Alarms in Process Control Instruments
Industrial processes are increasing in complexity while being tended by fewer operators. At the same time, companies are demanding improved quality, increased efficiency and higher process yields. To meet these demands, engineers are relying on their control instrumentation to help manage the process.
Some of the most important functions contributing to process management are the independent alarms that are built or programmed into the control instrumentation. Alarms maintain high quality and minimize machine downtime. Significant labor and material savings can be provided by a good alarm system. Independent monitoring of alarms from a digital controller or process alarm unit preserves alarm operation even when the process computer has failed.
Independent alarms are distinct from those generated within the software of a computer supervisory system because they are built into the hardware or firmware of the instrument. They may operate as a secondary task within a continuous control device such as a discrete temperature controller. They also may operate as a primary task within an independent process alarm instrument that acts as a policeman by continuously monitoring one or more process parameters.
An alarm's purpose is to protect personnel, equipment or the process from unsafe conditions, or to alert the operator when conditions exist that can affect process quality. Once an alarm has been detected, it may be used to alert an operator to initiate a manual control action; initiate automatic action within the process according to predesigned responses; or simply monitor and log the alarm for a process record. Alarms also can be transmitted via digital communications to supervisory computers where they can be used to initiate control actions and create logs, reports and historical files.
Fixed and configurable instrument alarms normally are used to switch an output, usually a relay or logic signal, to provide interlocking of the machine or plant and external audio or visual indication and annunciation of the condition. Some alarms, called soft alarms, only are indicated within the controller and are not attached to an output.
A Look at Alarm TypesAlarms can be divided into two groups: process alarms and equipment alarms. Process alarms are generated when preset parameter levels for real or derived process variables are exceeded. Such familiar functions as measured variable, high, low or deviation alarms are typical of process alarms. Equipment alarms or diagnostic alarms are generated when equipment malfunctions occur that can affect the process by disrupting normal instrument hardware or software operation. Common examples of equipment alarms include loss of communications or processor watchdog timeout.
Process Alarms. Control instruments can be provided with a number of process alarms (figure 1). Alarm messages are locally displayed and are available on communications. The setpoints for these alarm types may have an associated hysteresis, which is the difference between the alarm setpoint ON value and OFF value. Hysteresis normally is adjustable and prevents output chatter from occurring by separating the ON and OFF points.
Full-Scale High or Low Limit Alarms. Activated when the measured value crosses the absolute high or low alarm setpoint from the safe region to the alarm region, some instruments provide as many as four such alarms. Generally, HI and LO alarms provide annunciation only while HI-HI and LO-LO alarms provide annunciation and shutdown interlocks.
Deviation Alarms. These alarms include deviation high, deviation low and deviation band type. A deviation alarm is tied to the difference between the measured value and the process setpoint and will follow the setpoint if it is changed. The deviation band alarm has both a high and low deviation, which may be the same as or different than high and low bandwidths.
Rate of Change Alarms. Used to detect changes in the measured value in units per minute or second, this alarm occurs when the rate of change of the measured value exceeds the value set as an alarm setpoint. Positive or negative changes in the measured value can activate the same alarm or two independent alarms.
Derived Variables. Calculated by programmed formulas that mathematically combine real variables (such as averaged thermocouple inputs), derived variables may have any of the above process alarm types applied in the same way as real variables.
Equipment AlarmsDepending on the sophistication of the model feature set, control instruments can have a suite of equipment alarms. They annunciate instrument malfunctions that can have serious process consequences. Equip-ment alarms generate display and communications error messages, may be connected to fixed relay alarm outputs that default to safe conditions and include the following types of alarms:
- Input over or under range, sensor-break and loop-break alarms monitor such hardware failures as broken sensors, open thermocouples, heater burnout, faulty output device, loose wiring or input-signal level beyond input range.
- Instrument hardware diagnostic alarms indicate general hardware failures such as blown line or output fuse, memory backup battery low, blackout or brownout of DC power supply, individual PCB diagnostic alarms, improper plug-in board configuration, or front-panel keyboard fault.
- Instrument software diagnostics indicate checksum errors representing parameter or program corruption in electrical erasable memory, configuration errors monitoring download of configuration data, and communications errors representing loss of data, timing or external communications handshake.
- CPU and memory alarms include a watchdog timer that trips when the processor fails to reset at each program cycle and ROM/RAM self-test routines to confirm memory function. In addition, some instruments monitor internal environmental temperature, checking for component overheating.
Alarm Modes and TypesThe mode of an alarm defines how it is detected and executed. Choosing an alarm mode lets the process engineer select the best alarm response for the process conditions. Depending on the sophistication of the instrument, a variety of alarm modes is available.
Standard Nonlatched Alarms. Set when the measured value moves from the safe zone and crosses the threshold defined by the alarm setpoint, standard nonlatched alarms will reset when the measured value moves back into the safe zone, crossing the reset threshold as defined by the setpoint less the hysteresis.
Latched Alarms. There are of two types of latched alarms. Each will remain set in the alarm state, even if the measured value returns to the safe zone, until an operator executes an acknowledgement. A manually latched alarm can only be acknowledged after the alarm condition is removed. For example, a latching high limit alarm would be used for system shutdown when the process exceeds safe operating temperatures.
Blocking or Masking Alarms. Typically used on low alarms, blocking or masking alarms are only active after the startup phase following the first time the measured value achieves the safe state. The alarm is blocked during the initial start to allow the machine to achieve initial run conditions and will only indicate the next time it is active.
Alarm Delay or Alarm Inhibit. These two alarm modes commonly are used. Alarm delay imposes a short time delay before the triggering of an alarm. This is done to avoid nuisance alarms when spurious process noise is present. Alarm inhibit suspends an alarm action for the duration of an external or internal inhibit signal. Alarms may be inhibited during maintenance activity or during operations not involving the alarmed equipment.
Combined Alarm Mode. Combining alarm modes allows the collection of multiple instrument alarms by a logical function within the instrument (most commonly the OR function). The resultant output is attached to a single relay output. This enables alarm strategies that can eliminate multiple external alarm-collection hardware. Today's instruments have the ability to combine alarms using such logic operations as OR, XOR, AND and LATCH (figure 2).
Alarm Output Relay. Output relay for an alarm may be configured to energize or de-energize when the alarm is set. They often present both the NO and the NC contacts for external connection. Combining these features provides flexibility in selecting an alarm strategy to match the plant requirements. An alarm that is configured such that its coil is energized and its NO contacts are closed when the alarm is OFF is considered failsafe because the external circuit through the alarm relay is complete only if there is no alarm and the instrument is working properly.
The level of functionality, programmability and alarming choices in today's process instruments provide the user with the capability to create a local alarm strategy that can best achieve the competitive goals of operating safely, reducing costs, minimizing downtime and improving quality.