SIST EN 62241:2015

SLOVENSKI STANDARD
01-september-2015
Jedrske elektrarne - Glavni komandni prostor - Funkcije alarma in predstavitev
(IEC 62241:2004)
Nuclear power plants - Main control room - Alarm functions and presentation (IEC
62241:2004)
Kernkraftwerke - Warte - Alarmfunktionen und ihre Darstellung (IEC 62241:2004)
Centrales nucléaires de puissance - Salle de commande principale - Fonctions et
présentation des alarmes (IEC 62241:2004)
Ta slovenski standard je istoveten z: EN 62241:2015
ICS:
27.120.20 Jedrske elektrarne. Varnost Nuclear power plants. Safety
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

EUROPEAN STANDARD EN 62241
NORME EUROPÉENNE
EUROPÄISCHE NORM
February 2015
ICS 27.120.20
English Version
Nuclear power plants - Main control room - Alarm functions and
presentation
(IEC 62241:2004)
Centrales nucléaires de puissance - Salle de commande Kernkraftwerke - Warte - Alarmfunktionen und ihre
principale - Fonctions et présentation des alarmes Darstellung
(IEC 62241:2004) (IEC 62241:2004)
This European Standard was approved by CENELEC on 2015-02-16. CENELEC members are bound to comply with the CEN/CENELEC
Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration.
Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC
Management Centre or to any CENELEC member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by translation
under the responsibility of a CENELEC member into its own language and notified to the CEN-CENELEC Management Centre has the
same status as the official versions.
CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic,
Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia,
Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland,
Turkey and the United Kingdom.

European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung
CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels
© 2015 CENELEC All rights of exploitation in any form and by any means reserved worldwide for CENELEC Members.
Ref. No. EN 62241:2015 E
Foreword
This document (EN 62241:2015) consists of the text of IEC 62241:2004 prepared by
SC 45A “Instrumentation, control and electrical systems of nuclear facilities” of IEC/TC 45 “Nuclear
instrumentation".
The following dates are fixed:

• latest date by which the document has to be (dop) 2016-02-16
implemented
at national level by publication of an identical
national standard or by endorsement
(dow) 2018-02-16
• latest date by which the national standards conflicting
with the document have to be withdrawn

As stated in the nuclear safety directive 2009/71/EURATOM, Chapter 1, Article 2, item 2, Member
States are not prevented from taking more stringent safety measures in the subject-matter covered by
the Directive, in compliance with Community law. In a similar manner, this European standard does
not prevent Member States from taking more stringent nuclear safety measures in the subject-matter
covered by this standard.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CENELEC [and/or CEN] shall not be held responsible for identifying any or all such
patent rights.
Endorsement notice
The text of the International Standard IEC 62241:2004 was approved by CENELEC as a European
Standard without any modification.

- 3 - EN 62241:2015
Annex ZA
(normative)
Normative references to international publications
with their corresponding European publications

The following documents, in whole or in part, are normatively referenced in this document and are
indispensable for its application. For dated references, only the edition cited applies. For undated
references, the latest edition of the referenced document (including any amendments) applies.

NOTE 1 When an International Publication has been modified by common modifications, indicated by (mod), the relevant
EN/HD applies.
NOTE 2 Up-to-date information on the latest versions of the European Standards listed in this annex is available here:
www.cenelec.eu
Publication Year Title EN/HD Year

1)
IEC 60964 1989 Design for control rooms of nuclear - -
power plants
IEC 61226 -  Nuclear power plants - Instrumentation EN 61226 -
and control important to safety -
Classification of instrumentation and
control functions
IEC 61771 -  Nuclear power plants - Main control-room - - -
Verification and validation of design
IEC 61772 -  Nuclear power plants - Control rooms - EN 61772 -
Application of visual display units (VDUs)
IEC 61839 -  Nuclear power plants - Design of control EN 61839 -
rooms - Functional analysis and
assignment
1)
Superseded by IEC 60964:2009.
NORME CEI
INTERNATIONALE
IEC
INTERNATIONAL
Première édition
STANDARD
First edition
2004-11
Centrales nucléaires de puissance –
Salle de commande principale –
Fonctions et présentation des alarmes

Nuclear power plants –
Main control room –
Alarm functions and presentation

 IEC 2004 Droits de reproduction réservés  Copyright - all rights reserved
Aucune partie de cette publication ne peut être reproduite ni No part of this publication may be reproduced or utilized in any
utilisée sous quelque forme que ce soit et par aucun procédé, form or by any means, electronic or mechanical, including
électronique ou mécanique, y compris la photocopie et les photocopying and microfilm, without permission in writing from
microfilms, sans l'accord écrit de l'éditeur. the publisher.
International Electrotechnical Commission, 3, rue de Varembé, PO Box 131, CH-1211 Geneva 20, Switzerland
Telephone: +41 22 919 02 11 Telefax: +41 22 919 03 00 E-mail: inmail@iec.ch Web: www.iec.ch
CODE PRIX
X
PRICE CODE
Commission Electrotechnique Internationale
International Electrotechnical Commission
МеждународнаяЭлектротехническаяКомиссия
Pour prix, voir catalogue en vigueur
For price, see current catalogue

62241  IEC:2004 – 3 –
CONTENTS
FOREWORD.7
INTRODUCTION.11

1 Scope and object.15
2 Normative references .15
3 Terms and definitions.17
4 Background explanations .25
4.1 Problems of alarm systems .25
4.2 Functional design elements .27
4.3 Other elements.27
5 Basic functional requirements.31
5.1 Alarm functions .31
5.2 Alarm signals .31
5.3 Alarm signal processing .33
5.4 Alarm display processing.35
5.5 Alarm control and management .35
5.6 Alarm presentation and display-control integration .37
5.7 Human factors.37
5.8 Evaluation .39
6 Design definition of alarms .39
6.1 General .39
6.2 Key alarms .41
6.3 Alarms needed .41
7 Alarm signal processing .43
7.1 General .43
7.2 Alarm signal validation .43
7.3 Alarm generation and reduction processing .43
7.4 Event sequence and time delay processing .47
7.5 First-out processing.47
8 Alarm display processing.49
8.1 General .49
8.2 Grouped alarms.49
8.3 Alarm suppression.51
8.4 Dark-board presentation.51
9 Alarm control and management .53
9.1 General .53
9.2 Audible warning and silence .53
9.3 Flash and reflash.55
9.4 Acknowledgement .55
9.5 Ringback .55
9.6 Reset .57

62241  IEC:2004 – 5 –
10 Alarm presentation and display-control integration .63
10.1 General .63
10.2 Alarm fascia and tile.69
10.3 VDU alarm list display .71
10.4 Audible annunciation .77
11 Reliability, testing, and maintainability.77
11.1 Reliability .77
11.2 Testing .77
11.3 Maintainability .79
12 Alarm recording .79
13 Alarm response procedures (ARP) .81
13.1 General .81
13.2 Contents .81
13.3 Format .81

Annex A (informative) Problems of alarm system .83
Annex B (informative) Information sources for signals used to generate alarms .85
Annex C (informative) Examples of alarm processing logic and dynamic prioritisation.87
Annex D (informative) Conceptual example of alarm grouping and categorisation.91
Annex E (informative) Material for the need of distinction between alarm and status
information.95
Annex F (informative) Example of arrangement of alarm tiles.97
Annex G (informative) Examples of Points to Consider in the Categorisation of Alarms.99

Figure 1 – Alarm system functional design elements.29
Figure 2 – Typical alarm control sequence.59
Figure 3 – Typical alarm control sequence for a grouped alarm .61
Figure F.1 – A horizontal layout of alarm tiles for redundant components.97
Figure F.2 – A perpendicular layout of alarm tiles for a set of alarms with different
importance.97

62241  IEC:2004 – 7 –
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
NUCLEAR POWER PLANTS –
MAIN CONTROL ROOM –
ALARM FUNCTIONS AND PRESENTATION

FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote
international co-operation on all questions concerning standardization in the electrical and electronic fields. To
this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,
Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC
Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested
in the subject dealt with may participate in this preparatory work. International, governmental and non-
governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely
with the International Organization for Standardization (ISO) in accordance with conditions determined by
agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence
between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in
the latter.
5) IEC provides no marking procedure to indicate its approval and cannot be rendered responsible for any
equipment declared to be in conformity with an IEC Publication.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of
patent rights. IEC shall not be held responsible for identifying any or all such patent rights.
International Standard IEC 62241 has been prepared by subcommittee 45A: Instrumentation
and control of nuclear facilities, of IEC technical committee 45: Nuclear instrumentation.
The text of this standard is based on the following documents:
FDIS Report on voting
45A/540/FDIS 45A/546/RVD
Full information on the voting for the approval of this standard can be found in the report on
voting indicated in the above table.
This publication has been drafted in accordance with the ISO/IEC Directives, Part 2.

62241  IEC:2004 – 9 –
This International Standard supplements 4.6.4 of IEC 60964:1989 and therefore supersedes
the guidance given in A.4.6.4 of Annex A of IEC 60964.
The committee has decided that the contents of this publication will remain unchanged until
the maintenance result date indicated on the IEC web site under "http://webstore.iec.ch" in
the data related to the specific publication. At this date, the publication will be
• reconfirmed;
• withdrawn;
• replaced by a revised edition, or
• amended.
62241  IEC:2004 – 11 –
INTRODUCTION
Technical background, main issues and organisation of the standard
IEC 60964:1989 was developed to supply requirements relevant for the design of Control
Rooms (CR) of nuclear power plants. In this first edition of IEC 60964 which has been used
extensively within the nuclear industry, the subject of alarm systems was tackled in a one
page clause. Considering the return of experience gathered worldwide on the subject, it
appeared that a comprehensive standard on alarm systems was needed.
This standard is for application to the design of new main control rooms of nuclear power
plants conforming to IEC 60964, where work is initiated after the publication of this standard.
It serves as a reference for upgrading and modernizing existing control rooms. If it is desired
to apply it to supplementary and local control rooms, special attention should be given to
identifying the areas affected.
Situation of the current standard in the structure of the IEC SC 45A standard series
IEC 62241 will be directly referenced by the second edition of IEC 60964 (under consideration)
and is the third level document specifically tackling the topic of alarm systems.
For more details on the structure of the IEC SC 45A series of standards, see below the
“Description of the structure of the IEC SC 45A series of standards”.
Recommendations and limitations regarding the application of this standard
This Standard supplements Subclause 4.6.4 of IEC 60964:1989 and therefore supersedes the
guidance given in A.4.6.4 of Annex A of IEC 60964 Ed.1.0.
For the categorization of alarm systems, the safety classification of IEC 61226 should be
taken into account.
Description of the structure of the IEC SC 45A series of standards and relationships
with other IEC documents and other bodies documents (IAEA, ISO)
The top level document of the IEC SC 45A series of standards is IEC 61513. It provides
general requirements for instrumentation and control systems and equipment (I&C systems)
that are used to perform functions important to safety in nuclear power plants (NPPs).
IEC 61513 structures the IEC SC 45A series of standards.
IEC 61513 refers directly to other IEC SC 45A standards for general topics related to
categorization of functions and classification of systems, qualification, separation of systems,
defence against common cause failure, software aspects of computer based systems,
hardware aspects of computer based systems, and control room design. The standards
referenced directly at this second level should be considered together with IEC 61513 as a
consistent document set.
At a third level, IEC SC 45A standards not directly referenced by IEC 61513 are standards
related to specific equipment, technical methods or specific activities. Usually these
documents, which make reference to second level documents for general topics, can be used
on their own.
62241  IEC:2004 – 13 –
A fourth level extending the IEC SC 45A series of standards corresponds to the Technical
Reports which are not normative.
IEC 61513 has adopted a presentation format similar to the basic safety series IEC 61508
with an overall safety life-cycle framework and a system life-cycle framework and provides an
interpretation of the general requirements of IEC 61508, parts 1, 2 and 4, for the nuclear
application sector. Compliance with this standard will facilitate consistency with the
requirements of IEC 61508 as they have been interpreted for the nuclear industry. In this
framework, IEC 60880 and IEC 62138 correspond to IEC 61508-3 for the nuclear application
sector.
IEC 61513 refers to ISO as well as to IAEA 50-C-QA for topics related to quality assurance.
The IEC SC 45A series of standards consistently implements and details the principles and
basic safety aspects provided in the IAEA code on the safety of nuclear power plants and in
the IAEA safety series, in particular the Requirements NS-R-1 and the Safety Guide NS-G-
1.3 . The terminology and definitions used by IEC SC 45A standards are consistent with those
used by the IAEA.
———————
Requirements NS-R-1: Safety of Nuclear Power Plants: Design
Safety Guide NS-G-1.3: Instrumentation and Control Systems Important to Safety in Nuclear Power Plants

62241  IEC:2004 – 15 –
NUCLEAR POWER PLANTS –
MAIN CONTROL ROOM –
ALARM FUNCTIONS AND PRESENTATION

1 Scope and object
This International Standard provides the functional requirements for the alarm systems in the
main control room of nuclear power plants. It gives definitions of the terms used for alarm
functions. It also establishes the human factors requirements and the design guidelines for
alarm presentation for the main control room of nuclear power plants.
NOTE The alarm functions can be implemented in a dedicated system (alarm system) or preferably be an
integrated part of the main control room HMI (Human-Machine Interface) system.
It specifies the alarm functions including those for the selection and definition of original alarm
signals, alarm signal processing (e.g., event sequence processing, static and dynamic
prioritisation), alarm display processing (e.g., alarm suppression) and the use of associated
display devices (e.g., Visual Display Unit (VDU), conventional alarm fascia, mural display),
with acknowledge and reset sequences, and other related matters.
Under abnormal conditions or plant transient conditions in the nuclear power plant, many
alarms occur simultaneously. For this reason, the alarm functions of the main control room of
nuclear power plants require special considerations for human factors engineering and
system configuration, to avoid operator misunderstandings and to provide the operator with
adequate information. Therefore, the scope includes special alarm functions based on human
factors for monitoring and operation of nuclear power plants. It does not cover specific alarm
systems, such as the fire alarm and security alarm systems.
The object of this Standard is to establish a common international understanding of the
underlying functional design basis of alarm systems for control rooms, covering the
corresponding functional requirements, the human factors requirements and design guidelines
for the alarm functions and alarm presentation for the main control room of nuclear power
plants.
This Standard therefore aims to give guidance to reduce problems which have been
experienced in the past: omission of important alarms, delay in detecting important alarms,
increased workload that may affect the performance of other operational activities, inattention
to frequently activated alarms known as ‘nuisance alarms,’ and confusion associated with the
misunderstanding of the relationships among alarms and of the importance of alarms.
2 Normative references
The following referenced documents are necessary for the application of this document. For
dated references, only the edition cited applies. For undated references, the latest edition of
the referenced document (including any amendments) applies.

62241  IEC:2004 – 17 –
IEC 60964:1989, Design for control rooms of nuclear power plants
IEC 61226, Nuclear power plants – Instrumentation and control systems important for safety –
Classification
IEC 61771, Nuclear power plants – Main control room – Verification and validation of design
IEC 61772, Nuclear power plants – Main control room – Application of visual display units
(VDU)
IEC 61839, Nuclear power plants – Design of control rooms – Functional analysis and
assignments
3 Terms and definitions
For the purposes of this document, the terms and definitions given in IEC 60964, as well as
the following definitions, apply.
NOTE When the same term is defined in IEC 60964 and in this standard, the definition given in this standard
applies.
3.1
alarm
item of diagnostic, prognostic, or guidance information, which is used to alert the operator and
to draw his or her attention to a process or system deviation
NOTE Specific information provided by alarms includes the existence of an anomaly for which corrective action
might be needed, the cause and potential consequences of the anomaly, the overall plant status, corrective action
to the anomaly, and feedback of corrective actions.
Two types of deviation may be recognised:
– unplanned – undesirable process deviations and equipment faults;
– planned – deviations in process conditions or equipment status that are the expected response to but could be
indicative of undesirable plant conditions.
3.2
alarm acknowledgement
action, which operators are required to carry out to show that they have recognized an alarm
presented to them
3.3
alarm avalanche
condition where a large number of alarms appear within a short time at a rate exceeding the
operator’s capacity to take them into account
3.4
alarm coding
method of highlighting an object of concern visually or audibly, with the intention of drawing
the operator’s attention to the object
3.5
alarm control
set of alarm presentation control functions, which support the operators in recognizing alarm
status correctly and in a timely manner
NOTE Alarm acknowledgement, silence, and reset are typical examples of alarm control.

62241  IEC:2004 – 19 –
3.6
alarm display processing
alarm signal processing functions or mechanisms, which are used in controlling or enhancing
alarm presentation, for example, grouped alarms, alarm suppression
NOTE The alarm display processing operates on the alarms identified by the alarm signal processing (q.v.) logic.
3.7
alarm fascia
alarm display consisting of a set of alarm tiles
3.8
alarm reduction or filtering
alarm signal processing function or mechanism which has the aim of reducing the number of
alarms for operator attention
NOTE Filtering or reduction are generic terms.
3.9
alarm generation
alarm signal processing function or mechanism, which is used to generate an alarm based on
a logical combination of pre-defined alarm signals and non-alarm binary signals (e.g.,
component status signals)
NOTE See also under alarm signal processing logic.
3.10
alarm legend
caption identifying an alarm
3.11
alarm message
alarm phrase identifying an alarm, which is used typically in VDU-based alarm displays
NOTE It may be associated with supplemental information such as the time of alarm activation, the threshold, and
the trend of a corresponding process. It is also used to mean a string of speech-based audible announcements,
representing an alarm, which may be associated with guidance or other supplemental information.
3.12
alarm prioritisation
alarm signal processing function or mechanism, which categorizes alarms into groups of
different priorities of importance
NOTE The priority may be defined beforehand or determined dynamically from plant conditions. See also under
alarm signal processing (q.v.) logic.
3.13
alarm recording
method ensuring that the identity and time of appearance and clearing of each alarm and
alarm signal can be available for off-line study and analysis, using a permanent record such
as printout or long-term magnetic or optical recording
3.14
alarm signal
binary signal taken into the alarm system, which is processed to provide an alarm. These
signals may be raw signals from the plant or from the I&C systems

62241  IEC:2004 – 21 –
3.15
alarm signal processing
logic or mechanisms which operate on the alarm signals (q.v.), before alarms are identified
and passed to alarm display processing (q.v.) to be displayed to operators
NOTE Alarm signal processing may be used to validate alarm signals, generate alarms, reduce alarms, or
prioritise alarms.
3.16
alarm signal validation
alarm signal processing function or mechanism, which determines whether an alarm signal is
correctly representing a corresponding process or system status
3.17
alarm silence
action, which is made to stop an audible cue or warning associated with an alarm
3.18
alarm suppression
alarm presentation function, which switches off the illumination or prevents display of the
messages of alarms with no current operational significance
NOTE The state of suppressed alarms can still be determined by other means.
3.19
alarm system
system designed to alert the operators to the existence of an anomaly (i.e., a system or
process deviation), for which corrective action might be needed
NOTE Normally, an alarm system is an integral part of I&C systems, especially computerized I&C systems, but it
may also be a separate set of equipment as found in hardwired I&C systems.
3.20
alarm threshold
process value or system state, which is used as a reference for activating an alarm signal
NOTE Also called alarm limit or alarm setpoint.
3.21
alarm tile
alarm display unit which consists of an engraved legend shown on a tile and lit from behind
when its alarm condition is present
3.22
alerting
act of warning by means of visual and audible signals, which is intended to draw the
operators’ attention
3.23
dark-board
for alarm display, a design goal that, for normal healthy plant conditions, no alarms are shown
3.24
discrepancy indicator
display in which an indicator switch or a switch controlling an equipment item shows an
illumination when the state is different from the last state ordered by that switch or shown by
that switch
62241  IEC:2004 – 23 –
3.25
dynamic alarm coding
alarm display processing function or mechanism, which is used to dynamically change alarm
coding (e.g. alarm presentation colour)
NOTE Lighting an alarm window with different colours in accordance with dynamically determined priorities is an
example of dynamic display coding.
3.26
first-up alarm
alarm which indicates the first initiation triggering an associated set of alarms
NOTE Often used for the first signal causing the actuation of the reactor protection system or safety systems.
Also known as ‘first-out’ alarm.
3.27
grouped alarm
alarm, which is defined as a logical combination of several alarms
NOTE Usually simple ‘OR’ logic is used to generate a grouped alarm. Sometimes called a ‘shared alarm.’
3.28
grouping
group of alarms in terms of physical or functional properties
NOTE Laying out a group of alarms in a certain place in a distinctive manner is an example of physical grouping.
3.29
navigation
function, which supports the operators in locating the position of desired information in a
VDU-based information system, and also in guiding the selection of displays
3.30
nuisance alarm
alarm which repeatedly cycles between the alarmed and cleared states and leads to control
room distraction or annoyance
NOTE Also called a ‘repeating alarm.’
3.31
reflash
action of flashing an alarm legend or of presenting it again with a flashing symbol on a VDU,
when it has been activated again after it has cleared, or to indicate that a grouped alarm is
reactivated by a new alarm
3.32
reset
alarm control function, which is used to return the alarm system to a pre-defined state by
removing cleared alarms from display
3.33
ringback
alarm presentation function, which is used to indicate that an alarm condition has been
cleared
3.34
standing alarm
alarm which is present and has been acknowledged

62241  IEC:2004 – 25 –
3.35
telop
short message or a symbol, often with a numerical content, presented at the foot or heading
line of a VDU display to direct the user to another display or to inform the user of some
information such as the number of outstanding alarms
4 Background explanations
4.1 Problems of alarm systems
Poor alarm system design is known to sometimes cause human factor problems, which may
be critical to plant availability and safety. Typical human factor problems involve the following:
– omission of important alarms;
– delay in detecting important alarms;
– increased workload that may affect the performance of other operational activities;
– inattention to frequently activated alarms;
– confusion associated with the misunderstanding of the relationships between alarms and
of the importance of each alarm;
– delay in presentation of alarms when the operators know a plant change has occurred,
causing loss of operator belief in the integrity of the alarms.
It is known that the following are the major causes of these human factor problems:
– A large number of alarms are activated in a transient, and operators cannot acknowledge
them immediately. This problem is known as ‘alarm avalanche’. In addition, many of these
alarms do not necessarily possess operational value but are dependent on other alarms of
higher significance.
– Nuisance alarms and standing alarms.
– Alarms activated as a direct result of normal operating conditions.
– Large numbers of alarms activated during a plant outage or due to maintenance work, or
to periodic testing.
– Operating styles. In order to cope with human factors difficulties, operators tend to create
their own operating styles. For instance, some operators do not try to acknowledge alarms
soon after a transient. This alleviates the problem of increased workload, but may cause
delay in detecting important alarms.
– Limitations of existing alarm system designs for alarm signal processing and alarm display
processing.
More fundamentally, these problems can be diminished if all system designers attend to the
following:
– the operational value of each alarm at a given condition is clearly defined;
– the dynamic relationships among alarms;
– the implementation of suitable alarm signal processing logic and alarm display processing
methods.
A primary intention of this standard is to alleviate these human factors problems through the
clear identification of the functional requirements and the recommendations on their
implementation given by this standard.
Annex A shows supplementary information.

62241  IEC:2004 – 27 –
4.2 Functional design elements
Figure 1 presents a conceptual configuration of elements that constitute the functional design
of alarm systems, within the scope of this Standard. The actual hardware or software
configuration may be different depending on the configurations of I&C systems, designers’
choices, or others.
This standard considers the following five major elements of alarm system design:
– alarm definition;
– alarm signal processing;
– alarm display processing;
– alarm control and management;
– alarm presentation and display-control integration.
4.3 Other elements
Other important functional design elements of the alarm system, which this standard covers
include the following:
– reliability;
– testing;
– maintainability;
– recording;
– Alarm Response Procedures (ARP).

62241 © IEC:2004                     – 29 –

Alarm control and
management
Control signals
Alarms definition
- acknowledge;
- audible warning
- alarms defined
Alarm presentation and
and silence;
(i.e., by designers,
display-control
- reset;
operators)
integration
- ringback;
- reflash.
Media-free or media
Control signals
Alarm signal specific elements:

processing
Alarms
Alarms display
Alarm signals
- layout;
processing
- grouping;
- alarm signal
Alarms
- presentation types;
validation;
- grouped alarms;
- coding (audible and
- alarm generation;
- suppression;
display);
- alarm prioritisation.
- dark-board;
- format;
-   audible speech
- alarm legend;
enhancement.
- alarm message;
- navigation, etc.
Control signals for
visual or audible
Reliability, testing and
coding, etc.
maintainability
- integrity check;
- illumination check;
NOTE This functional architecture forms the basis for this standard.
It can be implemented by different hardware architectures.
- alarm signal
testing;
- etc.
Recording
Alarm Response
Procedures (ARP)
IEC  1419/04
Figure 1 – Alarm system functional design elements

62241  IEC:2004 – 31 –
5 Basic functional requirements
5.1 Alarm functions
The alarm system shall detect undesirable changes in the plant to derive alarms using
subsequent alarm signal processing for alarm display processing and alarm display.
Alarms shall give the operator adequate warning and indication of the onset of a safety
challenge or accident, a plant disturbance, plant or equipment failure or other events, which
could prevent operating goals from being achieved. More specifically, the alarm functions
shall provide at least the following fundamental features:
– alert the operator to the existence of abnormal states so that suitable corrective action can
be started;
– inform the operator about faults, disturbances and unexpected events in the plant leading
to a change of state or status of plant systems;
– guide the operator to the information which is needed for further diagnosis and
understanding of the announced event, to assist in planning and execution of corrective
actions;
– confirm the overall plant situation to the operator.
The design of the overall alarm presentation system should take into account the following
supplementary functions:
– provide the operator with information on causes and consequences of the announced
events;
– direct the operator to entry points in the total control room information system;
– provide the operator with suitable references to the operating procedures.
Additionally, consideration shall be given to minimize distraction, nuisance alarms and
operator workload due to the alarm system itself. Performance requirements shall be
identified for the alarm system.
The following subclauses define the basic functional requirements needed to meet the primary
functions given above, and later subclauses give detailed recommendations for each function.
5.2 Alarm signals
5.2.1 General
Alarm signals, normally provided by two-state inputs and threshold detection on analogue
inputs, are used for the alarm signal generation and display processing to meet the functions
required by 5.1. The definition of alarm signals may be made by the responsible plant
designers, but if these signals are assumed always to represent alarms and are always
displayed when they occur, the human factors problems associated with missing important
alarms and alarm avalanche can be expected. The processing of those alarm signals to define
alarms, and their further processing for suitable methods of display is therefore necessary.

62241  IEC:2004 – 33 –
5.2.2 Basic alarm signal requirements
The alarms and supporting information provided for a plant shall be shown to have sufficient
extent and coverage to be operationally appropriate and technically consistent.
The definition of alarms should be the result of a functional analysis according to IEC 61839.
All alarms necessary for safe and effective operation shall be provided by the alarm system.
Alarm signals should include indications of plant state and of control switch states, to allow for
suitable alarm processing logic covering maintenance, plant outage, plant shutdown and other
conditions.
Details of these requirements are given in Clause 6.
5.3 Alarm signal processing
5.3.1 General
Alarm signal processing is needed to derive valid alarm information from the alarm signals as
its input. Only real conditions for which some operator action or attention is required are
alarms. Processing of alarm signals is therefore needed to identify those conditions and
thereby to simplify the activities required by the operator. The alarm signals need validation to
avoid the use of failed signals. The plant operating state and the other alarm conditions
existing at the time an alarm signal appears or clears are involved in the logic and processing
necessary to generate the alarms from the alarm signals.
5.3.2 Basic alarm signal processing requirements
The charac
...