Webinar: 10 Essentials of a Successful Upgrade or DCS Migration

Webinar: 10 Essentials of a Successful Upgrade or DCS Migration

This guest blog post was written by Charles Toth, a business development manager for MAVERICK Technologies. The post was written in conjunction with an upcoming ISA webinar co-hosted with MAVERICK on DCS migration strategies, set for 6 June at 12pm ET. Click this link to register for the webinar.


For many people, what we don’t know or understand can bring about a certain amount of fear, uncertainty and doubt. And, what we do know and understand makes us feel comfortable, so we tend to keep doing the same thing repeatedly. But sticking to the “status quo” isn’t always a good thing.

This is especially true when you must decide whether to upgrade or migrate your existing legacy distributed control system (DCS). You find yourself asking, what is the worst thing that can happen if we keep the old system? It runs, right? Perhaps. But to be realistic you must also ask, how long can we continue to support the existing system? What happens if it fails? Or, is it even compatible with the latest new technology on the market? In other words, you must weigh the facts carefully to see which path forward holds the most risk, and which one has the most potential to yield a favorable outcome – that is, which solution will positively impact the overall productivity, profitability and safety of your manufacturing processes.



Remaining “status quo” is easy: You know what you are working with in terms of your existing system, and you understand the huge risks involved if nothing changes. So, let’s look at what might give you the most angst if you consider an upgrade, or a migration to a completely new platform.

Risk zone: don’t panic

The potential for enormous risk is during the entire installation process, but particularly during the cutover from the old automation system to the new one. At this stage, production can be affected either for good or bad. The cutover point is where the parts of the larger automation system designated to stay in place are moved to the new platform. These typically include field instrumentation, valves, motor controllers, and so on—with all the supporting networks and wiring. These components interface with the system via input/output (I/O) cards, and every connection must be moved from the old platform to the new one. So, how can we minimize this potential risk? Proper upfront planning is key and should be done well in advance of the cutover process. Let’s see why.

Work zone: FEL planning ahead

A well-planned upgrade or migration project should have a detailed roadmap developed prior to implementation. Without strong upfront planning, the project will be subject to significant changes later, and its outcome could potentially be less than favorable. It is important to involve your process engineers and maintenance group in the front-end loading (FEL) planning efforts. During the FEL process, if you decide to work with an automation solutions provider or an automation system supplier, the cutover steps should be thoroughly outlined and scheduled. If everyone works together, the resulting cutover plan will minimize risk, lower your costs and maximize operational uptime.

Learn the 10 essential elements of a successful upgrade or DCS migration. Don’t miss the free ISA webinar co-hosted with MAVERICK Technologies on 6 June at noon ET.  Click this link to register.


The cutover usually signals the end of the project is in sight. By the time a new DCS is delivered to your facility, the following work should be done:

  • Documentation reviews and updates for the facility (with team leader audits)
    • Piping and instrumentation diagrams (P&IDs)
    • Loop sheets
    • Panel drawings
    • Rack room drawings
    • Cable and conduit schedules
  • Field devices and their supporting wiring should be verified
  • Factory acceptance test (FAT)
  • Infrastructure needed to support the new system
  • Site acceptance test (SAT)

More migration considerations

Besides the upfront planning and the actual installation process, there are many other elements you must consider in an upgrade or migration project such as resource availability, funding and buy-in to name a few. It’s risky business to assume you know the best approach unless you have considered best practices and options from all available sources in industry. One of the key points to remember is to identify potential risk areas early in the planning process, especially during the installation process. A systematic analysis should consider things, such as safety, downtime, resource allocation, network traffic levels, data integrity and cyber security while there is still the greatest flexibility to deal with them.

With proper planning and implementation guidelines in place, you can take the fear, uncertainty and doubt out of your upgrade or DCS migration project and stack the odds in your favor with minimal to no risk.

Learn the 10 essential elements of a successful upgrade or DCS migration. Don’t miss the free ISA co-hosted webinar on 6 June at noon ET.  Click this link to register.


About the Author
Charles Toth started his seven-year career working as a senior engineer at MAVERICK Technologies, a platform-independent automation solutions provider. He is currently a business development manager for MAVERICK.


Connect with Charles:


DCS Upgrade: How to Reduce Stress During Execution

DCS Upgrade: How to Reduce Stress During Execution

This guest blog post was written by Sunny R. Desai, an engineer in the DCS/PLC/SCADA department at Reliance Industries Ltd.


The Reliance Industries Hazira complex, which manufactures a wide range of polymers, polyesters, fiber intermediates, and petrochemicals, needed to determine the best way to update the industrial automation system. The complex commissioned a naphtha cracker plant in March 1997 using then state-of-the-art technology, including a UNIX-based control system. Over the years, there had been a progression of vendors developing new systems based on the latest technological platforms and then declaring their older systems obsolete.

Many of the components of the UNIX-based control system had been declared obsolete, and the vendor had withdrawn active support, spares, and engineering resources. There was a decreasing availability of spares, which were very expensive. The distributed control system (DCS) is critical for plant operation; the obsolescence and unavailability of spares directly affected the availability of the system for plant operation. Because electronic components degrade over time, the failure rates of components was increasing. All these factors increased the time and effort to restore a failure.

Evaluation philosophy

The company’s evaluation philosophy for developing an upgrade plan was based on the following major criteria:

  • Plant safety and reliability were of prime importance.
  • Efforts should be made to prolong or stretch the system life as long as possible without compromising safety or plant reliability.
  • If the reliability of the existing system could be enhanced with a partial upgrade, it was preferred.
  • If the partial upgrade of the system was not possible or did not improve the reliability of the system, efforts should be made to keep the full upgrade cost to a minimum.


A partial system upgrade was not suggested, because it would only improve the visualization, but not the reliability, of controllers, I/O modules, and other hardware components. Also, keeping in mind the remaining installed base at the site, other plants would benefit from the spares generated by removing hardware from this plant. The final recommendation was a full cracker plant control system upgrade.

Project scope

The following table shows an inventory of the existing DCS hardware.

Sr. No. Unit Quantity
1 Marshaling panels 111
2 System panels 20
3 Total I/O 14,000
4 Alarm consoles 10
5 DCS servers 11
6 Operator stations 18

Update considerations

In the initial stage of the project, it was decided  that the new system should be similar to the existing system in terms of the visualization, faceplates, and programming to avoid confusion between an actual problem in the field and a programming error.

The technical requirements the plant considered during the engineering stage included:

  • time scheduling for minimum downtime during plant shutdown
  • interfacing to existing field instruments
  • reliability and safety of process areas
  • redundancy features
  • creating fresh logics in the new system from the existing system
  • converting proportional, integral, derivative (PID) tuning parameters from the existing system
  • graphical design similar to the existing system for ease of operation
  • communication with third-party systems
  • advanced process control (APC) program modification
  • third-party historian program modification
  • secured network architecture

Method followed

Time scheduling was the biggest challenge for the entire team, with a very limited number of days for executing the job, which included removing and fitting new system panels, removing all the components from the marshalling panels, removing and fitting new alarm consoles, formatting and installing DCS servers, replacing old operator stations with new ones, removing existing control network cables and laying new ones, and replacing all the power circuit breakers.

The upgrade was to be performed in the short duration of a shutdown. To restrict the cost, the team decided not to replace the I/O panels, but only the internal components. This would also minimize the carbon footprint of this project. It would take a lot of time to remove and fix components individually, so the team decided to mount components on a plate and install the plate in the panels. All the components, such as I/O modules, communication modules, barriers, terminal blocks, and power supplies, were installed on the plate at the vendor’s factory, and factory acceptance testing (FAT) was performed on the same setup.

To meet the desired system reliability, redundant controllers, communication modules, and some analog output cards, power supplies, and diode ORings (creating logical OR relationships) were connected in cross redundancy to avoid a single-point failure of any device in the distribution. Power supply units were only loaded at less than 35 percent of capacity.

The software function blocks did not have the functionality of the old system, so many customized blocks were created in the new system, including blocks for APC and digital loops. A team of specialized engineers, including process personnel, tested the logic in the new system. This team visited the vendor a couple of times before conducting the FAT to ensure that the logic worked per the existing control and automation philosophy.

The project’s new controller supported a significantly larger number of I/O than the existing controllers. The plant preferred not to merge the I/O in one controller, but had them distributed in the controllers exactly following the existing philosophy. No controllers were designed to have third-party communication and I/O communication together.

It was decided in the design basis that all electronic components and cards should comply with the ANSI/ISA-71.04-2013, G3 classification. The installed components must operate for a minimum of 48 hours under extreme conditions: temperature at 0–50°C; relative humidity at 10–96 percent at 32°C noncondensing; maximum vibration at 0.2 G, 20–300 Hz; maximum displacement at 0.01 inches; 5–20 Hz. Considering the constant improvements performed in the plant during normal plant operations, it was decided to restrict the controller load to less than 40 percent, network load to less than 50 percent, free memory to greater than 50 percent, and power supply load to less than 40 percent.

Considering the failures of the power supply and diode ORing across the site, a redundant power supply with a redundant diode ORing scheme was used for this project. An active diode ORing with a load-sharing indication and alarm relay was also used.

Exhaustive FAT and SAT procedures were developed, and 100 percent loop testing and redundancy testing of controllers, power supplies, I/O modules, communication networks, and servers were performed. The team also performed 100 percent graphic testing and alarm simulation. All the closed loops were checked and 100 percent APC functioning and OPC communication was tested. During the SAT, the Profibus signature was taken for all the nodes and was preserved for future reference.

Consequences and mitigation plan

Following are the key risks involved in the project:

Accurate as-built information unavailable

Consequence: If the information available is not accurate, panel wiring and closed-loop operation in the field will be affected. Also, several instruments in the field may remain left out, affecting the complete plant operation and causing a delay in the startup of the plant.

Mitigation plan: To provide an accurate project design basis, several walk-downs and manual surveys were performed to verify existing documentation was accurate. This activity was performed while the plant was running and did not affect the plant operation. The team took several photographs of the existing wiring in the panels, noted the color code of every field cable, noted every termination where they found a discrepancy with the existing drawing, and prepared a detailed file consisting of all the information collected. This file was the key to the successful implementation of this project.

Manually converting the program to the new system

Consequence: If the program built in the system is not accurate per the old program, it will affect the entire plant operation. The running process may trip many times, causing safety concerns in the plant and a financial loss.

Mitigation plan: The only trusted document available for the programming was the existing program running in the old system. First, it was important to understand the difference between the logic block functions of the old system and that of the new system. The team listed the functional differences between the two, and modified the new blocks to function according to the old blocks. They decided to include the experts in the old system, from the vendor as well as the user side, in the engineering team of the new system. This was one of the crucial moves for ensuring a smooth upgrade. Several weeks were spent on this activity. Once the compatible logic blocks were built in the new system, a trial test was performed to check the operation of the blocks. On finding the operation satisfactory, clearance was given to the vendor to continue building the program. At this point, the team calculated the optimistic and the pessimistic time to complete the project execution, and all worked wholeheartedly to meet the deadline.

Building visualization in the new system

Consequence: If the conversion is not proper, plant operation will be affected, as operators will not be able to take quick actions when required. Because graphics are the main interface between the operation team and the new system, faults in the graphics will directly affect the operation team’s acceptance of the new system.

Mitigation plan: The panel operators were used to the old visualization, so it was decided that the visualization in the system should be a look-alike of the old system, and the latest visualization features should not be used in this upgrade. This would help the operators accept the new system and also avoid confusion between actual problems in the field and improper mapping of tags in the graphics during the plant startup. Once the visualization was built in the new system, the engineering team performed a test. This test included verifying the sketches on the graphics and mapping tags to the graphic element, alarm window, trend window, group graphic windows, group trend window, and faceplate functioning. Once this test was approved, the vendor was permitted to build more graphics.

Converting the PID tuning parameters

A PID controller is a control-loop feedback mechanism commonly used in industrial control systems. A PID controller continuously calculates an “error value” as the difference between a measured process variable and a desired set point. The tuning parameter directly influences the accuracy of the control loop, and thereby the quality of the product. The value of these parameters can only be fixed during the running plant operation. These values are a critical asset for the plant, as they are fixed by the years of experience in operating the plant.

Consequence: Steady-state operation of the plant will be affected, with a direct influence on the quality of the product.

Mitigation plan: The vendor had developed a mathematical equation and a tool for converting the tuning parameters from the old system to the new system. The vendor had verified this tool at a different conversion project where the company was satisfied by the results of the conversion, and hence it was readily accepted in this project. Later the team found the results of this tool were quite accurate.

Third-party communication

Online analyzers, machine-condition monitoring systems, turbine-governing systems, antisurge systems, and plant emergency shutdown systems are standalone systems critical for plant operation. They maintain the quality of the product, control the safe operations of compressors, and maintain the efficiency of the compressors and safe operation of the plant. The readings of these systems must be continuously available for the operators. The communication between the DCS and these systems is done with a Modbus protocol, which is tricky and time consuming to configure.

Consequence: This will have an impact during the plant startup when operators will not be able to see some data from the online analyzers, machine vibration conditions, and data from the emergency shutdown system of the plant. This will also affect the steady-state operation of the plant.

Mitigation plan: It was possible to complete this activity during the preshutdown period of the project. The team arranged a spare controller and developed a test setup where the running third-party system communicated with the new system. All the wiring diagrams, communication settings, and response times were noted and later were directly implemented in the new system. This way it became quite easy to establish the communication with the actual new system.

Removing old components and fitting new ones in the panel

Consequence: If this activity is not completed in the planned time period, it will affect the entire startup of the plant.

Mitigation plan: All the cables in the panels were not to be cut and removed immediately. Multicore cables from the field and power cables from the main control board cabinet were to be retained, so it was not easy to execute the system changeover during the shutdown period. To meet this challenge, several drawings were prepared for each panel indicating which cables and ducts were to be cut and removed and which cables were to be retained, where the ferrules were to be changed, where the lugs were to be replaced, and TBs were marked where there was interpanel wiring. Markings to distinguish between removal and retention were done in each panel. All the electricians were trained to thoroughly understand the drawing. To test the amount of time it would take to remove and fix the components in the panel, a mock operation was performed during the FAT. For this, a fully loaded spare panel was shifted from the site to the FAT area. During the mock operation, the team noted the time required, all the challenges faced, and the tools required, and they planned improvements. This activity helped a lot during the actual execution of replacing the components in each panel.

Building secured network architecture

Newer control systems are highly network based and use common standards for communication protocols. Many controllers are Internet Protocol addressable. Standard operating systems, such as Windows, are increasingly used in industrial control systems, which are now typically connected to remote controllers via private networks. The ability to access the system as a result of this interoperability exposes network assets to infiltration and subsequent manipulation of sensitive operations. Furthermore, increasingly sophisticated cyberattack tools can exploit vulnerabilities in commercial off-the-shelf system components, communication methods, and common operating systems found in modern control systems.

Consequences: This affects the safety of the plant and can have a financial implication on failure. This may affect the entire business operation and can also have a social impact.

Mitigation plan: Considering the current scenario around the world and the constant increase in the cyberthreat, the team decided on a secured network architecture with twin firewalls installed in the system. They preferred that the two firewalls were of different makes. This would help minimize any network-related threats. Antivirus software was installed in each system, making sure it was set to run the latest definition files. All the USB ports, CD/DVD drives, the autorun feature of Windows, the Windows scheduler, the remote desktop feature, and all the spare network ports were disabled. The auto log-off feature was enabled. These steps help prevent any virus attack on the system.

APC implementation

Consequences: Steady-state operation of the plant will be affected, minimizing the efficiency of the process and having a direct financial effect.

Mitigation plan: APC implementation was a challenge in itself, because the new system did not have similar functionality to the old system. All the programing blocks of the old system were studied in detail, and blocks were developed in the system with the same functionality. APC will communicate with the new system via a dedicated OPC station. In the old system, the OPC wrote in a data block, but these data blocks were not available in the new system. To meet this requirement, thousands of tags were created, which will not use the license. The communication between the APC and these tags via OPC was tested during the FAT. All the programs for taking a loop in APC and removing a loop from APC were tested during the FAT period. The team performed 100 percent testing. Many data types required by APC that were supported by the old system and were not supported by the new system were found during the FAT. These data types were created in the new system and were mapped in the APC program. APC communication was established during the shutdown period, but the APC program in the APC controllers was modified in the post-shutdown period. Earlier, in the UNIX-based system, a separate PC provided operator interface to the APC. In the new system, a link to an Internet browser was provided for the operator to have the APC interface in the DCS screen itself, so a separate PC was not required. Once the plant was started, the APC program was tested for one of the furnaces, and in a week all the other APC programs were modified. Similar modifications were also done in a real-time optimizer and third-party historian.

Technological improvements

With this upgrade, we added some of modern automation’s state-of-the-art technology. Some of the noticeable improvements were:

  • Secured network: The new system network was based on the demilitarized zone (DMZ) architecture implemented using a twin firewall configuration. One firewall isolates the enterprise network from the plant network, and another firewall isolates the plant network from the control network, thereby creating a secured DMZ network. Both the firewalls are of a different make and can only be configured using a standalone configuration laptop.
  • Enhanced diagnostic features: Diagnostic logs are generated for each module, with master/slave in the hardware topology; they can be saved and analyzed for root-cause analysis and preventive maintenance. A Web-based diagnostic portal, where we can view warnings and controller errors, communication modules, and slave modules, is available in the system.
  • Smart client: This smart client is a true thin-client office workplace that seamlessly retrieves data from the system and connected third-party systems. The smart client is a dashboard visualization application that provides a read-only view into the system and allows the user to call up graphics.
  • Redundancy at the I/O level: For certain super-critical output tags that affect the production and safety of the entire plant, we have installed redundant analog output cards. During the normal course of operation, the cards share current demand from the field devices. Each card is capable of supplying the full demand current from the field devices. When one card fails, the other identifies the need of current in the circuit and supplies the full current.
  • Twin active diode-ORing scheme: Dual ORs with a load-sharing indicator are used in this project, which helps us monitor the load sharing between the two power supplies. This gives us an opportunity to identify a probable failure. Along with a redundant power supply, we have also installed a redundant diode ORing.


Proper planning and coordination with the vendor resulted in an efficient installation and commissioning of the new system. All the 14,000 I/O, marshalling panels, system panels, alarm consoles, servers, and operator stations were successfully replaced in a very limited time. It is a success story for the entire team; we completed the project well within the planned period. The project can be summarized with the statement: more stress on planning reduces stress during execution.

About the Author
Sunny R. Desai has an engineering degree specializing in instrumentation and control. Desai is currently an engineer in the DCS/PLC/SCADA department, Central Engineering Service, at Reliance Industries Ltd.

Connect with Sunny:


A version of this article originally was published at InTech magazine.

Webinar Recording: How to Choose a Modern, Integrated DCS Solution

Webinar Recording: How to Choose a Modern, Integrated DCS Solution

This guest blog post was written by Shivendra Mishra, the global product manager for scalable control solutions at Honeywell Process Solutions. The post was written in conjunction with an ISA webinar on integrated DCS solutions, co-presented with ISA99 Committee Co-Chair Eric Cosman


To watch the webinar in full screen format, click this link.

Today’s industrial organizations face a host of operational challenges. Ensuring the safety of personnel, equipment, and the environment are priorities for every facility. At the same time, plants must find ways to increase process efficiency, availability, and throughput—helping to improve their overall business performance.

Over the past couple of decades, the industrial automation sector has witnessed converging process control technologies contributing towards an integrated control system that can unify people with process, business needs and asset management. While the distributed control system (DCS) is no more just an instrument for controlling batch and continuous process, modern PLCs have also challenged the traditional boundaries by incorporating new capabilities. Integration enhancements by use of open technologies now allow the DCS to collect intelligence from various plant assets that were until now operating in isolation or were not considered relevant to integrate until recently.

The evolution and commoditization of DCS technology has produced a modern, graphical, highly interactive integration platform, which provides process control functionality as well as real-time data connectivity between the plant floor and the enterprise. Development has also led from a proprietary, system-centric architecture, to one that is more focused on supporting collaborative business processes.

Modern DCS systems bring “integration with simplicity.” Here are some examples:

  • Integrated engineering, maintenance and operations by integrating safety-related information to DCS while still maintaining a separate and compliant safety system architecture
  • Integrated power substation automation systems to DCS over IEC 61850 that can realize the benefits including increased energy efficiency, improved operator effectiveness and plant availability
  • Integrating people with processes through tools like procedural operations that ensure procedures are fully available to provide the right information at the right time, while not distracting the operator from monitoring alarms, process conditions, and responsibilities for other equipment
  • Improved cybersecurity protection by integrating DCS with next generation controllers using industry standard framework such as ISASecure
  • Improved SCADA controllers in terms of faster startup, engineering using cutting edge interfaces like OPC UA and their integration capabilities with DCS
  • Complete suite of mobility solution including use of handheld devices, mobile station, remote engineering node, casual access to business users and alert messaging that enables the widest range of visualization, collaboration and browser based solutions for improved operations, troubleshooting and decision making

The journey from DCS to integrated control system (ICS) has greatly benefited by industry associations such as ISA that help define the integration framework and operating principles. Some examples of how industry insight and research has collaborated for industry-wide adoption:

  • ISA99, which has now become IEC 62443, the global industrial standard for cybersecurity
  • ISA-18.2, alarm management guidelines
  • ISA101 and ISA106, for display design and procedural operations respectively

Interestingly, some adjacent IT technologies such as the Industrial Internet of Things (IIoT) and virtualization are unlocking a new array of potential in the control systems. A new OEM business model is a reality now using IIoT-ready controllers which can provide data securely over OEM analytics cloud to achieve improved equipment serviceability time and performance monitoring and lower total cost of ownership. Likewise, virtualization technology helps customers with greater new system and lifecycle benefits including design independence, virtual FAT and staging, improved system agility, flexibility and scalability, facility and utility savings, simplified system management and many more.

The potent mix of newer technologies is helping the new age DCS to be more “open yet secure,” “compact yet scalable,” “integrated yet separate,” “OT using IT” type solution with a great future promise.

About the Author
Shivendra Mishra is the global product manager for scalable control solutions at Honeywell Process Solutions. He has more than 10 years of experience in various customer marketing and product marketing roles with Honeywell, covering solution expertise in areas such as process control, instrument asset management, RTU, PLC, SCADA, open systems platforms and virtualization. Shivendra holds a bachelor’s degree in electrical engineering from the National Institute of Technology, Karnataka (India) and an MBA in marketing from ISB&M, Pune (India).

Connect with Shivendra:





Modern DCS Graphics: Level 1 Overview Displays

Modern DCS Graphics: Level 1 Overview Displays

This post was written by Robert Allen, VP of operations at Lin and Associates.

Editor’s Note: ANSI/ISA-18.2-2009, Management of Alarm Systems for the Process Industries and ISA-101, Human-Machine Interfaces are valuable standards for users designing level 1 displays.

Level 1 display design cannot be a one-size-fits-all approach. What may work for operators at one company may not work for others somewhere else. The challenge is to find the balance that gives the operators a display that meets the goal of their facility’s level 1 scope and, simply put, that just makes sense.

To review high-performance graphics hierarchies, most human-machine interfaces (HMIs) today are designed by exposing an increasing level of detail as you navigate or drill down into the plant’s units, subunits, and details. For example, an operator may be responsible for operating multiple process units with the HMI providing a process unit level overview (level 2 graphics) for each of those units. As the operator navigates to a level 2, drilling down to a specific tower or heater displays control-type graphics. These are piping and instrumentation diagram–style graphics with instrumentation and controls designed as a system and based on the operator’s mental model of the process. These types of displays are called level 3 graphics. If there is ancillary equipment or systems (compressors, pumps, heater internals, safety instrumented systems, etc.) related to a level 3 graphic, this instrumentation is on a detail graphic (level 4 graphic) with navigation provided to and from the associated level 3 graphic. Operators can make control changes from all three levels of graphics; the hierarchy just exposes varying levels of detail so that they can detect, diagnose, and address potential issues as they drill down.

Even with modern distributed control system (DCS) consoles that accommodate six to eight screens per operator, this level 2, 3, and 4 hierarchy can lead to a phenomenon the industry refers to as the “keyhole” or “tunneling” effect. This happens when operators are so focused on the diagnoses and correction, or adjustment, in one process unit in their scope of responsibility that they potentially miss early detection of an issue within another section. Level 1 displays can assist with this problem.

If you walked into a control room 20 years ago, you would likely see a wall with an arrangement of single loop controllers, strip chart recorders, circular charts, and so forth, grouped together by function or process. Operators monitored the values reported by the panel instruments, essentially “seeing” their entire scope of responsibility. Without walking to the instruments, operators could not see the actual quantitative value, but they learned to recognize where a certain value should be during normal operation—by memorizing that the trend pen should be in the middle of the chart, for example. It is human nature not to exert effort unless needed, so the operators became very efficient at monitoring and recognizing these patterns of normalcy—and only exerted effort if normalcy was disrupted.

Today, there is a push in the refining industry to move operators to centralized control rooms (some have been doing this for a while), mainly as a result of incidents throughout the process industries. With the input and recommendations of human-factors experts, such as Ian Nimmo of User Centered Design Services, the designs of these centralized control rooms are resulting in spaces with large-screen video wall technology. Notice the word “wall,” essentially harkening back to the pattern-recognition methods of the 1970s and ‘80s. The key is to identify the appropriate information to be displayed on this wall. We could simply place a large version of that process flow diagram–style graphic. The quantitative values on the wall would solve the valuable real-estate issue. However, the real answer is displaying information so that operators know at a glance if their process is within normalcy. Companies can accomplish this with techniques that take us back to the old-school control room—back to using the operators’ abilities to recognize patterns of qualitative data. There have been numerous studies regarding the human brain and its ability to quickly identify patterns, and more importantly, to recognize when the pattern is in disarray. By correctly utilizing today’s technology and lessons learned from the past, an interface can be designed that enables the operator to increase safety, plant reliability, and profitability through reduced upsets, variability, and improved situational awareness.

Detection, diagnosis, and action were discussed earlier with the intent of level 1 displays zeroing in on the detection portion. The best method for determining the points, or tags, that give early detection is to conduct a task analysis. The task analysis team should consist of a very experienced board operator, a new board operator, and the HMI designer/engineer or HMI consultant. The reason for including both an experienced board operator and a new one is to obtain the perspective of each; in many cases, what is second nature to one is foreign to another. To facilitate a task analysis, there are proven methodologies available, such as Critical Action and Decision Evaluation Technique (CADET). I have found success with a variation or hybrid of the CADET approach combined with certain elements of the Rasmussen model. This tactic allows the company to concentrate on identifying data that gives the operator an early detection (before an alarm condition) of a potential problem. The main reason for this approach is that in many cases alarm systems are not indicative of early detection and are currently only promoting reactive operations. This is not true in all cases, but common where sites have not recently conducted a successful alarm rationalization.

Once the task analysis is complete and all the early detection points have been identified, the task of creating a level 1 graphic layout design begins. The first question is where the level 1 monitor or display system will reside. Specifically, how will the control room accommodate the level 1 display system? It could be a video wall, large monitors affixed to a wall behind the console, or monitors hanging from the ceiling or integrated into the operating console. Each option, and the operating console arrangement within the control room, has an impact on the level 1 graphics design. Although many of these options are constrained by the space allotted in the control room, there are also several factors that are beneficial to recognize before making a decision.

With the video wall, the main concern should be viewing distances between the operator console and the physical video wall. In this setup, operators will not typically make adjustments on these displays. With a text or numeric value size recommendation of 1 inch of height per 10 feet of distance from the wall, it will be difficult to use much text or many numeric values, especially when they may need to be 1–3 inches in size just to be readable. So in this case, the design should include a process depiction with enough context for the operator to easily recognize the layout of the process units. Use qualitative objects, rather than numeric values. These objects should also be an obvious indication to detect abnormal situations early. For instance, trends, providing the pens or traces, are very visible, especially when combined with other pattern-recognition type objects.

With video wall systems, adjacent console operators can view and monitor the level 1 graphic, allowing them to prepare and preemptively avert an issue caused by an abnormal condition feeding in from another unit. I have had some success when the design of video wall level 1 displays are too abstract, where little or no process context is utilized (a dashboard type). Furthermore, operator training and familiarity with the points used may take longer, because there is no interaction (e.g., clicking or mouse over to expose the tag name) with this type of display, but this approach does work for long viewing distances (figure 1).

Figure 1. Abstract iconic screens are effective for long-distance viewing of wall level 1 displays. (Display created using ALTIUS High Performance HMI Solution from Lin & Associates.)

In regard to the remaining level 1 display system arrangements mentioned above, you can apply some of the same rationale regarding viewing distance rules and the use of text and numeric data. You will need to weigh the benefit of placing text and numeric data against the value of the real estate available. Depending on console proximity, and whether or not this type of display system will be driven at the operator station or at the video wall, operator interaction can be accommodated on this type of level 1 display. I still recommend a design with a process depiction that has enough context with the use of qualitative and pattern-recognition type objects.

Recently, I have found great success by designing the layout similar to a process flow diagram, without all of the interconnecting process lines, for units under the operator’s scope of responsibility (figure 2). These types of level 1 display systems also allow the operator to interact with the objects, exposing information such as tag names and descriptions, and toggling between qualitative and quantitative views to facilitate operator familiarity and acceptance. When using this type of display system, however, the benefits of console adjacency will be limited, especially if the display system is integrated into the operating console. The upside to this display system, though, is that the technology can provide improved resolution with 4K and ultrahigh definition.

Figure 2. Process flow diagram displays can be very effective without interconnecting process lines. (Display created using ALTIUS High Performance HMI Solution from Lin & Associates.)

Finally, there has been consistent mention of including pattern-recognition type objects on level 1 overview displays, objects that promote operators’ abilities to quickly glance at displays and assess the health of their unit, but what about other forms of indication that can easily be included if space permits? In addition to early-detection indicators, some other ideas for level 1 content include key performance indicator targets, economic targets, environmental targets, personnel safety such as eye-wash station status, air monitoring status, and other plant-regulating indicators, such as boiler steam drum levels, plant effluent discharge limits, and live video streams.

In summary, when designing your level 1 displays, be mindful of the operating environment regarding control room layout. What is designed for an integrated level 1 display system may not work for a video wall and vice versa. You will need to ensure that there is an appropriate level of context to the plant layout, which will depend on the experience level of operations and whether the display will be used as a training reference. When selecting the data or information to be presented on level 1, be sure it gives the at-a-glance view of the health of the operator’s scope of responsibility. Lastly, be sure to include operations in the design process. These are tools for them to use to increase situational awareness, counteract the “keyhole” effect, and operate the facilities more efficiently.

About the Author
Robert Allen is VP of operations at Lin and Associates, a control systems integration and consulting firm. He has extensive knowledge and more than 24 years of experience with process controls, system integration, HMI design, and best practices.

Connect with Robert:


A version of this article originally was published at InTech magazine.

Webinar Recording: ROI of In-Line Optical Spectroscopy in Process Manufacturing

Webinar Recording: ROI of In-Line Optical Spectroscopy in Process Manufacturing

This ISA co-hosted webinar on optical spectroscopy was presented by Hellma Analytics and Prozess Technologie.

Process manufacturer often use water somewhere in their processes, and having precise, accurate moisture measurements can mean millions of dollars in ROI. In this informative webinar, experts explore the immense benefits — in reducing waste, increasing yield, and improving quality — and ROI of employing optical spectroscopy solutions in-line to measure moisture in real time. Actual case studies and field-driven and comparative results are presented.

About the Presenters
Robert E. (Bob) Sherman, principal technologist at Consulting Technologists’ Ideagroup, has worked for major companies such as BP, Valero and Fluor in both North America and overseas.  He is an ISA Fellow and author of Process Analyzer Sample-Conditioning Systems and editor of ISA’s Analytical Instrumentation.


Chelliah V. Navin, applications scientist with Prozess Technologie, has a doctorate in biological engineering with a specialization in chemical engineering and chemistry from Louisiana State University.



Stacy Carrier, technical sales manager with Hellma Analytics, earned a doctorate in physical chemistry specialising in reaction dynamics in UV-VIS and mid-IR spectroscopy.



Pin It on Pinterest