You are on page 1of 58

PDVSA

ENGINEERING DESIGN MANUAL


VOLUME 9I ENGINEERING SPECIFICATION

PDVSA N

TITLE

K309

SCADA SYSTEMS

0
REV.

AUG.94
DATE

FOR APPROVAL
DESCRIPTION DATE

57
PAG.

L.T.
REV.

E.J.
APPD. DATE

A.N.
APPD.

APPD.BY Eliecer Jimnez

AUG.94 APPD.BY Alejandro Newski

AUG.94

E PDVSA, 1983

ESPECIALISTAS

ENGINEERING SPECIFICATION

PDVSA K309 REVISION DATE

PDVSA
Men Principal

SCADA SYSTEMS

AUG.94

Page
Indice manual Indice volumen

Indice norma

Index
Page

1 SCOPE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 CODES, STANDARDS AND PRACTICES . . . . . . . . . . . . . . . . . . . . 3 DEFINITIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 GENERAL REQUIREMENTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .


4.1 4.2 4.3 4.4 4.5 4.6 4.7 4.8 4.9 4.10 4.11 4.12 5.1 5.2 5.3 5.4 5.5 5.6 5.7 6.1 6.2 6.3 6.4 6.5 6.6 6.7 6.8 6.9 Function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Process Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Control Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Communications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ESD System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . System Capacity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Port Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Scada Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Redundancy and Backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Diagnostic and Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Control Room . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . General . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Hardware Characteristics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Cabinets and Wiring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Power Supply . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Grounding System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Radio Frequency Interference (RFI) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . System Hardware Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

4 4 5 6
6 6 6 6 7 7 8 8 8 9 9 9

5 MASTER STATION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

9
9 10 10 12 19 20 21

6 REMOTE STATIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

28
28 28 29 34 36 36 36 36 37

ENGINEERING SPECIFICATION

PDVSA K309 REVISION DATE

PDVSA
Men Principal

SCADA SYSTEMS

AUG.94

Page
Indice manual Indice volumen

Indice norma

Index (Cont.)
Page

6.10 System Software Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.11 Diagnostic and Maintenance Equipment . . . . . . . . . . . . . . . . . . . . . . . . . . . .

44 46

7 NETWORKS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
7.1 7.2 7.3 7.4 7.5 7.6 7.7 7.8 7.9 7.10 7.11 8.1 8.2 8.3 9.1 9.2 Functional Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Communications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Communications Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Time Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Node Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Remote Networks Integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Security Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Plant Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Dataentry Type Checking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Automatic Periodic Storage of Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Interaction with Other Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Technology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Modem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Communication Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Proportional Control Loops . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Discrete onoff Control Loops . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

46
46 47 47 47 48 48 48 49 49 50 50

8 TELECOMMUNICATION SYSTEMS . . . . . . . . . . . . . . . . . . . . . . . . . .

51
51 51 52

9 SYSTEM TUNING . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

53
53 57

10 INSTALLATION AND COMMISSIONING . . . . . . . . . . . . . . . . . . . . . . 11 Q. A. / Q. C. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

57 57

ENGINEERING SPECIFICATION

PDVSA K309 REVISION DATE

PDVSA
Men Principal

SCADA SYSTEMS

AUG.94

Page
Indice manual Indice volumen

Indice norma

FOREWORD

This document is the result of several years work by engineers in the petroleum industry of Venezuela (PDVSA). The recommendations presented in this publication are not intended to supersede applicable laws and regulations. Users of this recommended practice are reminded that no publication of this type can be complete, nor, can any written document, be substituted for qualifed engineering analysis. Suggested revisions are invited and should be submitted to:

The manager PDVSA Engineering Standards, C/O INTEVEP TENA Divisin, Apartado 76343 Caracas 1070A Venezuela

ENGINEERING SPECIFICATION

PDVSA K309 REVISION DATE

PDVSA
Men Principal

SCADA SYSTEMS

AUG.94

Page
Indice manual Indice volumen

Indice norma

SCOPE
This section covers PDVSA requirements for the design, specification, installation and commissioning of supervisory control and data acquisition (SCADA) systems. All guidelines of the introduction specification K300 shall also be explicitly followed.

CODES, STANDARDS AND PRACTICES


ANSI/NFPA 70 ANSI C37.901978 CCITT V.22 CCITT V.22 bis CCITT X.25 IEC 65A IEC 65A IEC6826 IEC68227 IEC68234 IEC 529 IEC 801X IEC 801X IEC 8011 IEC 8012 IEC 8013 IEC 8014 IEC TC77B National Electric Code Surge Withstand

(Secretariat) 123 Functional Safety of Programmable Electronic Systems: Generic Aspects. (Secretariat) 122 Software for computers in the Application of Industrial Safety Systems. Sinusoidal vibration Shock Random vibration wide band Electromagnetic Compatibility for Industrial Process Measurement and Control Equipment Electromagnetic Compatibility for Industrial Process Measurement and Control Equipment. General Introduction Level 3 (8KV) Electrostatic Discharge Requirements Level 3, Radiated Electromagnetic Field Requirements Class 3, Electrical Fast Transient/Burst Requirements (Secretariat) 72, Magnetic Field (Radiated Susceptibility) Grounding

IEEE 1100 IEEE 4721974 IEEE 802.3, 802.4 and 802. ISA SP50.182 Compatibility of analog signals for Electronic Industrial Process Instruments ISA SP84x Programmable Electronic System (PES) for use in Safety Applications when available ISO 9001 Quality Management and Quality Assurance Standards

ENGINEERING SPECIFICATION

PDVSA K309 REVISION DATE

PDVSA
Men Principal

SCADA SYSTEMS

AUG.94

Page
Indice manual Indice volumen

Indice norma

McGrawHill MILHDBK217 MIL STD MIL STD MILHDBK472 NEMA NFPA 75 RFC SWEDISH Technisher Supervisory TUV DIN VDE 0110/01.89

compilation of open systems standards by HAROLD C. FOLTS. E 461C Part 4 462 Maintainability prediction Protection of Electronic Equipment 768/791/792/793/821/854/959/1098. standard MRP II CRTs UberwachungsVerein (TUV) Regnal Technical Association Rheinland Class 5 Safety Equipment Certification as it relates to: Isolation Requirements for Equipment within LowVoltage Systems; Dimensioning of clearance and Creeping Distances. Electrical Equipment of Furnaces Electronic Equipment to be used in Electrical Power Installations and their assembly into Electrical Power Installations

DIN VDE 0113 DIN VDE 0116/10.89 DIN VDE 0160/04.89

DIN VDE 0165 DIN VDE 0170 DIN VDE 0470 DIN VDE 0801/01.90 DIN VDE 0804 DIN VDE 19250/01.89 ISBN 3885853159.

Principles for Computers in Safety Related systems Fundamental Safety Aspects to be Considered for Measurement and Control Protective Equipment Microcomputers in Safety Techniques (TUVhandbook) An Aid to Orientation For Developer and Manufacturer

DEFINITIONS
All definitions are listed in specification K300.

ENGINEERING SPECIFICATION

PDVSA K309 REVISION DATE

PDVSA
Men Principal

SCADA SYSTEMS

AUG.94

Page
Indice manual Indice volumen

Indice norma

GENERAL REQUIREMENTS
4.1 Function
The SCADA system shall consist of a master terminal unit (MTU), which gathers all the various measurement and control information and equipment status data via telecommunication links with intelligent remote terminal units (IRTU) located in various process plants and via displays aid the plant operator supervise all process operations linked to the system, at one central location and enable the operator take the necessary actions to ensure safe and optimum operating conditions of the process plants.

4.2

System
The SCADA system is an element vital to operations that collects information, performs the control action and provides all the field information necessary for the planification of the process at the various supervisory and strategic levels. The System shall have fully automatic facilities for exchange of information to and from a database.

4.3

Design
The system design shall provide the necessary information to the controllers located in the IRTU in order to optimize the process. The Optimization process shall be performed offline, by other computers, via digital communication networks provided within the system.

4.4

Process Details
This specification details the generic requirements of a SCADA system. The actual process plant details supervised by the SCADA system are given in an annex containing: S Process control diagrams S S S S S S Details of measurement and control functions Loop diagrams Instrument schedule Block diagram of master station with all IRTUs Power supply to MTU and IRTUs Grounding system at MTU and IRTUs.

ENGINEERING SPECIFICATION

PDVSA K309 REVISION DATE

PDVSA
Men Principal

SCADA SYSTEMS

AUG.94

Page
Indice manual Indice volumen

Indice norma

4.5

Control Systems
The SCADA system assisted by Computers performs via dynamic real time data processing supervision and Control Functions via telemetry utilizing data communication channels in serial form either of the low or medium quality. The scanning period is less than one third of the natural period of the process. The Control Functions are divided into two levels, the local control and the remote control from the operator stations at the MTU. The local control is located in the IRTU and programmable with the security that its execution under the IRTU operating System is achieved within the time necessary for the process. The remote control is restricted to initiations of a sequence of startup, shutdown or change of setpoint of the local control. The local control functions shall not depend in any manner on the communication links, and the IRTU, in the failure of communications links with the master station, shall not result in the maloperation/s of the process. The control system design shall be advanced type, i. e., in addition to normal control loops based on flow, level, pressure, temperature, analysis, etc., each of the set points of these loops shall have an option of being resetable, between the limits of plus 10% and minus 10% based on energy or mass or thermodynamic balances or dynamic model calculations. Ratio, cascade loops and wide range flow measurement systems shall be judiciously implemented together with dynamic pressure reduction or reboiler/furnace heat cutoff/compressor flow protection systems in order to safeguard plant and ensure stable operation, for example, operating a plant at lower throughput rather than shutting it down.

4.6

Design
The SCADA system shall be of modular design, with latest field proven hardware and software, consisting of operator consoles with screens, process input/output devices, electronic controllers, multiplexers, bulk data storage, communication systems, termination crossboards, signal conditioning equipment and engineering/maintenance screens in order to perform online reconfiguration and to test all system components with on line and offline diagnostics. The system shall be updatable with new equipment and/or improvements.

ENGINEERING SPECIFICATION

PDVSA K309 REVISION DATE

PDVSA
Men Principal

SCADA SYSTEMS

AUG.94

Page
Indice manual Indice volumen

Indice norma

4.7

Availability
The system shall be designed for maximum availability, safety, and integrity 99.99% or better in both failsafe and fail danger modes. This figure excludes the link between the IRTU and MTU as the telecommunications system has a minimum availability of 98%. Availability is defined as: Mean Time to Failure (MTTF) MTTF ) Mean Time To Repair (MTTR)

Availability % +

(100)

Availability figures shall be provided, with method of calculation and all assumptions clearly stated. Data for failure rates shall be derived from MIL HDBK 217 E wherever possible. Calculations shall be based on the ISA SP84 committee recommendations. The design system availability shall be based on MARKOV configuration diagrams and the correlation of the MTBF and the MTTR of the System parts and also the availability of the spare parts at the various stations both the master and the IRTUs. Any system failure fault shall be to a failsafe state.

4.8

Communications
Communications between the MTU and consoles shall be digital. The communications system shall have automatic selfchecking facilities and include a fully redundant second link, that is automatically switched into service on failure of the primary operating link. Reset back to primary operation shall be manual via keyswitch or password entry. The telecommunication system shall link the master station with the remote stations using the medium or low quality channels. It shall also include all the protocols necessary for processing the messages with a high probability of errors and even under these conditions make efficient and optimum use of the telecommunication channel.

4.9

ESD System
The SCADA shall not perform emergency shut down (ESD) requirements of the plant. The ESD system shall be a separate entity in accordance with PDVSA Specification K336.

ENGINEERING SPECIFICATION

PDVSA K309 REVISION DATE

PDVSA
Men Principal

SCADA SYSTEMS

AUG.94

Page
Indice manual Indice volumen

Indice norma

4.10

System Capacity
The SCADA shall cover the project requirement and have minimum 30 percent spare rack space, 30 percent on installed I/O conversion, controller and multiplexer capacity and 30 percent on area space in the equipment room.

4.11

Port Connections
The SCADA shall have port connections to link with other equipment both at the MTU and IRTU stand alone controllers, supervisory and optimization computers, PLCs and interface with protocols such as MAP, Ethernet, MODBUS, Allen Bradley, Data Hiway, Tiway, Genius, etc. This shall include simultaneous transmission of information to these equipments and also receive instructions from them.

4.12

Protection
The system shall be protected against errors and hardware damage resulting from electrical transients on power or signal wiring, generated by switching large electrical loads, by power line faults, lightning strikes and lightning induced surges on power or signal cables in accordance with IEEE 4721974. All components of the SCADA shall be immune to electromagnetic radiation and radio frequency interference generated by hand held walkietalkie sets in accordance with IEC801, 1 to 3.

MASTER STATION
5.1 Function
The master Terminal Unit (MTU) shall serve as a central collector of all information inputs from the field and process the data to make available on demand at all operating stations of the SCADA system and to the various application programs run in the system. The MTU shall be configured as a combination of intelligent elements that are interconnected via a local area network. The MTU shall additionally serve as an administrative and maintenance station of either the local area network or the wide area network with the nodes and services, permitting at the same time the maintenance of a local area network. The following minimum functions shall be available: S Supervision of remote stations S Annunciation and acknowedgement of alarms and events S Classification of alarms and events S Printing of alarms and events

ENGINEERING SPECIFICATION

PDVSA K309 REVISION DATE

PDVSA
Men Principal

SCADA SYSTEMS

AUG.94

Page
Indice manual Indice volumen

10

Indice norma

S Historical storage of alarms and events S Input signal processing (analog, digital, thermocouple, RTD and pulse frequency) S Historical data storage of input process signals S Display of process measurement signals (bar and trend) S Access control and security levels S Implementations of specific applications.

5.2

Hardware
The architectural systems shall be based on local networks and in the model client server in which the operator stations are the intelligent clients of a computer network that provides them with the information on demand. There are two fundamental designs of the master station, both based on network technology, the use of communication servers, database servers and intelligent operator stations, one based on microcomputers and the other based on minicomputers. It is the clear responsibility of the SCADA system designer to establish with clarity in detail the limitations of the architectural systems based on networks comprised of microcomputers, attractive from an economic point of view but are limited in their expansion capabilities. The architectural systems based on minicomputer used as database servers are more stable and have a large capacity for expansion which indicate that difference between one system and the other is based on the complexity of the process operations.

5.3

Software
Operative system The station shall run a multitask real time operative system based on interruptions and having as reference the process plant to be controlled with preferences given to UNIX and OpenVMS operative systems.

5.3.1

Data base The data base shall contain in real time all necessary data and application programs that are run in the MTU in order to meet the process operational requirements as per paragraph 4.4. The data base shall not depend on any program language. If the data base is altered it shall not be necessary to alter manually any reference already prepared for the system, programs or special applications. In the event of any modification to data base the modification to the pointers shall be performed automatically.

ENGINEERING SPECIFICATION

PDVSA K309 REVISION DATE

PDVSA
Men Principal

SCADA SYSTEMS

AUG.94

Page
Indice manual Indice volumen

11

Indice norma

Expandability The system shall have 100% expansion capacity. Access restriction The access to data base is through use of password. Modification The database shall be modifiable on line from the operator or maintenance console in a transparent form during the normal operation of the SCADA system. The concurrent access to database fields shall be avoided in order to ensure simultaneous operations are not performed in the same field. The system shall possess an interactive facility that permits modifications to database intuitively. 5.3.2 Specific Applications The system shall have facilities to develop specific applications in high level language using the internal libraries of the SCADA system, posses access to system database both for reading and writing. Application programs in machine or assembler language are not acceptable and their use is only permitted subject to PDVSA approval. Languages They shall be the latest version of the following: FORTRAN PASCAL C C++ Libraries Each language shall be complete with its specific library that permits the management of database in real time. The access to database shall be Bidirectional, i.e. permit read and write in the various database fields at the same time. The documentation of all the routines shall be complete in its use and facilitate to write necessary commands. Sources The system documentation shall be complete with all the sources of the various application programs developed for the SCADA system.

ENGINEERING SPECIFICATION

PDVSA K309 REVISION DATE

PDVSA
Men Principal

SCADA SYSTEMS

AUG.94

Page
Indice manual Indice volumen

12

Indice norma

5.4
5.4.1

Scada Applications
The software system shall perform the tasks detailed below. Process displays S P& IDs and other graphic pictures shall detail a particular area of the process or provide an overview of more than one area of the unit. Values shown on these displays shall be updated at a 4 second interval to optimize the ergonomic interface to the operator. e.g., minimize eye strain and fatigue. Critical values shall be updated at a onehalf second rate. S Group displays shall show the values and status of the primary operating parameters in both numeric and graphic (bar) form a minimum of six display points. Any data point shall be capable of being assigned to one or more groups. The operator shall be able to make process changes to any of the points assigned to this display (i.e., setpoint, mode, output, etc.). S Point detail display shall characterize every parameter and attribute of the data point. The individual data point shall be manipulable in either an onprocess or offprocess mode depending on security level. S Group trend display shall graphically present historical process data, for any or all six points on an xy axis with the x axis representing time. This time resolution shall be selectable by the operator. In addition, the six points shall be trendable on a operator selectable time base using real time data. The y axis shall represent the range of the process variable 0 to 100% or an operator selectable band, either unipolar or bipolar. Each trend shall have an unique colour. S Hourly average shall display the last 8 hourly averages for the points of the selected group display in tabular form including the corresponding clock times. The points shall be identified by both Point ID and Descripton. S Help displays shall provide detailed information to the operator about a particular function.

5.4.2

System displays S System status displays shall show the state of every major component in the system and individual modules or nodes to be started, stopped, switched (for those nodes with primary and backup) or checked for status and operability. S Console status display shall show the state of each device in the console including node number, printer assignments, disc assignments and maintenance requirement. It shall permit to enter time, day and date, load another node, shut down a node, change printer assignments and change the access level from this display. S Box point summary shall show the point ID., Description, IRTU to which the point is assigned and the slot number for each requested point.

ENGINEERING SPECIFICATION

PDVSA K309 REVISION DATE

PDVSA
Men Principal

SCADA SYSTEMS

AUG.94

Page
Indice manual Indice volumen

13

Indice norma

S Point usage list shall show the descripton, hardware location, IRTU to which point is assigned, trends to which point is assigned and logs to which any point ID is assigned. S Point attribute summary shall show the point ID(s) of one or all points which contain one of the following operator selectable attributes. Alarm Inhibit Alarm Disable Manual PV Substituted PV Uncertain PV Bad PV Manual Mode Cascade Mode Program Mode Inhibit action Computer set point Loaded Not Loaded Error Fail Hold Shutdown Emergency Shutdown

S Node point summary shall provide a listing of all points within the selected module. It shall be arranged in point ID order and contain the point descripton, group number and device address. A separate display shall be available for each node/module. 5.4.3 Network access Operator Station shall allow access to business related data documentation in accordance with specification K362. Applications running in different platforms of the Network shall appear in a window on the screen and interact with the user. Security mechanisms shall prevent using the Network to manipulate process control network data. The screen shall have the option of retaining the primary process control window in full view at all times, not obscured by other windows. The screen shall maintain the secure operational path to the valve when the WINDOWS environment has a failure. The system shall enable access and control between remote system networks in accordance with predefined access levels. 5.4.4 a. Alarm management Alarm logic When a point goes into alarm, it shall cause the alarm summary window to flash. The operator shall, by acknowledging the alarm from any operator keyboard, cause the alarm to cease flashing on the CRT. They shall remain on the screen

ENGINEERING SPECIFICATION

PDVSA K309 REVISION DATE

PDVSA
Men Principal

SCADA SYSTEMS

AUG.94

Page
Indice manual Indice volumen

14

Indice norma

until the alarm initiating condition has returned to normal. The system shall record the time of occurrence of the alarm, the time of acknowledgement of the alarm and the time of the returntonormal of the point. b. Alarm annunciator The display shall function similar to the traditional annunciator. The display shall have a minimum of 30 windows, each capable of accepting up to 10 inputs. When an alarm occurs, the window shall flash and change to the color corresponding to the alarm priority levelRed for emergency, Yellow for High. On acknowledgement, the window shall stop flashing but retain the color until the alarm (all alarms assigned to the window) is cleared. Each window shall be a touch target to allow the Operator to quickly access additional information or another display regarding the alarm. c. Alarm priority The system shall be intelligent type and assign different levels of process alarm priority to any point during configuration. These priorities shall distinguish between low, high and emergency alarms. The system shall provide a separate voltfree contact for each of the three alarm levels to drive audible devices. The Specific system responses to each priority shall be: Alarm Priority
Emergency High Low

Display
Yes Yes Yes

Print on event recorder


Yes Yes Yes

d.

Alarm suppression Under predefined conditions, alarms shall be capable of being cut out and prevent alarms from being reported when alarming would be obvious (such as preventing a low pressure alarm when the associated pump is off). This intelligent alarming shall be configurable and modifiable. The system shall on a per point basis enable, disable or inhibit alarms and the following table defines the actions of each category: Display
Enable Disable Inhibit Yes No No

Print on Event recorder


Yes Yes Yes

All operator actions which changes a points alarm status shall be recorded in the event recorder.

ENGINEERING SPECIFICATION

PDVSA K309 REVISION DATE

PDVSA
Men Principal

SCADA SYSTEMS

AUG.94

Page
Indice manual Indice volumen

15

Indice norma

e. Time

Alarm display Analog Alarms Point ID


XXXXXX

Alarm Type
PVHI

Alarm Priority
H

Alphanumeric Description
Up to 24 Characters

Alarm Limit
XXXXXX

Current Value
XXXXXX

Eng. Units
PSIG

HH:MIN:SEC

Deadband All analog inputs shall have an assignable alarm deadband value. Before an input is defined as returned to normal the input must have returned into the normal operating range within the deadband value. The deadband value shall be selectable 0.5 to 5%. Digital Alarms
Alarm Alarm Alphanumeric

Time
HH:MIN:SEC

Point ID
XXXXXXXX

Type
TRIPPED

Priority
E

Description
Up to 24 CHARACTERS

The display shall readily distinguish between acknowledged and unacknowledged alarms. If an alarm condition returns to normal prior to being acknowledged, it shall remain flashing on the screen with a unique identifiable characteristic. On acknowledgement, the alarm shall be removed from the screen. A minimum of twenty alarms shall be displayed on each page, with a minimum of five pages available for display. The total number of alarms in the summary shall be displayed on each page to assess the current alarm situation. The last five alarms shall always be shown in a window on all displays. 5.4.5 Analog output/digital interlock action inhibition The system shall via configuration place any output in a Inhibit state. The operator shall place the output in its desired safe state prior to inhibition. The system shall then prevent the alteration of the mode, mode attribute, external mode switching state and ouptput while in the inhibited state. In addition, the system shall prevent the point from being re configured and deleted until the operator reconfigures to place the output in its normal state. Both configuration actions shall be Check before Operate type. 5.4.6 Event management The system shall be intelligent type and store all events whether operator initiated, actuated by interlocks or spurious. Typical events are: S Valve opening/closing/staying at an intermediate position S Rotating equipment starting/stopping

ENGINEERING SPECIFICATION

PDVSA K309 REVISION DATE

PDVSA
Men Principal

SCADA SYSTEMS

AUG.94

Page
Indice manual Indice volumen

16

Indice norma

S S S S

Controller changed from auto to manual or viceversa Controller changed from cascade to manual set Controller set point changed from computer to manual Change of set points, operator or computer initiated (STORE VALUES FOR LAST 48 HOURS ONLY) S Change of output value to valve controller or operator initiated (STORE VALUES FOR LAST 48 HOURS ONLY). Typical event printer log: Time
HH:MIN:SEC HH:MIN:SEC HH:MIN:SEC HH:MIN:SEC HH:MIN:SEC HH:MIN:SEC HH:MIN:SEC

Point ID
XXXXXX XXXXXX XXXXXX XXXXXX XXXXXX XXXXXX XXXXXX

Alphanumeric Description
Upto 24 characters Started

Event type
Stopped Computer set point Control now manual Set point now cascade Set point XXXXXXX increased to

Log on printer
Yes Yes Yes Yes Yes No No

Output to valve decreased to XXXXXXX

5.4.7

Logs, special/periodic/event driven S The system shall generate logs for specified set of points or data at specified intervals or on demand basis. S The system shall generate periodic logs of points previously configured: hourly, shift, daily, monthly. S The system shall record events pertinent to the process with the exact date, time of occurrance and categorize as follows: Operator initiated actions (change of set point, change from auto to manual or viceversa, change from cascade to auto or viceversa manual output changes, manual start or stop, etc.). Alarm occurrance, acknowledgement and return to normal. Spurious/abnormal equipment start or stoppages or valve opening and closures. Automatic interlock initiated actions and valve opening and closures. Failure of equipment/s to respond to automatic interlock initiated or operator initiated actions within 3 seconds. System Status Changes/Error Messages/Maintenance Messages.

ENGINEERING SPECIFICATION

PDVSA K309 REVISION DATE

PDVSA
Men Principal

SCADA SYSTEMS

AUG.94

Page
Indice manual Indice volumen

17

Indice norma

S Log Displays The screen shall display all logsspecial, periodic or event driven and process/system histories. The exact date and time when the value was read shall be logged. The report shall also indicate the data collection start and completion times 5.4.8 Process history Plant operations data shall be separated into two subcategoriesContinuous and Event Driven. Continuous history includes the Base System Averages on an hourly, daily, specific month, 30day, specific year and 365day basis for up to 2000 points for at least 96 hours of 1 minute snapshots, plus availability of other historical data on different time scales (e.g. fast scanning, 1day averages . 5.4.9 System history System status, error and maintenance action identification messages on an hourly, daily, specific month, 30day, specific year and 365day basis. 5.4.10 Printer assignment The operator shall direct logs or screen display to any printer. The system shall provide for back up of a failed printer with another printer. This printer shall continue with its normal functions and additionally handle the functions of the failed printer until it is restored. The data currently accumulated for these logs shall be protected in case of printer failure and the system shall print automatically on restart. 5.4.11 Documentation The system shall be complete with all documentation necessary to configure, install, startup, operate and maintain the system. All maintenance documentation shall be oriented to facilitate expedient repair with minimum downtime. 5.4.12 Self testing Each system module shall contain four (4) levels of test to ensure that the module is performing correctly prior to being placed in operation and to monitor its performance while in operation. The various procedures shall be displayed live on the screen. All the results both correct and incorrect operations shall be displayed and appropriate failure messages logged on the printers. a. The first level shall be the Startup Tests. These tests shall reside in ROM and shall be automatically executed following poweron or restart of the module. They shall verify the correct operation of the basic logic on each PCB in the module. Failures shall be indicated by means of LED(s) on each PCB and on the screen.

ENGINEERING SPECIFICATION

PDVSA K309 REVISION DATE

PDVSA
Men Principal

SCADA SYSTEMS

AUG.94

Page
Indice manual Indice volumen

18

Indice norma

b.

The second level shall be the Quality Logic Tests. These tests shall be automatically loaded and executed after the startup test a. These tests shall verify the correct operation of the module hardware and qualify it for loading its onprocess software. Failure shall be indicated on the screen. The third level of testing shall be OnProcess Tests. These tests shall be parts of the onprocess software of each module and shall be executed periodically whether a module is primary or backup. A recoverable error shall be error message report for analysis by maintenance personnel. A nonrecoverable error shall cause the module to be shutdown, recorded in the system error message and indicated to the operator. A printed error history shall be available to be returned to factory with the failed PCB/module. The fourth and most extensive level of testing shall be the OffProcess Tests. These tests shall be loaded by maintenance personnel when automatic tests (levels a, b, c) cannot resolve a problem. These tests shall have the following functions: S Display the system error event record S Display the hardware and software revision status of all modules on the network S Display a snapshot of the system status, including all nodes, modules, boxes, etc. S Display the contents of memory of any node, module, box, etc. S link the system to supplier s technical assistance center.

c.

d.

e.

Node isolation The engineer shall be able to isolate the node from the system and perform detailed offline diagnostics to test the nodes, microprocessor(s), memory, and communications.

5.4.13

Bulk data storage The SCADA shall include an optical or magnetic disk based bulk data storage system with capacity to maintain the following information and facilitate online up/downloading to/from on tape or cartridge units. Trend histories of twice the amount of analog variables specified for at least 96 hours of 1 minute snapshots, plus availability of other historical data on different time scales (e.g. fast scanning, 1day averages for last and actual calendar month, shift average for the actual and previous week, etc.). This information shall be available to the operator console on line. Configuration of the complete SCADA, with the capacity of loading each and every piece of equipment, software program and data base (including points, graphics and displays) at a very quick speed.

ENGINEERING SPECIFICATION

PDVSA K309 REVISION DATE

PDVSA
Men Principal

SCADA SYSTEMS

AUG.94

Page
Indice manual Indice volumen

19

Indice norma

Logging of all alarms and events occurred in the last 48 hours.

5.5

Redundancy and Backup


The master station shall be 100% backup type, provided with equipments and programs that permit to have a hot standby backup of the database and other informations essential for process operation. It shall be designed to conserve the operation of the system even in the event of failure of any of the critical components. Hot standby The master station shall operate continuously under a hot standby configuration whereby, the computer that was the primary shall begin to collect all the field information and update the database based on this new information in real time and at the same time make available all the field information to the operator stations and also store all historical data. It shall transfer all this information to the standby computer at least once every minute. a. Transference time

The transfer of information between the two C.P.U.s shall be performed within 5 seconds. b. Switching time

The total time from an initiation (manual or automatic) to a transference between CPUs shall be less than 1 minute and the system shall guarantee continuous operation in the field during this transfer. c. Transfer facilities

After the transference of information from field, the system shall have the facility to additionally transfer other information to ensure the consistency of the system, such as loads of remote stations, application programs, displays, etc. d. Transference channel

The only channel acceptable for this transference shall be the local area network. The use of interCPU and parallel bus channels are Not acceptable. Watchdog transference panel There are two available methods to detect failures of the MTU computer one utilizing an external supervisory circuitry via independent communication channels when each CPU detects the absence of a signal generated by software at an outlet port; the other preferred method is to maintain a periodic communication via a network between the two CPUs and in the event this message is not received, the backup CPU initiates a transfer sequence.

ENGINEERING SPECIFICATION

PDVSA K309 REVISION DATE

PDVSA
Men Principal

SCADA SYSTEMS

AUG.94

Page
Indice manual Indice volumen

20

Indice norma

Function and startup assignments Startup At black start both CPUs shall have the capacity to function as a master unit and a CPU shall convert into a standby status on receipt of a signal confirming that the other CPU has completed its startup sequence and has complete control over all peripherals. Startup discrepancy In the event of any malfunction of the two CPUs whereby both of them try to convert themselves as a master, this discrepancy shall be detectable, the operation stopped automatically and the startup sequence reinitiated with a time delay between the start of each CPU. Master CPU failure detection The master CPU shall send a message to the standby CPU (or to the supervision circuitry) atleast every 5 seconds to inform that it is functioning correctly. When this message is not received the standby CPU shall assume that the other CPU has failed.

5.6

Diagnostic and Documentation


The system shall be complete with two copies of documentation and diagnostic tapes. S SCADA application Operator s Manual Maintenance Manual Diagnostics manual Description manual Installation manual Maintenance manual Diagnostic manual (including original media & programs) Operating system manual Networking software manual Network management

S Master station (servers and workstations)

ENGINEERING SPECIFICATION

PDVSA K309 REVISION DATE

PDVSA
Men Principal

SCADA SYSTEMS

AUG.94

Page
Indice manual Indice volumen

21

Indice norma

S Remote stations (IRTU) Operation manual Maintenance (hardware/software) manual Programming language manual Operating system manual Manual and source code of any application

S Diagnostics and licences Two copies of off line diagnostics programs and licences of any software installed in the system

5.7

Control Room
It shall be designed ergonomically as an integral part of the SCADA to enable the operator supervise and control all plant operations and make the decisions for process optimization. It shall contain in one room: S Operator consoles with high definition graphic colour displays S Alarm annunciator on Class I service. S Printers. ADJACENT to the control room, but in the same building, shall be engineer/maintenance screens, cabinets with hardware, printers and auxiliaries for online system test, maintenance and modification facilities.

5.7.1

Operator console The operator console shall be the unique interface for the visualization of process data, with the exception of class 1 alarm panels (e.g. Fire Alarms). The operator console shall consist of the following equipments: S S S S S Graphic displays operating in windows environment with keyboards Radio and telephone jacks Printers Class 1 Alarm Panel Pointing devicesmouse, touch screen, trackball, etc.

Two screens shall be minimum for a system. The number of operator stations shall be agreed with PDVSA operations personnel. The console shall be factory assembled and wired, complete with all necessary devices ready for onsite installation, the latter shall consist of placing the consoles in position, connection of supply wiring and communication cables. SCADA devices other than those specifically required for the operator console function shall be located in a separate equipment room.

ENGINEERING SPECIFICATION

PDVSA K309 REVISION DATE

PDVSA
Men Principal

SCADA SYSTEMS

AUG.94

Page
Indice manual Indice volumen

22

Indice norma

The graphic displays shall have automatic synchronization facilities of minimum 76 Hz (vertical sync.), minimum resolution of 800 x 600 pixels with a 0.25 mm. dot pitch and shall comply with SWEDISH standard MRP II for radiation emissions. The CRTs shall be rotatable 300 in a horizontal direction and from minus 14 to plus 30 in a vertical direction. The keyboards shall be standard QWERTY type and in addition possess functional keys (membrane type, dust and liquid spillproof) to perform the principal functions such as: S S S S S Alarm acknowledgement and silencing Alarm display Increase or decrease set point or manual output Initiate (start) Stop.

Touch targets shall be configurable in any size from full screen down to a single character space. All targets shall be check before operate. Multiple touch targets shall be assignable to any display. These additional touch targets shall be configurable for calling up associated displays on other screens: a. b. c. d. Initiate an operator action (i.e., open a valve, start or Stop a motor or initiate a sequence etc.) Call up another display or displays Send a display to other screens in the console Change the displays on several screens in the console at the same time, giving the operator a complete detailed view of a particular area of interest in the process.

For safety and consistency purposes, any touch target on a custom graphic shall access one of several other graphics, depending upon process or other conditions; e.g., the targets shall be intelligent type. The Operator shall touch the same target under normal and abnormal conditions, with the system determining the proper graphic for display. To ensure quick access all parameters (PV, high limit, low limit etc.) for a given point shall be addressable by the same point tag number identification (ID). In addition to standard screen displays which only cover limited areas of the plant, the system shall provide complete plant displays on a wall in order to provide a total vision of the status to the operator for example: This wall display will show the entire refinery or offshore platform/s or pipeline system and whenever there is an upset in one particular area of the system the wall display will show its effect on other areas of the plant complex.

ENGINEERING SPECIFICATION

PDVSA K309 REVISION DATE

PDVSA
Men Principal

SCADA SYSTEMS

AUG.94

Page
Indice manual Indice volumen

23

Indice norma

The displays on the wall and the screens shall have panzoom (magnifying glass) facilities. Operator station Each display/keyboard and its associated electronics shall be totally independent and failure of one display or Keyboard, shall not affect any other station. S Display devices installed outside control room shall be touchscreen or membrane type keyboard only and also meet NEMA standards in a dusty environment. S Each operator station shall access all process data of the particular plant. All operator stations shall be interchangeable amongst each other for operation of the entire process plant. S The operator station shall always provide, time of day in hours and minutes, date by day, month, and year and page number if multiplepage displays are used. S Operator station shall be equipped with a keylock or password system to prevent unauthorized altering of configuration, programming and engineering parameters. The keylock or password shall not interfere with normal operator tasks. The operator station shall disable any device connected to the system that has monopolized or locked up data communications. All commands entered on the operator s keyboard shall be displayed immediately and acknowledged on the screen within one second. It shall not prevent access for a new command entry for more than one second. Disk drives S Shall be in accordance with paragraph 5.7.2. Printers Each operator console shall be provided with two printers, one for alarm/event logging and the other for reports. They shall be high resolution dot matrix type with graphic capabilities and reproduce any screen display. The printers shall be industrial grade, high speed, 400 cps or greater with ribbon cartridge. The interface shall be either EIA RS232C, RS422A or centronics parallel interface. Line length shall have a minimum of 132 characters. The printers shall have selfcontained test and diagnostics to aid in trouble shooting. The noise level shall not exceed 55 db (A).

ENGINEERING SPECIFICATION

PDVSA K309 REVISION DATE

PDVSA
Men Principal

SCADA SYSTEMS

AUG.94

Page
Indice manual Indice volumen

24

Indice norma

Keyboard The keyboards shall have a minimum of 50 configurable keys for assigning the most frequently used displays. These keys shall each have two independently lit LEDs. The LEDs shall be configurable for specific event alarm annunciation. All displays shall shall be retrievable within 2 seconds using dedicated function keys. S Page forward/Backward S S S S S S S Display Forward/Backward Call Associated display/prior display Access a Help display associated with the current display Access the message Summary Display Access the Alarm summary/Alarm Annunciator Display Print an image of the current display (including graphics) Access the System Menu.

Trend pen interface Each screen shall be able to assign six trend pens from any point in the data base. The operator shall range any pen to any selectable scale between 0 and 100% of a points range. Operating displays The displays available to the operator are process displays to monitor and control the plant and system displays to view system status and make limited changes to it. See paragraphs 5.4.1 and 5.4.2. 5.7.2 Engineering/maintenance work station It shall be close to or inside the same room where the I/O and other equipment are located. A minimum of two screens and two printers shall be provided. The station shall run all system diagnostics and perform all necessary tasks to correct any problems in the SCADA. Keyboard and printer shall be identical to that of the operator console. The station shall normally be on viewonly mode, but it shall perform control and operational tasks, as required by normal plant operation via keylock or password function.

ENGINEERING SPECIFICATION

PDVSA K309 REVISION DATE

PDVSA
Men Principal

SCADA SYSTEMS

AUG.94

Page
Indice manual Indice volumen

25

Indice norma

Disk drives and load media S One disk drive system shall be provided for each station. Each disk system shall store the entire SCADA configuration. Additional disc drives shall be provided as required for historical trend recording or other functions. S Disk systems, shall be fast loading tape cartridge or optical disks, high density, high speed device, not required for use during normal operation. Once the initial system software is loaded into the system, it shall not be necessary to use cartridge discs to restore a failed node. A copy of the nodes files shall be loadable from online bulk memory. Configuration The system configuration as detailed in paragraph 6.9.5 shall be done by fill in the blank type fields. Data base a. Data points

The engineer shall be able to remove or add new data points, modify existing data points and install the points in any applicable node, without removing that node from service or affecting any existing points in the system. The system shall determine and advise if a proposed new point ID is already in use in the system. The system database shall support at least 16 characters tagnames (point ID). b. Multiple load

The system shall load/install multiple data points from the load media to any applicable node on line, without affecting that node. Configuration recovery The system shall permit to recover the configuration of a node, its data base and store it in mass storage or the removable media (optical disc or cartridge) for later reloading. Utilities The system shall include the utilities, files and management tools necessary to format the load media, copy floppies (or cartridges), copy files from one source to another, delete files, list the directories of files and view or print the data within a file. The system shall also include text edit features similar to a word processor.

ENGINEERING SPECIFICATION

PDVSA K309 REVISION DATE

PDVSA
Men Principal

SCADA SYSTEMS

AUG.94

Page
Indice manual Indice volumen

26

Indice norma

System documentation tool The system documentation tools shall effectively manage changes in the SCADA environment. This function can query the entire operating database for entities and selected parameter values online. These queries shall be saved and the result output to the screen, a file on a bulk storage device or to a printer. A data file utility shall be provided that can create, display and manipulate files consisting of named fields of data. The following functions shall be provided: Set up tabular text files composed of records of named fields. Create and update documentation files. These files include fields that can be updated on command by the system and can contain location information, parameter values and programs using specific tagname. Sort and filter files by field. Output results to a file or printer. Graphics a. Residence

The system shall be capable of storing (online) and accessing at least 100 custom graphic displays. All graphics shall be accessible on any screen by calling up the displays by name, or by target zones on a operator station, or assigned to a configured key. b. Building The systems custom graphic (schematic) building facility shall possess the following minimum characteristics: Create and store new graphic pictures, copy a display from different graphic formats, rename displays, and modify any portion of a display using cut, paste and undo facilities. Detail a graphic to a single pixel resolution. The graphic or any part of it, shall be capable of being scaled from one pixel to one screen size. Both full size and half size text shall be available and selectable on a percharacter basis. Real time updating shall be provided for at least 100 data values in each display. Dynamic graphic symbol updating includes changing symbols, such as closed breaker symbol in place of an open breaker symbol, or a change of color based on existing conditions. Any point attribute shall be capable of being used in the graphics program for display or used for conditionally changing the graphic based upon engineer s assignment of unique behavior characteristics (if ... then type statements). Any analog value shall be capable of being built into a bar graph. The bars shall be oriented either horizontally or vertical and be of any height or width. Multiple

ENGINEERING SPECIFICATION

PDVSA K309 REVISION DATE

PDVSA
Men Principal

SCADA SYSTEMS

AUG.94

Page
Indice manual Indice volumen

27

Indice norma

bars shall be assignable to a single display. Bar color shall be selectable on a single bar basis. Individual bars shall change color upon the occurrence of a specified event, such as going into an alarm condition. Ability to define targets which will be used by the operator in monitoring and/or controlling the plant from graphic displays. The targets shall be visible at all times or invisible until a predetermined condition occurs at which time the target becomes visible. A minimum of one hundred targets shall be configurable per graphic. The graphic compiler shall create a source file and an object file and notify any errors in the definition of the display. The compiler shall also verify that all point IDs referenced by the graphic are loaded in the system. Logs, reports, trends, journals. The engineer shall be able to create, modify or delete logs or reports or trend via configuration and in addition select automatic or on demand printout. History archiver The engineer shall have access to history module to assist in analyzing data on particular equipment or event. Data collection shall be enable at all times. The specific data to be collected shall be defined in one of definition files. The values collected shall be numeric and discrete type. The real time collection rate shall be at least 300 values per second. After collection, the data shall be temporarily stored on the hard disc. Archiving shall be accomplished automatically from the hourly files on the hard disc. The archiving rate for real times values shall be at least 100 values per second. When the archive media reaches ninety (90) percent of capacity, a message shall be output advising the user of that condition. In order to minimize the storage required, the collected analog data shall be processed through a compression algorithm which applies a deadband to each point value. This deadband value must be exceeded before the new point value will be passed for archiving. The History Archiver shall also collect and archive continuous history values obtained from the History Module, all real time journal entries and ASCII files from the History Module. The retrieval function shall be available from two sources, the Operator s station and the History Archiver system. The engineer, from the History Archiver system, shall be able to access value for presentation in trend or tabular format, for transmission to a remote personal computer. The retrieved values shall be converted to a DIF format for further analysis by third party software packages.

ENGINEERING SPECIFICATION

PDVSA K309 REVISION DATE

PDVSA
Men Principal

SCADA SYSTEMS

AUG.94

Page
Indice manual Indice volumen

28

Indice norma

REMOTE STATIONS
6.1 General
The intelligent remote terminal units (IRTU) shall gather all information to and from the field and transmit the data to the MTU. The remote stations shall receive information from the field equipment via standard process interface units, such as analog current loops, digital signals and any digital communication network. The IRTU shall also execute control actions on the field items either as programmed or on demand from the operator. The control units shall have the capacity to implement redundancy at loop level. The IRTU architecture shall be modular, low electrical energy consumption distributed process type, that is, the IRTU shall have a central processor that manages the primary functions of the equipment but also permit the existence of slave processors designated to support specific functions within the IRTU, such as conversion or linearisation of signals or communication interfaces with intelligent type equipment located in the field. The IRTU software shall be based on real time operative system, managed through interruptions and its design shall be fault tolerant. The IRTU shall be located in NEMA 4X type cabinets, contain power supply and energy conversion equipment, IRTU circuitry, the telecommunications equipment of the station and the terminals for connecting with field mounted equipment. See PDVSA specification K300 for additional details. All printed circuits of the remote terminal units (IRTUs) shall be protected against damage/malfunction due to humidity through application of a protective coating over all components. The coating shall be atleast 5 mils thick and shall be guaranteed for minimum 5 years.

6.2
6.2.1

Architecture
The IRTUS are conformed of 5 basic functional units. Central processor unit (CPU) This acts as a coordinator processing all the information, both inputs from the field equipments and also the signals emanating from the master station. Inputs/outputs circuitry These units convert all electrical signals in various forms coming from the field into digital signals that can be processed by the IRTU. Also included are necessary electronic circuits to interconnect the IRTU with intelligent equipments mounted in the field. Communications circuitry The communication ports (gateways) of CPU interface with communication channels of the master station. The IRTU shall also have additional gateways to

6.2.2

6.2.3

ENGINEERING SPECIFICATION

PDVSA K309 REVISION DATE

PDVSA
Men Principal

SCADA SYSTEMS

AUG.94

Page
Indice manual Indice volumen

29

Indice norma

link with other equipment using protocols other than that used for the SCADA system. 6.2.4 Integrity circuitry and supervision The system shall incorporate facilities to continuously verify that both hardware and software systems are functioning correctly. In the event of any failure the system shall send a signal to external sources the cause of failure. 6.2.5 Power supply The IRTU shall operate on dual 24 volts D.C. supply. See PDVSA Specification K331 for details. The power supply unit shall supply all items mounted within IRTU and also to all field mounted instrumentation as well. The power supply shall be configured in redundant form so that the load is shared and in the absence of one of the sources of supply the operation of the process plant of the remote terminal unit is not affected in any way. The modules shall be independent operation type such that one unit shall be removable while the rest of the equipment continues to function with the aid of the hot standby unit.

6.3
6.3.1

Hardware Characteristics
Control unit Each system shall contain modular 100% backup with bumpless transfer main processors operating asynchronously and in parallel. Each processor module shall consist of a microprocessor, memory, math coprocessor, and necessary communication processors. Each processor shall retain its memory in the event of a power failure or internal malfunction for a minimum of six months. Battery backed up RAM shall be capable of retaining the application program in memory for a minimum of 6 months after power loss. Each processor shall provide sufficient memory for the initial configuration plus 100% excess for future expansion. A real time clock with a 10 msec resolution shall be available for time dependent functions. Each microprocessor shall be capable of scanning and updating the I/O and executing userdefined logic a minimum of 4 times per second. a. Word length The processor shall operate internally or externally with 16 or 32 Bits. It shall also perform mathematical operations with operands with double the accuracy of that of IEEE standard for floating decimal point. b. Interrupt management

ENGINEERING SPECIFICATION

PDVSA K309 REVISION DATE

PDVSA
Men Principal

SCADA SYSTEMS

AUG.94

Page
Indice manual Indice volumen

30

Indice norma

The processor shall receive vectorial interruptions for the management of digital inputs at high speed. c. Mathematical coprocessor The control unit shall have facility to insert, a commercially available model mathematical coprocessor designed to perform extensive calculations, on a base available on the control unit circuit board. The operative system of the remote station shall recognize the insertion of the mathematical coprocessor during its startup and shall automatically offer its functions to existing applications without need of reprogramming or recharge of the IRTU. d. Nonvolatile storage capacity The control unit shall have nonvolatile memory (ROM or EPROM) to store all the programs and applications either standard that of the manufacturer or the specific programmes designed for the system. The supplier shall also supply the necessary equipment for the programming of the EPROM memories. e. Memory storage with battery backup The control unit shall have a memory, not less than 256 KB that has battery backup (LITHIUM or battery RAM). The battery life period shall not be less than 40000 hours. f. Capacity of operational memory The control unit shall have a minimum of 256 KB RAM memory for the regular operation of the unit. There shall be spare space to expand the memory with additional 100%. g. Date/clock The control unit shall have a clock with battery backup with the following characteristics: S Resolution (selectable between 1 and 100 milliseconds). S Precision (selectable between 5 and 25 P.P.M.). The clock shall recognize leap year, 28/29/30/31 day months and Julian format calendar. The system shall have the capacity of synchronizing all remote terminal units (IRTU) with the MTU clock and also with a remote time standard provided by a satellite through an external signal in IRIG B form. h. Redundancy

ENGINEERING SPECIFICATION

PDVSA K309 REVISION DATE

PDVSA
Men Principal

SCADA SYSTEMS

AUG.94

Page
Indice manual Indice volumen

31

Indice norma

Equipment to be backed up shall be as follows: S CPU function backup including memory and communication card (1:1 backup). S Backup of analog input/output cards for control loops (1: 1 backup). S Backup of power supply cards to CPUs and I/O cards (1: 1 backup). S Backup of internalbus between CPU and Input/Output (1: 1backup). The remote terminal units shall have redundant control units. These have shall be hot standby type and shall enter into operation when the system integration supervision circuitry detects a fault in the functioning of the principal control unit. The switchover to the standby unit shall be automatic and bumpless via software and the system shall detect the change only through the receipt of the failure signal by the system integration supervision circuitry. 6.3.2 Input/output Modules All modules shall be equipped with: S S S S Automatic self calibration Normal mode rejection ratio of 15 db or better at 60 Hz Common mode rejection ratio of 80 db or better, from 0 to 100 KHz Sampling rate 15 milliseconds maximum per channel

All inputs and outputs shall meet the following minimal requirements on conversion accuracies: Analog to digital conversion - Resolution 14 bits - Linearity + 1 bit (LSB) - Repeatability + 1/2 bit (LSB) - Accuracy + 0.1% full scale Input modules The system shall accept following input signals directly from field: S Digital: Dry contact rated for 24 volts DC with any interposing relay mounted in a separate cabinet. Digital input signals shall be conditioned by a lowpass filter up to 15 ms. Each individual input signal path on the input module shall be automatically tested for proper operation at least every 10 minutes. Each digital input shall have status indicator for the individual channel and be individually fused with blown fuse indication. Digital to analog conversion - Resolution 12 bits - Linearity + 1 bit (LSB) - Repeatability + 1/2 bit (LSB) - Accuracy + 0.25% full scale

ENGINEERING SPECIFICATION

PDVSA K309 REVISION DATE

PDVSA
Men Principal

SCADA SYSTEMS

AUG.94

Page
Indice manual Indice volumen

32

Indice norma

S Analog: 420 mA, 15 VDC or 0100 mVDC signals from 2 wire transmitters S Thermocouples, ANSI standard types J, K, E, T, B, S, R, RTD (3 wire) 10 ohm Copper, 100 ohm Platinum, 120 ohm Nickel. Thermocouple inputs shall have built in automatic cold junction compensation and linearization. A single module shall accommodate all types of thermocouples. S RTD inputs shall have 12 bit minimum analog to digital conversion. S Pulse Inputs at rates up to 20 kHz. Each input shall be filtered, converted to engineering units and the data validity checked. These inputs shall be optically isolated and current limited to protect against inadvertent damage. They shall be configurable as status, latched inputs or accumulator inputs. The functions performed on the respectively configured inputs shall include: Status Input: S Direct or reverse sense S Alarming of offnormal state S Alarm delay (must be exceeded before realarming) Latches input: S Change of status reporting S Hold of offtoon transition for 1.5 seconds Accumulator Input: S 16 bit accumulator, up to 25 PPS S Up or Down direction counting. Where inputs have 2 independent sensors for 100% backup or 3 independent sensors for 2 out of 3 voting as defined by the logic diagrams the diagnostics shall be included in the application program. Output modules The system shall provide output signals to transducers, solenoid valves, motors, pumps, compressors, alarm annunciators, etc. Analog: 420 mA signals Output characteristics: S Direct or reverse operation S D/A per output S Power regulator per output

ENGINEERING SPECIFICATION

PDVSA K309 REVISION DATE

PDVSA
Men Principal

SCADA SYSTEMS

AUG.94

Page
Indice manual Indice volumen

33

Indice norma

S Software calibration S Loopback output S 5 segment output characterization S Default options upon failure S Hold S Got to zero occurrence. Digital (contact) output shall have the following characteristics: S Mechanical relay dry contact rated for 24 volts D.C., 2A with any interposing relay mounted in a separate cabinet S Individual contact suppression Configurable as: Momentary (10 ms 1 min.) Latched Pulsewidth modulated (1 s to 120 s on time) S Individually definable default state S Output readback verification Output modules shall fail to the safe state upon microprocessor failure. Digital outputs shall be current rated for an inductive load with a minimum of 1 A per point at 60C. Modules shall be rated for full load at maximum specific conditions. Digital output modules shall operate with a  10% voltage variation. The module shall detect and alarm open or shorted field circuits as well as power monitoring. If any energize to trip signals are specified in annex load monitoring shall be required. 6.3.3 Digital communication transmitter interface The process I/O subsystem shall have a fully tested interface to communicate with microprocessor based transmitters. This interface shall utilize an alldigital protocol to obtain maximum accuracy from signal source to SCADA and shall, from the operators console, be able to configure, rerange, determine transmitter status and load the transmitter date base. The interface shall also determine if the transmitter data base has been changed fron a source other than the operator station and warn the operator.

ENGINEERING SPECIFICATION

PDVSA K309 REVISION DATE

PDVSA
Men Principal

SCADA SYSTEMS

AUG.94

Page
Indice manual Indice volumen

34

Indice norma

6.4

Cabinets and Wiring


S All equipment shall be mounted in standard cabinets suitable for a safe environment, with a minimum IEC 529 IP 51 certification. The cabinet interior finish shall be white and fitted with a fluorescent light inside. S Any part of the scada equipment located outside air conditioned rooms shall meet NEMA standards to comply with the area classification and any specified corrosive atmospheres (marine, ammonia, chlorine, hydrogen sulphide, etc.) complete with inert gas purge. S Cabinets shall be freestanding, completely assembled, wired in accordance with specification K330 and designed to operate between 060C and 5 to 95% noncondensing ambient conditions. S Cabinets shall be fully enclosed with doors in front and rear as required. S Adequate ventilation shall be provided to keep the temperatures within design specifications. An over temperature alarm shall trip when the temperature is greater than 45C. S The equipments, electronic circuitry and wiring shall be arranged to facilitate good access and perform maintenance safely. S Engraved nameplates shall be provided for each cabinet, peripherals, and subsystems such as controllers, multiplexers, communication devices, etc. Legends shall be approved by PDVSA. S The system wiring shall meet the MILSTD461C Part 4 per MILSTD462: For conducted susceptibility Method CS 01, power leads Method CS 02, power leads Method CS 06, power leads, spikes. For radiated susceptibility Method CS 01, magnetic field Method CS 02, induced magnetic field Method CS 03, electric field S Termination assemblies shall be mounted within the cabinets. All interconnecting cables shall be tagged at both ends using shrink sleeve type markers or equivalent.

ENGINEERING SPECIFICATION

PDVSA K309 REVISION DATE

PDVSA
Men Principal

SCADA SYSTEMS

AUG.94

Page
Indice manual Indice volumen

35

Indice norma

Wiring All wiring and terminals shall be segregated according to type of signal as follows: Analog Digital Thermocouple Frequency standard, 24 volts D.C. intrinsically safe Terminal blocks for input and output signals shall be nonhygroscopic. Terminals shall be tinned and clearly identified. The size of terminal block shall be consistent with the size, viz. #18 awg. Analog wiring shall be shielded cable of twisted pairs. All wiring shall be stranded copper except for thermocouple where it should match the T/C type. The terminals for T/C shall match the specified thermocouple wire. Color coding for wiring shall be as follows: 110 VAC Hot Neutral Ground 24 VDC Positive Negative Ground Red Black Green Black White Green standard, 24 volts D.C. intrinsically safe standard, 24 volts D.C. intrinsically safe

ENGINEERING SPECIFICATION

PDVSA K309 REVISION DATE

PDVSA
Men Principal

SCADA SYSTEMS

AUG.94

Page
Indice manual Indice volumen

36

Indice norma

6.5

Power Supply
All equipment shall comply with the latest IEC, IEEE, EIA, NEMA, ISA, NEC, UL, FM, CSA or COVENIN standards. The IRTU equipment shall operate on 24 volts. D.C. All flourescent lights and socket outlets shall operate on 110 volts, 60Hz., A.C. S Each power user (consoles, controllers, I/O devices, etc.) shall have a separate circuit breaker with its own fuse. S The IRTU shall supply 24 VDC power to electronic transmitters or other external devices requiring electrical power. Each process I/O device shall be provided with self regulatory capability to assure proper power levels. S Independent redundant power supplies shall be used for I/O subsystems and communication devices (including interfaces), such that any individual power supply unit failure does not have any effect on the operation of the IRTU and also without the need to switch to battery back up facility.

6.6

Grounding System
The grounding system for metallic enclosures and electronic circuits shall be separate and designed for connection to the main grounding System of the plant. The grounding system shall have a maximum resistance of I OHM. See PDVSA Specification N201 and IEEE 1100.

6.7

Radio Frequency Interference (RFI)


S Equipment shall have RFI protection against hardware damage and system error. Error caused by RFI shall not exceed 0.1 percent of span for exposure to a field strength of 10 volts/meter over the frequency range of 101000 MHz. S Minimum clearances and shielding shall be maintained between data communication link and power cabling, transformers, motors, etc. The design shall maintain minimum separation distance between process interface equipment, process, controllers, remote multiplexers and electrical substation equipment to protect the IRTU from power system noise. S The plant radio transmitter/receiver station shall be installed in a separate cabinet, remote from the IRTU equipment.

6.8

System Hardware Testing


It shall cover the following areas: S Continuity check of crossboard and interconnecting cables S AC and DC power checks S Proper operation of backup devices S Diagnostic checks of all devices S Proper operation of communication network

ENGINEERING SPECIFICATION

PDVSA K309 REVISION DATE

PDVSA
Men Principal

SCADA SYSTEMS

AUG.94

Page
Indice manual Indice volumen

37

Indice norma

6.9
6.9.1

Software
Functional modes The software of the IRTU (and its peer on the MTU) shall allow as a minimum the following functional modes. a. Operation In this mode the remote terminal unit performs the tasks of data acquisition and control executing in concurrent form whatever additional software characterized for this configuration. b. Scanning In this mode the remote terminal unit shall report to the master station the values of the points supervised under one of the following three schemes: S Report by exception S Total report through interrogation S A combination of exception and interrogation. c. Out of scan sequence In this mode the remote terminal unit does not report to the master station the values supervised but shall maintain in operation all the automatic control functions, the special applications and save all the changes of the variables in an alarm condition in a temporary memory bank for eventual reporting to the master station when the next scanning sequence occurs as per paragraph 6.9.1.b. The modes described in paragraphs 6.9.1b. and 6.9.1c. shall be selectable from the master station and notified to the remote terminal unit. In the event of failure of the master station the procedure per paragraph 6.9.1c. shall be initiated automatically without disturbing the process.

6.9.2

Configuration and maintenance In this mode the tasks of configuration and maintenance of the remote terminal unit shall be made possible interrupting all the functions performed as per paragraph 6.9.1. The user executes the functions in this mode through a manmachine interface supported with a terminal or portable programmer that shall be connected to a communication port or configuration channel of the remote terminal unit as described in paragraph 8.2.6. The software of the remote terminal unit shall permit the selection of the mode of operation from the configuration terminal and/or the master station. The functions in this mode shall be executable from the master station as well and the necessary software shall be incorporated.

ENGINEERING SPECIFICATION

PDVSA K309 REVISION DATE

PDVSA
Men Principal

SCADA SYSTEMS

AUG.94

Page
Indice manual Indice volumen

38

Indice norma

6.9.3

Programming and debugging In this mode the user shall be able to load all the application programs in the remote terminal unit and also perform debugging. The same manmachine interface and configuration channel used in paragraph 6.9.2 shall also perform this function. This mode shall be initiable from the master station and allow both downloading and uploading the programs and the configuration of the remote station. The operation in this mode shall inhibit the level of operator access to the remote station and shall be operable only under the maintenance level.

6.9.4

Operative system The system shall comply with the following requirements:

a.

Multitasking The system shall perform various tasks simultaneously, the number of the these tasks being only limited by the availability of memory in the remote terminal unit. The total number of simultaneous possible tasks shall be indicated.

b.

Managment through interruption The operative system shall perform associated tasks at different levels of interruption through available hardware.

c.

Communication facilities between tasks The operative system shall include facilities to communicate, synchronize and exclude while performing routine tasks.

d.

Priority allocation The operative system shall assign priorities to each task with the objective of giving levels of importance to other tasks. The operative system shall also administer the resources available in the remote stations on the basis of these priority assignments.

e.

Memory management The operative system shall incorporate facilities to manage the memory available in the remote terminal units.

f.

Error management The operative system shall include the mechanisms for the detection and management of errors and return to correct normal operation. The system shall also include facilities to inform: S Type of error and its condition

ENGINEERING SPECIFICATION

PDVSA K309 REVISION DATE

PDVSA
Men Principal

SCADA SYSTEMS

AUG.94

Page
Indice manual Indice volumen

39

Indice norma

S The number of times of occurrences of each error condition S The duration of each error condition S The task that led to the error condition. g. Watchdog timers The operative system shall be equipped with watch dog timers and also the mechanisms for its updating. 6.9.5 Controllers The device shall be with multiple processor architecture providing continuous control for analog loops, sequencing and logical operations for discrete signals. The algorithms shall be contained in functional control builtin block, which shall be configurable and connectable to implement the desired control strategies. Controller Communications Controllers shall be capable of peertopeer communications with other controllers across nodes to accomodate interactive control strategies without the necessity of hardwiring. The data types (discrete, integer, floating point, etc.) that can be communicated between control devices shall not be restricted. All process connected devices shall interface with process signals via signal conditioning (including filtering), linearization and scaling as needed. Redundancy The control system architecture shall provide continuous uninterrupted control in the event of any single failure in the controller, including: S Control and communication CPUs S Memory S I/O and Network communications S Power S Peertopeer communications between controllers. Backup controllers shall be identical to the primary controllers Change over to the backup controller shall be automatic and provide for continuation of full automatic and bumpless control without operator intervention. The backup scheme shall ensure that only error free memory transfer are made to the backup controller and that they accurately reflect the state of the failed controller prior to occurrence of the failure. The backup scheme shall cover both configurable and programmable control functions without the need of using special configuration or programming step.

ENGINEERING SPECIFICATION

PDVSA K309 REVISION DATE

PDVSA
Men Principal

SCADA SYSTEMS

AUG.94

Page
Indice manual Indice volumen

40

Indice norma

Algorithms S Control algorithms shall be cyclically executable, at least, twice per second. Lower or higher scan execution rates shall be available to suit specific process application needs. Algorithms shall allow bumpless transfer from manual to automatic, cascade or programmable control and viceversa. Algorithms shall be nonsaturating to prevent reset windup. S Control algorithms shall allow online changing of its tuning constants and parameters, setpoints, outputs and operation modes through the available control language for the control device in order to allow advanced control. The controller device shall maintain a current data base image for each primary controller by receiving data base changes every 500 msec at least. The controller configuration shall be downloaded or uploaded from the shared database through the communication link. The following algorithms shall be available for performing compensation and calculation functions: S Data acquisitions S S S S S S Flow Compensation Middleof3 Selector HighLow Selector Variable Dead Time with LeadLag Linearization Calculator (up to 40 character expression).

As a minimum, the following additional functions shall be performed on analog input signal but not be limited to: S Test for Substituted Value (PV) S S S S S S S S Conversion to Engineering Units Normalization (% of EU range) Open Thermocouple Detection Propagation of Value Status Alarms Limit Testing for, PV High, PV low, PV HighHigh and PV LowLow RateofChange Positive RateofChange Negative Deadband (1/2, 1,2,3,4,5 %)

ENGINEERING SPECIFICATION

PDVSA K309 REVISION DATE

PDVSA
Men Principal

SCADA SYSTEMS

AUG.94

Page
Indice manual Indice volumen

41

Indice norma

Regulatory control The regulatory control function shall be performed by microprocessor controllers utilizing plant input/output signals as defined below. Regulatory control points shall be configured via predefined and userdefined algorithms to execute the control strategies required. The algorithms selectable to manipulate regulatory control points shall be: S PID S S S S S S S S S S S S S S S S S S S S S PID with feedforward PID with external reset feedback Position Proportion Ratio Control Fixed, Auto Ratio, Auto Bias ramp Soak auto/Manual Station Switch Override Selector Nonlinear gain Adaptive control Selftuning Remote/local station PV source selection Mode Manual, Auto Cascade, Backup Cascade Mode Attribute Operator, Program Remote Cascade Remote Request Remote Shed Reset windup Protection Override Propagation Target Value Processing

Functions supported automatically for regulatory points shall be:

Sequential control The sequential control functions shall be performed by microprocessor controllers utilizing plant input/output signals. Sequential control points shall be configurable via display templates to execute the required sequential control functions through a versatile mix of algorithms available for use in logic points. The logic points shall have the following capability:

ENGINEERING SPECIFICATION

PDVSA K309 REVISION DATE

PDVSA
Men Principal

SCADA SYSTEMS

AUG.94

Page
Indice manual Indice volumen

42

Indice norma

S Up to twelve (12) input connections S Up to twelve (12) Output connections S Up to sixteen (16) logic blocks Each logic block shall have access to execute the following algorithms: S Logic (AND, OR, NOT, NAND, NOR, XOR) S Compare Real (EQUAL, NOT EQUAL, GREATER THAN OR EQUAL TO, LESS THAN OR EQUAL TO) S Delay, on Delay, off Delay S Pulse (Fixed, Max time, Min Time) S Watchdog timer S FlipFlop S Check for bad value S Switch Logic points shall link parameters without output destinations, e.g., calculated PV value, to parameters without input sources, e.g., controller gain. The sequential control functions shall accommodate two types of interlocks, permissive and overrides. The permissive shall provide an allow functions to the operator or program to command a specific output state. The override shall force a specific output state without operator or program intervention. Ladder logic control a. b. c. d. e. f. Logic control using familiar ladder logic Offline or online ladder development and emulation Online viewing of ladder diagrams and the ability to perform dynamic debugging Ability to manually set sensor variables for ladder diagram checkout Ability to provide hardcopy documentation of all ladder diagrams The ability to suppress the operation of a ladder diagram if any process variable within the ladder diagram is placed offline.

The types of operations allowed in ladder diagrams shall include: a. b. c. Derived points, i.e., software generated inputs Contacts that may represent either digital or analog values Ability to treat analog values as digital through the use of deadbands

ENGINEERING SPECIFICATION

PDVSA K309 REVISION DATE

PDVSA
Men Principal

SCADA SYSTEMS

AUG.94

Page
Indice manual Indice volumen

43

Indice norma

d. e. f. g. h. i.

And or logic functions Change an up/down/level status transitional digital value Arithmetic functions (add, subtract, multiply, and divide) Time delay relays, i.e., timers that become true when expired Up and down counters, and Go to function (to bypass portions of ladder diagrams).

Configuration of controller and sequences The configuration of the controller devices with the required functions shall be done at any screen using an interactive (oneline) technique with fillintheblanks forms. All configurations shall be kept in memory or in suitable magnetic or optical storage in the event of power failure. It shall be possible to load a previously configured control or sequence scheme over the communication link from any screen or from a host computer. It shall have facilities to update or modify loop configuration in complex control algorithms without disturbing the normal operation of other loops in the controller. The network configuration shall be modifiable with the entire system online to add a node or add new software to an existing node, etc. Programmable devices S Free programmable computing devices, working on engineering language, (e.g. C, Basic, Fortran) or highlevel Manufacturer languages, shall be available on the SCADA. S These devices shall perform calculations for advanced process control, optimization or reporting. These calculations shall be available on the operator or engineering stations online, either on a continuous or onrequest basis. S The engineering station shall create, develop and edit the calculation program.

ENGINEERING SPECIFICATION

PDVSA K309 REVISION DATE

PDVSA
Men Principal

SCADA SYSTEMS

AUG.94

Page
Indice manual Indice volumen

44

Indice norma

6.10
6.10.1

System Software Test


The system shall incorporate comprehensive selfdiagnostics such that all permanent and transient faults are identified, alarmed and reported. The diagnostic package shall be extensive enough to identify problems at board level. No upset of the process or loss of control shall occur. All testing described shall be performed automatically online and without disturbing the process or reducing the reliability of the SCADA system. The diagnostics described above shall be built into the operating system of the SCADA hardware reporting the following faults as a minimum. In addition, a class 1 alarm shall be generated on the operator station with audible signal and the event shall be logged on the printer. S CPU failures S S S S S S S S S S Memory Faults, both PROM and RAM Microprocessor faults Communications faults I/O interface or addressing faults Application program and hardware layout consistency I/O module faults Voted signal discrepancy on inputs and outputs Voted discrepancy on calculated values within application program Load power or fuse faults on field circuits Power supply faults including battery backup monitoring and output voltage verification S Over temperature conditions. I/O module diagnostics shall be able to detect and alarm I/O point faults of the following types: S stuckon short circuited failure of a discrete input or output S stuckoff open circuit failure of a discrete output. Status indicators shall be provided to indicate normal operation or fault conditions on each replaceable module. In addtion, each fault shall initiate a hard alarm contact and an internal fault flag for communication to SCADA. S Data Transmission Errors: The system shall continuously monitor for errors in digital data transmission between any two system devices. The system shall log and notify the operator when an error is detected. S Loss of both the active and redundant CPU shall cause system outputs to freeze at their last position.

ENGINEERING SPECIFICATION

PDVSA K309 REVISION DATE

PDVSA
Men Principal

SCADA SYSTEMS

AUG.94

Page
Indice manual Indice volumen

45

Indice norma

6.10.2

Self testing Each system module shall contain four (4) levels of test to ensure that the module is performing correctly prior to being placed in operation and to monitor its performance while in operation. The various procedures shall be displayed live on the screen. All the results both correct and incorrect operations shall be displayed and appropriate failure messages logged on the printers. a. The first level shall be the Startup Tests. These tests shall reside in ROM and shall be automatically executed following poweron or restart of the module. They shall verify the correct operation of the basic logic on each PCB in the module. Failures shall be indicated by means of LED(s) on each PCB and on screen. The second level shall be the Quality Logic Tests. These tests shall be automatically loaded and executed after the startup test a. These tests shall verify the correct operation of the module hardware and qualify it for loading its onprocess software. Failure shall be indicated on the screen. The third level of testing shall be OnProcess Tests. These tests shall be parts of the onprocess software of each module and shall be executed periodically whether a module is primary or backup. A recoverable error shall be error message report for analysis by maintenance personnel. A nonrecoverable error shall cause the module to be shutdown, recorded in the system error message and indicated to the operator. A printed error history shall be available to be returned to factory with the failed PCB/module. The fourth and most extensive level of testing shall be the OffProcess Tests. These tests shall be loaded by maintenance personnel when automatic tests (levels a, b, c) cannot resolve a problem. These tests shall have the following functions:

b.

c.

d.

S Display the system error event record S Display the hardware and software revision status of all modules on the network S Display a snapshot of the system status, including all nodes, modules, boxes, etc. S Display the contents of memory of any node, module, box, etc. S link the system to supplier s technical assistance center. e. Node Isolation The engineer shall be able to isolate the node from the system and perform detailed offline diagnostics to test the nodes, microprocessor(s), memory, and communications.

ENGINEERING SPECIFICATION

PDVSA K309 REVISION DATE

PDVSA
Men Principal

SCADA SYSTEMS

AUG.94

Page
Indice manual Indice volumen

46

Indice norma

6.11

Diagnostic and Maintenance Equipment


The supplier shall deliver with the system, at least (2) two sets of the equipment required for diagnostics and maintenance of any element of the system. In the case of IRTU, the supplier shall deliver all equipment necessary to diagnose and reprogram the IRTU. It shall include any software and/or hardware required to prefer any change in IRTU programs.

NETWORKS
7.1 Functional Networks
The communications network shall support a variable length message protocol supporting multiple master operations with a common interface link to all devices. The communications subsystem shall support online expandability through modularized components and provide extended communications up to 300 metres without the use of repeaters. Operator consoles and host computer shall have access to data from any and all controllers, PLCs and I/O devices connected to the communications link. Communications throughput shall ensure that operator consoles are updated, at least, once every 4 secs. to reflect process parameters and status changes from the field devices. All components of the communications cable system shall be leadsheathed and armoured, suitable for direct burial when required. Communications with the system network shall be high speed, secure, redundant and based on the International Standard Organization sevenlayer Open System Interconnect model. While this model is not fully defined at present, process input/output system shall currently be compatible with Real TimeMAP as defined by ISA committee SP72, which incorporates three layers. This communications channel shall be reported, and, if required, the cables will be switched. Operation of the process shall not be affected by this switching. The process communications network shall also accommodate, in a fully integrated manner, dedicated logic (PLC) controllers. These controllers shall have peertopeer communication capability with other process controllers on the network.

ENGINEERING SPECIFICATION

PDVSA K309 REVISION DATE

PDVSA
Men Principal

SCADA SYSTEMS

AUG.94

Page
Indice manual Indice volumen

47

Indice norma

7.2
7.2.1 a. b. c. d. e. f. g.

Communications
The distributed digital system shall include a highspeed network to control all communications between consoles, nodes, etc. It shall: be redundantly cabled. be equipped with independent transmitter and receiver for each cable. be based on IEEE 802.4 or 802.3. have UTP, coax and fiber optic options. switch periodically between the primary and backup line/cable without disrupting operations, to ensure that each link is healthy. notify the operator of any failure and remain on the good link. contain no mechanical relays at any point.

7.3
a. b. c. d. e.

Communications Security
Network shall meet the following requirements: incorporate logical addressing to allow efficient transmission to redundant nodes with both the primary and backup modules database updated simultaneously. include a 16 bit polynominal Cyclic Redundancy Check (CRC) verification on every frame. include message length checks. employ antijabber circuitry. be of totally sound design to expect no more than one undetected error in 1.000 years of operation.

7.4

Time Synchronization
Time synchronization shall be employed to ensure strict coordination between modules. A clock synchronization pulse shall be transmitted to all network modules at least every one hundred (100) milliseconds. In addition, actual real time shall be transmitted to each module at least every fifty (50) milliseconds. Drifting of actual real time shall be no more than three (3) seconds (.0035%) per day (24 hour period).

ENGINEERING SPECIFICATION

PDVSA K309 REVISION DATE

PDVSA
Men Principal

SCADA SYSTEMS

AUG.94

Page
Indice manual Indice volumen

48

Indice norma

7.5

Node Software
Node software shall be layered and modular. The Software environment layer shall provide the application software with a set of software services common to all modules/nodes and a uniform interface, regardless of the type of module/node. Each module/node shall contain the same real time operating system which schedules all tasks and communications. The base applications software layer shall define and execute the basic functions of a particular personality for a module/node.

7.6

Remote Networks Integration


The system network shall communicate through a Plant Network with remote system networks without duplication of the point database. The following functions shall be supported: S Any node of the system network can read write any point parameter in remote system network data. S The remote tagnames can be included in standard group or detail displays, custom graphics and control programs in the system or in computing environments. S The system can transfer files from and to remote network. S Cascade Control between the system and the remote system can be achieved.

7.7

Security Access
Each system network shall be configured with the security access permitted to remote system networks. Every point parameter information and file transfer request shall be checked for proper authorization per security configuration. S Read only access S Read and Write access, and S No access. Point parameter access shall be further restricted by: S Process connected network identifiers. File transfer shall be further restricted by the volume ID of the bulk storage devices.

7.7.1

Security The system shall support at least four levels of access, by keylock control. In addition, password security shall be available for specific functions.

7.7.2

View only At this, lowest level, the process shall be capable of being monitored, but no data entry or process changes shall be made.

ENGINEERING SPECIFICATION

PDVSA K309 REVISION DATE

PDVSA
Men Principal

SCADA SYSTEMS

AUG.94

Page
Indice manual Indice volumen

49

Indice norma

7.7.3

Operator access At this, changes to sensitive parameters (tuning constants, process ranges, etc.)shall not be permitted. Points subject to these constraints shall be determined by offline configuration. Changes required to effectively control the plant shall be permitted.

7.7.4

Supervisor access At this level, the sensitive parameters will be available as well as all those at the operator s level. Any changes shall be reported in the operator s journal.

7.7.5

Engineer access At this level, all data base parameters, and full functionality shall be available for off process configuration, display building, etc.

7.7.6

The security default Level of access shall be defined on a per CRT basis, and shall be changeable only by keyswitch selection of a higher access level.

7.7.7

Configurable levels or access Shall be provided for certain system functions such as saving and restoring specific data bases; startup and shutdown of modules; changing system time and date, enable and disable alarms; and accessing maintenance functions. The system shall request automatic change of password every month.

7.8

Plant Network
The system shall be connected to a Plant Network that is based on IEEE 802.3, 802.4 or 802.7 protocols. The Plant Network shall have dual cables. If a network cable fails the communications shall be implemented on the other cable.

7.9

Dataentry Type Checking


Shall be incorporated into the system to prevent entry of the incorrect type of data e.g., alpha versus numeric, etc. If an invalid entry is attempted, an audible error tone shall be generated and appropriate error message shall be displayed.

ENGINEERING SPECIFICATION

PDVSA K309 REVISION DATE

PDVSA
Men Principal

SCADA SYSTEMS

AUG.94

Page
Indice manual Indice volumen

50

Indice norma

7.10

Automatic Periodic Storage of Data


The system shall be capable of performing either manually or automatically, periodic storage (system checkpointing) of all module memory contents to a nonvolatile storage medium to provide a backup database of current process and system parameters in the event of a complete failure of a modules memory or the inadvertent deletion of modules contents by the user.

7.11
7.11.1

Interaction with Other Systems


Function of connection for external systems The interactions with external systems shall perform the interchange of information between the different levels of operative systems with those of the supervisory levels thus permitting the supervisory systems to have a global information of the operations in the field. The scada systems shall permit access to real time data on demand always bearing in mind that this procedure shall not prevent the supervisory operative function of the entire scada system. The system shall permit the receipt of incoming information from the supervisory levels and permit the insertion of these data in the data base in real time in order to adjust the setpoints of operation of the associated process with the system or information to be displayed on the screen. The SCADA systems shall not accept any direct command coming from any external system but present it to the operator for acceptance and record as an event on the SCADA system.

7.11.2

Facilities offered Periodic file transmission The system shall be capable of sending information to external systems in a defined file format or a flat file. The tasks in charge of handling the information format and the transmition of the file shall have a fixed selectable schedule and its priority shall be low enough to avoid any interference with SCADA functions. Asynchronus file reception The system shall accept incoming files from external systems subject to the following restrictions: S Access restriction: any file accessing the SCADA system shall leave an audit trail in the system, even if it is not accepted by the operator. S Operator accept: any file accessing the system shall be presented to the operator in the graphic displays requesting acceptance from the operator. If the file is rejected the system will notify to the sender with a message.

ENGINEERING SPECIFICATION

PDVSA K309 REVISION DATE

PDVSA
Men Principal

SCADA SYSTEMS

AUG.94

Page
Indice manual Indice volumen

51

Indice norma

S Change alarm: any file containing information that can produce a change of more than 10% in any process variable shall generate a system alarm indicating the affected variable to the operator, requesting confirmation before acceptance. 7.11.3 Communication protocols The protocol stack accepted for interaction with external systems shall be TCP/IP over the network or over CCITT X.25. S Network level: shall be in accordance with RFC 791 and 792 (IP/ICMP) S Transport level: shall be in accordance with RFC 793 and 768 (TCP/UDP) S File transfer: shall be according to RFC 959 (FTP) S Message handling: shall be according to RFC 821 (SMTP) S Terminal emulation: shall be according to RFC 854 (TELNET) S Network management: shall be according to RFC 1098 (SNMP V2).

TELECOMMUNICATION SYSTEMS
8.1 Technology
There are two types of technologies available for the telecommunication services of a SCADA system, one based on audio systems using modems and the other utilizing digital connections. The use of either one of these depends on the types of existing systems of telecommunication in or around the location of the remote stations. The selection of the technology to be utilized for the configuration of the telecommunication system is critical for the SCADA system itself.

8.2
8.2.1

Modem
Transmission The transmission signal level shall be 0 dBm over a balanced load resistance of 600 ohms. This level shall be adjustable in steps of 0.5 dBm, as a minimum, and shall have an adjustable range between + 3 dBm and 15 dBm. All level adjustments shall be discrete type.

8.2.2

Reception The reception level shall be 0 dBm over a balanced load resistance of 600 ohms. This audio receiver shall have a minimum dynamic range of 60 dB and detect the frequency shift key (FSK) signal in the signals with a minimum signal to noise ratio of 30 dB.

ENGINEERING SPECIFICATION

PDVSA K309 REVISION DATE

PDVSA
Men Principal

SCADA SYSTEMS

AUG.94

Page
Indice manual Indice volumen

52

Indice norma

8.2.3

Stability adjustments During the interval between MTBF of a modem, its adjustment levels shall not vary, within a range greater than 3 dB and the annual variation of the transmitted signal shall not be greater than 1 dB.

8.2.4

Audio channel quality The communication channel shall be BELL 3002 standard with a confidence level greater than 99%.

8.2.5

Speed of transmission The modem shall comply with standards CCITT V.22 and V.22 bis. The modem shall permit communication speeds of 1200, 2400 and 4800 bits per second (BPS). The speed selection shall be automatic depending on the signal quality reception. A manual speed selection facility shall also be available.

8.2.6

Digital interface The modem digital connection shall comply with the standard CCITT V.24 or in its absence with EIA RS232D standards. These standards include the physical characteristics of the connection ports.

8.2.7

Power supplies The modem shall be powered from the same source of supply as the remote station.

8.2.8

Keying The modem shall activate the transmission circuit via a radio equipment through the use of the command CTS and/or RTS as a sign of pretransmission with an implementation of a programmable delay adjustable from 0 to 1000 milliseconds in steps of 50 milliseconds. The signal management circuit shall ensure upto 2500 volts galvanic isolation on both sides.

8.3

Communication Protocols
The communication protocols shall guarantee the communication between the master station and the remote stations independent of the quality of the communication.

8.3.1

Level The protocol shall have a functional level 2 of the OSI model (data link) and shall have the necessary algorithms for error detection and correction.

8.3.2

Type The protocol system shall be asynchronous and with a master/slave hierarchy i.e. The master station shall function at an upper level and the slave level shall not

ENGINEERING SPECIFICATION

PDVSA K309 REVISION DATE

PDVSA
Men Principal

SCADA SYSTEMS

AUG.94

Page
Indice manual Indice volumen

53

Indice norma

possess the capacity to initiate a communication without having been interrogated previously. 8.3.3 Multilevel capacity The protocol shall have the communication capacity at different physical levels allowing the connection of slave stations to a remote master station. These stations shall be recognizable by the system and shall interchange messages with other stations of the same or another level. 8.3.4 Error detection and correction The protocol shall detect and correct errors in received data messages. The error detection and correction shall be based on CRCCCITT CODE or better. 8.3.5 Interface with other protocols The system shall communicate with other protocols, through the use of dedicated communication controllers, based on software that can run in the installed hardware of the MTU and IRTU. This facility is especially required for interfacing with intelligent equipment located in the field.

SYSTEM TUNING
9.1 Proportional Control Loops
The system shall include facilities for tuning of linear control loops based on universal methods developed by GREG SHINSKEY et al and for nonlinear loops as detailed below. The method detailed in I.S.A.INTECH JOURNAL, AUGUST 1993 issue consists of a relay which gives a step to the controller output alternately in opposite directions when the measurement crosses the set point. The discrete switching causes the loop to oscillate at its ultimate period Tu and the ratio of the relay amplitude d to the measurement amplitude a defines the ultimate gain of the controller. The magnitude of the step shall be sufficient to obtain a curve which permits legible readings of a and d. Fig. 1 shows a block diagram of the selfoscillation principle.

ENGINEERING SPECIFICATION

PDVSA K309 REVISION DATE

PDVSA
Men Principal

SCADA SYSTEMS

AUG.94

Page
Indice manual Indice volumen

54

Indice norma

RELAY

TUNING RULES SP TRANSFER FUNCTION CONTROLLER TRANSFER FUNCTION PROCESS PV

SELFOSCILLATION PRINCIPLE

ENGINEERING SPECIFICATION

PDVSA K309 REVISION DATE

PDVSA
Men Principal

SCADA SYSTEMS

AUG.94

Page
Indice manual Indice volumen

55

Indice norma

Fig. 2 shows a plot of relay output and measurement output.

RELAY OUTPUT CONTR. OUTPUT

MEASUREMENT

INITIALIZATION

TUNING PERIOD TU TIME

PLOT OF RELAY OUTPUT AND PROCESS OUTPUT DURING TUNING.

ENGINEERING SPECIFICATION

PDVSA K309 REVISION DATE

PDVSA
Men Principal

SCADA SYSTEMS

AUG.94

Page
Indice manual Indice volumen

56

Indice norma

The intelligent tuner as detailed in Fig. 3 shall be incorporated into the system.
REMOTE I/O CONTROL LOOP 2 IS SELECTED FOR TUNING RTM/1 INTELLIGENT TUNER

CONTROLLER DATA BASE

CONTROL LOOP 1

CONTROL LOOP 2

CONTROL LOOP n

INTELLIGENT TUNER IMPLEMENTED INTO CONTROLLER

ENGINEERING SPECIFICATION

PDVSA K309 REVISION DATE

PDVSA
Men Principal

SCADA SYSTEMS

AUG.94

Page
Indice manual Indice volumen

57

Indice norma

The processor rejecting values of a and Tu not measurable and automatically increasing controller output in steps of 1% upto a maximum of 10%. See Fig. 4.
5. ENG. APPROVAL COMPUTATION COMPLETED 2. SETUP

ACCESS TO LOOP IS CORRECT ACCEPT OR REJECT REJECT


1. LOOP IDENTIFICATION

CONFIRM SETUP & START

REJECT

REJECT

REDESIGN OR MODIFY 4. COMPUTATION ACTIVE TUNING COMPLETE 3. INITIATE TUNING

DIAGRAM OF MODEL PROGRAM.

9.2

Discrete onoff Control Loops


The discrete action output signal shall ensure that the speed of the action of the valve is adequate to ensure that there are no sudden surges or depressurization effects in the process. In the event a number of valves are opened or closed simultaneously the order in which the valves operate shall be carefully evaluated in order to ensure a controlled shutdown or startup of the plant or equipment.

10 INSTALLATION AND COMMISSIONING


All installation and commissioning shall be performed in accordance with project drawings and specifications.

11 Q. A. / Q. C.
All items shall conform with the procedures detailed in specification K369.