Design Critique Exercise

Contributed by André Gascon of Hydro Québec

The objective of this exercise is to understand the difficulty of discovering user's needs and the importance of user observation.

In the Power Plant video, an alarm annunciator is shown. The annunciator monitors between a few hundred to a few thousand alarm points, (e.g., the temperature of an electric transformer, which should not be too high) in an electric power plant.

The annunciator lists, in real-time, the occurence of anomalies (indicated by lines with an "N" for New alarm) and their eventual dissapearance (indicated by lines with an "R" for Return to normal).

Mockup of the alarm annunciator (circa 1985, but still in use in some places) from the Power Plant video. Red line items denote major (critical) events, yellow denotes minor events, and green means (returned to) normal condition. Inverse video means that an alarm message that has not yet been acknowledged.

The operator can acknowledge a single message with the acq button or acknowledge all messages with the acqp button. Once acknowledged, the message changes its display to light text on a black background. The operator can remove acknowledged "N" and "R" pairs (i.e., alarm points that have returned to a normal state) by pushing the rap button. Thus, pressing acqp then rap, will remove from the list the alarm messages for all anomalies that are no longer active.

Operator behaviour: The video demonstrates the operator behaviour in the case of a very large perturbation in the Beauharnois power plant. This event generated over 400 alarms in a few seconds, whereas an event is considered important when it generates more than 10 alarm messages in a few seconds.

Power plant control room (circa 1995). The annunciator is on the monitor at far right. The control panel fills the entire background of the picture.

The operator, who was sitting at his desk (see chair in the above picture), with the annunciator on his right, immediately stood up and stepped back 2 to 3 meters, looking at the control panel (see photograph) showing the entire plant; he didn't even glimpse at the annunciator. He stood there for a few seconds then walked to the control panel and proceeded to stabilize the plant, which took 2 or 3 minutes. Only after that did he come back at his desk and went to the annunciator. He immediately pushed the acqp and rap buttons (thereby erasing the history of the event; the "returned to normal" are removed by these actions), then turned his attention to the remaining active alarms.

In such a situation, the majority of alarms return to normal within a few seconds. In normal situations (> 99% of the time), alarm messages show up one by one. The operator usually begins by silencing the buzzer, then reads the message and decides what to do. He then acknowledges the alarm; he will also push rap (reset) if the message is a "Return to normal".

Your task is to view the video clip, try to understand the behaviour of the operators (as described in the previous paragraphs, not the behaviour shown in the video), and imagine how an improved annunciator should behave to help the operators in their job. As you watch the video, think about what the operator is trying to achieve.

Note that:

Last updated on 21 August 2016
by André Gascon and Jeremy Cooperstock