Alarms that are triggered by any one of an aggregate of individual alarms (e.g., 'Pump Trouble') and which require the operators to perform additional actions to determine the cause should be limited.
Additional Information:
This guideline does not apply to the use of alarm processing through which individual alarms are logically processed to provide more operationally meaningful, higher-level alarm messages. By contrast, shared alarms are defined by the activation of one or more of a set of different process deviations. For example, a "trouble" message may combine several potential problems associated with a single plant system or component, or it may address the same problem for a group of similar components (e.g., a bearing temperature alarm may address bearings from more than one component). When shared alarms are used, an inquiry capability should be provided to allow the operator to obtain specific information about which of the ganged parameters exceeded its setpoint. Criteria for the use/avoidance of shared alarms are given in Table 4.1. In traditional (i.e., tile-based annunciator) alarm systems, shared alarms imposed additional workload on the operator compared to single alarms because the operator had to identify the deviant parameter(s). This type of shared alarm should be minimized in advanced alarm systems. Some advanced alarm systems automatically present information related to the deviant parameter when the shared alarm is initiated. This reduces the operator workload associated with retrieving alarm information and minimizes the negative effects of shared alarms.
Table 4.1 Shared alarm considerations.