In conversation with Gert Sloof (co-author Process Safety Handbook) on alarms, instrumental safety and human factors

Instrumental safety, alarm management and human factors. With these topics, Gert Sloof (senior consultant at Bilfinger Tebodin and lecturer at PHOV) contributed to the Process Safety Handbook, which was published in June 2022. These are topics that may generally receive more attention in the profession, which are perhaps sometimes stepped past too quickly. The SDN sat down with Gert to discuss his contribution to the handbook.

class="img-responsive
What is the value of alarms in your business?

Alarm management, a subject that does not immediately spring to mind when you think of process safety. Perhaps unfairly, after all, alarm management plays an important role in the control of the process installation by the operation. "As also described in the handbook, companies are predominantly under the impression that an additional alarm does not cost money. This is not the case. An additional alarm creates unrest in the central guard. In addition, an excess of alarms, especially those that do not actually contribute to process operations, creates an inefficiency in operations." so explains Gert. "In addition, with too many alarms you cause potentially dangerous situations in the event of a calamity, because when there is a tidal wave of alarms, an operator only just has to have the right knowledge and attention to adequately evaluate which of them need to be addressed first." In this regard, Gert also refers to the four types of operator notifications, first considering the type of signal the operator should receive. After all, an alarm is only one of four ways in which the operator can be notified of a situation in the process plant.

class="img-responsive
class="img-responsive

Gert reflects with his practical experience on opportunities in alarm management for the industry: "In the field of alarm management there still seems to be a lot of profit to be made especially in the smaller companies in the process industry, as this subject has already taken more structural shape especially in larger (corporate) organizations." In doing so, he offers his thoughts for companies that want to take low-threshold first steps in alarm management: "Start with historical trending and, for example, monitor for a week all alarms received by the operation. This can be done in a low-threshold manner with a turf list per shift and by having operators indicate whether the alarm contributes to their efficiency; ask the operator for feedback. With a list of alarms and this evaluation by operators, you already have an improved understanding of the value of alarms in the organization. Then look for alarms that actually belong in one of the other operator notification types."

Gert gives several examples where things can sometimes go wrong with alarms in practice. The first is about a situation where an alarm with the wrong technology has been selected. "Suppose you have a foaming or 'sloshing' product in a tank with a level alarm. If you have selected the wrong level technology, then an alarm can keep coming in and going out on its own even though there is not actually a high level in the tank. In other words, you keep getting alarms that really shouldn't be alarms. This causes unrest in the operation and potentially more dangerous: the alarm is ignored at some point."

Another example is about manually stopping various plant components, causing alarms to come in: "In some cases, a pump has to be stopped manually. If alarm management is not in order, manually stopping a pump may result in the operator being 'rewarded' with both the 'low pressure' and 'no flow' alarms. This can cause problems during periods of a stop, when the many alarms can obscure the fact that there may be another piece of equipment giving a justified alarm signal. For example, a motor inadvertently still on in an otherwise empty plant."

The risk of insufficient alarm management is the creation of a form of alarm normalization, a situation where it is accepted practice to start ignoring alarms. In doing so, a signal is no longer received by the operator when actual action is required on a system anomaly. In the manual, Gert describes the elements of alarm philosophy and what things must be in place for each alarm point. It mentions what is important in alarm management, for the reader who wants to address the subject more extensively, the standard IEC 62682 - Management of alarm systems for the process industries is recommended.

class="img-responsive
Instrumental Safety and Human Factors: Opportunities for AI and big data?

In addition to alarm management, Gert has also written about instrumental safety: "In the book, I take the reader through the first steps of the concept of instrumental safety. How do you include this type of safety in your plant design? How do you arrive at design requirements in the context of a so-called probability of failure on demand? In addition, he explains why safety requirement specifications are important, as well as SIS design verification and field validation."

For those who have not yet mastered the subject matter of instrumental safety, Gert summarizes. "The main gain to be made in instrumental safety is in learning from experience. If you have several automatic guards in your plant, it is important to think carefully about which guards need which test tests and what is the value of a test from safety. If I test my automatic (instrumental) safeguard today, that doesn't guarantee it will do it until next year. Use results from all trial tests more often to systematically extract bad actors from the system. Big data and AI could potentially play a much bigger role in this in the future than we may realize today."

Gert's third contribution to the handbook concerns human factors. In the book, chapter 8.4.1, he introduces the three generations of analysis methods for 1human failure:

  • human errors seen as phenomena resembling hardware failures (THERP - Technique for Human Error Rate Prediction)
  • consideration of cognitive mechanisms of human performance (HEP - Human Error Probabilities)
  • developed a causal behavioral model based, among other things, on relevant findings from cognitive psychology, behavioral science and neuroscience (IDAC - Information, Decision and Action in a Crew)

"It's actually surprising that there is limited attention to making work instructions foolproof," says Gert. Research shows that only 10% of industrial accidents are actually due to person-related aspects such as emotion, health or negligence. About 75% of accidents occur due to deficiencies in external factors, such as incomplete or incorrect work instructions, lack of training, lack of supervision, poor man-machine interfaces, suboptimal working conditions and inadequate personnel. The remainder is due to technical failure on the one hand and natural disasters on the other.

In practice, instructions still regularly contain inaccuracies, large or small. In such cases, reliance is placed too quickly on the knowledge of the operator, who has to correct the inaccuracies himself during the execution of the work, Gert observes, "and deviating from a work instruction is insufficiently considered a violation. This gives you the risk of creep at the operation in performing work, but it is more difficult for younger or new employees to learn to perform work activities properly in the operation."
Gert continues with an example that a senior operator may underestimate how complex and/or risky an alignment with many manual operations on valves can be: "A senior operator often knows what needs to be done for a specific alignment and which manual valves need to be converted in which order. However, as long as such activities are not secured in an instruction, you also have not performed a risk analysis with four-eyes (or more) principle, which introduces the risk that the operator has not considered all possible scenarios in his or her work (think also attention to black swans)."

Future Process Safety Handbook

Finally, Gert reflects on the Process Safety Handbook of the future. "In a next edition, say 10 years from now, I think new topics could be introduced in the handbook. In particular, Cyber Security for Operation Technology, Artificial Intelligence and Machine Learning are topics with a potentially broad impact on process safety."

Gert closes the talk with a quote that for him reflects the importance of the field: "Safety is not a priority, safety is the condition under which we do our work."

Would you like to read how Gert experienced co-writing the handbook, as well as how his environment received it? Then read his blog at Bilfinger Tebodin via this link.

class="img-responsive