ANSI/ISA-5.06.01-2007 Functional Requirements Documentation For Control Software Applications

AMERICAN NATIONAL STANDARD
ANSI/ISA-5.06.01-2007
Functional Requirements Documentation

for Control Software Applications
Approved 29 October 2007
ANSI/ISA-5.06.01-2007
Functional Requirements Documentation for Control Software Applications
ISBN: 978-1-934394-33-5
Copyright © 2007 by ISA. All rights reserved. Not for resale. Printed in the United States of America. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means (electronic mechanical, photocopying, recording, or otherwise), without the prior written
permission of the Publisher.
ISA
67 Alexander Drive
P.O. Box 12277
Research Triangle Park, North Carolina 27709
—3— ANSI/ISA-5.06.01-2007
Preface
This preface, as well as all footnotes and annexes, is included for information purposes and is not part of
ANSI/ISA-5.06.01-2007.
This document has been prepared as part of the service of ISA toward a goal of uniformity in the field of
instrumentation. To be of real value, this document should not be static but should be subject to periodic
review. Toward this end, the Society welcomes all comments and criticisms and asks that they be
addressed to the Secretary, Standards and Practices Board; ISA; 67 Alexander Drive; P. O. Box 12277;
Research Triangle Park, NC 27709; Telephone (919) 549-8411; Fax (919) 549-8288; E-mail:
standards@isa.org.
The ISA Standards and Practices Department is aware of the growing need for attention to the metric
system of units in general, and the International System of Units (SI) in particular, in the preparation of
instrumentation standards. The Department is further aware of the benefits to USA users of ISA
standards of incorporating suitable references to the SI (and the metric system) in their business and
professional dealings with other countries. Toward this end, this Department will endeavor to introduce
SI-acceptable metric units in all new and revised standards, recommended practices, and technical
reports to the greatest extent possible. Standard for Use of the International System of Units (SI): The
Modern Metric System, published by the American Society for Testing & Materials as IEEE/ASTM SI 10-
97, and future revisions, will be the reference guide for definitions, symbols, abbreviations, and
conversion factors.
It is the policy of ISA to encourage and welcome the participation of all concerned individuals and
interests in the development of ISA standards, recommended practices, and technical reports.
Participation in the ISA standards-making process by an individual in no way constitutes endorsement by
the employer of that individual, of ISA, or of any of the standards, recommended practices, and technical
reports that ISA develops.
CAUTION — ISA ADHERES TO THE POLICY OF THE AMERICAN NATIONAL STANDARDS

INSTITUTE WITH REGARD TO PATENTS. IF ISA IS INFORMED OF AN EXISTING PATENT THAT IS
REQUIRED FOR USE OF THE DOCUMENT, IT WILL REQUIRE THE OWNER OF THE PATENT TO
EITHER GRANT A ROYALTY-FREE LICENSE FOR USE OF THE PATENT BY USERS COMPLYING
WITH THE DOCUMENT OR A LICENSE ON REASONABLE TERMS AND CONDITIONS THAT ARE
FREE FROM UNFAIR DISCRIMINATION.
EVEN IF ISA IS UNAWARE OF ANY PATENT COVERING THIS DOCUMENT, THE USER IS
CAUTIONED THAT IMPLEMENTATION OF THE DOCUMENT MAY REQUIRE USE OF TECHNIQUES,
PROCESSES, OR MATERIALS COVERED BY PATENT RIGHTS. ISA TAKES NO POSITION ON THE
EXISTENCE OR VALIDITY OF ANY PATENT RIGHTS THAT MAY BE INVOLVED IN IMPLEMENTING
THE DOCUMENT. ISA IS NOT RESPONSIBLE FOR IDENTIFYING ALL PATENTS THAT MAY
REQUIRE A LICENSE BEFORE IMPLEMENTATION OF THE DOCUMENT OR FOR INVESTIGATING
THE VALIDITY OR SCOPE OF ANY PATENTS BROUGHT TO ITS ATTENTION. THE USER SHOULD
CAREFULLY INVESTIGATE RELEVANT PATENTS BEFORE USING THE DOCUMENT FOR THE
USER’S INTENDED APPLICATION.
HOWEVER, ISA ASKS THAT ANYONE REVIEWING THIS DOCUMENT WHO IS AWARE OF ANY
PATENTS THAT MAY IMPACT IMPLEMENTATION OF THE DOCUMENT NOTIFY THE ISA
STANDARDS AND PRACTICES DEPARTMENT OF THE PATENT AND ITS OWNER.
ADDITIONALLY, THE USE OF THIS DOCUMENT MAY INVOLVE HAZARDOUS MATERIALS,

OPERATIONS OR EQUIPMENT. THE DOCUMENT CANNOT ANTICIPATE ALL POSSIBLE
APPLICATIONS OR ADDRESS ALL POSSIBLE SAFETY ISSUES ASSOCIATED WITH USE IN
HAZARDOUS CONDITIONS. THE USER OF THIS DOCUMENT MUST EXERCISE SOUND
Copyright 2007 ISA. All rights reserved.

ANSI/ISA-5.06.01-2007 —4—
PROFESSIONAL JUDGMENT CONCERNING ITS USE AND APPLICABILITY UNDER THE USER’S
PARTICULAR CIRCUMSTANCES. THE USER MUST ALSO CONSIDER THE APPLICABILITY OF
ANY GOVERNMENTAL REGULATORY LIMITATIONS AND ESTABLISHED SAFETY AND HEALTH
PRACTICES BEFORE IMPLEMENTING THIS DOCUMENT.
THE USER OF THIS DOCUMENT SHOULD BE AWARE THAT THIS DOCUMENT MAY BE IMPACTED
BY ELECTRONIC SECURITY ISSUES. THE COMMITTEE HAS NOT YET ADDRESSED THE
POTENTIAL ISSUES IN THIS VERSION.
The following members of ISA5.6 contributed to the development of this standard:
NAME AFFILIATION
A. Habib, Chair Automation Consultant

A. Amdur Consultant
D. Beaty DLB Associates
P. Blok Pharma Team USA
R. Dwiggins Maverick Technologies
J. Halajko FMC, Inc.
R. Bhala Sanofi Pasteur
S. Kolla Bowling Green State University
R. Topliff CH2M HILL
R. Wood University of Alberta
The following people served as voting members of ISA5:
NAME AFFILIATION
A. Iverson, Chair Ivy Optics

T. McAvinew, Managing Director Jacobs Engineering
G. Barta Consultant
C. Borel Spectrum Engineering Inc.
J. Carew Consultant
A. Habib Automation Consultant
G. Ramachandran Motiva Enterprises LLC

—5— ANSI/ISA-5.06.01-2007
This standard was approved for publication by the ISA Standards and Practices Board on 17 August
2007.
NAME AFFILIATION
T. McAvinew, Vice President Jacobs Engineering Group

M. Coppler Ametek Inc.
E. Cosman The Dow Chemical Company
B. Dumortier Schneider Electric
D. Dunn Aramco Services Co.
J. Gilsinn NIST
W. Holland Consultant
E. Icayan ACES Inc.
J. Jamison Jamison & Associates Ltd
R. Jones CDI Business Solutions
K. Lindner Endress + Hauser Process Solutions
V. Maggioli Feltronics Corp.
A. McCauley, Jr. Chagrin Valley Controls Inc.
G. McFarland Emerson Process Management
R. Reimer Rockwell Automation
N. Sands E I du Pont
H. Sasajima Yamatake Corp.
T. Schnaare Rosemount Inc.
J. Tatera Tatera & Associates
I. Verhappen MTL Instrument Group
R. Webb Consultant
W. Weidman Parsons Energy & Chemicals Group
J. Weiss Applied Control Solutions LLC
M. Widmeyer Consultant
M. Zielinski Emerson Process Management

This page left intentionally blank.
—7— ANSI/ISA–5.06.01–2007
Contents
Preface .......................................................................................................................................................... 3
1 Scope ................................................................................................................................................. 11
2 Normative References........................................................................................................................ 12
3 Definitions/Abbreviations.................................................................................................................... 13
4 Methodology ....................................................................................................................................... 14
4.1 Modular plant arrangement........................................................................................................ 14
Annex A — (informative) Application Example 1: Batch Reactor ............................................................... 27
Annex B – (informative) -- Application Example 2: Continuous Distillation Column ................................... 43
Figure 1 — Charter upon which this standard is based.............................................................................. 12
Figure 2 — Modular plant partitioning......................................................................................................... 15
Figure 3 — Four components of software documentation methodology .................................................... 16
Figure 4 — Example of modular plant partitioning and software documentation ....................................... 17
Figure 5 — Database documentation ......................................................................................................... 18
Figure 6 — Interlock matrix documentation ................................................................................................ 21
Figure 7a — Normal sequence matrix ........................................................................................................ 22
Figure 7b — Hold sequence matrix ............................................................................................................ 23
Figure 7c — Recipe sequence matrix......................................................................................................... 23
Figure 8 — Data security definition............................................................................................................. 25
Figure 9 — Chemical reactor P&ID............................................................................................................. 27
Figure 10a — Database I/O information ..................................................................................................... 29
Figure 10b — Database HMI information ................................................................................................... 30
Figure 10c — Database operating information ........................................................................................... 31
Figure 10d — Control module class definition ............................................................................................ 32
Figure 11a — Software interlock matrix for Unit R-101 .............................................................................. 33
Figure 11b — Software interlock matrix for Equipment Module EM-1........................................................ 34

ANSI/ISA–5.06.01–2007 —8—
Figure 12a — Normal sequence matrix for Unit R-101............................................................................... 36
Figure 12b — Hold sequence matrix for Unit R-101................................................................................... 37
Figure 12c — Recipe sequence matrix for R-101....................................................................................... 38
Figure 12d — Equipment module sequence matrix for EM-1 phase FILL_R101 ....................................... 39
Figure 13a — Graphic elements ................................................................................................................. 40
Figure 13b — Interlock status display......................................................................................................... 41
Figure 13c — Sequence status display ...................................................................................................... 41
Figure 14 — Continuous Distillation Column P&ID..................................................................................... 44
Figure 15a — Database I/O information ..................................................................................................... 46
Figure 15b — Database HMI information ................................................................................................... 47
Figure 15c — Database operating information ........................................................................................... 48
Figure 16 — Interlock matrix ....................................................................................................................... 49
Figure 17a — Normal sequence matrix for Unit C-104 (URS format) ........................................................ 51
Figure 17b — Hold sequence matrix for Unit C-104 (URS format)............................................................. 52
Figure 17c — Sequence matrix for C-104 Startup phase in FRS format (continues on next page)........... 53

—9— ANSI/ISA–5.06.01–2007
Foreword
Learning and configuring today's control software packages is easier than ever before. Documentation,
however, is not such an easy task. With the increased capabilities of software packages to handle more
process and operator interfaces, the complexity of defining and documenting these requirements
increases. This standard directly addresses this documentation issue.
The ISA5.6 subcommittee was established by ISA5, Documentation of Measurement and Control
Instruments and Systems, at the request of control systems engineers involved in the automation of plant
operations using a wide variety of computer-based platforms. These platforms included distributed control
systems, programmable logic controllers and industrialized personal computers offered by a variety of
suppliers.
The need for documentation to help define control software prior to hardware selection, especially for batch
sequence logic, was identified due to its complexity. ISA's Standards & Practices Board subsequently
expanded the scope of ISA5.6 to include the software documentation of continuous processes.

This page intentionally left blank.
— 11 — ANSI/ISA–5.06.01–2007
1 Scope
The scope of this standard is:
• Covers real-time batch, discrete and continuous process automation systems.
• Defines regulatory, event-driven and time-driven control system actions.
• Encompasses both digital and analog control devices in addition to non-control actions (for example,
operator messages and batch end reports).
• Encompasses both normal and abnormal operational requirements of systems and shows the
interactions between them.
• Uses a set of terms that relate directly to the languages commonly used by plant operators.
• Excludes interactions with higher-level systems.
Within the parameters of this scope, the standard is intended to:
• Establish functional requirements specifications for control software documentation that covers the
classes of industrial automation equipment and systems consisting of distributed control systems,
programmable controllers and industrial personal computers (see Figure 1).
• Provide techniques for documenting control system software. The software to be generated is a
function of the computer system chosen for a particular project. The documentation procedure set
forth in this standard is independent of the hardware/software system that is chosen.
• Provide a basis for validation of run-time application software after it is developed and tested to
ensure that the initial requirement specification has been met.
The documentation resulting from use of this standard:
• Can be used for control software definition, design, testing and validation.
• Is not intended to require specialized knowledge of any particular engineering or computer science
discipline to develop or understand.

ANSI/ISA–5.06.01–2007 — 12 —
Industrial ISA-
ISA-5.06.01 Implementation Target
Applications User’
User’s Software Languages Systems
Requirements
Pharmaceutical
Distributed
Sequential Control Systems
Database
Power Function
Chart
Interlock Logic Programmable
Chemical Vendor Logic Controllers
Languages
Food Sequence Logic
Proprietary
Automotive Languages Industrial PC’
PC’s
Human-
Human- Machine
Interface Relay Ladder
Many others
Figure 1 — Charter upon which this standard is based.
2 Normative References
The following normative documents contain provisions that, through reference in this text, constitute
provisions of this standard. At the time of publication the editions indicated were valid. All normative
documents are subject to revision and parties to agreements based on this standard are encouraged to
investigate the possibility of applying the most recent editions of the normative documents indicated
below. Members of the IEC and ISO maintain registers of currently valid normative documents.
ANSI/ISA-84.00.01-2004 Parts 1-3 (IEC 61511 Modified), Functional Safety: Safety Instrumented
Systems for the Process Industry Sector. www.isa.org .
ISA-88.01-1995, Batch Control Part 1: Models and Terminology. www.isa.org.
ISA-5.5-1985, Graphic Symbols for Process Displays. www.isa.org.
IEC 61131-3 Ed. 2.0: 2003 Programmable controllers - Part 3: Programming languages. www.iec.ch.

— 13 — ANSI/ISA–5.06.01–2007
3 Definitions/Abbreviations
3.1 analog input (AI):
a modulated signal received by the control system from an external measurement device, such as a 4–20
mA or fieldbus signal from a pressure transmitter.
3.2 analog output (AO):

a modulated signal sent by the control system to an external control device, such as an analog 4–20 mA
or digital fieldbus signal to a flow control valve.
3.3 control module (CM):

the lowest level grouping of equipment in the physical model that can carry out basic control.
NOTE — This term applies to both the physical equipment and the equipment entity.
3.4 detailed design specification (DDS):

a separate document that shows how a system functions and meets the requirements laid out in the
Functional Requirements Specification prepared from this document.
3.5 discrete input (DI):

a binary signal received by the control system from an external switch such as a 24-Vdc or fieldbus signal
from a block valve’s closed limit switch.
3.6 discrete output (DO):

a binary signal sent by the control system to an external on/off device such as a 120-Vac or digital
fieldbus signal to start a pump.
3.7 equipment module (EM):

a functional group of equipment that can carry out a finite number of specific minor processing activities.
This may exist as part of a unit or as a common resource -- e.g., equipment shared by two or more units.
3.8 functional requirements specification (FRS):

a specification listing the detailed operational requirements for a control system (i.e., what the system
does, not how it does it).
3.9 operation:
a major programmed processing action or set of related actions normally consisting of one or more
phases.
3.10 Piping and Instrumentation Diagram (P&ID):

a diagram showing the interconnection of process equipment and instrumentation used to control a
process.
3.11 Process Flow Diagram (PFD):

a diagram showing outlines of one or more pieces of equipment and the expected flow paths for materials
and utilities.
3.12 phase:
the smallest element of procedural control that can accomplish a process-oriented task. A phase may be
comprised of steps.

ANSI/ISA–5.06.01–2007 — 14 —
3.13 process cell:

a logical grouping of equipment that includes the equipment required for production of one or more
materials. It defines the span of a logical control of one set of process equipment within an area.
3.14 step:
sequential action of control devices within a phase (shown in this standard by a number in parentheses
after the status for a discrete device or setpoint for an analog device).
3.15 train:
a collection of one or more units and associated lower-level equipment groupings that has the ability to be
used to make a quantity of material.
3.16 unit:
an equipment grouping to carry out one or more major processing activities such as reaction,
crystallization and making a solution. It combines all necessary physical processing and control
equipment required to perform those activities as an independent equipment grouping. It is usually
centered on a major piece of processing equipment such as a mixing tank or reactor.
3.17 User Requirements Specification (URS):

a specification showing the general control requirements for a unit or process cell.
4 Methodology
4.1 Modular plant arrangement
The first step in applying this standard is to divide a process plant into the groupings illustrated in Figure
2. Classes of process units are grouped vertically and trains are grouped horizontally in the figure.
Examples of process units include reactors, distillation columns and dryers. A train consists of one or
more units necessary to complete the processing step for an intermediate or finished product. This may
be as simple as a single mix tank and as complex as a refinery train consisting of multiple reactors,
distillation units, dryers, etc. For flexible batch operations we may not be able to define trains other than
as individual units. The boxes shown on the periphery of Figure 2 are shared resources comprising
additional units and/or equipment modules.

— 15 — ANSI/ISA–5.06.01–2007
Discharge
Gas Waste Treatment

Units
Train # A B C D E P
U
Raw S T A S Product
Materials T I C T Shipping
O L K O
R I A R
A T G A
G I I G
E E N E
S G
Liquid & Solid Waste Treatment
Discharge
Figure 2 — Modular plant partitioning

This approach has benefits when configuring both the hardware and the software of a control system.
Maximizing the separation of control hardware between trains will minimize the production impact of a
hardware failure, while maximizing similarity within each class of process units will minimize
implementation costs and human errors in both design and operation. The latter is accomplished by
employing reusable design features wherever possible by means of standard class definitions (for units,
equipment modules, control modules, etc.) that can be completed and validated for one instance, then
copied or instantiated and quickly validated for the remaining members of each class.
Depending on the needs of the design team, the initial design may utilize a User Requirements
Specification (URS). This outlines the process control needs for the process cell being designed. A
standard Piping and Instrumentation Drawing (P&ID) and instrument index may provide all of the
necessary information. Alternatively, more detail as shown on the matrices below may be desired at this
stage. The URS is often adequate for review by plant operations, maintenance and process engineering
personnel.
After the design basis of the process cell is settled, the basic documentation such as process flow
diagram, P&ID, instrument index and preliminary equipment design can be completed. If adequate, as
noted above, these will comprise the URS.
The next step is to develop four basic elements of the Functional Requirements Specification (FRS) that
describe the instances and detailed requirements for each class of objects so defined (see Figure 3). The
Functional Requirements Specification (FRS) is much more detailed and is utilized by instrumentation
and system integration personnel as well as during process safety reviews. The four elements of the FRS
are:
• Database (instrument tag table)
• Interlock matrix (interlock logic)

ANSI/ISA–5.06.01–2007 — 16 —
• Sequence matrix (sequence logic)
• Human Machine Interface (HMI)
The first three are commonly prepared using spreadsheet software. The fourth will use graphical
software. Examples of each are shown in the examples that follow this description.
D atabase
Interloc
In terloc k M atrix
Sequen ce M atrix
S equ ence
H um
u m an - M achine
ach ine In terface
Figure 3 — Four components of software documentation methodology

Developing these FRS elements assumes that the equipment and processing requirements are well
defined. The necessary information can normally be found on various drawings (such as PFDs, P&IDs,
and equipment drawings), equipment specifications and data sheets, and other sources. Classes of
control objects to supply the required functionality can be developed as needed or drawn from an existing
archive.
Figure 4 illustrates the connection between typical units and modules of a partitioned modular plant and
the four basic FRS elements. As shown, a single FRS can describe an entire facility or a select subset as
required by the project scope. Likewise, certain aspects such as the Sequence matrix may be omitted
from the FRS if they are to be deferred to a separate project or provided by a different supplier.

— 17 — ANSI/ISA–5.06.01–2007
Database
Interlock Matrix
Sequence Matrix
Human-Machine Interface
Discharge
Gas Waste Treatment
Train Units
# Blender Reactor Centrifuge Dist’n Col’n Dryer P
U
Raw S T A S
1 BL-101 RX-102 CE-103 DI-104 DR-105 Product
Materials T I C T Shipping
O L K O
R I 2 BL-201 RX-202 DI-204 DR-205 A R
A T G A
G I I G
E 3 RX-302 CE-303 DI-304 N
E E
S G
4 BL-401 CE-403 DR-405
Liquid & Solid Waste Treatment
Discharge
Figure 4 — Example of modular plant partitioning and software documentation

4.1.1 Database
The first part of the documentation is the database, which can be tabulated under various column
headings as illustrated in Figure 5. This closely resembles the instrumentation index with provision to
record details of Input/Output (I/O) functionality and the parameters required to support operator displays,
alarms and control loops. System-dependent implementation details will be defined in the Detailed Design
Specification (DDS) which follows later. Though system specific, I/O hardware and software addresses
are often considered as a functional requirement because of their potential impact on process availability;
as such, they may be designated in the FRS after selection of the control system.

ANSI/ISA–5.06.01–2007 — 18 —
Figure 5 — Database documentation
The five sections of the database shown in Figure 5 can be consecutive column headings across a
spreadsheet. They are shown here as separate sections of the table due to space limitations. In actual
use on a spreadsheet they will all follow left to right on one table. The separate sections shown here may
be useful for breaking out the table for a printed copy. Leaving this as a continuous spreadsheet will make
using it easier. Each row would then show the relevant information for a single instrument or control
module; associated alarms may be designated using multiple entries per cell, additional columns or
separate tags. This document is the cornerstone of the FRS because it forms the basis or foundation for
the other documents that follow. It is applicable for both continuous and batch control but typically
contains many more internal variables when applied to a batch process.

— 19 — ANSI/ISA–5.06.01–2007
The column names for the database (Figure 5) are suggestions only. Depending on the system, software
to be used and other parameters, columns may need to be added, deleted or renamed. The planned uses
for each column are:
Basic Point Data

CM Tag: the control module name usually corresponding to the instrument tag number shown on the
P&ID, instrument index, etc.
Service: the piece of equipment or module with which the instrument or loop is most closely associated.
Location: the Unit or Equipment Module that includes the Control Module.
P&ID: the Piping and Instrumentation Drawing showing the instrument or loop.
Comments: provides additional information, if needed, for the instrument; may identify special or atypical
feature requirements (not used in the examples that follow).
I/O Interface Data
Point Type: indicates the functionality of the item – i.e., discrete vs. analog vs. digital, control vs. alarm,
and input vs. output; optionally may refer to a separately specified class of control modules, equipment
modules or units.
Device Type: provides additional description of the item such as valve, motor starter, software / function
block and may note signal conditioning such as characterization (chr) or square root extraction (√) to be
performed within the field device.
Signal Type: shows type of signal for the I/O loop.
Signal Conditioning: shows any adjustments that must be made to the input signal for the desired
control action--i.e., pressure or temperature linearization, square-root extraction.
I/O Tags: shows all P&ID tags associated with a particular control module.
I/O Address: hardware or software address information; cabinet location and software identification for
troubleshooting, etc.
Human/Machine Interface Data
Scale: the zero and full-scale values or enumerated state descriptors for each signal.
Eng Units: unit descriptor to accompany the value display.
Descriptor: the full description of the instrument or loop for use on alarm and event lists, point details and
other displays having sufficient space.
Keywords: the abbreviated description of the instrument or loop for use on group displays and others
having limited space.
Data Logging & Archival: This is initially just a “yes/no” flag indicating if this control module should have
data logging and/or archiving capability. Later, this can be expanded to show the frequency of these
functions.
Operating Data
Alarm Type: identifies the type of each required alarm, such as bad value, high, and hihi for an analog
data point or command disagree and un-commanded change for a digital loop.
Alarm Setpoint: the reading values that will activate the alarms, usually just one for each value, but may
specify that it will be written or activated by a recipe or sequence logic.

ANSI/ISA–5.06.01–2007 — 20 —
Alarm Priority: the level of urgency to relay to the operator: different alarms within a loop can have
different priorities.
Output Direction: defines the relationship between the controller output and the final control element
(direct or reverse).
Controller Type: manual, automatic and supervisory.
Controller Algorithm: proportional, integral, derivative and combinations desired for the control
functioning.
Controller Action: direct or reverse action of the controller output in response to the controlled variable--
i.e., increasing or decreasing as the process value increases above the setpoint.
Note — Data access rights are presented in the HMI data security section while alarm deadbands are typically noted per point only
upon exception to a percentage value footnoted on the database table. A further important part of the control database definition is
specifying the instance-independent functionality for each class of control modules that will be referenced in the database matrix. A
typical definition is illustrated in Figure 10d as part of the first application example. The corresponding control logic can ultimately be
configured through any one or more of the following control language types: Boolean, function blocks, structured text, ladder logic
and others.
4.1.2 Process Interlock Matrix
Next is the process interlock matrix illustrated in Figure 6. This contains the documentation for all of the
process and safety interlocks in a particular section of the plant or project. It may be desirable to keep the
safety interlock documentation separate from the process interlocks. Showing both here will help assure
that all process concerns are addressed. The purpose here is to document the continuous interlock
requirements within the control system regardless of whether the process is continuous or batch.
Continuous timed sequences (such as for a sump pump or for baghouse blowdown valves) may be
defined here or in the sequence matrix depending upon complexity and safety impact. Product-dependent
trip points (such as reactor temperature limits) will normally be identified in the sequence matrix with the
associated actions defined either here or in the sequence matrix.
The interlock logic can be described in a simple table listing the interlock numbers taken from the P&ID
(piping and instrumentation diagram) or equivalent document along with the initiating device(s) and
control device(s). Examples of these include a temperature switch, proximity sensor and block valve.
The P&ID presentation below graphically illustrates the different hardware and software components used
to interlock the normal control function (HS-104) with a low level switch (LSLL-101) acting on the final
control element (SV-104) using the software logic solver (UC-104).
The company that will be operating the system defines the hazard level. Some examples of hazard levels
defined by the potential for material, equipment and personnel loss are shown below. Further information
can be found in Guidelines for Safe Automation of Chemical Processes (see section 2), AIChE / CCPS,
1993, www.aiche.org. Guidance for the choice of interlocks, their logic and setting the Safety Integrity
Level is found in ANSI/ISA-84.00.01-2004 Parts 1-3 (IEC 61511 Modified), Functional Safety: Safety
Instrumented Systems for the Process Industry Sector. www.isa.org .

— 21 — ANSI/ISA–5.06.01–2007
INITIATING CONTROL DEVICE

SAFETY
ID DEVICE (FAULT) (ACTION) HAZARD OPERATING INTERLOCK
INTEGRITY
NUMBER LEVEL MODE PURPOSE
LEVEL
SET POINTS LOGIC
Figure 6 — Interlock matrix documentation
Sample Definitions:
Hazard Level: Material Loss Equipment Loss Personnel Loss
(0) None
(1) Low Recoverable Repairable Damage Medical Treatment
(2) Medium Batch Lost Replace Unit Lost Time Accident
(3) High Other Batches Lost Replace Other Units Mult. Injury or Death

ANSI/ISA–5.06.01–2007 — 22 —
Safety Integrity Levels--Examples:
(1) One sensor, one logic solver, one actuator

(2) Two sensors, two logic solvers, one actuator
(3) Two sensors, two logic solvers, two actuators
Operating Modes
*AR = Automatic reset
*R = Manual reset
*V = Override (with pre-set timer)
*B = Bypass (forcing, testing)
The process safety team should review this simple list before the actual software configuration is
developed. These interlocks may be modified based on the results of a hazard analysis for the unit.
4.1.3 Sequence Matrix
The sequence operation of the process is then documented. This may be accomplished with the
sequence matrix (see Figures 7a, 7b, and 7c). This information can also be presented using sequential
function charts, relay ladder logic and other formats. Here we show the matrix as prepared on a
spreadsheet. The sequence matrix has three main sections:
• Normal sequence matrix

• Hold sequence matrix
• Recipe sequence matrix
Figure 7a — Normal sequence matrix

— 23 — ANSI/ISA–5.06.01–2007
Figure 7b — Hold sequence matrix
RECIPE INITIAL OPERATIONS SHUT- CHANGE CONTROL
PARAMETERS PHASE PHASE PHASE PHASE PHASE PHASE DOWN DESCRIPTION DATE BY
PHASE
VARIABLES CODED IN PROGRAM
VARIABLES ENTERED BY OPERATOR
VARIABLES ENTERED BY PRODUCTION SUPERVISOR
Figure 7c — Recipe sequence matrix
A Sequence matrix can be developed for either a continuous or batch process as shown in the examples
to follow. It will typically be much simpler for a continuous process and may not have a recipe matrix. The
sequence matrix can be used to specify the following types of control requirements:
• State definitions and allowed transitions for control modules (CM), equipment modules (EM), units, or
classes of like CM, EM, or units whose instances have been identified in the database and/or
interlock matrix (usually oriented toward low-level equipment functions requiring little product-specific
knowledge; operators, interlocks or phase logic initiate all state transitions; class definitions should be
reusable from project to project).
• Sequence definition and parameter identification for phases or classes of like phases whose
instances are identified relative to a particular EM, unit or class of like EM or units referenced in the

ANSI/ISA–5.06.01–2007 — 24 —
database (usually oriented toward minor processing functions requiring little product-specific
knowledge; typically interfaces to field devices indirectly by manipulating CM and/or EM states;
operators or recipe sequences initiate phase execution; class definitions for common requirements
should be reusable from project to project).
• Definition of phase sequencing, equipment requirements/arbitration and process parameters
necessary to manufacture each product or class of products (coordinates all product-specific control
requirements; operator or higher-level scheduling systems initiate recipe execution)
• Accommodation of both normal and abnormal process conditions for each of the above including
hierarchical propagation of consequential actions as needed.
Preparing the product-specific requirements necessitates a detailed knowledge of the operations to be

conducted in the subject equipment. Typically, a process write-up or batch sheet and standard operating
procedure will provide the necessary knowledge. Using common or generic terms for the phase names
will make this document more understandable for others who use it. Sample operation names include:
prepare, react, distill, extract, solvent strip, clean and shutdown. Typical phase names include: initial, fill,
mix, heat, cure, settle, drain/dump and transfer. The user can employ these or other names as
appropriate. These names need to be clearly understood by the plant personnel.
One or more phases may require that multiple actions be completed in order to satisfy the phase
requirements. These multiple actions are called steps. All of these steps are typically shown in one
column of the spreadsheet. The order in which these must be satisfied is indicated with numbers in
parenthesis after the listed action. Where additional distinction between the steps is necessary the
column under the phase can be split to show the different steps.
If an equipment module is part of the unit, this will need to be shown in the sequence matrix. If the
equipment module is shared by multiple units it will require its own matrix. Otherwise, its phases can be
incorporated into the matrix for that unit. Two examples are a heating/cooling system for a reactor jacket
and charging manifold with valves and a pump. Using an equipment module may simplify the software
programming during integration.
The Normal Sequence matrix (Figure 7a) provides information for all expected usual or routine
operations. As indicated, it shows the expected operation of each discrete and analog device associated
with the unit. Where there are particular conditions that must be met at the start or end of a phase these
should be listed. These conditions include the setpoints of analog controls that must be satisfied as given
in the Recipe Sequence below.
Operator messages will appear on the HMI (human-machine interface) to cue an activity by the operator.
Batch report variables will be configured into reports to be prepared as hardcopy or electronic media. If
manual operations are required to complete the phase, an operator message will cue the personnel and
wait for the appropriate response before continuing the phase processing.
Two formats for the Sequence matrix are shown in the examples. The first contains less-detailed
information and will often satisfy the needs of the URS. All of the operations, phases and steps can be
shown; however, little detail of their functionality is possible here. Each phase occupies a single column in
the spreadsheet. This provides a good overview of the control scheme. This does not contain sufficient
detail for an instrumentation engineer or system integrator.
The second format provides the level of detail required by these last functions. The information for each
phase is detailed over several columns. It can show the details of each control function needed for the
system to function. This level of detail is necessary for the FRS and is illustrated for just one of the
phases in each example. It also provides the information needed to validate the operation of a control
system during start-up.

— 25 — ANSI/ISA–5.06.01–2007
The Hold Sequence (Figure 7b) indicates which conditions are considered to be abnormal by the system
and the resulting actions in response to these conditions. If any of the abnormal conditions are met, the
system will proceed to the condition shown under Hold Actions and the operator message will be
displayed. When the abnormal condition no longer exists the “Recovery” status will be initiated if the
system is in full automatic operation.
The Recipe Sequence matrix (Figure 7c) may show general recipe information or have specific
information for several recipes to be programmed for that unit. Each parameter needed for a recipe is
shown with the permission level required by a person to enter or modify that parameter. Where there are
limits on a parameter for a specific phase, this is shown in the appropriate column. This helps prevent
entry of wrong values for the parameters.
The allowable modes of operation for each phase include manual and automatic. Under automatic
operation, a recipe will proceed without operator interaction unless a hold condition occurs or interaction
is required for a particular part of a phase.
4.1.4 Human - Machine Interface (HMI)
ISA-5.5-1985, Graphic Symbols for Process Displays, provides a good starting point in defining the
shapes of process equipment for the dynamic graphic displays on operator console screens. It also
provides guidelines for use of color for graphic displays. Many hardware vendors have a built-in library of
ISA symbols in their graphic display packages.
In addition to displays that usually are supplied as standard with most systems such as controller
faceplates, alarm summary displays and trend displays, custom displays may be required to facilitate the
operation of a control system. Examples include the interlock and sequence status displays shown in
Figures 12b and 12c.
An important part of the HMI definition is setting the data security and access levels. A typical definition is
shown in Figure 8. Access needs to be set for different functions in the system such as changing loop set
points and changing recipes by various personnel such as operators, supervisors and engineers. For
some systems, many more access levels are available. A typical example of this is multiple operator
classes with permissions limited by process area(s).
PERSONNEL TYPE
FUNCTION
Operator Technician Supervisor Engineer
Controller Tuning NO YES NO YES

Controller SP Change YES YES YES YES
Interlock Setting Change NO YES NO YES
Alarm SP Change NO YES YES YES
Recipe Selection NO NO YES YES
Figure 8 — Data security definition

— 27 — ANSI/ISA–5.06.01–2007
Annex A — (informative) Application Example 1: Batch Reactor
The following chemical reactor example illustrates the application of the methodology to a simple batch
process. As the P&ID shows (Figure 9), this reactor will fill multiple materials, heat, mix, and drain
material.
HS UNIT R-101
SHARED EQUIPMENT MODULE EM -1
102
HS
HS I
001
UC
004
102
HS
MIXER
ZIC 003 AG-102 TAH
TAHH
004A
XV LAHH
TT TC
001
UC FQC 103 106
FILL A 106
003 003
ZIC
TV
004B LSHH 106
103
FT
FILL B 003
ZIC STEAM
004C LT
FV 101 REACTOR
003 R-101
FILL C PUMP
P-003
T CONDENSATE
LAH
LSL LI
HS
I XV 101 101
HS XV
002 002
LSLL 105 105
101
DRAIN
LSHH-
203 UC PUMP
P-104
104
HS
R-201
104
REACTOR R-1
P&ID
UNIT R-201 Note: XV limit switches and pump run indications
are not shown here due to space limitations DRAWING # P-101
Figure 9 — Chemical reactor P&ID

The raw material charging manifold and pump are treated as a shared equipment module (EM-1)
because this feed system serves more than one reactor. Accordingly, the phase logic for EM-1 is defined
in a separate, small sequence matrix whose operation is triggered by the batch recipe. The HS-004
setpoint, which is also recipe-controlled, determines the proper position switch (ZIC-004A/B/C) alignment
and selectively enables the valve position alarms. All valves and other instruments for R-201 and EM-1
are included in the full database matrix.

ANSI/ISA–5.06.01–2007 — 28 —
The database (Figures 10a, b and c) gives the information for each device on the P&ID in Figure 9. The
digital control module classes identified in the “Point Type” column (Figure 10a) are functionally defined
by the respective class details shown in Figure 10d.
Initially, the I/O address column in Figure 10a may list only the number and type of connections as
shown in Figure 10d. Later, this can be split into multiple columns as required by the system layout and
details. These additional columns may show (1) the physical location of the cable connections (cabinet
data); (2) the logical connections to other control software; and (3) the software address as appropriate
to the control system used for the particular process system.
The HMI information for scale and engineering units (Figure 10b) will come from process information and
possibly equipment design limits. The “keyword” is necessary only if the HMI display has an insufficient
number of characters for the full length “descriptor.” The alarm function and control loop data (Fig. 10c)
will impact the Sequence Matrix inputs. Note that these three sections of Figure 10 will typically appear
left to right in a spreadsheet and not as three separate items as shown in this document. This will more
clearly show the relationship between the various sets of information. Obviously in this format the first
three columns need not be repeated.
Figure 11a illustrates the software interlock matrix for Unit R-101, which provides the following process
functionality based on the P&ID:
(a) If the liquid level is too low interlocks UC-102 and UC-104 will shut off the mixer and pump.
(b) Interlock UC-104 will prevent the drain pump from operating if the drain valve is closed.
(c) Interlock UC-003 shuts down the charging control module when the desired charge quantity has
been satisfied.
The Manual Reset capability for each interlock in this example is provided by de-energizing the
associated “Hand Switch” that is normally used to manually change valve position or motor condition. In
this way the Hand Switch outputs will not immediately reactivate the interlocked device when the initiating
condition clears. Any additional interlocks would be set up the same way. Definitions for the hazard and
safety levels are based on the example shown in Figure 6.
Figure 11b illustrates the software interlock matrix for the exclusive use common Equipment Module EM-1
which provides the following functionality based on standard operating practices:
(a) Reinforce the hardwired charge valve interlocks shown on the P&ID by de-energizing the
associated Hand Switch when a reactor level exceeds its safe limit, thereby requiring operator
intervention (Manual Reset) for charging to resume after the condition clears.
(b) Additional interlocks help to assure integrity of the charge path and measurement of the charged
quantity.

CM TAG LOCATION P&ID POINT TYPE ** DEVICE TYPE SIGNAL TYPE I/O TAGS I/O ADDRESSES *
XV-001 ZSC, ZSO,

R-101 P-101 VLV-FC BALL VALVE 24 VDC DI (2), DO (1)
XS
ZSC, ZSO,
XV-002 R-102 P-101 VLV-FC BALL VALVE 24 VDC DI (2), DO (1)
XS
HS-003 P-003 P-101 MOTOR PUMP 120 VAC XI, XS DI (1), DO (1)
CORIOLIS / FT
FC-003 P-003 P-101 LOOP 4-20 MA FT, FV AI (1), AO (1)
GLOBE VALVE
FQ-003 P-003 P-101 ACCUM - software FC-003.PV
ZIC-004A P-003 P-101 VLV-1 BALL VALVE 24 VDC ZSC DI (1)

ZIC-004B P-003 P-101 VLV-1 BALL VALVE 24 VDC ZSC DI (1)
ZIC-004C P-003 P-101 VLV-1 BALL VALVE 24 VDC ZSC DI (1)
HS-004 P-003 P-101 HS-004 - software ZIC-004A,B,C
— 29 —
LI-101 R-101 P-101 AI RADAR 4-20 MA LT AI (1)
HS-102 AG-102 P-101 MOTOR AGITATOR 120 VAC XI, XS DI (1), DO (1)
LAHH-103 R-101 P-101 ALARM-1 CONDUCTIVITY 24 VDC LSH DI (1)
ZSC, ZSO,
XV-105 R-101 P-101 VLV-FC PLUG VALVE 24 VDC DI (2), DO (1)
XS
PT RTD / TT(chr)
ANSI/ISA–5.06.01–2007
TC-106 R-101 P-101 LOOP 4-20 MA TT, TV AI (1), AO (1)
GLOBE VALVE
* I/O counts to be replaced by addresses upon system selection and I/O assignment
** Functionality defined by Control Module class definition matrix (Fig. 10d)
Figure 10a — Database I/O information

ANSI/ISA–5.06.01–2007
CM TAG SCALE ENG.
LOCATION P&ID DESCRIPTOR KEYWORD
LOW HIGH UNITS
XV-001 R-101 P-101 REACTOR INLET VALVE INLET VALVE
XV-002 R-102 P-101 REACTOR INLET VALVE INLET VALVE
HS-003 P-003 P-101 FILL PUMP MOTOR FILL PUMP
FC-003 P-003 P-101 0 1000 LB/MIN FEED FLOW CONTROLLER FEED CONT.
FQ-003 P-003 P-101 0 30000 LBS FEED TOTALIZING SWITCH FEED TOTAL
ZIC-004A P-003 P-101 FEED MANIFOLD VALVE A FEED VLV A
ZIC-004B P-003 P-101 FEED MANIFOLD VALVE B FEED VLV B
ZIC-004C P-003 P-101 FEED MANIFOLD VALVE C FEED VLV C

HS-004 P-003 P-101 FILL SOURCE SELECTOR FILL SOURCE
LI-101 R-101 P-101 0 100 % REACTOR LEVEL INDICATOR RX LEVEL
— 30 —
HS-102 AG-102 P-101 REACTOR AGITATOR AGITATOR
LAHH-103 R-101 P-101 REACTOR HIHI LEVEL ALARM RX HIHI LVL
HS-104 P-104 P-101 DRAIN PUMP MOTOR DRAIN PUMP
XV-105 R-101 P-101 REACTOR OUTLET VALVE OUTLET VALVE
TC-106 R-101 P-101 70 250 DEGREE C TEMERATURE CONTROLLER TEMP. CONT.
Figure 10b — Database HMI information

CM TAG ALARM FUNCTIONS CONTROLLERS
OUTPUT
LOCATION P&ID
DIRECTION
TYPE SP PRIORITY TYPE ALGORITHM ACTION
XV-001 R-101 P-101 FB_ERR 10 SEC MED DIRECT . . .
XV-002 R-201 P-101 FB_ERR 10 SEC MED DIRECT
HS-003 P-003 P-101 FB_ERR 3 SEC MED DIRECT
FC-003 P-003 P-101 . DIRECT M/A P,I,D REVERSE
FQ-003 P-003 P-101 FQSH RECIPE LOG ONLY
ZIC-004A P-003 P-101 STATE * ** MED

ZIC-004B P-003 P-101 STATE * ** MED
ZIC-004C P-003 P-101 STATE * ** MED
— 31 —
HS-004 P-003 P-101
LAH 85% MED

LI-101 R-101 P-101 LSL 10% LOG ONLY . . . .
LSLL 3% LOG ONLY
HS-102 AG-102 P-101 FB_ERR 3 SEC MED DIRECT . . .
LAHH-103 R-101 P-101 STATE HIGH . . . .
ANSI/ISA–5.06.01–2007
HS-104 P-104 P-101 FB_ERR 3 SEC MED DIRECT . . .
XV-105 R-101 P-101 FB_ERR 10 SEC MED DIRECT . . .
TAHH 200 C HIGH

TC-106 R-101 P-101 DIRECT M/A P,I,D REVERSE
TAH RECIPE MED
* Enabled/disabled by HS-004 according to commanded position
** Set by HS-004 according to commanded position
Figure 10c — Database operating information

CLASS INPUTS CORRESPONDING OUTPUTS
FEATURES
INPUT STATE INPUT 1 INPUT 2 INPUT 3 COMMANDED STATE OUTPUT 1 OUTPUT 2
ANSI/ISA–5.06.01–2007
I/O - ZIC ZSO - XS
OPEN OFF ON OPEN ON
CLOSED ON OFF CLOSED OFF
STATE NAMES
MOVING OFF OFF
VLV-FC
INVALID ON ON
ALARM TYPE FB_ERR ALARM IF INPUT STATE DOES NOT TRACK OUTPUT STATE WITHIN 10 SECONDS **
INTERLOCK FORCE CLOSED
TRIP LOGIC
FB_ERR COMMAND CLOSED
I/O - XI - XS
RUN ON RUN ON
STATE NAMES
STOP OFF STOP OFF
MOTOR
ALARM TYPE FB_ERR ALARM IF INPUT STATE DOES NOT TRACK OUTPUT STATE WITHIN 3 SECONDS **
INTERLOCK FORCE STOP
TRIP LOGIC
FB_ERR COMMAND STOP
I/O - LSHH
LAHH OFF
ALARM-1 STATE NAMES
NORMAL ON
ALARM TYPE STATE ALARM IF LSHH = OFF
I/O - ZIC
OPEN OFF
VLV-1 STATE NAMES
— 32 —
CLOSED ON
ALARM TYPE STATE ALARM IF ZSC = OFF
I/O - ZIC-004A ZIC-004B ZIC-004C
OPEN_A OFF ON ON
OPEN_B ON OFF ON
STATE NAMES OPEN_C ON ON OFF
CLOSED ON ON ON
MISALIGNED ANY OTHER COMBINATION
HS-004
ENABLE ZIC-004A/B/C ALARMS WHEN HS-003 OUTPUT (DESIRED) STATE IS NOT CLOSED; SET
LOGIC FOR ALARM STATES OF ZIC-004A/B/C ACCORDING TO HS-004 OUTPUT AS FOLLOWS:
ENABLING ZIC ON ZIC OFF ZIC OFF OPEN_A
EXTERNAL ZIC OFF ZIC ON ZIC OFF OPEN_B
ALARMS ZIC OFF ZIC OFF ZIC ON OPEN_C
ZIC ON ZIC ON ZIC ON CLOSED
* Identified as “Point Type” in Figure 10a ** Actual timing individually adjustable for each instance
Figure 10d — Control module class definition

CONTROL DEVICES INTERLOCK PURPOSE
INITIATING DEVICES (FAULT) SAFETY
(ACTION) HAZARD
ID NUMBER INTEGRITY OPERATING MODE
LEVEL
LEVEL
SETPOINTS LOGIC
{HS-004 CMD = CLOSED *}

PREVENT PUMP RUNNING
OR {HS-004 INPUT = MISALIGNED *} OR STOP P-003 WHEN FEED SOURCE NOT
UC-003 LOW 1 MANUAL RESET
{FQ-003 > RECIPE SP (XS-003 OFF) SELECTED, MISALIGNED, OR
CHARGE COMPLETE
(FQSH-003 ON)}
LI-101 < 10% STOP AG-102

UC-102 LOW 1 MANUAL RESET PROTECT AGITATOR

(LAL-101 ON) (XS-102 OFF)
— 33 —
{XV-101 CLOSED
(ZIC-101 ON)} OR PREVENT PUMP RUNNING

STOP P-104
UC-104 LOW 1 MANUAL RESET WHEN VALVE CLOSED OR
{P-104 RUNNING (XS-104 FB ON) FOR (XS-104 OFF)
60 SEC WHILE LI-101 < 3% (LALL-101 REACTOR EMPTY
ON)}
* Not shown on P&ID
ANSI/ISA–5.06.01–2007
Figure 11a — Software interlock matrix for Unit R-101
ANSI/ISA–5.06.01–2007
CONTROL DEVICES
INITIATING DEVICES (FAULT)
(ACTION)
ANSI
OPERATING
INTERLOCK PURPOSE
MODE
SETPOINTS LOGIC
ID NUMBER
{LAHH-103 IN ALARM PREVENT R-101 FROM OVERFLOWING,

(ALSO HARDWIRED***)} OR CONFIRM PROCESS OWNER,
CLOSE XV-001 MANUAL
* {R01.BATCHID <> EM1.BATCHID **} OR INTEGRITY OF CHARGE MEASUREMENT,
(HS-001 OFF) RESET
— 34 —
{XV-002 OPEN (ZSC-002 OFF)} OR AND
{HS-004 MISALIGNED (INPUT STATE)} PREVENT CHARGING WRONG MATERIAL
{LAHH-203**** IN ALARM PREVENT REACTOR FROM OVERFLOWING,

(ALSO HARDWIRED***)} OR CONFIRM PROCESS OWNER,
CLOSE XV-002 MANUAL
* {R02.BATCHID <> EM1.BATCHID **} OR INTEGRITY OF CHARGE MEASUREMENT,
(HS-002 OFF) RESET
{XV-002 OPEN (ZSC-002 OFF)} OR AND
{HS-004 MISALIGNED (INPUT STATE)} PREVENT CHARGING WRONG MATERIAL
{XV-001 FB_ERR OR XV-002 FB_ERR INTEGRITY OF CHARGE PATH,

(ALARM STATES)} OR PREVENT PUMP RUNNING WITH
STOP P-003 MANUAL
* {XV-001 CLOSED AND XV-002 CLOSED (COMMAND DISCHARGE BLOCKED, AND
(HS-003 OFF) RESET
STATES)} OR PREVENT PUMP RUNNING WITH INLET
{HS-004 CLOSED (INPUT STATE)} BLOCKED
START FQC-003
MANUAL
* P-003 RUNNING (XI-003 ON) INTEGRATION (FQ-003 INTEGRITY OF CHARGE MEASUREMENT
RESET
ACCUMULATOR)
* Not shown on P&ID
** BATCHID’s allocated by recipe after confirming EM or unit availability
*** SIL satisfied by hardwired protection; independent software layer provided for proper HS operation.
**** LAHH-203 specified separately in R-201 database matrix
Figure 11b — Software interlock matrix for Equipment Module EM-1

— 35 — ANSI/ISA–5.06.01–2007
The Sequence Matrix (Figures 12a, b, c) for this relatively simple example can quickly become very
involved because of the number of potential interactions among the control entities. To avoid
overwhelming complexity, it is imperative to efficiently modularize the sequencing requirements by
separating low-level and highly reusable equipment-centric sequences from high-level product-centric
requirements. For notational simplicity, the abbreviations OP, SP, and PV are used to denote the output,
setpoint, and measured value, respectively, for each loop.
The “Fill” and “Dump” phases in Figure 12a show three steps with their sequence of operation to
complete the phase. For the “Fill” phase, the agitator must be stopped, then the outlet valve must be
closed; finally, the fill module will operate to permit entry of material. The fill module will not be instructed
to operate by the control system until both of the other steps have been completed.
Interruption of a particular phase can result from multiple causes as shown in Figure 12b. Each cause will
result in an appropriate alarm message at the operator console. Recovery from this interruption will occur
as shown if the control system is in “auto” mode. Otherwise, operator intervention will be required to
resume operations.
The “Recipe Matrix” may have very specific values for each recipe parameter or have a range as shown
in Figure 12c. If ranges are included, the security level required to enter or change a particular value
must be shown in the “Parameter Entered By” column. The recipe to be used for each batch is selected
from the options in Figure 12c.
The batch sequence matrix must also contain logic to request allocation of equipment module EM-1 to the
batch and, upon acceptance by EM-1, to set its parameters and initiate its phase logic. EM-1 continuously
compares its batch assignment with those downstream of XV-001 and XV-002, to determine which one (if
either) to enable and which to force closed. The recipe-controlled HS-004 setpoint determines the proper
ZIC-004A/B/C permissives to operate the feed pump and alarms if any valve is opened erroneously.
Figures 12a, b, c define the procedural control requirements for Unit R-101 at a suitable level of detail for
a User Requirement Specification (URS). The full level of phase specification detail required for a
Functional Requirement Specification (FRS) is illustrated in Figure 12d for the exclusive use common
Equipment Module’s FILL_R101 phase. The top section shows the final setpoints and initial values for the
control modules plus other reference values used during this phase. The bottom section of Figure 12d
shows the detailed actions and end conditions for each of the steps referred to above. The text comment
gives a good description of the purpose for each step. The step sequence diagram may be included if
necessary to illustrate parallel execution paths. The FRS information for R-101 would include a similar
level of detail.
It is generally easier to keep all the information clear by stacking the normal, hold, and recipe matrix
elements on top of one another in a spreadsheet. This is shown on the matrix for the equipment module
(Figure 12d). In certain instances, there may be more than one condition, which would cause a phase to
end or a Hold Condition to occur. To clearly show this, split the column under the particular phase and
enter both conditions.

ANSI/ISA–5.06.01–2007
OPERATIONS PREPARATION REACTION TRANSFER CLEAN SHUT
PHASES INITIAL FILL HEAT CURE DUMP DOWN
PHASE REF. NO. (1) (2) (3) (4) (5) (6) (7)
CM TAG DESCRIPTION
XV-105 OUTLET VALVE CLOSED CLOSE (2) CLOSE CLOSE OPEN (2) CLOSE (2) / OPEN (4) CLOSE
DISCRETE
HS-102 AGITATOR STOPPED STOP (1) RUN RUN STOP (1) RUN (2) STOP
CONTROL
HS-104 DRAIN PUMP STOPPED STOP (1) STOP STOP RUN (3) STOP (1) / RUN (4) STOP
MODULES
N
O
ANALOG RAMP SP: AT 2
TC-106 BATCH TEMP. SP = 95C SP= 20C
DEG/MIN
R
CONTROL
MODULES FQ-003 FILL AMOUNT RESET TOTAL=0
M
RUN (3); RUN (3);
— 36 —
A
EM1.BATCHID = EM1.BATCHID =
L
ACQUIRED
R101.BATCHID; R101.BATCHID;
EQUIPMENT
MODULE EM1.FILL_R101 N/A EM1.RM_SRC = N/A N/A N/A EM1.RM_SRC = N/A
S
PHASES & “XV-002”; “XV-002”;
E PARAMETERS
EM1.FQ_TOT.TAR = EM1.FQ_TOT.TAR =
Q
R101.RP3.TAR 600 L
U
PV OF TC-106 WAIT TIME=RP2
E IF LI-101 < 1% PV OF FQ-003= RP3
= RP1 (SEE HOURS (SEE PV OF FQ-003= 500 AND
END OF PHASE CONDITIONS AND OPERATOR (SEE RECIPE LI-101=<1%
RECIPE RECIPE TIC = 95C FOR1 HOUR
START BATCH MATRIX)
MATRIX) MATRIX)
N
ALLOWABLE PHASE TRANSITIONS 2 1 &3 4 5&3 6 7 1

C
ENTER PHASE
E START NEW ENTER SP. OF
OPERATOR MESSAGES DURATION
BATCH ?? TC-106
TIME
PHASE TEMP.AT END PHASE

BATCH REPORT VARIABLES PHASE DURATION
DURATION OF PHASE DURATION
Figure 12a — Normal sequence matrix for Unit R-101

OPERATIONS PREPARATION REACTION END SHUT
PHASES INITIAL FILL HEAT CURE DUMP CLEAN DOWN
PHASE REF. NO. (1) (2) (3) (4) (5) (6) (7)
CM TAG
XV-001
DISCRETE
H
XV-105 OPEN OPEN
CONTROL
O I C
HS-102 STOP
N O MODULES
L
I N HS-104
D T D
ANALOG TC-106 IF >140 C IF >140 C
I I
— 37 —
A T CONTROL FQ-003 IF > RP3
S T I MODULES LI-101 > 1% IF > 5%
E I O
N N\ ACQUIRED
Q EM-1 FILL_R101.HOLD FILL_R101.HOLD
G S EQUIPMENT
MODULES
U
E ELAPSED TIME IF >30 min IF >2 hr IF >30 min
ANSI/ISA–5.06.01–2007
N DO NOT SET TC-106 SET TC-106
PROCEED TO
HOLD ACTIONS CLOSE XV-001 CLOSE XV-105
FILLING
C PHASE = 60C = 60C
E EMPTY CHECK AG-

OPERATOR MESSAGES CHECK XV-105
REACTOR 102
RESTART GO TO SHUT- RESTART RESUME

RECOVERY RESUME PHASE
PHASE DOWN PHASE PHASE
Figure 12b — Hold sequence matrix for Unit R-101

ANSI/ISA–5.06.01–2007
R RECIPE RECIPE PRAMETER INITIAL FILL HEAT CURE DUMP SHUT-DOWN
E # PARAMETERS(RP) ENTERED BY (1) (2) (3) (4) (5) (6)
C FQ-003 (RP3) PROGRAM 1000 L
I A CURE PHASE TIME (RP2) OPERATOR 1 HR < Y < 2 HR
P
TC-106 (RP1) SUPERVISOR 50C< X <90C
E
FQ-003 (RP3) PROGRAM 600 L
B CURE PHASE TIME (RP2) OPERATOR 2 HR < Y < 3 HR
M
TC-106 (RP1) SUPERVISOR 60C < X <100C
A
FQ-003 (RP3) PROGRAM 1500 L

T
CURE PHASE TIME (RP2) OPERATOR 3 HR < Y < 5 HR
— 38 —
R C
I
TC-106 (RP1) SUPERVISOR 70C < X < 110C
Figure 12c — Recipe sequence matrix for R-101

— 39 — ANSI/ISA–5.06.01–2007
PHASE EM1.FILL_ R101

TYPE / CORRESPONDING
PARAM. SCOPE IDENTIFIER
RANGE ACTUAL VALUE
TEXT EM1.BATCHID
HS004_ENUM EM1.RM_SRC
PARAMETERS RECIPE-WRITTEN
1000-5000 EM1.FQ_TOT FQ-003.TOTAL IN STEP 8
RECORDED AT PHASE
TIME/DATE START & END TIMES
REPORT * START & END
TEXT OPER_ID RECORDED IN STEP 8
0-100 EM1.VLV_POS 50
0-150 EM1.FLOW_SP 120
INTERNAL 0-500 EM1.PRESET 200
0-50 EM1.TRICKLE 30
TEXT EM1.MSG_TEXT ""
STEP# DEVICE ACTIONS END CONDITION
XV-002 CLOSED
1 ZSC-002 ON
FQ-003 RESET IF HS-001 OFF
HS-004 EM1.RM_SRC
"PREPARE FEED SOURCE “ HS-004.INPUT STATE =
2 OPERATOR COMMANDED STATE
RM_SRC “ AND ALIGN MANUAL
MESSAGE
VALVES"
XV-001 OPEN
3 ZSC-001 OFF
FQ-003 SP=FQ_TOT.TAR; START
NORMAL SEQUENCE
FC-003 MANUAL; OUTPUT = VLV_POS

4 XI-003 ON FOR 15 SEC
HS-003 RUN
FC-003 AUTO; SP = FLOW_SP
FQ-003.TOTAL >
5 OPERATOR IF STEP TIME>60 MINS: "CHARGE FQ-003.SP - PRESET
MESSAGE TIME EXCEEDED: CHECK FLOW"
FIC-003 AUTO; SP = TRICKLE
FQ-003.TOTAL >
6 OPERATOR IF STEP TIME>5 MINS: "CHARGE FQ-003.SP
MESSAGE TIME EXCEEDED: CHECK FLOW"
HS-003 STOP
7 WAIT 10 SEC
FC-003 OUTPUT = 0
XV-001 CLOSED
HS-004 CLOSED
OPER_ID RECORDED WITH
8 FQ-003 STOP; FQ_TOT.ACT = TOTAL
MESSAGE CONFIRMATION
OPERATOR "CONFIRM CHARGE PROPERLY
MESSAGE COMPLETED"
DEVICE CONDITION (ACTIVE STEPS) MSG_TEXT VALUE
XV-002 FB_ERR AND HS-002 OFF (1-6) "CHECK XV-002 AND"
"CHECK RM MANIFOLD
HS-004 MISALIGNED OR CLOSED (3-6)
AND"
INITIATING
FB_ERR (3) "CHECK XV-001 AND"
CONDITIONS XV-001
HS-001 OFF (4-6) "CHECK XV-001 AND"
HOLD SEQUENCE
FB_ERR (4) "CHECK HS-003 AND"

HS-003
XI-003 OFF (5-6) "CHECK HS-003 AND"
HMI OPERATOR INITIATED (1-6) "OPERATOR INITIATED -"
STEP# DEVICE ACTIONS END CONDITION
HS-003 STOP
H1 WAIT 10 SEC
FC-003 MANUAL; OUTPUT = 0
XV-001 CLOSED
XV-002 CLOSED
HS-004 CLOSED OPERATOR CONFIRMS
H2
FQ-003 STOP MESSAGE
OPERATOR "HOLDING FILL: "; MSG_TEXT; "
MESSAGE CONFIRM WHEN OK TO RESUME"
* BESIDES ACTUAL VALUES CORRESPONDING TO EACH RECIPE-WRITTEN VARIABLE
Figure 12d — Equipment module sequence matrix for EM-1 phase FILL_R101

ANSI/ISA–5.06.01–2007 — 40 —
The graphical elements shown in Figure 13a are typical of those available from ISA-5.5-1985, Graphic
Symbols for Process Displays. These can generally be added to a display and configured as required to
be active elements. The two status displays (Figures 13b & 13c) will quickly show the operator the current
condition of each interlock and the progress through a recipe. These are also valuable for troubleshooting
when it becomes necessary.
Control Valve M /A Manual / Auto
Gree n Red Y ellow Blinking

Interlock/ Y ellow
Bypass
I/B C/O Open Close Trav el Failure
XV-501 Show only on failure
Motor
Interlock/ I/B M/A Manual / Auto
Bypass Gree n Red Blinking
M S/R Y ellow
Run Stop Failure
XM -601
Figure 13a — Graphic elements

— 41 — ANSI/ISA–5.06.01–2007
Outlet Steam
Agitator
Initiating Devices pump Valve
I# Ag-1
XM-1 TV-1
1 Low Rx level ( <15 %) AR AR
2 High Rx Temp.( > 200C) R

3
4
7
AR = AUTOMATIC RESET
R= MANUAL RESET Common Alarm
Figure 13b — Interlock status display
Operator Message
Operation: Reaction
Modes of operation
Phases:
Automatic
Initial
Fill Manual
Heat
Cure
Dump Start Sequence
Shutdown Stop Sequence
Parameter Actual Target

Catalyst Volume 450 Gal. 500 Gal. Start Phase
Stop Phase
Phase Progress
Recipe # A Common Alarm
Figure 13c — Sequence status display

ANSI/ISA–5.06.01–2007 — 42 —
Most systems available today have these and many other standard elements built in and ready to use
after minimal configuration. Special elements can also be created as needed using CAD software. This
should seldom be needed given the large library of control face plates, alarm lists, interlock
annunciations, etc.

— 43 — ANSI/ISA–5.06.01–2007
Annex B — (informative) Application Example 2: Continuous Distillation Column
The following distillation example illustrates the application of the methodology to a continuous process.
The P&ID for this example is shown in Figure 14. The distillation column feed comes from Tank T-101
through an economizer. The reflux is on flow control and the reflux drum level controls the distillate flow.
The distillation column pressure is controlled by a vacuum pump. Obviously, many other control schemes
are possible and necessary for specific processes. This scheme was chosen only to provide information
for this example. Only basic interlocks are shown here. Additional instrumentation and interlocks would be
necessary to provide the level of personnel and process safety required by most processes today.

PV HS
ANSI/ISA–5.06.01–2007
TO FAL TI TT PT PC 106 109
UC-104 106 106 106 106
106
PAH
TV PAL
FSL 107
106 VENT CONDENSER
COOLING WATER H-108 VACUUM PUMP
RETURN CONDENSER P-109
H-106
COOLING WATER CHILLED WATER
SUPPLY TC RETURN
107
TT
107 CHILLED WATER
SUPPLY
LC
REFLUX 107
DRUM LAL
T-107 107
LT
107
UC HS
110 110 LV
107
REFLUX PUMP
DISTILLATION P-110
COLUMN
C-104
FV
107 FC FT
— 44 —
107 107
FEED TANK
T-101 LAH
LI LAL TT
101 101 104
FROM
FAL-106
TAH
LT TAL
101 LAL UC TC
104 104 104
LT LC
104 104
UC
102 TV
104
HIGH PRESSURE
STEAM
HS
102
STEAM
T
CONDENSATE
UC HS
111 111
LV
104
FEED PUMP
P-102
FAL FC FT FEED
101 101 101 BOTTOMS PUMP ECONOMIZER CONTINUOUS
P-111
FV
H-103 DISTILLATION COLUMN
101
P&ID
DRAWING # P-104
Figure 14 — Continuous Distillation Column P&ID

— 45 — ANSI/ISA–5.06.01–2007
The database (Figures 15a, b, c) gives the information for all devices in the P&ID (Figure 14). The digital
control module classes identified in the “Point Type” column (Figure 15a) are functionally defined by the
respective class details shown in Figure 10d (see previous example).
I/O address information (Figure 15a) initially will show only the types and number of connections from this
control module to the system. When the actual plant layout is known, these can be replaced by columns
showing the cabinet and cable connections, software logical connections, and/or software address for the
particular process system. This requires some knowledge of the new or existing layouts.
The HMI information for scale and engineering units (Figure 15b) will come from process information and
possibly equipment design limits. The “keyword” is necessary only if the HMI display has an insufficient
number of characters for the full length “descriptor.”
The alarm function and control loop data (Figure 15c) will impact the Sequence Matrix inputs. This is
set up and prepared using the same methodology as for the batch example above.
Figure 16 illustrates the software interlock matrix for Unit C-104, which provides the following
process functionality based on the P&ID:
(a) Interlock UC-102 turns off the column feed pump (P-102) when the feed tank (T-101) level
drops below 2500 liters. (Turning off this pump will eventually activate UC-104 and UC-111,
shutting down the column steam supply and bottoms pump.)
(b) Interlock UC-104 closes the reboiler steam valve (TV-104) if the column level drops below
the 5% value or if the condenser cooling water flow slows (FAL-106).
(c) Interlock UC-110 turns off the reflux pump (P-110) when the reflux drum level (LIC-107)
reaches 10%.
(d) Interlock UC-111 turns off the bottoms pump (P-111) if the column level drops below the 5%
value.
The Manual Reset capability for each interlock in this example is provided by de-energizing the
associated “Hand Switch” that is normally used to manually change valve position or motor condition. In
this way, the Hand Switch outputs will not immediately reactivate the interlocked device when the
initiating condition clears. Any additional interlocks, including those to meet operational requirements and
standard operating practice, would be set up the same way. Definitions for the hazard and safety levels
are based on the example shown in Figure 6.

ANSI/ISA–5.06.01–2007
POINT TYPE
CM TAG LOCATION P&ID DEVICE TYPE SIGNAL TYPE I/O TAGS I/O ADDRESSES *
**
ORIFICE / PDT(√);
FC-101 T-101 P-104 LOOP 4-20 MA FT, FV AI (1), AO (1)
GLOBE VALVE
LI-101 T-101 P-104 AI PDT 4-20 MA LT AI (1)
PDT;
LC-104 C-104 P-104 LOOP FIELDBUS LT,LV AI (1), AO (1)
GLOBE VALVE
PT RTD / TT(chr);
TC-104 C-104 P-104 LOOP FIELDBUS TT, TV AI (1), AO (1)
GLOBE VALVE
FAL-106 H-106 P-104 ALARM-1 FSL 24 VDC FSL DI (1)

PT(abs);
PC-106 C-104 P-104 LOOP FIELDBUS PT, PV AI (1), AO (1)
GLOBE VALVE
TI-106 C-104 P-104 AI PT RTD / TT(chr) 4-20 MA TT AI (1)
PDT;
FC-107 T-107 P-104 LOOP 4-20 MA FT, FV AI (1), AO (1)
— 46 —
GLOBE VALVE
PDT;
LC-107 T-107 P-104 LOOP 4-20 MA LT, LV AI (1), AO (1)
GLOBE VALVE
PT RTD / TT(char);
TC-107 H-106 P-104 LOOP 4-20 MA TT, TV AI (1), AO (1)
GLOBE VALVE
* I/O counts to be replaced by addresses upon system selection and I/O assignment
** Functionality defined by Control Module class definition matrix (Fig. 10d)
Figure 15a — Database I/O information

CM TAG SCALE ENG.
LOCATION P&ID DESCRIPTOR KEYWORD
LOW HIGH UNITS
FC-101 T-101 P-104 10 100 LPM COLUMN FEED RATE FEED FLO
LI-101 T-101 P-104 0 50000 LITER FEED TANK LEVEL FEED LVL
HS-102 P-103 P-104 FEED PUMP FEED PMP
LC-104 C-104 P-104 0 100 % COLUMN BOTTOM LEVEL BOTM LVL
TC-104 C-104 P-104 0 250 Deg. C BOTTOMS TEMPERATURE CONTROL BOTM TMP
FAL-106 H-106 P-104 CONDENSER LOW WATER FLOW CWR FSL
PC-106 C-104 P-104 0 800 mmHg abs COLUMN OVERHEAD PRESS OVHD PRS
TI-106 C-104 P-104 0 250 Deg. C COLUMN OVERHEAD TEMP OVHD TMP
FC-107 T-107 P-104 0 200 LPM REFLUX FLOW RATE RFLX FLO
— 47 —
LC-107 T-107 P-104 0 100 % REFLUX DRUM LEVEL RFLX LVL
TC-107 H-106 P-104 0 250 Deg. C CONDENSATE TEMP COND TMP
HS-109 P-109 P-104 COLUMN VACUUM PUMP VACM PMP
HS-110 P-110 P-104 REFLUX PUMP REFL PMP
HS-111 P-111 P-104 COLUMN BOTTOMS PUMP BOTM PMP
ANSI/ISA–5.06.01–2007
Figure 15b — Database HMI information
ANSI/ISA–5.06.01–2007
CM TAG ALARM FUNCTIONS OUTPUT CONTROLLERS
LOCATION P&ID
DIRECTION
TYPE SP PRIORITY TYPE ALGORITHM ACTION
P-
FC-101 T-101 FAL 15 HIGH DIRECT M/A/SUP P,I,D REVERSE
104
P- LAH 40000 HIGH

LI-101 T-101
104 LAL 2500 MED
P- 3
HS-102 P-103 FB_ERR MED DIRECT M/A
104 SEC
P-
LC-104 C-104 LAL 10 MED DIRECT M/A/SUP P,I,D DIRECT
104
P- TAH 135 MED

TC-104 C-104 DIRECT M/A/SUP P,I,D REVERSE
104 TAL 115 MED
P-
FAL-106 H-106 STATE HIGH
104
P- PAH 120 MED

PC-106 C-104 DIRECT M/A P,I,D DIRECT
104 PAL 80 MED
P-
TI-106 C-104
104
P-
— 48 —
FC-107 T-107 DIRECT M/A P,I,D REVERSE
104
P-
LC-107 T-107 LAL 10 MED DIRECT M/A/SUP P,I,D DIRECT
104
P-
TC-107 H-106 REVERSE M/A/SUP P,I,D DIRECT
104
P- 3
104 SEC
P- 3
104 SEC
P- 3
104 SEC
Figure 15c — Database operating information

INITIATING DEVICES
CONTROL DEVICES (ACTION) SAFETY
(FAULT) HAZARD
ID NUMBER INTEGRITY OPERATING MODE INTERLOCK PURPOSE
LEVEL
LEVEL
SETPOINTS LOGIC
LI-101 < 2500 L STOP P-102

UC-102 LOW 1 MANUAL RESET PROTECT FEED PUMP
(LAL-101 ON) (HS-102 OFF)
{FAL-106 IN ALARM
(ALSO HARDWIRED)} OR CLOSE TV-104 PROTECT REBOILER &
UC-104 MEDIUM 2 MANUAL RESET
{LC-104 < 5% (TIC-104 OUTPUT = 0) COLUMN
(LAL-104 ON)}
LC-107 < 10% STOP P-110 PROTECT REFLUX

(LAL-107 ON) (HS-110 OFF) PUMP
— 49 —
LC-104 < 5% STOP P-111 PROTECT BOTTOMS
(LAL-104 ON) (HS-111 OFF) PUMP
Figure 16 — Interlock matrix
ANSI/ISA–5.06.01–2007
ANSI/ISA–5.06.01–2007 — 50 —
A continuous process will normally have fewer phases than for batch, if any at all. The sequence matrix
for this example is shown in User Requirement Specification (URS) format in Figures 17a and 17b. The
sequence of phase commands to control modules is identified by the adjacent numbering. Unless
otherwise noted, each step remains active until the corresponding feedback signal confirms the specified
action(s). If no sequence numbering exists, the phase comprises a single step in which all specified
actions must be confirmed before the system can move to the next phase. All steps must be completed
and the “End Of Phase Conditions” satisfied before transitioning to a subsequent phase. For the Drain
phase (4), all of the actions with (1) following them are executed as soon as the control system moves to
this phase. The other actions then follow in order, pending confirmation of each.
The steps for the Startup phase (2) become very complex for this system. There are actually three
parallel paths occurring here. This is best shown in the step sequence diagram at the bottom of Figure
17c. The number sequence shown here can often only be developed after something similar to the step
sequence diagram is developed. Path “A” sets up the reboiler and bottoms pump; path “B” starts up the
overhead system; while path “C” sets up the feed system. These can proceed independently until all three
systems are operating. Only after all three pathways are fully satisfied will the system transition to the
“Distill” phase.
The full level of phase specification detail required for a Functional Requirement Specification (FRS) is
illustrated for the Startup phase in Figure 17c. The top section shows the final setpoints and initial values
for the control modules plus other reference values used during this phase. The step sequence diagram
shows the parallel paths used to begin operations for each part of this unit. The bottom section of Figure
17c shows the detailed actions and end conditions for each of the steps referred to above. The text
comment gives a good description of the purpose for each step.
The detailed information for the other phases would have a similar appearance. Other formats can also
be used to show this information, including sequential function charts, ladder diagrams, and text
narratives.
No recipe matrix is included here, as the operating values for a single set of conditions can be entered
directly into the “Normal Sequence Matrix.” Once up and running, this process will typically remain in the
“Distill” phase for an extended period of time. The “Preparation” and “End” phases are very similar for the
batch and continuous processes.

OPERATIONS PREPARATION RUN END
PHASES
INITIAL START-UP DISTILL DRAIN CLEAN SHUTDOWN
CONTROL DEVICES
(1) (2) (3) (4) (5) (6)
CM TAG KEYWORD
RUN (4C);
HS-102 FEED PMP STOPPED RUN STOP (1) STOP STOP
STOP (6C)
DISCRETE HS-109 VACM PMP STOPPED RUN (2) RUN STOP (1) STOP STOP
CONTROL HS-110 REFL PMP STOPPED RUN (5B) RUN STOP (3A) STOP STOP
MODULES
STOP (1);
HS-111 BOTM PMP STOPPED RUN (5A) RUN RUN (3B); STOP STOP
STOP (5)
OP = 30 (4C);
FC-101 FEED FLO OP = 0 (1) OP = 0
SP = 75 (5C)
OP = 0 (1);
OP = 20 (5A);
LC-104 BOTM LVL WAIT UNTIL OP = 0
SP = 50 (6A)
PV < 10 (4)
OP ∝ LIC104 (3A);
TC-104 BOTM TMP OP = 0 (1) OP = 0
ANALOG SP = 125 (4A)
CONTROL OP = 100 (1);
TC-107 COND TMP OP = 0 (5) OP = 0
— 51 —
MODULES SP < 40 (4B)
PC-106 OVHD PRS SP = 85 (2) OP = 0 (1) OP = 0
LC-107 RFLX LVL SP > 20 (7B) OP = 0 (1) OP = 0

OP = 100 (1);
OP = 20 (5B); WAIT UNTIL
FC-107 RFLX FLO OP = 0
SP = 35 (6B) PV < 10 (2A);
OP = 0 (3A)
END OF PHASE ALL PV TARGETS OPERATOR INITIATED OR

LI-101 > 40,000
CONDITIONS SATISFIED LI-101 < 1000
ANSI/ISA–5.06.01–2007
ALLOWABLE
PHASE 2 3 2, 5 5 6 1, 2
TRANSITIONS
REDIRECT C104
OPERATOR READY TO
BOTMS TO BLWDN &
MESSAGES START
CONFIRM(2B)
Figure 17a — Normal sequence matrix for Unit C-104 (URS format)
OPERATIONS PREPARATION RUN END
PHASES CLEAN
ANSI/ISA–5.06.01–2007
INITIAL START-UP DISTILL DRAIN SHUTDOWN (5)
CONTROL DEVICES
(1) (2) (3) (4) (4)
KEYWORD
CM TAG
HS-102 FEED PMP STOP

DISCRETE HS-109 VACM PMP STOP
I C MODULES HS-110 REFL PMP STOP
N O HS-111 BOTM PMP STOP
I N LI-101 FEED LVL IF PV < 15K IF PV > 2000
T D
FC-101 FEED FLO IF PV < 20
I I
LC-104 BOTM LVL IF PV < 5 IF PV > 1
A T
ANALOG TC-104 BOTM TMP 120 > PV > 150

T I
MODULES TC-107 COND TMP 20 > PV > 40
I O
— 52 —
PC-106 OVHD PRS 75 > PV > 95 IF PV < 125
N N
G S LC-107 RFLX LVL
FC-107 RFLX FLO 25 > PV > 45 IF PV > 0
ELAPSED TIME
STOP HS-102,
HOLD ACTIONS
HS-111
PROBLEMS
OPERATOR MESSAGES WITH SYSTEM
DRAIN
GO TO
RECOVERY RESUME
START-UP
Figure 17b — Hold sequence matrix for Unit C-104 (URS format)
PHASE C104.STARTUP
PARAM. TYPE / DESCRIPTION
IDENTIFIER CORRESPONDING ACTUAL VALUE
SCOPE RANGE
0-250 .CW_SP 40
0-400 .PC_SP 85
0-250 .BTM_T_SP 125
INTERNAL
0-100 .BTM_L_SP 50
(FINAL SP)
0-200 .RFLX_SP 150
0-100 .OHD_L_SP 50
10-100 .FEED_SP 75
0-100 .CW_INIT 100
INTERNAL 0-100 .BTM_L_INIT 20
(INIT VAL) 0-100 .RFLX_INIT 20
PARAMETERS
0-100 .FEED_INIT 30
0-150 .PIC_HI 95
0-120 .BTM_T_TIMSP 60
0-120 .BTM_L_TIMSP 30
0-100 .BTM_L_LOREF 20
0-100 .BTM_L_LOPB 10
0-100 .BTM_L_HIREF 80
0-100 .BTM_L_HIPB 20
INTERNAL
0-100 .BTM_L_HIHI 90
(REF VAL)
— 53 —
0-100 .BTM_L_DEV 5
0-250 .OVHD_T_INIT 70
0-250 .OVHD_T_NORM 50
0-100 .OVHD_L_LOREF 20
0-100 .OVHD_L_LOPB 10
10-100 .FEED_LO 15
10-100 .FEED_SP_MIN 30
NORMAL SEQUENCE
ANSI/ISA–5.06.01–2007
STEP
SEQUENCE
DIAGRAM
Figure 17c — Sequence matrix for C-104 Startup phase in FRS format (continues on next page)
PHASE C104.STARTUP
STEP# DEVICE ACTIONS END CONDITION COMMENT
ANSI/ISA–5.06.01–2007
1 TC-107 Manual; Output = .CW_INIT FAL-106 not in alarm Start cooling water and confirm flow
HS-109 Run Start vacuum system, place controller into auto, and
2 HS-109 On and PC-106 < .PC_SP + 20
PC-106 Auto; SP = .PC_SP wait for pressure drop
Execute startup sequences in parallel for reboiler (3A-6A), overhead (3B-7B), and feed (3C-5C); phase ends after completion of all 3 paths.
Manual; continuously calc. Output = 100 * min
TC-104
((LC104 - .BTM_L_LOREF) / .OVHD_L_LOPB, 1)
OPERATOR Set steam rate based on bottoms level until the final
3A "OPEN REBOILER STEAM BLOCK VALVE" TC-104 > .BTM_T_SP
MESSAGE temperature SP is reached
OPERATOR IF STEP_TIME > .BTM_T_TIMSP MINS: "HEATUP
MESSAGE TIME EXCEEDED: CHECK REBOILER"
TC-104 Auto; SP = .BTM_T_SP
Set steam rate on temperature control and wait until
4A OPERATOR IF STEP_TIME > .BTM_L_TIMSP MINS: "BOTTOM LC-104 > .OHD_L_SP
the final level SP is reached
MESSAGE CHARGE TIME EXCEEDED: CHECK FEED"
HS-111 Run
5A HS-111 On Start bottoms pump

LC-104 Manual; Output = .BTM_L_INIT
6A LC-104 Auto; SP = .BTM_L_SP abs(LC104-SP) < .BTM_L_DEV Set bottoms takeoff on level control
NORMAL SEQUENCE
Wait until reflux pump is on or overhead

3B n/a n/a TI-106 > .OVHD_T_INIT or HS-110 On
temperature indicates significant boilup
Set cooling water on condensate temperature
LC-107 > .OVHD_L_LOREF + .OVHD_L_LOPB
4B TC-107 Auto; SP = .CW_SP control and wait for minimum drum level to run
* .RFLX_INIT / .RFLX_SP
pump
HS-110 Run
5B HS-110 On and FC-107 > .FEED_LO Start reflux pump, open valve, and confirm flow
FC-107 Manual; Output = .RFLX_INIT
— 54 —
Auto; continuously calc. SP = .RFLX_SP * min TI-106 < .OVHD_T_NORM and Set reflux rate based on drum level until its final flow
6B FC-107
((LIC107 - .OVHD_L_LOREF) / .OVHD_L_LOPB, 1) FC-107.SP = .RFLX_SP SP is reached
Set overhead takeoff on level control and wait for it
7B LC-107 Auto; SP = .OHD_L_SP abs(LC107-SP) < .BTM_L_DEV
to approach SP
(HS-110 On and LC-104 < .BTM_L_HIREF - Wait until (a) reflux pump is on and reboiler level not
3C n/a n/a .BTM_L_HIPB * .FEED_SP_MIN / .FEED_SP) high or (b) reboiler level below SP or (c) feed pump
or LC-104 < .BTM_L_SP or HS-102 On is on
HS-102 Run
4C HS-102 On and FC-101 > .FEED_LO Start feed, open valve, and confirm flow
FC-101 Manual; Output = .FEED_INIT
Cond5C.1: HS-110 On and HS-111 On and Set feed rate on bottoms level control until (a) the
Auto; continuously calc. SP = max (.FEED_SP_MIN, FC-101.SP = .FEED_SP overhead and bottoms pumps are on and the feed
5C FC-101 .FEED_SP * min ((.BTM_L_HIREF - LC104) / rate is at its final SP (ending the feed sequence) or
.BTM_L_HIPB, 1)) Cond5C.2: LC-104 > .BTM_L_HIHI or HS-102 (b) the feed pump stopped or bottoms level is too
Off high (triggering step 6C)
HS-102 Stop
FC-101 Manual; Output = 0 LC-104 < .BTM_L_LOREF - .BTM_L_LOPB * Stop the feed and wait for the bottoms level to drop
6C
OPERATOR .FEED_SP_MIN / .FEED_SP sufficiently to resume at step 4C
"FEED PAUSED ON HIGH BOTTOMS LEVEL"
MESSAGE
CONDITIONS
DEVICE CONDITION (ACTIVE STEPS) MSG_TEXT VALUE

INITIATING
SEQUENCE
HOLD
None defined
STEP#
H1
Figure 17c — Sequence matrix for C-104 Startup phase in FRS format (continued from previous page)
— 55 — ANSI/ISA–5.06.01–2007
Guidelines for specification of graphical elements, illustrated for the batch reactor example (Figures 13a,
b, c), apply equally to the continuous distillation column and are not repeated in this example.

Developing and promulgating sound consensus standards, recommended practices, and technical
reports is one of ISA’s primary goals. To achieve this goal the Standards and Practices Department
relies on the technical expertise and efforts of volunteer committee members, chairmen and reviewers.
ISA is an American National Standards Institute (ANSI) accredited organization. ISA administers United
States Technical Advisory Groups (USTAGs) and provides secretariat support for International
Electrotechnical Commission (IEC) and International Organization for Standardization (ISO) committees
that develop process measurement and control standards. To obtain additional information on the
Society’s standards program, please write:
ISA
Attn: Standards Department
67 Alexander Drive
P.O. Box 12277
Research Triangle Park, NC 27709
ISBN: 978-1-934394-33-5

ANSI/ISA-5.06.01-2007 Functional Requirements Documentation For Control Software Applications

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

ANSI/ISA-5.06.01-2007 Functional Requirements Documentation For Control Software Applications

Uploaded by

Copyright:

Available Formats

AMERICAN NATIONAL STANDARD

Functional Requirements Documentation

CAUTION — ISA ADHERES TO THE POLICY OF THE AMERICAN NATIONAL STANDARDS

ADDITIONALLY, THE USE OF THIS DOCUMENT MAY INVOLVE HAZARDOUS MATERIALS,

Copyright 2007 ISA. All rights reserved.

The following members of ISA5.6 contributed to the development of this standard:

A. Habib, Chair Automation Consultant

The following people served as voting members of ISA5:

A. Iverson, Chair Ivy Optics

Copyright 2007 ISA. All rights reserved.

T. McAvinew, Vice President Jacobs Engineering Group

Copyright 2007 ISA. All rights reserved.

4.1 Modular plant arrangement........................................................................................................ 14

Annex A — (informative) Application Example 1: Batch Reactor ............................................................... 27

Annex B – (informative) -- Application Example 2: Continuous Distillation Column ................................... 43

Figure 1 — Charter upon which this standard is based.............................................................................. 12

Figure 2 — Modular plant partitioning......................................................................................................... 15

Figure 3 — Four components of software documentation methodology .................................................... 16

Figure 4 — Example of modular plant partitioning and software documentation ....................................... 17

Figure 5 — Database documentation ......................................................................................................... 18

Figure 6 — Interlock matrix documentation ................................................................................................ 21

Figure 7a — Normal sequence matrix ........................................................................................................ 22

Figure 7b — Hold sequence matrix ............................................................................................................ 23

Figure 7c — Recipe sequence matrix......................................................................................................... 23

Figure 8 — Data security definition............................................................................................................. 25

Figure 9 — Chemical reactor P&ID............................................................................................................. 27

Figure 10a — Database I/O information ..................................................................................................... 29

Figure 10b — Database HMI information ................................................................................................... 30

Figure 10c — Database operating information ........................................................................................... 31

Figure 10d — Control module class definition ............................................................................................ 32

Figure 11a — Software interlock matrix for Unit R-101 .............................................................................. 33

Figure 11b — Software interlock matrix for Equipment Module EM-1........................................................ 34

Copyright 2007 ISA. All rights reserved.

Figure 12a — Normal sequence matrix for Unit R-101............................................................................... 36

Figure 12b — Hold sequence matrix for Unit R-101................................................................................... 37

Figure 12c — Recipe sequence matrix for R-101....................................................................................... 38

Figure 13a — Graphic elements ................................................................................................................. 40

Figure 13b — Interlock status display......................................................................................................... 41

Figure 13c — Sequence status display ...................................................................................................... 41

Figure 14 — Continuous Distillation Column P&ID..................................................................................... 44

Figure 15a — Database I/O information ..................................................................................................... 46

Figure 15b — Database HMI information ................................................................................................... 47

Figure 15c — Database operating information ........................................................................................... 48

Figure 16 — Interlock matrix ....................................................................................................................... 49

Copyright 2007 ISA. All rights reserved.

Copyright 2007 ISA. All rights reserved.

• Covers real-time batch, discrete and continuous process automation systems.

• Defines regulatory, event-driven and time-driven control system actions.

• Excludes interactions with higher-level systems.

Within the parameters of this scope, the standard is intended to:

The documentation resulting from use of this standard:

Copyright 2007 ISA. All rights reserved.

Figure 1 — Charter upon which this standard is based.

ISA-88.01-1995, Batch Control Part 1: Models and Terminology. www.isa.org.

ISA-5.5-1985, Graphic Symbols for Process Displays. www.isa.org.

Copyright 2007 ISA. All rights reserved.

3.2 analog output (AO):

3.3 control module (CM):

3.4 detailed design specification (DDS):

3.5 discrete input (DI):

3.6 discrete output (DO):

3.7 equipment module (EM):

3.8 functional requirements specification (FRS):