This Article covers the minimum requirements for the design and configuration of Programmable Logic Controller (PLC). This standard does not apply to Emergency Shutdown Systems or other Electrical / Electronic / Programmable Electronic Systems that are used to achieve the safety functions.
2 References
Reference is made in this standard to the following documents.
X01-E01 Control System Design Criteria
X02-S01 Distributed Control System Specification
X05-E01 Process Control Cabling and Wiring
American National Standards Institute / Institute of Electrical and Electronics Engineers (ANSI/IEEE)
International Electrotechnical Commissions (IEC)
61131-3 Part 3 Programmable Controllers – Programming Languages
3 Definitions
DCS. Type of control systems in which the system elements are dispersed but operated in a coupled manner.
Fault Tolerant System. A system which is designed to carry out its assigned function even in the presence of one or more faults in the hardware or software.
Final Control Element. The final control element is often an on/off valve or a control valve but may be another device such as a pump.
Mean Time Between Failure. This is the average time between failure of the different components that make up a system including the time to repair the fault.
Mean Time To Repair. This is the average time taken to identify and repair a fault.
Abbreviations and Acronyms
CPU Central Processing Unit (Processor)
EWS Engineering Workstation
MTBF Mean Time Between Failure
MTTR Mean Time to Repair
RTD Resistance Temperature Detector
SCADA Supervisory Control and Data Acquisition
SIS Safety Instrumented Systems
4 Programmable Logic Controllers (PLC) Specifications and System Overview
4.1 General
4.1.1 PLC shall be standalone equipment formed of CPU, power supply module, communication module, input/output modules, and programming software as a minimum.
4.1.2 PLC vendor shall provide the system software and associated equipment, interface tools and required cables.
4.1.3 Normally PLC shall be interfaced with DCS. For dedicated applications specific to project, PLC shall be used with SCADA to provide a separate user interface.
4.1.4 PLC shall be mainly used for sequential control and batch processes comprising of digital and sequential logic, analog monitoring, etc as part of “Packaged Equipment Units”.
4.1.5 PLC can be used for very special regulatory control applications that are dedicated for certain special processes, only with SABIC approval.
4.1.6 PLC mentioned in this standard shall not be used as SIS.
4.2 Conceptual System Architecture
4.2.1 The PLC shall be designed for Open Architecture compatibility.
4.2.2 The system shall be able to interface with multiple vendor hardware.
5 System Functionality
5.1 Technology
5.1.1 The system shall be made up of manufacturer‟s standard hardware, firmware, and software that can be configured to meet stated requirements.
5.1.2 All PLC hardware, firmware (excluding application software) supplied as part of this specification shall be the proven latest revision level available at the time of issue of the purchase order.
5.1.3 All equipment supplied shall be „field proven‟ minimum for 12 months and the vendor shall supply sufficient information to support the field proven status of the system.
5.2 System Lifecycle and Expandability
5.2.1 Vendor shall provide support from design through installed life of the system.
5.2.2 SABIC expects a minimum of 10 years support from the time of purchase order date, and that the vendor has a local office with sufficient staff able to respond to the needs of the plant.
5.2.3 Vendor shall advise expected length of time system components (hardware, software) will be manufactured and supported.
5.2.4 During the warranty period vendor shall ensure to inform SABIC about the future upgrades. However FAT shall be carried out with the latest proven version at the time of hardware freeze.
5.3 Redundancy
5.3.1 Each PLC shall include redundant CPUs and power supply modules.
5.3.2 Redundant communication interface shall be provided between the CPU and I/O modules.
5.3.3 In case of remote I/Os, communication modules and links shall be redundant.
5.3.4 Remote I/O chassis shall be provided with its own redundant power supplies.
5.3.5 Redundancy of the other modules shall be as per project requirements.
5.3.6 Non-redundant configuration shall be subject to SABIC approval.
5.4 Online Replacement
5.4.1 All system components shall be easily removable and replaceable.
5.4.2 I/O modules and redundant modules and devices shall be removable with the power on, without disturbing field wiring or other wiring not directly associated with the item being removed.
5.4.3 All programming and monitoring equipment shall be capable of being connected or disconnected with the PLC while in operation or online.
5.5 Online Configuration and Changes
5.5.1 It shall be possible to add and remove nodes, CPUs, I/O modules, etc. online without shutting down the system.
5.5.2 It shall be possible to make online changes by following the vendor specific steps. The program can be edited while the PLC is operating and the changes can be made effective.
5.5.3 Any exceptions to this shall be provided with proposal.
5.6 System Diagnostics
5.6.1 Module Status and Fault Identification
LEDs shall be provided to indicate the activity and health of individual modules and components of the PLC.
5.6.2 CPU and Communication Status
The PLC shall run a diagnostics software program to report all transients and faults. Running of diagnostics shall neither interfere with the execution of the application program nor cause performance degradation.
5.6.3 As a minimum, the system shall be capable of detecting, and locating the following:
a. Scan failure
b. Intermittent Faults
c. CPU and memory loading status
d. CPU, Communication, and I/O or addressing faults
e. Module Failure – I/O, Communication, CPU
f. Power supply module fault and failure
g. Memory faults
5.7 Design Considerations
5.7.1 Logic for a specified piece of equipment shall be grouped together. Identical equipment trains controlled in a similar manner shall have similar logic structures except for tag numbers.
5.7.2 I/O modules shall be grouped in a logical fashion. I/O module allocation shall be done in such a way that failure of a single module affects only one piece of equipment.
5.7.3 Vendor shall develop the application program if specified in the purchase order. Logic diagrams for the development of the application program will be provided by others.
5.7.4 Application program shall be written in a logical fashion to simplify maintenance and trouble shooting. All logic and their elements shall be annotated.
5.7.5 The PLC shall communicate to the DCS the following data as a minimum:
a. Analog input signals
b. System Status and Diagnostics
c. Field I/O Status
d. Alarm signals (System, I/O and intermediate state of the logic)
5.7.6 The DCS interface points shall be provided in an electronic spreadsheet with system ID numbers, tag numbers as defined in the DCS, range, set-point for alarms, and other relevant information required to configure the points in the DCS.
5.8 Interface with Other Systems
5.8.1 PLC shall be able to interface with other systems, mainly with the DCS, via standard industry communications protocols.
5.8.2 The interface shall be through proven interface modules and cables.
5.8.3 Vendor shall mount the interface module in the system cabinet and /or system rack.
5.8.4 Vendor shall recommend the type of interface required, and the procedure for connection to the DCS equipment.
5.8.5 The vendor shall also note any distance limitation that might apply to interconnecting cables.
6 System Sizing and Loading
6.1 General Guidelines and Spares Philosophy
6.1.1 The PLC shall be designed for future expansion and be provided with spare capacity.
6.1.2 On CPU basis, a spare capacity of 10 percent of each I/O type, shall be installed and wired to termination points. Apart from this, 10 percent of the installed I/O modules or minimum 1 slot of each type of card spare slot capacity in I/O rack as well as in terminal block shall be provided.
6.1.3 In marshalling cabinets, at least 20 percent spare capacity shall be available in the wire ducting when all wiring is complete.
6.1.4 The spare capacity shall be equally distributed throughout the system.
6.2 CPU Sizing
6.2.1 CPU shall be capable of performing the application program within the specified time.
6.2.2 CPU load measured at the end of the project shall not exceed 60 percent of utilization, i.e. 40 percent spare capacity.
6.3 Memory Sizing
6.3.1 Vendor shall size all type of memory used in PLC, for constituting the system to meet performance specifications.
6.3.2 Memory sizing shall consider 20 percent sparing philosophy and future expansion.
7 Hardware Specification
7.1 Power Specifications
7.1.1 Redundant power supply modules for supplying power to the chassis of CPUs and I/O modules shall have internal automatic transfer functionality.
7.1.2 An alarm indication shall be provided to alert operating personnel on failure of power supply modules.
7.1.3 Each power supply in a redundant configuration shall be capable of supplying full load.
7.1.4 PLC and associated equipment power supplies shall accept 230 Vac supply voltage. Manually selectable 127/230 volt power supply units or equipment shall not be used.
7.2 Process Interface General Requirements
7.2.1 All I/O module addressing shall be done by software without any address links or jumpers.
7.2.2 The module type identifier shall be located in the firmware of the module and automatically identified by the system.
7.2.3 I/O modules shall be constructed such that they can be removed or inserted without disturbing any external wiring.
7.2.4 In a fault tolerant configuration with redundant I/O, removal of a single module shall have no impact on the process.
7.2.5 I/O modules shall be capable of being located anywhere in the chassis without regard to the type and voltage levels.
7.2.6 All I/O modules shall include local status indication to show the status of each input and output, e.g. Power-on, communication faults and any module fault.
7.2.7 Electrical isolation up to 1000 V shall be provided on all I/O modules.
7.3 Input Module
7.3.1 Input modules shall be capable of accepting following input signals:
a. Switch inputs; dry contacts and solid state devices
b. 4-20 mA dc analog signal from transmitter, 1 to 5 VDC, 0 to 10 V dc
c. Low level thermocouple signals from type E, J, K or T, and RTD inputs
d. Pulse inputs
7.3.2 Each input shall be individually fused either on module or termination with fuse blown indication.
7.3.3 Low pass filter for all digital inputs to reduce the effects of noise and contact bounce shall be provided.
7.3.4 Thermocouple input signals shall have cold junction compensation and linearization integral to the module.
7.3.5 Vendor shall provide all dropping resistors and fuses required.
7.3.6 Means shall be provided to detect a failed transmitter signal versus an over-range signal. The application software shall alarm all failed transmitter signals.
7.4 Output Module
7.4.1 Output modules shall be capable of driving the following type of output devices:
a. Solid state outputs shall be 24 V dc @ 100 mA
b. Relay contact outputs shall be 24 V dc or 120 V ac @ 1 Amp. Where required free-wheeling diodes shall be provided.
c. Motor starters for pumps, compressors etc.
d. Final elements accepting 4-20 mA analog signals
7.4.2 Analog outputs shall have a minimum of +/- 0.25 percent accuracy over the full range of the signal.
7.4.3 Upon failure, all output modules shall fail to a predetermined state (to be identified at the time of logic definition). It shall be possible to define the fail state for each channel.
7.4.4 Digital outputs shall be rated for a minimum of 1 Amp at 24 V dc at 60 C. Digital output module shall operate properly with a voltage variation of +/- 10 percent of specified signal voltage.
7.4.5 Each output signal shall be provided with an individual fuse and a fuse blown indication.
7.4.6 Digital output modules shall have status indication of each channel.
7.5 Remote I/O
7.5.1 The communication links shall be provided with proper diagnostics to monitor the health of communication. Status lights shall indicate the status of the link module.
7.5.2 Single failure shall not cause loss of remote I/O communication, but all failures shall be capable of being logged for future analysis.
7.6 CPU
7.6.1 The system may be composed of one or more processors and they shall perform all the data handling and computing functions required by the control strategies, logic, sequences, and batch operations.
7.6.2 In the event of disruption of program execution or scan, loss of logic power, loss of communication between CPU and essential devices, memory error, etc. PLC shall have generate a system failure alarm.
7.6.3 Automatic restarts after power failure shall be provided.
7.6.4 A keylocking arrangement at the CPU shall prevent memory modification.
7.6.5 Rechargeable battery backup unit of minimum 2 days duration or flash RAM memory module shall be provided for CPU configuration memory. Alarm indication shall be provided to alert operating personnel on failure of the battery backup unit.
7.6.6 The battery shall be capable of being replaced without shutting down the PLC.
7.6.7 Redundancy Scheme
a. Automatic switch over to stand-by CPU shall be provided in case of failure. The switchover shall be done without interrupting the process.
b. Transfer between any system redundant elements shall be transparent and be annunciated.
c. The redundancy scheme should also be transparent to the user application program.
d. It shall also be possible for the maintenance engineer to change the processors from primary to backup and vice-versa.
7.6.8 Memory
The vendor shall provide CPU memory that meets the requirements of the application software and the overall system performance specifications.
7.7 Watch Dog Module
A watchdog circuit shall be provided to monitor the timely execution of application programs. This circuit shall reset the application program when a runaway software process hangs the system. Noise or an electrical spike sometimes causes this software hang up.
7.8 Network Interface/Communication Module
The PLC shall have the ability to communicate with other intelligent devices such as other PLCs, EWS, SCADA, DCS, etc. The vendor shall provide the communication port required based on the distribution of these intelligent devices in the plant. Refer to SES-X01-E01 for third party communication details.
7.9 Engineering WorkStation (EWS)
7.9.1 Functionality
The EWS shall be the used for programming the PLC. In case there is more than one PLC from the same vendor then a network shall be formed and the EWS shall be the common programming environment for all of them.
7.9.2 Specifications
The engineering workstation shall be provided with at least one 21-inch, high resolution LCD monitor, enough hard disk capacity to maintain the configuration and application software, and necessary hardware and software for backup.
7.10 Cabinets Specification
7.10.1 System Cabinets shall comply with the requirements of SES-X05-E01.
7.11 Equipment Noise and EMI Specifications
7.11.1 Operators shall be assumed to use hand held radios with wattage rating of 5 watts. The PLC shall be designed to operate such that there shall be no degradation of performance when these radios are used within 3 meters from equipment.
7.11.2 Errors caused by RFI shall not exceed 0.1 percent of span for exposure to a field strength of 10 Volt/meter over a frequency range of 10 to 1000 MHz.
7.11.3 The system shall be provided with provisions for protection against system errors and hardware damage resulting from electrical transients on power or signal wiring. These include those generated by switching large electrical loads, power line faults, and lightning induced surges on power or signal cables.
7.11.4 The noise level for all equipment shall be limited to 60 dBA.
8 Software Specifications
8.1 System Operating Software
8.1.1 The PLC shall have the capability to perform the following functions as a minimum:
a. Logic
b. I/O control
c. Timing
d. Numerical calculation
e. Counting
f. Alarming
g. Communication
h. Diagnostic monitoring including communication loss/failure logging
i. Data processor interfacing
8.2 Engineering and Configuration Software
8.2.1 The engineering software shall be used for all application program development, system monitoring, diagnostics, documentation and shall be incorporated in the EWS.
8.2.2 Engineering software shall run on proven Windows software.
8.2.3 Engineering software shall be menu driven and easy to use. It shall incorporate online tutorials and help functions to assist the user.
8.2.4 It shall be self-documenting and shall provide annotation, cross-reference tables, I/O configuration tables and associated functions.
8.2.5 It shall provide utilities for online management of all I/Os for purposes of reconfiguration, input/output forcing, system diagnostics, data display and checking memory content.
8.2.6 The primary programming language shall be Function Block Diagram (FBD). Other programming techniques listed in IEC 61131-3 may be used with SABIC approval.
8.2.7 The program development software shall be capable of operating in following or similar modes specific to vendor:
a. In „online‟ mode, it shall be able to make any program change while the CPU is running.
b. In „offline‟ mode, programmer shall be able to create an application program without connecting the EWS to the CPU, and test and troubleshoot the codes.
c. In „monitor‟ mode, the programmer shall be able to read from, but not write to the PLC main memory. All elements of a logic shown on the EWS screen shall be intensified when „true‟ and observing the condition that exist on both input and output devices.
8.2.8 The program created in offline mode shall be able to be saved on the storage unit and loaded back in EWS memory if required.
8.2.9 PLC mode of operation shall be selected by operating a multi-position key switch located on the CPU or appropriate module.
8.2.10 It shall be possible to monitor or program all PLCs in the network one at a time, by means of selection through the EWS.
8.2.11 Program Utilities
The following programming functions shall also be available to the user:
a. Event Log printing
b. Fault History
c. System Diagnostics status
d. Configurable multi-level password to control user access
8.2.12 Document Production
The PLC shall be able to print the logic diagrams, database configuration tables, graphic displays, and user defined reports and logs.
8.3 PLC as Control System
Upon SABIC approval, if PLC is used as a standalone control system for logic and control applications the following shall be applied.
8.3.1 Software
Requirements of SES-X02-S01 mentioned for following items shall be made available:
a. CPU software requirements
b. HMI software requirements
c. Graphical User Interface Requirements
d. Intuitive Graphical Design
e. Operator Console Function
f. Standard Displays
g. Display Management
h. Alarm Handling
i. Trending
j. Reports and Logs
9 System Performance
9.1 System Availability
9.1.1 The PLC shall have an availability requirement of 99.9 percent with a MTTR of 8 hrs. The vendor shall provide supporting documents that the system has this availability.
9.1.2 Single point failure shall not result in loss of availability of the PLC for redundant configuration.
9.2 System Reliability
Vendor shall provide a listing of all failure modes of the PLC and the impact of such failure on the system performance. The MTBF for all major components of the system shall be provided.
9.3 System Clock and Synchronization
Refer to SES-X01-E01 for description and details.
10 Documentation
Refer to SES-X01-E01 for description and details.
11 Factory Acceptance Testing (FAT)
Refer to SES-X01-E01 for description and details.
12 Site Acceptance Testing (SAT)
Refer to SES-X01-E01 for description and details.