also VHF-boat-
communication and Helicopter communication.

P ROCESS A LARM M ANAGEMENT – A N INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS I 106
 CAP-panel (hardwired).PA-speaker. Metering flow
control screen for export oil/gas. Additional
marine systems as NAPA (Loading/Offloading
computer), MIROS weather station, Radar
system, POSMOR.
2.6 What are the supporting systems for process safety and emergency preparedness?
- PA, CAP, Pre-defined routines, Alarm PA, CAP, ESD/PSD, IOPPS, OPPS, KM Alarm
system etc.. system including 3rd part equipment alarms
communicating to KM. POSMOR (positioning
system with heading control). Automatic alarm
to muster personnel in F&G-situations.
2.7 Is there any other means of alerting apart from control and safety alarm system? (For
process control)
- Blinking lights, Horn, Stand-alone panels DARPS, Lightning, Fogg horn, reflectors, radar.
etc..
2.8 Does Alarm system supports you as it should for different plant conditions?
- Normal operations Yes, mostly very good, at least in normal
- Start-Up operations, but also quite good during start-up.
In shutdowns we get alarm rush, so we risk
- Shutdown
drowning/missing valuable process information.
Very good/ Ok / Poor/ Very Poor
But the, we keep track on level-1-alarms (F&G),
so we do not risk missing on these.
Any other comments

107 I PROCESS ALARM MANAGEMENT – AN INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS
3 CONTROL AND SAFETY ALARM SYSTEM – (BEFORE ALARM MANAGEMENT ACTIVITY)
3.1 How often alarm comes in normal operations? Very often, Often, Normal, Few
- Working situation (Feel of alarm load) In steady state, it varies, but most common
- KPI basis maybe 3-6 alarm per hour. During operational
set-up-situations (or bad weather), maybe 20-
30 per hour.
3.2 What is the most annoying thing about the alarm system you are working on
- Wrong prioritisation System alarm is probably most annoying, as we
- Alarm text of description get them on daily basis, and often we do not
know what to do, or exactly what I mean.
- So many system related alarms
We also have some common alarms in KM from
- Alarms without any value/nytteverdi
third part systems, and often we cannot “find
- Inconsistency in presentation of alarms
a way out of alarm state” on these.
in different systems
- Too many standing alarms We also have too many standing alarms and
- Too many alarms from equipment out of alarms from equipment out of operation, but
operation hopefully an alarm project will handle many of
- Safety related alarms are not explicitly these.
identified
- No alarm-help available
3.3 Do you think the plant integrity in terms of “safe operations” could have been better, if
alarm system is improved? Yes/No
- F&G system navigation corresponds to Yes. Alarm-system-rationalization project has
alarms already removed a lot of noise, and I expect it
- Calibration of detectors/ correct level of would be quite OK when project is finished. We
alarm settings, to avoid false alarms well have less alarm-system-bugs.
Alarm response procedure for system alarm
- Alarm rush handling
would be valuated grants.
- Alarm response procedures
3.4 Do you think of any incident (Plant shutdown / Safety incident) connected to poor
performance of alarm system? Uncertainty/Vulnerable to mistakes/ Incidents
- Alarm text (Description/message) not Yes, we have had an incident with loss of F&G
understandable or text misguided to detections on a huge area, but the system
wrong equipment/plant area alarm was so poor that the operator did not
understand what had happened. This lasted a

P ROCESS A LARM M ANAGEMENT – A N INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS I 108
 - Root cause alarm missed due to too hole nightshift until KM support discovered the
many alarms in the system situation next day.
- Wrong prioritisation misguided the action We assume we have had some process alarms
to be taken earlier of poor quality, leading to process
shutdown or process challenges, but I cannot
- Not enough time between warning alarm
remember any specific episodes.
and trip action
- Wrong alarm limits lead to untimely
warning
- Too many standing alarms creates
fatigue on alarm screen
- Kind of new/first time alarm, so unaware
of operator action (what to do, whom
to contact, what is the consequence
etc.)
3.5 How many incidents can you impart to poor performance of alarm systems in a year?
- 1-5 1-5
- 5-10
- >10
3.6 Is there any Health, Safety and Environmental incident among these?
- Near Miss Near miss, and minor incidents leading to flaring
- Minor to Severe injury of gas.

- Environmental damage
3.7 What is the major consequence for a process shutdown (Provided no HSE incident)?
- Start-up issue Economic loss.
- Delayed production
- Well integration
- Quality
- Off-loading schedule
- Economic loss
3.8 How long it will take to get back to normal production after a major shutdown? Hours
- Pressurised shutdown Pressurised shutdownà8-12 hour to full
- De-pressurised shutdown production.
De-pressurised: 16à48 hours

109 I PROCESS ALARM MANAGEMENT – AN INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS
3.9 What is the typical financial loss in case of a process shutdown? Barrels/MSM3/Dollars/Hours
- Loss of man hours Production downtime is the major cost. Could
- Start-up expenses be from 1-12 Million $.
The other costs are there, but they are small.
- Production downtime
- Quality and off-loading issues
3.10 Do you see the necessity of an alarm engineering project for improved performance, and
what is the main driver for that?
- Regulatory compliance and safety Both regulatory and safety concern is equally
concerns relevant. (Reducing trips and safer operations)
- Improving operations and reducing
trips/downtime
- Operator knowledge and Alarm help
3.11 Does your team leads/Supervisor takes alarm system in confidence with regards to its
support and KPIs? Yes/No
- Trust and believe in alarm system for Yes, partly. They are not implemented in main
safe and reliable operations overall KPI’s, but they run alarm reports on a
- Track the performance of alarm system daily/weekly basis. Keeping track on frequency,
repetitious and fault solving.
- Review action list from alarm
performance reviews
- Launch efforts to deal with alarms
occurring at an excessive frequency
Any other comments

P ROCESS A LARM M ANAGEMENT – A N INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS I 110
 4 ALARM MANAGEMENT ACTIVITY EXPERIENCE
4.1 Have you been involved with any of the alarm project activities?
- Rationalisation Yes, all mentioned activities.
- Top-N alarms
- Alarm Suppression
- Signal conditioning (Hysteresis, Filter
time.)
- Alarm Rush handling
4.2 How long it took for one alarm including workshops, work packs and implementation?
- Design input Around 3.5Hrs
- Workshops
- Approvals
- Control system work packs
- Installation
4.3 What kind of activities have under taken in the last project?
- Rationalisation All mentioned except from Top-N alarms.
- Top-N alarms
- Alarm Suppression
- Signal conditioning (Hysteresis, Filter
time.)
- Alarm Rush handling
4.4 How do you see the difference before and after alarm project?
- Differentiation between alarm and More understandable alarms, less standing
information alarms, no duplications, and the “fake” alarms
- Understandable alarms without any expected operator response, is
removed.
- Right prioritisation
- Sufficient Response time
- Alarm rush
- Less number of standing alarms
- No chattering
- No duplicate alarms
4.5 How is the alarm load after alarm project (Ref: EEMUA 191)?

111 I PROCESS ALARM MANAGEMENT – AN INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS
 - Predictive 1 alarm per 10 minutes If we remove the top-10-alarms which is caused
- Stable 1to 10 alarms per 10 minutes by various faults/bugs, it is less than 1 alarm
per 10 minutes.
- Over load >10 alarm per 10 minutes
4.6 Does alarm project achieve the integrity among all aspects of alarm engineering? (Ignore
disturbances due to plant operations)
- Text, Prioritisation, Response time, Hopefully yes, especially when it comes to text.
hiding, grouping, standing alarms, alarm But there should be a noticeable overall
rush and Top-N improvement in the end.
4.7 Do you see any missing aspect of alarm engineering? Yes/No
- Useful alarms missing Some alarms from third part systems, should
- No enhanced filtering or dead bands have be avoided/removed, but these often
comes to KM from “black boxes” as common
- Operations are vulnerable due to wrong
alarms, and they are often hard to dig into.
suppression
- Lack of operators training on newly
adopted methods
- Alarm configuration not according to
philosophy
4.8 If we should adapt same kind of alarm engineering aspects into other projects, what would be
your advice for even better results
- Methodology / Alarm engineering Detailed pre-study to make sure the
Process subprojects (different activities) comes in
- Co-relation among different activities correct order to optimise workflow.
4.9 If the plant has multiple tie-ups, is there any strategy defined to handle alarms from different
tie-ups?
- All alarms to CCR As I see it we do not have any pre-defined
- Individual tie-ups have their own manned strategies for different set-ups if that’s the
consoles question. It is all based on actions based on
alarms to CCR.
- Only remote observation etc.
4.10 How do you describe the handling of alarms from remote tie-ups?
- Too many alarms from tie-ups with Same answer as above
limited access to control
- Could have been used more grouping
rather than individual alarms

P ROCESS A LARM M ANAGEMENT – A N INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS I 112
 - Well defined procedures
4.11 What is the one thing that you see and needs to be maintained even after alarm project is
finished
- Alarm priorities Focus on alarm Top-list need to be a
- Alarm limits continuous work.
When it comes to new projects we need to
- New alarm additions
make sure that all the agreed roles are followed
- Alarms on removed equipment
according to philosophy.
- Alarm philosophy and strategy
4.12 How do you rate the usability of improved alarm system
- Have been very good support tool since Very good, but maybe we need some fine
then tuning on the way forward.
- Just right and needs some fine tuning
- Could have been done in bit other way
4.13 Does your team leads/Supervisor takes alarm system in confidence with regards to its
support and KPIs after alarm project? Yes/No
- Trust and believe in alarm system for No, not officially. But I assume they have
safe and reliable operations better confidence to the system. I guess it will
- Track the performance of alarm system come as an argument later in discussions about
minimum operators needed to properly “run”
- Review action list from alarm
CCR.
performance reviews
- Launch efforts to deal with alarms
occurring at an excessive frequency

5 GENERAL QUESTIONS
5.1 Can you add any other comments which might help us improve alarm systems?
During commissioning, one should be more strict to alarm philosophy and restrictive when
implementing alarms from 3rd part systems. Implement-all-available-alarms-philosophy during
commissioning is hard to clean afterwards when all the “Vendor’s are gone”, as they sort of
drown in “black boxes”.

113 I PROCESS ALARM MANAGEMENT – AN INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS
Appendix (V) Audit Questionnaire

Thesis Questionnaire
Process Alarm Management in Coordination with University of Stavanger and Eldor AS

This questionnaire is a part of a master thesis “Process Alarm Management – An Investment

towards Safe and Reliable Operations”.
This questionnaire will focus on understanding a control room operator insight into an alarm system
and requirements for well-functioning alarm system for safe and reliable operations. This research
has identified 4 dimensions of an alarm system to justify the requirement for any alarm
management activity
1. Cost of Poor Performance of Alarm System (Risk to people, Environmental, Financial)
2. Alarm system is large and complex (A database consists of several thousand alarms)
3. Not -one time fix (Continuous Improvement and Change Management)
4. Valid KPIs (An indication of safe and reliable operations rather than a statutory requirement)
Process operator’s day to day experience with process controls and their insight into alarm systems
is the key to establish principles of alarm design for smoother operations. Along with process
operator’s insight, this thesis will try to gather inputs from discipline leads, regulatory authorities
and control system engineers to establish the frame work to deliver a well-functional alarm system
for safe and reliable operations.
Eldor AS is a leading company in Alarm Management for the Oil and Gas industry in Norway for past
10 years. Eldor AS believes in
• Optimized alarm system gives optimized decisions and Alarm systems needs to be specified
and maintained to ensure safe operations

Eldor Management system (EMS) is the framework of strategy, goals, processes and procedures used by
Eldor AS to ensure that the tasks delivered by the organisation is in line with their vision and mission.
“Alarm Engineering” is one of the core process in EMS where it describes several procedures for various
alarm management activities.

This research chooses to analyse existing regulations and evaluate process operator’s requirement
based on their valuable experience from different installations, so that results may be imparted into
“Alarm Engineering” procedures available in EMS system. This research believes in keeping this
impeccable relation between regulator, regulated and system support to achieve
1. Safe and Reliable operations
2. Retention of operator knowledge
3. Regulatory compliance and reducing trips/downtime.

A well-functioned alarm system combines with coordinated operations management can drive not only safety
and ensure regulatory compliance but promote better plant availability and throughput, delivering real
business value. (Honeywell, 2017)

P ROCESS A LARM M ANAGEMENT – A N INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS I 114
 Thesis Consent

Name of the Researcher: Sudarsan Prathipati

University of Stavanger
Master in Technology and Operations Management

This interview will take about 30mnts to answer these questions. Considering their complexity of
questions with regards to technical details involved, this questionnaire is designed for face to face
interview instead of online survey.

Each question will carry a weighted score and median of all these weighted scores from all
participants will be taken for further analysis.

Thank you for taking time to participate and before we begin, could you please read the following
statements and then confirm your participation?

• I understand that this questionnaire is designed to gather information about academic work
for faculty of science and technology – University of Stavanger.

• I understand that I will be one of the 10 people being interviewed for this research

• I understand that interviewer will make the notes during interview and no audio tapes will be
used for this interview

• I understand that information about me will be treated in strict confidence and researcher
will not identify me by name but my position. My confidentiality as a participant in this
study will remain secure.

• I understand that no one will have access to raw notes or transcripts other than researcher
from my interview.

• I have read and understand the explanation provided to me regarding this research and
agreed to participate in this study.

• I have been given a copy of this thesis consent form

Participant Signature Researcher Signature

115 I PROCESS ALARM MANAGEMENT – AN INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS
 P ROCESS A LARM M ANAGEMENT – A N INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS I 116
117 I PROCESS ALARM MANAGEMENT – AN INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS
Appendix (VI) Interviews- Quantitative phase descriptive statistics

See below attached excel sheet for results

P ROCESS A LARM M ANAGEMENT – A N INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS I 118
 Expereinced Learning :: Concrete Experience and Reflective Observation ::Thesis Questionnaire Alanylsis - Process Alarm Management - Control Room Operators
In Coordination with University of Stavanger and Eldor AS
1 ABOUT YOU 2 WORKING ENVIRONMENT 3 CONTROL AND SAFETY ALARM SYSTEM (BEFORE ALARM PROJECT) 4 CONTROL AND SAFETY ALARM SYSTEM (AFTER ALARM PROJECT)
1.1 Position in Organisation? 2.1 Does this process plant have more than one control room? 3.1 How often alarm comes in normal operations? 4.1/4.3 Have you been involved with any of the alarm project activities?
Rationalisation [0] ,Top-N alarms [2], Alarm Suppression [6], Signal
* - [1,2,3, etc.,] - Very Often [10], Often [2], Normal [-2], Few [-6] conditioning (Hysteresis, Filter time.) [8], Alarm Rush handling [12], All
Above [16], None of the Above [-2]
1.2 How many days per rotation working in process 4.2 How long it took for one alarm including workshops, work packs and
2.2 How many operators for per shift in CCR? 3.2 What is the most annoying thing about the alarm system you are working on
control room? implementation? (Alarms per Workshop)
Wrong prioritisation [0], Alarm text of description [2], So many system related alarms [6], Alarms without any value/nytteverdi [8],
Inconsistency in presentation of alarms in different systems [10], Too many standing alarms [12], Too many alarms from equipment
[> 1]
- [Days] - [1,2,3, etc.,] out of operation [14], Safety related alarms are not explicitly identified [16], No alarm-help available [18], ESD Rush [22], No Display
Assume One Week Workshop
to Alarm [26]

1.3 Do you serve as an area operator in the field?
- [CCR = 100/ Field =0 / CCR+FIELD= 50 / % of
time in CCR]
2.3 How many Operator stations in CCR and Operators per station?
- [1,2,3, etc.,]
3.3 Do you think the plant integrity in terms of “safe operations” could have been better, if alarm system is improved? Yes/No
- [YES = 10/ NO =0/SOME EXTENT = 6/ DONT KNOW = -1]
4.4 How do you see the difference before and after alarm project?
Differentiation between alarm and information [0], Understandable alarms [2],
Right prioritisation [6], Sufficient Response time [8], Alarm rush [12], Less
number of standing alarms [16], No chattering [20], No duplicate alarms
[24], MUCH MORE TO IMPROVE [28], OVERALL IMPROVEMENT [32]

1.4 How long you have been working in this
site/installation –Yrs./Mon?
- [Expressed in terms of Months]
2.4 How the alarm response actions are allocated among the available
operators?
- Operator Availability[0], Proces Area[2], Both[6]
3.4 Do you think of any incident (Plant shutdown / Safety incident) connected to poor performance of alarm system?
4.5 How is the alarm load after alarm project (Ref: EEMUA 191)?
Uncertainty/Vulnerable to mistakes/ Incidents
- Predictive 1 alarm per 10 minutes [0]
- Stable 1to 10 alarms per 10 minutes [2]
- [YES = 10/ NO =0/DONT KNOW = -1]
- Over load >10 alarm per 10 minutes [6]

2.5/2.6 What are the supporting systems for process monitoring and 4.6/4.7 Does alarm project achieve the integrity among all aspects of alarm
3.5 How many incidents can you impart to poor performance of alarm systems in a year?
control for daily operations and safety/emergency preparedness? engineering? (Ignore disturbances due to plant operations)
- Alarm Systems, HMI, Radio, Lamps, PA, CAP [0]+ CCTV [2]+ LSD [6]
1-5 [2], 5-10 [6], >10 [12], HARD TO TELL [-2] - [YES = 10/ Some Extent = 6 /NO =0/DONT KNOW = -1]
+ Well Control [12]
2.7 Is there any other means of alerting apart from control and safety 4.11 What is the one thing that you see and needs to be maintained even
3.6 Is there any Health, Safety and Environmental incident among these?
alarm system? after alarm project is finished
Alarm priorities [0], Alarm limits [2], New alarm additions [6], Alarms on
No Others [-2], Marine [0], Marine, Radar [2], Marine, Radar, removed equipment [8], Alarm philosophy and strategy [12], Top- N Alarms
NEAR MISS [2], MINOR TO SEVERE INJURY [4], ENVIRONMENTAL DAMAGE [6]
Others(DARPS,Lightining,Fogg etc.,) [6] [16], Standing Alarms [20], All of the Above [24],

2.8 Does Alarm system supports you as it should for different plant 3.7 What is the major consequence for a process shutdown (Provided no HSE incident)? 4.12 How do you rate the usability of improved alarm system
Very Good[10], OK[8], Poor[0] Very Poor[-2] START-UP ISSUE [2], ECONOMIC LOSSES [4], OTHERS (QUALITY,WELL INTEGRATION etc., [6] - Very Good[10], OK[8], Poor[0] Very Poor[-2], DONT KNOW = [-1]
3.8a How long it will take to get back to normal production after a major Pressurised shutdown? Hours
- [2-24]
3.8b How long it will take to get back to normal production after a major De-pressurised shutdown? Hours
- [8-48]
3.9 What is the typical financial loss in case of a process shutdown? Per Day
[> 1] (Actuals)
3.10 Do you see the necessity of an alarm engineering project for improved performance, and what is the main driver for that?
REGULATORY COMPLAINCE [2] +REDUCING TRIPS/DOWNTIME [4] + OPERATOR KNOWLEDGE AND ALARM HELP [6]
3.11 Does your team leads/Supervisor takes alarm system in confidence with regards to its support and KPIs? Yes/No
- [YES = 10/ NO =0/TAKEN AS GRANTED = -1]
ID Q1.1 Q1.2 Q1.3 Q1.4 Q2.1 Q2.2 Q2.3 Q2.4 Q2.5/2.6 Q2.7 Q2.8 Q3.1 Q3.2 Q3.2 Q3.2 Q3.3 Q3.4 Q3.5 Q3.6 Q3.7 Q3.8a Q3.8b Q3.9 Q3.10 Q3.11 Q4.1/4.3 Q4.2 Q4.4 Q4.5 Q4.6/4.7 Q4.11 Q4.11 Q4.12
OPK –Offshore
Process Coordinator/
Senior Process-
1 SKARV/BP 14 100 72 1 3 5 6 6 -2 0 10 8 8 8 10 10 6 6 6 12 20 2,5 4 NA 0 NA NA NA NA NA NA NA NA
22 22 22
26 26 26
Offshore Production
Coordinator (OPK)-
2 SKARV/BP 14 50 84 1 3 5 6 6 6 8 2 6 6 6 10 10 2 6 4 12 48 12 4 10 16 NA 2 2 0 10 12 10
12 16 16 16
14 14 14 24 24
Process Tekniker /
Control Rooms
3 Tekniker -Total 240 50 54 2 2 2 0 6 6 10 10 2 2 10 10 12 6 4 12 24 6 6 10 16 NA 2 2 6 6 24 24 -1
6 6 6 16
12

119 I PROCESS ALARM MANAGEMENT – AN INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS
 Expereinced Learning :: Concrete Experience and Reflective Observation ::Thesis Questionnaire Alanylsis - Process Alarm Management - Control Room Operators
In Coordination with University of Stavanger and Eldor AS
1 ABOUT YOU 2 WORKING ENVIRONMENT 3 CONTROL AND SAFETY ALARM SYSTEM (BEFORE ALARM PROJECT) 4 CONTROL AND SAFETY ALARM SYSTEM (AFTER ALARM PROJECT)
Senor control room
technician – ULA
4 AkerBP 14 50 156 1 2 4 0 6 -2 8 10 8 8 8 10 10 6 2 2 6 12 6 6 10 -2 NA 6 6 2 6 NA NA 8
2 2 4
12 6
Senior Control Room
Technician – Valhall
5 AkerBP 14 50 228 1 3 3 6 6 -2 8 2 2 2 6 10 -2 NA 4 12 48 11 4 -1 -2 NA 16 NA NA NA NA NA
12
CCR Operator 1 –
6 Snore A 14 50 144 2 2 4 0 6 -2 0 2 2 2 10 10 -2 NA NA 12 24 2,5 6 10 0 NA 28 28 NA NA 8 8 NA
8 8 8 20 20
12
14 14 14
CCR Operator 2 –
7 Snore A 14 50 36 2 2 4 0 6 -2 0 10 8 8 8 10 10 -2 NA NA 12 24 12 6 10 8 NA 20 20 NA NA 8 8 NA
12
Operator 1 -
8 Åsgard - Kårsta 10 40 60 1 1 1 0 6 -2 8 10 6 6 6 10 10 -2 NA 4 8 NA 6 4 10 -2 NA 28 28 NA NA NA NA NA
Process Tekniker /
9 Train 300 - Kårsta 30 50 120 1 3 3 0 6 -2 0 2 2 2 6 10 2 6 4 6 8 200 4 10 NA NA NA NA NA NA NA NA NA
6 6 6
26 26 26
Automation Engineer-
10 SAS Kåsta NA NA NA NA NA NA NA NA NA NA NA NA NA NA NA NA NA NA NA NA NA NA NA NA 16 500 32 32 2 10 6 6 8
Summery
R1 Median/Mode 14 50 84 1 2 4 0 6 -2 8 10 12 2 8 10 10 2 6 4 12 24 6 4 10 0 500 16 2 2 8 12 8 8

P ROCESS A LARM M ANAGEMENT – A N INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS I 120
Appendix (VII) Alarm Optimisation Template

Alarm Text Alarm Help Priority Evaluation

Time to Severity of
Alarm Description Alarm Type Alarm Message Purpose of the Alarm Possible Cause Consequence No action Operator Action Respond Urgency Consequence Priority
Prepare a text in following High Mention any 5 Min Immediate None Prio 1
syntax High High additional 15 Min Prompt Minor Prio 2
Equipment>service> Low information 60 Min Soon Major Prio 3
destination area Low Low which is Mention the Describe relevant 6 Hrs No Action Severe Prio 4
This syntax is only for Fault relevant Mention the purpose Mention the cause of alarm consequence actions > 12Hrs Event

Alarm Rationalisation
Context Sensitivity Static Suppression Signal Conditioning Grouping
Emergency
Start-Up Process Shutdown Shutdown Alarm Hiding Alarm Delay Deadband Validity Details Group Name
Check if alarm Flow - 2 sec Flow - 5%
is relevant Lvl - 2 sec Lvl - 5% List of all
during Pres - 1 sec Pres - 2% alarms that Mention
Check if alarm is relevant Check if alarm is relevant emergency Temp -0 sec Temp -1% need to be relevant
during start-up during process shutdown shutdown Yes/No Yes/No grouped group name

Extended Information
Operator Res
Classification Key Alarm Effective Alarm Status
Personnel Safety Likely Maintenance/Info Alarm
Financial Consequence Challenging Duplicate Alarm
Environmental Protection Classify if its key alarm so that Unlikely No Alarm Configured
operator have more attention SOFT signal
towards it

Workshop Comments and Revision Handling

Comments Additional Comments Checked Signature Rev
X: Completed
Y: Query

121 I PROCESS ALARM MANAGEMENT – AN INVESTMENT TOWARDS SAFE AND RELIABLE OPERATIONS