Management of a plant alarm system has been identified as one of the key safety issues because of disasters caused by alarm floods. When a chemical plant is at abnormal state, an alarm system must provide useful information to operators as the third layer of an independent protection layer (IPL). Therefore, a method of designing a plant alarm system is important for plant safety. Because the plant is maintained in the plant lifecycle, the alarm system for the plant should be properly managed through the plant lifecycle. To manage changes, the design rationales of the alarm system should be explained explicitly. This paper investigates a logical and systematic alarm system design method that explicitly explains the design rationales from know-why information for proper management of changes through the plant lifecycle. In the method, the module structure proposed by Hamaguchi et al. (2011) to assign a fault origin to be distinguished is extended. Using modules to investigate the sets of alarm sensors and the alarm limits setting for first alarm alternative signals to distinguish the fault origin, an alarm system design method is proposed. Also, the completeness of fault propagation for a branch of the cause-effect model as the plant model is explained. Using the modules and the set of fault origins to be distinguished by the alarm system, we try to explicitly explain the design rationales of the alarm system. (C) 2014 The Institution of Chemical Engineers. Published by Elsevier B.V. All rights reserved.