Published on February 20, 2014
Conduct of Operations A Control System for Your Most Important Safety Component Paul Haas and Guy Hager Concord Associates, Inc., Knoxville, TN Instrumentation and control engineers go to great lengths to ensure availability and operability of control and information display systems for process system operation, especially for safety systems. It is critically important to maintain equipment performance within the bounds of safe operation. The most critical safety components in your facility are the human beings controlling, maintaining, monitoring, and managing the process and equipment. Have you ever thought about the control systems you have for human performance? HUMAN PERFORMANCE Intelligence, flexibility, and adaptability are strengths of human beings. These traits allow us to respond to new situations, evaluate alternatives, adjust to adverse conditions, make judgments with less-than-complete information, and perform tasks that machines, even computers, cannot do very well. However, these same qualities can lead to a high degree of variability in human performance in process systems. And, that variability can be a significant cause of inefficiencies and errors. Inconsistency in performance from facility to facility, day to day, shift to shift and person to person tends to increase the likelihood for error. Thus, there is a tradeoff between establishing formal, highly structured controls on human performance and allowing humans the flexibility to do what they do best – think. We want intelligent and qualified operators to run the plant 1
responsibly and responsively. We don’t want robots for operators, but we also don’t want complete “seat-of-the-pants flying.” A CONTROL SYSTEM FOR HUMAN PERFORMANCE? A good Conduct of Operations (ConOps) program can be viewed (Figure 1) as a control system that appropriately tightens the boundaries on allowed human performance. It permits appropriate variability for practical operations while maintaining performance within a desired safety envelope. Assume that there is an “ideal” human performance represented by the center line of Figure 1. Normal variability in a myriad of factors that influence human behavior - changing task demands, human cognitive and physical variations, available information, demands on attention - can cause significant variation in human performance. A good ConOps program is analogous to a control system designed so that the process operates with a “normal” variance, but well away from safety limits or design limits. The “margins of safety” around the normal operating range provide protection when unexpected conditions or failures arise. Minimal compliance requirements, such as those from Government regulatory agencies, provide protection against exceeding safety limits. To reach higher levels, operational excellence requires a “tighter” control system. A good ConOps program encourages and supports a culture of self-discipline and professionalism, which is the key ingredient to safe and effective operations. 2
Formal documentation of a ConOps policy and training on ConOps requirements are powerful management tools. Documentation should include requirements and expectations for safe and effective performance both in routine, day-to-day operations and in emergencies. Establishing a written ConOps policy provides the expectations and authority for a more formal and disciplined operation of equipment that results in safer operation and less down time. How good is your conduct of operations? See how your facility scores on the ConOps rating sheet shown in Table 1. Rate how strongly you agree or disagree with each statement, and total your score. How did you do? 91 or above: You’ve got an outstanding ConOps program; keep pressing on any areas in which you scored less than the maximum. 60 – 90: You’ve got some good practices but need to formalize, improve, or add elements to ensure appropriate control over operations. Less than 60: To ensure safety and effectiveness, you need to get to work immediately to formalize control of operations and train personnel. 3
Safety Margin MBoundary Minimum Performance (Compliance) Operational Excellence Design Limit Design Optimum Minimum Performance (Compliance) Safety Margin Figure 1. Conduct of Operations Policies Act to Control Human Variability 4
Table 1. Conduct of Operations Rating Sheet No/Strongly Disagree 0 Disagree 1 Agree 2 Strongly Agree 3 Score QUESTION Procedures A written requirement exists (and is rigorously followed) for all operations to be performed in accordance with procedures using “thinking compliance” (i.e., verbatim compliance with procedures, unless following the procedure as written is unsafe for the specific conditions at hand). A risk-based process is used to classify procedures according to their required use. (For example, does the user need to have the procedure in hand and checked off, or simply follow the guidelines of the procedure from memory?) A formal process is in place for validating, verifying, and approving procedures; the process is used for new procedures as well as revisions. All procedures are written in accordance with a procedure writer’s guide to ensure “best practice” in human factors design and consistency in format. Training Written policies that describe the requirements for supervision and control of training and safe operation during on-shift training exist and are followed. Training policy requires performance-based training with objectives and measurable qualification standards based on specific job performance requirements. Minimum technical and instructional qualifications for trainers and evaluators are documented, and all trainers meet at least minimum qualifications. Requirements exist for development and use of written exams and performance evaluations (actual operation or simulated exercises), and these are used as part of the process to establish and maintain qualifications. Failure policies, including remedial actions and temporary or permanent loss of qualification, are clearly specified, well understood by all personnel, and consistently practiced. Requirements for maintaining proficiency (including minimum time annually for active participation on-the-job, requalification after extended absence, and selected training requirements for individuals who fail to maintain minimum proficiency requirements) are documented and followed. Requirements for safe performance of periodic drills and monitored evolutions are well documented and consistently followed. 5 (0 to 3)
Score QUESTION Communication Required reading is used as a communication tool only, not as a substitute for formal training. Written policies and guidance exist to ensure that adequate time and opportunity are afforded all personnel to read procedure change notifications, operational experience, or incident reviews. Closed-loop communication (operational information is repeated back and confirmed prior to acting) is taught to all personnel and is standard practice for all verbal communications. Phonetic alphabet is used whenever acronyms or letters alone could be misunderstood. Strict adherence to policies for professional business-only use of all in-plant communication systems is demanded by supervision. An efficient method (preferably a single method) of communication between on- shift operators and all groups who need to communicate with them exists and is consistently used. Configuration Control Only authorized and trained personnel manipulate equipment at the facility. A safety observer is required for any job that has high potential for personnel injury. Specific requirements exist specifying the roles and responsibilities of the safety observer and requirements for training. Operations use status boards, or some other effective means, to track and communicate equipment status (operating, standby, or under repair). Policies and specific written requirements exist and are followed for system alignments, locking out of components, authorization to remove equipment from service, or restoring equipment to service. Efficient means for documenting equipment deficiencies exist and are consistently applied by operators and maintenance personnel. Requirements for testing following maintenance, repair, or new installation are clearly specified and consistently followed. Particular attention is paid to maintaining operational status of alarms and clearly indicating alarm operational status to all operating personnel. Requirements for independent verification are in place for restoration of critical safety equipment and the application of lockout/tagouts. Requirements are in place and followed to control and document any time when a safety system is disabled. Policies and specific guidance exist and are followed to control the labeling of equipment and piping to provide consistency and to ensure application of sound human factors principles in design and implementation. A comprehensive Management of Change (MOC) program is a routine part of process safety management; operations personnel are trained in MOC and actively involved in implementation of the program. 6 (0 to 3)
Score QUESTION No system change is released until all necessary operations/maintenance procedure changes and training have been completed. Operations A systematic process for self-checking and verification exists, all personnel have been trained in its use, and the process is routinely used by all operations personnel. Narrative logs are used to record major equipment manipulations, unusual conditions, or other significant occurrences. These logs provide a history of the significant events that occur at the facility. Operating logs and associated checklists contain expected ranges of parameters to be recorded. Guidelines and requirements are established and followed to ensure that controlarea activities are conducted in a professional, disciplined manner that supports the highest standards of safety and effectiveness. Limitations are placed on the number of people allowed in the control area, and operators have the authority to clear the area if they feel that excessive noise or activity is distracting them. Formal requirements for conducting and documenting shift change exist and are rigorously supported and enforced by supervision. A written shift turnover checklist is used to ensure the complete transfer of information. Facility walk-downs are required and routinely conducted by on-coming shift personnel accompanied by off-going shift. TOTAL 7 (0 to 3)
Concept of Operations (CONOPS) MMOCMMOC. Date. ... Perform NOSC-level systems control, maintenance, and administration functions within the theater network.
Core System Concept of Operations (ConOps) Prepared for: US Department of Transportation Research and Innovative Technology Administration ITS Joint ...
The CONOPS also documents a system's characteristics and the users' operational needs in a ... Control, Communications, Computers, Intelligence, ...
A Concept of Operations (CONOPS) is a user-oriented document that describes systems characteristics for a proposed system from a user's perspective.
A new system CONOPS is created for new system ... Command and Control. Address how the system will integrate into the ... CONOPS & COE DOCUMENT FORMAT and ...
Concept of Operations (ConOps) describes the likely operation of a future or existing system in the terminology of its users, providing important ...
Concept of Operations (CONOPS) [Suggest Change] ... (KMDS) system. When a CONOPs is used as the basis for a Capabilities-Based Assessment (CBA), ...
Concept of Operations (CONOPS) Matt Santos ... Control, Communication, Computer, Intelligence, ... System CONOPS Development V & V V & V
IEEE STANDARD. 1362-1998 - IEEE Guide for Information Technology - System Definition - Concept of Operations (ConOps) Document