Distributed Control System: Eni S.p.A

Eni S.p.A.
Divisione Exploration & Production
FUNCTIONAL SPECIFICATION
DISTRIBUTED CONTROL SYSTEM
20149.EQP.STA.FUN
Rev. 1 December 2004
ENGINEERING COMPANY STANDARD

Documento riservato di proprietà di ENI S.p.A. Divisione Exploration & Production. Esso non sarà mostrato a Terzi né sarà utilizzato per scopi diversi da quelli per i quali è stato inviato.
This document is property of Eni S.p.A. Eploration & Production Division. It shall neither be shown to Third Parties not used for purposes other than those for which it has been sent.
Eni S.p.A. 20149 EQP.STA.FUN
Exploration & Production Division Sheet 2 di 28
FOREWORD
Rev. 0 Total number of pages 29

December 1994
Issue in conformity with the E.E.C. directives
This specification replaces and supersedes the following specification:
03390.CMP.STA.SPC. "DISTRIBUTED CONTROL SYSTEM".
Rev. 1 Total number of pages 27

December 2004
Issue for codes, standard and text adjustment

This document is property of ENI S.p.A. Division Exploration & Production. It shall neither be shown to third parties nor used for purposes other than those for which it has been sent.
TABLE OF CONTENTS
1. GENERAL ..................................................................................................................................4
1.1 Scope .........................................................................................................................................4
1.2 Normative references...............................................................................................................4
2. FUNCTIONAL NORMATIVE REQUIREMENTS .......................................................................7
2.1. Definitions .................................................................................................................................7
2.2. Symbols and abbreviations.....................................................................................................7
2.3. Operative environment ............................................................................................................8
2.4. Functional Requirements ........................................................................................................8
2.5 Limits, exclusions and clarifications ...................................................................................24
2.6 Ergonomics.............................................................................................................................25
2.7 Safety.......................................................................................................................................25
2.8 Non repetitive functional requirements ...............................................................................25
2.9 Requirements for Quality Management and Assurance ....................................................26
2.10. Additional requirement for review ........................................................................................26
2.11 Documentation .......................................................................................................................27

1. GENERAL
1.1 Scope
This specification sets out the minimum requirements for the design, fabrication and
testing of a Distributed Control System for hydrocarbons production and treatment plants.
For all the aspects not covered by this specification, reference is made to the applicable
normative references and to the project technical documentation, and in particular to:
• Technical Data Sheet (T.D.S)
• Inspection Data Sheet (I.D.S.)
• Requested Documentation Data Sheet (R.D.D.S.)

Which shall indicate the project data and the special choices made.
The technical requirements of this Functional Specification are based on considerations
relevant to performances and efficiency. All the requirements refer therefore to objective
logic and then cannot be discriminatory.
Any proposed alternative should be evaluated if its operative and performance validity,
as requested by this document, is demonstrated.
1.2 Normative references

The Normative references and the Publications relevant to the Distributed Control
System are listed here below.
As far as applicable, a priority reference shall be given to the EN normative references
and to the European Community normative relevant CE mark. And to follow the
international, ISO, IEC, CEI, UNI, ISA, IEEE, CCIT.
The requirements of Laws and Rules issued by the local Authorities or Legal Bodies,
under which jurisdiction the plants shall be installed, shall be always respected.

1.2.1 European, International and National Normative references
EN 60529 Gradi di protezione degli involucri (Codice IP).

EN 50014 Costruzioni elettriche per atmosfere potenzialmente esplosive.
Regole generali.
EN 50020 Costruzioni elettriche per atmosfere potenzialmente esplosive.
Modo di protezione a sicurezza intrinseca « i ».
Costruzioni elettriche per atmosfere potenzialmente esplosive.
EN 50039 Sistemi elettrici a sicurezza intrinseca « i » .
EN 60801/2 Compatibilità elettromagnetica per apparati di misura e di comando per
processi industriali.
Prescrizioni relative alle scariche elettrostatiche
CEI 20 – 22 Prova dei cavi non propaganti l'incendio.
CEI 20 – 35 Prove sui cavi elettrici sottoposti al fuoco.
Parte 1: Prova di non propagazione della fiamma sul singolo cavo
verticale
CEI 20 – 37 Cavi elettrici.
Prove sui gas emessi durante la combustione.
CEI 20 - 38 Cavi isolati con gomma non propaganti l'incendio e a basso sviluppo di fumi
e gas tossici e corrosivi.
IEC 60050-351 International Electrotechnical Vocabulary-Automatic control.
IEC 61131 Programmable Controller-Programming Language
IEC 60079 Electrical Apparatus for Explosive Gas Atmosphere
CEI EN 61000-4 Compatibilità Elettromagnetica (EMC)-Emissioni per gli ambienti industriali
CEI EN 61000-6-2 Compatibilità Elettromagnetica (EMC)-Immunità per gli ambienti industriali
CEI EN 55011 Limiti e metodi di misura
ISO 6385 Ergonomic principles in the design of work systems.
ISO 3511 Process measurement control functions and instrumentation - Symbolic
representation.
CNR-UNI 10003 Unità fisiche: sistema internazionale di unità S.I.
CNR-UNI 10023 Misure di portata per correnti fluide a mezzo di diaframmi, boccagli e
venturimetri
ISO/DIS 11064-3 Ergonomic design of control centre: Part3: Control Room Layout
ISO/DIS 9241-3 Ergonomic requirement for office work with visual display terminal (VDTs):
Part 3: Visual display requirements

1.2.2 Laws and Rules

The following requirements of Laws and Rules of current matter shall be respected,
particularly:
Legge 791 “Attuazione della direttiva 72/23/CEE relativa alle garanzie

(18/10/1977) di sicurezza che deve possedere il materiale elettrico
destinato ad essere utilizzato entro alcuni limiti di
tensione”
D.L. 626/96 “Attuazione della direttiva 93/68/CE in materia di

(25/11/96) marcatura CE del materiale elettrico destinato ad essere
utilizzato entro alcuni limiti di tensione”
D.L.277/97 “Modificazioni al decreto legislativo 25/11/1996 n.626

(31/07/97) recante attuazione alla direttiva 93/68/CEE in materia di
marcatura CE del materiale elettrico destinato ad essere
utilizzato entro taluni limiti di tensione”
DPR 126/98 “Decreto di recepimento della direttiva 93/68/CE

(23/03/98) riguardante i materiali per atmosfera potenzialmente
ATEX 95 esplosiva”
D.L.615/96 “Attuazione della direttiva 89/336/CEE in materia di

(12/11/96) ravvicinamento delle legislazioni degli Stati membri
relative alla compatibilità elettromagnetica”
1.2.3 Normative references from other organisations

ISA S 5.1 Instrumentation symbols and identification.
ISA S 5.2 Binary logic diagrams for process operation.
ISA S 5.3 Graphic symbol for distributed control logic and computer system
ISA S 5.4 Instrument Loop Diagram
ISA 88.00.2 Batch Control Part 2: Data structure and guideline for language
ISA S 71-04 Environmental Conditions for Process Measurement and Control
System: Airborne Contaminant
ISA S 18.1 Annunciator sequences and specifications.
ISA RP 55.1 Hardware testing of digital process computers.
ANSI C 37.2 Manual and automatic station control, supervisory and associated
telemetering.
SAMA PMC 33.1 Electromagnetic susceptibility of process control instrumentation
equipment.
IEEE Std.91 Graphic Symbols for Logic Functions
IEEE 754 Formato normalizzato per le rappresentazioni floating point
IEEE 802.3 Telecommunications and Information Exchange Between Systems:
Local and Metropolitan Area Networks
CCITT Communication Recommendation
RAL F2 Paint Colour Code
Direttiva
94/9/CE Direttiva sui prodotti ATEX (Atmosphères Explosives)
1.2.4 Internal Normative references

20140.EQP.STA.FUN "INSTRUMENTATION BOARDS"

2. FUNCTIONAL NORMATIVE REQUIREMENTS
2.1. Definitions
Reference is made to normative references listed in paragraph 1.2 for definitions and
terminology.
The followings definitions are used, too:

• Operator’s workstation (OWS)
DCS Human Machine Interface operating type, connected to the network

• Engineering Work Station (EWS)
Human Machine Interface for programming, configuration, parameterization of the

DCS. The station is connected to the network and it is capable of connect all the
DCS units for hardware/software maintenance both on-line and off-line.
• Local operator's video terminal
Man/machine local interface unit connected to a peripheral unit for processing data
for the visual display of process parameters and plants associated logic.
• Acquisition data remote terminal unit (RTU)
Section of the system monitored by one or more operators’ stations (or operator's
local video terminals) through a data communication line, acting as interface with
the plant and able to execute logic for the local control.
• Front End Processor (FEP)
Intermediate unit able to commute signals and messages between the stations of
the system and stations of external systems.
• Distribuited Control System (DCS)
Section of the system made by hardware and software integration able to operate
autonomously in conformity with the requirements of the system configuration.
• Communication lines
Physical connections among the units of the system for communications and data
exchange.
• Communication protocol
Specifications and procedures for the structure of the messages exchanged

among the units.
2.2. Symbols and abbreviations

Reference is made to normative references listed in paragraph 1.2.1 for symbols and
abbreviations.

2.3. Operative environment

The system shall be suitable for the environment conditions of the installation site. In
detail, all the listed here below environment factors which can have influence on the life
of materials and on safety shall be taken into consideration:
• Minimum and maximum temperature
• Combined influence of temperature, humidity and contaminants (formation of

condense)
• Elevation above the sea level
• Presence of solids, sand, dusts
• Presence of corrosive and polluting substances
• Formation of fouling or mildew
• Seismic effects
• Direct or indirect electric shocks
• Electromagnetic influences
• Installation in atmosphere with hazard of explosion and/or fire
• Mechanical stresses and vibrations (including violent impacts and harmonic type
vibrations which could occur in the normal operation service)
2.4. Functional Requirements
2.4.1 Functions of the system

The system shall be able to satisfy all the control and monitoring functions, providing the
operator with all the instruments necessary for a complete and correct management of
the process control.
The configuration of the system shall be designed to guarantee a high level of reliability
and availability.
Each component shall be replaced, in case of fault or malfunctioning, without affecting
the continuity in the operations of the system.
The maximum attention shall be paid in providing a selective distribution of the electric
supply.
The whole system shall have the maximum flexibility in being connected with other
systems or for future extensions.
The following main functions are required to the system:
• Data acquisition
• Visual display of the events (elements state and process conditions)
• Automatic continuous control of the process with the possibility of manual

intervention on controllers and logic
• Visual display of the plant's diagrams
• Pre-arrangement for the remote management of controls/supervision system
• Management and process calculations and print of the reports
• Historical record of data

• Transmission of data to external systems
• Self-diagnostic
• Automatic selection of the off-service sections of the system and automatic

insertion of the relevant stand-by units (if any). The stand-by units shall be
indicated in the Data Sheet
• Initial loading of the software by floppy disk or streaming tape

The system's units shall be connected to a data communication line.
The configuration of the communication system shall be based on a hierarchical
structure with several levels which shall guarantee the reliability of the data transmission.
The configuration and the dimensions of the system shall allow the transmission of the
data at the same time to the addresses of the various joints.
The highest level of communication, identified by the high transmission speed, shall be
provided for the interface with a remote supervision system, when required.
The system or its units shall be managed in accordance with the following procedures:
• Local Supervision and Control (Manual)
This procedure allow the management of the units of the plant by the operator with
step by step sequences, the execution of start/stop instructions (for equipment,
engines) and opening/closure instructions (for valves) and the acquisition and the
visual display of the safety shut downs managed separately by the control system.
• Remote Supervision (Manual)
It allows the management of the plant by the operator from the remote control centre,
with step-by-step sequences, as per "Local Supervision and Control".
• Automatic Local
It allows the management of the plant by the operator, by utilising instructions
activating automatic control and management sequences.
With this procedure the intervention of the operator shall be required only for special
operations conditions.
• Automatic Remote
It allows the telecontrol through sequences activated with macro instructions operated
from the remote Operative Centre to which the system is connected by the data
network used to transmit to the Centre all the information relevant to the operating
conditions, production and maintenance of the plant.
This operative procedure allows, therefore, the management of the plant by the
operator with procedures defined time by time on the basis of the requirements for
operating the plant, as, for instance:
− Macro instructions/sequences for the control of equipment and elements
− Input of parameters for an automatic operating/maintenance management

2.4.2 Structure of the system

The structure of the system, the data relevant to its configuration and the required
performances shall be indicated in the Technical Data Sheet. All the possible solutions to
optimise and integrate the configuration of the system shall be verified and proposed
during the development of the design.
The structure shall be designed on the basis of the following main fixtures:
• Operator Work Station (OWS)
• Unit Storage Data
• Process Control Unit (PCU)
• Interface unit with the process (I/O cards)(PIU)
• Interface unit with external system
• Engineering Work Station (EWS)
• Printers and Hardcopy
• Electric supply
• Marshalling cabinets
All the system, however, shall be designed taking into account the following
characteristics:
• Electromagnetic compatibility with outside interference towards the system and
vice versa
• Modularity and flexibility such to permit the adaptation of the system to restrains
given by the plant and allow its future extension
• High availability through the utilisation of reliable components and stand-by units
for the equipment
• Facility in the identification and replacement of fault parts
• Real-time operative systems and totally tested software
• Hierarchical distribution of the control functions
• Integration of the automation and safety functions (for a system complete with
ESD "Emergency Shut Down")
• Data Base and application software easily configurable with guided and interactive
procedures
• Access to communication via external systems with upper hierarchical level

A typical schematic configuration of a Distributed Control System is shown in fig. 1 here

below:
2.4.2.1 Operator's interface

The operator's interface shall have at least two stations (one in stand-by); each contains
all system databases and shall be assigned to the following principal functions:
• On line control parameter configuration of the data base (constants, limits,
regulator parameters etc)
• Supervisory and control function
• Historical data storage (on dedicated PC if required)
• Printers and hardcopy management
A typical operator's station shall include:

• Colour 19" monitor
• Facilities (mouse, track ball, touch screen)
• Operative keyboard
• Alphanumeric configuration keyboard
• Printers (laser type and dot type)
• Graphic Printer (laser type for graphic page and hardcopy)
• DVD-RW

When required, the operator's station shall include also a panel or a console, with lamps
and push buttons for the signals and the activation of the emergency sequences, and a
configuration station.
The operator's interface shall be provided at least, in its configuration, with the possibility
to insert an additional operative station and a printer to connect directly to the data line of
the system.
It shall be designed such that a single back-up station shall be able to guarantee the
whole operability of the system for off service or non-operability of the normally operating
one.
From the operator's station it shall be possible to access all the data of the plant suitably
grouped in video pages displayed on a colour monitor.
The system shall be supplied with software suitable for graphic pages construction on
which shall be visualized line, process equipments and relevant instrumentation in
graphic format.
The minimum required information should be the followings:
• Analog variable measure indication
• Motor/pump Start/stop indications foreseeing the congruence control between

command and key
• Alarm display coming from analog/digital variables

The types and the quantity of the video pages required shall be defined in the project
documents on the basis of the following information:
• Overview pages
Group of variables shall be displayed simultaneously on screen and shall be possible
to control in each group, for each controlled or displayed variable, the normalized
deviation of the relevant set point by bar representation..
• System pages
They display visually all the units connected to the data communication line and
representing the system joints, with the real-time indication of the operating state of
the equipment (main/back-up, fault) and of the diagnostic messages.
• Group display
Each group shall be consisting at least of eight variables. The variable detailed
information shall be displayed on the screen. The group shall be consisting of analog
variable as controlled, indicated, recorded, and variable like digital type.
A plant unit’s number and title shall identify the selected page on the monitor. The
characteristics to be visually displayed for the required control shall be specified time
by time in the project documents.
• Single Loop (Detail Display)
They display the information relevant to a selected loop with a complete description of
the service. This type of page shall contain all the detailed information with additional
data, as range limits, alarm threshold, range, algorithm etc.
In addition, they shall allow to operator the quick access to the manual/automatic
control stations and make possible, thanks to the keyboard and the utilisation of
codes or access selectors, the modification of parameters and data relevant to the
examined points.
• Trend real time (Group Trend)
They display the recorded process variables. Each of these variables can be selected
for the reading of the real-time or historical data.
Each page shall be updated in real-time with the newly acquired process values.

• Alarms pages
In these pages, the display of the alarm state of a variable shall be automatic with an
optical and an acoustical indication.
Suitable summary pages shall be programmed with the indication of the last 10
alarms, in order of occurrence.
The following information shall be displayed for each alarm:
− Day, hour, minutes and seconds of occurrence
− Identification tag of the Data Base point relevant to the alarm signal
− Description of the service
− Alarm type
The priority levels and the characteristics needed for their configuration shall be
indicated in the Technical Data Sheet.
• Synoptic pages
They display graphically the process lines and the equipment with the relevant
instrumentation. Each of them shall be organised to display at least:
− Measure value for each analogue variable
− State of equipment, pumps, valves, etc.
− Alarm for analogue or digital variables.

The equipment in the Operator's interface shall have the following characteristics:
• Printers
Printers and video copiers for the man/machine interface functions shall be of the
serial type.
• Calculation and filing unit
The calculation and filing unit shall process the data acquired from the interface
modules and shall record on tape the parameters for which the historical file is
required.
• Local operator monitor
The operator's stations can be utilised for the local management of the plant or its
areas with specific function of local control substation, on the basis of the control
strategy.
The operator's console may be replaced by a 19" colour monitor operating as terminal
for the calibration and maintenance procedures, on the basis of the quantity of signals
to be controlled from the local control substation.
2.4.2.2 Engineering Work station

The operator's stations can be utilised for the plant programming and maintenance on
DCS node connected in the control network.
The EWS unit shall represent a node of control system network and shall be complete of
hardware and software necessary for operate autonomously with minimum utilization of
the exchange data in the network.
It shall be assigned to the following function:
• To create or to modify the data base
• To create or to modify the graphic pages
• To create or to modify the print-out
• To begin or to modify the trend and storage data

• To create or to modify the calculation functions
• To create or to modify the programs and the control logic
2.4.2.3 Process interface unit

These units are directly linked to the field instruments (as, for instance, transmitters,
valves, pressure switches, etc.) with the scope to control the process and to generate
start and stop sequences both in normal operating conditions and in absence of
communication with the operator's station.
Each interface unit shall be able to acquire from the field inlet signals of different type
(analog, state and/or computation digital), and to activate towards the process digital and
analog outlets.
The inlet and outlet signals shall be of the intrinsically safe or non-intrinsically safe type,
as per the classification of the relevant plant's area. All the signals, however, shall be
galvanically insulated from the system.
The I/O cards shall be protected against short circuits, transients, over voltages and
disturbance from radio frequencies.
Acquisition cards with different back-up levels, as defined in the Data Sheet, shall be
provided for the control analogue signals and for the shut down ones.
The instructions cards shall be able to pilot solenoid valves and any other field actuator.
Suitable relays shall be provided for insufficient rate.
The opportunity to associate one or more units to each area, or more areas under the
same unit, shall be evaluated, on the basis of the number and functions relevant to each
plant's area and of the interdependence among the areas.
The serial link shall be proposed. Serial link is a digital serial communication bus
designed for real time application. A unique bus allows high speed communication
between controllers, sensors, and actuators, it easier configuration and modification of
parameters, it allows to connect on the bus equipment or instrument of different
manufacturers.
Some units shall be located in field cabins or buildings with the function of local sub-
system, on the basis of the extension of the plant (or plant's areas). The data processing
units shall be provided with a back-up power supply network.
Each single controller shall work at 70% of its capacity.
The quantity and type of inlet/outlet signals, necessary for the dimensioning of the unit's
acquisition, control and back-up modules, shall be defined in the technical data sheet.
2.4.2.4 Communication system

The units in the system shall be interconnected by cables (bus) to form a data
communication network.
The physical exclusion or insertion of a unit (joint) shall not compromise the traffic of
signals on the same line, which shall maintain the required characteristics.
The interface modules in the communication and data exchange system shall be
provided with back-up units.
The physical supports (cables) for the communication bus among the joints shall be
backed-up, with automatic commutation from one line to the other for any failure or
malfunction.
The system will transmit synchronizing message (year/month/hours/minutes/seconds) to
all external system (PLC) connected to it with serial cables.
A GPS system (Global Position System) to send temporal information to DCS shall be
provided
2.4.2.5 Network architecture

The system shall be enabled to receive future applications with network extension for
broadband like Internet, with protocol like TCP/IP and network model like ISO/OSI. The
system shall be increased with network equipment/cards like: bridge, router, gateway,
server, hub, wireless etc according to the network architecture choose.

These new applications and technologies carry out new traffic type including: voice,
video, storage, interprocess communication, warranted traffic
2.4.2.6 Interface units with the supervision system (Front End Processor communication)
The communication system shall be able to interface with a SCADA System with a
dedicated protocol by means of FEP.
The FEP shall have two independent redundant units having the function of gateway for
supervisory and control functions digital, analog and numeric type (regulator set point).
2.4.2.7 Electric power supply

The electric power supply, provided by a continuity system (UPS), shall be defined by the
following parameters of the control system:
• Number of supply circuits
• Total power absorbed by the system and its main components
• Peak power required
• Power dissipated by the system
• Maximum period of time with lack of power, which does not total or partial shut
down of the system cards
The power supply circuits, properly equipped with switches, circuit breakers and fuses to
guarantee the selectivity of the performances and the insulation, shall be provided for all
the components and units of the control system.
The power supply to the most important units, as the operator's station, the control units,
CPU and I/O, shall be backed-up.
2.4.2.8 Boards and enclosures

Boards and enclosures for the electric/electronic equipment shall comply with the
normative references listed in paragraph 1.1. and with the functional specification
20140.EQP.STA.FUN "INSTRUMENTATION BOARDS"
Which indicates all the mechanical and electric fabrication requirements.
2.4.3 System software

The system software shall be developed on a modular base and distributed to all the
units of the system, to reduce the risks of off-service conditions and optimise the
functions.
The central data processing and management units shall be configured as per the
following software areas:
• Basic software of the operative system
• Diagnostic software
• Application software
If not otherwise required, each single software area shall be freely developed, provided
that the achievement of the functional requirements is guaranteed.
2.4.3.1 Basic software (real time)

The basic software of the operative system shall:
• Be oriented towards real time applications for the process control
• Support the multitasking and multiprocessor functions

• Manage the communication network through interface task
• Guarantee the support and complete management of the peripheral units
2.4.3.2 Diagnostic software

The diagnostic software shall verify the operation status of equipment and software of the
unit. In detail:
• Verify dynamically the points configured in the Data Base (value, state and
address)
• Verify the state of the electronics at the level of each single card and module
• Monitor and verify the measurements acquisition channels
• Address failure and malfunctions messages for a clear and univocal identification
of the interested element
In addition, the following software shall be provided:
• On-line diagnostic
This software shall operate continuously on all the parts on-line of the system. It
shall have, as primary objective, the detection of operation anomalies, the
evaluation of their gravity, the transmission of suitable alarm messages to the
operator, and the implementation of suitable actions, as: exclusion of the fault
equipment, commutation on the back-up equipment (if any), re-addressing of the
functions on other peripheral units, etc.
The diagnostic software, in addition to the detection of all the critical failures in the
system, shall configure dedicated messages to be transmitted to the maintenance
remote units.
They shall also configure messages relevant to anomalies, malfunctions and
failure in the monitored plant's equipment (fault signals from power suppliers,
cards, barriers, solenoid valves, etc.).
• Off-line diagnostic
This software is applied to the units off-line from the system and the other
equipment. Its scope is to detect the reasons of the failure or the defect in the sub-
system. A system of diagnostic programmes, which will allow testing all the
components of the system, both one by one and as a complex, shall be provided
for each sub-system. They shall be resident or can be loaded from floppy disk.
2.4.3.3 Application software

This software shall update the Data Base in the operator's station with the dynamic data
from the plant. In addition to the acquired data and to the values of the analogue outlets,
the Data Base shall include also all the standard calculated data and the generated
calculated points (obtained from the manipulation of the standard calculations).
Each application software for the management of the system's functions shall have
access to this Data Base.
2.4.3.4 Standard functions

The system shall manage the data relevant to the values and the states of the points
configured in the Data Base area with a series of standard functions to provide:
• Data Base updating
• Control function
• Calculation Functions
• Alarm Management

• Equipment management
• Command management
• Reports generation
• Filing
The characteristics of these functions are described here below:
a) Data Base Updating

The database shall be continuously updating on the basis of dynamic data coming
from the plant and according to the scanning class or variation data. The content
of database shall represent the real time image of the controlled plant in every
instant considering the acquisition forms of the configured data. The data type of
database shall be the following:
• Numeric (acquired measure, calculated measure, imposed parameters, output
parameters)
• Digital (status, alarm acquired managed, output commands)
• Equipments (equipment status of the plant i.e. valves, pumps)
Numeric type point of database
The numeric type variables shall represent the analog measure coming from the
plant or internal calculated constant of system or output values to peroferical
systems.
Digital type point of database

The digital points shall be the following:
• Points coming from periferical system
• Points locally calculated by applicative program and functions
• Points outgoing to periferical system
b) Control functions
The standard controls shall be the following:
• P, I, D, PI, PID
• PID with advanced control
• Ramp
• On/Off control
• Discrepancy alarms
• Auto/Man control with bias
• Report control
c) Calculation functions
Calculations shall be carried out on analogue and digital points and shall generate
calculated analogue or digital type points.
The analogue calculations shall be carried out with a basic period configurable
independently from the other calculations and from the acquisition period of the
points giving a contribution, which shall be of the analogue acquired, standard and
non standard calculated, types.
The standard analogue type calculations shall be:

• Calculation of the rate as per Codes and standards referred to the project
• Real-time average values on a maximum of 6 contemporaneous measurements
• The 4 arithmetical operations between two measures or between a measure and a
constant value
• Real-time summation of several measures
• Operating period (hours) of a plant's element
• Count of the time period of events for measures, summations and alarms,and on
Hourly/Daily/Weekly/Monthly basis for:
• Average, maximum and minimum value of a measure
• Integral of a measure
• Accumulation in the time of a measure.
The standard calculation of digital type shall be:

• Function "OR" logic
• Function "AND" logic
• Function "XOR" logic

With the following characteristics:
• Calculated on changes of the considered points (acquired digital, standard
calculated, non standard calculated)
• The calculation shall not be considered reliable when one of the points is
considered unreliable
• The calculation shall not be carried out on a value forced manually by the operator
(out of scanning)
d) Alarm Management
When not otherwise required, the management of the alarms shall be organised
as follows:
• Detection of the alarm state
• Management of alarms
• Print of the alarms
• Visual display of the alarms
• Alarms file
The alarms shall be recorded and managed in dedicated data base according to
the following functions:
• Alarm page or logging: area in which the alarms and the manual operation are
chronologically recorded and notified to the operator.
• Historical file: memory area that stored alarm status, events, commands enabled
on visualization (for tag, for type of point, for time base)
• To show five alarm prior categories (ESD, F&G, Critical type, Process normal type,
Diagnostic type) aim to arrange and printing chronological alarms summary.
Detection of the alarm state

Identification of the conditions for which a point is considered in alarm state.

Generally, these conditions, for the alarms of the system, are:
• Acquisition anomalies
• Changes in the acquired value
• State change of an element
It shall be possible to filter the data, to reduce the possibility of a configuration of
alarms states due to special conditions originated by the operator.
Management of alarms
The alarm conditions shall be notified to the operators by visual display and print,
as per ISA 18.1.
Print of the alarms

Each alarm event shall be printed in a row of the alarm printout.
If the dedicated printer is malfunctioning, the relevant data shall be transmitted
automatically to the other printer.
The data contained in the printout row can be transmitted in parallel to other
printers or required as files to be tape-recorded.
The following parameters, at least, shall be displayed:

• Alarm event time (day, month, year, hour, minute, second)
• Error Code or Signal (Tag)
• Description in clear
• Type of alarm and alarm motive in clear
• Reference value (i.e. for analog signal the alarm limits)
• Value of measure pointed out
Visual display of the alarms

The alarms shall be visually displayed on the monitors of the operator station in
proper dedicated pages and summary page, which shall be organised per plant's
areas.
Alarm filing
It consists in the implementation of a file for alarms acknowledged by the operator,
but still active. This file shall be ordered by time and continuously updated by the
issue or cancellation of the alarm states. It shall be displayed on the monitor of the
operator.
e) Management of the elements

It is a function for the check of the state congruence of the plant's equipment and
devices with the variation of the digital signals linked to them.
The software logic, when an instruction has been transmitted, shall verify (after a
programmable time interval) the congruence of the state of the addressed element
with the feedback signals state.
In case of discordance, the system shall issue an alarm signal, complete with all
the characteristics associated to the relevant element.
When required, the check for spontaneous variations of an element shall be
provided, when the said element changes its state also in absence of any
instruction addressed by the operator.
The software shall also manage the digital signals for the protection of the
equipment and relevant to the required alarm signals.
f) Command management

The system shall manage the transmission of instructions towards the field
interface units. These instructions shall be activated from the operative keyboard
or video punters modifying in the Data Base of the system the state corresponding
to the outlet digital signal.
The success of the instruction shall be verified through the control of the final
state.
g) Reports generation
The reports acquire the values from Data Base and historical applications they
shall be based on continuous current data, discrete data, sequential data, and
historical or calculated data. The reports may be printed or developed on request,
or developed by events as an alarm Tag, or developed by daily/weekly/monthly
automatic programmed alarm, or developed as by turn over end, day end week
end predefined time.
h) Filings
The system shall provide a series of filing functions for the acquired points. These
functions shall be essentially of two types:
• Historical type filing
It allows keeping in the system memory, for a defined period, the history of a
certain number of points in the Data Base
• Filing of events
It allows memorising a window of samples for a certain period before and after an
event as, for instance, the intervention of an acquired or calculated digital
2.4.3.5 Operator/plant interface functions

These are functions interacting directly with the operator who shall operate through the
operator's console or the local monitor.
The main functions of this type are:
• Operative automatic functions for the management of the plant
• Operative functions under request by the operator for the management of the plant
• Service functions for updating the configuration of the points in the Data Base
Their characteristics are described here below:

a) Operative automatic function for the management of the plant
• Updating of the video pages

• Updating of points on the synoptic
• Visual display of the elements/equipment states
• Visual display and print of events
• Visual display and print of alarms
• Generation of printouts
b) Operative functions under request by the operator for the management of the plant
• Pages display
A dedicated page with the alarms in a specific area of the plant can be displayed.
The alarms, displayed by date and still active, shall be acknowledged by acting on
a specific push buttons.
The operator can utilise an instruction for the display of alarms already
acknowledged but still active (starting from the memo recent).

Video pages (synoptic and/or defined in advance pages) can be displayed by

typing the code of the requested page.
• Transmission of instructions
It shall be possible to transmit an instruction of analogue or digital type as follows:
− By selecting from the keyboard the element in the graphic display relevant to
the object to which the instruction shall be transmitted and the instruction to be
transmitted
− By transmitting the instruction directly from the keyboard
• Forcing of signals/measures (upon request by the operator)
The operator shall have the possibility to force the value of a point in the Data
Base:
− By selecting the type of analogue or digital point
− By inserting, by means of the keyboard or pointer, the tag of the point and the
relevant value and/or state
− By displaying directly on the monitor the control windows by means of pointer
and positioning the display on the relevant configured functions
• Printouts and files request
The operator shall have the possibility to request a visual display and a print of all
the printouts relevant to the conditions of the plant.
• Visual display historical file
It shall be possible to look up a historical file by means of query that enables the
application of the filtering criteria (on time base, on description, on status etc.).
The output of the query shall be displayed on screen or printed.
c) Service functions for configuration, scheduling and maintenance

They shall refer mainly to the configuration of:
• Database
• Print-outs
• Video pages
• Files
• Application software
The characteristics, which all the service configurations of the system have in common,
shall be:
− Menu organisation on several levels with data insertion guided and monitored on-
line
− Operative continuity of the system during the phase of data insertion and/or
modification, by acting on a support structure, which shall update the operative
structure of the system only after the data congruence control
− It shall be possible to modify the control software at the level of the single unit,
leaving the interested joint on-line
The peculiar characteristics for each configuration function are described here below:
• Database
The system shall be equipped with on line configurator that allows it to add, to modify,
to erase any point (analog, digital, equipment) acquired, sent and calculated without
the necessity to reload the whole configuration of the system and without impact on
file recording.

It shall be provided control and safety function such to alert the operator in the event
of erasing of point utilized in calculation, display or necessary to determining the
status of the other points.
• Print-outs
The configuration, modification or deletion of all the printouts of the system shall be
feasible. The printouts shall be obtained with programmes written in high-level
language, which allows both to print in different formats the information relevant to the
points of the Data Base (tags, descriptions, value/states, measurement units) and to
refer to the filed data.
• Video pages
The addition, modification or deletion of video pages shall be feasible.
The execution of these operations, totally protected by programming mistakes, shall
not interfere with the on-line functions of the process.
The protection shall be at different level both for the graphic type and the compilation
and animation functions of the graphic pages managed directly from the operator's
station. Interactive graphic procedures shall be utilised for the functions of graphic
and/or semi-graphic configuration.
The operator shall be able to draw, modify and/or delete directly on the monitor the
graphic parts and to abilitate, replace and/or eliminate the existing video pages.
The functions of configuration of the video pages shall make possible the preparation
and updating of:
− Forms library (symbols library)

− Synoptic type video pages (with no pre-arranged structure)
− Pre-arranged structure video pages, as measurement trends, group pages, lists,
histograms, etc.
• Files
The function of configuration of the files shall allow the definition of the points to be
managed and filed, in accordance with the following procedures:
− Historic file, to memorise on file tapes the history of the Data Base points.
− Event file, to memorise a window of samples in a certain time period before and
after an event (process, acquired or calculated).
• Application software programmes
As application software programmes, are intended those entire specific functions
(calculation or not) necessary to the system to satisfy completely the requirements for
the management of the plant and not provided in the standard calculation section.
In order to answer to these necessities, the system shall manage two different types
of application programmes:
− Application software programmes with pre-defined dedicated structure written in

high level language, which shall be mainly utilised for the configuration of synoptic
type video pages and printouts
− Application software programmes of generic type written in high-level language
utilising interface functions with the Data Base area
Its configuration functions shall be:
− Definition of the application software

− Configuration of the calculation activities
− Compilation
− Software debugging
Each of the above functions may be executed with the system still on-line with no
interference with any of the running functions.

For the generic type application programmes, in addition, the configurator shall carry
out congruence controls to verify the exclusion of interference with other programmes
(overlapped records of data, conflictuality, execution priority levels).

2.4.3.6 Process interface functions

They are managed by the process interface unit and consist in a series of processes and
controls based on the configuration and type of inlet and outlet signals.
The acquisition and local control units shall operate independently from the central
system, to which all the data necessary to the operator for the management of the plant's
connected section shall be transmitted.
The main functions, at least, shall be:

• Physical interface with the plant signals
The physical interface shall be obtained with modules for the acquisition of inlet/outlet
analogue/digital signals, which shall guarantee the insulation of the system's
equipment and provide the conditioning, scanning, amplification and conversion
(analogue to digital and vice versa) of the signals.
• Execution of local scheduled process logic
The management of the programmed control functions (sequences and controls) shall
be configured in a module provided with non-volatile but modifiable memory, able to
allow the configuration of the application software programmes of the user through
the video station of the local operator.
In the configuration of the units as local control sub-station, the modules with control
functions may be requested to carry out both the standard functions listed in
paragraph 2.4.3.4 and the algorithms and the calculation functions indicated in the
project documents.
• Interface with other systems for the management of safety systems and/or other
plants as, for instance, the electric power production and distribution plant
The unit shall be able to manage, though proper modules, the transmission of data,
via MODBUS/MODBUS extended, to other programmable logic systems.
The interface shall be of the serial type, with speed programmable on electric
standard defined in the data sheet.
• Interface with a local network
Communication cards provided with controller shall be utilised for the transmission
and the exchange of information with the joints of the sub-system.
2.5 Limits, exclusions and clarifications

This document shall be applied only to the Distributed Control System as unit up to the
interface boards. Therefore, it does not apply to the field instrumentation, the ESD
system, the Telecontrol and Supervision System, which functional requirements are not
within the scope of this document.
The following aspects shall be also taken into account, in function of the characteristics
of the plant to be controlled, defined in the project documents:
2.5.1 Interconnections
Whenever required, the Distributed Control System shall be supplied complete with all
the cables for the interconnections of the interface boards with the electric equipment
and packages, for the transmission of the field signals.
2.5.2 Interface with other systems

During the design of the system, the interface with other computerised systems (as PLC
dedicated to shut down functions) shall be taken into account, by interface with serial
type communication ports, programmable with standard software language.

2.5.3 Integrated ESD system

When an integrated system for the management of the safety and shut down functions is
required, the control system shall be provided with suitable logs dedicated to the
acquisition of these functions and the configuration (at Level 1) of the relevant alarms.
The two systems shall be directly connected by the same bus, backed-up to guarantee
the transfer of data (diagnostic, shut down and alarm) with priority with respect to the
other units of the system.
The operatively of the shut down functions (instructions and sequences) shall be
protected by suitable access keys (insertion/exclusion/maintenance by-pass).
2.6 Ergonomics
The architecture of the system, the assembly and the layout of the equipment shall
reflect the ergonomics criteria and requirements stated in the normative references (ISO
6385) and shall provide to the operators the maximum level of operability and
functionality.
The layout and the interfaces of the equipment (keyboards, printers, monitor and
facilities) shall facilitate the intervention of the operator on the various video stations with
simple movements.
Any signalling and control facility, installed on the front of the boards, shall be positioned
so that the correct identification and operability by the users is guaranteed.
2.7 Safety
All the safety requirements indicated in the Rules and Laws for the prevention of
accidents of the country where the plant is installed shall be applied.
The separation of the conductors in accordance with their typology, as listed here below,
and the different level of voltage shall be taken into account in the implementation of
electric circuits:
• Power and auxiliary a.c. and d.c. supply
• Instruments supply
• Analog and digital signals
• Intrinsically safe circuits

Proper earthling systems, both protection and operating, shall be provided, as indicated
in the functional specification
20140.EQP.STA.FUN "INSTRUMENTATION BOARDS".
2.8 Non repetitive functional requirements

The Distributed Control System, when required, shall provide the development of
dedicated software programmes for the conversion, preparation and coding of the data to
be transmitted to the Supervision and Telecontrol system, to be compatible with the
telecontrol system and to guarantee the remote management.
2.8.1 Telecontrol functions

The transmission equipment shall allow the supervision system to interrogate the various
units to carry out the function of telecontrol and telemeasurement on logic/analog
elements and variables allocated to the units of the control system.
The characteristics relevant to the employed transmission supports, the distances among
the modules and the geographical co-ordinates shall be indicated in the project
documents.
All the telecontrol functions shall be managed by the system with high-level language
application software programmes. They shall make possible:

• To read all the Data Base and write freely in the area allocated to the non-standard
calculated points (analogue and digital)
• To define own areas in the local Data Base to be used as temporary areas for the
calculations
• To utilise automatically the printers of the operator's stations
• To verify timing, priorities and correct execution of the application software

programmes
2.9 Requirements for quality management and assurance

Requirements for Quality Management or Quality Assurance, where appropriate, are
contained in the Specification enclosed in the Tender documents.
2.10. Additional requirement for review
2.10.1 Tests and inspections

The procedures and types of test following described as to be intended as minimum
requirement to satisfy the test plan issued for the project. The Contractor shall integrate
them if necessary.
The FAT and SAT tests are requested to be carried out before the commissioning
according to the requested planning.
The conformity of the supply with the project shall be checked by tests and conformity of
the documentation.If manufacturing defects should be pointed out, the necessary action
shall be carried out.
The Contractor shall providea ll the equipment, the assistance personnel necessary for
carried out the test.
The tests and inspections shall be at least those indicated by the normative references
and/or listed in the Inspection Data Sheet. They shall be carried out in conformity with the
procedures indicated in the relevant normative references and with the following
provisions:
2.10.1.1 Documentation, certificates, acceptance

FAT and SAT test shall be carried out according to the document and check list issued
by Contractor and approved by the Company.
The same documentation shall be make for final test certificates that shall summarize the
test results and shall indicated the final approval of the system.
2.10.1.2 Attended of test

His designated Representative shall carry out all the tests and inspections by the
Contractor or. They shall be attended and approved by the Company's inspectors or
authorised Representatives.
2.10.1.3 Factory Acceptance Test (FAT)

Scope of the factory acceptance test is to ascertain, through the review of documents
and the execution of reduced but significant tests and inspections, the conformity to the
technical requirements of the original design and the compliance with the Company’s
requirements. Any defect in the material or in the fabrication shall be detected by the
acceptance test too.
This test shall be carried out under the responsibility of the Contractor, on all the
equipment of the Distributed Control System to be supplied.
The final shop acceptance test shall be carried out with all boards and equipments
interconnected and shall be according according to the following procedures:
• Visual and dimensional inspections

• Mechanical tests
• Electric tests
• Functional tests
• Hardware inspections
• Software review
• Check of documentations and certificates
• Wiring test
• Performance test
When necessary, the execution procedures shall be indicated in the Inspection Data
Sheet (I.D.S.) enclosed to the project specification.
2.10.1.4 Site Acceptance Test (SAT)

The site acceptance test shall be carried out with the control system completely installed
and activated.
The acceptance test requirements are the completing of the test carried out during the
factory test, the final installation of the system and the positive commissioning phase.
The planning and type of test shall be agreed after the commissioning.
The control system shall pass with positive results the test indicated by the Rules and
listed in the Inspection Data Sheet, and which shall be carried out in conformity wit the
Contractor's procedures, approved and officially accepted by the Company.
2.11 Documentation
2.11.1 Documentation with the tender

a) Company's Data Sheet filled in any part and with attachments (if any).
b) Information useful for the correct evaluation of the tender, as, for instance:
• Information on the equipment type and Manufacturer's standard components
• Dimensions and weight of boards an/or equipment and of the packing
2.11.2 Documentation for approval

The approval given by the Company to the documentation, if necessary, shall be relevant
only to the formal review of the parameters indicated in the project documents.
2.11.3 Documentation to be used by the Company for the plant design

The Contractor shall supply to the Company all the documentation necessary for the
execution of the plant design and for the installation of the system, object of the supply.
2.11.4 Test Documentation

The test documentation shall include at least the following documents:
• Complete certification relevant to the type, acceptance and special tests
• List of the executed inspections and tests, and description of the procedures and
utilised instruments
2.11.5 Final technical documentation

The final documentation, with the exception of catalogues and publications provided by
the Contractor and sub-Contractors (if any), shall include the following data:
• Name of the Contractor
• Name of the Company
• Identification tag, defined by the Company
• Title of the document
• Reference to the Company's order.
The documentation shall be subdivided as follows:
• Design and installation instructions
• Operative instructions
• Maintenance instructions
The inclusion of the description and the drawings in catalogues or publications provided
by the Contractor will be accepted, provided that:
• The catalogues (or publications) shall contain all the data and the requested
information in their final form
• The catalogues (or publications) shall be relevant to the supplied types and the
materials, object of the supply, are clearly identified among those shown in the
document
The documentation submitted to the Company's approval shall be included in the final
documentation, in the revision approved by the Company.


Distributed Control System: Eni S.p.A

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Distributed Control System: Eni S.p.A

Uploaded by

Copyright:

Available Formats

Eni S.p.A.

Divisione Exploration & Production

DISTRIBUTED CONTROL SYSTEM

Rev. 1 December 2004

ENGINEERING COMPANY STANDARD

Rev. 0 Total number of pages 29

Rev. 1 Total number of pages 27

ENGINEERING COMPANY STANDARD

ENGINEERING COMPANY STANDARD

• Inspection Data Sheet (I.D.S.)

• Requested Documentation Data Sheet (R.D.D.S.)

1.2 Normative references

ENGINEERING COMPANY STANDARD

1.2.1 European, International and National Normative references

EN 60529 Gradi di protezione degli involucri (Codice IP).

ENGINEERING COMPANY STANDARD

1.2.2 Laws and Rules

Legge 791 “Attuazione della direttiva 72/23/CEE relativa alle garanzie

D.L. 626/96 “Attuazione della direttiva 93/68/CE in materia di

D.L.277/97 “Modificazioni al decreto legislativo 25/11/1996 n.626

DPR 126/98 “Decreto di recepimento della direttiva 93/68/CE

D.L.615/96 “Attuazione della direttiva 89/336/CEE in materia di

1.2.3 Normative references from other organisations

1.2.4 Internal Normative references

ENGINEERING COMPANY STANDARD

2. FUNCTIONAL NORMATIVE REQUIREMENTS

The followings definitions are used, too:

DCS Human Machine Interface operating type, connected to the network

Human Machine Interface for programming, configuration, parameterization of the

Specifications and procedures for the structure of the messages exchanged

2.2. Symbols and abbreviations

ENGINEERING COMPANY STANDARD

2.3. Operative environment

• Combined influence of temperature, humidity and contaminants (formation of

• Elevation above the sea level

• Presence of solids, sand, dusts

• Presence of corrosive and polluting substances

• Formation of fouling or mildew

• Direct or indirect electric shocks

• Installation in atmosphere with hazard of explosion and/or fire

2.4. Functional Requirements

2.4.1 Functions of the system

• Visual display of the events (elements state and process conditions)

• Automatic continuous control of the process with the possibility of manual

• Visual display of the plant's diagrams

• Pre-arrangement for the remote management of controls/supervision system

• Management and process calculations and print of the reports

• Historical record of data

ENGINEERING COMPANY STANDARD

• Transmission of data to external systems

• Automatic selection of the off-service sections of the system and automatic

• Initial loading of the software by floppy disk or streaming tape

− Input of parameters for an automatic operating/maintenance management

ENGINEERING COMPANY STANDARD

2.4.2 Structure of the system

• Unit Storage Data

• Process Control Unit (PCU)

• Interface unit with the process (I/O cards)(PIU)

• Interface unit with external system

• Engineering Work Station (EWS)

• Printers and Hardcopy

• Facility in the identification and replacement of fault parts

• Real-time operative systems and totally tested software