Table of Contents Table of Contents
Previous Page  125 / 648 Next Page
Information
Show Menu
Previous Page 125 / 648 Next Page
Page Background

Safety and environmental standards for fuel storage sites

Final report

123

the operator who is to respond to the alarm;

the means by which the alarm situation is detected and communicated to the operator; and

the means of making the situation safe in the available time, given that this cannot include the

equipment which has been assumed to have failed.

Operator response

221 Operator response to an alarm contains four sub-tasks as illustrated in Figure 31.

Figure 31

Sequence of operator sub-tasks

Observe:

The first of these sub-tasks, observing the indication, is relatively quick to do, so

long as an operator is present to hear or observe the indication. However, it does rely on the

indication of the alarm being clear and not being hidden by other alarms or information being

communicated at the same time. Any assessment of reliability of this sub-task depends on

a review of the human-instrumentation interface and the potential for confusion or masking

of the key information. It also needs to consider how the alarm is prioritised because this will

influence the importance that the operator attaches to the response.

Diagnose and plan:

Diagnosis of the problem and planning what to do are two closely

coupled sub-tasks. The time required for these sub-tasks will depend on the situation, the

clarity of any procedures or instructions given on the correct response, the training of the

operator, and how well practised and easy the required response is within the time available.

If the operator has not met the situation before – and this may be the case on a well-run

facility – it is possible that the operator will not be familiar with the correct response unless

the scenario is covered by regular training or by periodic drills or exercises. Where the

operator may not be able to make a decision on the correct course of action without referring

to a supervisor, caution should be taken before claiming any credit for the alarm function.

Action:

Carrying out the necessary action could be a relatively quick thing to do (such as

closing a remotely operated valve) or it could require the use of a radio to reach another

operator who is then required to go to a specific part of the plant to operate a manual valve.

Time for response

222 The key consideration relating to ‘time for response’ is an understanding of the actual time

available from when the alarm is activated until the process goes ‘beyond the point of no return’.

This is illustrated in Figure 32.

Figure 32

Time for response to alarm

223 All four sub-tasks must be able to be completed effectively within this time. Shortage of time

available is one of the key factors that influence the probability of failure for operator response.

(See HEART methodology.)

224 The actual total time available for response (see Figure 32) should be evaluated on a case

by case basis taking into account all the relevant circumstances of the installation, for example

distances, means of taking action and operator experience.

Alarm

activated

Process goes

‘beyond point of no return’

Time

Alarm

observed

Diagnosis and

planning

Actual available time for response

Action

Task type

Alarm layer

Observe

Diagnose

Plan

Action

1 120 121 122 123 124 125 126 127 128 129 130 131 648 P & I Design Ltd