Vous êtes sur la page 1sur 3

-

CHAPTER5

Process Control Systems

5.1 INTRODUCTION
The process control system links the human operator to the process equipment. The
designer must decide which functions to allocate to the process control system and
which to allocate to the operator. The current trend is to automate the control functions, and that trend has accelerated as computers, sensors, and data networks have
become more capable and reliable. This has reduced or eliminated much repetitive
manual work and facilitated both productivity and quality gains as fewer people
were required to operate more/larger processes.
In normal operation, the dominant issue for process control is designing the system to minimize the potential for human error. A well-designed process control system can check the validity of operator inputs based on the state of the system. For
example, if 3,000 liters have already been added to a 4,000-liter reactor, the control
system can reject an operator input calling for the addition of 2,000 liters of solvent.
The control system can also dampen extreme control moves so a valve does not
slam closed instantly when the operator changes the setpoint to 0. Human factors
considerations in process control will help operators avoid upsets and help operators diagnose and respond to those upsets that do occur.
However, to provide these benefits, the control system itself has become increasingly complex. Redundancy of the physical elements (sensors, logic solvers, displays, etc.) is necessary to achieve the required reliability, but the theoretical benefit
of such redundancy is severely limited by its ultimate reliance on-humans! Humans
can introduce common cause failures by miscalibrating multiple similar instruments,
misprogramming the software, leaving the system in test mode, and so on. The more
complex the control system, the more difficult it is for workers to maintain the system and to diagnose operational upsets. In highly automated systems, the operator
must be an expert troubleshooter, ready to step in and take control in unusual situations. This challenges the process designer to provide the human with the necessary
information to recognize, diagnose, and effectively respond to upset conditions.

5.2

ISSUES/EXAMPLES

The single biggest issue in process control is abnormal situation management. The
operator in a control room is deprived of much of the feedback that immerses a
Human Factors Methods f o r Improving Performance in the Process Industries
C 2007 American Institute of Chemical Engineers

37

38

PROCESS CONTROL SYSTEMS

hands-on operator (sounds, smells, vibrations, etc.). Thus, process designers try to
compensate by providing alarms that call the operators attention to unusual plant
conditions. This approach is fine as long as there are only a few intermittent alarms.
However, if there is a major upset, dozens (sometimes hundreds) of alarms flood
the operator with information that is impossible to comprehend. If the operator is
expected to diagnose the situation and prevent a unit shutdown, then an effective
system of alarm prioritization is required. Low priority alarms must be suppressed
so the operator can focus attention on the status of critical equipment.

In one facility, a large process upset overloaded the computer, resulting in the
computer not updating the displays. The operator was unable to determine the
state of the process from the computer displays.

A closely related issue is the management of nuisance and perpetual alarms.


These types of alarms typically result when alarm setpoints are poorly chosen,
when the equipment andor control system is poorly maintained, or when the alarm
logic takes no account of the equipment status (e.g., active alarms on idle equipment). Regardless, such alarms train the operators to ignore them or to aggressively
disable them (with rags stuffed in speakers, toothpicks wedged in acknowledge buttons, wires disconnected, etc.), which inevitably leads to human errors.

In one facility, operators ignored what they believed to be nuisance alarms warning of a runaway reaction. The ensuing explosion and fire killed four workers
and devastated the facility.

The process control system must be designed to provide enough information for
the operator to quickly diagnose the cause of the upset and respond to it. Simply
calling attention to the situation with an alarm is not enough. This requires that key
operating parameters be displayed in overview fashion (analog and trend displays
are usually preferred) and that operators be able to quickly navigate to detailed displays as needed. The displays must be updated quickly to show the operators immediately that their control moves are having an effect; otherwise operators tend to
overshoot the desired setpoint or toggle digital inputs repeatedly into an unknown
state.
A management issue in process control is whether to allow operators to force
an input into a desired state. The capability for an operator to override the automated system is often desirable when the system is upset and the operator can confirm
that the problem is, for example, simply a bad sensor. Another situation occurs
when the operator may need to respond to a situation that was not anticipated by the

5.4

REFERENCES

39

designers. However, if operators use the overrides repeatedly because equipment


failures remain uncorrected, disaster is sure to result. Overrides also allow operators
to bypass carefully planned system responses with spur-of-the-moment actions. So,
if overrides are allowed, there must be management controls in place to ensure that
overrides are not abused.

5.3 TOOLS
The tools used to gauge operator workload, as discussed in Chapter 16, may be used
to evaluate the process control systems compatibility with operator needs.

5.4

REFERENCES

Bransby, M.L. and Jenkinson, J. (1998), CRRl66: The Management of Alarm Systems
CRR 166 (Sudbury, UK: Health and Safety Executive).
EEMUA (1999), Alarm Systems, a Guide to Design, Management, and Procurement No.
19I (London: Engineering Equipment and Material Users Association).
HSE (2000), Information Sheet: Better Alarm Handling (Sudbury, UK: Health and Safety
Executive).
HSE (l999), HSG48: Reducing Error and Influencing Behaviour (Sudbury, UK: Health
and Safety Executive).
ISA (1 985), Human Engineering for Control Centers: ISA Standard RP60.3 (Research Triangle Park, NC: The Instrumentation, Systems, and Automation Society).
Kletz, T., Chung, P., Broomfield, E., and Shen-Orr, C. (1995). Computer Control and Human Error (Houston, TX: Gulf Professional Publishing).