Optimization of human interface configurations and safety control policies for alarm subsystems

Abstract

This paper gives four alarm subsystems with different human interface configurations which include fault-alerting and safety-presentation types, where two kinds of correspondences between sensor states and plant states are distinguished. For each configuration, we give probabilistic analyses on occurrence of spurious-shutdowns (SS) and hazardous-accidents (HA). We prove that either the fault-alerting alarm subsystem or the safety-presentation alarm subsystem can be an optimal alarm subsystem which minimizes SS and HA failure probabilities simultaneously if we choose a human interface configuration and its associated safety-control policy in an appropriate manner.