Professional Documents
Culture Documents
RECORD OF REVISIONS
Contents
1. Purpose............................................................................................................................. 1
2. Scope ................................................................................................................................ 1
3. Cost competitive engineering and design ........................................................................ 1
4. Conflicts and Deviations ................................................................................................... 1
5. Terms and Definitions ...................................................................................................... 1
6. Abbreviations ................................................................................................................... 2
7. Codes and Standards ........................................................................................................ 4
8. Environmental .................................................................................................................. 6
9. Scope and Responsibilities ............................................................................................... 8
10. DCS Hardware .................................................................................................................. 8
11. DCS Functional Requirements ........................................................................................ 20
12. System Performance ...................................................................................................... 61
13. System Reliability and Availability.................................................................................. 63
14. DCS System Requirements ............................................................................................. 64
15. Time Synchronization ..................................................................................................... 68
16. DCS Engineering Workflow ............................................................................................ 68
17. Inspection and Testing ................................................................................................... 70
18. Control and Technical Buildings ..................................................................................... 74
19. Field Technical Buildings ................................................................................................ 75
20. Warranty and Post-Warranty Maintenance .................................................................. 76
21. Quality ............................................................................................................................ 77
22. Drawing and Documentation ......................................................................................... 78
23. Installation ...................................................................................................................... 80
24. Packing and Shipping...................................................................................................... 80
Attachment-1: Scope of work .................................................................................................. 81
Attachment-2: Documentation Required ................................................................................ 91
Attachment-3: Functional Design Specifications ................................................................... 103
Attachment-4: Display and Graphics Requirement ............................................................... 110
J3 Program 10080-1-SS-CI-017
Distributed Control System Date: 30/07/2012, Rev. 0
1. Purpose
This document provides the general technical specifications for Distributed Control
System (DCS) and associated equipment’s.
2. Scope
This specification provides minimum technical requirements for design, performance,
reliability, inspection, testing, delivery, installation and operation of a Distributed
Control System (DCS) and associated equipment’s.
The function of these systems is to provide the operator with the ability to perform
all process control functions, such as discrete, analog, and logic, etc., as well as data
acquisition functions and all other operator process interface and control functions.
In addition, the system will provide the facilities for the retrieval of data used for
management reporting, process engineering analysis, process modeling, trouble
shooting and advance controls.
All equipment and accessories covered by this specification shall comply with all
Project Specifications.
3. Cost competitive engineering and design
The MANUFACTURER/SUPPLIER engineering team shall maintain the cost focus
throughout all phases of the project. This should be done without compromising any
specification and design requirements.
4. Conflicts and Deviations
MANUFACTURER/SUPPLIER shall be responsible to inform any conflicts between this
specification and other applicable specifications, industry standards and codes to
MANAGING CONTRACTOR/OWNER. MANUFACTURER/SUPPLIER shall proceed
further in the concerned matter only after conflicts are resolved in writing by
MANAGING CONTRACTOR/ OWNER.
In general, order of priority of the documents shall be as follows,
Local regulatory and statutory requirement,
Project specification, including datasheets where applicable
This specification and relevant equipment/system specification,
Codes and Standards,
MANUFACTURER/SUPPLIER shall be required to obtain prior approval from
MANAGING CONTRACTOR/OWNER for any deviation from this specification.
5. Terms and Definitions
MANAGING CONTRACTOR: The party responsible for Design, Engineering,
Procurement, Construction and Commissioning of
ISA S5.3 Graphic Symbols for DCS Display Information, logic and
computer system
ISA S5.5 Graphic Symbols for Process Displays
8. Environmental
8.1. Control Room/PIB Condition
The System will be located in an air conditioned environment which will be to ISA
S71.01 G1.
Normal operating conditions will be:
All the electronic components / cards for controllers, I/O's, data acquisition systems,
operator interface, engineering interface subsystem and gateway interface
subsystem for DCS shall be ISA S71.04 G3 compliant.
Control room/PIB temperature, pressure, corrosion level shall be monitored and its
high alarm shall be provided in DCS. Measurement instrument shall be in
MANUFACTURER/SUPPLIER scope of supply.
8.2. Short Term
However, in case of failure of air-conditioning system the Panels and the components
in it shall be capable of operating for a minimum period of 48 hours (continuous),
without any damage or degradation in the performance, when the panels and the
Components will be subjected to extreme temperature and humidity conditions
Specified.
Temperature: 0 to 50 °C (32 to 122 °F)
Relative humidity: 10 to 90% @32°C non-condensing
8.3. Vibration
Maximum 0.2G 20 - 300 Hz
Maximum displacement 0.01", 5-20 Hz
8.4. Dust Contamination
OWNER shall provide the required air conditioning for this project. Air conditioning
filtration shall be capable of filtering 95% of 5 microns particle size for re-circulated
air and 0.5 microns fresh air. The air shall be free from corrosive contaminants.
Dust contamination shall be kept to a minimum. The system and environment shall
be thoroughly cleaned before operation.
8.5. Shock
Below 10 G vertical direction only.
8.6. Static
Precautions shall be taken to guard against discharge.
8.7. Component Protection
All components, equipment and cable shall be resistant to bacterial, fungal attack
and airborne chemical attack. MANUFACTURER/SUPPLIER shall specify acceptable
level of such contaminants.
8.8. Heat Load
The MANUFACTURER/SUPPLIER shall specify the heat load of each separate
equipment unit separately and total for the system. The MANUFACTURER/SUPPLIER
shall specify if the equipment requires forced or convection cooling. It is preference
that all printed circuit boards are mounted in vertical planes.
10080-1-SS-CI-017 Page 7 of 203
J3 Program 10080-1-SS-CI-017
Distributed Control System Date: 30/07/2012, Rev. 0
Blue terminals shall be provided for the intrinsically safe field cables. Grey
terminals shall be provided for the non-intrinsically safe field cables.
For panel baying, proper isolation (Side Plates) shall be provided between two
groups of panels like Analogue In/Output and FF etc.
Intrinsic safety barriers or galvanic isolators shall be installed inside the
marshalling cabinets for the IS field signals. All barriers shall be galvanically
isolated type of approved make. Adequate space shall be kept between barriers
for heat dissipation and easy replacement without affecting other connection.
Intrinsic safety wiring shall be blue in colour.
Conductor size of internal signal wiring shall be 1.0 sq. mm. minimum.
Conductor shall be stranded type terminated with crimped wire lugs.
IS and non-IS wiring shall be adequately segregated according to CENELEC EN-
50039.
Isolated earth bus bars (safety earth, IS earth and instrument earth) shall be
provided in the marshalling cabinet.
All the terminals in termination panel shall be independently accessible.
All thermocouple signals shall be directly terminated to the barrier.
MANUFACTURER/SUPPLIER to follow the Design philosophy of marshalling cabinets
as following (Detailed out later during Function Design specification) for quotation:
Marshalling cabinets shall be provided for each individual unit.
Separation of Marshalling cabinets will be Analog (IS), Digital (IS), Analog /Digital
(NIS) and Foundation Fieldbus.
In Marshalling cabinets, all incoming cable unused core/pairs shall be connected
to spare terminals.
Plastic wire ducts with removable covers shall be installed in cabinets as required
to provide a means of routing and organizing wiring. A minimum of 50 mm shall
be maintained between the duct and terminal strips. Wire markers shall be
completely presented without being obscured by the duct.
In addition to the above, the maximum plastic wire duct fill (including spare
capacity) shall not exceed 75% of its depth.
All spare entries shall be closed with SS blind plugs.
MANUFACTURER/SUPPLIER to advice with the bid for any deviation from above
spec.
The following shall be applicable to both System cabinets as well as marshalling
cabinets:
associated with cooling mechanisms should be readily and easily accessible and
replaceable.
Each panel with a power supply shall provide a temperature alarm, a ventilation
fan failure alarm in DCS and In the case of FF System Cabinet an alarm from the
power conditioning module in the DCS. All hardware for above alarm should be
included by Vendor.
A common key shall be provided for all locks. No equipment / components shall
be mounted on doors or side panels.
Separate ducts shall be used for System, Power and Signal cable with segregation
between different types of signals.
The cabinet layout shall be such as to provide clear access to the internals for
maintenance.
Ventilation fans and louvers backed by dust filters shall be provided in each
cabinet.
Each cabinet shall be provided with internal illumination activated by door
switch.
All unused card locations shall be fitted with cover plates.
20% spare space shall be provided in all cabinets.
Cables entering the DCS cabinets, auxiliary console shall be properly clamped
with armour grounding.
All terminals carrying more than 24 VDC shall be protected against accidental
contact by means of removable cover and shall be labeled accordingly (Warning
Text). Signals of different voltage levels shall run in separate turnings and shall be
segregated on the terminal boards.
The indoor cabinets shall have an ingress protection of IP54 as raw panel and
minimum IP33 after cutout.
All cabinets shall be provided with removable lifting lugs.
The cable entry for all instrumentation cables from field to control equipment
room and to control room shall be with the help of Multi Cable Transit (MCT)
blocks. There shall be 50% spare entry available in these MCT systems. Proper
segregation shall be maintained in groups of various signal level cables MCT
block.
MANUFACTURER/SUPPLIER to advice with the bid for any deviation from above
specifications.
10.3. Identification
Each cabinet shall have an identifying nameplate fixed on the front and rear with
screws. OWNER tagging system shall be used. The format of which will be advised to
10080-1-SS-CI-017 Page 13 of 203
J3 Program 10080-1-SS-CI-017
Distributed Control System Date: 30/07/2012, Rev. 0
Power Distribution
Brown
240V AC Utility (N)
110V AC (Live)
Brown
110V AC (Neutral)
White
24V DC (Positive)
Red
24V DC (Negative)
Black
Signal
Earthing
Yellow(where
Intrinsically Safe Earth
applicable)
Instrument Earth
Green
Protective Earth
Green/Yellow
10.5. All Hazardous area field instrumentation connected to DCS will be either intrinsically
safe or flame proof. The use of Foundation Fieldbus shall be maximised. However, in
addition, SMART field devices using 4-20mA signal for control and HART data for
diagnostic shall be used. For Safe area IS protection is not required and isolators as
required shall be used.
10.6. Power supply
OWNER shall provide 110VAC ± 5%, 50 Hz ± 3 % redundant single phase, grounded
uninterrupted power supply (UPS) to power distribution cabinet of DCS.
Switchover to redundant power supply in case of failure of one should be less
than 0.5 ms. DCS Power Distribution cabinet is under MANUFACTURER/SUPPLIER
scope of supply. Further distribution to all DCS components shall be in scope of
MANUFACTURER/SUPPLIER.
MANUFACTURER/SUPPLIER shall provide UPS consumption initially during
quotation stage and during detail engineering. In case of increase in UPS
consumption later, MANUFACTURER/SUPPLIER shall provide his own UPS system
to take care of same.
All necessary cabling, glanding, termination and further distribution / conversion
to different power levels including isolation transformers if required shall be in
the scope of MANUFACTURER/SUPPLIER. Size of the UPS shall be arrived after
considering system and user loads.
The system load shall be calculated considering
Expandability of I/O’s including installed spares 20% and future spare of 20%.
Inrush current and Power Factor for system / user load shall be considered
The MANUFACTURER/SUPPLIER to state power supply tolerance limits of the
system without a UPS attached the degree of immunity of the system to mains
born noise and interference without a UPS system and the system response
under “burnout” and transient over voltage conditions without a UPS system.
AC power connection for the equipment requiring such power is made, using
three conductors: AC (live), AC (neutral) and ground. Protected access and over
current protection of the AC (live) is required.
MANUFACTURER/SUPPLIER shall provide all filters, transformers, rectifiers, etc.,
to convert the above power supply to the level acceptable to the various DCS
equipment.
All electrical terminals inside the system racks and consoles shall be clearly
numbered and permanently identified on the terminals and the system wiring
drawings.
Electrical wiring shall be in accordance with applicable electrical standards.
Wiring diagrams shall be complete with grounds in recommended wire sizes,
type, and shielding required for the electrical circuits between components that
are to be wired.
The MANUFACTURER/SUPPLIER shall include miniature circuit breakers for AC
supply to each power supply unit and sub-distribution within the system.
Sufficient isolation facilities on the DC sub-system shall be provided to enable
maintenance of components with minimum disturbance to healthy devices.
The fault discrimination shall be such that minimal equipment will be affected by
any particular fault. Power distribution to control devices shall be arranged such
that the loss of an individual circuit does not result in complete loss of control
capability or create unsafe operation conditions. An alarm shall be generated to
alert the operator to loss of power to a device.
Utility power supply shall be provided for lighting equipment and convenience
outlets. Each convenience outlet shall be wired to an individual breaker (non-UPS
Power) and shall be fed independent of instrument power supply breaker (UPS
Power). Utility power socket should be identified with different connections or by
colour.
All the 24 V DC power supply units for the system shall be supplied and mounted
on system racks by MANUFACTURER/SUPPLIER and made redundant with both
continuously active. 24VDC Power supply shall be with appropriate diode-OR-
ring. Each power supply unit should be able to cater to 120% of design load and
at the same time this demand shall not exceed more than 60% of the power
supply unit capacity during normal operation i.e shall be loaded upto 60%
maximum. In normal operation there will not be any load sharing between two
bulk power supplies.
It shall be possible to remove at least one power supply for maintenance without
affecting the overall load requirements of the system. The power supplies shall
have separate fusing and diode isolation. For easy access and maintenance, DIN
rail mounting provision for Bulk Power Supply is preferable.
There shall be provision to power all field transmitters, analogue outputs, digital
inputs and digital outputs from the 24 volt system. MANUFACTURER/SUPPLIER
shall state the current rating for each power supply.
The system shall have a power supply monitoring facility that checks the internal
power output voltages are within tolerance. The monitoring facility shall be fed
into the system diagnostic facilities. Appropriate alarms shall occur on any power
supply failure.
The operator shall, by means of a system alarm, be informed of the failure and
switch-over. No loop shall be lost by the failure of a single power supply.
Internal power supplies shall be fused for short circuit protection and shall have
thermal overload self-resetting protection unit. Every power failure shall
generate a system alarm plus a local indicator (LED or flag).
10080-1-SS-CI-017 Page 17 of 203
J3 Program 10080-1-SS-CI-017
Distributed Control System Date: 30/07/2012, Rev. 0
All internal power supplies shall be mounted at the top (preferably) or bottom of
the racks.
MANUFACTURER/SUPPLIER shall mention maximum static transfer time of UPS
which the DCS system shall tolerate without affecting plant operation.
10.7. Earthing
Each DCS equipment shall be provided with protective and signal earth.
10.7.1. Protective Earth
All metal components must be connected to a protective earth system.
Flexible conduits, soldered joints or door hinges are not accepted as earth
returns.
All earth connections must be made direct to the earth point for all system
cabinet. Looping is acceptable in case of marshalling cabinets.
10.7.2. Signal Earth
Signal earth must be totally separate from the protective earth and must be of very
high integrity.
IS/Instrument earth bar, mounted on insulators shall be provided in each
equipment and termination cabinet. It will be used to ground zero volt
references and signal cable screens
Signal cable screens of all multipair (including shield of spare pairs) cables shall be
terminated on the IS/Instrument earth bars via terminals.
The MANUFACTURER/SUPPLIER shall provide all earth continuity links required
for his equipment.
Provision shall be made for terminating 35mm2 stranded copper structural and
IS/Instrument earthing conductors supplied by the MANAGING CONTRACTOR
Segregation between different voltage levels must be achieved using barrier
strips between terminals connected to different voltage levels.
MANUFACTURER/SUPPLIER shall specify any separate / additional earthing
requirement for his system. MANUFACTURER/SUPPLIER shall indicate the
maximum earth resistance value separately for the system supplied.
10.7.3. General
Generally following points shall be considered:
Dedicated noise free earth of less than 1 ohm
Shall be away from any heavy plant or high noise.
The earth shall be as short and straight as possible via a heavy cable preferably a
flat copper strap.
10080-1-SS-CI-017 Page 18 of 203
J3 Program 10080-1-SS-CI-017
Distributed Control System Date: 30/07/2012, Rev. 0
The environment shall be such as to reduce the likelihood of static build up and
discharge by using antistatic materials for floors, chairs and other surfaces.
10.8. Electrical System Interface
The electrical equipment shall be provided with their own controls and Safeguarding
equipment. However, there shall be interface between instrumentation and
electrical comprising the following:
Automatic / manual control of selected electrical motors by DCS.
Monitoring of status of selected electrical equipment from DCS.
It is envisaged that interfaces between instrument and electrical shall be via
hardwired signals. MANUFACTURER/SUPPLIER shall provide a dedicated interposing
relay cabinet for all hardwired signals to the MCC/PCC/ECS. The Interposing Relay
Cabinet shall be located in the substation. Its construction shall comply with
requirements of clause 10.2.
The provision of serial link between MCC/PCC/ECS and DCS shall be kept for
monitoring the information required from MCC/PCC/ECS.
Vendor to ensure segregation between AC and DC voltage relay (based on coil
voltage) and Segregation between Different Voltage level relays. Relays shall have on
LED indication.
10.9. Galvanic Isolation
Galvanic isolation shall be provided for all field signals for Hazardous area. All the I/O
cards of DCS shall have individual channel to channel as well channel to field
isolation.
10.10. Barriers and Relays:
Active barriers shall be used for all intrinsically safe instruments. Minimum voltage
required for instrument operation also should be taken into consideration for barrier
selection. Adequate space shall be kept between barriers for heat dissipation and
easy replacement without affecting other connections. Relays with LED shall be used
for isolating discrete digital inputs / outputs from electrical circuits. Relay coil power
and contact should be on different side of relay base. For High Power motor, either
relay with higher contact rating to be used or contactors to be used.
10.11. Spare Philosophy and Spare Parts
Sparring philosophy shall be as follows:
Installed spares:
I/O level (Wired) : 20%
Spare space
I/O racks : 20%
The system architecture shall provide the necessary hardware and software to satisfy
the needs of following major functions:
Operator station for man machine interface
Interface to process shall be through distributing control modules. Each module
shall be standalone unit capable of performing full data acquisition and can
control of the process via I/O modules.
The Engineering work station shall be high performance workstation capable of
engineering and configuring any DCS device linked to network.
A high speed network connecting all the components of DCS and third party
devices to perform real time information transfer between various components.
All electrical components shall be completely wired and tested. All works shall
confirm to all applicable codes and standard as per project specification.
11.2. DCS System Network
DCS System Network shall be divided into three main networks:
Control Network
Plant Information Network
Safety Network (For ESD Interface not a part of this specification)
These three networks shall be independent and not connected to each other. There
will be Plant interface building (PIB) in ISBL of a plant housing all the Control System
racks and operator stations for local operation and control room common for cluster
of plants housing common high level application servers (Engineering Station, Alarm
Management Server, Asset Management Sewer, Terminal Servers etc).
Architecture and Network Design shall be based on following criterion:
Availability
Reliability
Scalability
Speed
Security for North bound IT applications enabled infrastructure
Centrally managed and administered
11.2.1. Control Network
The core control network shall be dedicated redundant Ethernet network that will
allow single failure to occur without affecting the overall functionality of the system.
Control network shall contain Operator Workstations, Application Workstations, and
Engineering Workstations. and Control Processors. Network traffic shall not affect
controller or server performance. Network shall be deterministic type.
10080-1-SS-CI-017 Page 21 of 203
J3 Program 10080-1-SS-CI-017
Distributed Control System Date: 30/07/2012, Rev. 0
The control network shall be switched Fast Ethernet network fibre optic based on
lEEE 802.311 (Fast Ethernet) and IEEE 802.32 (gigabit Ethernet) standards. The DCS
control network shall consist of a number of Ethernet switches connected in a
redundant fault tolerant configuration. The flexibility of the architecture shall allow
designing a network configuration that fits the needs of the control system.
Control network shall consider- following topologies:
Standard Configuration
Linear
Ring
Star
Inverted tree
Modified inverted tree
Mesh
Security Enhanced Configuration
Linear
Star
Inverted tree
Modified inverted tree
Mesh
Each configuration topology listed has unique features and one shall be chosen for a
particular network depends on the specific requirements of the project.
System Architecture shall be based on Layer 2 switches (IP based System) and shall
be able to handle the large integrated network.
Layer 2 based system network shall support following features:
IP, IPX, and IP multicast routing and forwarding between Ethernet ports
All standard Routing Protocols
CMF (constrained multicast flooding)
Support for up to 128 IP multicast groups
QoS-based forwarding based on IP precedence based forwarding
Load balancing among equal cost paths based on source and destination IP and
IPX
addresses
optic cable between switches or between switches and control stations, workstations
shall be used. Cable routing between devices must also be considered. Control
network with redundant paths is recommended for control systems.
Network switches shall be mounted in cabinet with specifications similar to system
cabinet. Thermal requirements shall be taken into consideration and adequate
ventilation shall be provided.
High or moderate electromagnetic noises sources, for example, machinery,
switchgear, high voltage lines, and so forth, in close proximity must be avoided to
ensure reliable operation.
Ethernet switches with additional ports shall be considered so that control stations
or workstations can be easily added in the future. Running extra copper or fiber optic
cable will allow for network expansion later.
11.2.4. Traffic Considerations
It shall be possible to group control stations or workstations according to
department, process, or other criteria that is important to the site or organization to
reduce traffic through the root/main switches.
It is recommended that each control station or workstation from a particular group
be connected to two separate switches. If one switch were to fail, these control
stations or workstations can access the network through the redundant switch.
Workstations shall have two Ethernet ports to access the network.
11.2.5. Network Loading
DCS system network shall be designed such that sufficient network bandwidth will be
available between the network components. A load prediction shall be achieved by
approximating the environment, modeling the network components and analyzing
the interrelations. Maximum 50 % network load shall be considered.
A network stress test shall be performed for finding the inter switch link load. Based
on this Load calculation shall be performed and network shall be designed.
11.2.6. Network Reliability and availability
The DCS network configuration shall allow high availability by providing redundant
data paths and eliminating single points of failure caused by component link failures.
Failure of any component in network shall not cause system failure.
Network component MTBF shall be high and it shall be hardened for industrial
application standard.
Control, PIN and safety network shall he isolated with each other and not connected
to corporate network. For corporate connectivity firewall shall be considered.
11.2.7. Network Monitoring
Dedicated software shall be considered for monitoring the control and PIN network.
Monitoring software shall give details such as network component failure, network
loading and route of network path. In a Network with multi layer switches and multi
locations switches Network Management system is recommended, which will
provide network-wide monitoring and troubleshooting, such as device discovery,
topology mapping, and event management. Software shall also have graphical
representation capabilities for network monitoring. Network Monitoring shall also
provide following as a minimum:
Create map of network layout.
Set SNMP (Simple Network Management Protocol) port traps for link loss
detection to be displayed on network map and shall be logged.
Set events to display on network map and logged if loss of switch is detected.
Monitoring broadcast muticast traffic thresholds on each port e.g if 300pps for
100Mbps or 1000pps for 1Gbps is exceeded then the set alarm to show port
exceeding threshold.
Switch Configuration:
Use Console to push configuration changes to switch
Save all switch configurations locally at console to push back down in case of
switch replacement.
11.2.8. Network Design Rules
When designing the physical layout of a large network, the following guidelines
apply:
Switch-to-Switch connections (uplink ports) should be made using 1 Gbs uplink
ports to allow enough bandwidth for network traffic of equipment
There should be a primary and backup switch on the network.
There should be no horizontal connections between switches on the same tier
except the root and backup. This minimizes the number of switch
interconnections in order to facilitate faster network responding of the network
tree. This also reduces the likelihood of a loop occurring.
Each tier should contain an even number of switches.
Each switch should be connected to two different switches in the tier above it
There should be two connections between the primary root and the backup root.
11.2.9. Network Cable
Following are the different types of cables:
11.2.9.1. Ethernet Cable:
The I/O modules shall be capable of accepting the following types of inputs and
outputs:
Analogue inputs (4-20 mA DC) (HART pass through),
Thermocouple inputs,
RTD inputs,
Pulse input (frequency input),
Digital inputs (volt free contacts),
Analogue outputs(4-20 mA DC),
Digital outputs (volt free contacts),
Digital outputs (24 VDC to drive relays and other similar output devices),
24V DC input,
Proximity Switches ( Namur Contacts),
Digital communication with FF / HART / Provirus,
Temperature Multiplexers (Mainly FF).
The digital outputs activating relays shall have 24V DC power supply with minimum
contact rating of 2.0 amps at 24V DC. Digital output cards for Intrinsically Safe type
solenoid valves shall be capable of driving 12W solenoids.
Discrete output modules shall have visible LED indicators on a per channel basis to
indicate the current state of the output.
Discrete output modules shall have the following configurable fail-safe options:
Drive to either energize or de-energize output
Hold last output
The fail-safe actions listed above shall be taken upon processor halt or
communication break between the controller and the I/O module. This shall be
decided during detail engineering stage and licensor recommendation.
The digital inputs shall sense volt free contacts of field switches with 24V DC
interrogation voltage supplied from the DCS system. The input interrogation voltage
shall be 24 V DC for all points coming from hardware auxiliary console. Contact
interrogation voltage shall be 24 VDC.
Discrete input modules shall have visible LED indicators on a per channel basis to
indicate the current state of the input.
The system shall be capable of detecting discrete input transitions with duration of
50 millisecond.
It shall be possible to inhibit the detection and propagation of an invalid value status.
This selection shall be available on a per tag basis. It shall be possible for an invalid
value status to be used as a logical input to initiate control algorithm changes.
When a control algorithm's input is declared invalid, it shall be possible to configure
the output to take any of the following actions, on a per point basis:
Hold last good value,
Zero output signal,
Full-scale output.
The term control algorithm refers to instructions executed within function blocks
where an output is calculated based on the value and status of inputs to the function
block.
11.8. Controller Subsystem
The Controller system shall consist of microprocessor based multi-loop controllers,
which will receive data from process through input / output system, execute control
functions and send output signals to process via input / output system.
The controller system shall provide pre-programmed algorithms to achieve various
regulating control functions.
Following is a list of minimum control algorithms to be provided in the controller sub-
system:
Input Monitoring
PID, PID with cascade, PID with ratio, PID with adaptive gain.
Hand control (HIC) which can accept a cascade set point.
Addition / Subtraction, Multiplication / Division.
Lead / Lag, Time delay.
High / Low select, High/low limiter.
Switch.
Digital Filter.
Mass flow computation.
Totalizing / integration.
Ramp function.
General equation block to perform other calculations.
Proportional plus integral control.
Proportional only control.
The points in the regulatory control must able to access values from and send values
to other regulatory control points and data acquisition points.
Controllers shall be able to operate in manual, auto, cascade or remote mode. Mode
changeover shall be bump less in either direction.
It shall be possible to change controller set points, tuning constants, operating mode
and controller configuration from the operator station through operator’s keyboard
and engineer’s keyboard.
The controller shall have facility for fast and slow ramping of set point and output.
The PID algorithm shall have integral wind up protection and initialization.
It shall be possible to reconfigure any particular control loop on line and without
disrupting any other control loop in the system. Remainder of the controllers,
including those executed in the same module, shall not be decommissioned by this
procedure. The control module shall have logic functions based on logics, alarm
states and sequence control functions, which shall be used for inputting and
outputting discrete variables to and from the control modules.
All these logic and sequence control functions shall be configurable on line without
disturbing the rest of the system.
The execution period for the control functions shall be within the limits specified. It
shall be possible to assign different execution periods to different control loops.
In cascade loops, the primary controller shall able to track the set point of the
secondary controller when secondary controller is not operating in cascade mode.
The system shall be capable of implementing automatic sequence logic involving
control and monitoring functions during start-up and shutdown situations.
11.8.1. Complex loops
Functional Descriptions
11.8.1.1. Any logic function and loops beyond simple PID execution are defined as complex
loops. Complex loops shall be documented and include any controls with special
settings and limits configured.
11.8.1.2. The functional descriptions of control functions are intended to provide detailed
descriptions of how a control configuration functions. Particularly how a complex or
non standard loop functions and operates, where the input and output signals
originate or go to, how constants, or coefficients used in the function were
developed and how the control functions are implemented requires detailed
documentation. MANAGING CONTRACTOR shall provide functional description to
MANUFACTURER/SUPPLIER.
11.8.1.3. The following must be described in detail by Seller for each complex loop:
Definitions (process area, control system nodes, modules related, application
name, the tags affected by the application and parameters used for each point)
10080-1-SS-CI-017 Page 34 of 203
J3 Program 10080-1-SS-CI-017
Distributed Control System Date: 30/07/2012, Rev. 0
normal operation of other loops resident in that controller. Unit wise segregation at
controller and I/O level is to be considered.
Also if their are two or more devices for same function e.g pump A and B. Then signal
related to pump A and B shall be in segregated in different I/O cards and Controller.
This will ensure that overall plant availability will not be jeopardized on failure of one
component.
11.8.5. Initialization:
Initialization is the process by which initial values of the mode, setpoint and output
of a control block are set.
It shall be possible to initialize a control block or control strategy when any of the
following conditions exist:
The control block is turned from off to on.
The control block mode is changed from manual to automatic, from manual to
cascade, or from automatic to cascade.
The control block output is cascaded to the remote set point of a downstream
control block which is being switched from manual to automatic, from automatic to
cascade, or is being initialized.
Variables that are being initialized shall be subject to the following:
Calculations involving time-based data shall be reset.
Initialization shall not cause an audible alarm.
Function blocks which have a setpoint shall offer the option of either initializing the
setpoint to the process value (PV) or of maintaining the last valid setpoint upon
algorithm initialization.
Function blocks which write their outputs to field devices, shall initialize their output
to the current state or position of the field device during initialization.
11.8.6. Data Acquisition subsystem:
The primary function of the data acquisition system is to display and log the inputs
from analogue and discrete open loops.
The data acquisition system shall receive process inputs via the input/output sub-
system and display these inputs on the operator console.
The data acquisition system shall be capable of providing output signals to other
non-DCS system or field instruments. The output signals may be analogue (4-20mA
DC) or 24V DC outputs (for relays / solenoids) or serial.
The data acquisition sub-system shall have the following computational capabilities:
Square root extraction,
Flow computation (pressure and temperature compensation),
10080-1-SS-CI-017 Page 36 of 203
J3 Program 10080-1-SS-CI-017
Distributed Control System Date: 30/07/2012, Rev. 0
Thermocouple linearization,
Addition / subtraction,
Multiplication / Division,
Totalisation,
High / low selection ,
Auto ranging of dual transmitters,
In addition to the above, this system shall also have binary logic functions for
implementing pump start/stop logics, etc.
Input filtering and signal conditioning shall be performed before alarms are checked
and control calculations are made
The data acquisition system may be a part of the controller system in order to utilise
the capacity of the controller sub-system.
11.9. HMI subsystem
The function of the HMI system is to provide the following information to the plant
operator / engineer at a centralised location,
Display plant graphics in dynamic mode showing status of selected parameters
and valves etc.
Display of all information related to open and closed loops of analogue and digital
process variables,
Manipulation of control loops, e.g. changing set point, mode, output,
configuration and tuning,
Display and Acknowledgement of alarms,
Display of plant dynamic graphics,
Logging and report generation,
Trend recording,
Providing self-diagnostic messages,
Providing system diagnostic messages.
Further the operator interface software shall be capable of acting as Dynamic Data
Exchange (DDE) or OLE (Object Linking and Embedding) for Process Control (OPC)
Client or Server to share real-time data with DDE or OPC compliant applications.
HMI with touch screen facility shall be offered as an option.
The HMI shall be provided by operator stations and engineering workstation, which
shall permit the operator to control and monitor the plant normal operation as well
as during start-up, shutdown and process upset conditions.
10080-1-SS-CI-017 Page 37 of 203
J3 Program 10080-1-SS-CI-017
Distributed Control System Date: 30/07/2012, Rev. 0
Standard system software shall not be modified to meet any of the specific
requirements. Application software shall be designed in a manner that requires no
modification to the operating software.
There shall be various access levels provided at the operator consoles with password
protection to ensure security of operation. Broadly the operator Console shall have
four main category of access level as briefed below:
OPERATOR: Lowest level, access to view and browse through all able to
acknowledge alarms, but will not have the authority to tune loops and change
alarms limits.
SUPERVISOR: As OPERATOR level but with additional access and manipulating
privileges such as system building, configuration and tuning functions in additions
to normal operation tasks.
MAINTENANCE:As SUPERVISOR level but with additional access and
manipulations privileges such as system building, configuration, detailed system
diagnostic displays, intelligent transmitter detailed displays, and tuning functions.
ENGINEER: As SUPERVISOR level but additional rights for configuring, installing,
and maintaining a database.
Each Operator workstation shall have the capability of printing the information
displayed on the screen. The workstation operating system shall be latest version
Microsoft ™ Windows, independent of the hardware. The workstation operating
system (OS) + service packs shall be a revision which is currently supported by the OS
vendor and has been verified by the vendor for application software compatibility.
Each of the operator stations shall consist of the following hardware as minimum:
PCs with Latest processor and Microsoft ™ Windows latest version operating
system.
Dual Monitor OS with high resolution 22” LCD/LED monitors
Engineers keyboard (detachable type)
Membrane type Operator key boards with assignable function keys
One Hard Disc Drive(500 GB Minimum)
DVD R/W drive or latest available media.
Mouse / track ball (Optical)
Minimum 4 GB RAM
Dual power supply
Dual redundant network interface card. Network card shall be as per system
design, copper/fibre optics.
Each of the Engineering work stations/Server Grade Machine shall consist of the
following hardware:
Server Grade PCs with Latest processor and Microsoft ™ Windows latest version
operating system.
High resolution 22” LCD/LED
Engineers keyboard,
RAID 5 or latest
HDD (500 GB Minimum) qty as per RAID-5, Hot Pluggable
DVD R/W or latest available media,
Mouse
Minimum 4 GB RAM
Redundant hot-swap power supplies ,
Dual redundant network interface card. Network card shall be as per system
design, copper/fibre optics.
The engineering station shall incorporate configuration software, which shall be
windows based supporting drag and drop configuration. Standard user definable
templates shall be supported to allow for rapid application development. The
engineering configuration software shall support on-line monitoring of control loops.
On-line changes of control parameters, as well as creation, loading, activation,
deactivation and deletion of control strategies shall be possible. Existing control
loops and I/O modules shall continue to operate while configuration changes are
being made.
Engineering work station shall provide minimum following functions:
Configuration and Backup.
Database generation.
Graphics display generation and modification.
Control algorithm generation and modification.
Report generation and modification.
Generation and Modification of tags assigned to history
System access configuration.
File access.
Diagnostics.
Workstation/monitors and keyboard plant area assignments Document.
Each point in the system shall be designated by a tag number consisting of minimum
twelve alpha-numeric characters.
Operator’s keyboard shall be touch sensitive membrane type. Each keyboard entry
shall be registered with an audio beep. Spilled liquids shall not damage the keyboard
and it shall be easily cleanable.
The operator shall be able to take following actions through the key board as a
minimum,
Calling up of all displays.
Acknowledgement of alarms.
Changing parameters.
Control of cursor.
Initiating printouts of logs, alarm history, event history.
Changing of controller mode.
All control room alarms shall be connected to the DCS. The DCS shall have an audible
alarm. High Priority and equipment protection related alarm shall be configured for
first out and subsequent alarm sequencing. All alarms and events shall also go to
Alarm and Event Management System.
The operator keyboard shall include special keys to enable the following additional
functions to be performed,
Control loop call-up from graphic, alarm page or any other page or tag entry,
On/off command to controller outputs such as valve solenoids, rotating
equipment and ESD systems,
Graphic paging access,
Return-to-last-page access,
System status access,
Print screen,
Change digital state,
Manual entry of data for storage,
Sequence start / override.
The operator’s keyboard shall contain minimum 48 annunciator keys which can be
assigned to call up specific important displays with a single keystroke. Each of the
annunciator keys shall be provided with a LED to indicate alarm status of particular
sections of the plant.
The operator shall also be able to use optical mouse to control the cursor, change
controller mode, directly access a particular display from another display, etc.
Engineer’s keyboard shall be QWERTY type and shall enable the plant engineer to
take the followings actions through the keyboard,
Changing data base configuration,
Inhibiting alarms during plant maintenance,
Changing of alarm settings,
Changing of tuning constants,
Changing of displays,
Changing of clock settings.
Production system Simulator
The plant model shall be provided by Purchaser and the control system will be
provided by MANUFACTURER/SUPPLIER. This shall be included under production
system simulator.
DCS shall have a Production System simulator with features like:
Dynamic simulator model for process plant,
Real time model system for online monitoring of process,
Look ahead predictive model,
Instrumentation conditioning monitor,
Offline planning / training simulator,
Operational planning,
Optimization.
11.10. Process and System Alarms Audible Annunciation
Alarms shall cause audible annunciation at, and only at, workstations configured
for those alarms.
The annunciation shall occur within 1 second of the initiating event.
The audible annunciation shall continue until a "Horn Silence" command is issued
by the operator.
There shall be at least three audible alarm tones available and these shall be
assignable to any priority level.
Volume of the audible tones shall be adjustable.
If an audible alarm is on and another alarm of higher priority is initiated, then the
tone of the higher priority alarm shall immediately sound. The lower priority
audible tone may either continue or cease.
Return-to-normal state shall not cause audible annunciation.
There shall be a "Horn Silence" command available regardless of which display is
in use.
When the "Horn Silence" command is given at a workstation, it shall silence the
current audible alarm sound at all workstations within that console only and
without acknowledging the alarm itself.
It shall be possible to display the following information, as a minimum, for each
alarm in the alarm summary display:
Tag ID of item in alarm.
Tag Description.
Alarm Type (HI/LO/HH/etc).
Alarm Limit value.
Engineering units (if applicable).
Actual process value at time of alarm.
Time of occurrence.
Alarm description.
Alarm priority.
Alarm state (whether into-alarm state or return-to-normal state).
Acknowledgment state.
It shall be possible to filter or sort entries in the alarm summary display based on Tag
ID, time of occurrence, priority, alarm type, and process area or unit number. The
alarm summary display shall clearly indicate when filtering or sorting is active.
System shall provide the list of all the alarms which are
inhibited/suppressed/bypassed with the date, time and role. The list fields shall be
user configurable.
System shall capture and store all the alarms and events. The list shall be list fields
shall be user configurable.
Storage capacity shall be of three months.
Alarms shall be defined according to four level of priority.
First Level - Emergency
Second Level - High Priority
10080-1-SS-CI-017 Page 43 of 203
J3 Program 10080-1-SS-CI-017
Distributed Control System Date: 30/07/2012, Rev. 0
variables (e.g. velocity, density, ratio, concentration, etc.). The stored information
is used for the following purposes:
Determination of plant material balances.
Trend analysis of equipment performance.
Troubleshooting and analysis of malfunctions.
Monitoring the day to day operation.
The actual (uncompensated) measured process variable values shall also be
saved, when process variable values are modified by the control system to
compensate for process conditions.
For the purpose of trouble shooting and analysis of malfunctions, the ability to
retrieve and display the actual instantaneous sampled process data, rather than
the averaged or maximum/minimum values, is essential.
All process variables, controller set points and controller outputs shall be
sampled and the instantaneous values shall be stored at intervals of one second.
Storage capacity shall be sufficient to store process variable data, controller set
point data, and controller output data for at least the immediately previous 7 day
period. Only "lossless" data compression techniques may be used during this
period. The control system equipment shall be able to access and display the
stored data at the operator station console and/or other console on demand at
any time. The control system equipment shall be capable of selecting for display
the instantaneous values stored in any 1 hour period within the 7 days of data.
Stored data shall not be erased by display. Update of data shall be on a point-by-
point basis to ensure that the immediately previous 7 days of data are available
at any time. When data compression techniques are an integral feature of the
historical data storage package, the data discrimination delta value shall be set to
the minimum setting.
The DCS shall have the capability of archiving to removable storage media and
shall be capable of playing back the stored data in the same formats e.g. trends,
reports etc. The MANUFACTURER/SUPPLIER shall clearly describe how the data
base are backed up including an estimate of total time and number of copying
media required to back up the entire history data base.
Storage capacity that is capable of retaining daily averages and weekly averages
of the process variable values for a period of one year shall also be provided.
Storage capacity shall be capable of storing process parameters for 6 months
with a sampling rate of one second. The control system equipment shall able to
access and display the stored data at the operator station console and/or other
console on demand at any time.
Data stored for historical review shall be accessible in grouped trend display
format. The grouping of the process variables shall be logical with respect to the
process. Configuration of trend displays shall have the capability for operators to
set up additional trend displays of selected variables for specific troubleshooting
activities. Different colours shall be used for each variable trended. Additional
trend display capacity shall be available for at least 10 percent of the historical
trend display groups.
History stations shall be sized on the basis of 5% analogue inputs being trended at
one (1) second, 15% of the analogue inputs being trended at two (2) seconds and
remainder (80%) is being trended at five (5) seconds intervals for 90 days without
any backups as a minimum. The sizing shall include 20% extra capacity at 70%
loading of Historians which shall be dual redundant (mirror image).
The MANUFACTURER/SUPLIER’s capabilities with respect to the subject of data
storage and retrieval shall be thoroughly reviewed by the OWNER/operator of
the process unit before deciding to accept a particular system.
The control system must be capable of archiving historical data onto removable
media.
11.12.2. Controller Tuning Display
Each loop controller shall have a trending display for tuning. This tuning display shall
show the loop controller tuning values and include the capability to change the loop
controller tuning values while trending. Different colours shall be used for each
parameter trended. The minimum controller parameters trended shall be:
Set point
Process variable
Controller output signal
Trending intervals shall be user selectable between 0.25 second to 5 seconds. The
overall trend display must show as a minimum between 1 minute and 20 minutes of
trending per Table:
Table
Minimum Duration of
Sample Interval
Screen Trend
The DCS shall have a historical data base which can be accessed for trending, report
generation, alarm history retrieval and event history retrieval to both printer and
HMI. All alarms and events shall be historised.
It shall be possible to configure the database through the engineer’s keyboard.
11.13. Diagnostics
The DCS shall have extensive off-line and on-line diagnostics. The self diagnostics
shall as minimum detect the fault in the following.
Data highways and communication lines,
Power supplies,
All cards (I/Os, controllers, CPU, etc.),
Wherever fault tolerant/redundant paired equipment is provided, the equipment
shall continue functioning in case of failure of one of the pair.
The diagnostic alarm message for any failure shall appear on the operators console
irrespective display on the HMI.
It shall be possible to get accurate and detailed diagnostic information through
system status displays which can be called from operators keyboard.
The self diagnostic software shall be capable of detecting and reporting fault to an
I/O level.
The operator stations shall have the same capability in respect of displaying
diagnostic messages.
In addition to the above, all modules shall be provided with diagnostic LEDs to
indicate their status at a local level.
The off-line diagnostic programs shall consist of a library of programs used to verify
operation of a device or to aid in the troubleshooting of a device.
Off-line diagnostics shall be provided for every device in the system.
NAMUR NE-107 “Self-Monitoring and Diagnosis of Field Devices” shall be followed
for different field device status indication, implemented as a function in DCS, to help
the operator and service personnel to trigger various different actions. There are four
types of status signal output:
Failure (F),
Function check(C ),
Out of specification(S),
Maintenance required (M).
Status signal output changes irrespective of the transmission media used (type of
bus, HART, contacts…) when the device status change or individual measurement in
case of multi-variable device.
The device diagnostics shall meet NAMUR 107 classification with 4 levels of
diagnostics are available namely:
reasons the controller memory shall have a battery back-up of minimum 72 hours to
save the controller configuration in case of power failure.
MANUFACTURER/SUPPLIER shall provide a list of all batteries used within the DCS
system, indicating battery type, rated shelf life, location within the DCS and renewal
frequencies.
Immediately after the SAT, DCS MANUFACTURER/SUPPLIER shall replace all batteries
within the DCS system with new ones.
The maximum time acceptable for reloading a component (e.g., a console) is five
minutes, which includes the time to mount disks. The MANUFACTURER/SUPPLIER
shall quote the maximum time required to reload the system from backup bulk
storage.
11.15. Serial Interface system
The Serial interface system shall consist of the redundant Serial interface modules
and the Protocol converters as required, to suit the serial interface communication.
Generally redundant ETHERNET/Modbus TCP/IP, RS 232/485 (Modbus/ASCII) shall be
used for all serial interfaces. The redundant serial links shall be connected to
separate modules so that failure of one module does not affect the serial
communication. The transmission of data shall be bi-directional with read/write
capability.
The Serial Interface shall be able to handle all types of I/Os of Third Party System.
After selection of DCS vendor, data capture form will be created and given to all
PACKAGE UNIT MANUFACTURER/SUPPLIER for serial interfaces to have both
hardware and software compatibility.
MANUFACTURER/SUPPLIER shall indicate limitations if any in connecting number of
serial interface per controller.
11.16. Interface with other applications/systems
The system shall be capable of interfacing other applications of any hardware and
software combination. Other applications/systems can be one or more of following:
Advance process control.
Process Optimization.
Laboratory Management.
Warehouse Management.
Logistic Optimization.
Tankfarm Management.
Asset Management System.
ATG (Automatic Tank Gauging).
The generation and editing of the programming language program source code shall
be performed on any of the DCS consoles. Additionally, the user shall have the ability
to monitor, control program execution, and troubleshoot programs in a runtime
mode from any console without the necessity of creating any of the interactive
program displays.
System utilities shall be provided to allow program source code print out, I/O cross
reference printout, program back up and version control documentation.
11.17.3. Ladder Logic Language
Ladder logic programming language shall be provided with the system.
Ladder logic shall be executable in the Controller CPU.
Ladder logic element data shall be accessible from the other control languages.
The generation and editing of the Ladder logic program source code shall be
performed on any of the DCS console. Additionally, the user shall have the ability to
monitor, control program execution, and troubleshoot programs in a runtime mode
from any Station monitor without the necessity of creating any of the interactive
program displays.
System utilities shall be provided to allow ladder logic program source code print out,
I/O cross-reference printout, and program back up.
11.17.4. Sequence and Batch Control:
The system shall provide a graphical configuration tool which conforms to the IEC
61131-3 guidelines for Structured Text or Sequential Function Chart.
It shall be possible to modify individual program logic for sequential functions
without interrupting the operation of other sequential functions that are active.
The system shall have the ability to monitor and control program flow through
sequential functions in real-time.
11.17.5. Sequential Functions:
The following sequential functions shall be supplied as standard instructions:
Relational expressions: Equal to, Not equal to, Less than, Less than or equal,
Greater than, Greater than or equal, IF / IF Then.
Calculations: Add, Subtract, Multiply, Divide, Exponentiation (whole and
fractional), Square root
Timers: Output true after preset delay, Output false after preset delay
Counters: Count up, Count down
Logical expressions: And, Or, Not, Exclusive Or, Single bit memory elements
(flip/flops)
Hold sequence - Manual or preset time
10080-1-SS-CI-017 Page 54 of 203
J3 Program 10080-1-SS-CI-017
Distributed Control System Date: 30/07/2012, Rev. 0
schematics, etc. shall be backed up on the system hard disk automatically at a regular
interval. All configurable entries should be automatically reloaded on restart of the
system in case of loss of database.
It shall be possible to have a complete back-up of the system including the historised
data without interrupting the system normal function.
A dedicated backup server sitting on PIN network shall be considered for online
restore and back up.
11.22. System Security:
MANUFACTURE/SUPPLIER at a minimum shall comply with ISA-99 for security
requirements of industrial control system.
System shall be protected from viruses, hackers and they should not have any effect
on controllers and network loading. All tested patches need to be updated in DCS. All
USB ports, media drive shall be blocked. All unused ports on switches shall be
disabled. Accessibility for these ports shall be through authorized permission.
Windows menu shall be disabled and internet access shall not be provided from any
DCS workstations, application servers. As the system is Windows based, virus and
patch management need to be mentioned in spec.
Application integrity is required to ensure the application meets its stated
performance requirements. Application unavailability may impact on facility
production and/or integrity compliance.
An assessment of the required availability should be performed prior to the
deployment of an application. Availability of the application shall consider both
planned and unplanned downtime.
Application shall be sufficiently stable when deployed to minimize the potential
frequency of upgrades and patches to maintain application functionality. Application
deployed shall comply with the security requirements.
Typically, application installed at lower levels will be of a higher availability due to the
increased network/system redundancy, design considerations( such as integration
testing), operating environment, network/system stability, rigidity of change
management processes, etc.
User Groups and User Roles
The system shall be capable of defining user groups or user roles. System access
privileges shall be configurable for each user group or user role. Individual user
privileges shall be determined based on the user group / role to which the user is
assigned.
A minimum of fifteen user groups / user roles shall be configurable. The system shall
be capable of defining the following user roles as a minimum:
View Only
Interconnection between the hardwire console and other equipment, ESD cabinet,
DCS cabinet, etc. shall be done with the help of plug in type system cables.
VENDOR shall provide all plugs and sockets for termination of system cables at both
ends.
Push Buttons and Switches
Up to 20 Hardwired push buttons and switches shall be provided for various ESD
and other critical functions.
To prevent inadvertent operation, Emergency push buttons shall be provided
with a guard. All push buttons shall be back lit type.
Push button Colour coding:
Start-Green
Stop-Red
Reset-Yellow
Bypass-Amber (Two position- illuminated)
Selector switch-Black (Two position)
Emergency Stop-Red (Mushroom stay-put with key lock + Protection cover)
Lamps shall be green for running and red for stop/trip.
Note: For CPP Auxiliary console will also have Electronic water level indicators (EWLI)
of HRSG and Auxiliary/utility system boiler drums.
12. System Performance
12.1. System Loading
The loading refers to the use of memory, CPU time and communication capacity. The
loading shall consider worst case system activity.
The maximum loading allowed are as follows considering installed and future spare
inputs and outputs:
Control processor : 60%
History data base : 60%
Serial : 50%
Network Loading : 50%
MANUFACTURER/SUPPLIER shall submit system loading calculation for each of the
above. In case loading increases above the indicated values, Vendor shall supply
required hardware to meet the above requirement without time and price
implication to client.
Scheme includes Read inputs, perform the configured control algorithm and update
control output.
MANUFACTURER/SUPPLIER shall assume all analogue outputs are associated with
controllers and give the basis of sizing for the controller and also specify how the
scan time affects the loading of the CPU.
MANUFACTURER/SUPPLIER shall also clearly mention whether different control
loops in one controller, can be assigned different scan times.
12.3.2. Data Acquisition Time
This is the total time required for controller for read and process input and perform
computations (as required) for all open loops connected to a particular data
acquisition sub-system. This time shall not exceed 1 second.
12.3.3. Alarm Response
Within 1 second after a new alarm has occurred, the system shall annunciate the
alarm and have the alarm ready for display.
12.3.4. Command Action Response
Command from the operator shall result in an output to the control device within 1
seconds following the command to execute.
12.3.5. Display Call-up Time
This is time that elapses between operator’s command and appearance of the display
on the screen. This time shall not exceed 3 seconds including graphic display.
New screen call-up time - 1 secs.
Screen updates time - 1 sec.
(Refreshment of process data on a display screen)
12.3.6. Miscellaneous
PLC, Compressor Control Interfaces – 1 sec.
The MANUFACTURER/SUPPLIER shall verify the following
System Performance of similar system in service based on record of actual tests
and stated conditions.
13. System Reliability and Availability
The DCS shall be subjected to careful component level subsystem and system testing,
prior to factory acceptance tests. The availability of the DCS shall then be part of the
guarantee of the system.
The system availability is usually expressed in terms of two factors:
Mean Time Between Failures (MTBF).
Mean Time to Repair (MTTR).
The system availability shall be guaranteed 99.99% or greater all times.
Calculation is based on:
System availability = MTBF
MTBF + MTTR
(Assuming average MTTR = eight hours).
All servers such as ES, Asset management, alarm manager, historian should be rack
mounted and installed in racks.
I/O used in critical control loops and logic (these to be decided on a case by case
basis) shall use dual redundant field interface cards. The requirements will be
determined during detailed engineering.
14.2. Installed spare capacity
The offered system shall have a 20% installed spare I/O capacity for each type of I/O
listed in the I/O list. The spare capacity shall be evenly distributed over various
cabinets. The spares shall also be uniformly distributed in all cards instead of
complete spare cards. Installed spares shall be wired into terminal blocks. All the
spare cores of the incoming filed multicore / multipair cable shall be wired up to the
marshalling cabinet. All process input / output racks shall have 20% usable spare
space for installing additional modules in the future.
In addition 20% spare space shall be provided in the cabinets for future expansion of
DCS. Sufficient additional software capacity shall be available in the system to take
care of spare requirement as required above.
Start-up Spares: Average failure rates and availability of parts from the closest repair/
MANUFACTURER/SUPPLIER support facility shall be used in determining the quantity
(not less than one) of each type. Additional spare parts that may be required during
start-up shall be guaranteed to be available from the DCS
MANUFACTURER/SUPPLIERs support facilities in India.
Long-term Spares (Two Years Operation): These spare parts include normal
maintenance as well as failures. MANUFACTURER/SUPPLIER shall provide complete
Spare Parts and interchange ability records (SPIR) forms for all parts of the DCS in his
supply. These shall be sent to OWNER / MANAGING CONTRACTOR at least six (6)
months before delivery to site, in order to allow time for purchase / delivery with the
DCS equipment. The DCS MANUFACTURER/SUPPLIER should maintain optimal
number of spares at its local office at site.
MANUFACTURER/SUPPLIER shall provide Project spare philosophy document
covering commissioning spares, two years maintenance spares, mandatory spares
and insurance spares and quote for the same.
14.3. Consumables
The MANUFACTURER/SUPPLIER shall ship the system with six months supply of
consumables, with the exception of printer paper.
MANUFACTURER/SUPPLIER shall provide a complete list of consumables with the
Design Review.
For all units, spare fuses and consumable items shall be provided as individual
packages.
14.4. Expandability
System shall be configured to no more than 50% of the system capabilities and be
expandable to 50% future capabilities without reduction in system performance.
Control System shall be expandable to meet future growth, without requiring
changes to equipment supplied. Control System shall be designed such that future
expansion and addition of future DCS Areas shall not require any replacement /
upgrade of equipment, and shall not in any way impact Operations.
MANUFACTURER/SUPPLIER shall provide capacity, loading and performance
calculations for Integrated DCS System components during design review. These
calculations shall take into account limitations due to gateways, routers, bridges and
system internal firewalls.
MANUFACTURER/SUPPLIER shall state the constraints for potential expansion of the
proposed system as part of critical design review documents.
Potential expansion features addressed shall include the following:
Addition of application engineering functions
Addition of controller functions
I/O and controller expansion
Addition of operator Workstations
Expansion capacity of the database
Maximum communications throughput
Addition of third-party systems
Addition of process control computers
Addition of future Operating Groups
Addition of Future Risk Areas
Additions of Network components for expansion of DCS/ESD network
14.5. Accessibility and Maintainability
Control System shall be designed to allow easy access and maintainability, without
compromising packaging density or floor space requirements.
Front access to cabinets or front / rear access where applicable, shall be used for
Maintenance. Terminal blocks and all components shall be installed so to permit
accessibility for maintenance.
Top or side access to cabinets are not acceptable for maintenance.
14.6. Manageability
Production
Forecasting
Reservoir Management
Laboratory Applications
15. Time Synchronization
A dual GPS based integrated time synchronization system shall be supplied. Time
Synchronization system shall consist of GPS Antenna, Receiver, Time Strobe
Generator, Time Keeper, Network Time protocol server.
The DCS control Network shall be the primary distribution media for time
synchronization. The DCS MTK Workstation shall receive GPS time and distributes it
to control processors and workstations across the DCS control Network.
NTP servers shall be located in the control room and provide time synchronization
across the Plant Interface Network. Servers, Workstations, PLC, etc that connect to
the PIN can subscribes to the NTP service for time synchronization. The exact type
frequency of outputting time signals for time synchronization of various systems shall
be decided during detail engineering.
Time synchronization redundancy shall be considered by having a Primary Master
Time Keeper and Backup Master Timer Keeper workstation. Each MTK workstation
sources its GPS signal from its own GPS Antenna /Receiver. In the event of failure of
the Primary MTK the Backup MTK shall take over. Failure of master clock system
shall not affect operation of all connected control system. Time synchronization shall
be considered for the following:
DCS Workstations
DCS Control Processors
ESD system including SOE station.
Alarm Management System Servers
Instrument Asset Management System Servers and Clients
Historian Servers
Third Party Systems - Package PLCs and Workstation/Server based Microsoft ™
Windows latest version based systems connecting to the Plant Interface Network
16. DCS Engineering Workflow
The Engineering inputs for the configuration of the DCS system includes the Process
and Instrument Diagrams (PID's), Process Flow Diagrams (PFD's), Cause and Effect
Diagrams, logic diagram, Graphics, Cable Block Diagrams, Process Schematics,
Instrument Plot Plans, Instrument Data Sheets, Motor Coordination Sheets, FF
segment design and, most importantly the SPI Database. SPI database shall be
10080-1-SS-CI-017 Page 68 of 203
J3 Program 10080-1-SS-CI-017
Distributed Control System Date: 30/07/2012, Rev. 0
generated by considering selected DCS system configuration fields. Related SPI Rule
book shall be given to all MANAGING CONTRACTOR's
All listed engineering deliverables shall be generated by MANAGING CONTRACTOR.
Each engineering input shall be issued as IFC (Issue for Construction).
Inputs such as the SPI Database, FF segment design shall be validated for their
correctness and completeness by MANUFACTURER/SUPPLIER. In addition, Process
and instrument teams from Site shall be involved in the validation. Operations
validate I/O allocation, alarm rationalization and segment validation with FMEA. In
this phase MANUFACTURER/SUPPLIER will generate the technical queries for missing
such as information such as missing tag, cable modification, alarm value, range value
missing etc.
MANUFACTURER/SUPPLIER shall generate complete system design of Network,
hardware and software for DCS. MANUFACTURER/SUPPLIER shall do submission for
early interface engineering like Final BOM, Power calculations, Heat Loads, Panel
Foot Prints, Weight of the Equipment, Grounding and Earthing Scheme, Foundation
Details, Space Requirement, floor cut out dimensions, UPS/batteries-chargers, Power
distribution from separate feeders etc.
MANUFACTURER/SUPPLIER shall submit Functional Design Specifications, Software
Design Specifications, Graphics and HMI development specifications, Detailed Design
Specifications (DDS).
Functional Design Specifications shall be reviewed and approved by MANAGING
CONTRACTOR and OWNER for MANUFACTURER/SUPPLIER to start engineering.
MANUFACTURER/SUPPLIER shall submit all engineering deliverables as per details
provided in the specifications, interface engineering details for all third party
interfaces.
System configuration of all equipment, databases, interfaces, graphics, screen
displays, reports etc.
Engineering deliverables by MANUFACTURER/SUPPLIER shall be reviewed and
approved by MANAGING CONTRACTOR and OWNER.
16.1. Functional Design Specifications
MANUFACTURER/SUPPLIER shall prepare the functional design specification (FDS)
giving system specific technical guidelines which shall be used during
implementation. It will be mandatory to be followed by all MANAGING
CONTRACTORs and any waiver has to be approved jointly by OWNER and initiator.
FDS shall be reviewed and approved jointly by MANAGING CONTRACTOR and
OWNER.
Following is the minimum but not limited list of FDS to be prepared:
System Hardware and software
SPI Rulebook
Foundation Field Bus
Alarm Philosophy, Management and reports
Historian Reports
DCS cabinets
System Networking
Third Party Interface
Serial Link
OPC
Time Synchronization
HMI
Asset Management
System Security
The purpose of FDS document shall be to define accurately and clearly the scope of
supply for the DCS System and therefore quantify the agreed scope of work. FDS shall
be the primary MANUFACTURER/SUPPLIER document used for the design and
implementation of DCS system. For details refer Attachment-3.
17. Inspection and Testing
17.1. The MANUFACTURER/SUPPLIER shall be responsible for the inspection and quality
assurance of materials and equipment and for the standard of the workmanship. A
quality dossier shall be submitted after testing, complete with certificates and test
results.
17.2. MANUFACTURER/SUPPLIER shall allow MANAGING CONTRACTOR/OWNER’s
representatives to review the System and documentation at any stage of design and
assembly.
17.3. The MANUFACTURER/SUPPLIER shall be responsible to conduct the pre-FAT and FAT
for DCS system and associated equipment in accordance with written FAT
procedures. MANUFACTURER/SUPPLIER shall submit the procedures for MANAGING
CONTRACTOR's approval at least six weeks prior to commencement of testing.
17.4. MANUFACTURER/SUPPLIER shall advise the heat soak tests that the electronic cards
have been subjected to after manufacture/assembly. If adequate proof is not
available then a heat soak test shall be included as part of the FAT.
17.5. MANUFACTURER/SUPPLIER Test
All system inputs and outputs shall be fully tested by the MANUFACTURER/SUPPLIER
prior to the FAT in accordance with agreed test plan and procedure. The
10080-1-SS-CI-017 Page 70 of 203
J3 Program 10080-1-SS-CI-017
Distributed Control System Date: 30/07/2012, Rev. 0
Criteria Requirement
Availability
• Availability 99.99%
• MTTR figure 8 hour
Scan Time
• Digital 100ms
• Time stamping resolution Vendor to define
FF
• FF Segment Ideal Time 50% of Macrocycle
• Device Diagnostic templates As per NAMUR NE-107
Loading
• Controller 60%
• Network 50%
• Serial Link 60%
• Historian 70%
Response time
• Alarm Response 1 sec
• A/D 12 bit Minimum
• Security 3 Levels
• Command to Output 1 sec
30 real time trend points with 60
samples
Trend
each, time interval 1sec to 15
• minutes
• New Screen Call Up time 1sec
• Graphic Update rate 1sec
• Network access Not more than 600ms
History Data call up time
• maximum 5 sec
Operator Interface
• Operator logging 1 sec
• Response to mouse/trackball 0.5 sec
MANAGING CONTRACTOR's shall give dispatch clearance after inspection, review and
approval of engineering documents, BOM with reference to Cabinet and other
hardware.
17.9. Site Acceptance Test (SAT)
Detail SAT procedure shall be submitted by MUNUFACTURER/SUPPLIER for review
and approval of MANAGING CONTRACTOR/OWNER one month prior to
commissioning.
The SAT procedures for both the systems will be derived from the FAT and will be
developed by the MANUFACTURER/SUPPLIER in consultation with the
MANAGING/CONTRACTOR. The SAT will be performed upon completion of
MANUFACTURER/SUPPLIER hardware installation and tests. Site Acceptance Test
shall be held on site to verify the correct operation of all hardware and software, the
validity of all programs, guaranteed accuracy, and the proper functioning of all
components as an integral system.
All the System functions shall be checked thoroughly for proper functioning.
OWNER will take over the system from the MANUFACTURER/SUPPLIER after the final
acceptance test, which is defined as successful uninterrupted operation of the
integrated System for one month for all units of the Plant.
MANUFACTURER/SUPPLIER personnel shall be present during the test. Any
malfunctioning of the system components shall be replaced/repaired as required
free of cost. Once the System failure is detected, the acceptance test shall start all
over again from the beginning.
SAT will be witnessed and signed off by the MANUFACTURER/SUPPLIER and
MANAGING CONTRACTOR/OWNER’s personnel.
18. Control and Technical Buildings
Control Building is the nerve centre of the DCS system. Following buildings shall be
considered while designing the DCS System. Other buildings such as Admin,
Laboratory shall be considered but not covered under this document.
18.1. Control Building
Control Building will be designed to facilitate the efficient and safe operation of the
plant by taking into account both the ergonomic needs of the operators and the
plant work processes. Issues such as lighting, console layout, furniture, display
configuration, traffic flow, noise levels, communications and work environment shall
be taken in due consideration.
The Control System operating interface will be located in this building and shared
between a certain numbers of operator consoles. Each console consists of several PC
based DCS workstations (OWS), F and G monitors, process CCTV monitors,
telecommunication equipments, auxiliary panels fitted with hardwired devices such
as ESD and FGS activation buttons, network printers, etc.
10080-1-SS-CI-017 Page 74 of 203
J3 Program 10080-1-SS-CI-017
Distributed Control System Date: 30/07/2012, Rev. 0
Project specific Design Basis will be prepared for Control room based on location,
operation philosophy, functions and population and facility requirement meeting
OISD (Oil Industry Safety Directorate) norms.
18.2. Engineering Room
The engineering rooms will house engineering workstations for DCS, ESD and other
system with network printers, telecommunication equipment etc. Engineering
workstations will be loaded with all control system engineering configuration, HMI
building software and any other specific engineering software tools, to provide
remote engineering, testing, diagnostic and troubleshooting capabilities.
Engineering Room shall have access controlled doors to ensure security of DCS
configuration.
18.3. Server Room/Rack Room
The server rooms will house all servers/stations and associated networking
components connected to the Control System such as Alarm Management System,
Historian, Asset Management, Web, OPC, Remote Diagnostics, Backup, Network
servers etc, as well as servers of all centralized engineered systems such as PLC,
MCMS, ATG, CCC, Analyzers and advance control system etc a KVM switch shall be
considered where multiple connectivity considered from one application server. Also
KVM extender shall be considered for installing HMI of above mentioned
stations/servers in engineering room.
Server room shall have minimum 600 mm raised floor of adequate load bearing
strength and antistatic floor surface. Server room shall deploy under floor cable/Fibre
management system using composite Fibre/copper patch panels, structured cabling
design, and hinged cable raceway systems to protect patch cords.
Under floor cable/fibre management system plays important role in reliability and
availability of DCS and should be carefully designed in consultation with vendor.
Raised floor cavity will be used for HVAC using Precision air conditioning units to
provide control environment. It shall be protected with Dry type fire suppression
system.
19. Field Technical Buildings
19.1. Process interface Buildings
Process Interface building shall be blast resistant and constructed as a rectangular
box type reinforced concrete structure. False flooring shall be provided. Down
through type Precision A/C units shall be considered. HVAC shall have corrosion filter
for protection of electronic components and connectors. The room shall have a
cavity floor system to facilitate the air conditioning process. Installation of HVAC and
UPS equipment shall be segregated from the Control System Equipment.
The HVAC and UPS shall be provided by OWNER.
editable electronic format. All subsequent revisions shall be clearly highlighted with
revision mark.
21.2.2. Drawing Identification
Each drawing shall be provided with a title block in the bottom right hand corner. The
title block shall incorporate, apart from the official trade name of the manufacturer,
the DCS MANUFACTURER/SUPPLIER's drawing number and title, giving the
description of contents, the DCS MANUFACTURER/SUPPLIER's model or type
number, a symbol or letter indicating the latest issue or revision, and item's
equipment number. All drawing shall be reviewed and approved as per
MNUFACTURER/SUPPLIER quality requirements.
21.2.3. Risk Management
The risk management shall be conducted from the stage of kick off meeting to
identify key risks to the project. Area of Risk pertained to engineering, hardware,
logistics and other general heads shall be considered. These shall be highlighted in
the Risk register and shall be discussed during risk review meetings. A plan shall be
considered to mitigate the risk, which shall be approved by OWNER / MANAGING
CONTRACTOR and shall be implemented during project execution stage.
22. Drawing and Documentation
OWNER intends to use SMART Plant Instrumentation (SPI) for the generation of
drawings and documents. OWNER will provide remote access through Citrix server to
the DCS MANUFACTURER/SUPPLIER. DCS MANUFACTURER/SUPPLIER shall generate
minimum following document from SPI.
Cross wiring details
Configuration details
Loop drawings
A detail procedure for transfer and import/export of SPI data to DCS database shall
be prepared by and submitted by DCS MANUFACTURER/SUPPLIER in consultation
with MANAGING CONTRACTOR/OWNER.
Drawings and Documentation of the complete System shall be provided in
accordance with, but not limited to, the requirements stated in the project
specification. Documentation of the DCS systems shall be provided in accordance
with the requirements as specified below.
In general, the requirements can be categorized as below:
Full technical specifications of all hardware and software, Project
Drawings and specific documentation, Proven track record.
Documents with
System blocks diagrams and Earthing requirements.
Quotation
A completed Table of compliance
Supply of Systems to meet the functional requirements defined in this and all
referenced documents.
All software licenses required for operation of System
Consoles for all workstations, Auxiliary consoles for Alarm window, Hardwired
Push buttons, Switches, Lamps etc.
Assistance in Segment design and checking at Managing Contactor Office and at
all Execution centers.
Assistance in Foundation Field Bus related design.
Any item, which is not in BOM but required for commissioning/operation of the
system, shall be supplied free of cost
Staging at MANUFACTURER/SUPPLIER’s works
Standard & customised (Application) software including any source code
generated
Configuration and test of the systems
Supply of all interconnecting cables including Fibre optic cable and wiring &
termination between all components of system. This also includes FO cable
laying, Splicing and testing.
Integrated Factory Acceptance Test shall be performed; in addition separate
Foundation Fieldbus FAT with devices shall be tested as loop typicals. All the
fieldbus loops shall be tested at site.
Integration of Display wall Supplied by MANUFACTURER/SUPPLIER.
Integration of Operator console (if supplied by purchaser) with
MANUFACTURER/SUPPLIER supplied equipment’s on the console.
Packing & Shipping to site
Provide hardware support for quoted hardware for a period of 15 years from
date of declaring the same as obsolete
Provide software upgrades for 2 years free of cost and software support for 15
years free of cost.
Spare parts planning / supply (required during commissioning/ start-up and
warranty period with main equipment.
Software License shall be functionally unlimited for each license purchased.
2.4. Scope of Site Services
Shall includes but not limited to the following
Supervision of unloading & unpacking.
4. Administration
Design review meetings shall take place regularly and formally at least once per
month. These meetings will alternate between the MANUFACTURER/SUPPLIER’s
Office and the MANAGING CONTRACTOR’S/OWNER Office. The agenda for each
meeting shall be prepared in advance by the MANUFACTURER/SUPPLIER. The
MANUFACTURER/SUPPLIER shall be responsible for publishing minutes resulting
from such meetings.
MANUFACTURER/SUPPLIER shall issue monthly progress reports describing progress
made against the mutually agreed project schedule. MANUFACTURER/SUPPLIER
shall identify any actual or anticipated slippage in the performance of work with
corrective actions to be taken.
MANUFACTURER/SUPPLIER shall provide office facilities for MANAGING
CONTRACTOR /OWNER. The private lockable offices shall be suitable for up to ten
(10) MANAGING CONTRACTOR and owner engineers. The office shall be supplied
with:
Lockable filing cabinets
Desks and chairs
Book/file shelves
Telephones
Fax
Access to photo copiers / bulk printing
Access to office stationary
The assigned project team shall work on this project until the final SAT.
5. Inspection and Testing
The MANUFACTURER/SUPPLIER shall be responsible for a high standard of
workmanship, inspection of the equipment and quality assurance of all materials
used including items supplied by third parties. A quality dossier shall be submitted
after testing, complete with certificates and test results.
MANUFACTURER/SUPPLIER shall allow MANAGING CONTRACTOR /OWNER’S
representatives to review the Quality plan, systems and documentation at any stage
of design and assembly.
The MANUFACTURER/SUPPLIER’s Test and the Factory Acceptance Tests for the DCS
systems shall be conducted by the MANUFACTURER/SUPPLIER in accordance with
approved test procedures. MANUFACTURER/SUPPLIER shall submit the test
procedures for approval at least six weeks prior to commencement of internal tests.
5.1. MANUFACTURER/SUPPLIER Test
7. Training
MANUFACTURER/SUPPLIER shall be responsible to provide training to operation,
maintenance and engineering personnel during project execution period at
MANUFACTURER/SUPPLIER’s location and also at site.
MANUFACTURER/SUPPLIER shall submit details of training modules for various skill
levels and schedules for the training for OWNER’s approval. It is expected that total
of 100 engineers will required to be trained by supplier.
Two (2) copies of Factory Acceptance Test forms to be used during the tests.
Two (2) copies of all software documentation, including configuration, program
listings, loop drawings and ladder/logic diagrams.
1.4. All changes resulting from Factory Acceptance Test shall be updated and issued by
the MANUFACTURER/SUPPLIER within four (4) weeks after FAT.
After Site Acceptance Test and hand-over of the DCS all the afore mentioned
documents shall be issued ‘as-built’ within four (4) weeks of acceptance by OWNER
or appointed representatives.
This shall include six (6) sets in Electronic Format of system configuration and utility
software.
One (1) set shall be retained by the MANUFACTURER/SUPPLIER and one (1) set by
PROJECT MANAGER as back-up copy, while the balance shall be carried to site.
3. List of Documentation
The documentation list enclosed represents the typical documentation expected
from DCS MANUFACTURER/SUPPLIER by OWNER.
The documents are divided into the following categories:
1.5. Project Management Documents.
DCS
1.9. Control room instruments data sheets
TYPE e-Room
FI = For
= Information Yes
FFA = For
= Approval Yes
A
FC = For
= Construction Yes
AB = As
= Built Yes
In addition to e-Room submission of documents, optical media are required for some
of the documents. Three sets of documents in such ELECTRONIC media will be
required wherever mentioned in addition to e-Room documents. Hardcopy of final
approved document shall be submitted by MANUFACTURER/SUPPLIER.
LIST OF DOCUMENTS
3.1 Project Management Document
Project Organisation FI -
Training Schedule FA -
Progress Report FI -
Installation Drawing FA + FC + AB
1) System Cabinets
2) Marshalling Cabinet
GA Drawing/Base Drawing -
Barrier/Terminal Assignment FA + FC + AB Yes
Power Supply Distribution Diagram Yes
Wiring Diagrams Yes
2) Network Cabinet
GA Drawing/Base Drawing -
Network diagram for all networks FA + FC + AB Yes
Detail of port connection for all switches Ye
6) FF System Cabinet
GA Drawing/Base Drawing -
Terminal Assignment FA + FC + AB Yes
Power Supply Distribution Diagram FA + FC + AB Yes
Cross- Wiring diagrams FA + FC + AB Yes
Interconnection Diagrams for FBM FA + FC + AB Yes
Graphics FA + FC + AB Yes
1) For DCS
Installation Manuals
Fault Diagnostics Manuals
Preventive Maintenance Spare Parts Lists
Laser Colour Printer
B) Software Manual
4. System Configuration
4.1. Introduction
4.2. Communication Network
4.2.1. Console
4.2.1.1. Hardware Configuration
4.2.1.2. Software Configuration
3.2.5.1.1 Controller
3.2.5.1.2 I/O
6.7. Diagnostics
6.7.1. General
6.7.2. System Diagnostics
6.7.3. Controller Power-up
6.7.4. Console Power-up Diagnostics
6.7.5. Run-Time System Diagnostics
6.7.6. Diagnostic Displays
6.7.7. Diagnostic Alarms
6.7.8. Diagnostic Lights
6.7.9. Status - Error Indicators
6.7.10. Operational Indicators
6.7.11. Replacement Indicators
6.8. Failure/Recovery Modes
6.8.1. Subsystem Start-up
6.8.2. Resumption of Plant Control
6.8.2.1. Console
6.8.2.2. Controller Subsystem
6.8.2.3. Gateways
6.8.2.4. I/O Blocks
6.9. System Expandability/Up gradation
6.9.1. Hardware Expansion/Up gradation
6.10. Remote Maintenance
7. System Environment
7.1. Introduction
7.2. Electrical Supply
7.3. Physical Environment
7.3.1. Equipment Room
7.3.2. Control Room
7.3.3. Engineering Room
The Object Display shall allow for the capability of viewing all algorithms that are
associated with a particular control loop strategy. This display depicts a faceplate and
associated trend of a single object. These displays are automatically available for all
objects without the requirement for configuration. The display shall allow the user to
view on-line a control strategy in the same format as which it has been configured.
The following capabilities shall exist from this display:
Select a control algorithm and display a faceplate. The point display shall provide
a separate detailed display for each of the points in the system.
Display the tuning constants of a control loop.
Display a trend of process variable, set-point, and output to facilitate controller
tuning.
Display the configuration parameters of a specific control algorithm.
Display alarm limits of a particular process point.
Loop Scan rate and phase shall be displayed.
All operator adjustment modes such as set-point, manual/auto mode,
remote/local selection, Advanced Process Control.
3.3.4. Faceplate Display
Faceplates provide detailed, dynamic process and status information for a single
control loop. They also provide the ability for the operator to manipulate process
parameters for the loop.
Faceplates shall be constructed from templates such that the layout and
operational characteristics of an individual faceplate shall be inherited from the
template. Changes to the template shall be automatically propagated to all
faceplates built from the template.
The system shall have standard pre-configured faceplate templates for all
standard Functions. Faceplates shall be moveable on the screen after being called
up for display on a workstation.
The system shall have standard pre-configured faceplate templates for all
standard Functions.
3.3.5. Trend Display
The Trend Display shall allow the user to interact with minimum up to 16 control
loops or devices via a multi-line display. This display shall include all the capabilities
of the Group Display with the exception of bar indication of variables.
The trend display shall present the data in the format of a strip chart on the
screen.
The trend display shall consist of two types:
The ability to build graphic displays at a central location and download tiles to
individual operator consoles.
The graphic display shall support dynamic display symbols, dynamic values, control
targets, page link targets and dynamic bars. The display symbols shall be capable of
changing to reflect process data status as follows:
The graphic display shall be multi-page display with each page providing a flow
diagram of a certain section of the plant in a dynamic fashion.
Colour change (colour of the display element changes)
Display blinking (displayed image blinks)
Text character string change (e.g., NORMAL message is substituted by WARNING
message)
Dynamic display functions shall be used for depicting electrically controlled
conveyers, level changes in vessels etc.
Ability to setup a graphic display hierarchy for navigating efficiently through the
process.
The graphic displays shall be capable of being configured from engineer’s
keyboard by using standard graphic symbols of process equipment and valves to
be available in graphic symbols library, which will be part of graphic builder
software. It shall also be possible to develop user defined symbols in the graphics.
The graphic building software shall be user friendly and interactive.
The graphic display shall show the tag numbers of important analogue / digital
variables at their respective locations on the process and shall display their
dynamic behavior through instantaneous values, alarm status, control modes,
etc. Position of control valves and pump running status shall also be shown.
Operator shall be able to control the process from graphics display in a similar
fashion as the group or point displays.
The graphic display shall have a minimum 256 colours / True colour capability.
MANAGING CONTRACTOR/OWNER will provide marked up PID’s or static graphic
sketches for generation of graphic displays by MANUFACTURER/SUPPLIER.
The detailed graphic drawings for approval, graphic building, page linking and
visualization linking, shall be the responsibility of the MANUFACTURER/SUPPLIER.
Linking shall be possible to:
Group loop display;
Loop display;
Alarm and event summaries;
Tabular listings;
Plant protective system displays;
(In some cases) maintenance displays.
The console subsystem shall have a facility of viewing multiple windows one
screen enabling the operator to conveniently access and control all the necessary
factors at the same time.
The plant graphics shall consist of the following types and overall content;
Loop display;
Plant profile;
Maintenance displays;
System alarm / status displays;
Tabular listing (data matrix) displays:;
Plant sequence displays (operator guidance).
Balance of graphics (not included above). The symbols and colours to be followed
for the graphics shall be as per MANAGING CONTRACTOR’s standard formats,
which will be furnished to MANUFACTURER/SUPPLIER after the placement of the
order.
4.2. Process Graphics
Process graphics shall show process equipment, piping and the instrumentation and
control. They shall closely follow the project PFD's and P&ID's. They shall be arranged
in five hierarchy levels:
Plantwide (Level 1)
Complex (Level 2)
Unit (Level 3)
Detailed (Level 4)
At each of these levels, the graphics shall provide the means to move up and down
the graphic hierarchy, as also sideways.
The Plantwide Level graphic shall shows an overview of the Complex. It shall display
the main plant areas, their statuses and primary plant data. There shall be no control
or process information at this level. The main purpose of this display shall for
navigation to other displays.
The Complex Level graphics shall show overview of each complex. Only the major
flows and other important data specific to each area shall be shown. There shall be
no process control from this level. Additionally, the Complex Level graphic shall
indicate when a fault occurs at any point within the process which will allow the
operator to choose to display a more detailed graphic.
The Unit Level graphics shall show most process equipment and major piping and
instrumentation. All controllers, important process variables and general monitoring
parameters shall be indicated at this level. ESD trips shall also indicate. Facilities shall
be provided for operator actions such as alarm acknowledgement, manipulation of
control loops, operation of valves, pumps, etc. Each plant area is represented by
several unit level graphics. The graphics at this level shall follow the project PFD's and
P&ID's. The level of detail is between PFD's and P&ID's. Unit Level graphics are
intended to be the ones that will be used most of the time for plant operations.
The Detailed Level graphics shall show all instrument functions implemented
indicating loops, monitoring functions, equipment statuses, trips, ESD's, etc. Facilities
shall be provided for alarm acknowledgement; access to all control loops, faceplates,
groups and trends. ESD's shall be indicated on these graphics. The graphics at this
level shall closely follow the project P&ID's and indicate almost all P&ID level
information. It is expected that operators will use this level of graphics only when
pursuing detailed information on the process and the instrumentation. The Detailed
graphic shall be a representation of some elements of the Overview graphic but ]nay
spread over several graphics with a finer degree of detail.
The system shall be capable of presenting the graphics in the following formats:
Standard full size graphics.
Quarter-size and half-size based window graphics overlays providing mol-e
detailed information pertaining to the standard full size graphics.
Half-size and windows based graphics which enable simultaneous viewing of
multiple graphics on the same screen.
Over-size large graphics in which the users can scroll vertically or horizontally to
view the entire graphic.
Where several graphics display the same plant information, a consistency of layout
between graphics shall be maintained. This will help reinforce operator learning,
improve recognition of the graphic information, reduce the likelihood of errors and
reduce training times.
DCS system shall include following:
The graphic display shall be multi-page display with each page providing a flow
diagram of a certain section of the plant in a dynamic fashion.
The graphic displays shall be capable of being configured from engineer’s
keyboard by using standard graphic symbols of process equipment and valves to
be available in graphic symbols library, which will be part of graphic builder
software. It shall also be possible to develop user defined symbols in the graphics.
operator to return to the calling display. All information relating to the application
shall be contained within a single display as far as possible.
4.5. Equipment Shutdown Displays
Equipment shutdown displays shall contain information relating to the automatic or
manual shutdown of a given piece of equipment. This shall includes trip status signals
associated with the control logic, bypass trips active associated with the control logic,
as well as soft shutdown and reset signals initiated from the DCS. Cause and Effect
display for understanding and de-bugging of logic.
4.6. Overlays
Overlay-type displays shall provide an alternate window to process and equipment
information. They are generally used to provide ancillary monitoring and/or control
operations in a quarter-screen or half-screen window. The overlay shall be called up
from the main display or equipment display.
Any or all of the process and equipment displays mentioned in the sections above
might be created as overlays. The most common use of overlays will be to provide
faceplate-type operation for I/O monitoring and control action. The basis for I/O and
controller overlay design will be the quarter-screen overlay, with the right half of this
window containing the standard Object display (e.g., showing block tag, descriptor,
set-point, inputs/outputs, controller modes and alarm status) and the left half
containing function keys associated with, the software block (e.g. alarm
acknowledge, auto/manual selection, local/remote selection, toggle value, ramp
value, etc.).
Each overlay shall be called up to occupy a predetermined quadrant or half the
screen, so not to overlap relevant information. A target shall be configured on the
overlay to close the overlay.
Additional targets on each analogue I/O and controller shall allow access to trend
overlays and standard Object displays associated with the point. Trend overlays shall
be directed to appear in any selected quadrant of the screen at the time of call-up.
4.7. Symbols and graphic elements
Symbols shall be unambiguous and conform to common electrical, instrument, and
mechanicals symbol conventions wherever possible.
The number of symbols or shapes that can be used shall be highly dependent on the
quality of the graphic and information to be conveyed. Provision shall be made for a
library of symbols that can readily be used for constructing a graphic.
All symbols shall have additional labeling, where required to indicate item name or
code, rate of flow, capacity etc. If a symbol has some dynamic quality, such as tank
filling with liquid, show both the changing liquid level and the numerical equivalent
(overlaid on the symbol) to allow exact readings to he taken from it.
The following guidelines shall he used when constructing detailed graphics:
10080-1-SS-CI-017 Page 121 of 203
J3 Program 10080-1-SS-CI-017
Distributed Control System Date: 30/07/2012, Rev. 0
Local instruments such as orifice plates, temperature and pressure gauges, relief
valves self regulating valves etc. shall not be shown.
All instrumentation associated with the DCS including all inputs and outputs from
subsystems such as PLC's shall be shown.
Equipment and instrument (such as control valves and pumps) symbols will be
the same as on P&ID's. Complex symbols may he simplified as necessary.
Where space does not permit otherwise, the alarms associated with equipment
such as tanks may be shown within the equipment.
Control loop control lines to be shown in a dashed format depicting PID controller
and final control element e.g., valve or motor, but not the sensor. Intermediate
elements such as Low/High selectors, split range functions, etc., should also be
shown.
Pumps, valves etc., should have their equipment number shown, but description
of pump service should not be shown. Tag numbers of valves can be left out if it
is part of a control loop and has the same number as the controller.
If necessary certain instruments may he shown on more than one graphic to
enable information to be more meaningful.
All graphics shall be numbered and headers shall be 32 characters maximum
Place directional arrows where process lines enter equipment and at each line
tee.
Do not join lines where four lines meeting at one point.
Place boxes/borders around text in such a manner that the boxes/borders shall
not touch other lines or symbols.
Place level indicating bar graphs inside vessels. Each bar graph will be one
character wide and boxed to indicate 0 to 100 % signal range. The bar will change
colour depending on the alarm status.
Optionally, the use of trends inside vessel symbols to provide level indication
shall be considered in place of a level bar graph.
Place the process measurement value below the loop tag for control loops and
indicators.
Use bar graphs for comparative data displays such as temperature profiles.
4.8. Data Representation
Data representation shall be consistent from display to display. To accomplish this at
the custom display level, display library elements are created and standards for
configuration of these elements are provided. All applicable configurable attributes
are written into the library element whenever possible.
White is a colour with neutral association and shall be used for data display
purposes.
All display colours will be finalised with OWNER during the Project Application
Specifications development phase.
4.11. Graphic Navigation
This section describes requirements of the Operator for navigational aids within DCS
applications. As an aid to the Operator- his/her position within the system should he
clear and unambiguous at all times. Where appropriate the system shall provide
information relating to past screens.
The following features shall be available, on graphics to assist navigation:
A meaningful title on each graphic indicating its function shall be provided
Dynamic page link screen buttons shall be provided on each screen for fast access
around the system. These screen buttons shall be selectable by a pointing device
and should be clearly labeled as to their function.
The following type of screen buttons shall be provided:
Go back one screen (i.e. to the screen the system displayed previous to the
current one). This facility is useful because it allows the operator to remain on
one central screen to carry out a particular task, and then return to the central
screen
Page back - Return to the immediate preceding graphic in the chain.
Page ahead - Go forward to next immediate graphic in the chain.
Recall - Return to start (i.e. graphic that displays the first step in the process).
Return to top level (i.e. the overview screen in the hierarchy).
5. Pattern Recognition Object (PRO)
HMI shall have capability of providing properly implemented and enhanced “radar
plot” type of diagram. This element is designed to provide a graphical pattern
recognition overview of a complex multivariable processes. The process shape
changes dynamically as the process values change. This method of data presentation
offers an extensive amount of dynamic information in a single display element.
The PRO element produces a polygon shape obtained by plotting each parameter's
present value on a separate plane with a common time axis, which is then viewed
laterally. The concept is depicted in below Figure-1.
Figure-3 PRO Display Element with Alarms, Range Bars and Rate of change
indicators
The system shall also provide detailed alarm displays resulting from self
diagnostics of the DCS system.
The system diagnostic alarms shall be displayed to the operator irrespective of
the display on the screen and will help pinpoint fault in any sub-system to the I/O
level.
The system utility alarms shall consist of cabinet power supply failure alarms,
cabinet ventilation fan failure alarm and cabinet high temperature alarms. These
alarms shall be derived from volt-free contacts inside the cabinet, which will be
monitored by the digital input cards.
MANUFACTURER/SUPPLIER shall specify the time resolution for the alarms.
High priority and equipment protection related alarms should be configured for
first out and subsequent alarm sequencing as per ISA-18.2.
It shall be possible to acknowledge alarms only from operator station for which
they are configured, in not more than two operator actions.
DCS shall histories and play back on demand (from internal and external back-up
media), all alarms and events.
Alarm and event history shall be available for 90 days on internal hard disk and
system shall auto back-up alarm and event history to removable media at user
recommended frequency.
DCS shall have capability to print the resulting alarm displays to a printer or to
export the data to text files or Microsoft ™ Office compatible file format.
The following types of alarms shall be provided in the system for both control
and data acquisition points:
Absolute (high high, high, low, low-low) and deviation from set point.
Rate of change alarms (high and low).
Status input change of state
System diagnostic alarms (Hardware/Software).
Transmitter out of limit (bad PV), burnout condition.
Thermocouple open circuit.
RTD open/short circuit.
System utility alarms.
Invalid data.
Communication and networking alarms.
Internally derived alarms
Access to real-time controller data and system data such as alarm lists, event lists
and operator logs. Math functions shall be a standard part of the report package.
The software package shall be easy to use and not require programming.
A variety of data types shall be capable of being integrated into a report. These
shall include the following types:
Process data extracted from Historian or direct from system database.
Hardware addresses recorded in system controllers.
Functional Block types residing in the database (e.g PID block).
Block descriptors associated with Functional Block.
Engineering units of a value residing in a Functional Block.
Any report shall be viewable from the Operator console by requesting the report
by file name, selecting the report from the report file or linking the report to a
target field on a graphic display.
The system shall be able to print a specified report after it is run and saved to the
hard disk. A report shall be printed by specifying a screen print from the Operator
workstation, requesting a report print, or configuring it to print automatically
upon generation.
Trip report shall be configured to collate alarms, messages, and historical data
into a single report. The report shall be configured for initiation by a predefined
event.
Trip reports shall include SOE, Alarm History, Operator Actions, and analog data
over a configurable time span around a trip. For each process unit, one or more
triggers may be defined.
9. System Diagnostics
The DCS shall include as a standard feature a comprehensive diagnostic package that
allows the user to diagnose faults.
9.1. System Status Display:- The system status display shall graphically display the
"health" or status of all nodes on the data highway. Should a problem develop, an
alarm is sounded a message is displayed and logged and the device that has a
problem will change to red on the status display.
9.2. Device Module Level Display:- The Device Module level display presents a graphic
representation of all modules attached to a particular node. Should a module have a
problem, it will be indicated in red, allowing the user to identify problems to a Device
Module level to facilitate maintenance. Shall include power system supply system
and bulk status.
9.3. Fault Display: - The Fault Display allows the user to determine the specific cause for a
Device Module level fault and determine the nature of the fault whether it is
hardware or software related.
9.4. I/O Card Diagnostic Display:- An I/O Card Display shall be available to isolate I/O and
sensor failures to an individual point basis. By accessing this display, the user may
determine if any field instrument or DCS I/O problems exist and take measures to
correct them.
9.5. System Performance Display:- This display shall provide both digital and bar graph
representation of the following parameters:-
CPU Loads: current, average, and peak.
Memory Utilisation: current, average and peak.
System Performance displays for devices running configurable control loops shall
provide information on the current, average and maximum number of loops being
processed.
9.6. Network display: Network display provide the health status of network switches and
ports. Shall also provide traffic on ports (current, average, and peak). Generate alarm
if traffic crosses threshold limit. Limit shall be defined with approval of MANAGING
CONTRACTOR/OWNER.
9.7. FF Display: Shall include FF segment status, FF power supply status and FF
communication status
9.8. Other Display: Shall include Serial link status, Cause and Effect status overview and
detail
10. DCS Access Level
There shall be various access levels provided at the operator consoles with password
protection to ensure security of operation. Broadly the operator Console shall have
four main category of access level as briefed below:
OPERATOR: Lowest level, access to view and browse through all able to
acknowledge alarms, but will not have the authority to tune loops and change
alarms limits.
SUPERVISOR: As OPERATOR level but with additional access and manipulating
privileges such as system building, configuration and tuning functions in additions
to normal operation tasks.
MAINTENANCE: As SUPERVISOR level but with additional access and
manipulations privileges such as system building, configuration, detailed system
diagnostic displays, intelligent transmitter detailed displays, and tuning functions.
ENGINEER: As SUPERVISOR level but additional rights for configuring, installing,
and maintaining a database.
Users will be given access rights to areas containing the loops that they have access
rights to. Therefore loops will be grouped accordingly, depending on which users will
be able to take control of which loops.
Users of the system shall log on by either security key or password methods.
SUPERVISORS, MAINTENANCE, and ENGINEERS will use security keys and
OPERATORS will use passwords. For those using security keys, on insertion of the key
into the security key interface the system verifies the user information programmed
on the key and automatically logs on the user. To log out, the key is removed from
the security key interface and system automatically logs out the user
Each Operator workstation shall have the capability of printing the information
displayed on the screen and SOE for ESD.
11. Assessing HMI Performance
The assessment of HMI performance involves both quantitative and qualitative
measures. Operator and engineer questionnaires are quite useful. It is necessary to
tailor questions so they reflect the type of operation you have, such as batch,
continuous, continually-staffed, and so forth. The operator's span of control, the
process complexity, and the use of advanced process control methodologies are also
a factor.
11.1. General Graphic Factors
MANUFACTURER/SUPPLIER HMI shall comply with several quantitative and
functional measures mentioned in this clause. MANUFACTURER/SUPLIER shall
provide following as minimum for a High Performance HMI.
An overview display summarizing the key factors of each operator's entire span
of control.
Special graphics, specifically designed for the support of startup and shutdown.
Special graphics, specifically designed for the support of making different
products or using different feedstocks or operating at significantly different rates.
All controllers shall be shown on a graphic.
All system modules shall be shown on a graphic.
All cabinet status, power supply status shown on a graphic.
All alarms shown on a graphic.
FF power supply, segment, and communication graphic.
All interlocks shown on graphics clearly indicating their inputs, status, and
outputs which shall clearly tell operator from these displays the actions needed
to clear the interlock.
Animation used on any graphic only for the purpose of indicating an abnormal
situation and even then, in only very limited ways. (There should be no spinning
agitators and pumps, moving conveyors, splashing liquids and sprayers, and other
such animation elements.)
Alarm colors designated by priority and used only for alarm functions and no
other graphic elements shall be preferred.
Process vessels and equipment rendered simply in 2-D line drawings, without
bright colors or 3-D shadowing and shading or detailed depiction of non-changing
internals.
No attempt to color code process piping with its contents.
Measurement units (Kg/cm2, m3/hr, 0C etc.) displayed with consistent
abbreviations and only in small, low-contrast lettering.
Analog liquid levels in vessels displayed in narrow strips rather than in bright
colors the full width of the vessel.
Embedded trends of important values placed in the appropriate graphic so
operators do not have to configure trends "on-the-fly".
Line-crossings shall be minimized in the graphics.
Process flow consistently shown in a left-to-right pattern, with gases flowing up
and liquids down.
Graphics shall have gray backgrounds to minimize glare. (Control Rooms should
be brightly lit.)
Process lines shown as black, with major lines shown slightly thicker.
Very limited use of color and all use is consistent.
Ambient flammable and/or toxic gas detectors shown on a geographic layout
with wind direction and velocity depicted.
Equipment layout on a graphic consistent with the operator's mental model of
the process. For example, Tank Farm diagrams should match the physical layout,
not a P&ID layout.
Techniques used to minimize the possibility of operator data entry mistakes,
inadvertent trip actuation, and to provide validation and security measures.
Analog-type indicators used for process measurements where appropriate, rather
than the common practice of simply putting numbers on a screen.
There are a variety of methods for operator action in such things as adjusting
controllers (setpoints, modes, and outputs) and digital (On-Off) points. It is
usually worthwhile to test several operators on a standard list of tasks on the
amount of keystrokes/mouse-clicks it takes them to accomplish the needed
action. Wide variation will often be found, indicating training needs and HMI
deficiencies. Tests shall be performed during FAT or training.
11.2. Navigation Factors
It is possible to navigate to any screen, within 5 seconds, using only three
pushbutton and/or mouse-click actions. The navigation should be logical and
straightforward.
Graphics shall have a hierarchy in which progressive exposure of detail is logically
made.
Proper and logical use and arrangement of soft-keys made for the assignments of
certain pushbuttons to certain graphics.
DCSs shall have the capability to associate a predetermined graphic with each
alarm. When the alarm comes in, a one-key jump can be made to display the
particular graphic. It shall be configured for every alarm.
11.3. Workstation Factors
The operator shall have four DCS screens plus a DCS overview screen. If fewer,
justify why there is no need. If more, justify why there is a need.
The operator shall have a PC with corporate intranet access for procedures, work
requests, etc.
The up-to-date electronic copy of documentation shall be available.
If any one physical display screen is lost, the information on it shall be displayed
on other screens at the workstation without problems.
11.4. Control Room and Work Practice Factors
There shall be a separate workstation for engineers and maintenance use, so the
operator's workspace does not have to be shared.
For multi-console, multi-operator control rooms, operators should be placed
adjacent to the other operators with whom they must communicate the most.
Off-site backup copies of the source files of all HMI elements.
11.5. Alarm Management Factors
All alarms configured so they indicate situations for which specific and known
operator action is required.
All alarms occur only for abnormal situations and never for expected, normal
situations.
The alarm system shall be capable to be used of alarms for miscellaneous status
indication.
The priorities of alarms set in a meaningful and consistent manner.
All alarms unique, where the same situation does not generate multiple alarms.
There shall be a monitoring system to detect nuisance alarms (chattering,
fleeting, long-standing, and so forth) and those detected are promptly dealt with
so they operate properly.
The rationale for the selection and priority of each alarm shall be documented.
The operator shall have on-line access to this alarm documentation.
The HMI have the ability to display any and all alarm suppression currently in
effect, in one easy-to-get-at list. (Shall be tested and audited)
The alarm system configuration protected from inadvertent and inappropriate
change.
The alarm system performance shall be monitored and action steps taken based
on known Key Performance Indicators. MANUFACTURER/SUPPLIER shall
recommend parameters for monitoring system performance.
The asset manager hardware and software to be designed to take diagnosis from
the Device blocks, if available.
NAMUR NE-107 Self-Monitoring and Diagnosis of Field Devices shall be followed.
Any revision in operating system or DD of device should not require change in the
configuration of DCS system.
Documentation like various trend reports, Diagnostic report predictive
maintenance reports, audit reports, historical data and device specification
sheets in addition to those available with selected software as stand-alone.
Definition engineering configuration loading and compilation of all reports
whether specifically indicated in this specification or available as standard with
the selected software.
Advance diagnostics of valves shall be available in IAMS for monitor the health of
valve.
IAMS shall provide graphically view of communication path and their health for
wireless network.
IAMS shall able to integrate third-party software application like Valvelink,
ValVue, Samr’s valid, Flowserve’s, PACTware etc.
IAMS shall be capable of partial and full valve stroke of valves and document and
maintain the record for the same. Testing result shall be mailed to concerned
maintenance personal.
4.2. Presentation of Information
The System will provide displays in the following format:
A hierarchy of all instruments in the database.
By Plant/Area/Unit/Equipment/loop layout
By Manufacturer / Model Number / Revision number
By Assigned to Plant / Spare / Decommissioned status
A hierarchy of instruments with on-line data connections between the System PC
and the instrument.
Via control system I/O and communications bus wiring structure (if supported by
the control system)
Via modem network
Via multiplexer network
A hierarchy of instruments with off-line data connections between the System PC
and the instrument via a mobile hand-held instrument configuration and
diagnostic tool.
10080-1-SS-CI-017 Page 151 of 203
J3 Program 10080-1-SS-CI-017
Distributed Control System Date: 30/07/2012, Rev. 0
PACT ware and Device Type Managers (DTMs) for DCS & ESD HART devices.
Remote desktop services provided by Microsoft Windows Operating System
4.5. IAMS Maintenance Management Functions:
DCS hosted ART, FF, WirelessHART, wireless(As per ISA) Profibus DP and
conventional devices device failures shall be detected and communicated
maintenance personal. In addition FF devices block errors shall also be detected
and notified by System. System shall generate messages on the DCS HMI and
routed to the associated historian for archiving.
The following standard FF block errors shall generate alarm:
Block configuration error
Link configuration error
Simulate active
Local override
Device fault state set
Device needs maintenance soon
Sensor failure
Output failure
Memory failure
Lost static data
Lost Vs data
Readback check failed
Device needs maintenance now
Power up
Out of service (OOS)
Intelligent devices using HART communications may include a "More Status
Available" (MSA) bit. The MSA bit indicates the existence of a range of operating
problems that fall short of device failure. The range of conditions that drive this bit
are defined by the device MANUFACTURER/SUPPLIER. Based on this indication of a
device malfunction, further investigation and maintenance on the device can be
performed using the PACT ware/DTM application.
The DCS system shall monitor parameter(s) from intelligent devices using
Foundation Fieldbus communications using standard blocks. Parameters will vary
with individual devices, as defined following device selection. Maintenance
alarms from these blocks shall be passed to the plant area historian and to the
Engineering Workstations in the control building engineering room.
4.6. Diagnostics (Minimum Requirement)
A primary objective of the System shall be to improve maintenance processes.
Particular emphasis shall be placed on alerting the user of potential problems with
plant assets before they become serious problems. To accomplish this goal, the
System shall provide the following preventative and predictive diagnostic
capabilities.
4.6.1. Valve Diagnostics
The System will include a Predictive Valve Diagnostic Capability that can perform as a
minimum the following diagnostic checks:
Generate a complete valve signature
Perform a dynamic error band test
Drive signal test
Step response analysis and overlay
Valve Stroke test
Partial and full valve stroke test
I/P and relay integrity test
Travel deviation test
Supply Pressure test
Relay Adjustment
Air Mass Flow test
Valve friction test
4.6.2. Transmitter Diagnostics
The System shall be capable of reporting and displaying all transmitter diagnostic
conditions detected by every transmitter connected to the System. The diagnostic
conditions available for each transmitter shall be listed.
For pressure transmitters the System shall include the ability to detect and report
plugged impulse lines. This capability shall be provided in the System regardless of
whether this plugged impulse line detection is included in the transmitter.
4.6.3. Loop Diagnostics
The System will include the ability to monitor complete flow and level regulator
control loops and alerts the operator of the root cause of a particular loop problem.
As a minimum, this predictive diagnostics will be capable of detecting and reporting
the following loop conditions:
10080-1-SS-CI-017 Page 154 of 203
J3 Program 10080-1-SS-CI-017
Distributed Control System Date: 30/07/2012, Rev. 0
Description
Device Group
Plant location
Station
Manufacturer
Device type
Device Revision
Protocol
Acknowledged
The System shall have the ability to define the monitoring process by setting the
following parameters:
Audible Alert
Device Group
Automatic acknowledge of new alerts
Show desktop alerts
HART Device Defaults
Polling Rate (Days/Hours/Minutes)
Polling Factor
(default HART) Alert Conditions
Non PV out of limits
PV out of limits
PV analog output saturated
PV analog output failed
Cold start
Configuration changed
Additional feature of the System shall allow customization of notifications that may
be consolidated for single view of issues to identify valve performance, root causes
and improve equipment life. Notices can also be sent to email or mobile phone.
4.12. User Security
The System shall provide privileges with password protection for User Accounts that
allow definable access for the following:
Writing to online Instruments
10080-1-SS-CI-017 Page 158 of 203
J3 Program 10080-1-SS-CI-017
Distributed Control System Date: 30/07/2012, Rev. 0
SPI database that shall be used to generate the I/O configuration in the DCS and ESD
system, ensuring consistency between the configuration of the registry and the
commissioned DCS and ESD systems.
These devices will be organized in an equipment hierarchy as an aid to locating the
device information within the software to address its functionality. This hierarchy will
utilize the asset hierarchy provided MANAGING CONTRACTOR/OWNER to identify
each device. The levels shall:
Level 1 - Project
Level 2 - Complex
Level 3 - Unit
4.16. Custom Views
IAMS shall have capability of SQL queries into the relational database, and can
present information relating to any aspect of the maintenance function in a
spreadsheet format. IAMS shall be provides a variety of standard, pre-configured
Custom views. For the purposes of IAMS and the Asset Registry, these include:
System administration view
Equipment information view
Device type information view
In addition, the user is free to create any desired custom views by selecting any
desired set of entity columns available in the Asset Registry, or by copying and
modifying the contents of any of the existing pre-configured views. Views
requirement shall be detailed in the Detail Design Specification.
4.17. DCS Control Processor Scan Periods and Phases
Control blocks that provide device parameter alarms shall run at 30 second intervals.
All detection and alarm block shall be phased across the 30 second interval to
minimize the load on the communications network. MANUFACTURER/SUPPLIER shall
take prior approval from MANGING CONTACTOR/OWNER for implementation.
The System shall be able to scan up to 10 concurrent devices. It shall be modal
network scanning that will allow user to do other tasks while processing. The System
shall show progress to let user know if devices haven’t scanned successfully. Finally,
it can print or/and mail results of the scanning for troubleshooting.
Number of Instrument
Tag of Instrument
Progress
Failure Notice
4.18. Data Transfer Operation
10080-1-SS-CI-017 Page 160 of 203
J3 Program 10080-1-SS-CI-017
Distributed Control System Date: 30/07/2012, Rev. 0
The System shall have the capability to move data from one system to another. It
shall allow user to choose to copy either the entire database or just selected
elements of the database. This capability shall be available via standard
methodologies like .csv or .xls files, or via a system database file.
4.19. Device Configuration
IAMS maintains a database for the devices within its scope. This database supports
all interactions with the device. Configuration information on the device can be
transferred in both directions to and from the devices to ensure that the information
in the database is identical to the information in the devices.
This database can be backed up to secure locations and restored as necessary.
Multiple instances of the database can be stored and a selected backup copy can be
restored to the workstation.
4.20. Commissioning and Startup
4.20.1. IAMS shall have capability of uploading and downloading complete configuration of
the devices. Individual parameters can be verified and adjusted as necessary to
download to devices. Final configurations shall be are uploaded to coordinate the
instruments and IAMS databases.
4.21. Data Storage and Archiving
The IAMS shall allow archiving at least 6 months storage of Asset data on the hard
drive. The system shall have multiple hard disk drives interfaced in a way so that any
drive can be added to or removed from the system while it is operational (hot
standby).
All Asset data must be archived automatically in removable state-of-the-art media.
Removable archival media and system back-up media shall be latest model and
technology at the time of system detailed engineering. The archiving shall be carried
out on a 24 Hour Cycle. The system shall provide an alarm/alert for changing of
archive media when it reaches 80% of its capacity.
5. System connectivity and Interfacing Requirements
5.1. Connectivity of the System
The preferred method of connecting the System to the instruments will be to utilize
the control system’s I/O infrastructure, with the System station connected as a node
on the control system’s communication bus. Messages to/from the instruments shall
pass through the control system from/to the System station with NO EFFECT on the
control system’s process control capability.
In addition, the System will provide connectivity to the following types of I/O
Systems:
Remote I/O Systems
Multiplexers Using HART Protocol
10080-1-SS-CI-017 Page 161 of 203
J3 Program 10080-1-SS-CI-017
Distributed Control System Date: 30/07/2012, Rev. 0
The MANUFACTURER/SUPPLIER shall state the total load requirements, for each
location of equipment, at an agreed key date to permit the sizing of the UPS system.
6.2. Communication system
The communication link between PIB and the control building shall use fibre optic
cables (supply by the DCS MANUFACTURER/SUPPLIER).
Ethernet 100/1000 Base –T workgroup switches with Gigabit Ethernet 1000 base-SX-
LX backbone connections should be used.
7. Support and User Training
Details of the System’s Service Support capabilities shall be provided, including the
following:
System design, installation and commissioning support
Advanced Diagnostic interpretation Support
Support for integration with other systems (Computerized Maintenance
Management System, Documentation etc.)
The System shall support connections to off-site users over internet/intranet through
firewall and system security measures, to allow remote interrogation and diagnosis
of instruments by specialist personnel. The remote users’ connection will be a fully
functional interface to the System package and associated instruments in order to
support preventative maintenance and fault diagnosis.
A self-paced user training package shall be included with the System, plus details of
the MANUFACTURER/SUPPLIER are scheduled training courses.
MANUFACTURER/SUPPLIER shall provide 15 years for the System and System
product releases and user data migration support.
analysis workstations, with the required operating system software, and the full set
of the system application software to provide the required features, meet industry
guidelines, protect personnel safety and reduce the risk of plant accidents.
The MANAGING CONTRACTOR, in conjunction with the MANUFACTURER/SUPPLIER,
will define all Alarm Management System interface points, and shall submit to
OWNER for review and approval.
3.1.2. Hardware Requirement
The software shall run on commercially available station. Operating System shall be
Microsoft ™ Windows latest version for the Server and Client software. In case the
requirement for the hardware differs, it shall be clearly specified by the
MANUFACTURER/SUPPLIER.
3.1.3. Software Functionality minimum requirement
AMS software shall be proven and latest and shall be loaded on latest windows
operating system. The operating system should have import/export capability for MS
Office suite of applications.
MANUFACTURER/SUPPLIER shall provide latest verified version of operating and
application system software at Project’s Provisional Acceptance Test. The package
shall be complete for user to upgrade the system at a suitable future time during
shutdown.
The AMS shall be supplied with all the required software/hardware to:
Accurately capture with timestamp all alarms.
Help Operations identify and rectify nuisance Alarms, therefore reducing the
number of Alarms the operator has to deal with.
Help Operations to find the cause of Process Shutdowns.
Analyse and present Alarm Data in a Simple Easy to understand format.
The AMS software shall be subject to OWNER approval.
3.1.3.1. Storage
The alarm / event / log messages shall be stored for future accessibility.
MANUFACTURER/SUPPLIER shall supply AMS having storage capacity capable of
archiving 6 (Six) months of data on internal hard drive. The system shall have
multiple hard disk drives interfaced in a way so that any drive can be added to or
removed from the system while it is operational (hot standby). After the maximum
limit of event is stored, the oldest messages shall be deleted on FIFO basis. All Alarm
data must be archived automatically in removable state-of-the-art media. Removable
archival media and system back-up media shall be latest model and technology at the
time of system detailed engineering. The auto archiving shall be carried out on a 24
Hour Cycle. OWNER will have the right to choose the equipment needed at the time
of purchase order. The system shall provide an alarm for changing of archive media
when it reaches 80% of its capacity.
3.1.3.2. Message segregation / Search Report
The software shall support segregation of the message on the basis of following:
Type of message, e.g. Alarm Messages; or Acknowledgement Messages, or Event
Messages, Log report or by System etc.;
Time slots: Type(s) of Messages within given time slot;
Tag-wise: Messages for the given Tag or Group of Tags;
Alarm Priority: Messages of the given priority type;
Outstanding Alarms: Alarm Messages, which exist at a given time not normalized.
3.1.3.3. Frequency Analysis
The software shall scan all the messages during the given time period and generate
report giving frequency of each messages with which it has occurred. It shall be
available as a summary report during the given time.
Remark Column Against Message
The software shall support insertion of additional columns against messages for
either automatic entering on predetermined text / value or ‘manual remarks by
reviewer’.
3.1.3.4. Log Time
The software shall support to find time between specific messages.
3.1.3.5. Data Export
The software shall support data / analysis export to Microsoft ™ Office applications
as well as to other database such as Oracle, MS Access etc.
3.1.3.6. Printing
Though the software is intended to replace the alarm / event printer, the software
result shall be printed on a network printer ‘as desired’ or ‘when a certain predefined
message arrives’.
3.1.3.7. Backup
The software shall support backup on removable storage media such as Floppy Disk,
Write-able DCD’s, Tapes, Optical Disks etc. The same backup shall be retrieved
whenever required. This shall make every messages archival possible till the desired
period irrespective of storage / licensed capacity.
3.1.3.8. Voice Notification
Upon receipt of a specific alarm/event, the system shall dial phone/mobile, output a
recorded message corresponding to the alarm and wait for an acknowledgement
10080-1-SS-CI-017 Page 169 of 203
J3 Program 10080-1-SS-CI-017
Distributed Control System Date: 30/07/2012, Rev. 0
typed in the telephone/mobile keypad. It shall be possible to dial into the software to
listen to the play back of all unacknowledged alarms over the telephone.
3.1.3.9. DTMF (Dial Tone Multi Frequency) tones to Paging Systems
When an alarm occurs the software shall dial up a mobile/pager and if applicable,
send DTMF tones corresponding to the alarm.
3.1.3.10. Text Messages to Paging System
On occurrence of an alarm the software shall dial up a TAP compliant mobile pager
or cell phone and if applicable, send text messages.
When high priority alarm arrives, it shall be possible to extract a telephone number
form a roster of personnel, which can change automatically to reflect shifts or
weekends. It shall then dial them, wait for a security code and speak the alarm. If it
does not get the required response it shall dial the next entry in the list.
3.1.3.11. Reporting
Reports: Reports shall be available in windows office files. Automatic Generation of
e-mail on stated time shall be offered.
Shift Report: This report shall be generated once every 8 hours (shall be user
configurable). The report shall comprise of ‘Frequency analysis’ and ‘Outstanding
Alarms’.
AMS shall generate alarm history report for detail alarm analysis purpose. Also report
format shall be editable.
AMS shall be able to capture the Log/production Report and export in excel format
with scheduled email facility.
AMS shall have feature to have operator guided messages and critical alarms pop up
on operator screen
3.1.3.12. Day Report
This report shall be generated once a day at specified time. The report shall comprise
of ‘frequency analysis’ and ‘statistical data of the outstanding alarms giving statistics
based on priority, tag group etc.’.
3.1.3.13. Reports on e-mails
The software shall trigger transmission of e-mail to predefined group of e-mail
addresses. The trigger shall be provided by either of the following
Messages: Appearance of Particular Alarm / Event, Appearance of Periodic
Production Report. The e-mail content shall be appeared alarm / event message or
Production Report or attachment of report in office format.
3.1.3.14. Real Time and Historical Analysis
The analysis tools and client software shall work on both Real time data and
historical data.
3.1.3.15. Control System Independent
The software and hardware shall be independent of and separate from any control
system.
3.1.4. Reliability
The system shall be designed to avoid unrevealed failures.
The MANUFACTURER/SUPPLIER shall supply a list of all single points of failure, which
will affect other systems receiving outputs generated by the AMS. Any device that
cannot be replaced while the system is running must be explicitly identified. For
system components that can be replaced while the system is running, the necessary
steps to bring the components to full functional operation shall be described in the
maintenance manuals furnished with the AMS.
3.1.5. Events and Data Analysis
The AMS system shall collect events in real time from the sub-systems distributed
across the site, archive the data in a central server and provide client applications to
view and analyse the data. The functionality of the Alarm Analysis System should
include at least the following:
Event Capture
Data Collection, Storage and Archiving
Data Analysis
Event data shall be captured by a control system or sub-system such as DCS, ESD, and
Package Control System etc. These events shall be transmitted to AMS, where they
shall be collected and stored in a central server location for easy retrieval during a
trip analysis exercise. The data shall be stored in a structured, normalised format.
The system shall have provision for data tracking and validation.
Client workstations for alarm analysis shall also be provided at Control Room. Tools
shall be available for sorting, filtering and analysing the data such that a shutdown
root cause can be identified. The analysis package shall also have following
capabilities as a minimum:
Analysis to identify and eliminate nuisance alarms
Monitor, record and register standing alarms
Monitor, record and register operator interventions
Identify problem alarms (per unit, frequency)
Identify chattering, redundant alarms
The following areas are the kinds of data that will typically be required:
10080-1-SS-CI-017 Page 171 of 203
J3 Program 10080-1-SS-CI-017
Distributed Control System Date: 30/07/2012, Rev. 0
Process
Utilities
System diagnostics / health
Device health
Operator actions
Plant maintenance (Software changes etc)
3.1.5.1. Alarm Prioritisation
Alarm prioritisation refers to a scheme used to cause some alarms to appear more
compelling to the plant operator than others. This is often accomplished by using a
combination of colour coding, audible tones and symbols. Consideration of different
priority in different displays could be used, in order to assist Operator in dealing with
the type of alarms presented.
The alarm prioritisation and suppression control logic shall be implemented within
DCS. Suppression, inhibition and limit adjustment of alarms shall be subject to
password authorisation. Alarms can either be suppressed entirely, or their limits
adjusted, according to the process situation (e.g. train offline, filter stream in
regeneration, device failure, etc). One of the features of alarm management is the
ability to automatically inhibit or disable alarms or groups of alarms, for example
those that are currently not in service on a piece of equipment that is shut down for
maintenance. The current operating status of the plant should be inferred from
various inputs and secondary alarms should be suppressed. For example, a low flow
alarm might be suppressed when the associated pump is not running. The particular
prioritisation scheme used depends upon the particular DCS selected as well as upon
system design. However, a typical 4-level prioritisation scheme might be as follows:
Priority 1: personnel, environmental or equipment hazard or plant trip
Priority 2: other equipment failure or partial trip condition
Priority 3: call for maintenance but no immediate danger or trip potential
Priority 4: status information, events with no operator action required
The alarms shall be prioritised considering following two factors: -
Severity of consequence and criticality (in safety, environmental and economic
terms) the operator can prevent by taking the corrective action associated with the
alarm.
The time available compared with the time required for the corrective action to be
performed and to have desired effect
The relative frequency of occurrence of alarms of different priority should reduce
with increased priority summarized below in table 1.
Table 1
Priority band Target Maximum Occurrence
rate
Safety related/critical very infrequent
High less than 5 per shift
Medium less than 2 per hour
Low less than 10 per hour
If there are very few high priority alarms, say one per month, then the ones that do
occur will get very special attention by the operator. By relaxing the criteria of what
constitutes a high priority alarm further, such that 2 or 3 high priority alarms occur
per shift then these will still be effectively discriminated by the operator. This
argument implies that the allocation of priority should be an iterative process and
should be adjusted with operator experience.
During detailed design, alarms should be configured in the approximate ratios as
shown below in Table 2. However MANUFACTURER/SUPPLIER & MANAGING
CONTRACTOR shall carry out detailed ‘alarm reviews’ and prioritisation for OWNER
review, approval and submittal prior to implementation.
Table 2
Priority band Alarms configured during system
design
Critical About 50 altogether
High 5% of total
Medium 15% of total
Low 80% of total
being acknowledged are easily visible and understood by the operator. Multiple
alarm acknowledgements should not be provided for critical and high priority alarms.
The Alarm Acknowledge function shall be initiated through the DCS operator
workstation only. Alarm Acknowledge events shall be recorded by the AMS.
3.1.5.3. First-Out Sequences
The first-out alarm sequence shall be assigned to a defined set of alarm points, and
provides indication of which point in the group received its alarm initiation signal
“first”. AMS shall be able to implement logic to capture the first-out alarms shall be.
The first out alarms shall be registered and can be printed as ‘FO’.
3.1.5.4. Alarm Groups
Alarms shall be arranged in a hierarchical series of groups. Alarm groups shall be
used to modify the behavior of alarms related to the same piece of equipment or
process area. Alarm groups will define first out boundaries, group acknowledge
(where required) and secondary or consequential alarm suppression.
Consequential alarm suppression shall be applied to minimize the number of alarms
needing operator attention and acknowledgement, and to reduce the possibility of
an alarm “avalanche”.
3.1.6. Features
As a minimum the supplied Alarm Management System package shall provide tools
to identify, analyse and display the following functions:
Frequency of Alarm
Frequent Alarm
Time of alarm
Time for a particular alarm is remained in alarm state
Time to acknowledge
Alarms per alarm type
Alarms per time period
Alarms per unit
Chattering Alarms
Duplicated Alarms
Standing Alarms
Consequential Alarms
Controller Mode Changes
Controller Set point Changes
All alarm trip setting messages shall be stored in a system wide database.
Database shall include information on when data item within it are changed?
Back up important information on-line to optical disk or a networked drive
Client/Server design to allow Remote Access over a network
Use Trigger Words to highlight Important Alarms as high, medium, or low priority
by displaying them in different colours
Use of an advanced diagnostic system to analyse the cause of a plant shutdown
Log the time between specific messages
Different user levels and Password Security
Support of multiple clients displaying different screens simultaneously from the
same AMS database
Automatic or Demand output to a printer, disk file or file.
Disk Shadowing over a network.
Automatically trigger Alarm Reports and/or Screen Dumps.
SQL type search facility.
Alarm Sort facility.
AMS shall generate deviation report w.r.t standards database settings
Facility of Alarm Banner based on priorities i.e. High, medium, Low for LVS is
preferred
Alarms received over communication lines shall have time tagged at source.
AMS connectivity with Sound Module and PA System shall be there.
Cyber Security Features shall be implemented.
Wherever possible events shall be time stamped by the initiating device. The AMS
shall maintain the original time stamp and shall only time stamp events that cannot
be time stamped by an initiating system. The AMS shall be synchronised by a GPS
master clock. Where available, time stamp correction algorithms shall be used.
3.1.6.1. Alarm Displays
As a minimum, the following displays shall be made available on the AMS:
Alarm Displays sorted/grouped by:
Priority
Type
Frequency
Unit/Equipment
Area
Operator Console
Process/System
SQL Alarm Search Display
3.1.7. Architecture and Communication:
The AMS will be connected to the all the main systems and subsystems, DCS, ESD,
MCMS and Analysers. There will also be links to all the Package Control Systems, e.g.
Gas/Steam Turbine controls, Anti surge controls etc
The MANUFACTURER/SUPPLIER shall describe in detail the possible interfaces and
functionality.
The MANUFACTURER/SUPPLIER shall describe in detail the proposed Architecture for
the Project.
3.1.8. Scope of supply:
The AMS will be supplied as a field proven and latest working package. This shall
include, but not be limited to, the following:
Client Workstation for AMS System
High specification redundant Servers System with storage and archiving facility
AMS Supervisory System (configuration and maintenance workstation) in Control
Room.
Associated Hardware and Peripherals: e.g. Redundant Servers and client
workstations complete with 21” LCD/LED monitors, keyboards and tracking
devices and all other necessary equipment plus at least one colour laser printer.
All network interfaces to the DCS and other subsystems
Associated System Software e.g. Operating System latest windows based.
Associated Applications Software e.g. Alarm Management Software,
Configuration Software and Interface Software
Licenses for the Software
Redundant Interface to main systems and any Package Control Systems
Associated peripherals, e.g. mouse, printer (one dedicated for AMS) etc.
Manuals
Training
Systems that generate an internal alarm/event log and are incapable of supporting
an OPC server themselves. These Systems shall supply data to a PC-based printer
emulator (Data logger). The AMS shall access alarm data from the data logger.
Systems that cannot meet the time stamping requirements themselves shall be
hardwired to the DCS or ESD system, to provide fault and common alarms for very
basic analysis.
3.2.5. Supervisory Control and Monitoring System (SMC)
The SMC system shall have a high level, high-speed interface to the AMS. The data
transfer interface shall be OPC/LAN/Serial Link. All alarm and diagnostic data shall be
collected from the SMC.
3.2.6. Analysers
The Analysers shall have a high level, high-speed interface to the AMS. The data
transfer interface shall be OPC/LAN/Serial Link. All alarm and diagnostic data shall be
collected from the Analysers.
3.3. Supervisory System (for configuration and maintenance)
3.3.1. General
The supervisory system shall be Windows families operating system (2003 or later)
based and shall include independent workstations, with dedicated keyboards and
cursor positioning devices. The workstation shall have continuous and simultaneous
access to AMS servers. These servers shall act as a central database for the AMS,
archiving alarms and events and shall provide system diagnostics.
The system database shall use the OWNER tag numbers allocated to devices as the
unique basis for point reference.
The system shall include diagnostics displays with detailed status information
concerning network communications performance, status of each node and server.
Operations at the Supervisory system shall not cause any adverse effects on the
system operation; this includes, but is not limited to, communications, alarms,
logging, time stamping, time synchronisation etc.
The Supervisory system shall have password protected access levels for different
functions.
Complex wide enterprise AMS shall be provided. Enterprise AMS shall able to collect
alarms from plant AMS's. Interface and software requirement for the same shall be
in MANFACTURER/SUPPLIER scope of supply with approval from MANAGING
CONTACTOR/OWNER.
3.3.2. Time Synchronisation
The alarm analysis and management system shall be time synchronised with GPS, to
maintain common time reference. This ensures that the time and order of sequence
of events data, and the recorded data from all process control systems will have the
same and common global time reference.
Any device that trips the process or utility shall be connected to a system which time
stamps it to millisecond level. All time stamping systems shall be synchronised by
GPS.
This requirement includes but is not limited to DCS, ESD, anti surge control, electrical
switchgear, BMS etc.
3.3.3. Data Storage and Archiving
The AMS shall allow archiving at least 6 months storage of alarm data on the hard
drive. The system shall have multiple hard disk drives interfaced in a way so that any
drive can be added to or removed from the system while it is operational (hot
standby).
All Alarm data must be archived automatically in removable state-of-the-art media.
Removable archival media and system back-up media shall be latest model and
technology at the time of system detailed engineering. The auto archiving shall be
carried out on a 24 Hour Cycle. The system shall provide an alarm for changing of
archive media when it reaches 80% of its capacity.
3.4. Alarm Management System
3.4.1. Power Supply System
Redundant 110 VAC 50 Hz UPS system power to the system will be provided by
MANUFACTURER/SUPPLIER. All AMS equipment shall be supplied to operate from
these earthed neutral, UPS derived power supplies.
The MANUFACTURER/SUPPLIER shall state the total load requirements, for each
location of equipment, at an agreed key date to permit the sizing of the UPS system.
3.4.2. Fault Alarms
System fault alarms shall report individually and shall at least be provided for:
System crash and Software Failures
Application Software Failures
Interface/Network Failures
Communication link Failures
Power supply/fuse failures
Common fault alarms shall be reported to the DCS through communication link
for operator information and action.
3.4.3. AMS communication system
The communication link between PIB and the Control Room shall use fibre optic
cables (supply by the DCS MANUFACTURER/SUPPLIER).
10080-1-SS-CI-017 Page 180 of 203
J3 Program 10080-1-SS-CI-017
Distributed Control System Date: 30/07/2012, Rev. 0
Ethernet 100/1000 Base –T workgroup switches with Gigabit Ethernet 1000 base-SX-
LX backbone connections should be used.
3.5. Alarm Monitoring System
In addition to the detailed specifications stated above, following further features
are required:
The system shall be capable of expansion and able to accommodate other inputs
for future expansion.
The system will allow analysis of equipment start-up, shutdown and any other
transient phenomena.
Necessary hardware, software and configuration shall be provided to achieve the
above functionality.
The requirement for prediction and anticipation of plant deterioration with sufficient
lead-time for operator action shall be fulfilled as follows:
The system will monitor Alarms, i.e. Alarm data processed, using well-proven
analysis techniques, directly related to specific faults, which are trendable.
The system will include an advanced diagnostic system. This advanced diagnostic
system shall be both easy to start up and expandable with new symptoms and
new diagnosis.
The central computer / workstation of the system will be multi-tasking to allow
simultaneous operation of the Alarm functions, advanced diagnosis function, and
visualisation on remote terminals etc, without perturbing the AMS function.
The network components such as switches, hubs, routers etc shall be installed in a
separate cabinet / junction box.
Functional Design Specifications shall be subject to OWNER approval 6 months
before FAT date.
3.5.1. AMS Advanced Tools
The AMS system should have advanced, rule-based, specialised, diagnostics
functionality, including the latest abnormal condition management tools, or
equivalent. The system shall have additional functionality for real-time root cause
analysis of process upsets or inefficiencies with the aim of identifying prospective
problems early enough so they do not result in off-spec production or unscheduled
plant shutdown. The AMS acts as an operator’s assistant, continually monitoring the
process, looking for potential process excursions before they necessarily become
apparent in the form of direct process alarms. The AMS will assist the operator into
making certain decisions based on detailed analysis carried out by AMS.
Process
Alarm Analysis
Controls
(OFFLINE)
(DCS, ESD, PLC)
Valve Link, Compressor Control System, Turbine Speed Governor System & any other
System bought by OWNER) & Testing.
2.10.1. FAT
Prior to FAT, DCS MANUFACTURER/SUPPLIER shall carry out interoperability test as
per latest ITK Standard for maximum instruments & submit the detailed reports to
the MANAGING CONTRACTOR/OWNER. MANUFACTURER/SUPPLIER shall also
demonstrate the same performance to the OWNER at it’s workshop.
2.10.2. Shipment
2.10.3. Installation
2.10.4. Commissioning
2.10.5. SAT
2.10.6. As Built Documents
2.10.7. Training
2.10.8. Life time support
2.11. Risk Management & Mitigation Plan
Identification of major risks & mitigation plans
Project critical path reviews
Status of Product development for new products, if any
Fall back strategy & recovery plan.
2.12. Reports & Analysis
Progress Report - Planned v/s Actual
Engineering Progress Report – Planned v/s Actual
Drawing, Documents issued etc – Planned v/s Actual
Material Report – Planned v/s Actual
Staffing curves – Planned v/s Actual
Performance Report – Planned v/s Actual
2.13. Interface matrix – OWNER / MANAGING CONTRACTOR / DCS
MANUFACTURER/SUPPLIER
2.14. Value engineering
2.15. Change management (Applicable post-FAT)
2.16. Documentation Management
2.17. Integrated FAT requirement
Manpower
Tools & Tackle
Space
Amenities (HVAC / UPS)
2.18. Quality Assurance Plan Installation schedule
2.19. Training & Certification for all users as per Spec
2.20. Foundation field bus devices – Pre testing & testing criteria
2.21. Software upgrades for 10 years
2.22. Hardware support for 15 years
2.23. Spare parts
Comprehensive Annual Maintenance Contract spares
Support Commissioning spares / Warranty spares to be stored at site
MANUFACTURER/SUPPLIER to provide 02 years operation and maintenance
spares
MANUFACTURER/SUPPLIER to provide 6 months consumables
Vendor to prepare interchangeability spares list (SPIR) indicating installed
quantity, part no. & recommended spares.
2.24. Annual Maintenance Contract
2.24.1. Comprehensive:
Comprehensive Annual Maintenance Contract Support for 3 years after 2 years of
warranty (Total 5 years)
Commissioning spares / Warranty spares to be stored at site.
MANUFACTURER/SUPPLIER to provide the details considered under Comprehensive
Annual Maintenance Contract.
2.24.2. Non-Comprehensive
MANUFACTURER/SUPPLIER to provide the details considered under Non-
Comprehensive Annual Maintenance Contract.
weeks before testing. Hardware test shall include purpose of test, test definition of
input, procedure, results expected and acceptance criteria. Software test shall
include details of the method, list of tests, sequence of execution, results expected
and acceptance criteria.
DCS MANUFACTURER/SUPPLIER shall ensure the availability of adequate number
(minimum 3 sets), of all test equipment, tools & tackles, simulators, documentation
etc. before commencement of test.
For integration and testing interface with DCS:
DCS MANUFACTURER/SUPPLIER shall ask OWNER/Third Party system supplier to
arrange to provide each type of devices with required auxiliary
hardware/software at DCS MANUFACTURER/SUPPLIER’s place.
Third Party MANUFACTURER/SUPPLIER shall provide all the details (serial
interface details, serial database, format for serial database, etc.) for interfacing
their system with DCS.
During test, any non-conformance, addition or modification shall be brought to
notice of OWNER.
DCS MANUFACTURER/SUPPLIER shall supply communication cables to interface
with Third Party Systems.
As an option DCS MANUFACTURER/SUPPLIER shall offer portable mini DCS
system with necessary hardware and software to test package unit/third party
serial interfaces at their respective locations.
Rigorous Third Party system device tests shall be performed during Site Acceptance
and Integration Tests.
4. Staging
It is not possible to stage all devices and perform a full functional test on all devices.
Therefore a focused and limited test with representative testing shall be conducted.
At least one of each Third Party system device types should be available at the
staging facility. This is dependent on the functionality testing requirements in the
specification. The test shall address the following items:
Communication checks
Functionality checks
Data reconciliation checks
Communication/Network loading check
Redundancy test
5. Test Procedure
MANUFACTURER/SUPPLIER minimum shall perform following:
5.1. Communication Module Redundancy check
Step
No. Procedure Pass / Fail Criteria INT FAT IFAT TISAT
1 Removal of Verify Alarm on chassis of
Communication module Third party system.
Step SAT/I
No. Procedure Pass / Fail Criteria INT FAT IFAT SAT
1 Removal of power from Verify the Link failure
one of the protocol alarm notification on DCS.
converter or disconnect
the serial
communication cable
from one of the
converters.
2 No change in operation Verify No change in IO
of the system by loss of module’s normal operation
communication path. state after loss of the
communication path.
No change in IO
module’s normal Verify Data transfer is
operation state after through remaining
the network has (redundant)
degraded to simplex communication path &
operation. thus communication is
maintained.
3 Re-insert serial Verify DCS reports Link
communication cable recovery.
into the converter /
power up the Verify that the
deactivated converter. communication is OK and
Data transfer is re-
established through
communication module .
4 Repeat steps 1,2 and 3 Verify the test results are
for other remaining identical to the loss of
converter. Ensure the communication on other
testing results are path, communication link
identical to the original failure reported by DCS.
converter test. System operation and
communication was
maintained.
Step SAT/I
No. Procedure Pass / Fail Criteria INT FAT IFAT SAT
1 Remove the power from Verify the Link failure
one of the network alarm notification on
switch. DCS.
2 No change in operation Verify No change in IO
of the system by loss of module’s normal
communication path. operation state after loss
of the communication
No change in IO module’s path.
normal operation state
after the network has Verify Data transfer is
degraded to simplex through remaining
operation. (redundant)
communication path &
thus communication is
maintained.
3 Power up the deactivated Verify DCS reports Link
switch. recovery.
Step SAT/
No. Procedure Pass / Fail Criteria INT FAT IFAT ISAT
1 Remove the power from Verify the Link failure
both of the network alarm notification on DCS.
switch.
Note: Independent and redundancy of communication link(s) for each third party
system configured on network and Confirmation of data transfer will be carried out
during these tests.
Data Integrity & Functionality check
Data Read/Write bidirectional check shall be done for few tags of each controller &
serial interface. Testing shall be done for all possible modes of controller (open and
close loop) as applicable.
6. Test Verification
This section is to be signed off after all applicable tests have been completed.
Test Verification & Signature Log
OWNER/
DCS
Third Party MANAGING
Test Type Date MANUFACTURER/SUPPLIER Date Date
Acceptance CONTRACTOR
Acceptance
Acceptance
Internal
test
Factory
Acceptanc
e Test
Integrated
FAT
Site
Acceptanc
e Test
Integrated
SAT
MANUFACTURER/SUPPLIER
Package Name
Plant Name
PIB Number
Unit Area in Plant
Address
Contact Engineer
Telephone No.
Email address
MANUFACTURER/SUPPLIER
Package Name
Plant Name
PIB Number
Unit Area in Plant
Address
Contact Engineer
Telephone No.
Email address
MANUFACTURER/SUPPLIER
Package Name
Plant Name
PIB Number
Unit Area in Plant
Address
Contact Engineer
Telephone No.
Email address