- Email: [email protected]
Human Errors Rejection and Isolation on Man-Machine Interaction in Marine Control Systems
181
HUMAN ERRORS REJECTION AND ISOLATION ON MANMACHINE INTERACTION IN MARINE CONTROL SYSTEMS Ram6n Ferreiro Garcia. Universidad de La Coruna Dep. Electr6nica y Sistemas E.S.Marina Civil , Paseo de Ronda. 51 - 15011, La Coruna. Spain Tel: 34 81 256700. Fax : 34 81 25 1568
Abstract. This paper describes a real time algorithm to be implemented by SFC (sequential function charts) on a PLC based distributed control system to avoid plant damages or system failure during plant operation due to interactions between human operator and plant, that is to avoid incorrect human decision and/or human actions. A SFC algorithm as an interface for decision on the man-machine interaction task, blocking or rejecting not desired manoeuvres due to human errors, is particularly emphasized, being the goal of these papers. Keywords. Fault finding, isolation, sequential function chart, deterministic associative memory, man-machine interaction.
1. INTRODUCTION Few now disagree with the view that training is an essential element of a modem quality programme. The creation of better designs and processes, and continuous process improvement, demand that the people involved have the knowledge to avoid errors, and to correct them when they occur. Under such idea a man-machine interface can be designed to avoid that people involved needs a lot of knowledge about the plant. When a plant is being automatically controlled for a long period of time, then under an emergency, such system must be operated manually (local or remote control) by a human operator. It may occur sometimes that operators forget the routines of manual operation because of lack of experience and long time without practice. In such situation, human errors must be rejected or avoided. So that a man-machine interface to correct human faults is highly appreciated. Every human action on the plant as an input conunand is supervised by means of the proposed algorithm. If man-plant interaction is correct, then, operation is performed according human demand. If interaction between operator and plant is not safety, then such operation is blocked, indicating the state of the components of the plant that do not satisfy safety conditions to perform human demand. It means that any human interaction with system will be only possible if such command is proper to the actual plant stage, that is, if such action do not cause damages according rule based criteria designed off-line by expert human operators.
For any stage of the plant there must be at least one condition under which human can interact with plant (start the second pump, stop compressor number 1 to be repaired or stop the plant, are typical man-plant interactions). The key question is: can the plant safety conditions support the operation of stop the compressor number 1 without some prevIOus safety precautions? The proposed algorithm is responsible for avoiding the compressor to be stopped under human demand, if such safety conditions does not exist. Furthermore, the conditions not being satisfied must be indicated to the human operator in order he can decide an alternative safety operation. One of the particular characteristics of the SFC or Grafcet language is its capacity for support supervision of external actions over a process. Recently, it has been developed, some softwarebased tools [1] to implement logic and analog control under grafcet over PLC's. That tools offer the opportunity for supervise human acts under the possibility of errors or bad decision-making in order to avoid system failure or system damage. That is, if any human interaction with plant enter the PLC, system stage could be supervised by means of a proper algorithm to verify if the demanded actions can be performed according offline rules under which it has been considered safety, or non dangerous for the plant operation. That means process supervision by means of a man-machine interface to avoid system damages due to human errors which has been realised commonly by means of real-time expert systems. Supervising a industrial process implies commonly
186
IF AC workshop on Distributed computer control systems. (DCCS'94). Toledo, Spain, 28-30 September. 1994. Aknowledgements This work has been partially supported by the C.I.C. Y.T department under contarct code TIC92 0267-C02-02
HUMAN ERRORS REJECTION AND ISOLATION ON MANMACHINE INTERACTION IN MARINE CONTROL SYSTEMS Ram6n Ferreiro Garcia. Universidad de La Coruna Dep. Electr6nica y Sistemas E.S.Marina Civil , Paseo de Ronda. 51 - 15011, La Coruna. Spain Tel: 34 81 256700. Fax : 34 81 25 1568
Abstract. This paper describes a real time algorithm to be implemented by SFC (sequential function charts) on a PLC based distributed control system to avoid plant damages or system failure during plant operation due to interactions between human operator and plant, that is to avoid incorrect human decision and/or human actions. A SFC algorithm as an interface for decision on the man-machine interaction task, blocking or rejecting not desired manoeuvres due to human errors, is particularly emphasized, being the goal of these papers. Keywords. Fault finding, isolation, sequential function chart, deterministic associative memory, man-machine interaction.
1. INTRODUCTION Few now disagree with the view that training is an essential element of a modem quality programme. The creation of better designs and processes, and continuous process improvement, demand that the people involved have the knowledge to avoid errors, and to correct them when they occur. Under such idea a man-machine interface can be designed to avoid that people involved needs a lot of knowledge about the plant. When a plant is being automatically controlled for a long period of time, then under an emergency, such system must be operated manually (local or remote control) by a human operator. It may occur sometimes that operators forget the routines of manual operation because of lack of experience and long time without practice. In such situation, human errors must be rejected or avoided. So that a man-machine interface to correct human faults is highly appreciated. Every human action on the plant as an input conunand is supervised by means of the proposed algorithm. If man-plant interaction is correct, then, operation is performed according human demand. If interaction between operator and plant is not safety, then such operation is blocked, indicating the state of the components of the plant that do not satisfy safety conditions to perform human demand. It means that any human interaction with system will be only possible if such command is proper to the actual plant stage, that is, if such action do not cause damages according rule based criteria designed off-line by expert human operators.
For any stage of the plant there must be at least one condition under which human can interact with plant (start the second pump, stop compressor number 1 to be repaired or stop the plant, are typical man-plant interactions). The key question is: can the plant safety conditions support the operation of stop the compressor number 1 without some prevIOus safety precautions? The proposed algorithm is responsible for avoiding the compressor to be stopped under human demand, if such safety conditions does not exist. Furthermore, the conditions not being satisfied must be indicated to the human operator in order he can decide an alternative safety operation. One of the particular characteristics of the SFC or Grafcet language is its capacity for support supervision of external actions over a process. Recently, it has been developed, some softwarebased tools [1] to implement logic and analog control under grafcet over PLC's. That tools offer the opportunity for supervise human acts under the possibility of errors or bad decision-making in order to avoid system failure or system damage. That is, if any human interaction with plant enter the PLC, system stage could be supervised by means of a proper algorithm to verify if the demanded actions can be performed according offline rules under which it has been considered safety, or non dangerous for the plant operation. That means process supervision by means of a man-machine interface to avoid system damages due to human errors which has been realised commonly by means of real-time expert systems. Supervising a industrial process implies commonly
186
IF AC workshop on Distributed computer control systems. (DCCS'94). Toledo, Spain, 28-30 September. 1994. Aknowledgements This work has been partially supported by the C.I.C. Y.T department under contarct code TIC92 0267-C02-02