High Performance Graphics to Maximize

Operator Effectiveness
Version 2.0: Including a Major Case Study

Written by
Bill Hollifield, Principal Alarm Management and HMI Consultant, PAS
Hector Perez, HMI Product Manager, PAS

High Performance HMI | Cover

© PAS 2012
Introduction
The human-machine interface (HMI) is the collection of screens, graphic displays, keyboards,
switches, and other technologies used by the operator to monitor and interact with the
control system (typically DCS or SCADA.) The design of the HMI plays a critical role in
determining the operator’s ability to effectively manage the operation, particularly in response
to abnormal situations.

For several reasons, the current design and capability of most HMIs are far from optimal for
running complicated operations. Most of these consist simply of schematic-style graphics
accompanied by numbers. Such displays provide large amounts of raw data and almost no
real information. They provide inadequate situation awareness to the operator.

This paper concentrates on proper and effective design of the graphics used in modern
control systems.

HMIs Past and Present

Before the advent of sophisticated digital control systems, the operator’s HMI usually
consisted of a control wall concept.

The control wall (see Figure 1) had the advantages of providing an overview of the entire
operation, many trends, and a limited number of well-defined alarms. A trained operator could
see the entire operation almost at-a-glance. Spatial and pattern recognition played a key role
in the operator’s ability to detect burgeoning abnormal situations.

The disadvantages of these systems were that they were very difficult to modify. The addition
of incremental capability was problematic, and the ability to extract and analyze data from
them was almost non-existent. The modern
electronic control systems (DCS/SCADA)
replaced them for such reasons.

When the modern systems were introduced,

they included the capability to create and
display graphics for aiding in the control
of the operation. However, there were no
guidelines available as to how to actually
create effective graphics. Early adopters
created graphics that mimicked schematic
drawings, primarily because they were
readily available.
Figure 1: Example of a Control Wall

High Performance HMI | Page 1

© PAS 2012
 Figure 2: An Early Graphic Exhibiting Many Problematic Practices

The limited color palette was used inconsistently and screens began to be little more than
crowded displays of numbers.

Graphics such as Figures 2 and 3 were developed over 20 years ago and remain common
throughout the industry. Indeed, inertia, not cost, is the primary obstacle to the improvement
of HMIs. Engineers and Operators become accustomed to this style of graphic and are
resistant to change.

As a result, industries that use modern control systems are now running multi-million dollar
operations from primitive HMIs created decades ago, at a time that little knowledge of proper
practices and principles was available.

High Performance HMI | Page 2

© PAS 2012
 Figure 3: A Typical Crowded, P&ID-Style Graphic

As control system hardware progressed, graphics from the manufacturers began to develop
very flashy example graphics which were used for marketing purposes. While good for that,
they are quite ineffective for actually controlling a process. Many companies and projects,
however, began to use those flashy examples. The results were displays that are actually sub-
optimal for operators.

Figure 4 is an example of flashy design taken from a power generation facility to illustrate
the point. The graphic dedicates 90% of the screen space to the depiction of 3-D equipment,
vibrantly colored operation lines, cutaway views, and similar elements. However, the
information actually used by the operator consists of poorly depicted numerical data which is
scattered around the graphic, and only makes up 10% of the available screen area.

High Performance HMI | Page 3

© PAS 2012
 Figure 4: A Flashy Graphic Inappropriate for Actual Operational Control

There are no trends, condition indicators, or key performance elements. You cannot easily tell
from this graphic whether the operation is running well or poorly. That situation is true for
more than 90% of the graphics used throughout the industry because they were not designed
to incorporate such information. Instead, they simply display dozens to hundreds of raw
numbers lacking any informative context.

Justification for HMI Improvement

Poorly performing HMIs have been cited time and again as significant contributing factors
to major accidents. Yet our industry has made no significant change in HMI design. There is
another industry that learns from its accidents and has made phenomenal advancement in
HMI design based on new technology. That industry is avionics. Lack of situation awareness is
a common factor cited in aviation accident reports.

High Performance HMI | Page 4

© PAS 2012
Modern avionics feature fully-integrated electronic displays (See Figure 5). These depict all
of the important information, not just raw data, needed by the operator (i.e., pilot). Position,
course, route, engine diagnostics, communication frequencies, and automated checklists are
displayed on moving maps with built-in terrain proximity awareness. Real-time weather from
satellite is overlaid on the map. Detailed database information on airports is available with
just a click. Situation awareness and abnormal situation detection is far improved by these
advances. This capability – impossible even a dozen years ago in multi-million dollar airliners –
is now standard on even the smallest single engine aircraft.

Figure 5: Garmin G1000® Avionics Package in a Small Plane

Since safety is significantly improved with modern HMIs, it is only logical that we would want all
operators to have access to them. Yet most companies have done little to upgrade.

There have been tests involving actual operators running realistic simulations using traditional
graphics vs. High Performance ones. PAS participated in such a test at a large power plant,
sponsored by the Electric Power Research Institute (EPRI). The results were consistent with a
similar test run by the ASM® (Abnormal Situation Management) Consortium on an ethylene
plant. The test showed the high performance graphics provided significant improvement in the
detection of abnormal situations (even before alarms occurred), and significant improvement in
the success rate for handling them. In the real world, this translates into a savings of hundreds of
thousands of dollars per year.

High Performance HMI | Page 5

© PAS 2012
Proper Graphic Principles
Ineffectively designed graphics are very easy to find. Simply search the internet for images
under the category “HMI”. Problems with these graphics include:
• Primarily a schematic representation
• Lots of displayed numbers
• Few trends
• Spinning pumps/compressors, moving conveyors, animated flames, and similar
distracting elements
• Brightly colored 3-D vessels
• Highly detailed equipment depictions
• Attempts to color code piping with contents
• Large measurement unit callouts
• Bright color liquid levels displaying the full width of the vessel
• Lots of crossing lines and inconsistent flow direction
• Inconsistent color coding
• Misuse of alarm-related colors
• Limited, haphazard navigation
• A lack of display hierarchy
Ineffective graphics encourage poor operating practices, such as operating by alarm.

By contrast, High Performance graphics have:

• A generally non-schematic depiction except when functionally essential
• Limited use of color, where color is used very specifically and consistently
• Gray backgrounds to minimize glare
• No animation except for specific alarm-related graphic behavior
• Embedded, properly-formatted trends of important parameters
• Analog representation of important measurements, indicating their value relative to
normal, abnormal, and alarm conditions
• A proper hierarchy of display content providing for the progressive exposure of
detailed information as needed
• Low-contrast depictions in 2-D, not 3D
• Logical and consistent navigation methods
• Consistent flow depiction and layout to minimize crossing lines
• Techniques to minimize operator data entry mistakes
• Validation and security measures
• Embedded information in context (via right-click menus or similar methods) such as
alarm documentation and rationalization, standard operating procedures, etc.

High Performance HMI | Page 6

© PAS 2012
Data or Information?
A primary difference of high performance graphics is the underlying principle that, wherever
possible, operational values are shown in an informational context and not simply as raw
numbers scattered around the screen.

“Information is data in context made useful.”

As an example, consider this depiction of a compressor (see Figure 6). Much money has
been spent on the purchase of instrumentation. Yet, unless you are specifically trained and
experienced with this compressor, you cannot tell if it is running at peak efficiency or is about
to fail.

190.5 psig
55.7 psig 155.2 °F 108.2 °F 166.1 °F
65.1 °F 2.77
135.1 Cooler MSCFH
psig
Oil 155.2 °F
Oil 85.1 psi

West East

W. Vibration: 2.77 E. Vibration: 3.07

Drive: 232.2 amps

Figure 6: All Data, No Information

The mental process of comparing each number to a memorized mental map of what is good is
a difficult cognitive process. Operators have hundreds (or even thousands) of measurements
to monitor. Thus the results vary by the experience and memory of the operator, and how
many abnormal situations they have experienced with this particular compressor. Training new
operators is difficult because the building of these mental maps is a slow process.

Adding more numbers to a screen like this one does not aid in situation awareness; it actually
detracts from it.

High Performance HMI | Page 7

© PAS 2012
By contrast, these numbers can be represented in a bank of analog indicators, as in Figure 7.
Analog is a very powerful tool because humans intuitively understand analog depictions. We
are hard-wired for pattern recognition.

With a single glance at this bank of properly designed analog indicators, the operators can tell
if any values are outside of the normal range, by how much, and the proximity of the reading
to both alarm ranges and the values at which interlock actions occur.

RECYCLE COMPRESSOR K43

Cool Suct Inter Dsch Suct Inter Dsch E. Vib N. Vib W. Vib Motor Oil Oil
gpm psig psig psig degF degF degF mil mil mil Amps psig degF
Alarm
2
Indicator

Interlock
Threshold

Alarm
Range

Desirable
Operating
Range

Alarm
Range
42.7 38.7 93.1 185 95 120 170 12 8 9 170 80 290

Figure 6: All Data, No Information

In just a second or two of examination, the operator knows which readings, if any, need further
attention. If none do, the operator can continue to survey the other portions of the operation.
In a series of short scans, the operator can be fully aware of the current performance of their
entire span of control.

The knowledge of what is normal is embedded into the HMI itself, making training easier and
facilitating abnormal situation detection – even before alarms occur, which is highly desirable.

Similarly, depiction of PID controllers is accomplished with the addition of easily scanned
setpoint, mode, and output information as in Figure 8.

High Performance HMI | Page 8

© PAS 2012
 Analog Controller: Add If Final Control
Setpoint, Output, and Mode Element has
to standard analog indicator Position feedback:

2 2
Shows any
mismatch
between
Output bar
32.1 output and
Scaled
actual
0-100%
position
Setpoint
Diamond Actual
562.1 562.1 Position Small
AUTO AUTO
485.0 485.0 Mismatch
AUTO
2%44% 2% 22% Output

Setpoint diamond and PV pointer line up when

controller is working properly

Figure 8: Analog Depiction of PID Controllers

Color
Color must be used consistently. There are several types of common color-detection
deficiency in people (red-green, white-cyan, green-yellow). For this reason:

Color, by itself, is never used as the sole differentiator of an important condition or status.

Most graphics throughout the world violate this principle. A color palette must be developed,
with a limited number of distinguishable colors used consistently.

Bright colors are primarily used to bring or draw attention to abnormal situations, not normal
ones. Screens depicting the operation running normally should not be covered in brightly
saturated colors, such as red or green pumps, equipment, valves, etc.

When alarm colors are chosen, such as bright red and yellow, they are used solely for the
depiction of an alarm-related condition and functionality and for no other purpose. If color is
used inconsistently, then it ceases to have meaning.

So what about the paradigm of using bright green to depict “on” and bright red for “off”, or
vice versa if you are in the power industry? This is an improper use of color. The answer is a
depiction such as Figure 9.

High Performance HMI | Page 9

© PAS 2012
 Wrong Better

Pump Not
Running STOPPED
(Shape is Filled
Darker)

Pump
Running
RUNNING
(Shape is Filled
Wrong Better
Brighter)

Figure 9: Depicting Status with Redundant Coding and Proper Color Usage

The relative brightness of the object shows its status, plus a Process Value WORD next to
it. Equipment items brighter than the background are on (think of a light bulb inside them).
Items darker than the background are off. If equipment has no status that is sensed by the
control system, but is desired to be shown on the graphic anyway, it is shown with a fill the
same as the background color.

Alarm Depiction
Proper alarm depiction should also be redundantly coded based upon alarm priority (color /
shape / text). Alarm colors should not be used for non-alarm related functionality.

When a value comes into alarm, the separate alarm indicator appears next to it (See Figure
10). The indicator flashes while the alarm is unacknowledged (one of the very few proper
uses of animation) and ceases flashing after acknowledgement, but remains as long as the
alarm condition is in effect. People do not detect color change well in peripheral vision, but
movement, such as flashing, is readily detected. Alarms thus readily stand out on a graphic
and are detectable at a glance.

High Performance HMI | Page 10

© PAS 2012
 Figure 10: Depiction of Alarms

It is highly beneficial to include access within the HMI to the alarm rationalization information
contained in the Master Alarm Database (See Figure 11). If these terms are unfamiliar, you are
advised to read the ISA 18.2 standard for Alarm Management in the Process Industry, or read
the API RP-1167 Alarm Management Recommended Practice if you are in the pipeline industry.

3
122.1 degC TI-468-02 Column
Overhead Temperature
Shape and Size
Alarm: PVHI
Right-click call-up Class: Minor Financial of a standard
Priority: 3
faceplate if
Setting: 320 deg F
Response Time: <15 min possible
Alarm Consequences:
Reveal Alarm Off spec Production
Lowered efficiency
Rationalization
Alarm Causes:
documentation Excess steam
on demand! Pressure excursion
Insufficient reflux
Feed composition variance
Corrective Actions:
Information Adjust base steam rate
recalled from Check pressure and feed
parameters vs. SOP 468-1 Link to
your Master
Adjust reflux per Procedures
Alarm Database computation; check
controller for cascade mode
Check feed composition

Figure 11: Linked Alarm Information

High Performance HMI | Page 11

© PAS 2012
 Trends
The most glaring deficiency in HMI today is the general lack of properly implemented trends.
Every graphic generally has one or two values on it that would be far better understood if
presented as trends. However, the graphics rarely incorporate them.

Instead, engineers and managers believe claims that their operators can easily trend any
value in the control system on demand with just a click. This is incorrect in practice; a properly
scaled and ranged trend may take 10 to 20 clicks/selections to create, and usually disappears
into the void if the screen is used for another purpose!

This deficiency is easily provable; simply walk into the control room and count how many
trends are displayed. Our experience in hundreds of control rooms is that trends are vastly
underutilized and situation awareness suffers due to that.

55.0 West Comp Flow MSCFH 49.1

45.0
-90 -60 -30 2 Hours

50.0 West Comp Discharge Temp °C 44.1

40.0
-90 -60 -30 2 Hours
5000
15
Main
Steam
4150
Feed
Water
3280
Drum
Level
-0.5
0
-10 1 Hr

Figure 12: Trend Depiction of Desirable Ranges

High Performance HMI | Page 12

© PAS 2012
Trends should be embedded in the graphics and appear, showing proper history, whenever
the graphic is called up. This is generally possible, but is a capability often not utilized.

Trends should incorporate elements that depict both the normal and abnormal ranges for the
trended value. There are a variety of ways to accomplish this (See Figure 12).

Level Indication
Vessel levels should not be shown as large blobs of saturated color. A simple strip depiction
showing the proximity to alarm limits is better. A combination of trend and analog indicator
depictions is even better (See Figure 13).

2
100
Crude
Feed
TK -21

0
2 Hrs 86.5%

Very Poor Better Trend and

Vessel Vessel Analog
Level Level Level
Indication Indication Indication

Figure 13: Vessel Levels

Bar Charts
Attention to detail is important. It is typical to use bar charts to show relative positions and
values. While this may be better than simply showing numbers, it is inferior to the use of
moving pointer elements since as the bar’s value gets low, the bar disappears. The human eye
is better at detecting the presence of something than its absence. The example in Figure 14 is
superior in showing relative values, besides the color improvement.

High Performance HMI | Page 13

© PAS 2012
 Analog Position – Poor Bar Graphs

0% 25% 50% 75% 100%

Valve
V-1 100%
V-2 100%
V-3 95%
X-1 88%
X-2 100%
X-3 100%
X-4 75%
S-1 0%
S-2 55%
K-1 100%
K-2 100%

Analog Position - Better

0% 25% 50% 75% 100%

Valve
V-1 100%
V-2 100%
V-3 95%
X-1 88%
X-2 100%
X-3 100%
X-4 75%
S-1 0%
S-2 55%
K-1 100%
K-2 100%

Figure 14: Bars vs. Pointers

Tables and Checklists

Even tables and checklists can incorporate proper principles (See Figure 15). Consistent colors
and even status indication can be integrated.

High Performance HMI | Page 14

© PAS 2012
 Air Status Mode Diag
Comp

C #1 RUNNING AUTO OK

C #2 STOPPED MAN OK
C #3 RUNNING AUTO OK

C #4 STOPPED AUTO FAULT 3

Startup Permissives
Breaker 15 Power OK
Oil Temp 16-33 OK
Oil Pres Status OK
Level in TK-8776 OK
Gen System Status OK
Comp 88 in Auto NOT OK
Lineup Ready OK
Sys Status Checks OK
Bearing Readouts NOT OK
Comm check OK
Outlet Temp < 250 OK
Cooling Flow NOT OK
Internal Circuit Check OK
Bypass Closed OK
AFS Function OK

Figure 15: Tables and Checklists

There are dozens of additional principles like these. See the References section.

Display Hierarchy
Displays should be designed in a hierarchy that provides progressive exposure of detail.
Displays designed from a stack of schematic designs will not have this; they will be “flat” –
like a computer hard disk with one folder for all the files. This does not provide for optimum
situation awareness and control. A four-level hierarchy is desired.

High Performance HMI | Page 15

© PAS 2012
Level 1 –Operation Overview
This is a single display showing the operator’s entire span of control, the big picture. It is an
overall indicator as to how the operation is running. It provides clear indication of the current
performance of the operation by tracking the Key Performance Indicators (See Figure 16).

Control interactions are not made from this screen.

5000 7500 1200

Unit 2 5000 1250 1200
Overview 15 5 3000

05-31-10 Steam Air Steam

KLBH KLBH
13:22:07 4750 7400
°F
990
Total Fd Wtr Coal Reheat
Alarms KLBH KLBH °F
4580 1000 1005
1 0
Drum Furn Steam
Lvl in. Pres psig
-0.5 -0.5
2 8 2400
1 Hr 1 Hr 1 Hr
0 0 600
3 5 0 0 600
-15 -5 0
Status Alarms Pump Status / Alarms Fan Status / Alarms
PULV A-ON E-ON A B C D PUMPS A2 CWP A2 HWP C2 HWP A2BFPT A2 ECW A2 FD B2 FD A2 PA C-SBAC
B-ON F-ON AND ON ON ON ON ON ON ON ON ON
C-ON G-OFF E F G H FANS B2 CWP B2 HWP SUBFP B2BFPT B2 ECW A2 ID B2 ID B2 PA D-SBAC
D-ON H-ON ON OFF ON ON ON ON ON ON ON

Turbine – Generator LPT-A LPT-B Hydrogen Hydrogen Turb Oil Stator Condenser–Feed Wtr Drum Lvl HW Lvl DA Lvl DA Wide Cond Hdr
Gross MW Net MW MVAR HZ in.hg in.hg psig °F °F GPM A2 BPFT B2 BPFT in.H2O in.H2O in.H2O FT.H2O psig

702.1 640.1 - 5.2 60.00 0.2 0.2 49.1 104 115 351 3.1 3.1 -0.5 20.1 0.0 9.0 400
AUTO AUTO AUTO AUTO
Boiler BBD Econ Econ Gas Aux Stm Fans A2 ID A2 FD B2 ID B2 FD Econ Sec Air CEMS/MISC NOX SO2 Stack CO Inst Air
A/F Ratio pH pH Out °F psig Furn in.H2O Stall Stall Stall Stall % O2 in.H2O % Opac #/MMBTU #/MMBTU ppm psig

7.1 9.4 9.4 775 300 - 0.5 25 25 25 25 6.0 7.0 21.0 0.45 0.9 200 90

Figure 16: Example Level 1 Display

The Figure 16 example is from a large power plant. We often hear “But it doesn’t look like a
power plant?!” Correct! Does your automobile instrument panel look like a diagram of your
engine? The display is designed so that important abnormal conditions and alarms stand out
clearly.

High Performance HMI | Page 16

© PAS 2012
Level 2 –Unit Control
Every operation consists of smaller, sectional unit operations. Examples include a single
reactor, a pipeline segment, a distillation train, or a compressor station. A level 2 graphic
exists for each separate major unit operation. It is designed to contain all the information and
controls required to perform most operator tasks associated with that section, from a single
graphic (See Figure 17).

Feed Composition Coolant: Cat. Purge Conv. Feed ADTV-1 ADTV-2 Temp Pres Product: Thionite State: Mid-Run RTAM: ON-OK
%A %B %C GPM °C Act% MCFH Eff. % MPH MPH MPH °C
Reserved
psig
Run Plan: Faceplate Zone
Actual:
Interlock Actions:
I I-5A I I-5B I I-5C When any item
Feed ADTV-1 ADTV-2 Stop Feed OFF
Stop ADTV-1 OFF on the screen is
I-5D I-5E I-5F Stop ADTV-2 OFF selected, the
I Temp I Pres I Level Max Cooling OFF faceplate for
Max Vent OFF
that item
appears in this
77.5 11.9 4.0
SHUT
80.5 15.5 4.0 80.5 15.5 4.0 80.5 15.5 45.0 97.2 VENT FREEZE ISOLATE reserved area.
AUTO AUTO AUTO AUTO AUTO DOWN
76.0 12.0 4.0 45.0 95.0 M5 M5 M5
33.1% 22.3% 44.3% 54.1% 44.3%
M5 All control
manipulation is
accomplished
Material Balance through the
80.0
VENT SYS Reset standardized
Feed
MPH
faceplates.
To Coils
Lvl Prod
OP Reactor M5 Agitator
4 % MPH
ON
72.0
-90 -60 -30 2 Hrs +10%
Analysis: Purity %
14.0 40.0
Main Menu
Chem
1 0%
L2 M5 Startup
MPH
OP L2 M5 Scram
10.0 -10%
-90 -60 -30 2 Hrs 32.0
-90 -60 -30 2 Hrs L2 Feed System
75.9 92.0
AUTO
6.0
Analysis: Inhibitor Concentration % 75.0 L2 Prod Recovery
54.3% IN OUT %DIFF
Chem 6.0 Tot. In: 19707
2 L2 Compression
Tot Out: 19301
MPH
Calc Diff: 2.1 % L2 RX Summary
OP Hours: 238.1
---- Level 3 ----
2.0 5.0 %
-90 -60 -30 2 Hrs Daystrom Pumps
4.0
M5 Circ
48.0 -90 -60 -30 2 Hrs M5 Interlocks
PRODUCT
Temp 74.3 %
°C
M5 Cooling Sys
Pump A RUNNING OK
M5 Vent Sys
OP
Pumps Pump B STOPPED FAULT 3
40.0
-90 -30 2 Hrs Needed 1 M5 Agitator
-60

Figure 17: Example Level 2 Display of a Reactor

Level 3 –Unit Detail

Level 3 graphics provide all of the detail about a single piece of equipment. These are used for
a detailed diagnosis of problems. They show all of the instruments, interlock status, and other
details. A schematic type of depiction is often desirable for a Level 3 display (See Figure 18).

High Performance HMI | Page 17

© PAS 2012
 West Compressor Speed Tot Flow 1 Stg 2 Stg CLR IN CLR OUT Winding MANUAL ACTIONS
EAST COMP % MSCFH psi psi °C °C °C Reserved
20.1 psi Faceplate Zone
OH
IDLE PURGE
WEST WC Speed WEST WEST
P 90.8 % When any item
COMP S 90.0 COMP COMP
RUNNING O 90.0 % on the screen is
CAS selected, the
faceplate for
111.0 °C
that item
95.1 Oil psi
appears in this
SHUT reserved area.
48.0 psi ISOLATE DOWN
65.0 °C WEST All control
1st 90.8 76.8 48.0 90.0 65.0 32.0 111.0 WEST
CAS AUTO COMP COMP manipulation is
Stage 20.0 °C 90.0 76.0 accomplished
Inter- 90.0 % 88.5 %
cooler CW through the
standardized
28.0 °C faceplates.
44.0 °C 2 nd

Stage 32.0 °C Flow Demand SPEED

P 76.8 MSCFH
EAST COMP S 76.0 CASCADE
O 88.5 % IN EFFECT
AUTO
90.0 psi 48.4 MSCFH
RECOVERY
Main Menu

50.0 West Comp Discharge Temp °C 55.0 West Comp Flow MSCFH 95.0 West Comp Speed % L2 Compression

L2 Recovery
---- Level 3 ----
Sequence Overlay

Startup Overlay
40.0 45.0 85.0
-90 -60 -30 2 Hours -90 -60 -30 2 Hours -90 -60 -30 2 Hours West Interlocks

I W-1A I W-1B I W-1C West Cooling

West Compressor Interlock Initiators Mech Flow Pres West Compressor Interlock Actions

Comp in Overspeed 1 Stg Pres is High W. Comp Shutdown Flow Cascade to Manual East Comp
NO NO NO NO
Winding Temp is High 2 Stg Pres is High Inlet Block Valve 2 Stg High Press ---- Level 4 ----
NO NO OPEN OK
Vibration is High Suction Pres is Low Outlet Block Valve W. Suction Pres Low Logic Diagrams
NO NO OPEN OK
Oil Pres is Low NO Total Flow is Low NO E. Comp Override to 100% NO Total Flow Low © PAS - Confidential
OK and Proprietary 2012 | 57
Procedures

Figure 18: Example Level 3 Display

Level 4 –Support and Diagnostic Displays

Level 4 displays provide the most detail of subsystems, individual sensors, or components.
They show the most detailed possible diagnostic or miscellaneous information. A “Point
Detail” display is a typical example. The dividing line between Level 3 and Level 4 displays can
be somewhat gray.

API-1165: Recommended Practice for

Pipeline SCADA Displays
In 2006, API issued a document on SCADA HMI displays. There are some inconsistencies
within that document.

Overall, the concepts incorporated in the text portion of the document are valid. It mentions
several good practices. The examples section, however, provides several depictions that are in
direct violation of the text principles.

High Performance HMI | Page 18

© PAS 2012
For example, Section 8.2.4 states “Color should not be the only indication for information.
That is, pertinent information should also be available from some other cue in addition to color
such as a symbol or piece of text.”

Yet throughout the remainder of the document, examples are shown that routinely violate
this principle. Figure 19 shows only a few of the “recommended practice examples” from API-
RP-1165. In many of these examples, only subtle color differences, not distinguishable by a
substantial fraction of the operator population, are the only means to distinguish a significant
status difference.

In one table, API-1165 recommends color coding alarms by type. The well-known best practice
is that they are redundantly coded by priority, not type.

Users of API-1165 are therefore advised to pay more attention to the principles it contains than
to the example depictions.

Figure 19: Sub-optimal Examples from API-RP-1165

High Performance HMI | Page 19

© PAS 2012
A Real-World Case Study and Test of
HP HMI Concepts
The following section is taken from a study conducted by the Electric Power research Institute
(EPRI).

Operator HMI Case Study: The Evaluation of

Existing “Traditional” Operator Graphics vs. High
Performance Graphics in a Coal Fired Power Plant
Simulator , Product ID 1017637
The EPRI study tested these HP HMI concepts at a large, coal-fired power plant. The plant
had a full simulator used for operator training. The existing graphics on the simulator (created
in the early 1990s) operated the same as those on the actual control system. PAS was
retained to prepare several high performance graphics for the simulator. Several operators
were then put through several abnormal situations using both the existing and the new high
performance graphics.

Four examples of the existing graphics are in Figure 20. They have the following
characteristics:
• No graphic hierarchy
• No Overview
• Many controller elements are not shown on any of the existing graphics
• Numbers and digital states are presented inconsistently
• Poor graphic space utilization
• Inconsistent selectability of numbers and elements
• Poor color choices, overuse, and inconsistencies. Bright red and yellow are used for
normal conditions
• Poor interlock depiction
• No trends are implemented, “trend-on-demand” is not used
• Alarm conditions are generally not indicated on graphics – even if the value is a
precursor to an automated action

High Performance HMI | Page 20

© PAS 2012
 Figure 20: 1990s Graphics from the EPRI HP-HMI Test

The operators used dozens of such graphics to control the process.

PAS prepared the following high performance graphics:

• Power Plant Overview (Level 1) – see figure 16.
• Pulverizer Overview Graphic (Level “1.5”) – see Figure 21
• Individual Pulverizer Level 2 Control Graphic – see Figure 22
• Runback 1 and 2: Special Abnormal Situation Graphics – see Figure 23
The Level 1 Overview
(see prior Figure 16)
The Overview graphic shows the key performance indicators of the entire system under the
operator’s control. The most important parameters incorporate trends. It is easy to scan
these at a glance and detect any non-normal conditions. Status of major equipment is shown.
Alarms are easily detected.

The operators found the overview display to be far more useful than the existing graphics in
providing overall situation awareness and useful in detecting burgeoning abnormal situations.

High Performance HMI | Page 21

© PAS 2012
The Level “1.5” Pulverizer Overview
Graphic (Figure 21)
The operator controls eight identical, heavily instrumented, and complex pieces of equipment
called coal pulverizers. At normal rates, seven are in use and one is on standby in case of a
problem. The seven that are running should be showing almost identical performance. It was
immediately apparent that an “Overview” graphic of just these eight items would be very
useful to the operators, since much of their activity is in monitoring and manipulating them.
Being mechanical, they are subject to a variety of problems and abnormal conditions. There
were three separate existing graphics needed for monitoring and controlling each pulverizer,
24 in total for them all. Monitoring using 24 graphics was difficult for the operators.

The new Pulverizer Overview in Figure 21 depicts more than 160 measurements on a single
graphic! The key to making this understandable is that the devices are supposed to run
alike. Instead of blocks of indicators for each pulverizer being grouped together, the same
measurement from each pulverizer is grouped together. Any individual unit operating
differently than the others stands out. The unit that is in standby service also is easily seen. Air
damper positions, a source of problems, are clearly shown.

Note that the trends seemingly violate our recommendation of showing no more than 3 or 4
traces on a single trend. In this case, what the operator is looking for is any trend line that is
not “bunched in” with the others. For such a condition, having these 8 traces was acceptable.
Note that the standby pulverizer’s trace is normally on the bottom.

Even with such a “dense” information depiction and with so many measurements, the
operators found it easy to monitor all eight devices and easily detect burgeoning abnormal
situations. It is easy to scan your eye across the screen and spot any elements that are
inconsistent. Alarm conditions are also easy to spot.

Note that control actions are not taken on this screen, but rather on the eight individual Level
2 graphics, one for each pulverizer.

High Performance HMI | Page 22

© PAS 2012
 PULVERIZER OVERVIEW 08-15-2009 14:22:09
Pulverizer Status Coal Flow Trend Mill Amps Trend Diff Pres Trend Pri. Air Flow Trend Primary Damper
A B C D E F G H A B C D E F G H A B C D E F G H A B C D E F G H A B C D E F G H
Burn A A A A M A A A A A A A M A A A A A A A M A A A A A A A M A A A A A A A M A A A
Diag Maint
S S S H H
A ON
B ON
C ON
D ON
E OFF L
F ON
G ON
H ON 113 112 0 112 42 42 0 43 8.0 10.0 0.6 9.5 204 204 0 204 75 78 76 75 51 50 75 55
113 113 113 112 43 44 43 43 9.8 9.5 9.8 9.0 205 205 205 205
74 45 74 74 50 50 65 51
S. Air Flow Trend North Damper South Damper C/A Temp Trend Hot Damper Cold Damper
A B C D E F G H A B C D E F G H A B C D E F G H A B C D E F G H A B C D E F G H A B C D E F G H
A A A A M A A A A A A A M A A A A A A A M A A A A A A A M A A A A A A A M A A A A A A A M A A A
S H

204 204 0 204 75 78 78 75 0 50 75 55 75 78 78 75 30 50 75 55 135 135 277 135 75 78 78 75 40 50 75 55 75 78 78 75 50 50 75 55

205 205 205 205 135 135 135 135
74 77 78 74 0 50 76 51 74 77 78 74 30 50 73 51 74 77 78 74 40 50 65 51 74 77 78 74 50 50 73 51
16 140
Diff Coal
Flame M1 M2 Pres Flow
PSI KLB/HR
Main A A
Flame B B
C C
ON
90 90 D D
ON
8
Igniter
E E
Flame
F F
Fuel Type G G
Gas -1 30 30 H H
OFF OFF

SWG Valves OPEN OPEN

FlmMnt
Flm MntMod
Mod NORM NORM 2 Hrs 2 Hrs
0 1

L1 OVERVIEW RUNBACK 1 RUNBACK 2 PULV A PULV B PULV C PULV D PULV E PULV F PULV G PULV H

Figure 21: The Level “1.5” Pulverizer Overview

The Level 2 Pulverizer Control Graphic

(Figure 22)
Rather than using three separate graphics to control each pulverizer (24 graphics total), a
single Level 2 graphic for each pulverizer was created with everything needed to accomplish
all typical control manipulations.

High Performance HMI | Page 23

© PAS 2012
 PULVERIZER A 08-15-2009 14:22:09
Diff Press Mill Amps Damper Pos Hot Damp
“A” Coal Flow “A” Primary Air Flow “A” C/A Temperature
140 220
100 100 200
Coal
PA Flow
Flow
Klb/Hr Klb/Hr
113 200
F. Speed PA Flow Air
AUTO
10.7 AUTO 49 Tmp 72.1
BIAS 0.0 45
BIAS 0.0 AUTO
P 81% P 92.3% P 135
S 80% S 92 .3% S 130
O 80.8% O 49.0% O 71.2%
AUTO AUTO AUTO
40 100 S 49.0% S 71.2% S 28.8%
28 2 Hrs 2 Hrs O 49.0% 50 2 Hrs O 71.2% O 28.8%
45
Sec Air N Sec Air S N Damp S. Damp GAS PRESS MN GAS HDR PR
“A” Sec. Air Flow (Total) Flame A1 A2 A3 A5 A6 A7 LOW NOT OK
900
86
Sec Air Main 90 90 90 90 90 90
Total Flame
Klb/Hr
615
ON ON ON ON ON ON
Sec Air
Total
312 312 50 50 Igniter
AUTO 30 30 30 30 30 30
Flame
BIAS 0.0 5.9
P 50.1% Fuel Type
S 50.0%
O 60.0% Gas OFF OFF OFF OFF OFF OFF
AUTO
AUTO SWG Valves OPEN OPEN OPEN OPEN OPEN OPEN
200 BIAS 0.0 AUTO
S 50%
19 2 Hrs O 50%
S 50%
FlmMnt
MntMod
Mod
S 9.0
Flm NRML NRML NRML MNT-B MNT-B MNT-B
O 50% O 2%

Sequence Blocked By:

“A” PULVERIZER START STOP
VALVES
All PA f ans stopped or PAH stopped
LTR oil press low or HDR VLV not open TRIP “A” IG HDR VNT VLV CLOSED
Status Done Status Done Pulv Group
Feeder inlet gate not open
IG GAS TRP VLV OPEN
Start Sequence Ready
Ready Start Pulv X Pulv seal air dif f press low

Sec Air to L.O. Ready

Ready
Start Feeder X LTR atom air press low Trip Status Reset IG OIL TRP VLV CLOSED
Min boiler A.F. required
Start Ltrs. Ready
Ready Pulv Tmp to Auto X Flame detected PTR Reset BRNR VNT VLV CLOSED
Ready
Pulv Grp Dmd L.O. Ready Rel Sec Air X Flame det clg air press lo
Lube oil pump not running Open Swg Valves
Start PA Flow Ready Stop Ltrs X Lube oil press low Pulv A Diag
Ready
X Any pulv grp trip not reset
FAULT H EXECUTE
Open Swg Vlvs Ready Rel Pul Dmd
Ready
No coal on the f eeder belt CANCEL
Any Seal Air blower stopped

L1 OVERVIEW PULV OVRVIEW PULV B PULV C PULV D PULV E PULV F PULV G PULV H

Figure 22: Level 2 Pulverizer Control

While complex in appearance to the layman, the trained operator had no difficulty in
understanding and accessing everything they needed for pulverizer startup, shutdown, and
swap situations that arose during the test. Much of the text on the screen has to do with the
status of automated sequences that sometimes require operator intervention. Everything on
the screen is selectable, and when selected the standard faceplate for the element appears
in a reserved “faceplate zone” rather than floating around the screen obscuring the graphic.
Element manipulation is made via the faceplate.

Abnormal Situation Response Graphics

The operator response for many abnormal plant situations is to cut rates by half, from 700MW
to 350MW. Called a “Runback,” this is a complicated and stressful procedure that takes about
20 minutes to accomplish. If done incorrectly or if important parameters are missed, the plant
can fall to zero output, a very undesirable situation. One of the main purposes of the simulator
was to regularly train the operators for this situation. The operators have to use more than
a dozen of the existing graphics to accomplish the task, involving much navigation, screen
callups and dismissals, and control manipulation.

High Performance HMI | Page 24

© PAS 2012
However, in more than a decade of such training, it had never occurred to anyone to design
special graphics specifically designed to assist in this task! This demonstrates the power of
inertia in dealing with our HMIs. Specific Abnormal Situation Detection and Response graphics
are an important element of an HP HMI.

PAS created two “Runback” graphics designed specifically to assist in this task. Every element
that the operator needed to effectively monitor and control the runback situation was
included on them. In use, the operators placed them on adjacent physical screens. Figure 23
shows “Runback 1,” Runback 2 was similar. The reserved faceplate zone is on the lower right.

Figure 23: Abnormal Situation Graphics – Runback 1

As a simple example of providing information rather than data, consider the trend graph at
the upper left of Runback 1. To be successful, the rate of power reduction must not be too
slow or too fast. The existing graphics had no trend of this, simply showing the current power
megawatt number. This new trend graph had the “sloped-line” element placed next to it,
indicating the ideal rate of power reduction, the full load zone, and the target half-rate zone.
On the figure, the actual rate of drop is exceeding the desired rate, and that condition is easily
seen. (Note: It would have been more desirable to have the sloped lines on the background of
the trend area itself, but the DCS could not accomplish such a depiction. This is a compromise,
but one the operators still found very useful.)

High Performance HMI | Page 25

© PAS 2012
The Testing
Eight Operators, averaging 8 years console operating experience each, were used in the test.
They received only one hour’s familiarity with the new graphics prior to the start of testing.
They were tested on four increasingly complex situations, lasting about 20 minutes each.
• Coal Pulverizer Swap Under Load
• Pulverizer Trip and Load Reduction
• Manual Load Drop with Malfunctions
• Total Plant Load Runback
All operators did all scenarios twice, using the old graphics alone, and the HP HMI graphics.
Half used the old graphics first, and half used the HP HMI graphics first).

Quantitative and qualitative measurements were made on the performance of each scenario
(e.g. detection of the abnormal condition, time to respond, correct and successful response).

The Results
The high performance graphics were significantly better in assisting the operator in:
• Maintaining situational awareness
• Recognizing abnormal situations
• Recognizing equipment malfunctions
• Dealing with abnormal situations
• Embedding knowledge into the control system
Operators highly rated the Overview screen, agreeing that it provided highly useful “big picture”
situation awareness. Even with only a few hours total with the new graphics, operators had no difficulties
in operating the unit. The High Performance graphics are designed to have intuitive depictions.

Very positive Operator comments were received on the analog depictions, alarm depictions,
and embedded trends. There were consistent positive comments on how “obvious” the HP
HMI made the various process situations. Values moving towards a unit trip were clearly
shown and noticed by the operators.

The operators commented that HP HMI would enable faster and more effective training of
new operations personnel. The negative operator comments generally had to do with lack of
familiarity with the graphics prior to the test.

The best summary quote was this one: “Once you got used to these new graphics,
going back to the old ones would be hell.”

The effect of inertia being the controlling factor for HMI change was once more confirmed. The
existing HMI had been in use since the early 1990s, with simulator training for more than a decade.
Despite clear deficiencies, almost no change to the existing HMI had been made since inception.

High Performance HMI | Page 26

© PAS 2012
Operators using the existing graphics first in the test were then asked “What improvements
would you make on the existing graphics to help in these situations? In response, there were
very few or no suggestions!

However, operators using the existing graphics after they used the HP HMI graphics had
many suggestions for improvement, namely analog depictions, embedded trends, consistent
navigation, etc!

So, people get “used to” what they have – and do not complain or know what they are missing
if they are unfamiliar with these HP HMI concepts.

A lack of complaints does not indicate that you have a good HMI!

The Seven Step Work Process

There is a seven step methodology for the development of a high performance HMI.

Step 1: Adopt a high performance HMI philosophy and style guide. You must have a written
set of principles detailing the proper way to construct and implement a high performance
HMI.

Step 2: Assess and benchmark existing graphics against the HMI philosophy. It is necessary to
know your starting point and have a gap analysis.

Step 3: Determine specific performance and goal objectives for the control of the operation
and for all modes of operation. These are such factors as:
• Safety parameters/limits
• Production rate
• Run length
• Equipment health
• Environmental (i.e. Emission control)
• Production cost
• Quality
• Reliability
It is important to document these, along with their goals and targets. This is rarely done and is
one reason for the current state of most HMIs.

Step 4: Perform task analysis to determine the control manipulations needed to achieve the
performance and goal objectives. This is a simple step involving the determination of which
specific controls and measurements are needed to accomplish the operation’s goal objectives.
The answer determines the content of each Level 2, 3, and 4 graphic.

Step 5: Design high performance graphics, using the design principles in the HMI philosophy
and elements from the style guide to address the identified tasks.

High Performance HMI | Page 27

© PAS 2012
Step 6: Install, commission, and provide training on the new HMI.

Step 7: Control, maintain, and periodically reassess the HMI performance.

HP HMI Implementation on a Budget

While desirable, it is not necessary to replace all of your existing graphics to obtain much of
the benefit of HP HMI. A partial implementation can provide most of the benefits. A partial
implementation involves:
• Design new Level 1, Level 2, and Abnormal Situation Management graphics
• Existing graphics can be designated as Level 3 and navigation paths to them altered
• Improvements to those Level 3s (correcting color choices, adding status indications,
adding embedded trends, and providing proper context.) can be made over time

Any facility can afford about twenty new graphics! A High Performance HMI is affordable.

Conclusion

Sophisticated, capable, computer-based control systems are currently operated via ineffective
and problematic HMIs, which were created without adequate knowledge. In many cases,
guidelines did not exist at the time of graphic creation and the resistance to change has kept
those graphics in commission for two or more decades.

The functionality and effectiveness of these systems can be greatly enhanced if redesigned in
accordance with proper principles. A High Performance HMI is practical and achievable.

References

Hollifield, B., Oliver, D., Habibi, E., & Nimmo, I. (2008). The High Performance HMI Handbook.

Operator HMI Case Study: The Evaluation of Existing “Traditional” Operator Graphics vs. High
Performance Graphics in a Coal Fired Power Plant Simulator , Product ID 1017637

High Performance HMI | Page 28

© PAS 2012
About the Authors

Bill Hollifield Hector Perez

Bill R. Hollifield, PAS Principal Alarm Management and HMI Consultant

Bill is the Principal Consultant responsible for the PAS work processes and intellectual property
in the areas of both Alarm Management and High Performance HMI. He is a member of the
American Petroleum Institute’s API RP-1167 Alarm Management Recommended Practice
committee, the ISA SP-18 Alarm Management committee, the ISA SP101 HMI committee, and the
Engineering Equipment and Materials Users Association (EEMUA) Industry Review Group.

Bill has multi-company, international experience in all aspects of Alarm Management and HMI
development. He has 26 years of experience in the petrochemical industry in engineering and
operations, and an additional 9 years in alarm management and HMI software and services for
the petrochemical, power generation, pipeline, and mining industries.

Bill is co-author of The Alarm Management Handbook, The High Performance HMI Handbook,
and The Electric Power Research Institute (EPRI) guideline on Alarm Management.

Bill has authored several papers on Alarm Management and HMI, and is a regular presenter on
such topics in such venues as API, ISA, and Electric Power symposiums. He has a BSME from
Louisiana Tech University and an MBA from the University of Houston.

Hector R. Perez, PAS High Performance HMI Product Manager

Hector oversees the High Performance HMI business line at PAS. He is a chief designer of high
performance graphics intended to facilitate situation awareness in a variety of industries. At
PAS, Hector oversees PAS software directions to improve product design and capabilities.

Prior to working with PAS, Hector was a senior engineer at Schlumberger. His strength in design
contributed to his success in creating new and improved HMI’s for reservoir evaluation services
and interfaces for business Key Performance Indicator tracking.

High Performance HMI | Page 29

© PAS 2012
In addition to his expertise in High Performance HMI, Hector has widespread experience in all
aspects of Alarm Management. He has facilitated numerous Alarm Management workshops,
conducted alarm rationalization projects, and developed Alarm Philosophy documents for a
wide range of clients in the petrochemical, power generation, pipeline, and mining industries.

Hector has authored technical articles on High Performance HMI. In 2009, he collaborated with
the Electrical Power Research Institute (EPRI) on a comparative research study evaluating high
performance graphics and operator effectiveness.

Hector holds a Bachelor of Science in Chemical Engineering from Rice University.

High Performance HMI | Page 30

© PAS 2012