Field of the Invention
The present invention relates to a monitoring control system and a work support method.
Priority is claimed on Japanese Patent Application No. 2016-006086, filed Jan. 15, 2016, the content of which is incorporated herein by reference.
Description of Related Art
All patents, patent applications, patent publications, scientific articles, and the like, which will hereinafter be cited or identified in the present application, will hereby be incorporated by reference in their entirety in order to describe more fully the state of the art to which the present invention pertains.
In the related art, in a plant, a factory, or the like (which may be generally referred to as a “plant”, hereinafter), a monitoring control system is provided, and an advanced automatic operation is realized. In order to perform an advanced control while securing safety, such a monitoring control system includes a distributed control system (DCS) which is a process control system that performs a control of an industrial process realized in the plant, and a safety system such as a safety instrumentation system (SIS).
The distributed control system is a system in which a field device (measurer or manipulator) and a controller that controls the field device are connected to each other through communication means and the controller collects measurement data obtained by the field device and manipulates (controls) the field device according to the collected measurement data to control various state amounts in an industrial process. The safety instrumentation system is a system that causes a plant to reliably stop in a safe state in an emergency in order to prevent an explosion accident, an injury accident, or environmental contamination before it occurs, to thereby protect an expensive facility.
During operation of a plant, in a case where an abnormality that may cause an accident occurs (for example, device failure, response abnormalities, explosive gas limit being exceeded, or the like), emergency shut-down (ESD) of the plant is performed by the safety instrumentation system as a primary action for securing safety. For example, in a chemical plant, an action of stopping supply of raw materials to a reactor to stop chemical reaction in the reactor is performed. By performing such an action, it is possible to prevent the occurrence of accidents, to thereby secure safety of the plant.
Japanese Patent Publication No. 4671131 discloses a safety instrumentation system that can manipulate a device which is provided in the safety instrumentation system through a distributed control system while reducing a workload of engineering. Specifically, in the safety instrumentation system, a manipulation according to an instruction with respect to the safety instrumentation system is executed, and an instruction with respect to the distributed control system is converted into an instruction with a format suitable for the safety instrumentation system for execution. Further, in a case where the respective instructions conflict with each other, the instruction with respect to the safety instrumentation system is preferentially executed.
However, in a case where the above-described ESD of the plant is performed, it is necessary to determine a situation of the plant, to perform a suitable action (secondary action) according to the determined situation, and then, to restart the plant. However, in the monitoring control system in the related art, the ESD of the plant which is the primary action is considered, but an action after the ESD of the plant is performed (an action before the plant is restarted) is not considered, and is left for determination of an operator of the plant. Thus, in the related art, a workload of the operator becomes large after the ESD of the plant is performed, and there may be a long period of time until the restart. Specifically, for example, the following problems are caused.
(1) Time Necessary for Determining Situation of Entire Plant
Most of a plant operation screen displays a part of a plant (a part of devices, apparatuses, and facilities installed in the plant), whereas important portions (for example, an important sensor or an emergency shut-down valve) to be checked by an operator of the plant after emergency shut-off of the plant is performed are scattered over the entire plant. Thus, in order to determine situations of the entire plant, the operator of the plant needs to collect information while changing the plant operation screen, and thus, time is necessary for determining the situations of the entire plant.
Further, while the emergency shut-down of the plant is being performed, in a case where an abnormality occurs in a device installed in the plant, it is necessary to specify the device where the abnormality occurs, but in an information collecting method in the related art for collecting information while changing the plant operation screen, time is necessary for the specification. In this way, in the information collecting method in the related art, since the operator needs to perform complicated manipulations in order to collect necessary information, this may lead to wrong recognition and an erroneous operation.
(2) Difficulties in Recognition of Work Progress and Plant State Transition after Emergency Shut-Down
As described above, in the monitoring control system in the related art, an action after emergency shut-down of a plant is performed is not considered. Thus, in the related art, the operator of the plant needs to collectively consider information displayed on a plant operation screen to determine work progress, and thus, it is difficult to determine the work progress. Further, since the determination of the work progress and determination of the plant state transition greatly depend on the performance or experience of an operator of the plant, there is a concern that variations in operation quality, and reduction in overall work safety and efficiency may occur.
(3) Time Taken for Specification of Cause of Emergency Shut-Down
There are rare cases where the number of causes of emergency shut-down of a plant is only one, and instead, there are many cases where the number of causes of emergency shut-down is plural. In particular, in a large-scale plant, the number of causes of emergency shut-down of the plant is plural, in most cases. In the related art, causes of emergency shut-down have been determined by analyzing time series information such as an alarm summary or an event log, but in a case where there are plural causes of emergency shut-down of the plant, time is taken for analysis.
(4) High Degree of Freedom of Manipulation
As described above, since an action after emergency shut-down of a plant is performed is left for determination of an operator of the plant, in a monitoring control system in the related art, the degree of freedom of a manipulation is set to be high to some extent. For example, it is possible to avoid (bypass or reset) interlock (for example, emergency shut-off valve, or the like) by a manipulation of the operator, regardless of states (during emergency shut-down, during shut-down, and during operation) of the plant. If such a manipulation is performed under calm determination of a skilled operator, it does not cause problems. However, if such a manipulation is performed by wrong determination in an emergency when emergency shut-down of a plant is performed, it may cause problems. Thus, in an emergency when emergency shut-down of the plant is performed, for example, if a manipulation for avoiding interlock is limited until appropriate conditions (for example, conditions that the plant can be restarted) are satisfied, it can be considered that it is possible to reduce a workload of an operator and to enhance safety.