Besides the control output, a controller can have extra relay or logic outputs that can be configured as high, low, deviation high, deviation low or deviation band alarms; deviation, that is, from the working setpoint. The usual convention is to have the relay or logic signal drop out in the alarm condition. This often is defined as "fail-safe" because bad relay contacts and broken wires will give a false alarm -- reckoned to be preferable to an unrevealed alarm which the opposite logic would suffer. However, before you rely too much on the term "fail safe," you must thoroughly analyze the failure modes in any alarm, interlock or shutdown chain for loss of protection. For serious overtemperature protection, do not depend on the alarm circuit in the controller itself. Instead, provide an independent second opinion in the form of a separate alarm instrument or module on its own dedicated thermocouple or RTD.
Rate-of-Change Alarm. There are times when you want an alarm to alert you to a fast-moving temperature -- for example, to head off a large temperature change or a thermal reaction. In these cases, you would specify a rate-of-change alarm and set it in units of degrees/minute.
Load-Break Alarm. With this feature, the controller watches and times any movement in the process temperature. At the same time, it notes its command to the power output device (a contactor, for example) and looks for a contradiction. The controller will trigger an alarm if:
- The heater contactor is welded closed, ignores the controller's command to turn off and produces a rise of process temperature.
- The heater is open circuit, ignoring the controller's command to deliver heat, so the controller sees that the temperature is falling.
- The temperature sensor is pulled away from the process heat and shows, say, room temperature, yet the controller, seeing a low unchanging temperature, is commanding full heat.
Solid-State Relay Monitoring. Some solid-state relays use the controller's turn-on-logic-signal wires to carry a pulse-coded signal to the controller representing heater current. The controller can pick up and alarm on two kinds of contradiction in these two signals.
- The solid-state relay has failed in the short circuit mode and is passing current in the absence of a turn-on logic signal. In this case, the alarm can be used to kick off a backup contactor.
- The solid-state relay has failed in the open circuit mode, or the load circuit is broken, so it ignores the controller's turn-on logic signal. Here, the alarm would give early warning of loss of process temperature.
Indications. If you are to trust your picture of the plant, you must pick up indications of plant condition directly from the parameter you want to monitor -- not by inference from other outputs such as the percentage output display on a controller. For example, you should look for actual heater current output or a signal from a position feedback device on a valve stem. Broken or disconnected valve actuator linkages can deceive your display.
Units of Measure. Dangers lurk in mistaking oF for oC and interchanging the imperial and metric units on your displays. Import and export of equipment will pose this threat until the world agrees on a common system.
Distributed Control Systems (DCS)While the principles covered refer to controllers, a DCS is functionally the same but has more comprehensive graphic displays and data analysis. There is also an intermediate control package where controllers and indicators with communicating capability are integrated into a PC, which becomes the user interface for display and operator manipulation. An advantage to this approach is that the controllers can continue to independently control, protect and indicate if the computer goes offline or hangs up. Some operators feel more in control with this backup and the ability to isolate and exchange controllers and indicators.
Man-Machine Interface (MMI). You can harm yourself and the process by not understanding the meanings of the settings, readings and parameter adjustments that you have to use. Many MMIs are anything but natural and instinctive, and it is possible to find yourself out of your depth and guessing. Insist on clear MMIs and user manuals when you buy equipment, then practice so you will know the results of any adjustments, especially those where you can manually override and defeat safety features. I would recommend a getting input from operators and maintenance staff at the design stage with respect of plant overviews, detailed displays, control manipulation and response to the unexpected.