Instrumentation and control works

B8. Instrumentation and control works 1

B8.1 General 1
B8.1.1 General Operation and Control Philosophy 2
B8.1.2 Function and Arrangement of Control centers 2
B8.1.3 Operation of the main units 3
B8.1.4 Principles of Boiler automation 4
B8.1.5 Principles of Steam Turbines Generators (STG) automation 4
B8.2 Scope of supplies and services 5
B8.2.1 General 5
B8.2.2 Scope of equipment 5
B8.2.3 Scope of Services 12
B8.2.4 Erection, cabling, wiring, labeling 13
B8.2.5 Commissioning 14
B8.3 Technical Requirements Instrumentation and control system 14
B8.3.1 General 14
B8.3.2 Structure of control functions 15
B8.3.3 Field equipment 16
B8.3.4 Distributed Digital Control System (DCS) 16
B8.3.4.1 General 16
B8.3.4.2 Availability and redundancy 17
B8.3.4.3 General hardware requirements 18
B8.3.4.4 Process station 18
B8.3.4.4.1 General 18
B8.3.4.4.2 Signal input and output processing 19
B8.3.4.4.3 Closed-loop controls 21
B8.3.4.4.4 Open-loop controls 22
B8.3.4.4.5 Protection and safety interlocks 25
B8.3.4.4.6 Interlocks for alarm annunciation 26
B8.3.4.5 Data highway communication 26
B8.3.4.6 Operator station 26
B8.3.4.6.1 General 26
B8.3.4.6.2 Software requirement 29
B8.3.4.6.3 Man-Machine-Interface (MMI) 30

I
 B8.3.4.6.4 Alarm annunciation and Sequence of Events Recording
functions (SER) 35
B8.3.4.6.5 System diagnostics and configuration 37
B8.3.5 Boiler protection system (BPS) 39
B8.3.5.1 Design requirements 39
B8.3.5.2 System architecture 39
B8.3.5.3 Hardware requirements 39
B8.3.5.4 Software requirements 39
B8.3.5.5 Emergency shut-down 40
B8.4 Technical requirements for Data exchange with the AGC 40
B8.4.1 General 40
B8.4.2 Requirements for the control center 40
B8.4.3 Requirements for Automatic Generation Control (AGC) 40
B8.4.3.1 Data Requirements for Control Center 41
B8.4.3.2 Data for transmission switchgear monitoring and control 45
B8.4.3.3 Data for transformer monitoring and control. 47
B8.4.3.4 Data for substation common alarms and measurements. 49
B8.5 Technical requirements Communication system 50
B8.5.1 Telephone system 50
B8.5.2 Public address system 51
B8.5.3 Intercom system 52
B8.5.4 CCTV 53
B8.6 Technical Schedules 53

II
B8. Instrumentation and control works

B8.1 General

This specification covers the design, manufacturing, supply, erection and

commissioning of the instrumentation and control and communication
works for the Tanjung Bin power plants, consisting of three (3) units of 700
MW net each.

The following equipment is covered in this section:

• Distributed digital control system (DCS) for the main systems of the
plant
• Boiler protection systems
• Field-mounted equipment
• Systems for flue gas emission monitoring
• Central control room and central electronic room equipment
• Communication systems
• Telephone
• Public address
• Portable radio
• Intercom system
• CCTV system
• Local Control Systems:
• Coal handling system
• Ash handling system
• Water treatment plant (WTP) system
• Demineralization plant system
• Electrochlorination plant (ECP) system
• Waste water treatment plant (WWTP) system
including Local Control Rooms (LCRs) and Data Exchange with main
DCS.

The control and monitoring equipment to be provided shall be suitable for

faultless and safe control and supervision of the entire plant during all phases
of operation in every respect and shall be suitable for the location in which
they shall be mounted.

The Contractor must adhere to the functional requirements, design criteria

and system configuration contained in this document. Where there is a
conflict between the requirements of this specification and the Contractor’s
current standard system/technology, this must be clearly defined in writing
as a deviation to the specification. The Contractor may propose alternative
improved performance features as long as the system is made up of power
plant proven equipment and components, hardware and software modules.

B8 - 1
B8.1.1 General Operation and Control Philosophy

The control and instrumentation systems shall be provided to enable each

unit of the power plant for safe, reliable and efficient operation under all
operational conditions without invoking plant or system operational limits
and provide the quality of control to support the overall performance
guarantees.

The control and instrumentation system shall minimize the power station
personnel in operation and maintenance.

To maximize availability, the design of the control system shall be on an

independent block basis such that failures in one block cannot reflected on
to the operation of the second block. Single failures within one block shall
not result in a reduction of availability. Single failures in the automation
system shall not cause a failure of the complete unit.

The malfunction of any component or loss of supply shall lead to fail safe
condition. All equipment shall be designed that in all conditions which
occur in electrical, pneumatic or hydraulic supplies, there shall be no
damage to plant and personnel.

Common makes and types of control and instrumentation shall be used in

order to simplify operation and maintenance of the power plant.

The automation system must consist of modules for each unit and one
module for the common part. The modules must be separated from each
other, but they are all connected to the redundant data highway.

Additional systems must be connected "intelligently" (e.g. via PLC) so, that
they can be supervised from the CCR.

B8.1.2 Function and Arrangement of Control centers

Remote manual controls, automatic sequence and modulating controls,

protection systems, alarms and indications shall be provided in a single
Central Control Room (CCR) utilizing distributed control system (DCS) on
the hierarchical functions.

The CCR shall be the operational focus for the whole plant from where all
major plant items such as the boilers, turbine generators, etc. shall be
capable of being started, on-line regulated and shut down.

All systems, if not configured on the DCS but using own microprocessor
based system, shall be able to communicate with DCS for operator
monitoring and/or control from CCR.

B8 - 2
 For the power plants major auxiliary systems which are stand-alone and not
directly related to the load dispatch, shall have their own control panels and
Local Control Rooms (LCR) as per the Tenderer’s design. However, the
equipment status, process parameters, and alarms should be available via
DCS in the CCR. All systems shall have independent control facilities.
Monitoring of these auxiliary systems, which are essential for plant on-line
coordination shall also be possible from the CCR.

The local control systems shall follow the DCS concept for safe, reliable and
efficient operation, including, but not limited to:
• Redundant controller with hot stand-by
• Redundant VDU’s
• Required mimics of plant P&ID’s status monitoring, control, trending,
history (archiving), alarm system, etc.
• Hierarchical control with automatic, semi-automatic and manual
operations
• Maintenance functions
• Necessary engineering work stations
• System diagnostics.

B8.1.3 Operation of the main units

Plant operations including start-up, loading and shutdown of the power units
under all operational conditions shall be done from the central control room
(CCR) based on functionally distributed hierarchical control system.

The control system design of the man machine system, indication, alarm and
control equipment shall be based on minimization of the incidence of
operator error and maximization of the operators’ efficiency.

Normal operation shall require a minimum of attendance by field operators

local to plant and will be done mainly from the CCR.

The facility shall be designed to be capable of:

• Generating as per National Load Despatch Center requirement
requirements
• Operating in sliding and fixed pressure modes. The Tenderer shall
propose and design the most efficient plant operating mode.
• Performing Automatic Generation Control (AGC) duties for the purpose
of load regulation within a range of output, agreed by TNB and the
Owner. The use of AGC shall not cause any restriction whatsoever on
the operation of the governor or any other equivalent control devices on
the facilities or vice versa.
• Free governor action.

B8 - 3
B8.1.4 Principles of Boiler automation

The start up, loading and transfer to range pressure control of each Steam
Generator (SG) shall be done in hierarchical control functions utilizing
breakpoints.

The automation shall meet the following objectives:

• Consistent start-up and shut-down of the plant under all operational

conditions
• To achieve minimum run-up and loading times consistent with pre-set
thermal stress limits
• To minimize fuel consumption during start-up, shut-down and normal on
load operational cycle
• To maximize plant life expectancy
• To simplify operation.

Each auxiliary equipment, such as pumps, fans, e.g., shall be controlled by

sequence control (sub-group level up to group level). The sequence controls
are partitioned together into some groups (unit co-ordination level), where
the equipment is controlled in automatic sequence manner.

B8.1.5 Principles of Steam Turbines Generators (STG) automation

The operation of the STGs shall be fully automated. The complete start-up
and shut down shall be remotely supervised and conducted in a automatic
mode from the CCR. The Turbine shall be automatically started and
accelerated to its rated speed and after synchronization loaded with its initial
load.

The automation shall meet the following objectives:

• Consistent start-up and shut-down of the plant under all operational

conditions
• To achieve minimum run-up and loading times consistent with pre-set
thermal stress limits
• To maximize plant life expectancy
• To simplify operation.

Each auxiliary equipment, such as pumps, fans, e.g., shall be controlled by

sequence control (sub-group level up to group-level). The sequence controls
are partitioned together into some groups (unit co-ordination level), where
the equipment is controlled in automatic sequence manner.

B8 - 4
B8.2 Scope of supplies and services

B8.2.1 General

This section sets out the scope of installations covered by this specification as
well as requested supplies and services, but without excluding other necessary
components and services not mentioned.

The indicative control system architecture is shown in Annex B8-1.

The Tenderer shall submit their automation system structures for approval.

General requirements for the I&C equipment and materials are specified under
Section B0. The material used for all equipment shall fully meet the
requirements regarding safety and operational conditions of the media to be
measured.

B8.2.2 Scope of equipment

This section of the specification includes all control and monitoring

equipment within the Central Control Room (CCR), Local Control Rooms
(LCRs), the electronic rooms and associated field mounted equipment as well
as the communication systems. In addition, the equipment to be supplied
under this section shall be able to fulfill the task descriptions of all related
sections of this specification.

The instrumentation and control equipment and the control functions specified
in the various sections shall be supplied as a minimum requirement.
Further instrumentation shall be provided as far as required for the fulfillment
of the specified degree of automation and for a safe and satisfactory operation
and supervision of the plants.

The scope of supply within this section comprises at least, but not limited to:

Field equipment
• All measuring and signal conditioning equipment installed in the field as
well as in the electronic rooms, LCRs and CCR. Basically, common
transmitting sensors are to be used for control, alarming and supervision
of each variable.
• Portable programmers for programming and calibration of SMART
transmitters (for number see table at the end of this chapter).
• For general start-up and maintenance all necessary local instrumentation
shall be provided including at least the following:

B8 - 5
 Pumps Suction and discharge pressure gauges
Gland sealing pressure gauge (if applicable)

Strainers and Filters Differential pressure gauges

Heat exchangers Temperature upstream and downstream, both

tube side and shell side.

Lubrication and Cooling Pressure gauges indicating system pressure at

systems appropriate locations to enable correct system
functioning to be confirmed.

Tanks and Vessels Level indicators.

Further local direct reading instrumentation shall be provided in accordance

with the general criteria specified under this Section B8.

Systems for flue gas emission measurements

The emission measurements shall be in full compliance with the
Environmental Quality Act (Act 127) from the Department of Environment
of the State of Malaysia. A Continuous Emission Monitoring System
(CEMS) shall be employed.

All the governmentally required measurements shall be proposed for each

unit in accordance to the respective regulations. Possibilities for online data
read-out for authorities shall be provided.

The technical requirements specified under Section B0 shall be considered.

The emission measuring equipment comprises essentially:

• Sampling devices (all heated)

• Preparation
• Analysis
• Automatically calibration, according to requirements of the emission
control act
• Monitoring in the DCS system
• Computer for evaluation
• Compartment with heating and air conditioning

B8 - 6
The flue gas and emission measuring points shall include at least, but not be
limited to:

Measurement quantity Location

Flue gas temperature Furnace exit
Before air heater
After air heater
Before FGD
After FGD
Stack
Acid dewpoint Before air heater
Oxygen (O2) Furnace exit
Before air heater
After air heater
After FGD
Stack
Nitrous oxides (NOx) Before air heater
Stack
Sulphur dioxide (SO2) Before FGD
After FGD
Stack
Carbon monoxide (CO) Before air heater
Stack
Particulates After air heater
After filter
Stack
Opacity Stack

Distributed Digital Control System (DCS)

Complete digital control system in accordance with the technical requirements
specified under this Section B8, including:

• I/O processing equipment

• All necessary I/O equipment in compliance with the technical
requirements specified under this Section B8.
• Interfaces to external systems
Interface equipment for the following interfaces to external systems shall
be provided.
• Boiler Protection System (BPS) Dual or Triple Module Redundant
(TMR).
• SG serial communication for signal monitoring and hardwired I/O for
operators control actions and checkback signals from operator actions.
• STG serial communication for signal monitoring and hardwired I/O
for operators control actions and checkback signals from operator
actions.
• Miscellaneous PLC’s in the substations using direct wiring or
modems.

B8 - 7
 • Data interfaces for remote attendance and maintenance, via Modem
or intranet
• Closed-loop control system
All necessary closed-loop control systems as specified in this Section B8.
In addition to the task description included in this chapter the task
description in the specifications of the relevant mechanical equipment
shall be considered.
• Open-loop control system
Complete control equipment for all manually remote or automatically
controlled drives in accordance with the operating conditions described
under this Section B8 including all necessary safety interlocking and
protections. The extent of the supplied open-loop control system shall
fulfill the specified control philosophy and degree of automation.
• Open-loop control and signal exchange as described in Section B7,
electrical and associated works.
• Alarm Annunciation and Sequence of Events Recording (SER) as
specified under this Section B8.
• Data highway equipment
All necessary data highway equipment in accordance with the technical
requirements as specified under this Section B8.
• DCS engineering, diagnosis and maintenance equipment for common
parts of plant as well as each single unit. This platform must also enable
the diagnosis and parameterization of the SMART transmitters (in
addition to the diagnosis and parameterization via portable
programmers).
• Engineering stations in accordance with the technical requirements
specified under this Section B8
• Laser printer - A4 format.
• Laser printer - A3 format
• Print Server
• Process Information Data Archive, to provide any kind of current or
historical process information for plant operation analysis or plant
operation optimization systems. These systems will be linked to the
terminal bus via appropriate interfaces. If the Tenderer can provide
integrated solutions for this type of analysis and optimization, he is asked
to offer these solutions.

For the number of systems, see table and schematic of DCS structure at the
end of this chapter.

Boiler protection systems

Complete boiler protection for the boilers as specified under this Section
B8.
• One programming device for the boiler protection systems.
For the number of systems, see table at the end of this chapter.

B8 - 8
Various PLC based control systems for package equipment
• One programming device for each type of supplied PLC controller for
each case.

STG control systems

Complete control system including the protection for the STG as specified
under Section B2.
• One programming device for the STG control system.
• Communication systems

For the number of systems, see table at the end of this chapter.

Central control room and central electronic equipment room

The control room shall mainly contain the following equipment:
• Operator desks (one for each unit, one for common equipment).
The operator desks shall accommodate the VDU’s, the keyboards and the
conventional control elements, such as emergency stop push buttons as
well as communication facilities.
• Operator desk console for overall supervision and control (shift
supervisor).
• Operator stations, each equipped with VDUs, workstation, keyboard,
mouse, and large screen projection
• Operator station for the shift supervisor, equipped with VDUs,
workstation, keyboard and mouse
• Low noise color printers, two for each unit.
• Hard copier – one for each unit and one for the shift supervisor.
• Side boards with sliding doors
• Chart drawer for storing forms and drawings.
• Chairs
• White boards 2000 L x 1200 H
• Multi-layers slidable board for P&I diagrams.

The control room shall have an ergonomically and esthetically well suited
appearance. For the number of systems and a possible layout, see table and
schematic at the end of this chapter.

Local control rooms equipment

For each LCR mainly the following equipment shall be supplied:
• Operator consoles and stations or control panels
• Low noise color printers
• Hardcopier
• Filing cabinets for documentation
• Writing desks with drawers
• Chairs.

B8 - 9
Telephone system
The telephone system shall consist of:

• PABX (Private Automatic Branch Exchange) with exchange lines to the

public telephone system and spare capacity for additional users
• Indoor telephone sets, desk or wall-mounted
• Outdoor telephone sets, wall-mounted, splash proof
• Telephone booths with auxiliary bell and call roof light
• Telephone sets integrated in the control room desk, one with separate
exchange line for each case
• Public telephone boxes for coins or card.
For the number of systems, see table at the end of this chapter.

Public address system

The loudspeaker address system shall consist of:

• Amplifier station
• Control unit for the control room desk with microphone and function
keyboard
• Control unit in the office building
• Loudspeaker groups, with 10 loudspeakers each
• Digital memory for alarm tones and standard messages
• Tape decks for special message recording.

For the number of systems, see table at the end of this chapter.

Intercom system
The wireless personnel paging system shall consist of:
• Desk top control base station (central control room)
• Goose neck microphone
• Build-in loudspeaker
• Slave units with build-in loudspeaker and microphone.

CCTV
The CCTV system shall be provided to:

• Monitor smoke emission at Chimney

• Monitor each boiler’s burner flames and bottom hopper
• Monitor coal unloading, stock pile, coal stacking and reclaiming
• Observe the plant, e.g. at the entrance gate
• Observe unmanned areas for monitoring and safety requirements
• Monitors in each gatehouse and in the CCR

B8 - 10
Clock system
The clock system shall consist of:
• Master clock (GPS based)
• Slave clocks

Systems to be provided

System Numbers
Portable programmers for programming and 3
calibration of SMART transmitters
DCS engineering work stations 3
A4 laser printer 3
A3 laser printer 3
VDU per station 3
Print Server 1
Process Information Data Archive 1
Non DCS control system Engineering work 1 for each
station (in addition to communication program system
PCU)
printer 1 for each
system
Telephone systems 1 system
Public address systems 1 system
Central Control Room (CCR) 1
Operator stations as necessary
VDUs per station 5
Large Screen projection per station 1
Shift supervisor operator station 3
VDUs per station 1
Hardwired Digital MW/Turbine Speed 3 sets
(automatically changed at synch.), MSP,
MST and clock - all readings to tally with
DCS, vice versa.
low noise printers 6
hard copier 4
multi-layers slidable board 1
Local Control Rooms (LCRs) as defined in
B8.1
Operator stations/control panels as necessary
VDUs per station Redundant
Shift supervisor operator station as necessary
VDUs per station as necessary
low noise printers as necessary
hard copier as necessary

B8 - 11
 Spare capacity after completion of commissioning
At least 5% free space shall be available in all cubicles, junction boxes and
marshaling racks after final commissioning. This free space shall be
distributed inside the cubicles in such a way that additional terminals,
equipment or modules may be added to any group of controls. At least 5%
spare cores shall be provided in each control and monitoring cable. All spare
cores have to be terminated.

B8.2.3 Scope of Services

All services required for a safe, reliable, efficient and trouble free
instrumentation and control equipment shall be provided by the Contractor.
These services shall include but not be limited to:

• Design of all equipment to be supplied

• Documentation of all equipment to be supplied, including the data
storage medium
• Programming of all digital equipment
• Testing in the Contractors/Vendors workshop and on site (FAT and SAT)
• Packing, transportation to site, unloading and proper storing
• On time delivery of all documents needed for proper assembly
• Handling from site storage to the point of final installation
• Erection of all parts to be supplied.

The Contractor is responsible for the co-ordination of the interfaces and

overall design of all package control equipment or other control equipment
supplied by subcontractors and for making sure that the design of this
equipment and the submitted documentation is in line with Section B0 and
this Section B8.

As far as the final execution of the work is concerned all design data,
interlocking conditions, control loops and logic diagrams supplied by the
various subcontractors shall be checked, verified and closely coordinated
with the other subcontractors of the corresponding equipment. For this
purpose close collaboration with all subcontractors supplying control
equipment shall be arranged.

A detailed time schedule for the drawing approval procedure shall be

submitted by the Contractor at the beginning of the design phase.

B8 - 12
B8.2.4 Erection, cabling, wiring, labeling

The scope of this contract covers complete erection, cabling and wiring of all
control and monitoring equipment and shall comply to the general
requirements stated under Section B0 and B7.

All local instrumentation shall be mounted at location which is readily

accessible and available for operation and maintenance personnel. Grouping
on local instrument racks or control boards are preferred.

The Contractor shall be, in all cases, fully responsible for the correct
installation and erection with regard to the measuring and control functions of
all the supplied equipment.

The Contractor shall make all necessary provisions for the site testing and
commissioning of the control and instrumentation systems which include but
shall not be limited to the following:

• The test calibration of all transmitters prior to installation

• The functional test of transmitters once installed
• The loop testing of all measurement and control loops
• The site demonstration test required to confirm that all control and
supervisory function conform to their respective functional specification.

All tests performed on site, including the results and deficiencies, have to be
recorded and the test protocols have to be submitted to the Owner.

All cabling for the field equipment in the scope of this contract, shall be
supplied, laid and terminated.

For the supplied field cabling all necessary cable routes, supporting
traywork, surge diverters (if necessary) and intermediate marshaling shall be
provided.

All field equipment including local instruments, transducers, valves,

actuators, sensors, junction boxes, cabinets shall have nameplates with the
instrument tag number and descriptor in English language. The nameplates
shall be fixed to the mounting plate, the mounting brackets or junction box.
Loosely attached nameplates by wires are not acceptable. Label material and
writing shall be selected to withstand the environmental conditions where
they are mounted. The label size and fixing place shall be selected to allow
easy reading.

Inside the control cabinets all control equipment has to be labeled.

B8 - 13
B8.2.5 Commissioning

The Contractor shall be entirely responsible for the commissioning of the DCS
in conjunction with the plant system. Commissioning shall be carried out in
accordance with the commissioning procedures prepared by the Contractor
and approved by the Owner.

The scope includes :

• Pre-commissioning cleaning, if needed, of all equipment

• Commissioning of all parts i.e. cold and hot tests
• Complete coarse and fine adjustment of all analog and binary
transmitters, instruments and other equipment supplied
• Adjustment of control parameters, alarm limits and other adjustable
parameters
• Optimization of closed-loop control systems
• Modification or correction of control functions during optimization, if
necessary, VDU displays, logs, etc.
• Optimization of alarm annunciation and SER functions and the
associated printing functions
• Correction of any latent errors found within the DCS.

B8.3 Technical Requirements Instrumentation and control system

The requirements specified in Section B0 under Section "General Technical

Requirements" are to apply and, where applicable, further regulations from
the other Sections of this specification.

B8.3.1 General

The I&C systems shall be so designed that the power plant units shall be
remotely controlled exclusively from the CCR.

The control system making up the scope of supply shall permit complete and
centralized monitoring of plant operations as well as automated operation
under the following aspects:

• Normal operation of the plants, for example during changes in the boiler
or turbine load, shall be automatic.

B8 - 14
 • All functions for protecting plants and equipment shall proceed in all
cases reliably and without manual intervention. The plant protection
system shall prevent the unit from reaching impermissible loading
conditions and, should any faults arise, shall keep their consequences
within the specified limits. The same applies for switch-on and
switchover functions of redundant and reserve equipment with the
possibility for pre-selecting the operating equipment.
• The plant shall be put into and taken out of operation by manual initiation
of the functional group controls of all subsystems. All drives required for
start-up and shutdown of the unit in accordance with the specified control
philosophy shall be remotely controlled from the CCR.

B8.3.2 Structure of control functions

In order to meet the requirements of plant safety, availability and

transparency of plant operations, the automation equipment shall be
hierarchically structured into automation levels.

The components of the subordinate level shall be so designed and

configured within the system, that they can fulfill their intended actions
without requiring the control function of their supervisory level. The defined
process variables (set-point conditions) shall be achieved and maintained by
means of the control installations assigned to this automation level.

For this plant the individual drive level, sub-group level, functional group
level and unit co-ordination level shall be provided:

Drive level
• Start, stop, protection and manual operation for individual drives.
Position control for regulating actuators.

Sub-group-level
• The combined or sequential control of associated drives such as main
pump drives and associated discharge/suction valve drives. Auto standby
functions. Closed-loop control functions.

Functional Group level

• Sequential control co-ordination of sub-group controls
• Co-ordination of sub-ordinate regulating function operating in a cascade
configuration.

Unit co-ordination
• Start-up, shutdown, on line co-ordination and protection of the unit.
Normal operation shall be under unit coordination level. All the
sequence shall be based on sequence breakpoints.

B8 - 15
 The task of the unit co-ordination level is to lead the sequence and to
generate the setpoints for the control of the plant for start-up, online
operation and shut down conditions. The required unit capacities shall be
reached with minimum run up time but under strict consideration of
allowable thermal stress limits.

In general the Operator shall have direct access to all four control levels
through the operator interface located in the CCR.

B8.3.3 Field equipment

All field equipment supplied under this contract shall comply with the
relevant requirements of Section B0.6.18.

For important parameters which are concerning the safety operation of the
generation units, triple redundancy shall be applied; for interlock and alarm
signal, double redundancy shall be supplied.

Purging anti-blocking systems for measurements of air, flue gas and

pulverized coal shall be provided.

Local direct reading instrumentation and controls not forming part of the
central control and supervisory system shall be provided only for the
following cases:

• For local plant supervision, testing and maintenance

• Where required for the convenient checking of other instrumentation
(e.g. pressure switches).

B8.3.4 Distributed Digital Control System (DCS)

B8.3.4.1 General

The plant shall be monitored, controlled and safeguarded by a distributed

digital control system.

In case of proprietary control system, they shall be connected and

communicated via DCS from the CCR to form the integrated control
system. For communication, Ethernet network protocol shall be used.

This subsection covers the minimum requirements for the design and
fabrication of the DCS. The Contractor shall be responsible for all hardware,
software, interface to other systems, system testing, documentation,
delivery, installation, supervision and field support and any other services as
required for the procurement of the system as defined within this
specification.

B8 - 16
 The design of the DCS shall conform to the state of the art, and shall already
have been proven in other similar plants. Prototype equipment will not be
accepted. A reference list shall be supplied by the Contractor in his
quotation. This list shall include the name of the end user and details of the
system application size, model, release etc.

Only high quality systems from reputable suppliers preferably with

established local back-up for maintenance and after-sales technical and
spares supports shall be offered.

For the system offered, a guarantee shall be given that spare parts will still
be available at least 15 years after commissioning of the plant and the
provided system shall be compatible with the future upgrading of the
system.

The DCS system shall achieve the functions of data acquisition, signal
conditioning, closed-loop control, open-loop control, calculation, alarm
processing and annunciation, sequence of event recording, historical and
real time trend recording, graphic display of process and communication
with other devices/systems.

It shall be suitable for control and monitoring of all main plant processes.

System Configuration shall be user friendly, i.e. simple and flexible with
regard to re-configuration of loop connection and display formats to suit
changes in operational requirements. System software security, including
data base configuration, controller loop tuning parameters shall be available.

All systems shall require minimum maintenance or routine calibration, and

shall have comprehensive self-checking and self-diagnostic capabilities
including self-test failure alarms etc.

Comprehensive status information recording and reporting capability shall

be provided for all systems allowing for efficient fault detection and tracing.

All requirements are minimum requirements and the rules of good

engineering practice and the relevant approved standards and regulations
shall be observed.

B8.3.4.2 Availability and redundancy

The highest demands are placed on the control and monitoring equipment
with regard to availability, plant safety and reliability. All central
components that can affect large part of the plant operation shall be
redundant with hot standby, that is duplicated with automatic switch-over
and fault reporting and diagnostic facilities.

B8 - 17
 The data highway system shall be completely duplicated and spatially
separated. Different routing for the cable trays shall be foreseen. The second
system must be in hot stand-by. Failure of one of the data highways shall not
reduce the availability of any of the system components or degrade system
performance. Fail over from one data link to the other shall be automatic.
Connection of additional equipment shall be possible on line without
disrupting operation. Any data communication failure shall not disrupt
process control.

The main machine interface controllers shall be redundant and support all
the VDUs. In the event of a controller failure, all VDUs shall be available
for control and monitoring functions.

In case of control system power interruption, the DCS shall:

• Set all outputs (analog or digital) to a programmed fail safe position

• Retain the system (control) configuration or execute an automatic restart
(reload) without operator’s intervention while maintaining the fail safe
status on all outputs. Control shall be initiated by the operator
(all controllers shall be manual and all sequences, motors etc. stopped
unless otherwise specified).

B8.3.4.3 General hardware requirements

The DCS shall mainly consist of process stations, data highway and operator
stations.

In the interest of a neat and clear space-saving layout of installation, easy

maintenance, simple starting-up, operational checking and fault-recognition,
a control and monitoring system made up of a small number of matched
standard subassemblies with plug-in modules shall be provided.
The instruments and components used, shall be made of high-grade
materials and their data shall be based on the most unfavorable design
conditions (worst-case design), in regard to temperature, voltage, RF
interference etc. To a large extent, it shall be possible to replace individual
modules during plant operation.

B8.3.4.4 Process station

B8.3.4.4.1 General

The process stations shall consist of a redundant microprocessor based

system or multifunctional controllers with the appropriate process interfaces.
They shall contain all functions which are necessary to keep the process
running without operator's intervention and independent of the availability
of a workstation or the state of data highway.

B8 - 18
 The main functions of the process stations shall be acquisition of digital and
analog signals from the process, signal conditioning and processing, output
of digital and analog signals, closed-loop control and open-loop control.

Control loops that obtain data via the data highway shall revert to safe state
on data highway transmission failure.

In order to ensure high availability, the hardware shall be functionally

decentralized, i.e. a limited number of inputs and outputs per module and
individual modules for closed-loop control, functional group control and
drive control, so that any failure shall have limited effect.

Failures shall be indicated by alarms and LED's, and logged, including the
hardware address of the failed module.

B8.3.4.4.2 Signal input and output processing

Dedicated hardware modules for input and output signal conditioning shall
be provided. The process I/O shall be able to accept signals from
commercially available signal sources. Conversion into engineering units
and linearization of the signals shall be possible.

The system I/O shall be designed to meet the following general

requirements:

• The process I/O operation shall not be affected or damaged by ground

faults of field equipment.
• The process I/O operation shall not be damaged by a short circuit in the
field wiring.
• When assigning occupancies to modules process redundancies shall not
be nullified, i.e. I/Os from redundant process equipment shall be
accommodated in different modules, preferably in different process
stations.
• Redundant signals from or to redundant control equipment shall not be
connected to the same input or output card and preferably from a
different container.

In order to ensure high availability, the hardware modules shall be

functionally distributed, i.e. a limited number of inputs and outputs shall be
connected to one module, so that any failure shall have limited effect.
This limitation may be disregarded if the I/O modules are in a redundant
configuration and it is assured that defective modules can be detected and
replaced without limitation.

The outputs of analog and binary output cards shall be short-circuit proof.
To compensate for possible hardware failure on testing, an 'override
function' shall be available to allow 'forcing' of the measurement associated

B8 - 19
with a specific hardware input point (analog or digital) or to mask changes
to an output (digital).

The Tenderer shall explain in his offer his philosophy to achieve the
requested high availability, i.e. redundant or decentralized design of the I/O
modules. If he has chosen the decentralized design he shall indicate the
degree of decentralization by giving the number of different I/Os per
module. The redundant design will be preferred.

The distributed control system communication shall conform to the

following requirements:
• Transmission rate >10 Mb/sec
• Resolution time for DCS < 5 msec.
• Resolution time for parameter scanning and updating < 5 msec.

Analog I/O
The following minimum requirements shall be considered for the analog I/O
modules:
• For the analog inputs the system software shall check for signal integrity
and if the input signal exceeds ±5% of the specified range the
measurement shall be declared invalid.
• The analog output modules shall provide 4 - 20 mA DC, capable of
driving up to 600 ohms total loop resistance.
• Each analog output shall be short-circuit proof.
• Normal thermocouple linearizations shall be accurate to 0.25 °C of the
measured temperature. All type of thermocouples linearization shall be
available. For thermocouple signals automatic compensation of cold
junction temperature shall be provided. Cold junction compensation in a
special cold junction compensation box outside the DCS is acceptable.
• Linearity shall be within 0.2% of all inputs.
• For analog 4-20 mA inputs, the inputs resistance shall not remain under
250 ohm, due to the requirements of SMART-Communication.
• Analog inputs shall contain over-range protection circuits to protect the
equipment from ground faults or high voltage either in common or
normal mode. Ground fault detection alarm shall be provided.
• Analog signals shall be programmable per channel.
Binary I/O
The following minimum requirements shall be considered for the binary I/O
modules:
• Inputs shall be individually isolated.
• The binary input modules shall be able to supervise the circuit integrity
and they shall ensure that the current through the closed contacts of
binary transmitters shall be at least 3 mA.
• Input modules for pulse inputs shall be available.

B8 - 20
 • Input modules for proximity switches shall be available.
• The digital output modules shall provide dry contacts rated at 2 amperes,
24 V DC.
• The system shall have the capability to provide faster scan rates for some
selected digital points (Sequence of Event Recording), a scan rate of 10
milliseconds per point or better shall be possible.

B8.3.4.4.3 Closed-loop controls

General equipment design guidelines

Either pneumatically or electrically actuation shall be used provided they are
the manufacturers proven standard. Each modulating actuator shall be
equipped with some form of failure detection equipment which shall cause
any necessary control action to be taken to safeguard plant safely in the
event of actuator failure detection. Failure detection shall include loss of
output signals, loss of feedback signals and loss of motive power to the
actuator

All actuators used shall be standardized for each type of duty.

Electric valve positioners shall be of solid state type (no contacts), plug
in/drawn out units and shall be accommodated in cubicles in the electronic
room.

The closed-loop control system shall permit control actions from the open-
loop control system, such as automatic MANUAL/AUTO switch-over and
controlled OPEN/CLOSED actions of the control valve, and shall issue
corresponding checkback signals to the open-loop control systems.
The normal closed-loop function shall be guaranteed also independently of
the open-loop control system.

Control loop gain shall be automatically adjusted through parameter control

when the number of effective FCEs changes, e.g. with one or two pumps
under closed-loop operation.

The positioner shall have standard electro-pneumatic conversion and shall

not be altered for serial control valves opening setpoint. Any adjustment of
the position setpoint of serial valves shall be made in the control system.

Besides the modulating control function PID, the controllers shall contain
facilities for bumpless transfer, anti-reset windup, auto/manual switching,
cascading, feed-forward control, signal exchange with open-loop controls,
etc.

In the event of transmitter failure or a fault in the measuring transducer, the

design shall permit alarm in the DCS. The control may select the median for
triple signal monitoring system or jump to manual for a double or single
signal monitoring system.

B8 - 21
 In the event of failure of the auxiliary power supply or withdrawal of a plug-
in element, the control valves shall retain their position, or if necessary
traverse to a position which is safe for the process. Faults in the power
supply shall not result in any unwanted or dangerous switching actions.

Cascade control
The tracking of cascade loops must be done automatically so that the manual
balances and bumpless operation can be achieved at any time without
having to specially configure the signal tracking.

When a controller in a cascade hierarchy is turned off (cascade open) or get

to manual mode, the upper level controllers must sense the mode change of
the controller. The output signal of the upper level controller must then track
the setpoint of the controller at the next lower level automatically.

When a controller output reaches a maximum or minimum limit the primary

(master) controller must sense the condition (set point limits) of the
secondary (slave) controller and must stop the adjustment of the set point of
the secondary controllers.

Feed-forward control
The system must allow implementation of feed-forward control applications
and ratio-control applications. Standard algorithms like lead/lag logic, ratio
control and free programming capability must be provided. Moreover,
facilities to activate and deactivate feed-forward and ratio controls must be
provided.

B8.3.4.4.4 Open-loop controls

General
Open-loop control system shall be hierarchically organized and shall contain
individual drive controls and sequential controls for drive, group level,
functional group and unit level. In addition to these control levels the
protection and safety interlocks of the drives shall be provided by the open-
loop control system.

As far as possible the design shall be decentralized such that a disturbance in

the control system shall not affect more than one sequence (e.g. one
feedwater pump). In the case of a higher degree of centralization a redundant
configuration is mandatory so that the controller shall automatically switch
to a back-up controller in case of failure.

B8 - 22
To allow for the process redundancies 'Functional distribution' shall be
provided i.e. the grouping of the functional subgroups controlled by one
common redundant microprocessor shall be done in such a way that the loss
of the controller shall not cause any dangerous operational conditions or
plant shutdown. For example, if the control of feedwater pump 1 is
disturbed, the control of feedwater pump 2 must still be available.

Sequential drive group and functional group control

Sequential Group controls are to be provided for event control, start-up,
operation and shut-down of associated functional units and drive groups, i.e.
it shall be possible to start or stop main aggregates (e.g. feedwater pumps,
sea water pumps, etc.) with all associated equipment by issuing one
command.
To indicate the sequence progress special sequence displays shall be
provided. Via these displays the sequential steps within the individual
sequential programs and 'missing criteria' (error condition) shall be
displayed on the CRT. Sequences including time related events shall include
a time-out alarm indication.

Group controls must be capable of being switched 'on' and 'off' and must
have defined commands for 'automatic' and 'manual'.

Any faults in the control system, which could cause the control sequence to
stop, must be confined to one control sequence.

Any faults in the control system or in the plant equipment must lead to an
automatic changeover from a faulty unit to an appropriate stand-by unit.
If a sequence control is stopped for any reason it should be possible to :

• Resume automatically on any step in function of the prevailing plant

conditions
• Resume manually on any step in function of the prevailing plant
conditions.

For this reason jump conditions shall be foreseen. Before entering in the step
the sequence logic shall check the status of the jump condition. If the jump
conditions is fulfilled the respective step commands will not be executed
and the control sequence will be continued with the next step of the
sequence.

Drive control
Every remote operated drive or circuit breaker shall be controlled by means
of a software drive control module as the standard interface between the
DCS and the switchgear. To this module all orders i.e. from the operator
station via the keyboard, step signals of the control sequences, interlocks or
protection as well as all check-back signals of the drive or switchgear shall
be connected. After the processing of these signals the control module shall
issue the order to the switchgear via coupling relays.

B8 - 23
The Tenderer shall describe in his offer the hardware and software modules
he intends to use for the drive control.

Drive control modules shall meet the following minimum requirements:

• Inputs for manual, automatic and interlock signals. Protection signals

shall have priority over other commands. If activated they shall block the
ON/OFF commands up to acknowledgment. There shall be a visual
display of this blocking action and it shall be capable of
acknowledgment. In cases where it is necessary, for safety reasons, to
provide a local emergency stop push-button, the operation of this push-
button shall have the same effect as the operation of other protection
devices.
• Dedicated outputs for ON and for OFF commands.
• In the event of on/off command arising simultaneously or commands
repeating alternately, provisions must be made to lock out these
commands.
• Power supply and signal conditioning for the binary transmitters, such as
limit switches, connected to the module.
• Stop command of the actuator upon triggering of the stroke or torque
limit switch.
• Signaling of drive position and operation status (e.g. local operation).
• Selection of local or remote operation mode.
• Monitoring of any changes in status not brought about by the drive
control module.
• Selective fault annunciation for drive connected faults such as differential
signals, i.e. the position of the drive is in opposition to a given command,
or trip by fault in the switchgear.
• The contact of the low-voltage relays in the motor control center (MCC)
shall for each continuous drive be processed as an undervoltage
protection, due to voltage drops resulting from rerouting procedures.
• Processing time from incoming signals to outgoing commands shall be
less than 20 ms, in order to stop torque seated motor valves.

In the event of any tripping or failure, a group signal must be passed via the
annunciation equipment and the fault status must be displayed individually
for each drive in the appropriate operation display on the operator station.

For unidirectional motor drives (pumps, fans) the issued command shall be
an impulse (e.g. reset by switchgear feedback signal) which shall be
memorized in the switchgear by selfholding, so that the interposing relays
shall not be permanently energized.

For reversing drives (actuators for valves, dampers), the control command
shall be reset by stroke end or by torque switches. Drives/actuators with
intermediate positions shall be designed either with a stop command or for
inching operation.

B8 - 24
 The interposing relays shall be housed in the motor control centers of the
switchgear and are to be considered as part of the open-loop control system.
Solenoid valves that do not exceed the drive control module power limit
may be energized directly from the drive control module.

Individual controls of reversing drives shall be so designed that upon

withdrawing of the control cable plug connector the drive actuator will stop
and it will not be possible to set it in motion.

The control commands from the drive control module to the switchgear
shall be transmitted to the switchgear through two interposing relays, one for
the ON and one for the OFF command. The coils of the interposing relays
shall be connected with free wheeling diodes.

B8.3.4.4.5 Protection and safety interlocks

To protect individual units or parts of the plant, interlocks are to be formed

in accordance with process criteria, which can be either active or passive
depending on their functions.

Active interlocks shall automatically disconnect units or parts of the plant

before they reach a critical operating condition or shall start certain units
(e.g. stand-by) in order to avoid a critical operating condition. In addition,
such dangerous conditions must be immediately indicated to the operating
personnel by means of an alarm.

Passive interlocks are intended to prevent operational errors or wrong

commands from being carried out in the event of selective faults in the
automatic control.

Active and passive interlocks must not be capable of being switched off
operationally from the control room. All protections have to work fully
automatically and independent of the operator and always have to be
effective for all procedures (manual, partial automatic, fully automatic).

After a stop or close action by protection, the restart of the equipment shall
be possible only after the fault is rectified and the protection signal is reset.
Simple cancellation of protection signal by start command shall not be
possible. The protection action and the operator reset shall be recorded by
the DCS.

B8 - 25
B8.3.4.4.6 Interlocks for alarm annunciation

Some alarm annunciation are of interest to the operating personnel only if

the corresponding part of the assembly or units are in the start-up, operating
or shut-down condition. These linked annunciation are usually made up of
signals showing conditions and process monitoring criteria. The alarms shall
be inactive when the relevant unit or equipment is supposed to be out of
operation.

B8.3.4.5 Data highway communication

The distributed controller modules shall communicate with the workstations

and with each other through a data highway. The data highway shall be dual
redundant coaxial or fiber optic cable capable of data transmission for the
power plant requirement.

The communication system shall have all necessary fault diagnostics. Any
errors shall be alarmed and recorded in the CCR.

Operation of dual highway system shall be such that failure of one highway
shall not affect the operation of the plant and control shall be automatically
switched from failed highway to the functioning one.

In case of loss of both data highways, the individual controllers must remain
in operation. Under no circumstances shall one single failure lead to an
outage of the complete data system.

The data protocol used shall safeguard against erroneous data transmission
and allow for error detection, recovery and initiate switch-over to the
redundant data highway.

B8.3.4.6 Operator station

B8.3.4.6.1 General

The operator interface shall be provided by operator stations, which permit

the operator to control and monitor the plant. It shall be possible to display
the process with corresponding graphic displays, control loop displays,
electrical single line schematics, group displays, on-line, sequential
breakpoints, historical trend curves, alarm lists, all with dynamically
updated process parameters on the CRT's.

All analog signals from field equipment shall be shown on the CRT's, in the
dynamic graphic displays or/and other displays. It shall be possible to
provide a historical and real time trend display for analog and status signals.

B8 - 26
For high availability of the plant redundant operator stations have to be
provided. In case if one operator station should fail, operation of the plant
shall still be possible using the remaining operator stations.

The CRT update and process response time shall be less then 2 second.

Each operator station shall be equipped with:

• Operator desk
• CRTs (see B8.3.2)
• One functional keyboard
• One mouse or trackball
• Printers (see B8.3.2).

Each of the operator desk stations shall also be equipped with the
communication equipment.

Generally, it must be possible to supervise any unit and any part of the plant
from every operator station.

Hardwired emergency push buttons for boiler trip, turbine trip and generator
trip and a minimum number of discrete controls shall be provided on the
control desks to allow the units to be shut-down safely in the event of major
DCS failure.

Supervisor operator desk equipped with:

• Operator desk
• CRTs (see B8.3.2)
• One functional keyboard
• Hardcopy printers (see B8.3.2).

Adjacent to the CCR, in a separate Engineering Room, an engineering

station for program generation and modification, system diagnosis and
documentation, and diagnosis and parameterization of the SMART
transmitters shall be installed.

At the operator station the operator must be able to choose any kind of
display and execute control on any of the unit assigned CRTs from any of
the keyboards.

Through the operating consoles it shall be possible to monitor, start or stop

the plant's equipment, control the various valves, pumps, solenoids etc.,
change modes and set-points of controllers, and monitor the status of the
entire plant by means of graphic displays, alarms, trends, printed reports,
logs, etc.

B8 - 27
All necessary information concerning process behavior, control instrument
and controller integrity for modulating control, sequential control and alarm
function shall be immediately available to the operator at the operator
station.

Main memory shall be protected against loss or corruption in case of power

failure. Automatic reload and restart shall be provided not requiring
operator’s intervention.

The system shall be provided with the main and bulk memories of adequate
size including 20% spare capacity, i.e. 20% of the installed memory shall be
free for future extended functions. If during execution of this project,
memory sizes prove inadequate, Contractor shall increase memory at no
cost.

Bulk memory shall be provided with hard disks and shall be redundant.
Floppy disks or tapes shall not be used for holding foreground programs or
their data. They may be used only to load and to extract programs or data.

CRT's shall be:

• TFT color monitors with non-reflecting screen

• High resolution 1280 x 1024 as a minimum
• Size minimum 21 inch.

The intensity of the display shall be adjustable by the operator so that

characters and symbols shall be clearly legible from a distance of 1.5 meters
under high ambient lighting conditions. The display units shall not emit high
frequency noise, and the screen flicker shall have a frequency that will
eliminate interference with fluorescent lighting.

The monitors shall be shielded against interference by high magnetic fields.

To perform the described functions no operator programming shall be

required. All features shall be available through use of the functional push
button. Pressing of illegal push buttons during any operation shall be
ignored and the error condition shall be indicated on the display.

Selection of items to be controlled on the screen shall be via mouse or

trackball.

All data entry and operator commands shall be subject to two steps of
operating action so as not to cause any inadvertent actions. Regularly used
keys shall be of extra rugged design. Keyboard operation must be conceived
in such a manner that the selection of the different displays and access to the
process variables, motors and actuators shall be possible directly from a
dedicated functional keyboard, with only a few key strokes. In critical
situations the switch from a general display to a display suitable for direct

B8 - 28
 control must be possible directly without the need to select additional
intermediate displays.

In addition to the capability of invoking control actions from dedicated

displays, the system shall also provide the facility of invoking such actions
via graphic displays.

For the arrangement of CRT’s and control equipment in the control desk, the
Contractor shall provide an ergonomic design of modern furniture matching
the control room design. Each operator station shall include a conventional
control desk Section for hardwired controls such as emergency shut down
functions, etc. Lighting of the control room shall be chosen and designed in
such a way that shall not have any reflection and white spot on the CRTs.

B8.3.4.6.2 Software requirement

The system software shall contain functional software modules that will
perform the basic control, monitoring and calculations. Function blocks in
the form of standard software modules shall be available.

The function blocks will be linked to build the required control functions.
Implementation of the control functions shall be easily possible using
readily understandable configuration procedures. All configuration
modifications shall be implemented on- line. The software shall be menu
driven. There shall be no requirement to write basic software machine
program for any update or modification.

The library of software modules shall contain all the functions required for:

• Closed-loop control, such as PID, analog and step output, multivariable

control, bias, cascade control, adaptive gain, etc.
• Open-loop control, such as AND, OR, EXCL OR, NOT, memory, time
delay, counter, etc.
• Standard software modules for motor/actuator control logic shall be
available, covering the functions described under 'Drive control' in
Section 'Open-loop control'
• Standard software modules for sequence control, such as sequence header
and step modules
• Standard software module for the selection of the operating and stand-by
units and automatic change-over from a faulty unit to the selected stand-
by unit
• Calculating functions such as function generators, min/max. selector,
high/low limiter, square root, summation, multiplication, average, delay,
dead time, ramp, integration, limit value monitor, conversion to
engineering units, etc.

B8 - 29
 The configuration control software must include provisions for setting each
loop's scan rate. The configuration software must also be able to be
implemented by means of fill in the blank templates or other user friendly
approaches that allow the user to easily create and modify control strategies
by lining the predefined algorithms.

The DCS system must have provision to develop sequences and must be
capable of being programmed directly from logic flow charts using an
operator oriented language.

The system shall be furnished complete with working programs.

All software design, development, debugging and reprogramming tasks,
which are required to achieve operation in accordance with this
specification, shall be Contractor’s responsibility.

B8.3.4.6.3 Man-Machine-Interface (MMI)

The MMI of the DCS shall include a hierarchic visualization concept tuned
to the requirements of plant operation. Through it the operator
communication and monitoring shall be performed.

For this purpose graphic elements (plant displays, curves, loop displays,
alarm displays, operating windows etc.) arranged in an hierarchic order shall
display easily, quickly and transparently the status of the plant, of the control
equipment and of the control loops.

The highest demand in the designing of the MMI shall be placed on user
friendly displays. For the control room operator displays for monitoring,
information and control functions shall be provided. The displays shall
present process sequences and statuses in a functionally related manner.

MMI update
The system shall be capable of processing all inputs in such a manner that
all displayed data shall be updated within maximum 1 sec. for analog inputs
and within maximum 1 sec. for digital inputs. The system must be capable
of accepting spontaneous events from the process with a time resolution of
10 ms (SER function), independent from the above mentioned scanning
cycle times. The system shall however be capable of inhibiting any nuisance
alarms during the period when the equipment is out of service.

VDU Structure
The tenderer shall design and propose the VDU structure, operator control
function templates, mimic display standard, symbols standard, piping and
alarm color code for the Owner’s approval.

The structure shall include, but not limited to, content with key assignment,
overview display, P&I Ds, single line diagram, control station, Mill &
burner management system, drive level, sub group level, group level, unit
level, alarm summary, alarm functional group summary, SOE recorder,

B8 - 30
trending, process parameter, maintenance functions, reporting, on load test,
Permit To Work management.

The VDU mimics shall have all the required parameters and control
functions for operator perusal. The parameters shall include, but not limited
to, equipment status, process values, setpoints, control output,
valve/damper/coupling position, control status, breakpoint status, sequence
timing, permits, protection parameters, sequence status, shift & monthly
management reports, transmitter redundancy and selection, process
parameters status and alarm points, DCS hardware and module status, etc.

The VDU mimics shall be connected to relevant mimics by means of

software pop up functions. All mimics shall display generating MW.

Overview display
An overview display shall enable the operator to determine the overall
operation of a large segment of the plant. It shall indicate the alarm status of
all loops. The operator shall be able to call up directly any overview display.

Process graphic display

Dynamic interactive graphics of different Sections of plant shall be able to
be displayed on the operator stations. Graphic displays shall be configurable
only through engineering environment (i.e. from a console via password
access) and use symbols from a library of standard/user defined graphic
symbols. Different plant Sections shall be displayed on different pages.

A graphics package shall be available on the system. This shall be able to

create user defined symbols and store them in user defined libraries.
In addition standard industrial ISA symbols such as heat exchangers, pumps,
compressors and tanks shall be provided.

Graphic displays shall be of the interactive type with the possibility of

integrating process parameters ('live' points) through which it shall be
possible to control the process. It shall be possible to send motor start/stop
and valve (MOV) open/close commands, from this display, by 'touching' the
target for selection.
Face plate and trending information shall be accessible from the graphic
displays directly through free format windowing facilities. All control
parameters shall be displayed on their respective graphic pages. It shall be
possible to view the process variable and alarm points, and to view and
change set point values, manipulated variables, and controller mode, etc.
from the graphic display. Different colors shall be used to identify different
events.

Alarm summary display

All activated alarms shall be listed in chronological order. Alarms not yet
acknowledged shall be distinguishable by flashing annunciation. The CRT
shall display the message of occurrence and of disappearance.

B8 - 31
All new alarm messages shall be displayed on the next available line and
shall flash until acknowledged from the keyboard. Every new alarm shall
activate a bell to call the attention of the operator. There shall be dedicated
bell annunciation for alarm, fault and trip status. If more alarms are detected
than are to be shown on the CRT, more recent ones shall be displayed and
the earlier messages shall be shifted to the alarm backlog memory. In this
case a special message on the screen will indicate presence of messages in
the backlog memory. A key facility to recall the backlog messages on the
CRT display shall be provided.

The alarm condition of each point shall be displayed on general alarm

summary and functional group alarm summary. The group display shall
indicate the alarm by color change and blinking.

Control system checkpoints such as temperature of the critical hardware,

power supply voltages etc. shall be provided for accuracy checks.
The system shall automatically check its accuracy and shall initiate alarm if
not within the specified limits.

Loop display
The loop display shall contain all detail information of the individual control
or measurement loop, including:

• Configuration of the loop

• Control signals
• Control parameters
• Transmitter range
• Alarm set values
• Output limits
• Actuator loop with status of release and protection signals.

The detailed information shall be key coded or access code word protected
from unauthorized alteration.

Sequence control status display

This display shall indicate the status of a sequence control logic, indicating
the actual step with the corresponding process criteria.

Trend display
The system shall be capable of displaying both real time and historical
trends as follows:

• Real time trend. The real time trend shall be for a minimum of 8 hours at
a sampling rate of 10 seconds.
• Historical trend. The historical trend shall be for a minimum period of
96 hours. Historical data shall be stored on a non-volatile memory device
such as hard disk. It shall be able to be archived for recall.

B8 - 32
The available storage shall be sufficient for all analog points for a period of
one month at a sampling rate of 10 seconds or better. Varying the sampling
rate or producing averages such as one minute, two minute etc. shall make it
possible to store more points or for longer periods.

Real time and historical trends shall be possible on any parameter or

variable like measured variable, set point, output, calculated value, etc.
The trend display shall be single line type and bar graph type. It shall also
display information like loop tag, engineering units, span, current value,
alarm status, etc. of the trended variable. It shall be possible to display by
scrolling or expanding the time base all of the trend data available on the
system. Selection of the tag and sampling time for real time and historical
trending shall be possible from operator keyboard.

It shall be possible to sample and store data of instantaneous and average

value at the intervals mentioned below:

• At intervals of 1 second or higher for the real time trends

• At 10 seconds, 1 minute and 10 minutes interval for historical trends.

The system shall also have a multi-trend feature from which it shall be able
to display the set point, measured variable and output of any combination of
variables on the same trend variable.

Operator input windows

For operator actions operator input windows shall be provided. It shall be
possible to select operator input windows from any of the displays and to
open various operator control windows simultaneously on the screen.

When a particular operator input has been accepted by the DCS, this
condition shall be indicated to the operator by a change of color, short
blinking, short audible tone etc.

Process control operations shall be performed in two steps:

• Entering/setting of value
• Confirmation/execution of the entry.

In all cases the current and the entered data shall be shown separately.

A standard display shall be used for adjustment of drives with open/closed-

loop controls. All relevant values of the open loop or the closed-loop
controller (actual value, manipulated variable, etc.) shall be displayed.
All operator inputs shall be transferred to the automation system only after
the confirmation key has been pressed (two-stage commands).

B8 - 33
Logging
The system shall be able to assemble data and print various kinds of
standard reports, all of which shall be also available on demand keystroke.
The system shall provide the following basic types of reports as a minimum:

• Event lists
• Operator action reports
• Custom reports with fixed and variable formats.

The above reports shall use real time data, historical data, or calculated data
generated, by any node in the system or any connected device to the system
such as PLC's or process computers. All points in the system shall be
available for logging.

A report generation function shall be available at the engineering

workstation for free-format reports generation of text and data. The report
types shall be:

• On demand
• At a predefined time (hourly, shift, daily, etc.)
• Event triggered
• Real time events with six hours worth of data to help in diagnosing
shutdown incidents.

These reports shall be archived for further recall.

The system must have a Report Generator to build and schedule reports
based on current and historical data. More complex reports, (more than just
lists of totals and averages) must also be able to be produced. The Report
Generator must contain a report builder and a report scheduler.

Demand for immediate output of a report must not affect any scheduled
reports that have been set up previously.

The report generator must be able to build and print many types of reports.
These will include:

• Sequence programs
• Historical summary reports for hourly, daily, etc. type activities
• Instantaneous reports for such items as current plant status.

The types or classes of data used by the report generator must include:

• Analog variables and associated parameters

• Operator entered values
• Status of multi state variables
• Alarm and event messages

B8 - 34
 • Calculated variables
• Historical data values and status
• Other retrievable tagged items.

The report generator must also be able to incorporate text supplied for report
titles, subheading, messages, etc. Data validity indicators must be
propagated throughout report production to provide information on the
reliability of requested values.

Math functions must be a standard part of the report package. The software
package must be easy to use and not require programming skills.

The Tenderer shall consider a sufficient number of reports in his offer.

The considered number shall be submitted with the offer.

B8.3.4.6.4 Alarm annunciation and Sequence of Events Recording

functions (SER)

All alarms and events of the power plant shall be recorded in the DCS alarm
summary, functional group alarm summary, alarm and event printers.

Sources of alarms shall be but not limited to:

• Field process signals
• Status inputs
• Analog or derived variables
• Instrument alarms within the DCS (for example open circuit detection on
analog inputs bad process measurement, etc.)
• Discrepancy alarms (i.e. both limit switches open etc.)
• System fault alarms
• Data communication alarms i.e. errors data
• Alarms transmitted via serial links from non DCS systems
• Other related alarms.

Alarm shall be prioritized and identified with color coding depending on the
priority of the alarm as follows:
• Trip
• Very High/Very Low
• High/Low
• Control module/hardware failure
• Bad quality input/parity fault

Alarm shall be either acknowledged, unacknowledged or inhibited and shall

be easily identified with color code and flashing frequency. Bell
annunciation shall have different tone depending on the priority of the
alarms.

B8 - 35
Alarms shall have pop up link to the related VDU mimics for prompt
identification of source of abnormality.

First up alarm system shall be applied.

High resolution input data of 2 ms discrimination or better for SER shall be

recorded during startup, shutdown or any abnormality which may cause the
plant and major equipment to trip.

The SER shall monitor detailed tripping signals for boiler trip, turbine trip,
generator trip and major auxiliaries.

SER shall be required to record all tripping signals and sequence as per real
timing to enable correct diagnosis and analysis.

During the tripping, SER log shall be available on the DCS and print out.

Abnormal operating conditions and events in the plant have to be

annunciated. For optimum identification of the cause of faults the individual
alarms shall be displayed on CRT and printed out in their true sequence of
appearance.

Under operation control, it shall be possible to enable/disable the printing of

all or selected alarms.

The design shall be as follows:

• Detection of fault and status annunciation in correct time sequence

• Changes in annunciation are to be printed out with annunciation tag
number, clear text and with date and time of day
• The printer used will be of the same type as the others connected to the
operation stations
• System must be able of self-checking for system faults and creating
special control system alarms
• Alpha-numeric signal code;

The display shall list for each alarm:

• The time of alarm followed by MONTH/DATE/YEAR

• The alarm point tag
• The alarm point description
• The violation type such as, high, low, deviation, rate of change, "bad"
process value (high or low)
• Priority shall be indicated by color

B8 - 36
 • The alarm condition of each point shall be clearly shown in group
graphics and individual point displays. Alarms shall be displayed as they
happen on the correct screen in the allocated area. It shall be easy to
determine from these displays if the alarm has been acknowledged (for
example, blinking indication for not acknowledgment alarms).
• System alarms.

It shall be possible to process a selected number of signals in the Sequence

of Event Recording (SER) function of the DCS. For this function the DCS
shall provide a first out alarm capability. In the case of an avalanche of
alarms, the system shall be able to discriminate between them by time and
date in the order of their occurrence.

The time resolution of the SER function shall be 2 milliseconds or better,

i.e. if the second event occurs 2 milliseconds after the first event, then the
equipment shall be capable of resolving the two events.

If alarms transmitted from other control systems (e.g. black boxes) to the
DCS via a serial links are processed in the SER then this alarms have to be
transmitted with the corresponding time tag and the clocks of the two
control systems have to be synchronized. If this requirement cannot be
fulfilled then the processing of these signals in the SER is not allowed.
In this case the important alarms from the black box's control system shall
be hardwired to the DCS.

The most important requirement for the SER function is that in case of plant
upsets correct time information shall be available for all signals processed in
the SER and that all signals of the plant which can trigger plant upsets shall
be included in the SER , i.e. the offered SER shall be a plant wide SER.

Clock system
The clock system shall interface to a GPS Master clock Receiver to provide
accurate time for the DCS slave clocks and the other slave clocks into the
associated systems.

B8.3.4.6.5 System diagnostics and configuration

For system engineering, diagnosis and system maintenance engineering

stations shall be offered. These engineering stations shall be accommodated
in a separate engineering room adjacent to the CCR. The engineering
consoles shall be equipped with CRT and engineering and functional
keyboard used for tests, configuration and tuning purposes.

B8 - 37
The engineer's console shall allow system configuration, writing and
executing of user written macros, graphics development, report generation,
logging specification, system self documentation functions, system
monitoring functions (which show the result of self diagnostic tests), system
database load/save etc. In addition it shall be possible to tune controllers,
change limit set-points, view all loop variables, configure control systems,
add and delete alarms, change data of the DCS in online operation, set input
and output signals as well as internal variables, with automatic logbook
functionality of executed simulations.

The documentation shall be provided in machine language and according to

ISA-standard.

Finally, the system must enable the diagnosis and parameterization of the
SMART transmitters.

Printers shall be provided allowing for CRT hard copies, configuration and
parameter printout etc.

For the generation of process graphic displays, a standard library of symbols

shall be used. Configuration of the control function shall be possible by
structuring the control system flowchart, or simply selecting a programmed
algorithm and entering the required attribute information such as input and
output location and tuning constants. Control loop and sequential logic shall
be built by linking the desired control function as they appear on control and
sequential diagram. Modification shall be easily made by revising the
attribute information and inserting and deleting the control function.

Operation of the engineering consoles by unauthorized personnel shall be

prevented by the use of key lock or code words.

The system shall monitor itself continuously for failures by means of self-
diagnostics. Diagnostic routines shall be applied for each control module.
Detailed diagnostic messages shall be displayed on the instrument
engineering console's CRT and printer, and group alarms shall be given at
the process operator's desk.
Diagnostic displays shall be available to assist fault location. It is expected
that most faults will be quickly repaired by simple replacement of a card or
module. The diagnostic display shall clearly identify the faulty component,
the nature of the fault and the component location.

If the required diagnostic functions/displays are not available in the

engineering station than separate diagnostic hardware/software within the
DCS shall be offered.

The Tenderer shall submit with the offer a description of the offered
engineering station and the diagnostic hardware/software/displays.
Examples of the different type of design documentation and methodology
shall be included and explained with the offer in regard to system software.

B8 - 38
B8.3.5 Boiler protection system (BPS)

B8.3.5.1 Design requirements

The design of the equipment is to be fully fail-safe.

The BPS shall be part of the DCS. If it is a proprietary system, it shall be

connected to DCS as an integrated control system. Control and monitoring
shall be realized via the operator stations of the DCS in the CCR.

B8.3.5.2 System architecture

The BPS shall be resident in a dual or triple modular redundant (TMR)

control system.

The offered equipment shall have the following relevant features:

• The equipment shall be recognized third party audited or certified for this
kind of application
• There shall be numerous systems of this kind in use for industrial control
• Hardware and software shall be standard catalogue products
• The application program, once defined is not user variable.

B8.3.5.3 Hardware requirements

Each BPS system is to be supplied as fully assembled and functional, pre-

wired, programmed and tested, in lockable steel cabinets, fully accessible
front and rear, complete with all technical and operational documentation.

Redundant output channels must not be on the same circuit board or in the
same bin.
Output channels shall be short circuit proof.

B8.3.5.4 Software requirements

Safety requirements will be incorporated in an approved logic diagram.

This will be used to create the application program. A programming device
shall be included in the scope of supply. The programming device shall be
capable of connecting to the system and monitor the PLC on-line.

B8 - 39
B8.3.5.5 Emergency shut-down

In case of a major failure of the DCS a safe shut-down of the plant must be
guaranteed. The fail safe control system must bring the plant into a safe
operational status in this case.

B8.4 Technical requirements for Data exchange with the AGC

B8.4.1 General

This section is related to the Automatic Generation Control (AGC). The

demands are to be covered with the DCS and the SCS system.
The SCS system is not part of the scope of this section of the specification.

Nevertheless the listed signals are to be delivered completely.

Please refer also to C2 for AGC description.

B8.4.2 Requirements for the control center

The DCS/SCS should be capable of conveying all the signals required to

meet the Control Center requirement, including the effective operation of
the Automatic Generation Control (AGC) function between the Control
Center and the Facility. In principal, this means that the generator load
demand set points will need to be transmitted from the Control Center to the
Facility via the SCS

B8.4.3 Requirements for Automatic Generation Control (AGC)

There are associated analog and digital signals which are required for
effective operations of the AGC, amongst which are set point feedback,
AGC control request, unit selected on AGC control, AVR on auto, unit
active power, unit reactive power, base / droop mode, LFC upper limit, LFC
lower limit, ramp rate and also block / unit mode. The final signal list
required for the AGC will be mutually agreed between Tenderer, customer
and TNB during project implementation.

A stand-alone, hardware watchdog logic must also be incorporated at the

SCS to automatically signal to the Facility to discontinue / suspend AGC
operations when the Control Center is unable to effectively carry out
automatic generation control to the Facility because of SCS failure or
because of telecommunications failure between the Control Center and the
SCS.

The SCS may communicate with the Facility either by serial communication
link or by hardwired connection. In the former, dual redundant links and

B8 - 40
 communication apparatus must be provided. However, the watchdog
signaling logic must be hardwired so that this will continue to operate
effectively even during SCS failure.

B8.4.3.1 Data Requirements for Control Center

The Automatic Generation Control (AGC) shall at minimum provide the

following data.

i. Status Input (SOE)

• At High Regulation Limit

• At Low Regulation Limit
• At High Temperature Limit
• Plant On-line / Off-line
• Active Power Control Mode Selector Remote / Supervisory
(Local / Control Center)
• Reactive Power Control Mode Selector Remote / Supervisory
(Local / Control Center)
• AVR Auto / Manual
• Sliding / Constant Pressure Mode (steam set)
• Base / Droop Regulation Mode
• Main Busbar Selector Isolator Open-Close
• Reserve Busbar Selector Isolator Open-Close
• Open / Combined Cycle Mode
• Block / Unit Mode
• Control Generator Circuit Breaker Open / Close
• Facility Isolator Open / Close
• TNB Isolator Open / Close
• Generator Shutting Down

ii. Output

• AGC On-line / Off-line (AGC Request ON / OFF)

iii. Analog Input

• Unit Gross MW
• Unit Gross MVAr
• Unit Net MW
• Unit Net MVAr
• Block Net MW
• Block Net MVAr

B8 - 41
 • Ramp Rate Up
• Ramp Rate Down
• High Regulation Limit
• Low Regulation Limit
• Unit Active Power Setpoint Feedback
• Unit Reactive Power Setpoint Feedback
• Block Active Power Setpoint Feedback
• Forbidden Zone Low Limit
• Forbidden Zone High Limit

iv. Analog Output

• AGC Unit Active Power Setpoint Analog (4-20 mA)

• Unit Reactive Power Setpoint Analog (4-20 mA)
• Block Active Power Setpoint (4-20 mA)

v. Pulse Count Input

• Import kWh of Billing Energy Meters

• Import kVArh of Billing Energy Meters
• Export kWh of Billing Energy Meters
• Export kVArh of Billing Energy Meters

The following is a description of how some of the data listed above are to be
used or implemented for AGC purposes.

UNIT DCS
AGC REQUEST ON/OFF (1-bit digital)

MW SETPOINTS (analog)

LOCAL / NLDC (1-bit digital)

NLDC
~ (via the RTU)

SETPOINT FEEDBACK (analog)

UNIT MW & MVAr (analog)

BREAKER STATUS (1-bit digital)

UNIT / BLOCK Mode (1-bit digital) for CCYC only

OC / CC Mode (1-bit digital) for CCYC only

• The Figure above shows the input and output signals needed for AGC.

B8 - 42
• Only one analog signal will be sent by Control Center to the DCS, i. e.
the MW Set-point (MWSPNT). This is the input signal to the station’s
unit / block controller (4-20 mA signal).
• The MW Set-point (MWSPNT) is what Control Center requires the
station’s unit / block to produce after the generator transformers, that is
MW output on the HV side (Net MW Output). The station’s unit / block
controller thus has to ensure that the Gross MW Output caters not just
for the transformer losses, but also for the auxiliary consumption to
ensure that the Net MW Output matches the given MW Set-point.

XFormer
Gross MW
~ Net MW

Auxiliary

MW = Gross MW - Auxiliary - Xformer Losses

• Five analog measurements (4-20 mA signals) are required to be sent from

the station’s DCS to Control Center:

• Unit / Block MW output at the HV side of the generator transformer

• Unit / Block MVAr output at the HV side of the generator transformer
• Unit / Block MW output at the LV side of the generator transformer
• Unit / Block MVAr output at the LV side of the generator transformer

• The MWSPFB is basically the MWSPNT signal that is received by the

station’s unit / block load controller. It is to confirm that the unit / block
has received the MWSPNT from Control Center correctly and within the
required time frame (< 2 seconds).
• There is only one digital input signal to the station in the form of voltage
free contact (Open or Closed). This is the AGC ON / OFF signal, or the
AGC Request ON / OFF signal. It is an indication from Control Center
to inform the station that Control Center ”intends” to take over the
control of the block / unit. The output of this signal can be utilized by the
station to alarm the station operator via a visual / audible indicator. It can
also be included in the DCS logic in such a way that it must be present
for the unit to be under “Control Center Control”.
• The Local / Control Center signal is a digital output signal from station
to Central Center (also a relay contact). It signifies the status of the Local
/ Control Center selector switch at the DCS. If the selector is at Local,
Control Center will receive a logic “0”.
• All signals must be made available at the interfacing panel as agreed by
both Parties.

B8 - 43
• The following is the functional requirements for all units operating under
AGC.

Function Category Requirements

1 Analog telemetry a) Set Point (SPNT) Received correctly at station
b) Set Point Feedback Sent correctly by station and
(SPFB) received correctly by Control
Center
2 Switchover c) Without Control Unit / Block should never
Center AGC Request on switchover to Control Center's
Signal control without Control
Center's signal being present
d) Bumpless transfer Unit / Block should never
from LOCAL to switchover unless SPNT is
Control Center and approximately equal to current
from Control Center to generation and that unit should
LOCAL remain stable during and after
switchover
3 Ramp up / ramp set On receipt of new set The Unit / Block must be
point point capable of ramping up / down
based on the declared ramp
rates and finally settling down
at the given set point
4 Communication Communication failure a) Either proceed to the last
valid set point given or remain
at current generation
b) Auto revert to local control
and remains stable at that value
until intervention by plant
operator should the
communication facility does
not return to normal within a
preset time
Loss of AGC Request
On Signal from Control
Center
5 Abnormal signals Set point sent greater a) Proceed to the last valid set
than LFC max point or remain stable at
current generation

Set point sent less than b) Wait for a valid set point
LFC min from Control Center or auto
revert to LOCAL and wait for
plant operator intervention
Set point 0
6 Reactive power MVAr control Independent of AGC controls
control

B8 - 44
 Function
7 Free governor
8 Regulation Range
Category Requirements
The free governor must be
operational whilst under AGC
with the specified dead band
and droop settings
Unit / Block must have a
contiguous regulation range
that is at least 40% of its
capacity

B8.4.3.2 Data for transmission switchgear monitoring and control

The following data are required for transmission switchgear monitoring and
control

i. Status Input (SOE)

Double bit data:

• Main Busbar Selector Isolator OPEN / CLOSE
• Reserve Busbar Selector Isolator OPEN / CLOSE
• Line Isolator OPEN / CLOSE
• Earth Link OPEN / CLOSE
• Circuit Breaker OPEN / CLOSE
• Circuit Breaker Red Phase OPEN / CLOSE
• Circuit Breaker Yellow Phase OPEN / CLOSE
• Circuit Breaker Blue Phase OPEN / CLOSE

Single bit data:

• Control Mode Control Center / SCS Station Level
• Control Mode SCS Station Bay Level
• Control Mode SCS Station Bay Level / Backup
• Control Mode Backup / Local
• Circuit Breaker General Alarm
• Circuit Breaker Syncheck Bypassed
• Undervoltage Trip Alarm
• Busbar Protection Operated (for each busbar / section)
• Busbar Protection Supervision (for each busbar / section)
• Busbar Check Zone Operated
• Busbar Check Zone Supervision
• Circuit Breaker Red Phase Trip
• Circuit Breaker Yellow Phase Trip
• Circuit Breaker Blue Phase Trip
• Distance Protection Main 1 Operated

B8 - 45
• Distance Protection Main 2 Operated
• Distance Protection Zone 1 Trip
• Distance Protection Zone 2 Trip
• Distance Protection Zone 3 Trip
• Distance Protection Red-Yellow
• Distance Protection Red-Blue
• Distance Protection Yellow-Blue
• Distance Protection Red-Earth
• Distance Protection Yellow-Earth
• Distance Protection Blue-Earth
• Power Swing Block
• Current Differential Protection Red Phase
• Current Differential Protection Yellow Phase
• Current Differential Protection Blue Phase
• Directional Earth Fault Trip
• Overcurrent Protection Trip
• Stub Protection Trip
• Thermal Overload Trip
• Switch Onto Fault
• Trip Circuit Supervision
• Protection Relay Faulty
• Relay Panel MCB Trip
• Control Panel MCB Trip
• Intertrip Receive
• Intertrip Send
• Carrier Receive
• Carrier Send
• Master Trip Relay Operated
• Breaker Failure Trip
• VT MCB Trip / VT Supervision
• CB Spring Uncharged
• Pole Discrepancy
• SF6 Low Stage 1
• N2 Low Stage 1
• Oil Level Low
• SF6 Low Stage 2
• N2 Low Stage 2
• CB Lock Out
• CB Lock In
• Single Pole Auto Reclose
• Three Pole Auto Reclose

B8 - 46
 • Auto Reclose Attempt
• Auto Reclose Maintenance Alarm
• Auto Reclose Lock Out
• Auto Reclose Out Of Service
• Auto Reclose Syncheck Fail
• Under Frequency Trip
• Under Frequency Stage 2 Trip
• Under Frequency Stage 3 Trip
• Under Frequency Stage 4 Trip

ii. Analog Input

• Line MW
• Line MVAr
• Busbar Voltage (for each busbar / section)
• Busbar Frequency (for each busbar / section)

iii. Control Output

• Circuit Breaker OPEN / CLOSE

• (Motorized) Isolator OPEN / CLOSE
• Master Trip Relay RESET
• Synchrocheck Bypass SELECT

The “Synchrocheck Bypass SELECT” would cause the syncheck relay to be

bypassed for a pre-determined time only (1 minute) during which the circuit
breaker can be closed by passing syncheck.

The SCS must block the Control Center execution of “Master Trip Relay
RESET” for the affected circuit breakers under the following conditions of
tripping:

• Busbar Protection
• Breaker Failure
• Transformer Differential Protection
• Transformer Bucholz

B8.4.3.3 Data for transformer monitoring and control.

The following data are required for transformer monitoring and control.

i. Status Input (SOE)

Double bit data:
• LV Circuit Breaker OPEN / CLOSE

B8 - 47
 • LV Bus Coupler OPEN / CLOSE
• LV Section OPEN / CLOSE
• Neutral Earthing Switch OPEN / CLOSE

Single bit data:

• Protection General Alarm
• Transformer Guards Alarm
• Tap Changer Control Mode Control Center / SCS Station Level
• Tap Changer Control Mode SCS Station / Bay Level
• Tap Changer Control Mode SCS Bay Level / Backup
• Tap Changer Control Mode SCS Backup / Local
• Tap Changer Out-of-Step
• Tap Changer Auto / Manual
• Tap Changer AVR Override SELECTED / CANCELLED
• High Temperature Alarm
• Parallel / Independent
• Master / Follower
• Differential Protection Trip
• Restricted Earth Fault Protection
• Overcurrent Protection
• Standby Earth Fault Stage 1
• Standby Earth Fault Stage 2
• Bucholz Gas Alarm
• Bucholz Surge Trip
• Winding Temperature Alarm
• Winding Temperature Trip
• Oil Temperature Alarm
• Oil Temperature Trip
• LV Intertrip from HV
• Master Trip Relay
• Pressure Relief Operated
• Main Tank Oil Level Low
• Earthing Transformer Alarm
• Earthing Transformer Trip
• Earthing Transformer Bucholz
• OLTC Earth Fault
• OLTC Low Oil Level
• OLTC Pressure Trip

ii. Control Output

• Master Trip RESET (see blocking conditions above)

B8 - 48
 • AVR Supervisory Override SELECT / CANCEL
• Tap Changer RAISE / LOWER

iii. Analog Input

• LV Voltage
• HV MW
• HV MVAr
• Tap Position
• AVR Setpoint Feedback

iv. Analog Output

• AVR Voltage Setpoint

B8.4.3.4 Data for substation common alarms and measurements.

The following data are required for substation common alarms and
measurements.

i. Status Input (SOE)

• Fire Alarm
• 48V DC Charger Alarm
• Incoming AC Mains Failure
• Station AC on Diesel Generator
• Station AC Failure
• 110V DC Charger Alarm
• Communications Room High Temperature
• Relay Room High Temperature
• Communications Equipment Alarm
• Teleprotection Channel Fail
• Diesel Generator Starting
• Diesel Generator Running
• Diesel Generator Common Alarm
• Diesel Fuel Level Low
• SCS Master Faulty
• SCS Bay Level Faulty
• SCS Inverter Alarm
• Disturbance Recorder General Alarm

ii. Analog Input

• 48V DC Voltage
• 110V DC Voltage
• Station External Ambient Temperature

B8 - 49
B8.5 Technical requirements Communication system

B8.5.1 Telephone system

For an effective communication with other personnel in the plant a

telephone system shall be supplied.

A telephone set should be installed in each room with located personnel and
in every main process area, as like as near to the local control panels.

The central switching assembly including the marshaling distribution panel

and operators switchboard shall be installed in the administration building.

In general, the telephone system shall be designed with the following

features:

• Internal traffic
Internal calls are set up automatically by all subscribers via the central
exchange.
• Direct outward dialing
Outgoing trunk lines will be provided for connection to the Malaysian
public telephone network telephone system.
• Incoming calls go direct, or if the extension number is not known, the
operator can connect the caller to the required subscriber.
• After normal working hours or if the switchboard is unattended,
incoming exchange calls go straight through to one or more extensions.

A conference call facility shall the switchboard or another central subscriber

enable to connect groups of up to 10 subscribers for conference calls
It shall consist of, but not limited to automatic switching equipment,
telephones with the specified features, telephone hoods, etc.

All lines with external link shall be protected against any high transient in
voltage due to lightning.

Requirements for equipment

A PABX telephone system shall be provided.

The PABX shall be of micro-processor-based design with non-volatile

memories.

The system shall not require standby batteries for its operation.

The power supply shall be taken from the UPS busbar.

There shall have no loss of memory in times of power failure and

no-reloading shall be necessary upon power restoring.

B8 - 50
 The system shall be modular in design, enabling flexibility in
re-configuring, building up and expanding the system when required.

Besides the exchange lines, one fax line and one dedicated fire signaling line
to a fire station, inclusive of the digital communicator, shall be provided.

The system shall have the following features as a minimum requirement :

Internal dialing, Direct inward dialing, Hold and transfer, Automatic call
diversion, Call queuing, Call diversion, Direct outward dialing (distinct
enabling possible), Call barring, Separate access to direct lines, Exchange
calls, Group picking, Line status indicator, Distinctive ringing for internal
and external calls, Volume control, Repertory calling memory (at least 10
numbers), Repeat last number, Loudspeaking handsfree terminals including
mute button, Voice mail, 3-way conference.

All telephones and associated equipment installed in the process area or in

outdoor locations shall have IP 65 weather protection in accordance to IEC
60529. All telephones and associated equipment installed in hazardous areas
shall be certified explosion proof type in accordance with IEC60079.

B8.5.2 Public address system

The complete public address (PA) system shall conform with the latest state of
art in the field of P.A. system engineering.

The purpose of the loudspeaker system is to inform by loudspeakers either a

particular group of people on the whole power station area from a central
point, or to issue suitable instructions to any of these in the event of the
development of any alarm conditions, therefore all areas containing
personnel shall be effectively reached by the loudspeaker system.

It must be possible to switch on the following different tone and frequency

signals with the appropriate alarm buttons:

1 – fire alarm
2 – major, large-scale breakdown
3 – gas alarm
4 – all-clear signal (for resetting of alarm)

The PA system shall also be supplied with a siren based annunciation

system to cover all areas within the power station.

The following call types will be signaled by a tone:

• Selective call (e.g. only the loudspeakers in the switchgear building

will be switched in)
• Group call of several loudspeaker lines

B8 - 51
 • collective call of all loudspeaker lines.

A central amplifier station shall be set up for broadcast of instructions and

information by plant personnel.

The loudspeaker lines shall be organized for the following zones (minimum)
inclusive of the rooms, which belong to them:

• Administration building / workshops / offices

• Turbine house / boiler house
• CCR / electronic rooms
• Water treatment plant
• Coal plant
• Other outdoor areas

The instructions and broadcast announcements will be initiated from the

telephonist room and a control unit on the supervisor's desk in the central
control room.

The number and placing of the respective loudspeakers shall suit the
conditions of operation and of the environment in such a way that broad cast
announcements can be clearly understood by the operating personnel at
every corner of the plant including the sub-station, non-technical buildings,
etc. The P.A. system shall serve the whole plant complex, including
non-technical areas.

B8.5.3 Intercom system

An intercom system shall be provided for direct two-way communication

between the central control room and selected places in the plant
The intercom system is designed for direct talk between special places, such
as:

• Central control room

• Water treatment plant
• Entrance gate
• etc.

The control base station shall be located in the control room. It shall be
communication via a desk top loudspeaker/microphone console.

B8 - 52
B8.5.4 CCTV

Colored closed circuit TV shall be provided for the observance of the plant
which shall include, but not limited to:

• Chimney Stack for stack smoke emission monitoring.

• Boiler viewing. A number of CCTV cameras for each boiler for
monitoring of burner flames and furnace bottom hopper.
• Coal Handling. Adequate numbers of cameras and monitors to
overview coal unloading, coal stockpile, stacking and reclaiming.
• Security system. Adequate power station security facilities shall be
provided for general surveillance of the site particularly at vulnerable
areas. A video cassette recorder, remote control, monitors, uniplex or
and infra red lighting shall be included in this system. Operation of the
facilities shall be from CCR and Station gatehouse.

In each case, the CCTV system shall withstand to the site environment. The
CCTV system shall have facilities of remote control, pan, tilt, zoom, focus
and other latest technology functions. For outdoor cameras humidity
conducts shall be provided.

The Tenderer shall be clearly describe the CCTV system philosophy and
configuration.

Monitors shall be supplied with a hood to avoid glare and shall be of the
non-reflecting type. As a minimum requirement the monitor shall have a
screen of diagonal measurement of not less than 440 mm.

No noticeable degradation or movement or flickering shall occur in the

picture, and horizontal resolution shall remain in excess of 500 lines over
primary line voltage variations of at least ± 5% of the rated voltage.

By a suitable magnetic shield care shall be taken that external magnetic

fields such as those of the magnetic separators shall not disturb the images
of the TV monitors.

All the supplied equipment shall be for 240 V, 50 Hz power supply, without
any step-down transformers. The power supply shall be taken from the UPS
busbar.

B8.6 Technical Schedules

The following technical schedules comprise part of this specification.

The data and requirements specified in the respective forms are to be
adhered to and the missing data of forms are to be completely filled in.
The completed technical schedules are to be submitted with the Bid:

B8/FD Design Data/Technical Data by Tenderer

B8 - 53