Académique Documents
Professionnel Documents
Culture Documents
This includes the bulk of all processes operating Codes, standards, and practices are usually
today, specifically: considered “recognized and generally accepted
good engineering practices.” In the OSHA
• Petrochemical interpretation letter to ISA, a National Consensus
• Chemical Standard, such as ISA-18.2, is a RAGAGEP.
• Refining OSHA recognizes ANSI/ISA S84.01-1996 as
• Platform an example.2 There exists a “Memorandum
• Pipelines of Understanding” between OSHA and ANSI
• Power Plants regarding these matters.3
• Pharmaceuticals
• Mining & Metals There is little question ISA-18.2 is an example
of RAGAGEP, and companies should expect
Additionally, it applies whether your process is the regulatory agencies to take notice. Generally,
continuous, batch, semi-batch, or discrete. The a regulated industry can be expected to either
reason for this commonality is that alarm response comply with RAGAGEP or explain and show
is really not a function of the specific process being they are doing something just as good or better.
controlled; it is a human-machine interaction. The Indeed, OSHA has sought and received permission
steps for detecting an alarm, analyzing the situation, from ISA to internally distribute ISA-18.2 to its
and reacting are steps performed by the operator. inspectors. This was with the specific intent to be
There is little difference if you are making (or able to easily cite it in investigations and used for
moving) gasoline, plastics, megawatts, or aspirin. enforcement reasons.
While many industries feel “We’re different!”, that
is simply not the case when it comes to alarm The U.S. Chemical Safety Board (www.csb.gov)
response. Many different industries participated will also be using ISA-18.2 as a resource in its
in the development of ISA-18.2, recognized investigations. Other regulatory agencies are also
this, and the resulting standard has overlapping becoming aware of ISA-18.2. The American
applicability. Petroleum Institute (API) will soon release API
RP-1167, Alarm Management Recommended
ISA-18.2 indicates the boundaries of the alarm Practices for Pipeline Systems. This API document
system relative to terms used in other standards, is in full alignment with ISA-18.2, and the Pipeline
such as Basic Process Control System (BPCS), and Hazardous Materials Safety Administration
Safety Instrumented System (SIS), etc. Several (PHMSA) generally adopts API recommended
exclusions are listed to not contradict existing practices in their regulatory language.
content in other standards.
4. Grandfathering
3. Regulatory Impact A grandfather clause used by other ANSI/ISA
This paper is not intending to be a detailed clause- standards was also used in ISA-18.2. It is:
by-clause interpretation of OSHA, EPA, DOT,
PHMSA, or other regulations. The regulatory “For existing alarm systems designed and constructed in
environment is complex and overlapping for accordance with codes, standards, and/or practices prior
some industry segments. Many industries are to the issue of this standard, the owner/operator shall
clearly covered by OSHA 1910.119 Process determine that the equipment is designed, maintained,
Safety Management, which makes a few specific inspected, tested, and operated in a safe manner. The
mentions of alarms. practices and procedures of this standard shall be applied
to existing systems in a reasonable time as determined by
the owner/operator.”
2. See http://www.osha.gov/pls/oshaweb/owadisp.show_document?p_table=INTERPRETATIONS&p_id=25164
3. See http://www.osha.gov/pls/oshaweb/owadisp.show_document?p_table=MOU&p_id=323
© PAS 2010 2
The two instances of “shall”, which are type of DCS. They are used to indicate when
highlighted, indicate mandatory requirements. the alarm functionality is not working (generally
This clause mimics language used in OSHA through an override mechanism of some sort).
regulation 1910.119(d)(3)(iii). It is possible, and unfortunately common, to
suppress an alarm outside of the proper work
5. Definitions in ISA-18.2 practices, and the detection of such undesirable
An immense amount of work was done in situations is part of the Monitoring life cycle
researching and carefully crafting various stage.
definitions, while maintaining consistency
between ISA-18.2 and other references. 7. The Alarm Management Life Cycle
ISA-18.2 defines an alarm as “an audible and/or ISA-18.2 is written with a life cycle structure
visible means of indicating to the operator an equipment comprised of ten stages (see Figure 1). They
malfunction, process deviation, or abnormal condition are:
requiring a response.”
Alarm Philosophy: Documents the objectives
6. Alarm State Transitions of the alarm system and the work processes
ISA-18.2 includes a to meet those
moderately complex objectives.
diagram depicting the
Identification:
alarm states and sub-
Work processes
states of “Normal”,
determining
“Unacknowledg ed”,
which alarms are
“A c k n o w l e d g e d ” ,
necessary.
“Returned-to-Normal”,
and “Latched”. Of Rationalization:
particular interest are The process
the states of “Shelved”, of ensuring an
“Suppressed by alarm meets the
Design”, and “Out of requirements
Service”. These have set forth in the
specific meanings: alarm philosophy,
including the tasks
“Shelved” is an alarm Figure 1: The Alarm Management Life Cycle
of prioritization,
that is temporarily suppressed, usually via
classification, settings determination, and
a manual initiation by the operator, using a
documentation.
method meeting a variety of administrative
requirements to ensure the shelved status is Detailed Design: The process of designing
known and tracked. the aspects of the alarm so that it meets the
requirements determined in rationalization and
“Suppressed By Design” is an alarm
in the philosophy. This includes some HMI
intentionally suppressed due to a designed
depiction decisions and can include the use of
condition. This is a generic description that
special or advanced techniques.
includes such items as simple logic-based
alarms and advanced state-based alarming Implementation: The alarm design is brought
techniques. into operational status. This may involve
commissioning, testing, and training activities.
“Out of Service” is a non-functioning
alarm, usually for reasons associated with the Operation: The alarm is functional. This stage
Maintenance stage of the life cycle. An “Out includes refresher training, if required.
of Service” alarm is also tracked via similar
Maintenance: The alarm is non-functional
administrative requirements to a shelved
due to either test or repair activities. (Do not
alarm.
equate this life cycle stage with the maintenance
The terms “suppress” and “alarm suppression” department or function.)
are intentionally generic and not specific to a
© PAS 2010 3
Monitoring and Assessment: The alarm the operator first. But I can make this change
system’s performance is continuously monitored without that and the alarm will remain online
and reported against the goals in the alarm throughout.”
philosophy.
Management of Change Stage: Engineer: “So
Management of Change: Changes to the alarm far, I haven’t actually changed anything. Before I
system follow a defined process. type in and activate this new number for deadband,
I mentally review the management of change
Audit: Periodic reviews are conducted to maintain
requirements for doing so. This specific type of
the integrity of the alarm system and alarm
change is covered in our alarm philosophy, and
management work processes.
our site procedures empower me to make this
7.1. Life Cycle Stages vs. Activities change as part of my authorized job duties. I do
Do not confuse a life cycle stage with an activity. not have to seek any approval or signatures. I will
Life cycle is a structure for the content of the ISA- have to document this change in the master alarm
18.2 document. It is not specifically or necessarily a database though.”
list of activities to be accomplished in a particular
Implementation Stage: Engineer: “Now I
order.
actually change the deadband. I type in the new
For example, in a matter of minutes an engineer number and hit ‘Enter.’ Done!”
could sit down and resolve a single nuisance
Rationalization Stage4: Engineer: “Since I have
chattering alarm. That task could involve going
the proper security access, I will add this new
through several different life cycle stages as part
deadband setting into the master alarm database
of performing the activities associated with a
along with my name, date, and reason. I will also
simple task. Consider the following:
make a note in the weekly nuisance alarm tracking
Monitoring Stage: Engineer: “Well today, I am report about this one. As long as I am here looking
spending some time fixing nuisance alarms. Which at this alarm, I note it is configured as a Priority
of my alarms are on the most frequent alarm list? 3. That seems reasonable, but let’s just check the
Ah, there’s one – a chattering high-value alarm on online master alarm database for the reasons that
the column pressure.” resulted in that priority assignment. Hmmm, they
look pretty good. If they did not, I could not
Identification Stage: Engineer: “Ah yes, I change them myself. I need the Prioritization team
happen to remember that we need this alarm as take a look at it. Any change in priority requires
part of our quality program; however my job notification to the operators.”
today is to make it work correctly and eliminate
the chattering behavior, not to decide whether to Monitoring Stage: Engineer: “Part of my work
get rid of it or not. So I don’t have to research process for this is to continue to look at the alarm
as to whether it was originally specified by some data to see if this deadband setting change solved
particular process like a PHA.” the problem. I will add this one to my tracking and
follow-up list.”
Detailed Design Stage: Engineer: “Let’s check
the configuration of this alarm. There’s nothing In a few minutes, several different life cycle
unusual about it. Hmmm, I see that the alarm stages were briefly visited in accomplishing this
deadband on this point is set to zero. That’s one example task. In understanding and applying
certainly not a proper thing and could easily ISA-18.2, do not get overwrought about trying to
lead to chattering behavior. Let’s examine some figure out which life cycle stage you are in at any
process history and alarm history, and consult a point in time. It is a requirements structure, not a
good book on alarm management to determine a work process sequential checklist.
more appropriate deadband setting.”
In 2006, PAS published The Alarm Management
Operation Stage and Maintenance Stage: Handbook, which provided a proven seven-step
Engineer: “Now I am going to alter the alarm methodology for solving an alarm system problem
deadband to a new setting. Hmmm, do I have and accomplishing effective alarm management.
to take the point off-scan to do that? Not in this There is no conflict between this seven-step
case, on this DCS. If I did, I would have to tell approach and the ISA-18.2 life cycle methodology;
4. Documentation is a part of the Rationalization stage of the life cycle
© PAS 2010 4
there is only some different nomenclature and 8.2. Highly Managed Alarms
task arrangement. The committee thought it desirable to explicitly
define one class of alarms. A variety of
8. The Alarm Philosophy Life Cycle
designations were considered, from “critical” to
Stage “vital” to “special” to “super-duper.” “Highly
ISA-18.2 recognizes that an alarm philosophy Managed Alarms” or HMAs was chosen as
document is a key requirement for effective the term. The intent is to identify the alarms
alarm management. A table lists topics which that must have a considerably high level of
are noted as either mandatory or recommended administrative requirements.
for inclusion. Remember that a standard
describes the minimum acceptable, not the Now, there is no requirement to have or use
optimum. this classification. However, if you do, if you
state “this classification in my philosophy is per
The major mandatory contents of the alarm the ISA-18.2 usage of Highly Managed”, then
philosophy include roles and responsibilities, you must document and handle a multitude of
alarm definition, the basis for alarm special administrative requirements in a precise
prioritization, HMI guidance, performance way according to the standard.
monitoring, management of change, training,
etc. The various mandatory requirements for HMAs
are spread over several sections throughout
There are no surprises in the list except for two ISA-18.2. These include:
concepts not previously included in the Alarm
Management lexicon, “alarm classification” • Specific shelving requirements,
and “highly managed alarms”. such as access control with audit trail
• Specific “Out of Service” alarm
8.1. Alarm Classification requirements, such as interim
Alarm classification is a method for assigning protection, access control, and audit
and keeping track of various requirements trail
for alarms, mostly administrative ones. For • Mandatory initial and refresher
example, some alarms may require periodic training with specific content and
refresher training, while others may not. The documentation
same could be true for testing, maintenance, • Mandatory initial and periodic
reporting, HMI depiction, and similar aspects. testing with specific documentation
Alarm classes are defined and used to keep • Mandatory training around
track of these requirements. It is mandatory in maintenance requirements with
ISA-18.2 to define alarm classes. specific documentation
• Mandatory audit requirements
This is a slightly unusual thing for a standard.
Normally, standards tell you what to do but not PAS’ advice is to specifically avoid the usage of
how to do it, or to require a specific method. this alarm classification. You might choose to
For example, the standard could have simply have your own similar classification, and then
stated, “Identify and track alarms that require choose only the administrative requirements
periodic testing.” There are a variety of methods you deem necessary for those alarms. These
to successfully do this and a classification will probably be only a subset of the ISA-18.2
structure is only one of them. However, the listing for HMAs.
committee elected to require a classification
structure, though it need not be an onerous 9. The Alarm System Requirements
one. There are no specific class requirements Specification (ASRS)
and no minimum number of class definitions This non-mandatory section basically says that
specified. PAS recommends the “keep it if you are buying a new control system, it is
simple” approach and have a straightforward a good idea to write down your requirements
class structure with minimal variations. and evaluate vendor offerings and capabilities
against them. Specific deficiencies in the
chosen system can drive the acquisition or
creation of third-party or custom solutions.
© PAS 2010 5
The ASRS then becomes a useful document for mandatory contents of the rationalization stage
system testing and acceptance. are for specific alarm documentation and alarm
classification.
10. The Alarm Identification Life Cycle
Stage The section is quite short since it intentionally
This section of ISA-18.2 notes that different avoids listing specific methods for effective and
methods are used to initially identify the need for efficient rationalization. Some examples of such
some alarms. All modern control systems have a methods are planned for one of the follow-up
lot of built-in alarm capability; perhaps more than ISA technical reports.
a dozen types of alarms available for some point
types. 12. The Basic Alarm Design Life Cycle
Stage
In some cases, the need for use of one of those
This section describes the common capabilities of
types or the creation of a specific alarm via custom
control system alarm functionality and how they
logic or calculation may be driven from a variety
relate to the alarm state diagram. There is some
of process-related sources. These are the usual
non-mandatory advice about the proper usage of
list of studies such as a Process Hazard Analysis
some alarm types and some alarm configuration
(PHA), Layer of Protection Analysis (LOPA),
capabilities, such as deadband and delay time.
Failure Mode and Effects Analysis (FMEA), etc.
13. Human-Machine Interface (HMI)
11. The Alarm Rationalization Life Cycle
Design for Alarm Systems
Stage
This section describes the desired functionality for
This life cycle stage consists of several activities.
indicating alarms to the operator. Since there is a
Most people familiar with alarm management
current ISA standard in development specifically
concepts think of rationalization as the specific
about HMIs (ISA-101), this section is intentionally
activity of a team reviewing an alarm system and
limited.
making decisions about usage, priority, setpoints,
etc. In ISA-18.2, the word is used to indicate a Some items discussed (with little detail), include:
collection of activities that may be done in a
• Depiction of alarm states, priorities,
variety of ways.
and types
The activities are as follows: • Alarm silencing and
acknowledgement
• Ensuring alarms meet the criteria set
• Alarm shelving, designed
forward in the alarm philosophy
suppression, and out of service conditions
• Justifying the need for the alarm
and depiction
• Marking for deletion alarms that
• Alarm summary display functionality
should not exist
• Other alarm-related similar displays
• Determining the appropriate alarm
and functionality
• type
• Alarm sounds
• Determining the appropriate alarm
• Alarm information and messages
setpoint or logical condition
• Alarm annunciators
• Determining the proper priority
• Documenting any special design Many functionality items are listed as mandatory
considerations for an alarm or recommended. The major mandatory items
• Documenting any advanced alarming are for specific depiction of various alarm-related
capabilities desired for an alarm conditions, and specifically required HMI screens
• Documenting relevant information and functionality. These items are typically within
such as operator action, consequences, the capabilities of most modern control systems.
etc. It is noted at the start of the section that some
• Determining the alarm’s classification described features are not possible in some control
systems. You can still be in compliance with the
Note all of the activities listed above include both
standard if you have such a system.
the cases of review of already existing alarms or
consideration of potential new alarms. The major I would estimate that the ISA-101 standard on
© PAS 2010 6
HMI is several years from issuance. It actually They are as follows:
might turn out to be just a technical report than
• Planning
a standard; this is uncertain. In the meantime,
• Training for new systems and
if you want more detailed information
modifications
on creating proper and effective operator
• Testing and validation for new
graphics, we recommend our latest book The
systems and modifications
High Performance HMI Handbook, as well as the
• Documentation of training and
ASM Consortium Guidelines for Effective Operator
testing
Display Design.
16. The Operation Life Cycle Stage
14. Enhanced and Advanced Alarm
This section deals with mandatory requirements
Methods and non-mandatory recommendations for
This is an informative section providing an
in-service and operating alarms. The areas
overview of alarm features and capabilities that
addressed are:
are usually a bit beyond the standard capability
of a control system. This section notes that • Alarm response procedures
usage of such advanced capabilities may require • Alarm shelving, including
additional design work and support. documentation
• Operator refresher training, including
These types of advanced methods briefly
documentation
discussed include the following:
• Information linking 17. The Maintenance Life Cycle
• Logic-based alarming Stage
• Model-based alarming This section is not about the maintenance
• Alarm attribute modification department or the maintenance function.
• Externally enabled systems It is about the condition where an alarm
• Logical alarm suppression/ has been removed from service specifically
attribute modification for testing or repair. The section covers
• State-based alarming mandatory requirements and non-mandatory
• Model-based alarming recommendations for the following:
• Non-control room considerations
(such as remote alarm notification) • Moving alarms in and out of the
• Paging, e-mailing, and remote Maintenance stage of the life cycle,
alerting systems including notification, tracking, and
• Supplementary alarm systems documentation
• Continuously variable alarm • Interim procedures for when alarms
thresholds are out of service
• Batch process alarm • Periodic testing of alarms, including
considerations record-keeping
• Training, testing, and auditing • Refresher training for personnel
systems involved with alarm repair or testing
• Alarm attribute enforcement • Alarm validation in regard to
equipment replacement
15. The Implementation Life Cycle
Stage 18. The Monitoring and Assessment
This section covers the activities and Life Cycle Stage
requirements around implementing a new This is the stage in which alarm system
alarm system or implementing desired changes performance is measured and reported. The
to an existing one. The areas covered generally intent is to verify that the other life cycle stages
have both mandatory requirements and non- are successful in creating an alarm system that
mandatory recommendations. is effective.
© PAS 2010 7
It is mandatory that alarm system performance be The items covered are:
measured and compared against goals identified
• Changes subject to management of
in the alarm philosophy. Four clearly defined
change
terms are used in this section: “monitoring”,
• Change review process requirements
“assessment”, “audit”, and “benchmark”.
including the consideration of
Several analyses are described and recommended technical basis, impact, procedure and
for alarm system performance measurement. A documentation modifications, review,
non-mandatory table indicating recommended and authorization
performance goals and metrics is provided. The • Ensuring changes are in accordance with
numbers allow for possible modifications, and are the alarm philosophy
as follows: • Temporary changes
• Implementation of changes
“The target metrics in the following sections are approximate
• Change documentation requirements
and depend upon many factors (e.g. process type, operator
and recommendations
skill, HMI, degree of automation, operating environment,
• Alarm decommissioning
types and significance of the alarms produced). Maximum
recommendations
acceptable numbers could be significantly lower or perhaps
• Alarm attribute modification
slightly higher depending upon these factors. Alarm rate
requirements and recommendations
alone is not an indicator of acceptability.”
The analyses described are: 20. The Audit Life Cycle Stage
The Audit stage involves a more comprehensive
• Average annunciated alarm rate per
review of not only the performance of the
operating position (per day, per hour, per
alarm system itself, but also of the various work
10 minutes, with acceptability numbers)
processes associated with it. The section covers
• Peak annunciated alarm rates per
the nature of audits, items to be examined, and
operating position
some recommendations around practices, such as
• Alarm floods (calculation methods and
interviews and action plans.
recommendations)
• Frequently occurring alarms 21. Summary
• Chattering and fleeting alarms ISA-18.2 is an important standard and will
• Stale alarms undoubtedly result in a significant safety
• Annunciated alarm priority distribution enhancement for the process industries. It validates
(alarm occurrences) and embodies practices that industry experts and
• Alarm attributes priority distribution leading manufacturing companies have advocated
(alarm configuration) for many years. The publication of ISA-18.2
• Unauthorized alarm suppression has significant regulatory consequences, and
• Alarm attribute monitoring (for companies are advised to become familiar with its
unauthorized change) contents.
In deciding the particular measures and About the Author
performance numbers, the committee did Bill Hollifield is the
considerable research to achieve consensus. PAS Principal Alarm
Several analyses with problematic concerns were Management and HMI
intentionally left out. Recommendations for the Consultant. He is a voting
reporting of alarm system analyses are provided. member of the ISA SP-
18 Alarm Management
19. The Management of Change Life
committee and the
Cycle Stage American Petroleum
This section deals with mandatory requirements
Institute’s committee
and non-mandatory recommendations for change
developing API-1167 Recommended Practices for
of the alarm system.
Alarm Management of Pipeline Systems. Bill is also the
coauthor of The Alarm Management Handbook, The
High-Performance HMI Handbook, and the Electric
© PAS 2010 8
Power Research Institute’s Alarm Management and
Annunicator Application Guidelines. Bill has
international, multi-company experience in
all aspects of Alarm Management along with
many years of chemical industry experience
with focus in project management, chemical
production, and control systems.
Bill holds a Bachelor’s Degree in Mechanical
Engineering from Louisiana Tech University
and an MBA from the University of Houston.
He’s a pilot, and builds furniture (and the
occasional log home in the Ozarks) as a
hobby.
About PAS
PAS (www.pas.com) improves the automation
and operational effectiveness of power and
process plants worldwide by aggregating,
contextualizing, and simplifying relevant
information and making it universally
accessible and useful. We provide software and
services that ensure safe running operations,
maximize situation awareness, and reduce plant
vulnerabilities. Our comprehensive portfolio
includes solutions for Alarm Management,
Automation Genome Mapping, Control
Loop Performance Optimization, and High-
Performance Human-Machine Interfaces. PAS
solutions are installed in over 1,000 industrial
plants worldwide.
Contact PAS:
16055 Space Center Blvd., Ste. 600
Houston, TX 77062
+1.281.286.6565
info@pas.com
© PAS 2010 9
Maximize Operator Effectiveness:
High Performance HMI Principles and Best Practices
Part 1 of 2
Bill Hollifield
Principal Alarm Management and HMI Consultant, PAS
Hector Perez
High Performance HMI Product Manager, PAS
The human-machine interface (HMI) is the collection of screens, graphic displays, and other
technologies used by the operator to monitor and interact with the control system (typically
DCS or SCADA). Several major accidents, such as the Texas City refinery explosion in 2005,
have cited poor HMIs as a significant contributing factor. The design of the HMI plays a critical
role in determining the operator’s ability to effectively manage the operation, particularly in
quickly detecting and resolving an abnormal situation, which is the most important task of an
operator. A poor HMI can actively interfere with this ability.
For several reasons, the current designs and capabilities of most HMIs are far from optimal
for running the kinds of complex operations we have in industry. Most HMIs consist simply of
schematic or P&ID style graphics covered in numbers. Such displays provide the operator large
amounts of raw data but almost no real information. They are difficult to interpret and provide
inadequate situation awareness to the operator.
Since we published The High Performance HMI Handbook in 2008, improving HMI has become
one of the hottest topics in the automation industry. In that book, we explained exactly why
most current HMI practices were poor, and we put forth the proper principles and details for
making graphics significantly better. Many companies have adopted those principles and have
completed migrations to improved graphics. Many more have such efforts currently underway.
This two-part paper provides a history, justification, and detailed plan of action for the
improvement of a process control HMI. Here is an overview of the contents.
Principles: We cover the most important aspect of HPHMI, the display of information
to the operator rather than raw data. Many other necessary graphic principles including
the correct way to use color are provided. Depictions of detailed graphic elements are
included.
Hierarchy: HPHMI graphic designs must reflect a proper hierarchy – the exposure of
additional detail as needed. We include examples of graphics that illustrate this hierarchy,
along with the work processes used to design such graphics.
If your facility utilizes a process control system with a computer-based HMI, you will find this
information useful. This white paper augments the detailed content in The High Performance
HMI Handbook.
We also provide an example as to how “out-of-the-box thinking” can address HMI issues,
in the discussion of a Pipeline System Overview Display.
Standards Review: Two standards documents available on HMI are discussed, including
the ANSI/ISA-101.01-2015: Human Machine Interfaces for Process Automation Systems
released in August 2015.
HPHMI Work Processes and Implementation Guidance: The work process for HMI
improvement is described. We also address the most common issues encountered in
HMI improvement and cost effective ways to transition to High Performance graphics.
When the modern systems were introduced, they included the capability to create and display
graphics for aiding in the control of the operation. However, there were no guidelines available
as to how to create effective graphics. Early adopters created graphics that mimicked P&ID or
schematic drawings, primarily because they were readily available. The limited color palette was
used inconsistently, and screens
began to be little more than
crowded displays of numbers on
a P&ID.
To illustrate this point, Figure 4 is an example of flashy design taken from a power generation
facility. The graphic dedicates 90 percent of the screen space to the depiction of 3-D equipment,
vibrantly colored operation lines, cutaway views, and similar elements. However, the information
actually used by the operator consists of poorly depicted numerical data, which is scattered
around the graphic, and only makes up 10 percent of the available screen area.
Modern avionics feature fully-integrated electronic displays as shown in Figure 5. These depict
all of the important information, not just raw data, needed by the operator (i.e., pilot). Position,
course, route, engine diagnostics, communication frequencies, and automated checklists are
displayed on moving maps with built-in terrain proximity awareness. Real-time weather from
satellite is overlaid on the map. Detailed database information on airports is available with just a
click. Situation awareness and abnormal situation detection is far improved by these advances.
This capability – impossible even a dozen years ago in multi-million dollar airliners – is now
standard on even the smallest single engine aircraft.
There have been tests involving actual operators running realistic simulations using traditional
graphics vs. High Performance ones. PAS participated in such a test at a large power plant,
sponsored by the EPRI and detailed later in this paper. The results were consistent with a
similar test run by the ASM® (Abnormal Situation Management) Consortium on an ethylene
plant. The test showed the High Performance graphics provided significant improvement in the
detection of abnormal situations (even before alarms occurred) and significant improvement in
the success rate for handling them. In the real world, this translates into a savings of hundreds
of thousands of dollars per year.
Since safety is significantly improved with modern HMIs, it is only logical that we would want all
operators to have access to them. Yet, most companies have done little to upgrade.
been spent on the purchase of instrumentation. 55.7 psig 155.2 °F 108.2 °F 166.1 F °
65.1 °F 135.1 Cooler
2.77
MSCFH
Yet, unless you are specifically trained and psig
Oil 155.2 F °
experienced with this compressor, you cannot Oil 85.1 psi
of measurements to monitor. Thus, the results vary by the experience and memory of the
operators as well as how many abnormal situations they have personally experienced with this
particular compressor. Training new operators is difficult because the building of these mental
maps is a slow process. Adding more numbers to a screen like this one does not aid in situation
awareness; it actually detracts from it.
By contrast, a bank of analog indicators, as in Figure 7, can represent these numbers much more
effectively. Analog is a powerful tool because humans intuitively understand analog depictions.
Interlock
Threshold
Alarm
Range
Desirable
Operating
Range
Alarm
Range
42.7 38.7 93.1 185 95 120 170 12 8 9 170 80 290
We are hard-wired for pattern recognition. With a single glance at this bank of properly designed
analog indicators, the operators can tell if any values are outside of the normal range, by how
much, the proximity of the reading to both alarm ranges, and the values at which interlock
actions occur. Analog depictions such as these moving analog indicators are a key element of
HPHMI.
In just a second or two of examination, the operator knows which readings, if any, need further
attention. If none do, the operator can continue to survey the other portions of the operation.
In a series of short scans, the operator becomes fully aware of the current performance of their
entire span of control.
The knowledge of what is normal is embedded into the HMI itself, making training easier and
facilitating abnormal situation detection, even before alarms occur, which is highly desirable.
Similarly, depiction of PID controllers is accomplished with the addition of easily scanned
setpoint, mode, and output information, as in Figure 9. If the final control element has a position
feedback signal, deviation is easily and effectively shown on the output scale. Mechanical
deviations are prime causes of abnormal situations, and they should be made easy to spot.
The subtle, slight gradients and shadows are intended to increase prominence of the live
elements. Images in printed form are often significantly different than images shown on a
screen. For that reason, other modifications to increase printed visibility have been made on
some depictions in this paper. Actual design of HPHMI elements concerns their appearance on
the screen.
Black
Outline 562.1 562.1 602.1
PV, Mode, 74 77 45 74 50 50 75 51
Indicates
MAN Setpoint & AUTO 22% AUTO 22% 73 78 78 75 51 50 65 55
Mode is 560.0 560.0 23% 485.0 55%
Abnormal Output
22% Values
Color, by itself, is never used as the sole differentiator of an important condition or status.
Most graphics throughout the world violate this principle. A color palette must have a limited
number of distinguishable colors used consistently. Bright colors are primarily used to bring
or draw attention to abnormal situations, not normal ones. Screens depicting the operation
running normally should not show brightly saturated colors, such as bright red or green pumps,
equipment, valves, and similar items.
When alarm colors are chosen, such as bright red and yellow, they are used solely as an
aspect of the depiction of an alarm-related condition and for no other purpose. If color is used
inconsistently, then it ceases to have meaning. Figure 10 is a workable HPHMI color palette, and
the example figures in this paper generally follow it. There should not be very many colors, and
all colors must be easily distinguishable.
Graphics with color-neutral gray backgrounds on LCD screens are effective. They also enable
the lights in the control room to be turned back to bright – where they should be. Poor graphics
began with dark backgrounds and bright colors due to 1980s-90s CRT hardware limitations.
This scheme resulted in major glare and reflection problems which were addressed by dimming
the control room lights. For operator alertness, the control room lighting should actually be
brighter than a typical office, all day and all night.
White 255, 255, 255 Highlighting of some small items, e.g., PV Quality indications
Black 0, 0, 0 Text and labels, major process lines, process vessel outlines.
Dark Gray (64, 64, 64) can also be a good choice.
Dark Blue 0, 0, 215 Process values, controller modes and outputs, similar special
purposes. Trend line for a single trended value.
Dark Green 0, 128, 0 Controller setpoints and other operator inputs, trend trace of
setpoints
Light Green 153, 255, 102 Possible “faint green” for some specific highlighting
Pale Red (Pink) 255, 153, 204 Possible “faint red” for some specific indications
Depicting Alarms
Proper alarm depiction should also be redundantly coded based upon alarm priority
(color / shape / text). Alarm colors should not be used for non-alarm related functionality.
When a value or object comes into alarm, the separate alarm indicator appears next to it, as
shown in Figure 12. The indicator flashes while the alarm is unacknowledged (one of the very
few proper uses of animation) and ceases flashing after acknowledgement but remains visible
as long as the alarm condition is in effect. People do not detect color change well in peripheral
vision, but movement such as flashing is readily detected. Alarms thus readily stand out on a
graphic (and on multiple screens) and are detectable at a glance.
Figure 12 shows that the most common methods of alarm indication are a direct violation of the
basic rule of color use, as they are different solely by the use of color.
Similar 480.1
480.1 psi 480.1 psi 480.1 psi 480.1
Bad
No Alarm In Alarm In Alarm Depictions 480.1
Equipment
So what about the paradigm of using bright green to depict “ON” and bright red for “OFF” (or
vice versa in the power industry)? This is an improper use of color. The answer is a depiction
such as Figure 15.
Crude
Feed
TK-21
Valve
Open
33%
O: 33% Open Open Trav
A: 38%
Actual determines
Valve valve body fill.
Closed O% and A %
0% numbers are shown Closed Closed
Output % Shown
Valve Fail Direction Solenoid: When Position Showing All The
Fail Fail Fail de-energized, Switches: Options: Confusing!
Open Closed Last valve moves to Made and
fail position Unmade
O: 100%
0% 0% 0% A: 99%
Similarly, the graphics need to differentiate clearly between status indications and command
possibilities. In general, the graphic indicates the current state, and faceplate interactions are
used to command changes to that state. It is
common to have a point type that includes Digital Composite
Point Depiction:
both a switch-type (binary) output command Pump 22 3
Command
and binary status feedback, commonly called (“setpoint”) to Run
a Digital Composite Point. Figure 19 shows a the device: Stopped Mismatch
Feedback from alarm if
compact graphic presentation of those statuses.
the device: applicable
Selecting the graphic element would call up the
faceplate for the actual interaction. Figure 19: Digital Composite Point Depiction
Trends should be embedded in the graphics and appear, showing proper history, whenever the
graphic is called up. This is generally possible but is a capability often not utilized. Trends should
incorporate elements that depict both the normal and abnormal ranges for the trended value.
There are a variety of ways to accomplish this as shown in Figure 20. The range indicator could
also indicate the alarm and interlock ranges (see the later Level 1 Overview Example; Figure 33).
Table Design
Improper Practice Better Practice HPHMI Startup Permissives Table
Abc abc abc
Abc abc abc
Abc abc abc
Abc abc abc
X
X
Breaker 15 Power OFF Depicting Tables
Abc abc abc Abc abc abc
Oil Temp 16-33 NOT OK
Abc abc abc Abc abc abc X Oil Pres Status NOT OK Even tables and checklists can
Abc abc abc Abc abc abc Level in TK-8776 NOT OK
Gen System Status OFF
incorporate proper principles as
HPHMI Equipment Status Table Comp 88 in Auto OK
Lineup Ready
shown in Figure 21. Consistent
Air Status Mode Diagnostic NOT OK
Comp Sys Status Checks NOT OK colors and status indication can
Bearing Readouts OK
C #1 RUNNING AUTO OK
Comm check NOT OK be integrated. The intent is to
C #2 STOPPED MAN OK Outlet Temp < 250 NOT OK
C #3 RUNNING AUTO OK Cooling Flow OK make the abnormal stand out.
Internal Circuit Check NOT OK
C #4 STOPPED AUTO FAULT 3
Bypass Closed NOT OK
AFS Function NOT OK
Another Better Practice Status Table
Pump Status
A2 CWP A2 HWP C2 HWP A2BFPT
ON 2 ON ON ON
B2 CWP B2 HWP SUBFP B2BFPT
ON OFF ON
3 ON
It should never be possible to make a single selection on a screen that results in an inadvertent
shutdown. A “Shutdown button” should call up at least one, and perhaps two, layers of
confirmation before it is possible to actually cause such a significant event.
Reactor
Manual7
Manual
Shutdown Faceplate:
Shutdown
Switch Normal
Normal
Major process upsets have occurred by
Screen button Switch
seem inappropriate.
Interlocks are implemented using logic structures, usually “blocks” or “points” or “ladders.”
These are usually complicated and cryptic to understand when displayed using the native
capabilities of the DCS (e.g., logic point detail). They may activate infrequently since they are
usually designed to protect against an abnormal situation. Due to this, the operator may not
encounter them for months. When they activate, the operator may not remember being told
about “the new column interlock” implemented a year ago and have no idea why he cannot
start feed to the column. If this occurs at 2 a.m. on a Saturday night, then the engineer is
(deservedly) likely to get a phone call and production may be delayed.
Therefore every interlock, when activated, needs to indicate that activation on the appropriate
Level 2 and 3 display. The strategy
Interlock Depiction D-101
may be different for those displays. Pre-Alarm has occurred psig
Controller is in Auto 2
For Level 2 displays, a small bank of and block valve is still Open
be shown such as in Figure 26. Comp in Overspeed NO 1 Stg Pres is High YES
Winding Temp is High NO 2 Stg Pres is High YES
When active, the specific interlock
Vibration is High NO Suction Pres is Low NO
symbol can be displayed next to
Oil Pres is Low NO Total Flow is Low NO
each initiator signal and affected
West Compressor Interlock Actions
output. For Level 3 displays, an
W. Comp Shutdown NO Flow Cascade to Manual YES
interlock diagnostic element
Inlet Block Valve OPEN Maximum Flow Bypass OPEN
should be created, clearly Outlet Block Valve Maximum Cooling
OPEN NORM
showing the possible initiators E. Comp Override to 100% NO Winding Purge OFF
and possible actions taken by the
interlock. This does not have to
Figure 26: Interlock Diagnostic Table
be complicated; a table such as
the following can often suffice.
When an interlock shuts down a piece of equipment, a “First Out” indication is often desirable
since some of the other initiators may activate after the shutdown trip occurs. Figure 27 is a
simple example of a Shutdown “First Out” Table:
Overspeed OK
Shortly after the compressor shuts down due to high vibration, the oil pressure also drops
which produces another shutdown initiator. As a result of equipment isolation, the suction
pressure may also drop sufficiently to activate another shutdown initiator. Thus, by the time the
diagnostic graphic is consulted, three separate shutdown causes are present and the question
is – which is the original culprit? Two are a consequence of the immediately prior shutdown, and
the actual cause of the shutdown is shown via the “First Out.” The vibration reading depicted is
“currently” much less than the shutdown limit (since it quits shaking after the shutdown), thus
the high vibration indication (the “X”) needs to be latched until reset.
Every screen (particularly Level 2) should have navigation targets to the most likely other screens
that the operator would access. When a P&ID depiction is used, any process line entering or
exiting the screen should contain a navigation link to the relevant graphic. Navigation buttons
or targets should be consistent
Navigation Buttons Faceplate or Special
Scrubber
Purpose Element
and simple (and not look
Main Menu Callup Buttons
Navigation identical to command buttons).
Target L2 Reactor M5 Pres Control
Most control systems provide
L2 Feed System APC pre-made navigation button
Non-navigation
depiction L3 M5 Agitator Product Change objects, including many that are
Tank Farm 2
L3 Analyzers Feed Change inappropriately colored, needlessly
3-D, and overly intrusive.
Figure 29: Navigation Buttons and Targets
The Main Menu: It is desirable for the operator to have two-click access from any graphic to any
other graphic, to supplement any other navigation method used. Every graphic should have a
consistently placed “Main Menu” navigation button. It opens a simple text screen, logically and
hierarchically arranged, with one-click navigation links to all graphics.
Layout for a typical screen is shown in Figure 30. Screen layout usually includes these
elements:
● A top menu and status area shows a variety of information, such as screen and
alarm controls. This element is provided by the DCS manufacturer, is often
mandatory, fixed in size, and usually configurable in several ways.
● A bottom “status line” area, usually optional, depicts information about a selected
object, a command, or similar condition.
● A process depiction area is where the graphic is created.
● A reserved area for faceplates is provided. (This reserved area is a High
Performance practice.)
The size of the reserved faceplate area is determined by the brand of DCS. Ideally, faceplates are
tall and narrow. This provides for placing them adjacent to the right-hand edge of the graphic,
leaving a large, contiguous, mostly rectangular area for the process depiction. But, some DCSs
have faceplates that are large, square, clunky, and poorly organized, making a reserved area for
them difficult to accomplish. If you own such a system, encourage the manufacturer to move
into the 21st century and modify their standard faceplates.
Only one item on a screen should be selectable at a time. Any new selection on the screen
should replace any prior faceplate from a prior selection, without any manual “closing” of
the prior faceplate needed. On a few screens, it might be desirable to enable more than one
faceplate at a time.
Faceplates are usually supplied as standard elements by the DCS manufacturer. It may or may
not be possible to alter them, and they may not follow some of the principles you desire for
your HMI, such as proper and consistent use of color. However, rebuilding or replicating dozens
of standard faceplates from scratch to correct minor consistency issues may not be worth the
effort since future vendor software upgrades may override that work.
The faceplate should show the point name and description since point names should not
normally be shown on a graphic. Exposing even more configuration information (i.e., Level 4
“point detail” or configuration data) about the point should be possible from the faceplate
element. Faceplate interaction should not be modal (i.e., preventing other graphic action until
the faceplate is closed).
We have seen a presentation advocating that faceplate functionality (altering setpoints, outputs,
modes, states, etc.) be incorporated into the graphics themselves and the use of the standard
faceplate interaction eliminated. Now, as you can imagine, we are always open to evaluating
new ideas, but not every new idea is a good one! The claim is made that “it is speedier and the
operator might save fractions of a second per interaction that way, which will add up to maybe
several hours saved per year.” This is a bad idea, because huge amounts of additional custom
coding and its upkeep are needed and significant layout and consistency problems must be
addressed. Stick with faceplates.
64.2 C-42
22 %
Avoiding “Blob” Graphics
Some places have carried the gray-scale principle 65.1
too far and created extremely low-contrast “blob” 68.2
Display Hierarchy
Displays should be designed in a hierarchy that provides progressive exposure of detail. Displays
designed from a stack of P&ID schematic designs will not have this; they will be “flat” like a
computer hard disk with one folder for all the files. This does not provide for optimum situation
awareness and control. A four-level hierarchy is desired.
For Each Overview Display, Multiple Level 2 Process Unit Detail Displays
For Each Level 2 Display, Multiple Level 3 Process Unit Detail Displays
For Each Level 3 Display, Multiple Level 4 Process Unit Support Displays
Turbine-Generator LPT-A LPT-B H2 H2 Turb Oil Stator Condenser-Feed Wtr HW Lvl Drum Lvl DA Lvl DA Wide Cond Hdr
Gross MW Net MW MVAR HZ in.hg in.hg psig °F °F GPM A2 BPFT B2BPFT in.H2O In. H2O in.H2O FT H2O psig
2
702.1 640.1 -5.2 60.00 0.2 0.2 49.1 104 115 351 3.1 3.1 20.1 -0.5 0.0 9.0 400
Auto Auto Auto Auto
Boiler BBD Econ Econ Gas Aux Stm Fans A2ID A2FD B2ID B2FD Econ Sec Air CEMS NOX SO2 CO Inst Air
A/F Ratio pH pH Out °F psig F. in.H2O Stall Stall Stall Stall % O2 in. H2O % Opac #/MMBTU #/MMBTU ppm psig
2
7.1 9.4 9.4 775 300 -0.5 25 25 25 25 6.0 7.0 21 0.45 0.9 200 90
Auto
This is a single graphic showing the operator’s entire span of control, the big picture. It is an
overall indicator as to how the operation is running. It provides clear indication of the current
performance of the operation by tracking the Key Performance Indicators as in Figure 33.
Level 1 Overview graphics are usually not designed for making control interactions (i.e., no
faceplate zone).
The Figure 33 example is from a large power plant. We often hear “But it doesn’t look like
a power plant!” Correct! Does your automobile instrument panel look like a diagram of your
engine surrounded by numbers? The display is designed so that it is easy to detect if the plant
is running well or poorly and that important abnormal conditions and alarms stand out clearly.
The Level 1 graphic is ideal for display on a large, perhaps off-console, monitor. Many have
purchased such large screens with little idea of how to make the best use of them.
OP L2 RX Summary
2.0 PRODUCT ---- Level 3 ----
-90 -60 -30 2 Hrs Open 5.0 % 74.3 %
Daystrom Pumps
48.0 4.0 M5 Circ Pumps Needed: 1
-90 -60 -30 2 Hrs M5 Interlocks
Temp Pump A Pump B
°C 75.8 Backup Lvl % Running Stopped M5 Cooling Sys
Open
OP OK Fault M5 Vent Sys
40.0 3
-90 -60 -30 2 Hrs M5 Agitator
Every operation consists of smaller, sub-sectional unit operations. Examples include a single
reactor, a pipeline segment, a distillation train, or a compressor station. A Level 2 graphic exists
for each separate major unit operation. It is designed to contain all the information and controls
required to perform almost all operator tasks associated with that section from a single graphic
as shown in Figure 34.
Notice how the analog indicators and controllers are lined up for easy scanning rather than being
scattered all around a P&ID depiction. Ease of abnormal situation detection is an important
HPHMI design consideration.
When properly designed, most operator actions will occur at Level 2, and the Level 3 graphics
will be used only for more detailed troubleshooting.
L2 Recovery
---- Level 3 ----
Seq. Overlay
Level 3 graphics provide all of the detail about a single piece of equipment. These are used for
detailed diagnosis of problems. They show all of the instruments, interlock status, and other
details. A schematic or P&ID type of depiction is often desirable for a Level 3 display.
The Figure 35 example shows what could be created “from scratch” as a Level 3. Besides the
P&ID depiction, other HPHMI elements are included. In existing systems, most graphics are
actually Level 3. See the “HPHMI Implementation on a Budget” section in the Part 2 document
for guidance about this.
In the separate Part 2 document, we provide case studies supporting that a High Performance
HMI accomplishes these goals. In addition, there is discussion of a major HMI-related advance
in the power industry, a review of HMI Standards, and an example Table of Contents of HMI
Philosophy and Style Guide documents.
Bill is the Principal Consultant responsible for the PAS work processes and
intellectual property in the areas of both Alarm Management and High
Performance HMI. He is a member of the American Petroleum Institute’s API
RP-1167 Alarm Management Recommended Practice committee, the ISA SP-
18 Alarm Management committee, the ISA SP101 HMI committee, and the
Engineering Equipment and Materials Users Association (EEMUA) Industry
Review Group.
Bill has multi-company, international experience in all aspects of Alarm Management and HMI
development. He has 28 years of experience in the petrochemical industry in engineering and
operations, and an additional 12 years in alarm management and HMI software and services for
the petrochemical, power generation, pipeline, pharmaceutical, and mining industries.
Bill is co-author of The Alarm Management Handbook, The High Performance HMI Handbook, and
The Electric Power Research Institute (EPRI) Guideline on Alarm Management.
Bill has authored several papers on Alarm Management and HMI, and is a regular presenter on
such topics in such venues as API, ISA, and Electric Power symposiums. He has a BSME from
Louisiana Tech University and an MBA from the University of Houston. In 2014, Bill was made an
ISA Fellow.
Prior to working with PAS, Hector was a senior engineer at Schlumberger. His
strength in design contributed to his success in creating new and improved
HMIs for reservoir evaluation services and interfaces for business Key
Performance Indicator tracking.
In addition to his expertise in High Performance HMI, Hector has widespread experience in all
aspects of Alarm Management. He has facilitated numerous Alarm Management workshops,
conducted alarm rationalization projects, and developed Alarm Philosophy documents for a wide
range of clients in the petrochemical, power generation, pipeline, and mining industries.
Hector has authored technical articles on High Performance HMI. In 2009, he and Bill collaborated
with the Electrical Power Research Institute (EPRI) on a comparative research study evaluating
High Performance graphics and operator effectiveness. Hector holds a Bachelor of Science in
Chemical Engineering from Rice University.
Crawford, W., Hollifield, B., Perez, H., Electric Power Research Institute Operator HMI Case Study:
The Evaluation of Existing “Traditional” Operator Graphics vs. High Performance Graphics in a
Coal Fired Power Plant Simulator, Product ID 1017637 (2009)
Hollifield, B. Oliver, D., Nimmo, I., and Habibi, E., The High Performance HMI Handbook. PAS (2008)
Hollifield, B. and Habibi, E. 2006. The Alarm Management Handbook, 2nd edition. PAS (2010)
PAS, Inc. is a leading provider of software solutions for process safety, cybersecurity, and
asset reliability to the energy, process, and power industries worldwide. PAS solutions include
industrial control system cybersecurity, automation asset management, alarm management, high
performance HMI, boundary management, and control loop performance optimization. PAS
solutions are installed in over 1,000 facilities worldwide with more than 40,000 users.
© PAS, Inc. 2015. Ideas, solutions, suggestions, hints and procedures from this document are the
intellectual property of PAS, Inc. and thus protected by copyright. They may not be reproduced,
transmitted to third parties or used in any form for commercial purposes without the express
permission of PAS, Inc.
High Performance HMI 3.0 - Part 1 | Page 30
© PAS 2015
Maximize Operator Effectiveness:
High Performance HMI Case Studies, Recommendations,
and Standards
Part 2 of 2
Bill Hollifield
Principal Alarm Management and HMI Consultant, PAS
Hector Perez
High Performance HMI Product Manager, PAS
The human-machine interface (HMI) is the collection of screens, graphic displays, and other
technologies used by the operator to monitor and interact with the control system (typically
DCS or SCADA). Several major accidents, such as the Texas City refinery explosion in 2005,
have cited poor HMIs as a significant contributing factor. The design of the HMI plays a critical
role in determining the operator’s ability to effectively manage the operation, particularly in
quickly detecting and resolving an abnormal situation, which is the most important task of an
operator. A poor HMI can actively interfere with this ability.
For several reasons, the current designs and capabilities of most HMIs are far from optimal
for running the kinds of complex operations we have in industry. Most HMIs consist simply of
schematic or P&ID style graphics covered in numbers. Such displays provide the operator large
amounts of raw data but almost no real information. They are difficult to interpret and provide
inadequate situation awareness to the operator.
Since we published The High Performance HMI Handbook in 2008, improving HMI has become
one of the hottest topics in the automation industry. In that book, we explained exactly why
most current HMI practices were poor, and we put forth the proper principles and details for
making graphics significantly better. Many companies have adopted those principles and have
completed migrations to improved graphics. Many more have such efforts currently underway.
This two-part paper provides a history, justification, and detailed plan of action for the
improvement of a process control HMI. Here is an overview of the contents.
Principles: We cover the most important aspect of High Performance HMI, the display
of information to the operator rather than raw data. Many other necessary graphic
principles including the correct way to use color are provided. Depictions of detailed
graphic elements are included.
Hierarchy: HPHMI graphic designs must reflect a proper hierarchy – the exposure of
additional detail as needed. We include examples of graphics that illustrate this hierarchy,
along with the work processes used to design such graphics.
Part 2
Case Studies: Since the publication of our 2008 book, many projects have provided
for the development of real world case studies. We include two such studies in this
paper. The first was conducted by the Electric Power Research Institute (EPRI) but is
applicable to all types of process operations. The second shows how a major company
has improved performance and significantly lowered costs via company-wide adoption
of standardized High Performance graphics. This has led to a major HPHMI product
innovation for the power industry: PowerGraphiX™.
We also provide an example as to how “out-of-the-box thinking” can address HMI issues,
in the discussion of a Pipeline System Overview Display.
Standards Review: Two standards documents available on HMI are discussed, including
the ANSI/ISA-101.01-2015: Human Machine Interfaces for Process Automation Systems
released in August 2015.
HPHMI Work Processes and Implementation Guidance: The work process for HMI
improvement is described. We also address the most common issues encountered in
HMI improvement and cost effective ways to transition to High Performance graphics.
If your facility utilizes a process control system with a computer-based HMI, you will find this
information useful. This white paper augments the detailed content in The High Performance
HMI Handbook.
Operator HMI Case Study: The Evaluation of Existing “Traditional” Operator Graphics vs. High
Performance Graphics in a Coal Fired Power Plant Simulator, Product ID 1017637
• Existing Overview
The EPRI study tested the HPHMI concepts in this paper at a large, coal-fired power plant. The
plant had a full and accurate simulator used for operator training. The existing graphics on the
simulator (created in the early 1990s) operated the same as those on the actual control system.
PAS was retained to prepare several High Performance graphics for the simulator. Several
operators were then put through multiple abnormal situations using both the existing and the
new High Performance graphics.
Four examples of the existing graphics are in Figure 1. They have the following characteristics:
● Many controller elements are not shown on any of the existing graphics.
● No graphic hierarchy.
● No Overview.
The operators used dozens of such graphics to control the process. PAS prepared the following
High Performance graphics:
● Power Plant Overview (Level 1) – Figure 2
● Pulverizer Overview Graphic (Level “1.5”) – Figure 3
● 8 Individual Pulverizer Level 2 Control Graphic – Figure 4
● Runback 1 and 2: Special Abnormal Situation Graphics – Figure 5
Turbine-Generator LPT-A LPT-B H2 H2 Turb Oil Stator Condenser-Feed Wtr HW Lvl Drum Lvl DA Lvl DA Wide Cond Hdr
Gross MW Net MW MVAR HZ in.hg in.hg psig °F °F GPM A2 BPFT B2BPFT in.H2O In. H2O in.H2O FT H2O psig
2
702.1 640.1 -5.2 60.00 0.2 0.2 49.1 104 115 351 3.1 3.1 20.1 -0.5 0.0 9.0 400
Auto Auto Auto Auto
Boiler BBD Econ Econ Gas Aux Stm Fans A2ID A2FD B2ID B2FD Econ Sec Air CEMS NOX SO2 CO Inst Air
A/F Ratio pH pH Out °F psig F. in.H2O Stall Stall Stall Stall % O2 in. H2O % Opac #/MMBTU #/MMBTU ppm psig
2
7.1 9.4 9.4 775 300 -0.5 25 25 25 25 6.0 7.0 21 0.45 0.9 200 90
Auto
The operators found the overview display to be far more useful than the existing graphics in
providing overall situation awareness and also very useful in detecting burgeoning abnormal
situations.
Pulverizer Status Coal Flow Trend Mill Amps Trend Diff Pres Trend Pri. Air Flow Trend Primary Damper
A B C D E F G H A B C D E F G H A B C D E F G H A B C D E F G H A B C D E F G H
Burn A A A A M A A A A A A A M A A A A A A A M A A A A A A A M A A A A A A A M A A A
Diag Maint
S S S 2 2
A ON
B ON
C ON
D ON
E OFF 3
F ON
G ON
H ON 113 112 0 112 42 42 0 43 8.0 9.1 0.6 8.5 204 204 0 204 75 78 76 75 51 50 75 55
102 113 113 112 43 44 43 43 9.8 9.0 8.0 8.3 233 205 205 205
74 45 74 74 50 50 65 51
S. Air Flow Trend North Damper South Damper C/A Temp Trend Hot Damper Cold Damper
A B C D E F G H A B C D E F G H A B C D E F G H A B C D E F G H A B C D E F G H A B C D E F G H
A A A A M A A A A A A A M A A A A A A A M A A A A A A A M A A A A A A A M A A A A A A A M A A A
S 2
16 140
Select B M1 M2 Diff Coal
Pres Flow
PSI KLB/HR
Main A A
Flame B B
C C
90 90
D D
Igniter
Flame E E
F F
Fuel Type: G G
GAS-1 30 30 H H
OFF OFF
SWG Valves OPEN NORM
Main Menu L1 Overview Runback 1/2 PULV A PULV B PULV C PULV D PULV E PULV F PULV G PULV H
Note that the trends seemingly violate our recommendation of showing no more than three
or four traces on a single trend. In this case, what the operator is looking for is any trend line
that is not “bunched in” with the others. For such a condition, having these eight traces was
acceptable. Note that the standby pulverizer’s trace is normally on the bottom.
Even with such a “dense” information depiction and with so many measurements, the operators
found it easy to monitor all eight devices and easily detect burgeoning abnormal situations. It is
easy to scan your eye across the screen and spot any elements that are inconsistent (Pulverizer
“B” in the depiction). Alarm conditions are also easy to spot.
Note that control actions are not taken on this screen but rather on the eight individual Level 2
graphics, one for each pulverizer. This graphic is “in-between” Level 1 and 2, as it is an overview
of a complex sub-part of the operator’s responsibility. The most common sources or problems
are depicted.
While complex in appearance to the layman, the trained operator had no difficulty in
understanding and accessing everything they needed for pulverizer startup, shutdown, and swap
situations that arose during the test. Much of the text on the screen has to do with the status of
existing semi-automated sequences that sometimes require operator intervention. Everything
on the screen is selectable, and when selected the standard faceplate for the element appears
in a reserved “faceplate zone” rather than floating around the screen obscuring the graphic.
Element manipulation is made via the faceplate.
However, in more than a decade of such training, it had never occurred to anyone to design
special graphics specifically designed to assist in this task. This demonstrates the power of
inertia in dealing with our HMIs. Specific Abnormal Situation Detection and Response graphics
are an important element of an HPHMI.
PAS created two “Runback” graphics designed specifically to assist in this task. Every element
that the operator needed to monitor and control the runback situation effectively was included
on them. In use, the operators placed them on adjacent physical screens. Figure 5 shows
“Runback 1;” Runback 2 was similar. The reserved faceplate zone is on the lower right.
As a simple example of providing information rather than data, consider the trend graph at the
upper left of Runback 1. To be successful, the rate of power reduction must not be too slow or
too fast. The existing graphics had no trend of this, simply showing the current power megawatt
number. This new trend graph had the “sloped-line” element placed next to it, indicating the
ideal rate of power reduction, the full load zone, and the target half-rate zone. On the figure,
the actual rate of drop is initially exceeding the desired rate, and that condition is easily seen.
(Note: It would have been more desirable to have the sloped lines on the background of the
trend area itself, but the DCS could not accomplish such a depiction. This is a compromise, but
one the operators still found to be useful.)
750 3000 8
5
700
Main LPT-A
600 Steam 3.2
psig In.hg
Gross 2400
LPT-B
MW
3.0
562 Furn In.hg
Pres
20 Min in.H2O 20 Min
-0.5
400
20 Min
350 0
-0.5
300 0
2402 65.1
Auto Auto
2200 65.0
50% 48%
2400 1000 1000 300 -0.5 0.2 0.2 3.1 3.1 10 300 300
The Testing
Eight Operators, averaging eight years of console operating experience each, were used in the
test. They received only one hour of training with the new graphics prior to the start of testing.
(This was to address the common objection of “Changing our graphics would take months of
retraining!”) They were tested on four increasingly complex situations, each lasting about 20
minutes.
● Coal Pulverizer Swap Under Load
● Pulverizer Trip and Load Reduction
● Manual Load Drop with Malfunctions
● Total Plant Load Runback
All operators did all scenarios twice, using the old graphics alone, and the HPHMI graphics. Half
used the old graphics first (without having been shown the new graphics), and half used the
new HPHMI graphics first.
Quantitative and qualitative measurements were made on the performance of each scenario
(e.g., detection of the abnormal condition, time to respond, correct and successful response).
Operators highly rated the Overview screen, agreeing that it provided highly useful “big picture”
situation awareness. Even with only one hour of familiarization with the new graphics, operators
had no difficulties in operating the unit. The High Performance graphics are designed to have
intuitive depictions.
Very positive Operator comments were received on the analog depictions, alarm depictions,
and embedded trends. There were consistent positive comments on how “obvious” the HPHMI
made the various process situations. Values moving towards a unit trip were clearly shown and
noticed by the operators.
The operators commented that HPHMI would enable faster and more effective training of
new operations personnel. The negative operator comments generally had to do with lack of
familiarity with the graphics prior to the test (which was intentional).
“Once you got used to these new graphics, going back to the old ones would be hell.”
The effect of inertia being the controlling factor for HMI change was once more confirmed.
The existing HMI had been in use since the early 1990s, with simulator training for more than a
decade. Despite clear deficiencies, almost no change to the existing HMI had been made since
inception.
Operators using the existing graphics first in the test were then asked “What improvements
would you make to the existing graphics to help in these situations?” In response, there were
very few or no suggestions!
However, operators using the existing graphics after they used the HPHMI graphics had many
suggestions for improvement, namely analog depictions, embedded trends, alarm depiction,
consistent navigation, etc.
So, people get “used to” what they have – and do not complain or know what they are missing
if they are unfamiliar with these HPHMI concepts.
A lack of complaints does not indicate that you have a good HMI!
Southern had traditionally designed graphics much like others have. This was either using the
perspective of an engineer looking at the P&IDs, or by delegating graphics creation to operators,
who tended to arrange screens of numbers suiting their individual preferences. Neither of those
approaches led to a consistent or satisfactory end product.
In 2009, Southern suspected that there “had to be a better way” to present information to their
operators. Significant problems were being found as new projects were each being treated
as custom HMI implementations. Existing control rooms had significant screen and graphic
proliferation – with many plants having more than 500 different graphics used for control and
creating significant HMI maintenance problems.
Southern concluded that the graphics portion of a controls project should be an “engineered
solution,” just like the rest of the project. After considerable research, they recognized that the
principles and design practices covered in The High Performance HMI Handbook dealt with all
the issues they identified and went beyond them. Managerial support of a major improvement
Figure 6: Original Control Room and How it Grew After DCS Conversion
The test project was successful and then further proven in 17 plant conversions with more
underway. Operator response is positive:
● “I can see problems coming before they happen.”
● “You got it right.”
● “I didn’t like it at first, but I do now.”
● “I wish I had this when I was learning to operate.”
● “I can find what I need now.”
● “I don’t have to jump around between screens to operate.”
The number of graphics used to control a plant was reduced from a typical value of 300-600 to
approximately 80. Southern Company has documented both performance improvements and
substantial costs savings in these areas:
● Improved operator situation awareness.
● Improved abnormal situation detection and handling.
● Reduced engineering time and cost for new plants, conversions, and
modernizations.
● Reduced hardware costs (fewer workstations).
● Reduced licensing cost for control system software.
● Reduced ongoing maintenance cost.
● Reduced ongoing cybersecurity cost (fewer workstations and licenses).
● Reduced training costs.
● Upsets avoided (anecdotal evidence and cases).
The power generation industry is much more consistent in plant design than is the petrochemical
/ chemical industry. This makes it possible for advancements such as PowerGraphiX to be
incorporated much more easily and inexpensively by other companies. Southern and PAS
realized that making PowerGraphiX available to the power industry would benefit overall
operational effectiveness as well as safety.
To that end, PAS provides PowerGraphiX to the power industry. Here are a few of the many
features and benefits included in PowerGraphiX.
Features:
● Documented HMI Philosophy & Style Guides.
● Layouts and templates for Hierarchy Levels 1, 2, 3, & 4.
● Object Libraries.
Benefits:
● Reduced engineering time and cost (Note that it costs at least as much to
build or migrate a bad graphic as a good one.)
● Improved control system HMI consistency.
● Improved operator situation awareness and effectiveness.
● Effective use of large screen displays.
● Reduced ongoing HMI maintenance cost.
● Reduction in number of graphics.
These platforms are initially supported, and more are being developed. All product names are
property of their respective owners and used in this paper for identification purposes only:
● ABB Symphony Plus ®
● Emerson Ovation ®
● Emerson Delta-V ®
● Invensys FOX IA ®
● Honeywell Experion ®
● Alstom Alspa 6 ®
Plant Types:
● Coal Fired.
● Combined Cycle.
● Supercritical.
It is a great tradition in engineering to build on the work of others – to adapt and enhance
concepts that are successful in other domains. The trick is to have a wide enough view of
the topic to recognize an applicable
solution. It is to ask, “Has anyone else
solved a similar problem?” In this case,
the answer is yes, and in a big way.
It took about three decades for something better to be produced. In 1936, Engineer Harry Beck
came up with a radically different depiction. He determined these questions to be the key ones
for the subway rider:
● Where am I now (what station)?
● Where am I going (what station)?
● What lines service this station and where do they go?
● Where do I change trains?
● How many stops until my destination?
Even more importantly, he realized that there were many things that the subway rider did not
need to know:
● Am I going around a curve?
● Am I passing under a river or near another train line?
● What is the relative distance between stations?
● Am I traveling in a specific direction (N,S,E,W) in between stations?
Beck realized that depicting topology, and not geography, was the key.
In the revised map, every line is horizontal, vertical, or at 45 degrees – even the River Thames.
There is just enough geography and landmark depiction for the rider to orient their current
position and find their destination station. It is fast and easy to pick out an efficient route, even
for the novice rider.
Task analysis has shown these to be some important things for depiction:
● Important status conditions and alarms.
● Significant highway crossings.
● Significant waterway crossings.
● Neighborhoods if adjacent to pipeline.
● Important boundaries (i.e., state lines).
● Pressure profiles.
● Analog indicators showing station performance.
● Direction and content indicators.
● Important trends.
● Topology, not geography.
A conceptual Pipeline Overview Display with these elements is shown in Figure 11.
228 660 112 156 302 670 125 212 259 635 133 115 202 558 110 108 238 658 127 116 402 523 114 72 218 675 108 126 302 453 104 61
Line Pressure Profiles Prod Leaks
2 1000
2 Kessel Run C57D OK
Frostbite Falls JUP2 OK
Total
C
Y
Flow
Fra Mauro RV12 OK
C
Brigadoon V35B OK
943
L MCFH
E Cannonball C182 OK
600
3 Mayberry C172 OK 665 630 627 615 609 592 560 545 523 481 -90 -60 -30 2 Hrs
HMI design is not simply arranging objects from a library onto a screen. There is room for a
creative approach, as long as the proper principles are reflected in the design. When faced with
an unusual process depiction problem, look at how similar situations have been solved in other
areas, and then adapt them.
We need to be precise in our language when discussing standards. In this section, the term
“standard” applies only to a document that is produced in documented accordance with a
strict methodology that involves balance of interests, consensus, and a stringent review and
documentation process. Recognized bodies like the ISA follow these principles in issuing
documents they call standards. Other organizations (e.g., EEMUA) do not, and the documents
they produce are essentially books and reports, not standards.
When standards are issued by a recognized body, they acquire the status of being a “recognized
and generally accepted good engineering practice (RAGAGEP).” This clumsy acronym denotes
something very important, because regulatory agencies can and will cite the principle of
RAGAGEP as being enforceable, as a “catch-all.”
Standards are highly restricted in their allowable content. Standards intentionally describe
the minimum acceptable and not the optimum. By design, they focus on the “what to do”
rather than the “how to do it.” Standards intentionally do not have detailed or specific “how-to”
guidance – the kind of guidance that most people actually want or need, but that we do not
want to be mandatory. Standards do not contain examples of specific proven methodologies or
detailed work practices.
Other than The High Performance HMI Handbook, and this much expanded white paper, there
are very few authoritative documents that address process control HMI. Here is a discussion of
two of them.
is, pertinent information should also be available High-High Alarm Black Red 1234
High Alarm Black Yellow 1234
from some other cue in addition to color such as a
Low Alarm Black Yellow 1234
symbol or piece of text.” Low-Low Alarm Black Red 1234
Unknown Error Black Blue 1234
Yet throughout the remainder of the document,
examples are shown that routinely violate this
principle. Figure 12 shows only a few of the
“recommended practice examples” from API-
RP-1165. In many of these examples, only subtle
color differences, not distinguishable by a
substantial fraction of the operator population, are
the only means to distinguish a significant status
difference.
The ISA-101 document is relatively short, containing approximately 44 pages of content and
approximately 20 pages of introduction, definitions, and legal notice.
ENTRY ENTRY
REVIEW
HMI System Build Console Maintain
Style Guide Design
Test Decommission
ISA-101 contains consistent definitions of various aspects of an HMI. It has the typical text
principles of good graphics design, but these are constrained by what is allowable in a standard.
Standards are to provide the minimum acceptable, not the optimum. For example, ISA-101 can
make a statement like “Color should be used to direct attention and add meaning to the display.”
But ISA-101 does not contain anything like the example color palette of Figure 10 in this paper
(Part 1), nor should it. Such detail is not within the purview of a standard.
ISA-101 follows the usual Life Cycle approach of other ISA Standards. Life Cycle is a document
structure, not a project plan. An example of a Life Cycle for HMI development and operation is
supplied. It is mandatory to use some sort of life cycle process to administer an HMI. But the life
cycle shown in the document is labeled as an example and is not mandatory.
ISA-101 also makes it mandatory to place changes in the HMI under Management of Change
(MOC) procedures, similar to those that govern other changes in the plant and the control
system. The details of the MOC procedures are left to the user.
A reader with only brief and rudimentary knowledge of control systems and process control
HMI will find nothing new or unusual in ISA-101.
ISA-101 makes it mandatory to create “System Standards.” These are documents that govern the
design and creation of the HMI. These are the familiar HMI Philosophy, Style Guide, and Toolkit
(Object Library). It is mandatory to apply MOC to the Toolkit. ISA-101 has discussion of ways to
create these documents, but there are no examples. Brief descriptions of the contents of such
documents are provided (See the end of this white paper for a detailed Table of Contents listing
of a comprehensive HMI Philosophy and Style Guide). It is noted that the primary user of the
HMI is the operator and design should keep that in mind. There is a small bit of guidance about
the use of scripting logic and color.
The activities listed in the ISA-101 life cycle are generally discussed in bullet list and table form.
It contains basic (and well known) recommendations such as these:
● The HMI should be consistent and intuitive.
● The information shown should be relevant to the operator.
● Color should not be the only indicator of an important condition.
● Colors chosen should be distinguishable by the operators.
● Auditory warnings should be clear and unambiguous.
There are no examples of proper and improper human factors design and no details such as
appropriate color palettes or elements. The only HMI examples in ISA-101 are in a survey-type
section providing a list of different types of display styles. Each style is accompanied by a small,
intentionally non-detailed example, typically of about one square inch in size. Figure 14 shows
a few of those examples in their actual sizes.
ISA-101 mentions the concept of display hierarchy with discussion of Level 1, 2, 3, and 4 displays.
Each has an example, and those have been made intentionally undetailed and simplified. The
descriptions of the different levels contain no unusual items. Here, for example, are the ISA-101
Level 1, 2, and 3 display examples.
The reader is invited to compare these to Figures 33, 34, and 35 in Part 1 of this white paper.
ISA-101 finishes by providing brief descriptions of the following methods for interacting with an
HMI.
● Data entry in fields.
● Entering and showing numbers.
● Entering and showing text.
● Entering commands.
● Designing buttons.
● Using faceplates.
● Navigation – various common methods for navigating from one graphic to another
are discussed, such as hierarchical menus and navigation buttons.
● User access and security are briefly mentioned.
In ISA-101, user training in use of the HMI is mandatory. There is brief discussion of a list of things
that the training should cover, such as interpreting screen symbols, manipulating the controls,
and navigating from screen to screen. If non-operators are also expected to use the HMI, they
are expected to be trained as well.
In summary, the publication of ISA-101 is an important step in the field of HMI. ISA-101 is a short
document containing some generally well-known and basic principles of HMI design. Its only
mandatory requirements are to have an HMI Philosophy, Style Guide, and Object Library, to
apply MOC to the HMI, and to provide for user training. ISA-101 contains no detailed examples
and does not provide detailed design guidance. For those, the reader will need to seek other
sources of expertise. ISA plans to create additional “Technical Reports” on ISA-101, but these
typically take from two to six years to publish.
Step 1: Adopt a High Performance HMI philosophy, Style Guide, and Object Library. You must
have a written set of principles detailing the proper way to construct and implement a
High Performance HMI.
Step 2: Assess and benchmark existing graphics against the HPHMI philosophy. It is necessary
to know your starting point and have a gap analysis.
Step 3: Determine specific performance and goal objectives for the control of the operation
and for all modes of operation. These are such factors as:
● Safety parameters/limits.
● Production rate.
● Run length.
It is important to document these along with their goals and targets. This is rarely
done and is one reason for the current poor state of most HMIs.
Step 4: Perform task analysis to determine the control monitoring and manipulations needed
to achieve the performance and goal objectives. This is a simple step involving
the determination of which specific controls and measurements are used to
accomplish the operation’s goal objectives. The answer determines the content of
each Level 2, 3, and 4 graphic.
Step 5: Design High Performance graphics using the design principles in the HMI philosophy
and elements from the style guide and object library to address the identified tasks.
● ALL EXISTING GRAPHICS ARE KEPT ON THE SYSTEM. This eliminates almost all
objections to HMI improvement.
● Design and deploy new Level 1, Level 2, and Abnormal Situation Management
graphics designed with HPHMI principles. This is generally around 20 or so
graphics.
● Existing graphics can be designated as Level 3 (which is generally what they
actually are) and navigation paths to them altered.
● Improvements to those existing Level 3s (correcting color choices, adding status
indications, adding embedded trends, and providing proper context) can be made
over time as desired. Yes, there will be inconsistency between the HPHMI graphics
and the existing ones. But in examining hundreds of existing HMIs, we have yet to
find one that did not already have significant inconsistencies within itself.
Operators can handle this with no problem.
Any facility can afford about twenty new graphics! A High Performance HMI is affordable.
Conclusion
The most important job of an operator is to detect and successfully respond to an abnormal
situation. The HMI is the means by which the operator accomplishes this task. Existing HMIs
are woefully inadequate for this purpose. They were generally designed in an era when proper
practices were unknown, and the resistance to change has kept those graphics in commission
for two or more decades.
The principles of High Performance HMI are specifically developed to deal with the needs of
today’s operators and the complex systems they manage. A High Performance HMI is designed
to be the best tool for operator interaction with the process control system. It is designed with
these important capabilities in mind:
● Provision of an easily monitored overview of the equipment under the
operator’s control.
● Ease in maintaining full situation awareness of the span of a
large process.
● Early detection and clear depiction of abnormal conditions.
● Effective resolution methods for abnormal situations.
● Embedding easily accessible and relevant knowledge into the control system.
The benefits of such an HMI are more than just reducing human error and avoiding abnormal and
unsafe operations. The HMI becomes an effective operational tool for maximizing production,
reliability, efficiency, quality, and profitability.
Industry is now recognizing the need and benefits of improved HMIs. Dozens of major companies
are in the process of HMI modernization and see it as not only a safety initiative, but a cost-
saving and productivity-enhancing one as well.
The functionality and effectiveness of our process automation systems can be greatly enhanced
if redesigned in accordance with proper HMI principles. A High Performance HMI is both practical
and achievable.
1.0 Introduction
1.1 Purpose and Use of a High Performance HMI Philosophy
1.2 Purpose and Function of the Operator HMI
1.3 Common but Improper HMI Practices
1.4 Functional Description of HMI Elements
1.5 Level 1 Process Area Overview Display
1.6 Level 2 Process Unit Control Display
1.7 Level 3 Process Unit Detail Display
1.8 Level 4 Process Unit Support Display
1.9 Special Purpose Graphics for Specific Abnormal Situations
1.10 Display Content
1.11 Display Layout
1.12 Display Navigation
1.13 Alarm Management Features
2.0 HMI Design Process
2.1 Step 1 - Adopt a High Performance HMI Philosophy, Style Guide, and Object
Library
2.2 Step 2 - Assess and benchmark existing graphics against the HMI Philosophy
2.3 Step 3 - Determine specific performance and goal objectives for the control of
the process
2.4 Step 4 - Perform task analysis to determine the control manipulations needed
to achieve the Performance and Goal objectives
2.5 Step 5 - Design and build High Performance Graphics using the design
principles in the HMI Philosophy and elements from the Style Guide and
Object Library, to address the identified tasks
2.6 Step 6 - Install, commission, and provide training on the new HMI
2.7 Step 7 - Control, maintain, and periodically reassess the HMI performance
3.0 Purpose and Use of an HMI Style Guide and Object Library
3.1 DCS Specificity
3.2 Object Library Contents and Usage
4.0 HMI Performance Monitoring and Ongoing Assessment
5.0 HMI Management of Change (MOC) and Maintenance
6.0 Control Room Factors
6.1 Control Room Design Factors
6.2 Control Room Work Practices
6.3 Operator Console Design
6.4 Operator Work Practices
6.0 References
Bill is the Principal Consultant responsible for the PAS work processes and
intellectual property in the areas of both Alarm Management and High
Performance HMI. He is a member of the American Petroleum Institute’s API
RP-1167 Alarm Management Recommended Practice committee, the ISA SP-
18 Alarm Management committee, the ISA SP101 HMI committee, and the
Engineering Equipment and Materials Users Association (EEMUA) Industry
Review Group.
Bill has multi-company, international experience in all aspects of Alarm Management and HMI
development. He has 28 years of experience in the petrochemical industry in engineering and
operations, and an additional 12 years in alarm management and HMI software and services for
the petrochemical, power generation, pipeline, pharmaceutical, and mining industries.
Bill is co-author of The Alarm Management Handbook, The High Performance HMI Handbook, and
The Electric Power Research Institute (EPRI) Guideline on Alarm Management.
Bill has authored several papers on Alarm Management and HMI, and is a regular presenter on
such topics in such venues as API, ISA, and Electric Power symposiums. He has a BSME from
Louisiana Tech University and an MBA from the University of Houston. In 2014, Bill was made an
ISA Fellow.
Prior to working with PAS, Hector was a senior engineer at Schlumberger. His
strength in design contributed to his success in creating new and improved
HMIs for reservoir evaluation services and interfaces for business Key
Performance Indicator tracking.
In addition to his expertise in High Performance HMI, Hector has widespread experience in all
aspects of Alarm Management. He has facilitated numerous Alarm Management workshops,
conducted alarm rationalization projects, and developed Alarm Philosophy documents for a wide
range of clients in the petrochemical, power generation, pipeline, and mining industries.
Hector has authored technical articles on High Performance HMI. In 2009, he and Bill collaborated
with the Electrical Power Research Institute (EPRI) on a comparative research study evaluating
High Performance graphics and operator effectiveness. Hector holds a Bachelor of Science in
Chemical Engineering from Rice University.
Crawford, W., Hollifield, B., Perez, H., Electric Power Research Institute Operator HMI Case Study:
The Evaluation of Existing “Traditional” Operator Graphics vs. High Performance Graphics in a
Coal Fired Power Plant Simulator, Product ID 1017637 (2009)
Hollifield, B. Oliver, D., Nimmo, I., and Habibi, E., The High Performance HMI Handbook. PAS (2008)
Hollifield, B. and Habibi, E. 2006. The Alarm Management Handbook, 2nd edition. PAS (2010)
About PAS
PAS, Inc. is a leading provider of software solutions for process safety, cybersecurity, and
asset reliability to the energy, process, and power industries worldwide. PAS solutions include
industrial control system cybersecurity, automation asset management, alarm management, high
performance HMI, boundary management, and control loop performance optimization. PAS
solutions are installed in over 1,000 facilities worldwide with more than 40,000 users.
© PAS, Inc. 2015. Ideas, solutions, suggestions, hints and procedures from this document are the
intellectual property of PAS, Inc. and thus protected by copyright. They may not be reproduced,
transmitted to third parties or used in any form for commercial purposes without the express
permission of PAS, Inc.
High Performance HMI 3.0 - Part 2 | Page 28
© PAS 2015
Become a Digital Industrial Company
GE Digital's portfolio overview
The Industrial Internet changes everything Services to accelerate your journey Use data-driven insights for optimized
Imagine a world where: performance
• Your factories are “brilliant”—giving you real-time visibility While this is an exciting time for opportunity and growth, The starting point for your Industrial Internet journey is
and control over all manufacturing processes the Industrial Internet can also bring on new challenges, getting connected to build “digital twins”—digital models
questions, and uncertainty. Specifically, how do you of your machines and processes. Sensors transmit data
• Your power plants replace scheduled maintenance with
get started? Or, what steps do you need to take to be from your industrial assets securely to your chosen storage
just-in-time, predictive maintenance to prevent unplanned
successful? No matter where you are on your journey, topology—edge/on-premises, Predix industrial cloud, or
outages
GE Digital has the right services offering for you. hybrid. You can then use GE Digital's software suites for
• Your industrial data, control networks, and applications are Asset Performance Management, Brilliant Manufacturing,
protected from malicious software threats—automatically HMI/SCDADA, and OT Cyber Security to gain insights that
and continuously allow you to optimize your assets and operations. You can
also create custom analytic applications by assembling
• Your analytic capabilities are infinite, and can be customized
pre-built Predix software services and building new Predix
using open tools and pluggable software services—allowing
services from scratch.
you to minimize downtime, optimize performance, and react
to market changes with flawless agility
Industry is reinventing itself for the digital age, and Predix Roger Pilc, Chief Innovation Officer, Pitney Bowes
makes it possible.
Contact Information
Americas: 1-855-YOUR1GE (1-855-968-7143)
gedigital@ge.com
www.ge.com/digital
©2017 General Electric. All rights reserved. *Trademark of General Electric. All other brands or names are property of their respective holders.
Specifications are subject to change without notice. 02 2017
iFIX 5.9 from GE Digital
Driving decision support for operators with high-performance visualization
Fourth-generation HMI/SCADA
increases efficiency and reduces costs
01 Speed operator response with modern
screens that facilitate situational awareness
iFIX 5.9 provides a new graphical engine that modernizes your HMI/SCADA.
With just a glance, operators should be able to recognize which information Take advantage of a completely refreshed Workspace with features that
requires their attention and what action needs to be taken. They need to know include anti-aliasing for picture shapes, time lapse playback for historical
quickly what problems have arisen and how they can be addressed efficiently. data, updated ribbon bars and menu options, high performance graphics,
and more.
You can enable smart operators with new fourth-generation HMI/SCADA.
02
The new iFIX 5.9 from GE Digital leverages the latest technologies that help
Find information easily with a context-rich
deliver faster time to insight and greater efficiency for your operations while
HMI based on the model structure
speeding time-to-insight for system integrators.
This context-rich HMI changes as the user moves through the system.
iFIX 5.9 offers a new graphical engine to modernize your HMI/SCADA
Navigation is derived from the model structure built by the engineer. The
experience. Get an intuitive user experience to reduce execution errors
context follows the asset definition and is defined only once for a class of
and improve operator response time to events and incidents. This new
assets. This prescribed experience provides the operator with the most Designed to the Efficient HMI guidelines, iFIX 5.9 improves operator
generation of software combines proven HMI/SCADA capabilities—used by
relevant information—in context—and minimizes the effort to find it. decision making and speeds response.
thousands of organizations around the globe—with new advanced features
03 05
to deliver best-in-class results.
Reduce time to solution with Save time with zero deployment clients
Efficient HMI out of the box with centralized management
Outcomes To help engineers create the right user experience, iFIX 5.9 contains pre- iFIX 5.9 is a true native web HMI. Web clients do not require any client
• Speed response with modern screens based on a powerful, new defined objects and templates designed using Efficient HMI concepts. side installation. The configuration, development, and deployment are
graphical engine
Effective layouts are also available out of the box. Designing your HMI all centralized, and any updates or changes are automatically reflected
• Reduce troubleshooting time with higher situational awareness, has never been so easy, speeding time to solution and maintenance. on the clients. The clients can be initiated through a browser or kiosk
using efficient HMI layouts and context-driven navigation based on a
model structure Additionally, iFIX 5.9 introduces a unique concept of flexible assembly of session and always start with the latest software updates deployed on
graphical content using external HTML5 editors. the server.
• Enable action anywhere, anytime with native responsive web design
Hardware and software requirements are representative and may vary by customer deployment.
Please consult the product documentation for more details.
©2016 General Electric. All rights reserved. *Trademark of General Electric. All other brands or names are property of their respective holders. Specifications are
subject to change without notice. 07 2017
iFIX from GE Digital—
Enabling the Smart Operator
Optimized for Active Decision Support
Expect More from Your
HMI/SCADA
Is your HMI/SCADA more than a passive partner, collecting
information, monitoring performance, and generating alarms?
Your HMI/SCADA should anticipate your operators’ needs,
delivering the precise information they need quickly and
intuitively to support the best possible decision-making.
At GE Digital, we approach this challenge in a number of ways. We simplified the HMI, adopting flatter objects • Less time spent navigating
and limiting the color palette to make the HMI/SCADA screen easier to read. We also created predefined
• Faster finding critical data
templates for processes, trends, and alarms that embody best practices in efficient HMI. These can be
combined in a variety of layouts to provide operators with different perspectives. • Improvements in alarm resolution success
And because screens are tied to a structured asset model mapped to the SCADA database, the HMI changes • Faster identification of relevant screens for an alarm
as the user moves through the system. With iFIX, operators have the situational awareness that’s crucial for
• Increases in usability
reacting quickly and making the best decisions.
“Ever since the introduction of GE Digital's iFIX at Pirelli, the system has been great to work with, which has encouraged us to
expand the system further and further to include new machines over time.”
With iFIX, you also have the system design flexibility to produce
your own HTML-based content that can be used to provide
additional information to the operator using our model context.
This extendable capability allows you to host information from
other systems, such as business applications and external web
content, in the same client layout, based on the equipment or
process on the display to further enable the operator.
Operational Analytics
Delivering Intelligent Warnings, Not Just Alarms
When equipment fails, industrial processes can slow or grind Automation software from GE Digital approaches this operators to the right preventive actions. Because it
to a halt. In the past, avoiding these failures meant observing challenge from multiple perspectives. It employs real-time is based on actual system performance, predictive
recommended maintenance schedules, a trade-off between multivariable analysis, rather than single-sensor equipment maintenance is more efficient than planned maintenance in
safety based on hypothetical norms and real-world efficiency. protection, to filter out false alarms and to provide more reducing downtime due to equipment failure or unnecessary
Even though systems generated thousands of data points, accurate and timely alerts. maintenance, while giving operators the insight they need to
there was no way to use those points to determine the status optimize system performance.
With its analytic plug-ins for components like air handlers,
of system components.
chillers and other equipment, our software brings to HMI/
SCADA the benefits of predictive real-time analytics— The result: iFIX users have seen as much as a 33% increase
algorithms that mine historical system data to guide in operations capacity and 40% faster troubleshooting.
Integrated Work With integrated work processes and electronic Standard
Operating Procedures (eSOPs) delivered in iFIX through
Fourth-generation HMI/SCADA also bridges the gap between
operations and maintenance. When an out-of-spec event
Processes
Workflow from GE Digital, you can drive the right actions takes place in the SCADA, operators can trigger a work
globally every time. The benefits are substantial, helping you to: process to interface with the CMMS/EAM system, secure
a work order number, send specific instructions including
• Reduce troubleshooting time and risk of making errors
GIS location, and facilitate corrective action to remediate
Step-by-Step Instructions Make • Decrease downtime, maintenance, and costs the problem.
It Easier for Operators to Avoid • Capture knowledge of your best operators and reduce
“iFIX has done an excellent job over the years and continues
to be one of the most solid and flexible SCADA platforms on
the market.”
“When new operators come in, they are able to know how the
system works – to be able to adjust the treatment process for
swings without impacting quality.”
To Learn More
Visit www.ge.com/digital/products/ifix
©2016 General Electric. All rights reserved. *Trademark of General Electric. All other brands or names are property of their respective holders.
Specifications are subject to change without notice. 08 2016
Make Every Operator In Your Plant A Hero
Fall 2017 Technology Fair
Matthew K. Wells
VP – Digital Product Management
GE Digital
© GE Digital
GE Digital Mission
Supplier Customer
Reduce Risks
Control Effluent
Quality & Avoid
Penalties
PROCESSES ASSETS
Moderately
prepared
39%
Slightly prepared
37%
Source: 2017 State of the Water Industry Report, The American Water Works Association
MISTAKES SLIPS
Knowledge Rule
Interpretation Plan
Stimulus Action
Evidence Situation Intention of Execution
Assessment Action
LAPSES &
MODE ERRORS Memory
© GE Digital
HMI design process,
a High Performance mindset
Start to simplify the interface - Create new face to the HMI Beginning the High
Performance Graphics
2. Confirm standard navigation
Alarm rationalization that will help notify on the most Critical Focus on how a “new”
5. Enable Full KPI cards
HMI would operate
Transform the information that helps the operator
understand the process with a glance
Difficult to
Troubleshoot
Screens
Overcrowded
Alarms Unclear
Colors have
no meaning
14
Line
Display 1-click
Line Line
Line
Trends Alarms KPIs
& Events
Asset
Display
Level 4 displays:
focused scope
• The data model drives the navigation
• Navigation in Context Asset Asset Asset
Trends Alarms KPIs
& Events
mobility
© GE Digital
Operator from the 1980s patiently A mobile workforce is 30%
acknowledging alarms … more efficient!
Exec Manager
Opps
Manager
• By Role
E • By Area
• By Asset Type
* Customer interviews C • By Severity
F
D
H G
A
B Drive the right
action!
Digitize work procedures - Don’t miss any important data related to manual activities
Quality Manager
Alarm
Response
PMs
Technician Operator
Mgt
Work
Instructions
Security
Engineer
Pressure
Speed
Temp
MEASUREMENT PREDICTION
Last available BOD sample Current BOD estimation
4-5 days
Asset Model
Boundary Conditions Lifing Knowledge
Product Data Historical & Real Time Deep Learning Tracking Data
Time-phased Data Fill-in Missing Values
Virtual Sensors
Personnel Processes
Data Connectors as On-
Ramp to Predix
Equipment Materials
Analytics Operations
Digital Twin ModelingSecurity
& Analytics
Predix Machine
Software /
Edge Analytics
Assets Operations Business
Enterprise Systems External Sources
(ERP, R&D, LIMS, etc.)
End-to-End Security
Feedback loop Feedback loop
* planned Q1 2018
CONTACT INFORMATION
Americas: 1-855-YOUR1GE (1-855-968-7143)
gedigital@ge.com
WWW.GE.COM/DIGITAL
©2016 General Electric. All rights reserved. *Trademark of General Electric. All other brands or names are property of their respective holders.
Specifications are subject to change without notice. 06 2016
OWWA Automation
Workshop 2017
Ignition by Inductive Automation
Travis Cox
Co-Director of Sales Engineering
Inductive Automation
Agenda
• About Ignition
• Ignition Edge
• High Performance HMI
• Alarm Management
• Security
• The Future of IIoT
• The Future of Ignition
Ignition: Industrial Application Platform
Features: Benefits:
• Come with up to 500 tags • Mix and match products
• Are equipped with OPC-UA and • Plug-and-play functionality
drivers • Affordable bulk pricing
• Cross-platform and ARM-compatible
• Work seamlessly with Ignition
systems
• Offer guaranteed performance on
constrained devices
Ignition Edge Panel
Ignition Edge Enterprise
High Performance HMI
"In many cases, the HMI impedes
rather than assists an operator in
handling a process upset or
abnormal condition.”
– The High-Performance HMI Handbook
Ignition: High Performance HMI
Resources:
• Design Like a Pro: Optimizing Your HMI
• Design Like a Pro: Graphic Design Tips for Better HMIs
Alarm Management
Alarm Management Handbook
Ignition: Alarm Management
• Conditional routing
• Splits
• Escalation
• Delays
2-Way Notification
• Email (SMTP)
• SMS (hardware & Twilio)
• Voice (VoIP)
SQL Support
Resources:
• Design Like a Pro: Alarm Management
Security
Security
Built-in features:
• SSL (HTTPS)
• Role-based security
• Security zones
• Active Directory and SSO
• Audit logging
• Designer security and permissions
• Client security and permissions
Java Security
Resources:
• Security Hardening Guide
• Java Security Whitepaper
• Java Security and Ignition Webinar
The Future of IIoT: The New Architecture
Conventional Architecture
IIoT: The New Architecture
Leading IIoT Messaging Protocol
Why MQTT?
Sharon Billi-Duran
Product Manager, Visualization Software
November 2017
PUBLIC
Copyright © 2017 Rockwell Automation, Inc. All Rights Reserved. 1
Sharon Billi-Duran
Started out as a software engineer
22 years experience in the industrial automation space
…all related to visualization software
…all at Rockwell Automation
At least one project in almost every industry imaginable
Special interest in mobility, location awareness
https://www.linkedin.com/in/sharonbilli/
@sharonbilli
INDUSTRIAL
Internet of Things
Machine-Level Visualization
• PanelView Plus
• Compact
• PanelView 5000
Web-Based Visualization
• Add-on for Machine Edition and Site Edition
• Access HMI screens from a web browser
• Dashboard and Report access
Connecting to:
Rockwell Automation EtherNet/IP and CIP Networks
using RSLinx Enterprise
Connecting to:
Rockwell Automation Non-CIP Networks
using RSLinx Classic
Legacy Modern
EntryTankLevel_Set.@Description
EntryTankLevel_Set.@Max
EntryTankLevel_Set.@EngineeringUnit
EntryTankLevel_Set.@Description
EntryTankLevel_Set.@Min
EntryTankFilling_FB.@State0
EntryTankFilling_FB.@State1
We’ve got
a problem… I’m on it!
I’m on It!
ACCURATE We’ve got
Time Stamps a problem…
The controller detects alarm conditions and triggers alarm The server captures all of the controller events
events. Alarms are buffered in the controller and show on the and sends notification to connected clients
display in the right order with accurate time stamps.
LOGIX INSTRUCTION AND Configured TAG-BASED Software-based alarm servers poll data
TAG BASED ALARMS in a Logix Controller ALARMS tags for alarm conditions
Operator Stations
Mobile Devices
Process Data
Historian Data
Diagnostics Data
Operator Log Comments
Automatic
Government
Compliance
Automation Devices
DETECTS
AUTOMATICALLY
for Machines
Extension of
Automatically generated
with
1…2…3…#
Native FactoryTalk
Alarm Client
DASHBOARDS
SIGNIFICANT DIAGNOSTICS
ACTION CARDS
ON PHONES, SWIPING
RIGHT IS AN “UP VOTE” AND
SWIPING LEFT IS A “DOWN
VOTE”
NEXT GENERATION
NEXT GENERATION
“Hey Mike, did you see Kyle’s note about the drive on Pump 4?”
Human Data Device Data
Sharon Billi-Duran
Product Manager, Visualization Software
November 2017
PUBLIC
Copyright © 2017 Rockwell Automation, Inc. All Rights Reserved. 34
Wonderware Water Solutions
OWWA Workshop Nov 2017.
Wonderware Solutions
For the Water Industry
Presented by
1. Trends/ Roadmap
2. InTouch
3. System Platform
4. Water Optimization
Software
5. Mobile / Cloud
6. Energy Solutions in
InTouch
Our strength lies in our installed base strength, global reach, partner
network and the diversity of our customer base
Wide Industry Coverage
We work with
• 7 of the top 8 private water operators.
• 19 of the top 20 petroleum companies
• 22 of the top 40 chemical companies
• 10 of the top 15 mining and minerals companies
• 25 of the top 50 food and beverage companies
Installed Base Strength
Over 100,000 sites
Over 2 Million+ licenses
Over 20 Billion+ operating parameters monitored
Over 12,000+ terabytes of operating data processed
Scale
Partner Ecosystem
2800 people
10 R&D centers 4000 SI partners
24 project centers 160 technology partners
Workforce
• Workers are finding more attractive jobs
• Many are retiring, taking tribal knowledge with them.
Public understanding
• The cost to treat water is increasing, rates are not.
• Population growth is leading to increased consumption and
services
Wonderware Roadmap
- First to Market Cloud Based Solutions Development and
Historians
- HTML5 Browsers
- Machine Learning and predictive analytics
- Development in the Cloud
We Address :
- Visit www.wonderware.trust.com
InTouch HMI 2017 Key Updates
InTouch longest running HMI in the world
Still can import all older versions into Modern V2017
Modern ArchestrA Graphics including Situational Awareness Library
Enhance Formats and Wizards
Web Services
API- SOAP, REST, XML, JSON
System Platform 2017 Core
Application Server
Framework for system wide, real-time data
acquisition, alarm and event management,
centralized security, data manipulation, remote
deployment and collaborative engineering.
Historian Insight
HTML5 Custom Web Browsers Dashboard. New 2017
Historian
Plant data historian
One Node Optional Redundant 2-400 Nodes Optional Redundant Unlimited Nodes Optional Redundant
100,000 I/O second/update
20,000 tags Historized
20 PLCs with each 5000 tags
20 Clients RDP server
20 Clients 1000’s of Clients Unlimited
0-1.000.000 Tags 0-10.000.000 Tags Unlimited
10,000 Alarms
One Galaxy One Galaxy Multi Galaxy
IoT Hubs IoT Sensors Plant 1 & 2 IoT Hubs IoT Sensors Plants IoT Hubs IoT Sensors Plants
All running on 1 box
Cameras 1-100.000 I/O Building Cameras 1-1.000.000 I/O Buildings Cameras Unlimited Buildings
High performance engine can render displays of 8K resolutions. InTouch OMI is 6 to 10x faster in graphic rendering
performance than InTouch System Platform on 1/10 memory footprint (e.g. 200+ clients on single terminal server).
Object Oriented Programming
Logic/Scripting
Maintenance Systems
Hot
Mill02
$Hot
Mills
Hot
Mill03
InTouch
Wonderware System OMI
Platform Experience
2017 & InTouch OMI -
Equipment Assets
Instrument Assets
Valve Assets
Multi-Touch & Gestures
Instant Replay
Process graphics can empower users with
greater insights by replaying past events
by switching to the historical data stream.
This improves Operator training and
troubleshooting.
Wonderware Online- Historian in the Cloud
…
Apps, analytics
& services
Edge Control
Power Monitoring
Discrete Process Continuous Process plug-in for Wonderware
Edge control
Connected Products
Touchscreen Machine Valve Industrial Variable Speed
Panel Automation Positioners Sensors Drives
Connected products
Wonderware Online is a cloud platform for collecting, storing, and visualizing high fidelity data across the
enterprise for smarter, faster business decisions. Wonderware Online is the simplest solution for industrial data
access, sharing and mobility. From zero to cloud in minutes!
Wonderware Online- Historian in the Cloud
…
Online InStudio - InTouch IDE Dev Studio in the Cloud
+ +
Power Monitoring Expert
Energy & Power Monitoring
Energy Analysis (ISO50001)
Demand & Power Factor Management
Cost allocation
Power Quality Performance
Capacity Management
Breaker Performance
Generator Performance
UPS Performance
Visit Us at our Upcoming Wonderware Canada East Knowledge Transfer
Nov 15th – Glen Erin Inn Mississauga
Hands on Labs, IIoT, Cloud, Product Roadmaps,
31 Years of Innovation
A Canadian company with 6 offices in 3 countries.
Bedford, Canada
Aberdeen, UK Orlando, USA Calgary, Canada Houston, USA Birmingham, USA
(Head Office)
Industries
Water & Wastewater Manufacturing
Oil & Gas Marine Systems
Power Generation Airport Solutions
Broadcasting Food & Beverage
Version 11.3
Instantly Intuitive
VTScada removes frustration from every stage of the HMI / SCADA lifecycle.
40% growth in new installations in 2016. 2017 has already surpassed 2016.
31 years. One product. No dead ends.
VTScada 11.3
We never discontinue software versions
forcing customers to start over. VTScada 11.2
Integrated features simplify the upgrade process.
VTScada 7
A Full-Integrated SCADA Solution
Enterprise Connectivity Monitoring and Control Displays Mobile Thin Client Server
(ODBC, OPC Client/Server, Web Services)
Long-Term Scalability
Single Server System
Thin Clients
Server Failover
Application Servers.
Thin Client Servers.
Load-share services.
Requires additional licenses.
SITE A SITE B
Synchronized Historians and
Alarm Databases DB A DB B
Alarm and Event Databases. DB B DB A
Across LAN or WAN.
INTERNET
Built-In Historian–- No Cost or Configuration
VTScada Historian
Standard Component *
Historian
MS SQL SQLite®
Server®
SQL Server, Oracle, MySQL and SQLite are trademarks of their respective owners .
* Other database formats licensed and installed separately. ** Requires additional VTScada licenses.
Tag Structure Model
1 2
Bridge1.changeset
@ Easy to distribute.
User A User B
Integrated Change Management
Operator-Created Trending
Use colour,
symbols,
and sound
to meet the
visual needs
of your
operators.
Operators can
add one or more
notes alarm
instances.
History Report
All active and trip alarm events within a specific period.
VTScada Application
Internet Server Enabled.
VPN
Known users via known computers/devices.
TLS/SSL
Known users. Unknown devices.
SCADA Firewall
Server
Read Only
Unknown users. Unknown devices.
Thin Clients
DMZ
Training and Support
Courses
Online Video Tutorials
In-class courses at Trihedral facilities.
Custom courses at customer facilities.
Directed webinars.
Seminar events.
The Most Accessible and Personal Support in the Business
Priced to prevent customers from having to purchase more than they need.
Tag Expansions enjoy greater volume discounts without penalty.
Adding new options and Thin Clients or increasing the tag limit is as easy as installing a new key.
Hosted Applications
Remote Site Cellular Network Central SCADA Servers Internet Customer Thin Clients
Free 50 I/O License
We are sharing our passion for instantly intuitive SCADA with the world.
Introducing…
Features and incidents are released together with backward compatibility for standard features.
To mitigate changing industry trends, we develop and maintain all our own technologies.
e.g., Version Control, Alarm Notifications, Scripting Language
New releases support the most recent releases of the Windows OS.
In 2017, Trend Micro Magazine ranked VTScada quickest to patch security threats based on ICS-CERT advisory statistics.
New Features in 11.3 New Features Coming Soon
Full support for IPv6 addressing. Historical Data Editing.
Alarm Notification via VOIP using Twilio®. Multi-Language Support.
JSON Driver. Subordinate Applications.
IEC 60870-5-104 Driver. Mapping Enhancements.
Anywhere Client can allow OpenID Connect logons.
IPv6 OpenID
On the Horizon
Industrial Internet of Things (MQTT).
Augmented Reality SCADA.
Features Released Since Fall 2016
(Legible list available upon request.)
F1112 Event records in the alarm history for unknown username login attempts now show the attempted username.
F1111 The Alarm Page can now display the text of acknowledged alarms using their priority color rather than just black or white.
F1110 A new application hook has been added, AlarmAckAllHook, that is called whenever the Ack All or Ack Shown buttons are clicked.
F1109 ROC Driver TLP definitions may now be added or overridden at the application level
F1076 The Sites, Map, and Operator Notes pages now each have their own dedicated system privilege. Old applications will have their Operator and Logged Off users updated with the new privileges as each application is activated, and any users
not inheriting from those roles will also be updated. Any applications which have been updated with new privileges will not be updated again, and thus they can be removed from any users or roles that were automatically given privileges
after the update.New applications will include the new privileges as part of the Operator role only.
F1094 Added OpenID Connect Basic Client Relying Party support using the OAuth 2 Authorization Code Flow
F1083 A new TextEncode() function was added which encodes text as UTF-8.
F1053 A system library function has been added for JSON encoding, System.JSON_Encode().
F1027 Addition of the IEC 60870-5-104 Master and Slave device driver
F0493 VTScada now supports the Internet Protocol Version 6 (IPv6)
F0811 Voice telephony alarm notification functionality will be supported using Twilio, as an alternative to using a voice modem. This allows better system virtualization, bypasses the use of POTS voice modems for voice alarm notification, and
simplifies VTScada alarm notification configuration.
F1104 Custom multi-state alarms can now re-activate an alarm with a different priority and description without creating superfluous records in the alarm history.
F1099 Realms can both be added and removed to the SoapServicesRealmName property without re-starting the VTS application.
For an existing application, users will need to move the setting from their application's Settings.Startup to Settings.Dynamic in order to change their application without re-starting. Any existing user applications where this is not done will
continue to function as before, requiring a re-start if this setting is changed, but this will not break existing applications in any way if the setting is not moved. After moving the setting and editing these files, an application re-start would need
to occur, so it is recommended to do this as part of the upgrade process for VTScada, prior to the application being started.
F1098 When you click Go To Page in the navigator in Tag Browser or Alarm Page, and a tag is only drawn on one page, it can now be opened as a pop-up.
F1097 A public method has been added for custom Alarm Column Graphics Modules to help determine if a row was selected.
F1096 Changes to the alarm Mute button are now recorded in the event log
F1095 Right-clicking on the Alarm icon on title bar now opens a popup Alarm Page.
F1089 Hovering over a source code variable in the Source Debugger now displays a tooltip showing the current value.
F1087 Help files no longer require adjusting browser settings to be viewed using the Anywhere Client with Internet Explorer.
F1074 The Internet Client Monitor style has been modernized
F1069 A new dialog now is provided to list tags that have not finished initializing as expected at application startup.
F1064 Spawn() may be used to open URLs on the Anywhere Client.
F1057 Performance and robustness improved for Historian native storage format.
F1048 VTScada can now be installed as VTScadaLIGHT. All versions of VTScada must now be activated when run for the first time on each workstation. VTScadaLIGHT, and optionally full versions, will report basic usage information to Trihedral.
F1079 The Alarm Database Tag can now appear on the Sites page as a folder or a site.
F1077 Workstation and Device columns have been added to the alarm History tab of the Alarm Page, with the columns marked as "extra" so they can be hidden from view when other extra columns are also hidden.
Additionally, the display of the Workstation name defaults to a Hex display of the MachineID if a friendly name does not exist anywhere it is displayed right now, rather than being blank.
F1072 The System pages now obey default Title and Task Bar Contents when opened as popups.
F1071 Maps in VTScada now provide a button to reposition the map to the initial location and zoom level.
F1070 The Site Legend widget has been updated to indicate what the flashing inner circle means. The legend now appears on the Sites page in the toolbar.
F1068 The List Page Menu button and the Tile Page Menu button now can be displayed independently.
F1062 Some VTScada files (including logo images) have been protected to ensure consistent appearance of applications built using VTScada.
F1033 Added a new standard method for drivers to connect and receive a semaphore from port tags.
F1073 The JSON/XML Driver now supports secure connections
F1066 Tag browser now shows the type of Report tags.
F1060 Added support for Emerson Well Optimization Manager and Surface Control Manager to the ROC driver
F1055 The file tree displayed when showing the difference between revisions or uncommitted files will now auto expand and auto select when there is only one item to view.
F1052 There is now an option to automatically open the containing folder after creating a new changeset or revision file.
F1051 To make the Calculation type easier to find in the new tag browser layout the Calculation tag has been added to the 'Analogs' type group. A new type group called 'Analytics' was also created which contains types having "post input/output"
operations, including the Calculation type.
F1050 Handling of copying and pasting Menu Item Tags has been improved.
F1044 A new function to create VTScada data types from JSON strings, JSONParse(), has been added.
F1042 A new driver has been created for retrieving XML or JSON formatted data from a URL.
F1041 It is now possible to use linked tags (or their descendants) and container parameters as the scope for widgets drawn within a Folder widget.
F1038 Network Values, which are used extensively to share persistent data among VTScada workstations, have had several improvements and issues fixed:
- The time to start an application has been reduced, sometimes by several minutes, especially when there are tens of thousands of Network Values.
- Changes made on different computers that are temporarily not connected by a network will result in the latest change being used rather than simply choosing the server's value.
- Cases where values would be different on different computers after network disruptions have been resolved.
- The disk space required to store the Network Values has typically been reduced to less than 1% of what it used to be.
F1032 The user can now remove a pen from the current plot when viewing the HDV without having to use the Tag Selector dialog.
F1029 The tag browser now hides the child tags of the Menus branch when set to show all children as these tags were numerous and would therefore over complicate this list. The "Menus" tag itself will still appear in the list, as well as in the tree
view on the left where it will continue to show it complete tree when expanded.
F0825 The ability to automatically scale analog pens in HDV plots has been added. This is turned on by default in new applications but left off for existing applications. There is a setting in the Application Configuration -> Edit Properties on the
Historical Data Viewer tab to turn this on and off.
F1059 Alarm templates can be over-ridden in context tags.
F1058 The driver trace field was too small to hold the maximal size of a DNP3 Data Link message.
Instantly intuitive SCADA from
people you can work with.