Keywords

1 Introduction

Chemical plants treat hazardous and/or toxic materials. Furthermore, the plants are operated at high pressure and/or at high temperature. When an accident occurs in the plant, the materials and/or huge energy may be released and environment is greatly damaged. Therefore, the plants must be at safe states. For the plant safety, independent protection layers (IPLs) (Fig. 1) [1] have been proposed. The protection is constructed with eight layers. A plant alarm system performs as the third layer. The plant alarm system alert operators the abnormal status of the plant and guide the countermeasures for each accidents. Their alarms are critical alarms for the plant safety and process alarms for the product quality. This paper treats with the critical alarms for the plant safety. The plant alarm system should be properly managed through the plant lifecycle. To properly manage the plant alarm system, the activities concerned with the plant alarm system and information flows between the activities in the plant lifecycle should be explicitly expressed. Furthermore, constraints, available inputs and expected outputs of each activities should be explicitly expressed to develop supporting tools for the activities. To explicitly express activities and information flow, a business process model (BPM) have been proposed. This paper proposes an alarm management business process model (AMBPM) and the derived business process flows.

Fig. 1.
figure 1

Independent protection layers

Full size image

2 Alarm Management Lifecycle

To properly manage the plant alarm system, ISA (Instrument Society of America) has proposed an alarm management standard [2]. In the standard, an alarm management lifecycle (AMLC) has been proposed as shown in Fig. 2. The AMLC contains three loops; a monitoring and maintenance loop, a monitoring and management of change loop and an audit of philosophy loop.

Fig. 2.
figure 2

Alarm management lifecycle

Full size image

3 BPM Approach for Plant Alarm System Management

To perform the activities in the AMLC, relationships among the activities and the other activities as the engineering in the plant lifecycle should be explicitly expressed. Namely, whole activities, contains them in the AMLC, in the plant lifecycle engineering should be explicitly expressed. To explicitly express activities and information flow, a BPM have been proposed.

3.1 Template of BPM

PI STEP (Process Industries Standard for the Exchange of Product model data Consortium) standardized a plant structure. In the PI STEP, IDEF0 (Integrated Definition for Functional model standard, Type-zero) [3] is used as an activity modeling method and PIEBASE (Process Industry Executive for archiving Business Advantage using Standards for data Exchange) model [4] is used as a framework. Fuchino et al. (2010) [5] extended the PIEBASE model and proposed a PDCA + P.R. (plan, do, check and act + provide resources) template. Shimada et al. (2012) [6] proposed a BPM of Plant-LCE (Plant Life-Cycle Engineering) based on the template. Fuchino et al. (2010) [5] proposed an overview template to overview whole the BPM. In this paper, a AMBPM is based on the BPM of Plant-LCE, and an overview template of the BPM (Fig. 3) is based on the overview template proposed by Fuchino et al. (2010) [5].

Fig. 3.
figure 3

Template of business process model

Full size image

In the template of the BPM, a box represents an activity and an arrow represents information. Arrows into left, top and bottom of a box is ‘input’, ‘control’ and ‘mechanism’, respectively. An out arrow from right of a box is ‘output’. ‘Mechanism’ arrows are combined with ‘control’ arrows to simplify. Activities are constructed hierarchically. Expanded all activities of an activity is called as a node. These activities are ‘Manage (Act)’, ‘Plan’, ‘Do’, ‘Check (Evaluate)’ and ‘Provide Resources’. The ‘Do’ activities may be two or more activities. The request arrows from ‘Manage (Act)’ activity to ‘Provide Resources’ activity and the resource arrows from ‘Provide Resources’ activity to ‘Manage (Act)’ activity are eliminated to simplify. Each output information from the activity A1 to the activityA7 is stored and gave to the next activity. To simplify, the arrows to store information are omitted. The each output information from the activity A2 to the activity A8 contains their own output information and the upper stream one. The arrows through ‘Check (Evaluate)’ and ‘Provide Resources’ activities contain the same information to simplify, although these arrows contains checked and logged information, respectively. The arrows u1, u2 and u3 in the upper activity are respectively the arrows 1, 3 and 8 in the node.

3.2 BPM Approach

The plant alarm system should be managed and maintained through the plant lifecycle. To perform activities adequately, the activities concerned with the plant alarm system management in the plant lifecycle and information flows among the activities should be explicitly expressed as a BPM. Furthermore, constraints, available inputs and expected outputs of the activities are required to be explicitly expressed to select or develop supporting tools for the activities. This paper proposes an AMBPM in the plant lifecycle. Even if the developed AMBPM is incomplete, the AMBPM approach has following merits;

  • The activities can be properly performed along with alarm management lifecycle.

  • Whole activities are hierarchically expressed.

  • Required information to perform each activities is obvious.

  • Requirements for tools used by each activities are defined.

3.3 BPM for Plant Alarm System Management

The proposed AMBPM contains activities concerned with a plant alarm system management, but contains not all of the activities of Plant-LCE. The core activities of a plant alarm system design are under the node A44553 in Fig. 6. But, information about sensors and control limits for steady state is very important for the plant alarm system design. And the design concept of the plant alarm system as third layer of IPLs should be decided as a part of design concept of IPLs which treat with steady state, abnormal situations and emergency shutdown. Furthermore, redesign for improvement requirements from operation or maintenance should be considered. Therefore, the AMBPM contains activities through the Plant-LCE.

In Fig. 4, green arrows represent information about requirement of change, and orange arrows represent the other information. As shown in Fig. 4, the activity A1 ‘Manage Plant-LCE’ receives requirements 1 = u1 to manage and requires to perform the activities A2, A4, A5 and A6. The activity A2 ‘Make execution plan for Plant-LCE’ receives the request and makes execution plans. The activity A4 ‘Perform process and plant design’ receives the plan and performs the process and the plant design. The activity A5 ‘Perform construction’ constructs the plant along with the design. The activity A6 ‘Perform manufacturing’ manufactures by the constructed plant.

Fig. 4.
figure 4

Node A0 “Perform Plant-LCE” of AMBPM

Full size image

A part of an activity tree of the AMBPM concerned with plan alarm system design process is shown in Fig. 5, because the whole AMBPM is very large. A core node of plant alarm system design process of AMBPM is the node A44553 as shown in Fig. 6.

Fig. 5.
figure 5

A part of activities tree of AMBPM concerned with plant alarm system design process

Full size image
Fig. 6.
figure 6

Core node of plant alarm system design process of AMBPM

Full size image

In the node A44553, the activity A445533 ‘Develop alarm source signals’ selects or newly designs alarm source signals. The activity A445534 ‘Develop alarm limits’ develops alarm limits for the alarm source signals. The activity A445535 ‘Develop alarm algorithms’ develops alarm algorithms. This node contains main activities for the plant alarm system design process. To perform these activities, information about constraints, tools and standards for the activities are very important. The information should be available and easy to use. Furthermore, explicitly describing the structure of activities which generate the information using the AMBPM, design rationale for the plant alarm system can be specified. Therefore, the plant alarm system can be designed logically.

3.4 Business Flow for an Example Design Process

A business flow for an example design process is illustrated as a green arrow in Fig. 7. The flow passes through many activities. Some activities are activated at several times. Referred information for each activate time are not always the same. For these reasons, it is difficult to express the business flow directly on the AMBPM in a readable way. So, we transcribe the example business flow as shown in Fig. 8.

Fig. 7.
figure 7

Business flow of the example process of plant alarm system design

Full size image
Fig. 8.
figure 8

Business flow of the example process of plant alarm system design

Full size image

The requirements for a plant alarm system design are given to the activity A445531 “Manage developing detailed design for plant alarm system”. The activity is activated as the activity A445531a “require plant alarm system design following the requirements”. The activity gives the requirements to the activities A445532, A445533, A445534, and A445536.

The activity A445532 “Plan and design detailed design concept for plant alarm system” is activated as the activity A445532a by requirements from the activity A445531a. The activity A445532a makes plan and design detailed design concept. The plan and concept by the activity and requirements from the activity A445531a are given to the activity A445533 “develop alarm source signals”.

The activity A445533 is activated as the activity A445533a “Develop alarm source signals using CE model following the requirements”. The activity A445533a develops alarm source signals using CE model. The signals from the activity A445533a and the requirements from the activity A445531a are given to the activity A445534 “develop alarm limits”. The requirements are contains a constraint that alarm limits should be within 5 % of normal operating range.

The activity A445534 is activated as the activity A445534a “develop alarm limits within 5 % of normal operating range”. The activity A445534a gives the alarm source signals and limits to the activity A445536 “evaluate performance of developing detailed design for plant alarm system”.

The activity A445536 is activated as the activity A445536a “Evaluate performance of developing alarm source signals and limits”. The activity evaluates the alarm source signals and limits using simulator by comparing them with the requirements from the activity A445531a and design basis to decision make. The evaluation results are sent to the activity A445537.

The activity A445537 is activated as the activity A445537a “Provide resources for developing detailed design for plant alarm system”. The sent results are logged by the activity and given to the activity A445531.

The activity A445531 “Manage developing detailed design for plant alarm system” is activated again as the activity A445531b “require to redesign alarm limits, because the evaluation results were not satisfied the design requirements”. The activity A445531b gives the requirements to the activities A445532, A445534, and A445536. The constraint is changed from “within 5 % of normal operation range” to “according to guidelines of EEMUA”.

The activity A445532 “Plan and design detailed design concept for plant alarm system” is activated again as the activity A445532b to re-plan and re-design concept. The plan and concept by the activity and requirements from the activity A445531b are given to the activity A445534 “Develop alarm limits”.

The activity A445534 is activated again as the activity A445534b “re-develop alarm limits according to guidelines of EEMUA”. The activity gives the alarm source signals and re-developed limits to the activity A445536 “evaluate performance of developing detailed design for plant alarm system”.

The activity A445536 is activated again as the activity A445536b “Evaluate performance of developing alarm source signals and limits”. The activity evaluates the alarm source signals and re-developed limits using simulator by comparing them with the requirements from the activity A445531b and design basis to decision make. The evaluation results are sent to the activity A445537.

The activity A445537 is activated again as the activity A445537b “Provide resources for developing detailed design for plant alarm system”. The sent results are logged by the activity and given to the activity A445531, again.

The activity A445531 “Manage developing detailed design for plant alarm system” is activated again as the activity A445531c “confirm the evaluation results and report the design results to upper level”. The activity A445531c gives the confirmed design results to upper level.

In the example business flow, the activities and information are specified at each activate time. Therefore, the activities and information exchange between the activities concerned with alarm management become clear.

4 Summary

In this paper, we tried to express an AMBPM to manage a plant alarm system. By referring the AMBPM, business process activities and information exchange between the activities concerned with alarm management become clear. The AMBPM has following merits.

  • The activities can be properly performed along with alarm management lifecycle.

  • Whole activities are hierarchically expressed.

  • Required information to perform each activity is obvious.

  • Requirements for tools used by each activity are defined.

In a case study, a business flow of an alarm system design process was derived from the AMBPM. The business flow represents specific activities and information for the respective step, whereas the AMBPM represents whole information concerned with the activity.