Control System Design Criteria

1. Scope

This article covers general guidelines for control systems design criteria.

2. References

Reference is made in this article to the following documents. 

National Fire Protection Association (NFPA).
NEC (NFPA 70) National Electrical Code.
Instrument Society of America (ISA).
ANSI/ISA 99 Security for Industrial Automation and Control Systems.
ANSI/ISA-77.20 Fossil Fuel Power Plant Simulators- Functional Requirements .
International Electrotechnical Commission (IEC).
61508, Part-1 to Part-7 Functional Safety of Electrical / Electronic / Programmable Electronic .
Safety-Related Systems
61511 Part-1 to Part-3 Safety Instrumented Systems for the Process Industry Sector.

3. Definitions

Application Software. Software written functions specific to an operating unit, plant, or project. Application software does not modify standard software, but works along with it.
Availability. Probability that a system will be able to perform its designated function when required.
Basic Process Control Systems (BPCS). Defines the control equipment that is installed to support normal production functions.
Control Network. Ethernet network where process control data is handled among the controllers and workstations.
Controller. Module capable of performing full control of the process with process control algorithms, and manage data acquisition and interaction with the process via its Input/Output modules.
Console. Logical grouping of workstations and associated equipment used by the operator/supervisor/engineer to interface with the process.
Distributed Control Systems (DCS). Type of control systems in which the system elements are dispersed but operated in a coupled manner.
Logic Solver. Part of SIS that performs one or more logic functions.
Module. Assembly of interconnected components that constitute a device, or piece of equipment. Typically in a DCS system it will be printed circuit board that can be mounted in a file chassis. A module has definable performance characteristics which can be tested.

Node. Each element of the DCS that has a dedicated role in system philosophy, and has connection to control network, e.g. Controller, Workstations, Servers, etc.
Operating Software. Software platform on top of which other application programs can run. In this case it will be dedicated software running on each control system node to define its functions and roles, and perform the basic functions.
Process Interlocks. Interlocks that are not related with safety functions and that do not have a safety integrated level (SIL).
Redundancy. System configuration with two or more identical modules that provides automatic switchover in the event of a failure of one of the modules, without loss of system function.

Regulatory Control. Combination of process measurement, control calculation, and final control device manipulation that provide closed loop control.
Reliability. Probability that the system or component will perform its intended function for a specified period of time.

Safety Instrumented System (SIS). System composed of sensors, logic solvers, and final control elements for the purpose of taking the process to a safe state if predetermined conditions are violated. Other terms commonly used include Emergency Shutdown System, Safety Shutdown System, and safety interlock system.
Scan Cycle. Total time to scan inputs, execute control algorithms, and transmit outputs to field devices.
Self-diagnostics. Capability of an electronic system to monitor its own status and indicate faults that occur within the device.
System Alarm. Alarm, which occurs as result of a DCS hardware or software fault.

Third-Party System. Any control and/or instrumentation equipment which is manufactured/supplied by other than DCS vendor.
Workstation. Microcomputer designed for technical applications.

Control System Abbreviations and Acronyms

1oo2 – One out of two.
2oo3 – Two out of three.
AV – Anti-Virus.
BPCS – Basic Process Control Systems.
DMZ – Demilitarized Zone.
EWS – Engineering Workstation.
F&GD – Fire and Gas Detection.
FAT – Factory Acceptance Test.
FSU – Fuse Switch Unit.
LAN – Local Area Network.
MCB – Miniature Circuit Breaker.
MCCB – Molded Case Circuit Breaker.
MIS – Management Information Systems,
MMS – Machinery Monitoring Systems.
MTBF – Mean Time between Failures.
NTP – Network Time Protocol.
OTS – Operator Training Simulator.
OWS – Operator Workstation.
PDP – Power Distribution Panel.
PAMS – Plant Asset Management Systems.
PIMS – Plant Information Management Systems.
PSU – Power Supply Unit.
RIB – Remote Instrument Building.
RR – Rack Room.
SAT – Site Acceptance Test.
SCADA – Supervisory Control and Data Acquisition Systems.
SIS – Safety Instrumented Systems.
SOE – Sequence of Events.
VLAN – Virtual LAN.


4. Control System Design Criteria Overview

4.1. Scope of Control Systems

Control Systems include Distributed Control Systems, Safety Instrumented Systems, Programmable Logic Controllers, SCADA, Management Information Systems, Plant Asset Management Systems, Machinery Monitoring Systems, Fire and Gas Detection Systems, Steam Turbine Control Systems, Compressor Control Systems, Burner Management Systems, Packaged Equipment Control Systems, Tank Gauging Systems, Networked Electronic Sensing and Control, and Monitoring and Diagnostic Systems.

4.2. Reference Model

As per ISA 99 standards Figure-1 is considered as reference model for the applications.

Figure – 1 Reference Model for Control Systems

4. Control System Design Criteria Overview

4.3. General Functions

The main functions that are typically performed by Control Systems are shown in the Figure-2.

Figure 4 Typical Power Supply and Distribution in RIB /RR


5. Process Considerations for System Selection

Control system shall be selected as per following type of processes.

5.1. Continuous Process

5.1.1. In processes where there is an uninterrupted flow of feed and product, the DCS shall be continuously available, unless the plant is under overall shutdown. This necessitates high MTBF and low MTTR values. This mandates the use of redundant processors and I/Os.
5.1.2. The continuous process uses more regulatory controls, handles more analog data, signal characterization, conversion and manipulation of data. DCS shall be used for the continuous processes.

5.2. Batch Process

5.2.1. Processes where units or areas can be operated independent of other units or areas, where the process takes definite time to complete its sequence of operation before next cycle of raw material can be fed, is known as batch processing.
5.2.2. In general, the batch processes are time and event dependent and employ many discrete I/O and logic steps. If very low scan cycles and less user interface are required then PLCs shall be used, otherwise DCS with relevant batch software capable of handling recipe management shall be used for batch process applications. The Batch Process application software shall comply with ISA SP 88.

5.3. Mixed Control

5.3.1. In process plants the continuous and sequential controls may be mixed. PLC may be used for sequential controls and DCS for regular plant control. If specified scan cycles are within the DCS controller capacity limits, DCS shall also be preferred for sequential control applications.

6. Control Systems

6.1. General Requirements

6.1.1. The Basic Process Control System (BPCS) shall be a state of the art DCS.
6.1.2. The DCS shall be the integrated platform of the plant control systems.
6.1.3. All plant control systems and sub-systems shall be interfaced with the DCS.
6.1.4. SIS shall be used for safety interlocks, whereas DCS shall be used for the rest of process control applications like regulatory control, process interlocks, etc.
6.1.5. PLC based control systems with SCADA shall not be used as BPCS.
6.1.6. However PLC can be used for very special regulatory control applications that are dedicated for certain special processes.
6.1.7. In case of new process unit addition or revamping of the existing plant, it is strongly recommended to expand the existing DCS to incorporate the new control system requirement.  
6.1.8. It shall be possible to exchange the defective components online, during plant operation, without sacrificing plant safety or causing plant shut down.

6.1.9. As a minimum, the design of control system shall be suitable to cover the process control functions defined in Level 1, Level 2 and Level 3.
6.1.10. The Level 1, Level 2 and Level 3 components shall be segregated functionally and physically via networking components like firewalls and network routers to ensure network data segregation.
6.1.11. Foundation Fieldbus (FF) should be considered for monitoring and control applications. Refer to SES-X05-E03 for details.
6.1.12. Control systems’ microprocessor based controller, IO modules, etc. shall be installed in the RR or RIB. However, if it is technically and operationally unavoidable to install them in the field, nearby the process or mechanical equipment, then they shall be installed with approval in the conditioned environment similar to RR or RIB.

6.2. Reliability

6.2.1. The control systems shall be designed to provide high reliability.
6.2.2. Control systems’ hardware and software shall be the product of the latest and most advanced technology that has minimum 12 month field proven record of reliable performance in similar industrial applications.
6.2.3. Third party test and/or conformity certificates from an internationally reputed approval authority such as UL, NEMA, TUV, CSA, FM, and CE shall be an integral part of each submittal of control systems at procurement stage. Others are subject to Company approval.

6.3. Common Requirements for DCS and SIS

6.3.1. DCS and SIS shall not be designed with the same type hardware and software. Common modules and operating software shall not be shared by DCS and SIS. As example, the DCS controller shall not be used as SIS logic solver; the analog input module of SIS shall be different from the analog input module of DCS, etc.
6.3.2. DCS and SIS shall be physically and functionally segregated and be independent from each other.
6.3.3. Operating information may be exchanged between the DCS and the SIS without affecting the safety functionalities of the SIS in any circumstances. The communication design shall be reviewed and approved by Company.
6.3.4. The SIS components like sensors, logic solvers, final elements, manual initiators, and power supplies shall be independent from the DCS components. Sharing sensors and final elements shall be subject to C approval. Refer to SES-X03-G01 for details and descriptions.
6.3.5. Switches shall not be used without Company approval.
6.3.6. In normal operation, device contacts shall be closed. Contacts shall open to alarm or trip.

6.4. Packaged Equipment Control System Requirements

6.4.1. Refer to SES-X04-S05 for process control requirements of packaged equipment.

6.5. Burner Management and Fired Equipment Control Systems

6.5.1. For burner management systems and control and safety of combustion processes as well as other related combustion equipment, refer to SES-X04-S03.

6.6. Third Party Interface

6.6.1. Third party interface shall be based on industrial standards. OPC, wherever available, tested and proven, is the preferred interoperability standard by Company. Any non-OPC compliant application serial interface, Modbus-RTU, Modbus-TCP shall be approved by Company. Proprietary interfaces shall not be used.

7. Distributed Control Systems (DCS)

7.1. General Requirements

7.1.1. DCS shall comply with SES-X02-S01 and SES-X02-G01.
7.1.2. DCS design shall ensure all process real time data in OWS process graphics to be updated directly from the controllers. For systems with client/server architecture, the process values displayed on process graphics are obtained through the server. This option should be evaluated by Company during the system evaluation and selection.
7.1.3. In projects with multi-process plants, any process plant DCS shall not be interconnected with another process plant DCS on the same Level 2 control network.
7.1.4. Information exchange among the process plants shall be through Level 3 data servers.

8. Safety Instrumented Systems (SIS)

8.1. General Requirements

8.1.1. Safety interlocks shall be incorporated in SIS.
8.1.2. SIS shall be designed in compliance with SES-X03-G01 and SES-X03-S01.

9. Time Synchronization

9.1. General Requirements

9.1.1. Time synchronization shall be achieved through GPS technology.
9.1.2. Time synchronization system shall be equipped with GPS antenna, receiver, and relevant modules.

9.2. DCS and SIS

9.2.1. The DCS master clock generator node shall be synchronized via GPS derived time codes. All remaining devices of the DCS are synchronized from that node over the DCS control network.
9.2.2. SIS synchronization shall be done in the similar way, i.e. via GPS system connected to appropriate master clock generating module, in case SIS is not integrated with DCS at control network level.

9.2.3. The nodes and PCs that do not produce critical time-stamping events will be synchronized via Network Time Protocol (NTP).

10. Management Information Systems (MIS)

10.1. General Requirements

MIS, also called Plant Information Management System (PIMS), is intended for process engineers, maintenance engineers, and plant managers’ usage. Based on its client/server architecture, its main function shall be to provide process real time and historical data with the users in Windows environment.

10.2. Features

MIS software shall have, but not limited to, the following features:
10.2.1. It shall have adequate availability and various levels of security passwords.
10.2.2. The users that access the plant data shall not have the right to control or modify it.
10.2.3. Server’s open interface shall comply with the latest versions of:
a. Data Access, OPC DA
b. Historical Data Access, OPC HDA
c. Alarms & Event Access, OPC A&E
10.2.4. Licensed users PCs shall have appropriate software to access server’s data.
10.2.5. Long term historization capacity shall be at least 1 year for 20,000 tags at 1 minute interval/sampling rates.
10.2.6. Minimum number of process graphics available to users shall be 250.
10.2.7. User interfaces shall be the following:
a. Windows Share Point or Internet Explorer for process graphics. Process graphics used
by for plant operators shall be made available for clients/users.
b. Excel Add-in for reporting and analysis of both real time and historical plant data.
c. The system shall be suitable for interfacing with the latest available versions of user interface applications, e.g. Share Point, Internet Explorer and Excel.
10.2.8. Following software licenses shall be provided with the system:
a. Database creator/builder software
b. Web type graphical creator/builder software
c. Graphic conversion software to convert and make available to clients/users newly added graphics to plant control system
d. Capacity of handling minimum 20,000 tags by the server
e. Capacity of running minimum 20 concurrent users PCs

11. Cyber Security

11.1. Network Security Infrastructure

11.1.1. Control system network structure shall comply with ANSI/ISA 99.
11.1.2. As a minimum following shall be implemented:
a. The control network shall be entirely segregated from any other network through a
dedicated firewall for controlling the access.
b. Demilitarized Zone (DMZ) between the control network and business network shall be
c. DMZ is the unique network eligible to communicate with control network. Properly
configured firewall shall only permit communication of the nodes in DMZ with the nodes
of control network, and shall close the way to any other node residing in business or IT
network, considered external to control network. Typical DMZ architecture is shown in
Figure 3.

d. Virtual Local Area Networks (VLAN) concept shall be deployed. With this approach
physical networks will be divided into smaller logical networks to increase performance,
and isolate the communication between nodes of the control network.
e. Network security and planning guidelines provided by the system vendor shall be followed.
f. Direct connections from internet to control network shall not be permitted.
g. Direct data access from the Level 3 network components to the Level 1 network components shall be avoided

11.2. Data Servers

MIS / PIMS and all kind of data servers that plant users will need to fetch data from, shall be
installed in DMZ.

11.3. Anti-Virus Software

11.3.1. Anti-Virus (AV) server shall be installed in DMZ.
11.3.2. Anti-Virus software shall be installed in PCs of the control network. Only the software
qualified by control system manufacturer shall be used in order to minimize the impact and
avoid performance issues.
11.3.3. AV Server shall be equipped with appropriate software to automatically update and
download virus definitions to client PCs of control network.

11.4. Operating System Hotfixes and Security Patches Server

11.4.1. Windows operating system patch server shall be installed in DMZ
11.4.2. Control network nodes are Microsoft Windows based, hence operating system security shall
be kept current by installing Microsoft hotfixes and patches only when deemed necessary by
vendors. Since many of the security announcements affect applications that are not
authorized to run on process control systems, not all security patches are required to be
11.4.3. Updating of hotfixes and patches shall be realized manually when suggested by vendor.

11.5. Windows Domain Security Configuration and Policy Development

11.5.1. CD, DVD, floppy disk drivers and USB ports of the PCs in control network, shall be disabled.
The system administrator shall be able to enable when it is required.
11.5.2. Services such as NetBIOS, Telnet, and FTP shall be removed or stopped.
11.5.3. Role-based security shall be established among the users, e.g. operators, supervisors,
engineers, administrators, etc.
11.5.4. Domain security templates and predefined domain groups based on local groups and roles,
delivered with the system shall be applied; domain shall provide single point of security

12. Alarm Management

12.1. General Requirements

12.1.1. BPCS alarm philosophy shall comply with SES-X02-S01 and SES-X02-G01.
12.1.2. SIS alarm philosophy shall comply with SES-X03-G01.
12.1.3. All alarms shall be available in operator consoles.

13. Alarm Management System

13.1. General Requirements

Alarm Management shall optionally cover the need for enhancing management of process
alarms, and ensure better and safe operations as per project specific requirement.

13.2. Features

Alarm Management software shall have, but not limited to, the following features:
13.2.1. Generate and maintain Master Alarm database automatically via getting appropriate
information from the control system.
13.2.2. Compare the configuration currently in the control system with the Master Alarm Database,
and report any differences. With user’s command it will restore the alarm parameter values
for selected tags in the control system, consistent with the Master Alarm Database.
13.2.3. Assist in selecting the appropriate priority of an alarm. The user will enter the consequences
of no response of any alarm and the time available to respond to it, and accordingly
software shall determine a recommended alarm priority.
13.2.4. Assist in selecting the appropriate alarm setting.
13.2.5. Generate report for frequency of alarm occurrence per tag, station, alarm type, priority.
13.2.6. With user’s request automatically set alarm tag parameter values in the control system,
based on changes in operational state (grade change, startup, shutdown).
13.2.7. Have facility of automatic backup.
13.2.8. Generate report for standing alarms and alarm rectification time for user selectable period
for OWS wise.
13.2.9. Generate report for alarm priorities distribution per OWS.
13.2.10. It shall be possible to configure alerts by combining different alarms in any combination to
alert the operator of a certain event which might occur over a period of time. The different
combinations could be a certain parameter ramping at a certain value or a combination of
parameters over a predefined limit etc. These alerts should be available to OWS.

14. Plant Asset Management System (PAMS)

14.1.1. Asset management shall cover the need for enhancing diagnosis, status, instrument history, storage of configuration data, documentation, calibration, etc.
14.1.2. PAMS shall be part of DCS architecture through the dedicated server for easy, reliable, and fast communication.

15. Operator Training Simulator (OTS)

For requirements of OTS refer to ANSI/ISA 77.20.

16. PLC and SCADA

For dedicated process applications where PLC and SCADA are used, refer to SES-X04-S01 and SES-X04-S02.

17. Fire and Gas Detection (F&GD) Systems

17.1. General Requirements

17.1.1. The fire alarm and gas detection system shall comply with SES-F01-G01 and SES-F03G01.

17.1.2. The system shall mainly detect all changes in status of monitored points, provide event annunciation, and actuate fire extinguishing systems.
17.1.3. Segregation shall be incorporated between the fire and gas detection at least on marshalling termination and I/O hardware.
17.1.4. The system shall interface with SIS to initiate local process area shutdown.
17.1.5. An appropriate interface shall be provided to HVAC system for closing of fresh air intake dampers, and operate system in recirculation.
17.1.6. The system shall also be interfaced to DCS for alarm and presentation on dedicated operator graphic displays. Refer to SES-X02-G01 for details.
17.1.7. The system shall be provided with an independent rechargeable battery backup power supply.
17.1.8. The system shall be provided with the appropriate diagnostics to ensure functional integrity of system components.

17.2. Sensors

17.2.1. Wherever possible the fire alarm and gas detection devices shall be the addressable type.

18. Machinery Protection System (MPS)

For machinery protection system requirements and details refer to SES-G19-S01.

19. Steam Turbine Control Systems

19.1. General Requirements

19.1.1. Vendor shall supply a fully programmable controller with high reliable, fault tolerant hardware for steam turbine control.
19.1.2. System shall utilize appropriate logic to provide high integrity, error-free, uninterrupted process operation with no single point of failure within the controller chassis.
19.1.3. Speed protection of the turbine shall be highly reliable scheme with real time speed pick- up probes. Use of Speed switches in this application is not acceptable. To prevent false tripping and to have a better integrity of the system, each speed sensing unit shall be powered from separate power source.

19.1.4. Over speed trip contact shall be hardwired to SIS, in addition to machine trip device directly.
19.1.5. Trip / shutdown logics shall be implemented in SIS.

20. Compressor Anti-Surge Control Systems

20.1. General Requirements

20.1.1. The scan time (input, algorithm, and output processing) for surge control loop must not exceed 50 ms or the time specified by machinery vendor, whichever is less.
20.1.2. The blow-off/recycle valve should have a maximum opening time of 2 seconds from fully close to fully open position or as specified by machinery vendor, whichever is less.
20.1.3. The anti-surge control philosophy should include as a minimum the following control parameters:

i. normalized flow,
ii. pressure ratio,
iii. suction temperature compensation for compressors with variable suction temperature,
iv. a general proportional integral response (PI) for slow disturbances,
v. a derivative response to counter act fast disturbances,
vi. an open loop response where the combined PI and Derivative responses are unable to maintain an adequate margin of safety.

20.1.4. Where suction temperature compensation is applied, quick acting temperature element shall be used.

21. Laboratory Information Management Systems (LIMS)

21.1.1. LIMS shall provide any laboratory test result to plant operators.
21.1.2. User interface shall be operator interface of DCS or any other dedicated PC running with appropriate vendor software.
21.1.3. Necessary interface to import data from the LIMS to the DCS and required software licenses shall be provided by vendor.

22. Control Room

Control systems shall be installed in control room, RR, and RIB. Refer to SES-X07-E01 for details.

23. Power Supply and Distribution

23.1. General Requirements

23.1.1. Power supply for control systems shall be 230 Vac 60 Hz from UPS distribution board, and / or 24 Vdc obtained through redundant power supply units (PSU).
23.1.2. Manually selectable 127/230 Vac power supply units or equipment shall not be used. 

23.1.3. To increase the availability and the reliability, it is recommended that control systems’ UPS be either “Parallel Redundant UPS System with Alternate Supply” or “Dual UPS System”. Refer to SES-E13-S01 for UPS configuration options and details.
23.1.4. The UPS system battery backup shall be sized to provide power for at least 30 minutes.

23.2. Power Distribution Panels (PDP)

23.2.1. The power for control systems shall be distributed through PDP located in rack room and/or remote instrument building (RIB). The design shall comply with Figure 4.
23.2.2. The power supply cables from UPS to PDP, from PDP to control systems or critical instrumentation, and 24 VDC PSU shall be redundant and be laid on physically separated routes.
23.2.3. PDP incoming feeder shall be fuse switch unit (FSU).
23.2.4. PDP shall be equipped with voltmeter and ammeter.
23.2.5. Power supply to loads shall be through suitable double pole miniature circuit breaker (MCB) or molded case circuit breakers (MCCB) with auxiliary alarm contact connected in series to generate “PDP common failure alarm”.
23.2.6. Selectivity of the protective devices shall be ensured in PDP and with upstream distribution board.
23.2.7. PDP shall have 20 percent spare outgoing feeders cabled and terminated.
23.2.8. Control systems’ load shall be evenly distributed.
23.2.9. Load of non-redundant control system nodes shall be distributed between PDPs. Following are some examples to increase the availability:

a. OWS # 1, # 3, # 5 shall be powered from PDP-1 and OWS # 2, # 4, # 6 from PDP-2 or vice versa.
b. Networking elements for control system Cable-A shall be powered from PDP-1 and the ones for Cable-B from PDP-2 or vice versa.

23.2.10. PDP shall match to other control system cabinets in size, color, and structure. 

Figure 4 Typical Power Supply and Distribution in RIB /RR

Figure 4 Typical Power Supply and Distribution in RIB /RR


23.3. Power Supply Units (PSU), 24 Vdc

23.3.1. The field instruments shall be powered from the control system vendor specific redundant PSU installed in control system or redundant PSU in marshalling cabinet.
23.3.2. 230 Vac power supply to each PSU shall be from control system PDP.
23.3.3. Both PSU shall be in parallel operation. Either PSU shall be capable of supplying the 125 percent of cabinet load on the other PSU’s failure.
23.3.4. Design shall permit online change of PSU without interruption of 24 Vdc supply.
23.3.5. In marshalling cabinets the output of PSU shall be short circuit protected and Redundancy Diode Modules shall be used. However, for control system cabinet it is the vendor responsibility to achieve short circuit protection.
23.3.6. PSU of one cabinet shall not be shared with another cabinet.
23.3.7. The PSU shall be high reliable type with minimum 500,000 hours MTBF.
23.3.8. The UPS, PSU, and PDP common failures shall be alarmed in DCS.

24. Cables and Installation

24.1. General Requirements

24.1.1. Control system cable specification shall comply with SES-X05-S01.

24.2. Installation

24.2.1. Control system fiber optic network cable shall be different from any communication system cable. The same cable shall not be shared by the disciplines.
24.2.2. Control system network, homerun, and communication system cables may be run in the same trench or tray, when properly separated and easily identified from electrical cables.  

24.2.3. Cable installation shall comply with the requirements of SES-X05-E01.

25. Cabinets and Panels

25.1. General Requirements

25.1.1. Control system components shall not be installed on open racks.
25.1.2. Control system cabinets’ design shall be as per the vendor recommendations
25.1.3. All indoor enclosures shall be rugged industrial type enclosures and conform to NEMA 1 specifications.
25.1.4. Enclosure surfaces shall be primed and painted in accordance with manufacturer’s standard suitable to industrial application.
25.1.5. Access to cabinets shall be from front and rear full length hinged removable, lockable doors. A common key profile shall be used for all locks.

25.1.6. No equipment shall be mounted on doors or sides of panels. Only equipment required for operation / inspection without opening cabinet doors shall be mounted on doors.  

25.1.7. Cabinets shall be supplied completely assembled, wired, tested, and ready for installation with bottom entry for field wiring.
25.1.8. All cabinets shall be free of sharp edges and corners both internally and externally.  
25.1.9. If a cabinet contains electronic component or circuitry fan shall be provided on the top and shall be individually fed from circuit breakers mounted in the cabinet.
25.1.10. Fan noise level shall be limited to 60 dB measured at a distance of one meter from the source with the cabinet doors closed.
25.1.11. When fan is installed, the cabinet high temperature or fan failure shall be alarmed in DCS.
25.1.12. Filters shall be mounted on the lower portion of each door. They shall be easily accessible and replaceable.
25.1.13. Cabinets shall be mounted in accordance with SES-X06-C01.

25.2. Nameplates

25.2.1. Cabinets and all equipment inside the cabinets shall be identified with nameplates.
25.2.2. Nameplates shall be made of laminated plastic with black engraved lettering on white background. Lettering shall be a minimum of 6.4 mm height.
25.2.3. Nameplates shall be secured to the panels and equipment by stainless steel screws.
25.2.4. Legends and instruction information appearing on the surface of the enclosure shall be applied in such a manner as to have a degree of permanence and legibility.

25.3. Grounding

25.3.1. AC safety ground and instrument signal ground shall conform to SES-X05-E01.
25.3.2. The vendor shall provide a grounding schematic, showing all grounds and ground buses.

25.4. Wiring

25.4.1. Wiring and termination shall comply with SES-X05-E01.
25.4.2. Terminal labeling in the marshalling cabinets shall be provided.
25.4.3. Wires shall be terminated at interface terminals, intrinsic safety barriers, termination panels, or socket boards including spare wires.
25.4.4. As a general rule all field cabling to the control systems should be terminated in marshalling cabinets. All cross-wiring between the field cabling and rack room equipment should be done within the marshalling cabinets. However during the design, alternatives should be considered and care shall be taken to reduce the number of marshalling cabinets.

25.4.5. Cross wiring between the field terminations and control system terminations provides a patch panel to facilitate process partitioning, segregation and redundancy requirements. Preliminary design for the layout of terminals within the marshalling cabinet shall consider the location of I/O modules and attempt to minimize the congestion of cross wiring. Layouts shall be subject to Company approval.

25.4.6. Prefabricated plug-in cables using ELCO type connectors, or equivalent, shall be used between marshalling cabinets and other rack room equipment. All spare pins of the plug-in cable connectors shall be brought to terminal strips so as to facilitate future usage.
25.4.7. Prefabricated cables shall be properly labeled.
25.4.8. Equipment within the marshalling cabinet shall be arranged in a logical fashion for efficient maintenance and installation. Layouts shall be subject to Company approval.

25.5. Auxiliary Cabinets

25.5.1. Auxiliary cabinets shall be provided for the mounting of third party equipment.
25.5.2. Auxiliary cabinets shall match other system cabinets in size, color, and structure.
25.5.3. Circuit breakers, fuses or combination of both shall be required for over current protection of each cabinet.
25.5.4. Plug-in type breakers shall be used to facilitate breaker replacement without the need for main circuit power isolation.
25.5.5. Cabinets shall be installed in a building with adequate lighting for maintenance or have lights installed within the cabinet. All cabinets shall have a convenience outlet.
25.5.6. The interposing relays for the motor START/STOP control and status signals from the MCCs shall be installed in a relay cabinets preferably located in the electrical substation.
25.5.7. Selection of all type of relays used in auxiliary and marshalling cabinets shall be approved by Company.

25.6. Control Panels

Refer to SES-X05-S02 for the design, fabrication, testing, procurement, and inspection of control panels, local control panels, cubicles, and consoles for pneumatic or electronic instruments.

26. Documentation

26.1. General Requirements

The vendor shall furnish all drawings and documents as per SES-D01-G02, SES-D01-G02, SES-D01-G03, SES-D02-D01, SES-D02-D02, SES-D03-D01, and SES-D04-G05.

26.2. As Built Application Programs 

The system application software shall be complete as follows:
26.2.1. For every software module a full written description of its objectives and functions shall be provided. It shall be in sufficient detail to allow a person with no prior knowledge of the system to determine the function of each module.

26.2.2. Flow diagrams, in standard symbols, shall provide the flow of information between the various software modules and all external devices.
26.2.3. A full description of the basic equation and calculation procedures used in the system shall be provided. This shall be cross-referenced to the modules in which the equations are used and the calculations carried out.
26.2.4. The vendor shall provide all information required to carry out editing and loading of configuration information into system libraries.
26.2.5. A full description shall be provided in the techniques required to amend existing configuration and replace old versions in the system.
26.2.6. A separate list of editing feature such as adding/deleting for points, graphic displays microprocessor configuration, etc. shall be included, defining what can be done online, on the operator console, and what shall be developed offline on the EWS.
26.2.7. Logic drawings showing all the details of application program written in the PLC shall be provided.

26.3. Complex Loop Descriptions

26.3.1. Any logic function and loops beyond simple PID execution are defined as complex loops. In general, it is a good practice to document any controls with special settings and limits configured.
26.3.2. The functional descriptions of control functions are intended to provide detailed descriptions of how a control configuration functions.
26.3.3. Particularly how a complex or non standard functions operate, where the input and output signals originate or go to, how constants, or coefficients used in the function were developed and how the control functions are implemented requires detailed documentation.

26.3.4. The following shall be described in detail for each complex loops:

a. Definitions. Process area, control system nodes, modules related, application name, the tags affected by the application and parameters used for each point
b. General Description. Overview of application, a sketch of the application with all inputs, outputs, and addresses associated with the application
c. Operating Instructions. Instructions, procedures or other information required for operating the application and shall identify the displays associated to operate the application and fallback arrangement in case of failure of the application  d. Implementation. How the application is implemented, the algorithms and logic used shall
be identified
e. Equations and Scaling. All equations used in developing the application shall be identified. This includes all the pressure, temperature correction, inferred variable
computation, and signal scaling for manipulation.  
f. Related Information. This may include the data sheets of all equipment, instruments, and valves involved in the application, reference drawings, and other pertinent materials.

27. Factory Acceptance Test (FAT)

27.1. General Requirements

27.1.1. The vendor shall assemble and wire all components of the system.
27.1.2. The vendor shall then test the system to a one-week burn in period after powering up.
27.1.3. Once the system passes this test without any hardware failure, vendor shall perform his own internal functional test. The test observations and results shall be recorded and made available to Company.
27.1.4. After satisfactory completion of vendor internal functional test, the FAT can start.
27.1.5. The vendor or EPC shall send FAT procedure to Company, 2 months in advance for review and approval.
27.1.6. FAT schedule shall be communicated to Company at least 1 month before start date.

27.2. FAT Procedure

27.2.1. The integrated FAT shall be conducted on the complete system including items supplied by third parties such as PLC, machine monitoring equipment, etc. that interface with the DCS.
27.2.2. Only the actual hardware that will be shipped to the site shall be tested.
27.2.3. In case integrated FAT cannot be handled with actual third party hardware of the project, upon receipt of Company approval, it shall be performed with similar third party equipment.  

27.2.4. The vendor shall allot sufficient space, facilities, and assistance to permit inspection and testing of the system.
27.2.5. The duration of the test shall be dependent on the system size and shall be subject to Company approval.
27.2.6. The vendor shall provide adequate manpower such as engineers, technicians, etc. to assist Company in conducting the test.
27.2.7. The vendor shall supply all necessary test equipment and support services such as signal  simulators, test instruments, push-button panel etc. that will be required to conduct an  orderly and efficient FAT.
27.2.8. All the hardware and software failures shall be documented. All problems shall be resolved before shipment to site.

27.2.9. The test shall include the following:

a. Demonstration of system startup procedure
b. Demonstration of battery backup operation
c. Demonstration of equipment redundancy operation for Power Supplies, Control Processor, Communication Processor, Communication cable, Redundant I/O, each and
every redundant part of the system  
d. Demonstration of functional operation of every loop using simulated inputs and driving outputs to dummy load

e. Demonstration of process and safety interlocks
f. Demonstration of project specific application, configuration
g. Demonstration of the proper operation of all graphic and standard displays
h. Demonstration of the operation of all peripheral equipment
i. Verification of the database, graphic displays, trend recording features, data historian
j. Verification of all diagnostic capability and system alarms
k. Visual inspection, verification of tag names, labels wire and cable tagging
l. Demonstration of proper operation of communication links to third party equipment.

Vendor shall ensure the third party connections and demonstrate all data transfer between these systems. Load of each network shall be inspected.
m. Demonstration of file backup and storage.
n. Demonstration of proper operation and interface to higher level control functionality

28. Site Acceptance Test (SAT)

28.1. General Requirements

28.1.1. Control systems SAT procedures shall be submitted to Company for approval.
28.1.2. SAT for each third party system shall be carried out separately.
28.1.3. The DCS SAT shall be carried out after installation and power up of the complete system including third party systems.
28.1.4. All the plant performance related tests shall be performed.

Leave a Reply