1、 AMERICAN NATIONAL STANDARD ANSI/ISA-18.2-2016 Management of Alarm Systems for the Process Industries Approved 17 March 2016 ANSI/ISA-18.2-2016 Management of Alarm Systems for the Process Industries ISBN: 978-1-941546-86-4 Copyright 2016 by the International Society of Automation. All rights reserve
2、d. Printed in the United States of America. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), without the prior written permission of the publisher. ISA 67 Alexander
3、 Drive P.O. Box 12277 Research Triangle Park, North Carolina 27709 E-mail: standardsisa.org 3 ANSI/ISA-18.2-2016 Copyright 2016 ISA. All rights reserved. Preface This preface as well as all footnotes, annexes, and draft technical reports associated with this standard are included for information pur
4、poses only and are not part of ANSI/ISA-18.2-2016. This standard has been prepared as part of the service of ISA, the International Society of Automation, toward a goal of uniformity in the field of instrumentation. To be of real value, this document should not be static but should be subject to per
5、iodic review. Toward this end, the Society welcomes all comments and criticisms and asks that they be addressed to the Secretary, Standards and Practices Board; ISA, 67 Alexander Drive; P.O. Box 12277; Research Triangle Park, NC 277099; Telephone (919) 549-8411; Fax (919) 549-8288; E-mail: standards
6、isa.org. This ISA Standards and Practices Department is aware of the growing need for attention to the metric system of units in general, and the International System of Units (SI) in particular, in the preparation of instrumentation standards, recommended practices, and technical reports. The Depar
7、tment is further aware of the benefits of USA users of ISA standards of incorporating suitable references to the SI (and the metric system) in their business and professional dealings with other countries. Toward this end, the Department will endeavor to introduce SI and acceptable metric units in a
8、ll new and revised standards to the greatest extent possible. The Metric Practice Guide, which has been published by the Institute of Electrical and Electronics Engineers (IEEE) as ANSI/IEEE Std. 268-1992, and future revisions, will be the reference guide for definitions, symbols, abbreviations, and
9、 conversion factors. It is the policy of ISA to encourage and welcome the participation of all concerned individuals and interests in the development of ISA standards. Participation in the ISA standards-making process by an individual in no way constitutes endorsement by the employer of that individ
10、ual, of ISA, or of any of the standards, recommended practices, and technical reports that ISA develops. This standard is structured to follow the IEC guidelines. Therefore, the first three sections discuss the Scope of the standard, Normative References and Definitions, in that order. CAUTION ISA A
11、DHERES TO THE POLICY OF THE AMERICAN NATIONAL STANDARDS INSTITUTE WITH REGARD TO PATENTS. IF ISA IS INFORMED OF AN EXISTING PATENT THAT IS REQUIRED FOR USE OF THE STANDARD, IT WILL REQUIRE THE OWNER OF THE PATENT TO EITHER GRANT A ROYALTY-FREE LICENSE FOR USE OF THE PATENT BY USERS COMPLYING WITH TH
12、E STANDARD OR A LICENSE ON REASONABLE TERMS AND CONDITIONS THAT ARE FREE FROM UNFAIR DISCRIMINATION. EVEN IF ISA IS UNAWARE OF ANY PATENT COVERING THIS STANDARD, THE USER IS CAUTIONED THAT IMPLEMENTATION OF THE STANDARD MAY REQUIRE USE OF TECHNIQUES, PROCESSES, OR MATERIALS COVERED BY PATENT RIGHTS.
13、 ISA TAKES NO POSITION ON THE EXISTENCE OR VALIDITY OF ANY PATENT RIGHTS THAT MAY BE INVOLVED IN IMPLEMENTING THE STANDARD. ISA IS NOT RESPONSIBLE FOR IDENTIFYING ALL PATENTS THAT MAY REQUIRE A LICENSE BEFORE IMPLEMENTATION OF THE STANDARD OR FOR INVESTIGATING THE VALIDITY OR SCOPE OF ANY PATENTS BR
14、OUGHT TO ITS ATTENTION. THE USER SHOULD CAREFULLY INVESTIGATE RELEVANT PATENTS BEFORE USING THE STANDARD FOR THE USERS INTENDED APPLICATION. HOWEVER, ISA ASKS THAT ANYONE REVIEWING THIS STANDARD WHO IS AWARE OF ANY PATENTS THAT MAY IMPACT IMPLEMENTATION OF THE STANDARD NOTIFY THE ISA STANDARDS AND P
15、RACTICES DEPARTMENT OF THE PATENT AND ITS OWNER. ADDITIONALLY, THE USE OF THIS STANDARD MAY INVOLVE HAZARDOUS MATERIALS, OPERATIONS OR EQUIPMENT. THE STANDARD CANNOT ANTICIPATE ALL POSSIBLE APPLICATIONS OR ADDRESS ALL POSSIBLE SAFETY ISSUES ASSOCIATED WITH USE IN HAZARDOUS CONDITIONS. THE USER OF TH
16、IS STANDARD MUST EXERCISE SOUND PROFESSIONAL JUDGMENT CONCERNING ITS USE AND APPLICABILITY UNDER THE ANSI/ISA-18.2-2016 4 Copyright 2016 ISA. All rights reserved. USERS PARTICULAR CIRCUMSTANCES. THE USER MUST ALSO CONSIDER THE APPLICABILITY OF ANY GOVERNMENTAL REGULATORY LIMITATIONS AND ESTABLISHED
17、SAFETY AND HEALTH PRACTICES BEFORE IMPLEMENTING THIS STANDARD. THE USER OF THIS DOCUMENT SHOULD BE AWARE THAT THIS DOCUMENT MAY BE IMPACTED BY ELECTRONIC SECURITY ISSUES. THE COMMITTEE HAS NOT YET ADDRESSED THE POTENTIAL ISSUES IN THIS VERSION. The following people served as voting members of ISA18
18、and approved this standard on 7 December 2015: NAME COMPANY D. Dunn, Co-Chair Consultant N. Sands, Co-Chair DuPont B. Fitzpatrick, Managing Director Wood Group Mustang J. Alford Consultant S. Apple Schneider Electric J. Bogdan J Bogdan Consulting LLC K. Brown Enbridge Inc. M. Brown Matrikon Inc. A.
19、Bryant Oxy Inc. J. Campbell Consultant M. Carter SIS-TECH Solutions L. Dubois UReason B. Hollifield PAS S. Kandasamy Chevron Energy Technology Company D. Logerot ProSys Inc. C. Lunty Suncor M. Marvan Shell Canada D. Metzger DPM Consulting L. Myers Consultant G. Nasby City of Guelph Water Services G.
20、 Plowman Rockwell Automation D. Rothenberg D Roth Inc. T. Stauffer Exida Co. D. Strobhar Beville Engineering Inc. B. Vail URS PS / AECOM K. Van Camp Emerson Process Management D. Visnich Burns an audible and/or visible means of indicating to the operator an equipment malfunction, process deviation,
21、or abnormal condition requiring a timely response. An essential element of this definition is the response to the alarm. This definition is reinforced in the alarm management processes described in this standard. 5.2 Alarm management lifecycle 5.2.1 Alarm management lifecycle model Figure 2 illustra
22、tes the relationship between the stages of the alarm management lifecycle described in this standard. The alarm management lifecycle covers alarm system specification, design, implementation, operation, monitoring, maintenance, and management of change activities from initial conception through deco
23、mmissioning. The lifecycle model is useful in organizing the requirements and responsibilities for implementing an alarm management system. The lifecycle is applicable for the installation of new alarm systems or managing an existing system. 27 ANSI/ISA-18.2-2016 Copyright 2016 ISA. All rights reser
24、ved. NOTE 1 The box used for stage B represents a process defined outside of this standard per 5.2.2.3. NOTE 2 The independent stage J represents a process that connects to all other stages per 5.2.2.11 NOTE 3 The rounded shapes of stages A, H, and J represent entry points to the lifecycle per 5.2.3
25、. NOTE 4 The dotted lines represent the loops in the lifecycle per 5.2.5. Figure 2 Alarm management lifecycle 5.2.2 Alarm management lifecycle stages 5.2.2.1 General The alarm management lifecycle stages shown in Figure 2 are briefly described in the following sub-clauses. The letter label is an ide
26、ntifier used in the text. The requirements and recommendations for each stage are described in Clauses 6-18 of this standard. 5.2.2.2 Alarm philosophy (A) Basic planning is necessary prior to designing a new alarm system or modifying an existing system. Generally, the first step is the development o
27、f an alarm philosophy that documents the objectives of the alarm system and the processes to meet those objectives. The alarm philosophy reflects the operations and maintenance work processes, and can reference those processes in other documents. For new systems the alarm philosophy serves as the ba
28、sis for the alarm system requirements specification (ASRS) document. The philosophy starts with the basic definitions and extends them to operational definitions. The criteria for alarm prioritization and the definition of alarm classes, performance metrics, performance limits and reporting requirem
29、ents are based on the objectives and principles for alarm systems. The schemes for presentation of alarm indications in the HMI, including use of Implementation Detailed design Audit and philosophy loop Philosophy Audit Management of change A J Rationalization Identification D C Monitoring & assessm
30、ent Operation Maintenance G H F E B I Monitoring and management of change loop Monitoring and maintenance loop ANSI/ISA-18.2-2016 28 Copyright 2016 ISA. All rights reserved. priorities, are also set in the alarm philosophy, which should be consistent with the overall HMI design. The philosophy speci
31、fies the processes used for each of the alarm management lifecycle stages, such as the threshold for the MOC process and the specific requirements for change. The philosophy is maintained to ensure consistent alarm management throughout the lifecycle of the alarm system. The development of the ASRS
32、is included in the philosophy stage of the lifecycle. The specification can be plant specific, providing details on restrictions or options, and can be the basis for selecting new or modifying existing control systems. The specification typically goes into more detail than the alarm philosophy and c
33、an provide specific guidance for system design. 5.2.2.3 Identification (B) The identification stage is a collection point for potential alarms proposed by one of the methods for determining if an alarm might be necessary. These methods are defined outside of this standard so the identification stage
34、 is represented as a predefined process in the lifecycle. The methods can be formal such as process hazards analysis, safety requirements specifications, recommendations from an incident investigation, good manufacturing practice, environmental permits, P&ID development or operating procedure review
35、s. Information from identification (e.g., alarm setpoint, consequence) should be captured for rationalization. Process modifications and operating tests can also generate the need for alarms or modifications. Some alarm changes will be identified from the routine monitoring of alarm system performan
36、ce. At this stage the need for a new alarm or modifications to an existing alarm has been identified and the alarm is ready to be rationalized. 5.2.2.4 Rationalization (C) The rationalization stage reconciles the identified need for an alarm or alarm system change with the principles and definitions
37、 in the alarm philosophy. The steps can be completed in one process or sequentially. The output of rationalization is documentation of the alarm, including any advanced alarm techniques, which can be used to complete the design. Rationalization is the process of applying the requirements for an alar
38、m and generating the supporting documentation such as the alarm setpoint, the consequence, and corrective action that can be taken by the operator. Rationalization includes the prioritization of an alarm based on the method defined in the alarm philosophy. Often priority is based on the consequences
39、 of the alarm and the allowable response time. Rationalization also includes the activity of classification during which an alarm is assigned to one or more classes to designate requirements (e.g., design, testing, training, or reporting requirements). The type of consequences of a rationalized alar
40、m, or other criteria, can be used to separate the alarms into classes as defined in the alarm philosophy. The rationalization results are documented, typically in the master alarm database (i.e., an approved document or file), which is maintained for the life of the alarm system. 5.2.2.5 Detailed de
41、sign (D) In the design stage, additional alarm attributes are specified and designed based on the requirements determined by rationalization. There are three areas of design: basic alarm design, HMI design, and design of advanced alarming techniques. The basic design for each alarm follows guidance
42、based on the type of alarm and the specific control system. The HMI design includes display and annunciation for the alarms, including the indications of alarm state and alarm priority. 29 ANSI/ISA-18.2-2016 Copyright 2016 ISA. All rights reserved. Advanced alarming techniques are additional functio
43、ns that improve the effectiveness of the alarm system beyond the basic alarm and HMI design (e.g., state-based alarming). 5.2.2.6 Implementation (E) In the implementation stage, the activities necessary to install an alarm or alarm system and bring it to operational status are completed. Implementat
44、ion of a new alarm or a new alarm system includes the physical and logical installation and functional verification of the system. Since operators are an essential part of the alarm system, operator training is an important activity during implementation. Testing of new alarms is often an implementa
45、tion requirement. The documentation for training, testing, and commissioning can vary with classification as defined in the alarm philosophy. 5.2.2.7 Operation (F) In the operation stage, the alarm or alarm system is in service and it performs its intended function. Refresher training on both the al
46、arm philosophy and the purpose of each alarm is included in this stage. 5.2.2.8 Maintenance (G) In the maintenance stage, the alarm or alarm system is not operational but is being tested or repaired. Periodic maintenance (e.g., testing of instruments) is necessary to ensure the alarm system function
47、s as designed. 5.2.2.9 Monitoring and assessment (H) In the monitoring and assessment stage, the overall performance of the alarm system and individual alarms are continuously monitored against the performance goals stated in the alarm philosophy. Monitoring and assessment of the data from the opera
48、tion stage may trigger maintenance work or identify the need for changes to the alarm system or operating procedures. Without monitoring, the performance of an alarm system is likely to degrade over time. 5.2.2.10 Management of change (I) In the management of change stage, modifications to the alarm
49、 system are proposed and approved. The change process should follow each of the alarm management lifecycle stages from identification to implementation. 5.2.2.11 Audit (J) In the audit stage, periodic reviews are conducted to evaluate the effectiveness of the alarm management process and maintain the integrity of the alarm system. Audits of system performance can reveal gaps not apparent from routine monitoring. Execution against the alarm philosophy is audited to identify system improvements, such as modifications to the alarm philosophy. Audits can als