PAS 16055 Space Center Blvd, Suite 600 Houston, TX, USA 77062 (281) 286-6565 e-mail: bhollifield@pas.com
KEY WORDS High Performance Human Machine Interface, HMI, Operator Effectiveness, Process Graphics
Hollifield, Page 2
Presented at the 2012 ISA Water & Wastewater and Automatic Controls Symposium Holiday Inn Castle Resort, Orlando, Florida, USA Aug 7-9, 2012 www.isawwsymposium.com ABSTRACT: A HIGH PERFORMANCE HMI: BETTER GRAPHICS FOR OPERATIONS EFFECTIVENESS Almost all industrial processes are controlled by operators using dozens of graphic screens. The graphic designs are typically little more than P&IDs covered in hundreds of numbers. This traditional, low performance Human Machine Interface (HMI) paradigm is typical in all processes controlled by DCS and SCADA systems, including the water and wastewater sector. It has been shown to be lacking in both providing operator situation awareness and in facilitating proper response to upsets. In many industries, poor HMIs have contributed to major accidents, including fatalities.
HMI improvement has become a hot topic. The knowledge and control capabilities now exist for creating High Performance HMIs. These provide for much improved situation awareness, improved surveillance and control, easier training, and verifiable cost savings.
This paper will cover: HMIs Past and Present Common but Poor HMI Practices Justification for HMI Improvement What Can You Gain? High Performance HMI Principles and Examples Depicting Information Rather Than Raw Data The Power of Analog Proper and Improper Use of Color Depicting Alarm Conditions Trend Deficiencies and Improvements Display Hierarchy and the Big Picture The High Performance HMI Development Work Process Obstacles and Resistance to Improvement Cost-effective Ways to Make a Major Difference
Implementation of proper graphic principles can greatly enhance operator effectiveness. A High Performance HMI is both practical and achievable.
Hollifield, Page 3
Presented at the 2012 ISA Water & Wastewater and Automatic Controls Symposium Holiday Inn Castle Resort, Orlando, Florida, USA Aug 7-9, 2012 www.isawwsymposium.com A High Performance HMI: Better Graphics for Operations Effectiveness
Introduction The human-machine interface (HMI) is the collection of screens, graphic displays, keyboards, switches, and other technologies used by the operator to monitor and interact with the SCADA system. The design of the HMI plays a critical role in determining the operators ability to effectively manage the operation, particularly in response to abnormal situations. For several reasons, the current design and capability of most HMIs are far from optimal for running complicated operations. Most of these consist simply of schematic-style graphics accompanied by numbers. Such displays provide large amounts of raw data and almost no real information. They provide inadequate situation awareness to the operator. This paper concentrates on proper and effective design of the graphics used in modern SCADA systems.
HMIs Past and Present Before the advent of sophisticated digital control systems, the operators HMI usually consisted of a control wall concept. The control wall (see Figure 1) had the advantages of providing an overview of the entire operation, many trends, and a limited number of well-defined alarms. A trained operator could see the entire operation almost at-a-glance. Spatial and pattern recognition played a key role in the operators ability to detect burgeoning abnormal situations. The disadvantages of these systems were that they were very difficult to modify. The addition of incremental capability was problematic, and the ability to extract and analyze data from them was almost non-existent. The modern electronic control systems (SCADA & DCS) replaced them for such reasons. When these systems were introduced, they included the capability to create and display graphics for aiding in the control of the operation.
Hollifield, Page 4
Presented at the 2012 ISA Water & Wastewater and Automatic Controls Symposium Holiday Inn Castle Resort, Orlando, Florida, USA Aug 7-9, 2012 www.isawwsymposium.com
Figure 1: Example of a Control Wall
However, there were no guidelines available as to how to actually create effective graphics. Early adopters created graphics that mimicked schematic drawings, primarily because they were readily available. Graphics such as Figures 2 and 3 were developed over 20 years ago and remain common throughout the industry. Indeed, inertia, not cost, is the primary obstacle to the improvement of HMIs. Operators become accustomed to this style of graphic and are resistant to change. As a result, industries that use modern control systems are now running multi-million dollar operations from primitive HMIs created decades ago, at a time that little knowledge of proper practices and principles was available.
Hollifield, Page 5
Presented at the 2012 ISA Water & Wastewater and Automatic Controls Symposium Holiday Inn Castle Resort, Orlando, Florida, USA Aug 7-9, 2012 www.isawwsymposium.com
Figure 3: A Typical Crowded, Schematic-Style Graphic As SCADA and DCS system hardware progressed, graphics from the manufacturers began to adopt very flashy design practices. The results were displays that are actually sub-optimal for operators, but operators began deploying these as well. Figure 4 is an example of flashy design taken from a power generation facility to illustrate the point. The graphic dedicates 90% of the screen space to the depiction of 3-D equipment, vibrantly colored operation lines, cutaway views, and similar elements. However, the information actually used by the operator consists of poorly depicted numerical data which is scattered around the graphic, and only makes up 10% of the available screen area.
Hollifield, Page 6
Presented at the 2012 ISA Water & Wastewater and Automatic Controls Symposium Holiday Inn Castle Resort, Orlando, Florida, USA Aug 7-9, 2012 www.isawwsymposium.com
Figure 2: An Early Graphic Exhibiting Many Problematic Practices
The limited color palette was used inconsistently and screens began to be little more than crowded displays of numbers.
Figure 4: A Flashy Graphic Inappropriate for Actual Operational Control Hollifield, Page 7
Presented at the 2012 ISA Water & Wastewater and Automatic Controls Symposium Holiday Inn Castle Resort, Orlando, Florida, USA Aug 7-9, 2012 www.isawwsymposium.com
There are no trends, condition indicators, or key performance elements. You cannot easily tell from this graphic whether the operation is running well or poorly. That situation is true for more than 90% of the graphics used throughout the industry because they were not designed to incorporate such information. Instead, they simply display dozens to hundreds of raw numbers without informative context.
Justification for HMI Improvement Poorly performing HMIs have been cited time and again as significant contributing factors to major accidents. Yet our industry has made no significant change in HMI design. There is another industry that learns from its accidents and has made phenomenal advancement in HMI design based on new technology. That industry is avionics. Lack of situation awareness is a common factor cited in aviation accident reports. Modern avionics feature fully-integrated electronic displays (See Figure 5). These depict all of the important information, not just raw data, needed by the operator (i.e., pilot). Position, course, route, engine diagnostics, communication frequencies, and automated checklists are displayed on moving maps with built-in terrain proximity awareness. Real-time weather from satellite is overlaid on the map. Detailed database information on airports is available with just a click. Situation awareness and abnormal situation detection is far improved by these advances. This capability impossible even a dozen years ago in multi-million dollar airliners is now standard on even the smallest single engine aircraft.
Figure 5: Garmin G1000 Avionics Package in a Small Plane Since safety is significantly improved with modern HMIs, it is only logical that we would want all operators to have access to them. Yet most operators have done little to upgrade. There have been tests involving actual operators running realistic simulations using traditional graphics vs. High Performance ones. The author participated in a major test of these principles sponsored by the Electric Power Research Institute (EPRI) at a large coal-fired power plant. The results were consistent with a similar test run by the ASM (Abnormal Situation Management) Consortium on an ethylene plant. The test showed the high performance graphics provided significant improvement in the detection of abnormal situations (even before Hollifield, Page 8
Presented at the 2012 ISA Water & Wastewater and Automatic Controls Symposium Holiday Inn Castle Resort, Orlando, Florida, USA Aug 7-9, 2012 www.isawwsymposium.com alarms occurred), and significant improvement in the success rate for handling them. In the real world, this translates into a savings of hundreds of thousands of dollars per year.
Proper Graphic Principles Ineffectively designed graphics are very easy to find. Simply search the internet for images under the category HMI. Problems with these graphics include: Primarily a schematic representation Lots of displayed numbers Few trends Spinning pumps/compressors, moving conveyors, animated flames, and similar distracting elements Brightly colored 3-D vessels Highly detailed equipment depictions Attempts to color code piping with contents Large measurement unit callouts Bright color liquid levels displaying the full width of the vessel Lots of crossing lines and inconsistent flow direction Inconsistent color coding Misuse of alarm-related colors Limited, haphazard navigation A lack of display hierarchy Ineffective graphics encourage poor operating practices, such as operating by alarm. By contrast, High Performance graphics have: A generally non-schematic depiction except when functionally essential Limited use of color, where color is used very specifically and consistently Gray backgrounds to minimize glare No animation except for specific alarm-related graphic behavior Embedded, properly-formatted trends of important parameters Analog representation of important measurements, indicating their value relative to normal, abnormal, and alarm conditions A proper hierarchy of display content providing for the progressive exposure of detailed information as needed Low-contrast depictions in 2-D, not 3D Logical and consistent navigation methods Consistent flow depiction and layout to minimize crossing lines Techniques to minimize operator data entry mistakes Validation and security measures
Hollifield, Page 9
Presented at the 2012 ISA Water & Wastewater and Automatic Controls Symposium Holiday Inn Castle Resort, Orlando, Florida, USA Aug 7-9, 2012 www.isawwsymposium.com Data or Information? A primary difference of high performance graphics is the underlying principle that, wherever possible, operation values are shown in an informational context and not simply as raw numbers scattered around the screen. Information is data in context made useful. As an example, consider this depiction of a compressor (see Figure 6). Much money has been spent on the purchase of instrumentation. Yet, unless you are specifically trained and experienced with this compressor, you cannot tell if it is running at peak efficiency or is about to fail.
Figure 6: All Data, No Information
The mental process of comparing each number to a memorized mental map of what is good is a difficult cognitive process. Operators have hundreds of measurements to monitor. Thus the results vary by the experience and memory of the operator, and how many abnormal situations they have experienced with this particular compressor. Training new operators is difficult because the building of these mental maps is a slow process. Adding more numbers to a screen like this one does not aid in situation awareness; it actually detracts from it. By contrast, these numbers can be represented in a bank of analog indicators, as in Figure 7. Analog is a very powerful tool because humans intuitively understand analog depictions. We are hard-wired for pattern recognition. With a single glance at this bank of properly designed analog indicators, the operators can tell if any values are outside of the normal range, by how much, and the proximity of the reading to both alarm ranges and the values at which interlock actions occur.
West East Drive: 232.2 amps Cooler W. Vibration: 2.77 E. Vibration: 3.07 2.77 MSCFH 155.2 F 108.2 F 166.1 F 55.7 psig 135.1 psig 190.5 psig Oil 155.2 F Oil 85.1 psi 65.1 F Hollifield, Page 10
Presented at the 2012 ISA Water & Wastewater and Automatic Controls Symposium Holiday Inn Castle Resort, Orlando, Florida, USA Aug 7-9, 2012 www.isawwsymposium.com
Figure 7: Analog Depiction of Information In just a second or two of examination, the operator knows which readings, if any, need further attention. If none do, the operator can continue to survey the other portions of the operation. In a series of short scans, the operator can be fully aware of the current performance of their entire span of control. The knowledge of what is normal is embedded into the HMI itself, making training easier and facilitating abnormal situation detection even before alarms occur, which is highly desirable.
Color Color must be used consistently. There are several types of common color-detection deficiency in people, particularly males (red-green, white-cyan, green-yellow). For this reason, there is a well-known principle for the use of color: Color, by itself, is not used as the sole differentiator of an important condition or status. Most graphics throughout the world violate this principle. Redundant coding of information using additional methods other than color is desirable. A color palette must be developed, with a limited number of distinguishable colors used consistently. Bright colors are primarily used to bring or draw attention to abnormal situations, not normal ones. Screens depicting the operation running normally should not be covered in brightly saturated colors, such as red or green pumps, equipment, valves, etc. Cool gpm RECYCLE COMPRESSOR K43 Alarm Indicator Desirable Operating Range Alarm Range Alarm Range 2 Suct psig Inter psig Dsch psig Suct degF Inter degF Dsch degF Motor Amps Oil psig Oil degF 42.7 38.7 93.1 185 95 120 170 170 80 290 Hollifield, Page 11
Presented at the 2012 ISA Water & Wastewater and Automatic Controls Symposium Holiday Inn Castle Resort, Orlando, Florida, USA Aug 7-9, 2012 www.isawwsymposium.com When alarm colors are chosen, such as bright red and yellow, they are used solely for the depiction of an alarm- related condition and functionality and for no other purpose. If color is used inconsistently, then it ceases to have meaning. So what about the paradigm of using bright green to depict on and bright red for off, or vice versa if you are in the power industry? This is an improper use of color. The answer is a depiction such as Figure 8.
Figure 8: Depicting Status with Redundant Coding and Proper Color Usage
The relative brightness of the object shows its status, plus a WORD next to it. Things brighter than the background are on (think of a light bulb inside them). Things darker than the background are off.
Hollifield, Page 12
Presented at the 2012 ISA Water & Wastewater and Automatic Controls Symposium Holiday Inn Castle Resort, Orlando, Florida, USA Aug 7-9, 2012 www.isawwsymposium.com Alarm Depiction Proper alarm depiction should also be redundantly coded based upon alarm priority (color / shape / text). Alarm colors should not be used for non-alarm related functionality.
Figure 9: Depiction of Alarms When a value comes into alarm, the separate alarm indicator appears next to it (See Figure 9). The indicator flashes while the alarm is unacknowledged (one of the very few proper uses of animation) and ceases flashing after acknowledgement, but remains as long as the alarm condition is in effect. People do not detect color change well in peripheral vision, but movement, such as flashing, is readily detected. Alarms thus readily stand out on a graphic and are detectable at a glance. It is highly beneficial to include access within the HMI to the alarm rationalization information contained in the Master Alarm Database (See Figure 10). If these terms are unfamiliar, you are advised to become familiar with the 2009 standard, ANSI/ISA18.22009, Management of Alarm Systems for the Process Industries. In the pipeline industry, recent Control Room Management regulations issued by the Pipeline and Hazardous Materials Safety Administration (PHMSA) include an alarm management component. An American Petroleum Institute (API) recommended practice on Pipeline Alarm Management (API RP-1167) was issued in December 2010 and is expected to be incorporated into future PHMSA regulations.
Hollifield, Page 13
Presented at the 2012 ISA Water & Wastewater and Automatic Controls Symposium Holiday Inn Castle Resort, Orlando, Florida, USA Aug 7-9, 2012 www.isawwsymposium.com
Figure 10: Linked Alarm Information
Trends The most glaring deficiency in HMI today is the general lack of properly implemented trends. Every graphic generally has one or two values on it that would be far better understood if presented as trends. However, the graphics rarely incorporate them. Instead, engineers and managers believe claims that their operators can easily trend any value in the control system on demand with just a click. This is incorrect in practice; a properly scaled and ranged trend may take 10 to 20 clicks/selections to create, and usually disappears into the void if the screen is used for another purpose! This deficiency is easily provable; simply walk into the control room and count how many trends are displayed. Then pick a value at random and ask an operator to create a trend and watch. Our observations, made in hundreds of control rooms, indicate that trends are vastly underutilized and situation awareness suffers due to that omission.
TI-468-02 Column Overhead Temperature Alarm: PVHI Setting: 120 deg C Priority: 3 Class: Minor Financial Response Time: <15 min Alarm Consequences: Alarm Causes: Corrective Actions: Off-spec Production Excess steam Adjust base steam rate Lowered efficiency Pressure excursion Check pressure and feed parameters vs. SOP 468-1 Insufficient reflux Adjust reflux per computation; check controller for cascade mode Feed composition variance Check feed composition 120.1deg C 3 Hollifield, Page 14
Presented at the 2012 ISA Water & Wastewater and Automatic Controls Symposium Holiday Inn Castle Resort, Orlando, Florida, USA Aug 7-9, 2012 www.isawwsymposium.com
Figure 11: Trend Depiction of Desirable Ranges
Trends should be embedded in the graphics and appear, showing proper history, whenever the graphic is called up. This is generally possible, but is a capability often not utilized. Trends should incorporate elements that depict both the normal and abnormal ranges for the trended value. There are a variety of ways to accomplish this (See Figure 11).
Hollifield, Page 15
Presented at the 2012 ISA Water & Wastewater and Automatic Controls Symposium Holiday Inn Castle Resort, Orlando, Florida, USA Aug 7-9, 2012 www.isawwsymposium.com
Level Indication Vessel levels should not be shown as large blobs of saturated color. A simple strip depiction showing the proximity to alarm limits is better. A combination of trend and analog indicator depictions is even better (See Figure 12).
Figure 12: Vessel Levels
Bar Charts Attention to detail is important. It is typical to use bar charts to show relative positions and values. While this may be better than simply showing numbers, it is inferior to the use of moving pointer elements since as the bars value gets low, the bar disappears. The human eye is better at detecting the presence of something than its absence. The example in Figure 13 is superior in showing relative values, besides the color improvement.
Better Vessel Level Indication Very Poor Vessel Level Indication Crude Feed TK-21 Trend and Analog Level Indication 2 Hrs 86.5% 2 0 100 Hollifield, Page 16
Presented at the 2012 ISA Water & Wastewater and Automatic Controls Symposium Holiday Inn Castle Resort, Orlando, Florida, USA Aug 7-9, 2012 www.isawwsymposium.com
Figure 13: Bars vs. Pointers
Tables and Checklists Even tables and checklists can incorporate proper principles (See Figure 14). Consistent colors and even status indication can be integrated. 25% 50% 75% Valve V-1 V-2 V-3 X-1 X-2 X-3 X-4 S-1 S-2 K-1 K-2 100% 100% 95% 88% 100% 100% 75% 0% 55% 100% 100% 100% 0% Analog Position - Better 25% 50% 75% 100% 100% 95% 88% 100% 100% 75% 0% 55% 100% 100% 100% 0% Analog Position Poor Bar Graphs Valve V-1 V-2 V-3 X-1 X-2 X-3 X-4 S-1 S-2 K-1 K-2 Hollifield, Page 17
Presented at the 2012 ISA Water & Wastewater and Automatic Controls Symposium Holiday Inn Castle Resort, Orlando, Florida, USA Aug 7-9, 2012 www.isawwsymposium.com
Figure 14: Tables and Checklists There are dozens of additional principles like these. See the References section.
Breaker 15 Power Oil Temp 16-33 Oil Pres Status Level in TK-8776 Gen System Status Comp 88 in Auto Lineup Ready Sys Status Checks Bearing Readouts Comm check Outlet Temp < 250 Cooling Flow Internal Circuit Check Bypass Closed AFS Function OK NOT OK OK OK OK NOT OK OK OK OK OK OK OK OK OK Startup Permissives NOT OK Air Comp Status Mode Diag C #1 RUNNING AUTO OK C #2 STOPPED MAN OK C #3 RUNNING AUTO OK C #4 STOPPED AUTO FAULT 3 Hollifield, Page 18
Presented at the 2012 ISA Water & Wastewater and Automatic Controls Symposium Holiday Inn Castle Resort, Orlando, Florida, USA Aug 7-9, 2012 www.isawwsymposium.com Display Hierarchy Displays should be designed in a hierarchy that provides progressive exposure of detail. Displays designed from a stack of schematic designs will not have this; they will be flat like a computer hard disk with one folder for all the files. This does not provide for optimum situation awareness and control. A four-level hierarchy is desired. Level 1 Operation Overview This is a single display showing the operators entire span of control, the big picture. It is an overall indicator as to how the operation is running. It provides clear indication of the current performance of the operation by tracking the Key Performance Indicators (See Figure 15). Control interactions are not made from this screen.
Figure 15: Example Level 1 Display
Level 2 Unit Control Every operation consists of smaller, sectional unit operations. A level 2 graphic exists for each separate major unit operation. It is designed to contain all the information and controls required to perform most operator tasks associated with that section, from a single graphic (See Figure 16).
Reactor 1 Thionite Mid-Run ON CLEAR Prod: State: Agit: Locks: Run Plan: Actual: IN OUT Balance Menus Main Menu Feed Sys Aux Sys Reactor 1 L2 Trend Control Comp A Comp B 72.0 80.0 2 HR Cool CPC CRM Rate Reactor 2 CRM-114 Mid-Run ON CLEAR Prod: State: Agit: Locks: Run Plan: Actual: Balance Comp A Comp B 60.0 68.0 2 HR Cool CPC CRM Rate IN OUT Hydrog A Bed A1 Bed A2 Suct Dsch OK OK OK CLEAR VIB: BRG: OIL: Locks: Cycle Comp A 470 500 F L O W 2 HR Hydrog B Bed B1 Bed B2 Suct Dsch OK OK OK CLEAR VIB: BRG: OIL: Locks: Cycle Comp B 470 500 F L O W 2 HR Alarms: ACK UNACK Toggle List /Summary P1 0 0 P2 1 0 P3 2 1 P4 4 1 Reactor 2 Hydrog A Hydrog B L3 L4 70 80 % 12 HR Key Performance Indicators Conversion Efficiency 0.5 1.0 12 HR Emissions Limit Ratio Feed A Feed B Feed C SynG Feed System Aux Systems Atv 1 Atv 2 Pres %IP Clr T-In T-Out Visc CWT CWP S10 PWR VentP VentT C57D Null-A Jup2 S200 MGA Grok 2 2 071608 08:55:07 RX2 LOW CRM QUALITY EXC LVL LVL Hollifield, Page 19
Presented at the 2012 ISA Water & Wastewater and Automatic Controls Symposium Holiday Inn Castle Resort, Orlando, Florida, USA Aug 7-9, 2012 www.isawwsymposium.com
Figure 16: Example Level 2 Display of a Reactor
Level 3 Unit Detail Level 3 graphics provide all of the detail about a single piece of equipment. These are used for a detailed diagnosis of problems. They show all of the instruments, interlock status, and other details. A schematic type of depiction is often desirable for a Level 3 displays (See Figure 17). P S O AUTO 76.8 MPH 76.0 88.5 % Main Feed Main Feed MPH 72.0 80.0 -60 -30 -90 2 Hours P S O AUTO 11.9 MPH 12.0 22.3 % Additive 1 Additive 1 MPH 10.0 14.0 -60 -30 -90 2 Hours P S O AUTO 4.0 MPH 4.0 44.3 % Additive 2 Additive 2 MPH 2.0 6.0 -60 -30 -90 2 Hours VENT SYS Analysis: Purity % 32.0 40.0 -60 -30 -90 2 Hours Analysis: Inhibitor Concentration % 4.0 6.0 -60 -30 -90 2 Hours Agitator ON Reactor M5 Pump 1 RUNNING P S O AUTO 95.0 44.3 % M5 Pressure 98.0 psig P S O AUTO 70.0 54.3 % M5 Level % 71.0 % Thionite Product: Mid-Run 52.3 % 5.0 % Coolant Flow Coolant Temp P S O AUTO 45.0 54.3 % M5 Temp 45.0 C To Coils COOLING SYS 92.0 MPH PRODUCT Temperature C 40.0 48.0 -60 -30 -90 2 Hours Diagnostics 1-OK Pumps Needed 1 SHUT DOWN M5 Run Plan: Actual: FREEZE M5 IN Reset OUT Calc Diff: -10% +10% Hours: 238.1 Since: State: 19707 19301 Material Balance 2.1 % 06/02/07 14:00:00 ISOLATE M5 Pump 2 STOPPED 2-BAD M4 Main Menu - Level 3 - M5 Interlocks Feed System Product Recovery Level 1 Reaction Overview M5 Sequence Overlay Purge Rate Conversion Efficiency Cat. Activity Reserve Capacity M5 Startup Overlay M6 - Level 3 - M5 Cooling System Feed Components: A - B - C +/- 5 psi, 2hr +/- 1 %, 2hr Trend Control 4 Hollifield, Page 20
Presented at the 2012 ISA Water & Wastewater and Automatic Controls Symposium Holiday Inn Castle Resort, Orlando, Florida, USA Aug 7-9, 2012 www.isawwsymposium.com
Figure 17: Example Level 3 Display
Level 4 Support and Diagnostic Displays Level 4 displays provide the most detail of subsystems, individual sensors, or components. They show the most detailed possible diagnostic or miscellaneous information. The dividing line between Level 3 and Level 4 displays can be somewhat gray.
Pipeline Network or Distribution Overview Displays Pipeline networks are used in many industries, including water collection/distribution networks and in the oil/gas sector. Most existing displays that purport to be Overviews of a pipeline network are simply geographical layouts of the network covered in numbers. Figure 18 is a mock-up example of such a typical depiction. For a pipeline network overview display, there are certainly important items related to the geography, but this detail level is distracting and unhelpful to the operator. Hollifield, Page 21
Presented at the 2012 ISA Water & Wastewater and Automatic Controls Symposium Holiday Inn Castle Resort, Orlando, Florida, USA Aug 7-9, 2012 www.isawwsymposium.com
Figure 18: Typical Low-Performance Pipeline Network Overview There exists a highly successful technique for depicting geographic networks in a way that strips out all of the nonessential information, leaving what is important to the user and the task at hand. That technique is in the depiction of subway systems. Early versions of the depiction of the London subway system were confusing to the user (see figure 19.)
Presented at the 2012 ISA Water & Wastewater and Automatic Controls Symposium Holiday Inn Castle Resort, Orlando, Florida, USA Aug 7-9, 2012 www.isawwsymposium.com
Figure 19: Original 1908 Depiction of the London Subway System
In the 1930s, this depiction was modified and has since become a world-famous and universally adopted graphic technique for subway depiction. The key is the depiction of topography, not geography.
Hollifield, Page 23
Presented at the 2012 ISA Water & Wastewater and Automatic Controls Symposium Holiday Inn Castle Resort, Orlando, Florida, USA Aug 7-9, 2012 www.isawwsymposium.com
Figure 20: Topological London Subway Routing Diagram In the Figure 20 depiction, all lines (including the Thames river) are horizontal, vertical, or at 45 degrees. The outlying legs are shown as straight lines regardless of the actual routing. This is because the subway rider only needs to know how many stops remain to the destination or terminal, and not the precise direction of travel at any point. Enough geographical cues are shown to identify start points and destinations. While complex and showing a lot of information, the actual use of this drawing for navigation is simple and intuitive. Along with the announcements and labeling on the trains and at the stations, the diagram provides for good situation awareness for the task at hand, even by newcomers to the subway system. The kinds of geographic information that can be important for depiction of a distribution system (particularly for pipelines carrying hazardous materials) include: Jurisdictional or regulatory boundaries Proximity to waterways, residential spaces, or similar areas significantly affected by potential releases Proximity to response services Important Status Conditions and Alarms Significant highway or waterway crossings A high performance display will incorporate such information along with: Moving analog indicators indicating performance. Direction and content indicators Important trends Important status and alarms Translated to a pipeline network, a conceptual High Performance Overview display might resemble figure 21. Hollifield, Page 24
Presented at the 2012 ISA Water & Wastewater and Automatic Controls Symposium Holiday Inn Castle Resort, Orlando, Florida, USA Aug 7-9, 2012 www.isawwsymposium.com
API-RP-1165: Recommended Practice for Pipeline SCADA Displays In 2006, API issued a document on Pipeline SCADA HMI displays. There are some inconsistencies within that document. This is significant because some parts of API-RP-1165 have been incorporated into federal regulations issued by PHMSA. Overall, the concepts incorporated in the text portion of the document are valid. It mentions several good practices. The examples section, however, provides several depictions that are in direct violation of those very text principles! For example, Section 8.2.4 properly states that Color should not be the only indication for information. That is, pertinent information should also be available from some other cue in addition to color such as a symbol or piece of text. Yet throughout the remainder of the document, examples are shown that routinely violate this principle. Figure 22 shows only a few of the recommended practice examples from API-RP-1165. In many of these examples, Altair 4 A A A A M A A A 113 113 112 113 0 113 112 112 A B C D E F G H A A A A M A A A 42 43 42 44 0 43 43 43 A B C D E F G H A A A A M A A A 8.0 9.8 10.0 9.5 0.6 9.8 9.5 9.0 A B C D E F G H ON Station Status G E C A B D H F ON ON ON ON ON ON Diag H TX LA Altair 4 Mesklin Trantor Minbari Arrakis River Terminus Mesklin Arrakis 75 74 78 77 78 45 75 74 51 50 50 50 75 65 55 51 A A A A M A A A A B C D E F G H H H Trantor ON OFF XFER PULV A PULV B PULV C PULV D PULV E PULV F PULV G PULV H L1 OVERVIEW 08-15-2009 14:22:09 RUNBACK 1 RUNBACK 2 PULV OV UNIT 2: RUNBACK Graphic 2 Gross MW 562 DECREASE LOAD TRICON DEMAND: ACS DEMAND: 100.0% 100.0% INCREASE LOAD Econ O2 % AUTO 5.0 50% A2 BFP KLB/HR AUTO 1800 50% B2 BFP KLB/HR AUTO 1800 50% VALVE FORCED OPEN VALVE CONTROLLED A2 BFP Recirc Selector VALVE FORCED OPEN VALVE CONTROLLED B2 BFP Recirc Selector AUTO 2400 50.1% BOILER MASTER MAN 5.0 1800 1800 AUTO 65.0 50.1% FUEL MASTER MAN 2202 65.1 Input new ACS DEMAND or use buttons: 25% 50% 75% Valve SV-1 SV-2 SV-3 CV-1 CV-2 CV-3 CV-4 RHS-1 RHS-2 IV-1 IV-2 100% 100% 95% 88% 100% 100% 75% 0% 55% 100% 100% 100% 0% Valve Position 90.0% TRICON LOAD RATE: VERY FAST TURBINE MASTER MAN TURBINE FOLLOW BOILER FOLLOW COORD CONTROL CONSTANT PRESSURE VARIABLE PRESSURE Gateway Breaker 15 Power Oil Temp 16-33 Oil Pres Status Level in TK-8776 Gen System Status Comp 88 in Auto Lineup Ready Sys Status Checks Bearing Readouts Comm check Outlet Temp < 250 Cooling Flow Internal Circuit Check Bypass Closed AFS Function OK NOT OK OK OK OK NOT OK OK OK OK OK OK OK OK OK Pipeline Permissives NOT OK Hollifield, Page 25
Presented at the 2012 ISA Water & Wastewater and Automatic Controls Symposium Holiday Inn Castle Resort, Orlando, Florida, USA Aug 7-9, 2012 www.isawwsymposium.com only subtle color differences, not distinguishable by a substantial fraction of the operator population, are the only means to distinguish a significant status difference. In one table, API-1165 recommends color coding alarms by type. The well-known best practice is that they are redundantly coded by priority, not type (see Figure 22.) Users of API-1165 are therefore advised to pay more attention to the principles it contains than to the example depictions.
Figure 22: Sub-optimal Examples from API-RP-1165
T1 V12 L CLS V5 T T I OPN V1 T T I RUN U1 T T I OPN V9 T T I OPN V8 T T I RUN T1 T T O RUN U2 T T I OPN V11 T T I OPN V10 T T I OPN V2 T T I CLS V4 T T I OPN V3 T T I Station ABC OPN V6 T T I Tank Level % 50.0 Suction Psi 123.4 Case Psi 123.4 Suction SP Psi 123.4 DIscharge Psi 123.4 Discharge SP Psi 123.4 % Open % 123.4
OPN V17 T T I OPN V16 T T I CLS V15 T T I OPN V14 T T I
OPN V7 T T I OPN V13 T T I To Station BCD To Station DEF STATE BACKGROUND COLOR Color FORE- GROUND COLOR Color EXAMPLE Normal Black Green 1234 High-High Alarm Black Red 1234 High Alarm Black Yellow 1234 Low Alarm Black Yellow 1234 Low-Low Alarm Black Red 1234 Unknown/Error Black Blue 1234
4 Way Valve Symbols Comm Failure Off Scan Alarm Inhibited Offscan Manual Communication Failure (Stale) Alarm Inhibit Tagged RIGHT ABC T T I <- Device State Data Attribute <- Tag Field ID -> RIGHT RIGHT ABC T T I RIGHT ABC T T O RIGHT ABC T T I RIGHT ABC T T S RIGHT ABC T T I RIGHT ABC T T M RIGHT RIGHT ABC T T I RIGHT ABC T T O RIGHT ABC T T I RIGHT ABC T T S RIGHT ABC T T I RIGHT ABC T T M STATIC LEFT LEFT ABC T T I LEFT ABC T T O LEFT ABC T T I LEFT ABC T T S LEFT ABC T T I LEFT ABC T T M LEFT LEFT ABC T T I LEFT ABC T T O LEFT ABC T T I LEFT ABC T T S LEFT ABC T T I LEFT ABC T T M TRANSIT TRN ABC T T I TRN ABC T T O TRN ABC T T I TRN ABC T T S TRN ABC T T I TRN ABC T T M INVALID INV ABC T T I INV ABC T T O INV ABC T T I INV ABC T T S INV ABC T T I INV ABC T T M Tagged LEFT ABC T T I LEFT ABC T T O LEFT ABC T T S LEFT ABC T T I LEFT ABC T T M UNKNOWN/ ERROR ERR ABC T T I ERR ABC T T O ERR ABC T T I ERR ABC T T S ERR ABC T T I ERR ABC T T M RUN ABC T T I Hollifield, Page 26
Presented at the 2012 ISA Water & Wastewater and Automatic Controls Symposium Holiday Inn Castle Resort, Orlando, Florida, USA Aug 7-9, 2012 www.isawwsymposium.com The Seven Step Work Process There is a seven step methodology for the development of a high performance HMI. Step 1: Adopt a high performance HMI philosophy and style guide. A written set of principles detailing the proper way to construct and implement a high performance HMI is required. Step 2: Assess and benchmark existing graphics against the HMI philosophy. It is necessary to know your starting point and have a gap analysis. Step 3: Determine specific performance and goal objectives for the control of the operation and for all modes of operation. These are such factors as: Safety parameters/limits Production rate Run length Equipment health Environmental (i.e. Emission control) Production cost Quality Reliability It is important to document these, along with their goals and targets. This is rarely done and is one reason for the current state of most HMIs. Step 4: Perform task analysis to determine the control manipulations needed to achieve the performance and goal objectives. This is a simple step involving the determination of which specific controls and measurements are needed to accomplish the operations goal objectives. The answer determines the content of each Level 2, 3, and 4 graphic. Step 5: Design high performance graphics, using the design principles in the HMI philosophy and elements from the style guide to address the identified tasks. Step 6: Install, commission, and provide training on the new HMI. Step 7: Control, maintain, and periodically reassess the HMI performance.
Conclusion Sophisticated, capable, computer-based control systems are currently operated via ineffective and problematic HMIs, which were designed without adequate knowledge. In many cases, guidelines did not exist at the time of graphic creation and the resistance to change has kept those graphics in commission for two or more decades. The functionality and effectiveness of these systems can be greatly enhanced if redesigned in accordance with proper principles. A High Performance HMI is practical and achievable.
References Hollifield, B., Oliver, D., Habibi, E., & Nimmo, I. (2008). The High Performance HMI Handbook. Hollifield,B., Perez, H., Crawford, W., (2009), Electric Power Research Institute (EPRI), Operator HMI Case Study: The Evaluation of Existing Traditional Operator Graphics vs. High Performance Graphics in a Coal Fired Power Plant Simulator, Product ID 1017637, Note: currently available only to EPRI members Hollifield, Page 27
Presented at the 2012 ISA Water & Wastewater and Automatic Controls Symposium Holiday Inn Castle Resort, Orlando, Florida, USA Aug 7-9, 2012 www.isawwsymposium.com About the Author Bill Hollifield is the PAS Principal Alarm Management and HMI Consultant. He is a voting member of the ISA SP- 18 Alarm Management committee, the ISA-101 HMI committee, and the American Petroleum Institutes committee for API-1167 Recommended Practices for Alarm Management of Pipeline Systems. Bill is also the coauthor of The Alarm Management Handbook, The High-Performance HMI Handbook, and the Electric Power Research Institutes Alarm Management and Annunicator Application Guidelines. Bill has international, multi-company experience in all aspects of Alarm Management and HMI, along with many years of chemical industry experience with focus in project management, chemical production, and control systems. Bill has authored several papers on Alarm Management and HMI, and is a regular presenter on such topics in such venues as API, ISA, and Electric Power symposiums. He has a BSME from Louisiana Tech University and an MBA from the University of Houston. Hes a pilot, built his own aircraft (a Vans RV-12, with a High Performance HMI!), and builds furniture (and the occasional log home in the Ozarks) as a hobby.
Bill and Sweetie About PAS PAS (www.pas.com) improves the automation and operational effectiveness of power and process plants worldwide by aggregating, contextualizing, and simplifying relevant information and making it universally accessible and useful. We provide software and services that ensure safe running operations, maximize situation awareness, and reduce plant vulnerabilities. Our comprehensive portfolio includes solutions for Alarm Management, Automation Genome Mapping, Control Loop Performance Optimization, and High-Performance Human-Machine Interfaces. PAS solutions are installed in over 1,000 industrial plants worldwide.