Many example depictions are shown conceptually and schematically because there is such wide variation in the display capabilities, characteristics, and arrangement paradigms of specific DCSs. There are major differences between DCSs regarding such commonplace things as controller faceplate access and display. It is the concepts and principles that are important, which are then applied to your particular process and within your particular DCS capabilities.
Display Hierarchy
A concept of hierarchy (Levels) should be followed in constructing DCS displays. The primary purpose of these levels is to provide different amounts of operating detail to aid the operator in performing different tasks. A secondary purpose of these levels is to allow easier navigation. Four levels are optimum. They are:
Level 1 – Process Area Overview Displays
Level 2 – Process Unit Control Displays
Level 3 – Process Unit Detail Displays
Level 4 – Process Unit Support Displays
The four levels of displays represent increasing levels of complexity and/or detail – “zooming in” on the process. The hierarchy operates like a tree structure or computer folder structure wherein lower-level displays are associated with specific higher-level displays.
The majority of operator actions should be taken in Level 2 and Level 3 graphics, as shown in Figure 1.
Figure 1: High Performance HMI Display Hierarchy
Designing Level 1 Process Overview Displays
Now, just because a console already has a giant display does not mean the display is being used effectively. In fact, many control rooms have installed large screens with little actual thought or consistency as to what to show on them. There has been little available in the way of guidance – a shortcoming we will rectify here.
The Overview display will show the broadest available view of the facilities under a single operator’s control. It is a “big picture” at-a-glance view of the process unit. It provides clear indication of the current performance of the process by tracking the Key Performance Indications.
It should also be possible to call up the overview display on one of the console screens when there is a problem with the large display (or if one is not yet installed).
The Overview depicts elements and features, such as:
High level Key Performance Indicators such as safety, environmental, production, efficiency, and quality
Values, trends, and deviations of Key Performance Indicators
Alarms of the top 2 of 3 highest priorities, including acknowledgement status
Key process controllers
Important calculated parameters and conditions, such as mass balance
Important information from upstream and downstream units
Advanced control mechanisms performance and status
Major equipment status
Appropriate trends of important process parameters
Indications of abnormal situations, denoting severity
Consider an operator responsible for two reactors, two hydrogenation systems, and some support systems. Here is a conceptual arrangement of a High Performance Level 1 Overview Display for such a position.
In Figure 3, the overview graphic does not embody the “process pictorial” paradigm. Instead, embedded trends, moving analog indicators and radar plots are incorporated. Radar indicators are so capable, versatile, and underused that Appendix 3 is devoted to them. Important KPIs are calculated and trended along the right, along with other system status information.
Figure 2: Logical Arrangement of a Process Overview Display
The overview display is often properly placed on a large screen off of the workstation or on a video wall depending on the display’s audience. In many facilities, operating areas are closely coupled through feed and product streams, heat integration, and dependant utilities, so the overview of any given area may be useful to adjacent operators running other areas. The overviews are also useful for supervisors, engineers and managers.
Usually only one overview display is designed for a specific operating position. In some cases, the process makes different products, uses different feedstocks, or operates in significantly different states. In such cases, alternative overview displays can be created and used at the proper time.
The overview display should not be the first display designed. It is most practical to design Level 2 displays first and develop the Overview display afterwards.
More High Performance Display Examples at the PAS Website
This book has illustrative examples of the elements and types of high-performance displays. Many more such examples are available at the PAS website, www.pas.com. From the main page, select the High Performance HMI link to then access the images.
Figure 3: Example Contents of a Process Overview Display
Figure 4: A Non-Projection Technology Overview Display
Figure 4 is a picture courtesy of the Tennessee Valley Authority System Operation Center in Chattanooga, Tennessee.This is an extremely large, complex example of a control wall and is a stunning feat of pre-computer projection technology. It continues to provide an overview of multiple power plants.
This control wall is 125 feet wide and 14 feet tall. It is comprised of 252,000 individual replaceable 1 inch x 1 inch elements mounted in a grid structure. If represented by a computer screen, the equivalent would be 24,000 pixels wide by 2,688 pixels tall. This is the equivalent of 82 projection screens at 1024×768 pixel resolution!
Designing Level 2 Process Control Displays
The Level 2 graphic should contain all the information and controls required to perform most operator tasks associated with a specific plant unit, from a single graphic. Both routine changes and some abnormal situation interventions should be possible.
In the design process, Level 2 displays should be created first. The development requires the contribution of process engineers, production engineers, and operators. A major intent of Level 2 development is to ascertain and verify the operator’s mental model of the process.
It is important to model the entire span of control responsibility for the operating position. Use a geographic plant plot plan and P&IDs to define the scope.
While P&IDs are a tool in this process, the result should not look like a P&ID.
The overall plant mental model is divided into logical standalone sections, usually along the lines of major subsystems, such as a reactor, furnace, or distillation column.
Determine the various performance KPIs, controls, and control depictions to be placed on each Level 2 graphic. This will be further discussed in Chapter 9.
Figure 5 depicts these principles. All controllers and important indicators are shown on the various Level 2 displays. The displays are used for routine tasks such as manipulating controllers, operating pumps, starting blowers, opening valves, etc. All alarms of the top 2 of 3 priorities relevant to the depicted process are displayed. In some cases, it may be possible to depict all alarms. If not, the display should indicate there are Priority 3 alarms in effect and provide navigation access so they can be evaluated.
For some controllers, the setpoint and process value are trended. Output can be added via a right-click action. Output is always scaled at 0% to 100% with a right-side axis.
It is possible to rescale trends individually and to set different time spans for them either individually or altogether (via the “Trend Control” button at the bottom.)
For two controllers (pressure and level), full-size embedded trends are not needed and sparklines are used.
Analog indicators are used, as previously described, to give at-a-glance knowledge of any significant deviation from proper values.
Access to important reactor safety controls (Shutdown, Freeze, and Isolate) are provided and given prominence.
A material balance indicator is included.
The reactor has redundant level indication showing two bars, indicating any deviation between their values.
In this example depiction, only one alarm is in effect – a diagnostic problem with the spare pump. (This situation would be shown in detail on the Level 3 graphic.) Other alarms would be depicted similarly. The fact pump 2 is stopped does not generate an alarm because only one pump is specified as needing to be running.
Navigation and other control feature buttons are shown along the bottom of the display. This tends to be a DCS-specific choice and can take the form of tabbed displays or other mechanisms or placements. The intent is to provide one-click navigation to the most likely displays the operator may need to consult from this display.
Access to a Level 3 graphic is provided to show in detail the various interlock inputs, outputs, and diagnostics. However, the activation of any interlock causes elements to appear on the Level 2 graphic to depict the situation. For details, see section 8.5.
Buttons are provided labeled “Startup Overlay” and “Sequence Overlay.” Some DCS graphics have mechanisms to swap out sections of the display with other purpose-designed sections. For example, different trends and progress indicators would be useful during startup compared to steady-state operation. If overlays are not supported or their implementation is too complex, different graphics can be provided for such situations.
As noted and shown before, Level 2 displays consisting of nothing but predefined, important trends, as well as access to the right controllers, can be highly effective for process control by experienced operators.
Startup, Shutdown, and Abnormal Situation Level 2 Displays
Multiple Type 2 displays may be needed to cover the same equipment. These would be purpose-built for specific situations such as startup, normal operation, state or product transitions, and shutdown. (In some DCSs, previously mentioned graphic “overlay” methodologies might be adaptable to this purpose.) The task analysis for the abnormal situations will likely require information on the screen not useful for the normal operations case and would only be distracting or cause visual clutter. In complex situations, checklists should be displayed to help guide the operator through the proper response.
Figure 5: Example of a Level 2 Display
Figure 6: An Example of a High Performance Display Element Used for Startup
Consider the principle illustrated by Figure 6. The “roadmap” for a proper startup is clearly depicted and progress is visible. The structure gives the operator proper situation awareness and shows not only what has happened, but what is coming up next. A picture of a P&ID sprinkled with live values can do none of this, yet startup graphic elements like this are extremely rare. People may say, “But it costs money to design screens like this!” Yes, but we don’t save money by not painting lane divider lines in our roads. A single poorly-executed startup often costs more than proper HMI development. How many such startups have you had in the last decade?
These types of graphic elements are applicable to startups, shutdowns, grade transitions, product transitions, and similar mode changes. Automated Startup/Shutdown checklists and progress indications (such as in Figure 7) are also valuable aids to assist the operator in making the right adjustments at the right time and keeping the process on track. Poor startups and shutdowns cost money and typically make large, avoidable quantities of off-spec material.
Figure 7: Another Example Element of a High Performance Display Element Used for Startup
Displaying Interlock Functionality on Level 2 and Level 3 Displays
Interlocks are functions whereby normal control actions are overridden by predetermined process conditions. An example would be to override a steam valve to the closed position if the equipment temperature or pressure is too high. There are several HMI-related issues to be addressed for interlocks and these must be handled regardless as to if the interlock is implemented in the DCS or in a separate Safety Instrumented System.
Interlocks are implemented using logic structures – usually “blocks” or “points” or “ladders.” These are usually complicated and cryptic to understand when displayed using the native capabilities of the DCS. They may activate infrequently since they are usually designed to protect against an abnormal situation. Due to this, the operator may not encounter them for months. When they activate, the operator may not remember being told about “the new column interlock” implemented a year ago and have no idea why he cannot start feed to the column. If this occurs at 2AM on a Saturday night, then the engineer is (deservedly) likely to get a phone call and production may be delayed.
Therefore, every interlock, when activated, needs to indicate the activation on the appropriate Level 2 & 3 display. The strategy may be different for those displays.
For Level 2 displays, an interlock sequence depiction, such as the graphic “piece” shown below, works well if there is room on the display. If room is limited, a simplified depiction can be made with full information in the Level 3. In this example, high pressure on the vessel will first activate a Priority 2 alarm at 180 psi and will then activate an interlock at 200 psi. The interlock will close the Main Feed valves.
Figure 8: Interlock Depiction Part 1
Figure 8 shows the normal operating condition with no alarms and no interlock activation. The pressure signal is shown using an analog depiction. If a value is important enough to trigger an interlock, it should not be shown merely as a number. This analog depiction has the black section at the top, but not the bottom. This indicates an interlock will activate at high pressure but not also at low pressure.
Figure 9: Interlock Depiction Part 2
Figure 9 shows the pressure has exceeded the high alarm limit and a priority 2 alarm has activated. Both valves remain open. Since this alarm is a precursor to an interlock, the interlock diamond (designated I-4) has appeared as well, but is not connected to anything. This is an optional depiction, but is useful since in many systems the interlocks activate only rarely. It draws the operator’s attention to determine what could happen if the pressure is not reduced. Clearly in looking at this portion of the display, something unusual is going on. The operator can see the pressure must be reduced or an interlock action will occur.
Figure 10: Interlock Depiction Part 3
Figure 10 shows that the high pressure was not resolved soon enough and rose into the interlock activation range. The following things happened and are shown:
An additional priority 2 alarm came into being as the interlock activated. This is not a “high-high” alarm on the pressure signal; it is a “Trip Notification” alarm from the interlock function itself.
The on-off valve closest to the vessel has closed as a result of the interlock. This state is shown and the color yellow matches the priority of the interlock alarm.
The yellow interlock box includes the controller and control valve as well. In most cases, an interlock will not just shut a separate on-off valve but will override the separate control valve as well, generally via the solenoid on the valve. In the case above, the interlock not only does that but also commands the flow controller to go to manual with zero output. This is a “belt & suspenders and another belt” approach.
The display is thus indicating, at a glance, something is very wrong with the main feed and the pressure. A quick look at this display would draw your attention to the situation.
Interlock Alarm Priority
Proper alarm management might have chosen a different alarm priority for the interlock than for the pre-alarm. This is because alarm priority should relate to the avoidable consequences if the correct operator response is not made. For the pre-alarm, the avoidable consequences include the entire upset occurring from the interlock activation. For the interlock activation alarm, those consequences are no longer avoidable; the avoidable consequences at that point have only to do with the optimum management of the upset condition. The “Trip Notification” alarm may properly be a lower priority than the pre-trip alarm.
For Level 3 displays, an interlock diagnostic element must be created clearly showing the possible initiators and possible actions taken by the interlock. This does not have to be complicated; a table such as the following can often suffice.
Figure 11: Interlock Diagnostic Table
The operator can easily understand the logic when depicted in this way, even with multiple cases of ANDs and ORs. It is clear why there is no feed flow and no steam flow, as well as what to do to restore them. Indeed, the table element, when looked at, acts to remind the operator of the other interlocks possible on the system. This diagnostic element can “pop up” on the Level 2 or 3 graphic or be combined with several other interlock elements on a Level 3 or 4 Detail or Diagnostic display.
In the case of an interlock which shuts down some equipment, a first-out indication is desirable since some of the other initiators may activate after the shutdown trip occurs. Here is a simple example of a Shutdown “First Out” Table:
Figure 12: Shutdown Initiator Table with First Out
Shortly after the compressor shuts down due to high vibration, the oil pressure also drops, which produces another shutdown initiator. As a result of equipment isolation, the suction pressure may also drop sufficiently to activate another shutdown initiator. Thus by the time the diagnostic graphic is consulted, three separate shutdown causes are present and the question is – which is the original culprit? Two are a consequence of the immediately prior shutdown and the actual cause of the shutdown is shown via the “First Out.” The vibration reading depicted is “currently” much less than the shutdown limit (since it quits shaking after the shutdown), thus the high vibration indication (the “X”) needs to be latched until reset. Embedded trends of the vibration readings can show what actually happened. Alternately, the shutdown initiator reading can be “frozen” at the value at the time of the shutdown. The objective is to speed up the diagnosis of the problem and eventual restart.
This is a simple example, which could be implemented on existing graphics quickly and cheaply. Even better would be a Level 3 Display for the various diagnostics and shutdown initiators shown in at-a-glance analog fashion, such as prior Figure 7-7. This could even be included on the Level 2 Display of the compressor, if space is available.
Note to control engineers: In the creation of interlocks and shutdowns, it is often overlooked as to what the interlock will do if one of the initiating sensors malfunctions into a “Bad Measurement” state. It depends upon the DCS and how the specific interlock is built. The interlock table should show such conditions.
Designing Level 3 Process Detail Displays
Level 3 displays contain all control loops (controllers, indicators, alarms, status switches, etc.) They are also used for detailed investigations and interventions that are not time-critical.
Level 3 displays include the following:
Detailed views of sub-units, individual equipment items, components, and their related controls and indications
Custom pre-built trend displays for specific diagnostics
Shutdown System diagnostic displays
Interlock Diagnostics and similar troubleshooting displays
These detailed displays are mainly intended for troubleshooting or manipulating items not accessible from the Level 2 displays. All indicators, controllers, and alarms of all priority levels are shown on these screens. There may be several Level 3 displays for each Level 2.
For example, imagine an operator controls a reaction system, a recovery system, and a compression system. The compression system contains 3 compressors, which are on or off depending on a variety of factors. A “Compression System” Level 2 display should exist and show summary information and provide functional control of all three compressors. A Level 3 display for each compressor (Figure 13) then provides drill-down detail.
In some cases, the information is shown both in an analog manner (for fast comprehension and problem recognition) and on the process pictorial for more concentrated analysis and visualization.
Designing Level 4 Process Support and Diagnostic Displays
Level 4 displays provide the most detail of subsystems, individual sensors, or components. They show the most detailed possible diagnostic or miscellaneous information. The dividing line between Level 3 and Level 4 display can be somewhat gray.
Level 4 Support displays include the following:
“Common Alarm” displays with details of individual sensor status
Detailed information about equipment and instrumentation
Detailed status of Advanced Process Control (APC) functionality
System–supplied displays such as point detail, system diagnostics, alarm summary, etc.
Help displays
Other displays at Level 4 not associated with the display of live process information can include the integration of:
Operating procedures
Alarm documentation and response guidance
Abnormal situation response guidance
APC documentation and operational procedures
Other program-related documentation and operational procedures
Figure 13: Schematic Example of a Level 3 Compressor Display
Figure 14: Example of Alarm Rationalization Information
Information about each alarm should be available to the operator. If possible, “popup” information via a right-click action inside the operator’s HMI is preferred. This is more effective than searching through documentation or searching a database separate from the operator’s HMI. Access to operating procedures via embedded links can be incorporated.