State-Based Control
State Based Control is among a spectrum of automation styles within ISA106, Procedure Automation for Continuous Process Operations. It’s origins date back to the 1960's rooted in a desire to achieve operational excellence through operating discipline. It was however until recently not widely practiced outside of a few companies. Most notable of these companies was Dow Chemical. Dow had developed and widely used a proprietary control platform known as MOD. MOD which stood for Manufacturing Operating Discipline was developed through a series of automation systems and refined into the MOD 5.
Decoupling / recoupling
Taking something temporarily out of state-based control to be operated manually / returning it to state based control.
Instrument justification
The addition of instruments to the design only as required for an identified purpose. May include Control, Troubleshooting, accounting, safety etc.
Alarm justification
In the design process documenting that all alarms have causes, consequences and actions. Alarms that do not have an undesired consequence or actions the operator can take are eliminated from the design.
State-based control
State based control can be thought of as an extension of the unit operation concept in the process industry. Processes are designed with unit operations. With state-based control the control design is divided into units and those units further divided into states, with the proper operating discipline for each state designed in. This can include alarm management including alarm points, controller modes and the operation of digital outputs. For instance, to better enable alarms to indicate abnormal situations that require operator action a low-level alarm would not be programmed to come in for a state where there should be no level. In this state a low level is not abnormal and there is no operator action required. A high alarm on the other hand could always indicate an abnormal situation in all states. The alarm point, however, may be 80% in a normal running state, but could be reduced to 10% in a state where no level is expected. This would give operations more time to realize that something was not blocked in properly or leaking by. The bottom line what is normal and abnormal, changes with the state the equipment is in. Also consider a reflux valve on a distillation tower. In the normal running state, the reflux valve may be a temperature controller. To total reflux the tower for startup or to manage an abnormal situation and operator may need to manually control the reflux valve to control the reflux drum level. With state-based control a total reflux state could be used in which the reflux valve mode changes to an automatic reflux drum level controller.
There are two commonly practiced ways of determining process states. One which is primarily used for only dynamic alarm management is to infer the process state using some key measurements and logic. The other is to use the control system through operator inputs, measurements and logic, to drive the process to the desired state. With the driven state method all aspects of the control system are managed by the state.
One key learning for the value of state-based control is without state based control the control system is essentially designed and optimized for the running state of the process. For a continuous process this makes a great deal of sense in terms of time. Continuous processes should spend most of the time in the running state. In terms of risk however start up, shutdown and abnormal situations are not optimized, and are the times when the process is at the most risk. State based control offers a safe consistent way to start up and shutdown a process. Burner management units are commonly managed through a burner management system for light off. In a similar fashion other unit operations can be controlled at a higher level of automation. Batch processes can achieve value through the automation of cycling through batches which happen repeatedly. It is sometimes thought that since continuous processes do not start up and shut down as often that there is not as much value in the automation. Start up and shutdown are however the least familiar aspect of operation in continuous plants because they do not happen as often, so automation adds value through reduced risk and time. In the running state of a continuous process there are very often degradation to normal operation.
State-based control design process in a front-end loading structure
Front-end loading is a proven methodology to mitigate risk and enhance return. The state-based control design work process can be implemented in a front-end loading framework including cost estimates for each front-end loading phase created. With FEL 1 being a State Based Control Assessment, which includes a degradation analysis, to deliver a high-level design and ending with a gate to FEL 2 giving the appropriate level of automation for which units will be automated and the level of automation to meet the business objectives. FEL 2 where detailed operational specifications are created based on the FEL 1 design. FEL 3 with Control application development.
Cost vs benefits
The cost of a state-based control application can be expected to be higher than process control applications with lower levels of automation. Cost estimates can be developed through a front-end loading methodology for reduced risk. An alarm philosophy will also be very important and will need to be updated or developed.
Commissioning plans
Higher level of automation require more logic. The logic has parameters that in some cases need to be verified in the field. So not all but based upon engineering judgment some functions of the state-based control should have a commissioning plan.
Commissiong plans should address:
* The function commissioned
* Identification of risks with the commissioning
* What personal should be involved in the commissioning process
* Plan to activate the functionality to be commissioned
* HMI to monitor during commissioning
* What mitigation action will be taken if there are problems
Opportunity for improvement
The opportunity for improvement is exceptionally large. 70-85 % of existing operational procedures are incorrect or incomplete. 42% of unscheduled shutdowns are caused by operator error. 70% of incidents occur during abnormal situations including startup and shutdown. The losses from these errors have been estimated at nearly 80 million per major incident. Implementations of state-based control have delivered an 80% reduction in process interventions, with 90% reduction in alarm rates.
The days of workers staying in a job for 30 years are no longer with us. Workers today typically are going to be in a job for less than five years. In the process industry as it is today, five years is probably not enough time to have them properly trained. Consider that large continuous processes probably go longer than five years between shutdowns. State-Based Control with embedded operating discipline is a big advantage with the current workforce. This is especially true when State-Based Control is paired with operator simulation training.
Return on investment
Return on investment for state-based control projects have been good with a typical payout time of 3 months being reported. Increased capacity has been seen at 1.5%, with startup time reductions of 50%. Start-ups are faster and more consistent no matter who is on the board. As mentioned earlier Dow Chemical reported hundreds of millions of dollars in benefit.
Operating a plant requires detection, knowledge and action. They all three must work. A breakdown in any of the three results in failure. In the case of an alarm response the operator should get an unambiguous alarm, while not being overwhelmed by too many other alarms. They need to know how to respond to the alarm. The correct operating discipline must be implemented in response in time to be successful. Typically, an alarm response is assumed to have a probability of failure on demand of 1 in 10. Consider if there is an alarm flood when the alarm comes in this might not be a valid assumption. Depending on the knowledge and experience the operator may not know what to do. If a procedure is required, is it correct and up to date? A safety instrumented function when properly designed and tested will within the probability of failure on demand do the job and prevent the scenario from occurring.<ref name=":4" /> Operations can be under a lot of stress, probably in an alarm flood, to on the fly have to deal with the ramifications of the safety instrument function. The units upstream and downstream of the effected unit must be dealt with. For instance, a high-pressure safety function may cut steam to a reactor. Actions are going to be needed in the downstream towers and upstream equipment. Through the degradation analysis when the reactor communicates the problem the up and downstream equipment have a designed response, also with the alarms being managed so as not to overwhelm the operator. This puts the operator in a lower stress situation managing the process through the event.
Reduced risk of unplanned events
Studies have shown that unplanned events are a function of the alarm rate an operator is under as well as the level of automation there is to support operations. If facilities are divided into quadrants of an axis of alarm loading and level of automation. Quadrants: Quadrant 1 (Low Alarms, High Automation), Quadrant 2 (High Alarms, High Automation), Quadrant 3 (Low Alarms, Low Automation), Quadrant 4 (High Alarms, Low Automation). Unplanned events are correlated to what quadrant a facility can be grouped in.<ref name":6" /><ref name":4" />
* Quadrant 4 with high alarm loading and a low level of automation, as you may expect, had the highest level of unplanned events.
* Quadrant 3 with lower alarm loading but a low level of automation has fewer unplanned events.
* Quadrant 2 has high alarm loading, but a high level of automation, and has fewer unplanned events. This also indicates that while reducing alarms has a benefit effect on unplanned events, increased automation has a bigger benefit.
* Quadrant 1, with low alarm loading and a high level of automation, had the lowest number of unplanned events.
Decoupling / recoupling
Taking something temporarily out of state-based control to be operated manually / returning it to state based control.
Instrument justification
The addition of instruments to the design only as required for an identified purpose. May include Control, Troubleshooting, accounting, safety etc.
Alarm justification
In the design process documenting that all alarms have causes, consequences and actions. Alarms that do not have an undesired consequence or actions the operator can take are eliminated from the design.
State-based control
State based control can be thought of as an extension of the unit operation concept in the process industry. Processes are designed with unit operations. With state-based control the control design is divided into units and those units further divided into states, with the proper operating discipline for each state designed in. This can include alarm management including alarm points, controller modes and the operation of digital outputs. For instance, to better enable alarms to indicate abnormal situations that require operator action a low-level alarm would not be programmed to come in for a state where there should be no level. In this state a low level is not abnormal and there is no operator action required. A high alarm on the other hand could always indicate an abnormal situation in all states. The alarm point, however, may be 80% in a normal running state, but could be reduced to 10% in a state where no level is expected. This would give operations more time to realize that something was not blocked in properly or leaking by. The bottom line what is normal and abnormal, changes with the state the equipment is in. Also consider a reflux valve on a distillation tower. In the normal running state, the reflux valve may be a temperature controller. To total reflux the tower for startup or to manage an abnormal situation and operator may need to manually control the reflux valve to control the reflux drum level. With state-based control a total reflux state could be used in which the reflux valve mode changes to an automatic reflux drum level controller.
There are two commonly practiced ways of determining process states. One which is primarily used for only dynamic alarm management is to infer the process state using some key measurements and logic. The other is to use the control system through operator inputs, measurements and logic, to drive the process to the desired state. With the driven state method all aspects of the control system are managed by the state.
One key learning for the value of state-based control is without state based control the control system is essentially designed and optimized for the running state of the process. For a continuous process this makes a great deal of sense in terms of time. Continuous processes should spend most of the time in the running state. In terms of risk however start up, shutdown and abnormal situations are not optimized, and are the times when the process is at the most risk. State based control offers a safe consistent way to start up and shutdown a process. Burner management units are commonly managed through a burner management system for light off. In a similar fashion other unit operations can be controlled at a higher level of automation. Batch processes can achieve value through the automation of cycling through batches which happen repeatedly. It is sometimes thought that since continuous processes do not start up and shut down as often that there is not as much value in the automation. Start up and shutdown are however the least familiar aspect of operation in continuous plants because they do not happen as often, so automation adds value through reduced risk and time. In the running state of a continuous process there are very often degradation to normal operation.
State-based control design process in a front-end loading structure
Front-end loading is a proven methodology to mitigate risk and enhance return. The state-based control design work process can be implemented in a front-end loading framework including cost estimates for each front-end loading phase created. With FEL 1 being a State Based Control Assessment, which includes a degradation analysis, to deliver a high-level design and ending with a gate to FEL 2 giving the appropriate level of automation for which units will be automated and the level of automation to meet the business objectives. FEL 2 where detailed operational specifications are created based on the FEL 1 design. FEL 3 with Control application development.
Cost vs benefits
The cost of a state-based control application can be expected to be higher than process control applications with lower levels of automation. Cost estimates can be developed through a front-end loading methodology for reduced risk. An alarm philosophy will also be very important and will need to be updated or developed.
Commissioning plans
Higher level of automation require more logic. The logic has parameters that in some cases need to be verified in the field. So not all but based upon engineering judgment some functions of the state-based control should have a commissioning plan.
Commissiong plans should address:
* The function commissioned
* Identification of risks with the commissioning
* What personal should be involved in the commissioning process
* Plan to activate the functionality to be commissioned
* HMI to monitor during commissioning
* What mitigation action will be taken if there are problems
Opportunity for improvement
The opportunity for improvement is exceptionally large. 70-85 % of existing operational procedures are incorrect or incomplete. 42% of unscheduled shutdowns are caused by operator error. 70% of incidents occur during abnormal situations including startup and shutdown. The losses from these errors have been estimated at nearly 80 million per major incident. Implementations of state-based control have delivered an 80% reduction in process interventions, with 90% reduction in alarm rates.
The days of workers staying in a job for 30 years are no longer with us. Workers today typically are going to be in a job for less than five years. In the process industry as it is today, five years is probably not enough time to have them properly trained. Consider that large continuous processes probably go longer than five years between shutdowns. State-Based Control with embedded operating discipline is a big advantage with the current workforce. This is especially true when State-Based Control is paired with operator simulation training.
Return on investment
Return on investment for state-based control projects have been good with a typical payout time of 3 months being reported. Increased capacity has been seen at 1.5%, with startup time reductions of 50%. Start-ups are faster and more consistent no matter who is on the board. As mentioned earlier Dow Chemical reported hundreds of millions of dollars in benefit.
Operating a plant requires detection, knowledge and action. They all three must work. A breakdown in any of the three results in failure. In the case of an alarm response the operator should get an unambiguous alarm, while not being overwhelmed by too many other alarms. They need to know how to respond to the alarm. The correct operating discipline must be implemented in response in time to be successful. Typically, an alarm response is assumed to have a probability of failure on demand of 1 in 10. Consider if there is an alarm flood when the alarm comes in this might not be a valid assumption. Depending on the knowledge and experience the operator may not know what to do. If a procedure is required, is it correct and up to date? A safety instrumented function when properly designed and tested will within the probability of failure on demand do the job and prevent the scenario from occurring.<ref name=":4" /> Operations can be under a lot of stress, probably in an alarm flood, to on the fly have to deal with the ramifications of the safety instrument function. The units upstream and downstream of the effected unit must be dealt with. For instance, a high-pressure safety function may cut steam to a reactor. Actions are going to be needed in the downstream towers and upstream equipment. Through the degradation analysis when the reactor communicates the problem the up and downstream equipment have a designed response, also with the alarms being managed so as not to overwhelm the operator. This puts the operator in a lower stress situation managing the process through the event.
Reduced risk of unplanned events
Studies have shown that unplanned events are a function of the alarm rate an operator is under as well as the level of automation there is to support operations. If facilities are divided into quadrants of an axis of alarm loading and level of automation. Quadrants: Quadrant 1 (Low Alarms, High Automation), Quadrant 2 (High Alarms, High Automation), Quadrant 3 (Low Alarms, Low Automation), Quadrant 4 (High Alarms, Low Automation). Unplanned events are correlated to what quadrant a facility can be grouped in.<ref name":6" /><ref name":4" />
* Quadrant 4 with high alarm loading and a low level of automation, as you may expect, had the highest level of unplanned events.
* Quadrant 3 with lower alarm loading but a low level of automation has fewer unplanned events.
* Quadrant 2 has high alarm loading, but a high level of automation, and has fewer unplanned events. This also indicates that while reducing alarms has a benefit effect on unplanned events, increased automation has a bigger benefit.
* Quadrant 1, with low alarm loading and a high level of automation, had the lowest number of unplanned events.
Comments