This article defines the minimum requirements for the supply of equipment, materials and operating programs for Supervisory Control and Data Acquisition Systems (SCADA) used for process plant data acquisition, monitoring and control.
2 References
Reference is made in this article to the following documents.
Institute of Electrical and Electronics Engineers (IEEE)
802.3 Part 3: Carrier Sense Multiple Access with Collision Detection (CSMA/CD) Access Method and Physical Layer Specifications
International Electrotechnical Commission (IEC)
61326-2-1: Electrical Equipment for Measurement, Control and Laboratory Use – EMC Requirements
International Society of Automation (ISA)
SP88 Batch Control
S71.04 Environmental Conditions for Process Measurement and Control
American Gas Association (AGA)
Report 3 Orifice Flow Calculations
3 Acronyms/Abbreviations
ADC. Analog to Digital Conversion
CPU. Central Processing Unit
CRT. Cathode Ray Tube
CSMA/CD. Carrier Sense Multiple Access with Collision Detection
DCS. Distributed Control System
ESD. Emergency Shutdown
FAT. Factory Acceptance Test
HART. Highway Addressable Remote Transmitter
I/O. Input/output
LAN. Local Area Network
MMI. Man Machine Interface
MTU. Master Terminal Unit
NEMA. National Electrical Manufacturer’s Association (US)
RAM. Random Access Memory
RTU. Remote Terminal Unit
4 Project Description
4.1 The following items are site specific and shall be specified for a particular project:
a. Electrical area classification
b. Environment Conditions. Refer to BEDD.
c. Electric power
d. Guide lines for bidder
e. Project management
5 Supervisory Control and Data Acquisition System (SCADA) Specification and System Overview
5.1 Conceptual System Architecture
5.1.1 The SCADA system architecture shall be based on a client/server computer network, using industry standard operating systems, networks, and protocols. The system shall allow for the distribution of system functions across the network to enhance flexibility and performance.
5.1.2 The scope of supply for the SCADA system shall include, but not be limited to, the following major items of equipment. The inclusion of this list is not intended to limit the supply in any way. The vendor is required to supply a complete, functioning system.
a. Microprocessors
b. Workstations
c. Remote terminal units
d. Software
e. Modems
f. I/O points
g. Training
5.2 Topology
5.2.1 The topology of a SCADA system varies with the project application. The system can be as simple as gathering wellhead data in production fields and transmitting that data to a control center. The SCADA system can be very complex and include production flow line data, control of transmission pipelines, control of pump and compressor stations and control of production treating facilities. SCADA systems are often used on off shore production platforms.
5.2.2 The SCADA vendor shall provide a topology drawing showing all the components of the proposed system.
6 System Functionality
6.1 SCADA Software
6.1.1 SCADA system shall be user programmable in a high-level control language. The system shall not require interruption of normal process operation to perform programming functions. A separate programming station, for example an engineering workstation or personal computer based software, shall normally be provided for editing of source code, compilation, linking, and loading. Programs shall be capable of being loaded into the system or stored on removable disks for loading at a future date.
Programs shall be able to load values, for example set points and tuning constants into control algorithms; set control modes; turn on and off discrete I/O; send messages to operator; print reports; and otherwise manipulate essentially all system variables. In addition, programs shall have normal capabilities for calculations, loops, and GO TO subroutines. System shall allow interruption of normal program execution to handle unusual conditions regardless of normal program execution. At least three levels of interrupt shall be provided to handle routine, alert, and emergency conditions.
System shall incorporate provisions for debugging of programs, for example single stepping and display of intermediate values. Scheduling of programs shall be supported on a periodic basis (time based), event driven, and upon demand. Priority levels shall be supported to ensure critical programs are completed, unless supplier can guarantee all programs will complete within their scheduled execution times. If large, complicated programs are required, consideration shall be given to dedication of specific hardware for tasks, for example a single computing module, to minimize possibility of accidental program interaction. Online program changes shall be supported, with minimal program execution suspension. If continuous program execution is required, special attention may be needed to design and evaluate switchover techniques, within supplier’s capabilities, to load updated programs. System shall be capable of being programmed by user for custom applications.
6.1.2 System configuration procedures shall be accessible by means of security password. Security password shall be user configurable. User definable access levels with assignable privileges shall be provided.
6.2 Installation
6.2.1 Efficiency of performing engineering work shall be considered when locating the engineering station. This may require a location near operations, but separate enough to ensure a quiet area with sufficient space for manuals, documentation, and drawings that accompany many engineering activities. Operator consoles shall be designed around ease of access to all devices on the console and on how many operators the console has to accommodate. Once this is established, console furniture can be arranged such that the most important devices are within easy reach.
Empty console bays or desktops shall be provided for auxiliary equipment, for example radios, telephones, hardwired pushbuttons, and annunciators. Furniture shall have shelves or drawers for documentation, for example operator logbooks and manuals. Printers shall be located such that noise of printer will not be a distraction. A remote location is acceptable in many cases, as printer output is for record purposes only and is not an operating tool. Support facilities to ensure reliable operation of the SCADA system are critical to safe operation of the process. Such support facilities include UPS, redundant HVAC with equipment to remove corrosive gases, and fire protection systems.
Central I/O shall be considered if the distance from control center to the field instruments is short or the number of signals is small. Purging shall not be used to meet electrical area classification. Indoor rack mount equipment shall be suitable for operation with minimal air conditioning. It is acceptable for operator console and workstation equipment to require tighter control of environmental conditions than rack mount equipment. Field mounted I/O devices shall be suitable for all outdoor conditions expected, without need for auxiliary heating, cooling, or air filtration.
SCADA system equipment shall be suitable for withstanding occasional exposure to H2S, SO2 , dust, and other contaminants due to air conditioning system failure, plant upsets, open doors, and other causes. Air filtration shall be provided to reduce concentration of corrosive gases, for example H2S, SO2 , and Cl2 , for equipment protection.
6.2.2 Filtering of corrosive gases shall be capable of reducing intake concentrations to the ISA S71.04 severity level designation appropriate for the electronic instruments to be housed. Filtration system required to meet these levels shall be economically evaluated against other types of protection for instruments, for example coatings for electronic circuitry. Electronic control system shall be installed in accordance with manufacturer’s recommendations.
6.2.3 The vendor, if required, shall provide the remote terminal units mounted, complete and ready for operation within a protective shelter.
6.3 Technology
SCADA system hardware and firmware (excluding application software) supplied as part of this specification shall be the latest revision level available at the time
of issue of the purchase order. Supplied equipment shall be ‘field proven’ and the vendor shall supply sufficient information to support the field proven status of the
system.
6.4 Open System
6.4.1 Openness is defined as the ability of the system to be easily integrated with upper level computers with minimum development of application programs to interface with the SCADA system.
6.4.2 Data transferred from the system to a database on the plant information network will be used for plant analysis and for reporting to maintenance personnel, process engineering, management and others.
6.4.3 The SCADA system shall be connected with upper level computers using available standard proven interfaces. Storage modules for historical data shall be interfaced with information on the upper level network so that historical data and files can be transferred to the upper level computer database without loading the real time network of the SCADA system.
6.4.4 The storage modules shall have a high security operating system to prevent unauthorized users from accessing the database.
6.4.5 The real time SCADA network shall interface to the upper level computers by a router type module. The module shall have high throughput to transfer data between control module and upper level computers.
6.4.6 The interface module shall have sufficient security measures to prevent unauthorized users from accessing the system database.
6.4.7 The system shall be capable of interfacing with a third party acquisition package that will collect data from various systems in the plant.
6.5 Redundancy
6.5.1 A single point failure anywhere in the system shall not negate the operator’s ability to monitor and control the process. Single point failure anywhere in the system shall not result in the loss of a control loop. The system shall function by switching over to backup modules to accomplish control. Monitoring-only points shall be an exception.
6.5.2 Controller modules and associated I/O modules shall be provided in redundant configuration. This will provide uninterrupted control in the event of a loss of a single module. Monitoring-only, points input modules shall not be provided in redundant configuration. Transfer to the secondary device shall be automatic and bump-less. The system shall provide the operators with an appropriate alarm message.
6.5.3 Controller cabinet power supplies shall be supplied in redundant configuration. These shall also be provided with a battery backup, sized to provide power for at least 30 minutes. This will facilitate operations to initiate an orderly shutdown if needed.
6.5.4 Switch back to repaired equipment shall be possible only after a complete diagnostic to determine that the module is in healthy condition and ready to resume normal function.
6.5.5 Means shall be provided to switch over to redundant equipment by manual means. This shall be an engineering function and shall be protected by key-lock or password.
6.5.6 MMI redundancy is achieved by providing multiple operator stations that are functionally stand alone devices, with each station capable of duplicating the functionality of any other station in the system.
6.6 Telemetry
Data telemetry between data acquisition equipment and the control center employs various media including fiber optics, telephone lines with dial up modems, microwave and radio frequency communications. The vendor shall recommend a cost-effective telemetry of data pending project specific requirements.
6.7 Third Party System Communications
6.7.1 Some of the commonly encountered subsystems to which the SCADA system may establish digital communication links are as follows:
a. Vibration Monitoring Systems (VMS)
b. Compressor Control Systems (CCS)
c. PLCs
d. Burner Management Systems (BMS)
e. Emergency Shutdown Systems (ESD)
f. Fin-Fan Vibration Monitoring Systems (FFVMS)
g. Smart Electrical Devices
h. Management Information System (MIS)
i. Turbine Governor Control Systems
j. Loading Weigh Scale
6.7.2 Interfaces between the SCADA and auxiliary equipment systems shall use standard products that are compliant with industry standard protocols.
6.7.3 Use of modems to convert from one standard to another shall be minimized.
6.7.4 Where redundant communication links and modems are required, the modems shall also be redundant.
6.7.5 It shall be possible to set any data as ‘READ only’ to avoid inadvertent changing of data from SCADA.
6.7.6 SCADA communication to the MIS, plant networks and other non-control computer systems shall be designed to ensure that any failure in the external systems; request for information; or network loading problem will not impact the performance or availability of the SCADA.
6.8 Sequence of Event Reporting
Process alarms and system faults shall be time and date stamped and recorded in memory for 30 days. If specified, the system shall be able to log discrete and
analog inputs that are configured as alarms or shutdowns. The first out alarm and all subsequent alarms shall be time tagged in the order they occur with a minimum resolution of 100 ms. The vendor shall provide a utility to support logging, buffering, reporting and printing.
7 System Sizing and Loading
7.1 General Guidelines and Spares Philosophy
7.1.1 The system shall be supplied with at least 20 percent spare capacity. This spare capacity shall be equally distributed throughout the system. The spare capacity requirement applies to all elements in the system including hardware, application software, graphics, history, trends, reports, and number of data base points.
7.1.2 The system shall be capable of expansion by adding additional nodes, consoles and workstations. This addition shall be performed on-line without shutting down the system.
7.2 Processor Sizing
Processor shall be sized to meet the project requirements in the form of available slots or algorithms, displays, points and addresses plus 10 percent to allow for project growth. In addition there shall be 20 percent capacity for future growth.
7.3 Memory Sizing
Vendor shall size all type of memory used in SCADA, for constituting the system to meet performance specifications. Memory sizing shall consider 20 percent sparing philosophy and future expansion
8 Hardware Specifications
8.1 AC and DC Power and Grounding Specifications
8.1.1 The vendor shall provide the power modules for supplying power to the chassis. The chassis power modules shall be redundant with internal automatic transfer and provided with a battery backup. The batteries shall be sized to provide power for at least 30 minutes based on full load. This will provide enough time for the operating personnel to initiate an orderly shutdown. An alarm indication shall be provided to alert operating personnel on loss of power. Each power supply in a redundant configuration shall be capable of supplying full load. The two power supplies shall be supplied from two independent sources of outside power.
8.1.2 AC safety ground and Instrument signal ground shall conform to NEC. AC safety ground bus shall be directly connected to the equipment cabinets. The vendor shall provide a grounding schematic, showing all grounds and ground buses.
8.2 Solar Panel Units
When power is not available at remote locations, solar cells with batteries and battery charger shall be provided. The SCADA system vendor shall size the solar panel units for continuous operation at the required current and voltage levels.
8.3 System Communications Specifications
8.3.1 Communications Processor
Redundant system bus networks shall interconnect all components of the system and serve as the data communication line and provide automatic switchover to backup. The computer interface shall allow digital computers to access and place information on the system network. Each device shall time share system network that carries data to and from various devices. Data transmission shall employ integrity checking.
Control information (process variable, set point, and output) shall be stored at a point within the system such that system network failure does not result in loss of control. System shall periodically check operation of devices on the network. If an error is detected and not correctable, system shall go to preprogrammed failure state on affected control loops.
An alarm shall be generated at operator station. Type and location of failure shall be indicated on operator station display and on system alarm printer. System shall have self-diagnosis to board level with a system diagnostic display at operator station. System data link shall be able to communicate updated information between consoles and control devices, even if a majority of values are rapidly changing. Communication shall continue without degradation of speed or accuracy.
8.3.2 I/O Bus Communications
I/O interface communications shall use standard RS-232, RS-422, RS-485 or other applicable protocols in accordance with the project specific requirements.
8.3.3 Radio Communications
When radio communications are used for data telemetry the vendor shall apply to the local authorities for the appropriate VHF or UHF frequency.
8.3.4 Antenna
Antenna for radio communications data telemetry shall be highly directional dish type with open grid reflector provided complete with support tower and transmission line. The SCADA vendor shall do a preliminary site survey for interference and to determine optimum antenna locations.
8.4 Process Interface
8.4.1 Remote Terminal Unit
8.4.1.1 General
a. The Remote Terminal Unit (RTU) shall work with the SCADA system by way of appropriate telecommunications links to provide the functionality of the complete system. Each RTU shall be capable of operating as a stand-alone unit to provide local monitoring and control.
b. The RTU shall be self-contained units capable of collecting field data and providing for control output by way of communications and operator interfaces.
c. The primary objective of the RTU shall be to provide the basic data acquisition functions required and to enable remote control from the Master Terminal Unit (MTU).
d. Secondary objectives shall be to:
(i) Use the processing capability of the RTU to reduce the processing load of the MTU
(ii) Enable a comprehensive assessment of the status of the station at which the RTU is connected
(iii) Provides a basis for expansion and additional functionality in the future
(iv) Provide data on field device operations to assist with maintenance
8.4.1.2 RTU Functional Capability
a. The RTU basic functionality shall include:
(i) Data acquisition
(ii) Control
(iii) Logic functions
(iv) Communications
(v) Operator Interface
(vi) Mathematical functions
(vii) Historical storage (limited)
b. Optional functions that may be included are:
(i) Dial-up communications functions
(ii) Inter RTU communications capability
c. The selected vendor’s standard equipment range may include functions that are not specifically mentioned in this standard. In such a case, the vendor shall be required to assume the responsibility for the inclusion of those items that are required for the correct and successful operation of the delivered system.
8.4.1.3 Data acquisition
a. The RTU shall acquire analog and digital field data from signal lines connected to module terminations. The RTU shall accept all input signals without the need for preconditioning, including data transferred through serial links with other specific computers, for example a flow computer.
b. The RTU shall permit the storage of acquired data (in RAM buffers) and the transmission of the buffer data to the MTU.
8.4.1.4 Analog Inputs
a. Analog inputs, for example pressure and temperature shall be supplied as inputs to the RTU. Normally these inputs shall be represented by a 4 – 20 mA current, relative to the primary process measurement.
b. The facility shall be provided for displaying and setting the equation constraints at the RTU local operator interface.
c. The capability to calculate for non-linear current inputs (non-linear scaling) shall also be provided in the RTU.
8.4.1.5 Digital Inputs
The digital input system of the RTU shall normally accept voltage-free contact closures at a digital input module of the RTU. There are two types of status inputs:
a. Single status inputs (normally associated with alarms) involve only a single monitored point and have only two states: zero or 1. The alarm condition may be initiated by either the closure of normally open contacts or the opening of normally closed contacts.
b. Double status inputs shall compare two (2) status inputs for certain devices, for example remotely operated valves having open, closed, and transient states. The double status data processing shall process the four conditions (00, 01, 10, 11) of such devices. The open and closed states (01, 10) shall initiate an event condition. The transient state (00) shall not cause an alarm unless the state exists for longer than a predefined time, independently set for each device. In the case of large valves the transient state may last for about two minutes.
8.4.1.6 Control Functions
a. The RTU shall provide the facility for an operator to select and control equipment and facilities. The equipment control sequences shall be in accordance with the select-check back-execute sequence, which the operator shall not be able to bypass.
b. The RTU shall be capable of providing the following types of control:
(i) Open (On)/Close (Off) Control (Digital Output)
(ii) Setpoint Control
c. The analog outputs may be derived from analog signals stored in memory or be received from the local operator interface.
8.4.1.7 Logic Functions
a. The RTU shall be capable of performing logic functions in terms of:
(i) Grouping, communing and deriving of alarms
(ii) Interlocking logic
(iii) ESD control logic
(iv) PLC control logic
b. It shall be possible to distribute the inputs to different input modules to carry out these functions.
8.4.1.8 Interlocking Logic
a. The means to minimize the risk of incorrect operation or incorrect sequence of operations shall be included within the RTU as a logical interlocking function.
b. If an I/O module is non-operational and an input signal from it is required as an input to an interlocking expression, then the release of the interlocking output shall be inhibited, that is the control function shall be inhibited. The operator shall be able to override such inhibit signals but only after taking action to specifically acknowledge alarms generated as a result of the incomplete input to the interlocking expression.
8.4.1.9 Emergency Shutdown Control (ESD)
a. The means to automatically apply a control (close) command to remotely operated valves shall be implemented within the RTU.
b. The algorithm and logical inputs proposed to confirm the ESD function shall be subject to Company approval.
8.4.1.10 Communications
a. The RTU shall support both internal and external communications functions.
b. The communications network internal to the RTU shall be designed and implemented in such a way that the passing of data and commands between modules shall not be prevented by the failure of any module directly involved in the communication exchange. In addition, the internal network shall not become overloaded under the heaviest traffic possible in an RTU ultimate expansion configuration.
c. The MTU shall initiate communications with a selected RTU by the addressing function. Each RTU shall recognize its own unique address and shall have the capability of being assigned any address within a range of possible addresses. It shall be possible to address all or a selected number of RTUs from the MTU so that global or broadcast messages may be sent.
d. Outgoing lines shall have surge protection and these barriers shall be supplied and integrated in the RTU.
8.4.1.11 Information Storage and Retrieval
a. The RTU system shall include database management and support facilities to enable applications software access to database items and to facilitate database building and modification.
b. The RTU database shall reside in a file system and a real-time memory (RAM) resident database. Some information may be extracted from data files and maintained in shared memory regions to improve system performance.
c. The database shall include all data that is normally obtained by system data acquisition, for example program, calculated or operator entered data, historical and logs data.
d. Non-volatile memory shall be supported to enable retention of data during power down or system restart periods.
e. Access to the real-time database in which the I/O point values and attributes are stored, shall be by way of an interface subroutine supplied as part of the system.
8.4.1.12 Scan Rates
a. The local scan rates for individual I/O modules shall be able to achieve the time-tagging resolution and system performance requirements.
b. The consideration of scan times shall include the acquisition of data, processing and updating of the database.
c. The overall system scan period shall be defined as the time for polling all RTU’s and reporting all points (not including retries and time-outs) and shall be less than 30 s for the system (radio, cables, leased lines). Report by exception techniques shall be incorporated in the design to further reduce the total polling time.
8.4.1.13 Time Tagging and Synchronization
The MTU system shall have the ability to attach to each digital event signal a time tag to enable recording of the occurrence
with a resolution of at least one second.
8.4.1.14 Mathematical Functions
a. The RTU shall include mathematical functionality as follows:
(i) Linear conversion to engineering units
(ii) Non-linear conversion to engineering units
(iii) Input filtering
(iv) Logical (Boolean) operations
b. Other general mathematical functions to enable the stand-alone capability of the RTU shall be, as a minimum:
(i) Arithmetic operations
(ii) Absolute values
(iii) Averaging
(iv) Positive differences
(v) Integrated values
(vi) Maximum
(vii) Minimum
(viii) Indications from values within limits and outside limits
8.4.1.15 RTU Configuration
a. The RTU shall be microprocessor based programmable units with both ROM and RAM memory.
b. Ideally, all RTUs shall be modular and from the same supplier model product line with identical capabilities, differing only in size. However, this does not exclude the possibility of providing alternative and differently configured models particularly in consideration of power consumption in the case of less complex RTUs located
away from main power sources, for example remotelyoperated wellhead panels. The RTU shall be designed and function so that no single point of failure shall cause
a control malfunction.
c. Safety barriers shall be defined as part of the RTU system.
8.4.1.16 Intelligent Field Instruments
a. The RTU shall have the capability to interface with intelligent field instruments. The interface shall, at least, be capable of communicating with field instrumentation employing the HART (Highway Addressable Remote Transmitter protocol).
b. The vendor shall describe the functionality, characteristics and method of implementation of the interface and the protocols supported or proposed to be supported by the analog input subsystem.
c. The analog input subsystem shall be comprised of analog multiplexers and Analog to Digital Converters (ADC). The multiplexers shall provide scaling, filtering, transient protection and switching of the analog input signals to the ADC. The ADCs shall receive the analog signals from the multiplexer and convert them to digital representation.
d. The input ranges to the analog input subsystem shall be flexible and include as a minimum, the following:
(i) 4 to 20 mA
(ii) -5 to +5 V
(iii) -10 to +10 V
(iv) Digital field bus signals
8.4.1.17 Contact (Digital) Input Subsystem
a. The contact input subsystem shall provide the functionality to monitor normally open and normally closed, voltage-free contacts to indicate status information.
b. The contact input subsystem shall include:
(i) The contact wetting supply voltage source
(ii) The input modules connecting to the field wiring
(iii) The RTU logic and memory buffers to process status changes
(iv) Contact debounce filtering
c. The contact input subsystem shall support:
(i) Detection of momentary changes of state
(ii) Detection of permanent changes of state
(iii) Optical isolation of inputs
8.4.1.18 Analog Output Subsystem
a. The analog output subsystem (for setpoint adjustment) shall provide a 4 – 20 mA current output at the RTU by way of Digital to Analog Converters (DAC) in response to commands received from the MTU and RTU common logic subsystem.
b. The select-check-operate control sequence shall be available for setpoint adjustment and included in the RTU control functionality.
c. The DAC resolution shall be at least 12 bits with an accuracy of 0.1 percent of full range.
8.4.1.19 Contact (Digital) Output Subsystem
a. The contact output subsystem shall provide for the operation of auxiliary relays or other devices to control plant equipment. Control output via maintained and pulse duration contact closures shall be provided.
b. Control functions shall use the select-check-operate control sequence and the contact output subsystem shall recognize two commands associated with device control:
(i) Select for control
(ii) Control after select
c. A select-for-control command shall cause the RTU to select, verify and arm the drive circuits for the selected output, but not energize the output (relay). A selection verification message shall then be transmitted to the MTU.
d. A control-after-select command received after a selectfor-control command shall cause the RTU to energize the previously selected output for a predefined time period. Any command other than the expected controlafter-select shall cause the RTU to disarm and reset the drive circuits and cancel the selection. In addition, if the control-after-select is not received within a predefined time period, the RTU shall automatically disarm and reset the drive circuits, thereby canceling the selection.
e. It shall not be possible for the RTU to energize an output that has not been selected for control nor shall it be possible to select more than one output with a single control command, with the exception of predefined sequential controls, for example emergency shutdown control.
f. The duration of each contact closure shall be preselectable and all contacts shall be voltage free.
g. The contact outputs shall be rated for 30 V dc and 1 A current to suit a 24 V dc supply. If ratings in excess of this are required, auxiliary relays shall be provided.
h. In case of power failure, output state is to remain unchanged. When power is restored, output state is to remain unchanged. If an RTU is reset, the outputs shall not change state.
8.4.1.20 Pulse Accumulator Subsystem
a. The pulse accumulator subsystem shall provide the RTU with the capability to count and store pulses from external sources. Each pulse accumulator, when provided, shall use one digital input, and counter values shall be converted to at least a 32 bit floating value, to be stored in preparation for transmission as a count value. Accumulator values shall be converted to, and accessible as, engineering units at the RTU.
b. Pulse accumulation shall be performed over a predefined (programmable) time period with an end of period reset or, alternatively, continuous counting with rollover when the maximum count is reached.
c. The vendor shall state the maximum accumulator pulse count rate capability of the RTUs provided.
8.4.1.21 RTU MMI
a. The vendor shall provide built in color type PCs in the form of ‘laptop’ or ‘notebook’ type personal computers providing display and keyboard facilities and printer ports for use with the remotely located RTUs.
b. The units shall be configured with sufficient hard disk storage and memory devices to enable all functions to be performed without loading additional data from separate media. The functions shall include:
(i) MMI operating functions
(ii) System diagnostics
(iii) RTU database modifications
c. The type and configuration of these units shall be subject to approval.
8.4.1.22 RTU Point Count
a. Each RTU shall be capable of being expanded in the field for each point type by the addition of cards or modules. The steps necessary to completely implement the RTU expansion shall be clearly described in the documentation.
b. These RTUs shall be intelligent devices capable of communicating via modem over a radio link. The RTU shall be able to calculate AGA Report 3 orifice flow calculations and transmit data to the control room.
8.4.1.23 RTU Power Supply Subsystem
RTUs shall operate on a nominal 24V dc power supply. Differing voltage levels required by the RTU circuitry shall be derived within the RTU by the power supply subsystem.
8.4.2 Calibration
When the system includes a Smart Tank Gaging system or other smart instruments it shall be possible to calibrate these instruments from the operator station.
8.4.3 Remote I/O Interface
8.4.3.1 General
a. The use of remote I/O can reduce both cable volumes at the processor location and the average length of connecting cable per I/O point. The degree to whichthese benefits can be realized depends on the physical arrangement of equipment in the plant. A logical use of remote I/O would be to locate I/O modules in motor control centers.
b. Communications with remote I/O shall be by means of coaxial or fiber optic cable, and shall occur at a speed high enough to adequately support system operations.
c. Requirements for Remote I/O shall be part of the purchase order. The purchase order will provide details as to the quantity, type and location of remote I/O. Remote I/O modules shall be provided with redundant communication links and communication interface modules.
d. Communication links shall comply with vendor recommendation. Vendor shall recommend cable and connector type and model and installation techniques to be followed. The communication links shall be provided with proper diagnostics to monitor the health of communication. Status lights shall indicate the status of the link module. Single failure shall not cause loss of remote I/O communication. Failures shall be capable of being logged for future analysis.
e. Remote I/O modules shall meet the following specifications:
8.4.3.2 AC Contact Output I/O Modules
Capacity per I/O module shall be 8, 16, or 32 independent channels. Output channel status shall be indicated via LEDs (one per channel). Isolation shall be 600 V ac between any combination of input, output, and ground. Manufacturer shall provide design data. Output switch (output channels) shall comply with the following:
a. Voltage range. 80 Vac to 230 Vac
b. Nominal voltage. 230 Vac, 60 Hz
c. Current. 2 A (minimum) per channel, 12 A (maximum) per module
d. Off state leakage. 3 mA (maximum)
e. Inrush current:
(i) Overload sensing provided
(ii) 24 A peak 10 ms (1/2 cycle)
(iii) 12 A RMS 20 ms (1 cycle)
(iv) 3.5 A RMS for 1 s
(v) Short circuits that result in greater than 50 A peak current will damage module. If 50 A current is possible; external fusing shall be provided
f. Holding current. No minimum required
g. On state voltage drop. 0.4 V @ 1 A
h. Automatic restart from overloads. Approximately 1 s after overload sensed
8.4.3.3 DC Low Power Contact Output I/O Modules
a. Output module shall have capacity for 8, 16, or 32 independent channels. LEDs (one per channel) shall indicate output channel status. Isolation shall be as follows:
(i) Output to ground: 600 V ac
(ii) Output pair to output pair: 600 V ac (between adjacent pairs of channels, each pair of channels share a common return)
b. Output switch with external source shall comply with the following:
(i) Applied voltage: 60 V dc (maximum)
(ii) Load current: 0.5 A (maximum)
(iii) Shorted load duration: Indefinite (duty cycle current limit on overload)
(iv) On state current limit: 0.75 A (typical)
(v) Off state leakage current: 1.0 mA (maximum)
c. Output switch with internal source shall comply with the following:
(i) Source resistance: 660 (nominal)
(ii) Off state leakage current: 0.5 mA (maximum)
8.4.3.4 AC Contact Input I/O Modules
a. I/O module capacity shall be 8, 16, or 32 independent channels. LEDs (1 per channel) shall indicate input channel status. Input shall comply with the following:
(i) On state voltage: 79 V ac to 132 V ac
(ii) Off state voltage: 0 V ac to 20 V ac
(iii) Current: 2.2 mA (typical) at 20 V ac to 132 V ac
b. Source resistance limits shall be as follows:
(i) On state: 1 kΩ (maximum) at 79 V ac
(ii) Off state: 100 kΩ (minimum) at 132 V ac
c. Isolation shall be as follows:
(i) Input to ground: 600 V ac
(ii) Input to input: 600 V ac
d. Filter time shall be configurable 4, 8, 16, or 32 ms.
8.4.3.5 DC Contact Input I/O Modules
a. Input capacity shall be 8, 16, or 32 independent channels. LEDs (1 per channel) shall indicate input channel status. Isolation shall be as follows:
(i) Input to ground: 600 V ac
(ii) Input pair to input pair: 600 V ac (Channels are paired and share common return. Isolation is between pairs of channels)
b. Filter time shall be configurable 4, 8, 16, or 32 ms. Contact sensor input range (each channel) with contact open (off) or closed (on) shall be as follows:
(i) Open circuit voltage: 24 V dc ±10 percent
(ii) Short circuit current: 2.5 mA (maximum)
(iii) On state resistance: 1 kΩ (maximum)
(iv) Off state resistance: 100 kΩ (minimum)
c. Voltage monitor input shall comply with the following:
(i) On state voltage: 15 V dc to 130 V dc
(ii) Off state voltage: 0 V dc to 5 V dc
(iii) Current: 2.2 mA (typical) at 5 V dc to 130 V dc
d. Voltage monitor source resistance limits shall comply with the following:
(i) On state: 1 kΩ (maximum) at 15 V dc.
(ii) Off state: 100 kΩ (minimum) at 130 V dc.
8.4.3.6 Frequency Input I/O Modules
a. Input module capacity shall be 4, 8, 16, or 32 independent channels. Input voltage range (redundant) shall be 26 V dc to 42 V dc. Input frequency shall be a
minimum:
(i) 3 Hz for conversion time of 0.5 s and 1.0 s.
(ii) 5 Hz for conversion time of 0.2 s.
(iii) 10 Hz for conversion time of 0.1 s.
b. Maximum input frequency shall be 12.5 kHz. Input resistance shall be 10 k.
8.4.3.7 Analog Output I/O Modules
Output module capacity shall be 4, 8, or 16 isolated and independent channels. Output range (each channel) shall be 0 to 20.4 mA dc. Maximum output load shall be 735 .
Compliance voltage shall be 18.6 V (nominal) at 20 mA dc at I/O field terminals. Rated mean accuracy shall be 0.05 percent of span. Settling time shall be 100 ms to settle within 1 percent band of steady state for 10 to 90 percent input step changes. Linearity error shall be 0.025 percent of span (monotonic). Resolution shall be minimum 12 bits.
8.4.3.8 Analog Input I/O Modules
Input module capacity shall be 8, 16, or 32 isolated and independent channels. Input range (each channel) shall be 0 to 20.4 mA dc. Rated mean accuracy shall be 0.05 percent of span. Isolation shall be 600 V ac between any channel and ground or between a given channel and any other channel.
8.4.3.9 Thermocouple (mV) I/O Modules
Input module capacity shall be 8, 16, or 32 isolated and independent channels and 1 isolated reference junction compensation channel. Input range shall be 10.5 to
71.41875 mV dc. Rated mean accuracy of mV channels shall be 0.035 percent of span (0.028 mV). Input open circuit voltage shall be 0.25 V dc. Typical thermocouple types shall be B, E, J, K, R, S, T, N, and other milli-volt signals. Isolation shall be 600 V ac between any channel and ground or between a given channel and any other channel.
8.4.3.10 RTD I/O Modules
Input capacity shall be 8, 16, or 32 isolated and independent channels. Input range (each channel) shall be 0 to 320 . Rated mean accuracy shall be 0.025 percent of span (0.08 ). Input connections shall support two, three, or four wire variable resistance temperature sensors. Typical resistance temperature sensors shall be copper, platinum or nickel. Input voltage range (redundant) shall be 26 to 42 V dc. Isolation shall be 600 V ac between any channel and ground or between a given channel and any other channel.
8.5 Control Processor
8.5.1 Specifications
Control processor shall be redundant and provide automatic switchover to backup. Control components shall be distributed throughout the system in a way that failure of one controller does not affect performance of the remaining system components. Control processor shall be housed in an industrial enclosure. Controllers shall be designed to minimize probability of more than one control loop being disabled at any time.
Removal of a faulty control processor and its replacement with a good controller shall not require shutdown of other parts of system. Adequate checks shall be included in processors to ensure that erroneous data is not used for control manipulation. Control processor scan rate shall be suitable for process application.
8.5.2 Fault Tolerant, Hot Standby
SCADA systems that require the highest possible up time shall have a hot standby (redundant) processor scheme to provide for a fault tolerant system. This scheme shall have bump-less transfer, transparent to the process and, except for annunciation, transparent to the operator. Transfer between any system redundant elements shall be annunciated.
The preferred redundant scheme is to have the entire program memory transfer from the primary controller to the standby controller. The redundancy scheme should also be transparent to the user application program. Processor failure has to be detected by appropriate processor cross checking or by means of a watchdog timer that times both set and reset transactions from the processor that it is watching. It shall be possible for the operator to exchange the processor primary and backup assignments. Automatic exchange once per day or once per shift would be desirable.
8.5.3 I/O Interface
If communication between I/O modules and control module fails, output shall automatically change to user defined value. I/O module shall match process signal type. If specified, module shall have ‘smart’ capability. System shall be certified non-incendive by Factory Mutual (FM), Underwriters Laboratories (UL), or other certified approval agency. Where area classification or local regulations dictate, system shall be designed and certified as intrinsically safe. If specified, I/O system shall be redundant. I/O module contamination shall be Class G3 (harsh) in accordance with ANSI/ISA S71.04.
8.5.4 Cycle Time
System cycle time is defined as the time elapsed between a change in state at a corresponding output based on a change of state of an input, and shall consider program execution, scan time and output action time. Maximum system cycle time shall be as short as practical, but shall not exceed 0.5 s.
8.5.5 Memory
The vendor shall provide controller memory that meets the requirements of the application software and the overall system performance specifications.
8.5.6 On Line Changes
On line changes means that the program can be edited while the SCADA system is operating. The program checks the syntax of each command as it is entered, and does not attempt to execute the command until the syntax is correct. The program is not compiled. This approach, as opposed to generating and compiling the program in a separate computer and then loading and executing the compiled code, tends to reduce development time and to simplify trouble shooting and maintenance.
System shall support online modification of configurations and updating of system software without:
(i) Interruption of controls (other than directly affected points)
(ii) Requiring system shutdown
Interconnection of controllers and auxiliary functions shall be easily modifiable after system is operational. Configuration shall be capable of being performed on a personal computer or engineer workstation without the remainder of the system. Configuration shall be stored on disk or tape, with capability of downloading to remainder of system later.
Capability of copying and modifying an existing configuration shall be included to allow similar loop configurations to be done quickly. Reconfiguration (add, delete, or change) shall be possible with system in operation, with no interference to loops not being reconfigured.
8.5.7 Remote S/D
The SCADA system shall be capable of remote shutdown of monitored equipment. The system operator shall have the ability to shutdown a pump, compressor, treating facility or to close or open a valve that is normally controlled by a local RTU or PLC. This override of local control shall be password protected.
8.6 Watch Dog Module
A watch dog circuit shall be provided to monitor the timely execution of application programs. This circuit shall reset the application program when a runaway software process hangs the system. Noise or an electrical spike sometimes causes this software hang up.
8.7 Operator Station
8.7.1 Specification
a. The operator stations shall be provided with at least one 17- inch, high resolution CRT with touch screen, keyboard, mouse or track ball and disk drives.
b. The functions available through the use of a touch screen shall be available through the keyboard.
c. Operator stations shall be provided with an Ack key for acknowledging alarms. A set of at least 12 configurable keys shall be provided.
d. Operator keyboard shall be provided with the following dedicated keys:
(i) Set-point and output ramping – fast and slow
(ii) Auto and Manual mode switching
(iii) Configurable single buttons for calling up designated displays
(iv) Means to call up alarm displays
8.7.2 Network Interface
The SCADA system shall have the ability to communicate over a LAN with other intelligent devices, for example PLCs, a central computer, or DCS. The vendor shall provide the communication port required, based on the distribution of these intelligent devices and the distance between them.
8.7.3 Data Storage
Hard drives shall be provided integral to the operator station. Hard drives shall have the capacity to store system software, operating program, configuration data, process information, graphs, standard displays, trend program, and historical data. Hard drives shall not be essential for normal control of process once the system loading has been accomplished. Two removable media, CD-ROM and Zip drives shall be provided to load system programs and to backup application program, and configuration data.
8.7.4 Memory
The workstations shall be provided with sufficient memory based on the requirements outlined in the purchase specification. Memory shall be
sized to accommodate future expansion capability of at least 50 percent.
8.7.5 Monitors, Pointing Device, Audible Device
a. Monitors shall have a minimum 640 x 480 pixels, and shall have high-resolution color capable of displaying mixed alphanumeric and graphic information. It is of prime importance that the operational displays present the exact status of the plant under control.
b. Vendor shall provide pointing devices (mouse, track ball) for each operator workstation.
c. The audible alarm device shall have a minimum of three discernible tones. The tones shall be assignable depending on alarm priority, or the kind of alarms, for example process alarms, operation error, and diagnostic alarm.
8.7.6 Interfaces
Operator station interface to the SCADA system shall be redundant and pending password access level, shall provide access to all system devices.
8.8 Peripherals
8.8.1 Alarm Printer
The alarm printer shall log the process and system alarm messages as and when they occur, and also the alarm history for each shift of operation or on demand from operator console. Print out shall show as a minimum the tag, the process variable, description, date and time of occurrence, time of acknowledgment and time of return to normal.
8.8.2 Report / Log Printer
The logging printer shall provide the following facilities:
a. Printing of hourly, shift and daily log
b. Report printing on operator request
8.8.3 Color Printer
Color screen copiers shall be provided with the system. Copying shall be accomplished by a single push button operation associated with the screen involved. The screen copier shall be able to print any screen displayed on any workstation. Video copiers shall be selectable from any console.
Once a copy has been initiated, it shall be possible to change the screen display without affecting the copy operation that is, the copier shall have buffer storage for at least two full screens.
8.8.4 Engineering Printer
If specified, an engineering console will require a minimum of one printer. The type and number required shall be listed in the purchase order.
8.8.5 Sequence of Event Alarm Printer
The sequence of events (SOE) recorder is a high performance PC with the appropriate application and utility software to capture and store data for future analysis. The vendor shall provide a printer that meets the application requirements of the SOE recorder. This printer may be a dedicated printer or a system printer if permitted by the project specifications.
8.8.6 Modems
Modems shall be provided when telephone lines are available for data transmission from remote locations. Modems shall have automatic dialup feature. Redundant modems shall be provided when the data is considered critical in the project specifications.
8.9 Cabinet, Console Specification
8.9.1 System Cabinets
a. Industrial enclosures shall house control loop I/O interface modules and electronics for performing analog-to-digital and digital-to-analog conversion, multiplexing, and signal processing. Power supplies shall be mounted near top of cabinets above all processor equipment.
b. Cabinets shall normally be designed for cable entry through the bottom. Top entry may be required if a computer floor is not provided. In either case, panduit shall be furnished to route field wiring from cable entry point to termination panels. 230 Vac wiring shall be routed in metal panduit or flex metal conduit.
Termination panels, if mounted in I/O rack, shall be a minimum of 0.3 m above bottom of cabinet. Equipment within I/O racks shall be arranged in a logical manner for efficient maintenance and construction. Layouts shall be subject to Company approval. If available as a standard option, sealed I/O rack design shall be specified for maximum dust protection.
Tagging and nameplates shall be specified to facilitate maintenance. Care shall be taken to review system diagnostic messages to confirm legend on nameplates and tagging is consistent. Wiring shall be adequately spaced such that any single wire can be removed from its terminal without disturbing other wire terminations and without resorting to supplier specific tools, that is, it shall be possible to remove wire by hand with standard tools. Use of high-density terminal panels shall be subject to Company approval. Wire ducts shall not exceed 50 percent fill. Terminals for low voltage (50 V or less) signals shall be large enough to accommodate two 1.6 mm diameter wires. Terminals for 230 Vac (or higher) I/O wiring shall be large enough to accommodate two 2.75 mm diameter wires.
If field cables with individually shielded pairs are used provision shall be provided on termination panel or in I/O rack for termination of each shield. Copper ground bus shall be installed in termination I/O rack.
8.9.2 I/O Interface Cabinets
a. Equipment within an I/O cabinet shall be arranged in a logical fashion for efficient maintenance and installation. Layouts shall be subject to approval of client.
b. Wiring shall be adequately spaced such that any single wire can be removed from its terminal without disturbing other wire terminations and without resorting to special tools. Wire ducts shall not be more than 50 percent full. Wiring, both signal and power wiring shall conform to NEC.
8.9.3 Power Distribution Cabinets
Power for the SCADA system shall be provided from UPS. If the SCADA vendor provides the UPS, the UPS cabinets shall match other system
cabinets in size, color and structure.
8.9.4 Operator Console
a. The vendor shall supply consoles with operator stations, printers, bulk storage media and I/O devices as called for in the purchase order.
b. Operator consoles shall consist of at least three operator stations or as specified in the purchase order. Operator stations shall have a keyboard, track ball or mouse and touch screen as input devices. Each operator and engineering station shall have access to a printer for logging alarms, system event logs and printing reports.
c. Each system shall be provided with at least one engineering station. The engineering station shall provide the capability to
configure and program all devices within the system including:
(i) Configuring all I/O devices, controllers, data storage devices and computing devices
(ii) Building displays
(iii) Programming for user generated computer language
(iv) Debugging
(v) Configuring and building the data base, logic functions, control loops, indicating points, tuning loops and trouble shooting
d. Each console shall be provided with at least one printer. The engineering station shall be provided with a printer. The number of printers required shall be stated in the purchase order. Printers shall be high speed, high quality and quiet in operation. They shall be laser printers. Printers shall be able to:
(i) Record time of occurrence and type of alarm
(ii) Perform logging functions
(iii) Record changes in controller status
(iv) Print graphics, trend data, and data base information
(v) Print screen display
8.10 Equipment Noise and EMI Specification
a. Operators in control rooms shall be assumed to be using hand held radios with wattage rating of 5 W. Equipment shall be designed to operate such that there shall be no degradation of performance when these radios are used within 3 m of equipment.
b. Errors caused by RFI shall not exceed 0.1 percent of span for exposure to a field strength of 10 V/m over a frequency range of 10 – 1000 MHz.
c. The system shall be provided with provisions for protection against system errors and hardware damage resulting from electrical transients on power or signal wiring. These include those generated by switching large electrical loads, power line faults and lightning induced surges on power or signal cables.
d. The noise level for equipment shall be limited to 60 dBA.
e. Noise measurements shall be based on tests carried out in accordance with ANSI standards.
9 Software Specifications
9.1 System Operating Software
9.1.1 Data Base Management
a. Software configuration and programming shall be possible from a personal computer, as well as from an operator or engineer workstation.
b. System shall be able to test for syntax errors and test run programs for actual operation.
c. The elements of a good database require that a well-established tagging convention be followed and maintained. The system shall support an at least twelve-character tag name with a combination of alpha and numerical characters.
d. Instrument tags on the P&ID instrument index shall match the database as closely as possible.
e. A point descriptor shall be used to describe the point’s application and shall be well coordinated with operation personnel. The system shall support a descriptor with 32 characters.
f. Tag IDs shall be unique to the system and access to all tag parameters for configuration shall be available by tag ID.
g. Each tag number shall have an associated engineering unit assigned to it. The engineering unit assignment shall be well established at the beginning of a project. Engineering unit descriptors shall have a minimum of eight alphanumeric characters. The engineering unit descriptor shall be displayed when the Tag No. is called upon the screen.
9.2 Engineering / Configuration Software
9.2.1 The system shall meet the application standards of ANSI/IEEE 488 and 802.3.
9.2.2 Online Configuration
a. The system shall be provided with a database configurator that can configure the system either using a personal computer or from the engineering workstation.
b. All the configuration functions shall be performed using this software to generate the database and the standard displays for the entire system.
c. Some of the desirable features of the configurator are listed below:
(i) A facility to cut, copy and paste shall be provided. This feature facilitates creating multiple points that have similar parameters, except for change of tag name, point address, descriptors, range, and alarm set-points. This ‘template’, once defined, can be used over and over again to build points that are similar.
(ii) Revisions to database shall automatically update all modules and tags.
(iii) All configurations shall follow validation procedures.
(iv) Any invalid configuration data shall be flagged and affected parameters indicated.
(v) It shall be possible to revise database on-line without having to stop the process.
(vi) Means shall be provided to prevent invalid configuration changes from affecting the process.
(vii) Configuration data shall be verified and the point shall be placed on manual or inactive mode to prevent any invalid data which might affect operations.
(viii) Configuration data shall be saved on both removable and non-removable media for backup purposes
(ix) Redundant on-line storage shall be provided for configuration files.
(x) Changes to a control block / loop in a control module shall not affect other control loops in the module.
9.2.3 Offline Configuration
Offline configuration shall have the applicable features of online configuration.
9.2.4 Remote Configuration
Remote engineering and configuration shall be possible for anyone with the proper access level and appropriate software loaded on their PC or computer.
9.2.5 Utility
The system software shall be provided with a utility, which shall have as a minimum the following features:
a. Ability to search the database and provide information
b. Provide a cross-reference listing of the database containing tag id, tag descriptor, point type, and hardware address
c. Provide an alphanumerical sort of the database by any field
d. Print, display and save to any media
e. Ability to save and restore database
9.2.6 Import / Export of Data
A database editor shall be provided. The editor shall have the following features:
a. It shall be possible to modify or generate a database using the editor
b. It shall be user friendly and intuitive and employ fill-in-the-blank type screens
c. The system shall provide a step by step guide for completing the information required to complete the database
d. It shall be possible at the beginning of a project to build the database in a personal computer using a commercially available database such as Microsoft Access and later download it to the system using a converter.
9.2.7 Graphic Generation
a. The system shall be provided with the capability to build custom graphic displays to present data to operations in a pictorial fashion. A custom graphic display shall have the ability to present process and control schematics, alphanumeric text, and real time data and face plates all in one page.
b. The system shall have the capability to build at least 400 graphic pages.
c. Operator shall be able to operate the control strategies, change set points, mode and outputs.
d. The system shall be provided with a utility to build and modify custom displays using graphical user interface (GUI) and conversational type programs. Building and modifying graphics shall be an engineer’s function and shall be keylock or password protected.
e. It shall be possible to build graphics with at least 300 dynamics parameters in one display (PV, set-point, and output) without impacting update time.
f. Graphic displays shall be updated at least every four seconds. Simpler graphics with less data shall be updated faster.
g. The color coding for, for example display line, process variable, text and output, shall be user configurable.
h. Process data shall be displayed in both graphical and bar graph format. The height of the bar shall be configurable on an individual tag basis.
i. A standard set of commonly used symbols in refinery, petrochemical and power plants shall be available from a menu template.
9.2.8 Document Production
The system shall support self-documentation, including printed organizational summaries, in a convenient manner. The project design shall include documentation in a form that can be easily updated by the plant. Tabular data in a common form, for example spreadsheet or database formats, is desirable. Loop sheets shall be required for control loops and circuits with multiple functions that are linked. Transfer of documentation information to other packages, for example CAD drawings and databases is desirable. The objective is single point entry for changes, with self-synchronization of all other documentation.
9.3 Control Processor Software
The SCADA system controls shall be capable of performing all required control functions. As a minimum, loop controllers shall be capable of P, PI, or continuous proportional, integral, and derivative (PID) control, batch control, logic control, and user programmable control. Non-linear and self-tuning capabilities shall be configurable for each loop. Tuning adjustments for controllers shall be readily accessible at operator station. Each controller shall be capable of serving as primary or secondary controller in a cascade loop. Controller parameters shall be updated each time a block is processed by the CPU. Cycle time shall be selected as required. Control system shall be capable of processing entire control loop within 1/2s. Auxiliary functions shall be available for performing functions such as ratio, bias, square root, summing, and linearizing of thermocouple signals. Controllers shall be capable of maintaining regular scan time while performing adjustments to all control loops, logic sequences, and programs configured.
9.3.1 Analog Control Function
Controllers shall have capacity for standard proportional, integral, and derivative control modes. Modes shall be available individually or in combination. Cascade and ratio from other controllers or inputs shall be supported, preferably via software links rather than hardwire. Controllers shall have provisions for limiting reset windup in primary controller and higher-level cascade controllers. Output, set point, and integral limits shall be provided. Adaptive gain algorithms and self-tuning shall be available. Balanced and bump-less transfer between control modes (cascade, automatic, and manual) and between control schemes, for example override control, shall be provided. Override control shall prevent windup of non-selected controller(s) such that quick transfer and response is provided if non-selected controller(s) need to assume control.
Control capabilities shall be available as software configuration within controller, without requiring custom programming. Available algorithm setshall be investigated, considering process requirements to confirm their suitability.
9.3.2 Loop and Logic Control
Controllers shall have capacity for performing interlocking, counting, and sequencing. These functions shall be configured through use of, for example ‘AND’, ‘OR’, and logic gates. Logic gates shall be discrete I/O; operator inputs; and outputs of other logic gates. Logic gates shall be combinable into series and parallel configurations. Ladder logic or Boolean logic programming capability shall be an acceptable substitute for logic gates. Logic functions on numeric values, for example analog, accumulation, pulse rate, numeric, and tuning constants shall be supported, for example comparisons (‘greater than’, ‘less than’, ‘greater than or equal’ and ‘within ‘x’ of’) with adjustable dead-band.
9.3.3 Sequence / Batch Control
Batch programming shall comply with ANSI/ISA SP88. If required by process, controllers shall have capability of performing batch control. In this mode, controllers shall be programmable to perform sequential steps to control process. Such steps shall consist of both continuous PID control and discrete logic functions. Programming shall be able to adjust parameters, for example set points, ranges and modes, for continuous PID algorithms as process moves from step to step. At the same time, programming shall have ability to actuate on/off outputs based on discrete inputs, analog inputs, and program step.
In addition, system shall be able to store multiple ‘recipes’. Selection of a recipe by operator shall set up, for example, controller with proper set points and sequencing for that recipe. Timers shall be provided. Timers shall support timing of, for example steps and actions, and triggering of alarms and events upon time-out. Reporting shall be supported. Report generation shall be periodic (time based), event driven, and upon demand. Reports shall include historical and current values. Standard report formats shall be provided, with a ‘free format’ report option included. System shall allow for debugging of programs by supporting at least single-step execution and switchable statements that are executed only if a specific DEBUG flag is set.
9.3.4 Standard Logic Elements and Application Program Tools
The following list of instructions shall be available to develop the application program:
a. Math instructions: add, subtract, divide, multiply, and square root. These functions shall be available for real numbers and integers
b. Relay logic: These shall include N.C., N.O., transitional contacts, standard relay coil and latched relay coil
c. Timers and counters: on delay, off delay timers, up and down counters. Time base shall be from tenths of seconds to hundreds
of hours
d. Comparison elements: greater than, less than, equal to, not equal
e. Data manipulation: bit rotate left, bit rotate right, bit shift left, bit shift right, BCD to binary, binary to BCD
f. Advanced functions: matrix compare, matrix and, or, table to register move, register to table move
g. Control algorithm: PID, lead-lag
h. Program statements: jump to, label, and skip
9.4 Operator Station Software
9.4.1 Graphical User Interface Requirements
System network and console data rate shall be such that operator initiated control changes take effect in the control processor within 1 s. Display data shall be updated at least every 5 s. The system shall operate such that operators can access displays needed with a minimum of requests (keystrokes).
9.4.2 Intuitive Graphical Design
Graphical design shall be intuitive and shall follow a site or plant standard in use of colors, shapes and responses to operator actions. Such standardization enhances operator efficiency and positively affects safe operation of system, particularly during upset conditions when quick scanning of information and response is essential.
9.4.3 Operator Console Function
a. Screen keys (or targets) shall be provided to transfer control loops bumplessly between automatic and manual. Additional keys shall be available for access to adjustable control parameters: setpoint, output, ratio, and bias. Keys assigned to parameters not configured for a loop shall be disabled during control of that loop.
b. Keys shall be provided to ramp selected control parameter positive or negative. It shall also be possible to directly enter a new value for selected control parameter without ramping through intermediate values. Changes to a parameter shall appear on display as they occur.
c. Additional keys shall be provided as necessary to access various displays, interrogate system status, and operate auxiliary peripherals.
d. Pressing of illegal keys during any operation shall be ignored or shall indicate an error condition on display. Data entry that will inadvertently alter control loop configuration procedures shall be accessible by means of a security password.
9.4.4 Standard Displays
As a minimum, the following displays shall be available at operator stations:
a. Measured variable, set point, and output shall be displayed for selected control loops. Each loop shall have adjustable alarm limits. If a limit is exceeded, a visual and audible alarm shall be generated, with the loop in alarm clearly identified on display.
b. Group displays shall provide detailed information on a selected group of variables. Group shall include controlled and indicated variables. Data displayed shall include variable identification, analog and alphanumeric indication of process variable value, process upper and lower absolute and deviation limits, and, if applicable, control mode, set point value, and output value. Control of a selected loop shall be possible from display, with the loop selected clearly indicated on display.
c. Individual detail display shall provide detailed information for a selected block. This display shall contain the same information as the group display, with additional alphanumeric data pertinent to the loop selected, for example configuration information.
d. Real time trend data for any variable shall be available for display, including process dynamics. Range of variable shall be displayed in alphanumeric with trend plot. It shall be possible to display at least three trend plots simultaneously. Display shall be updated as new process values are obtained.
9.4.5 Display Management
The system shall be able to create and store a library of custom graphic symbols. Touchscreen, mouse or trackball shall create graphics. System shall be capable of printing configuration of logic built into graphics.
9.4.6 Alarm Handling
a. Control system shall be capable of providing process variable high and low limits, deviation from set-point limits, and output high and low limits. Limit values shall be adjustable at operator station. Exceeding an absolute or deviation limit shall result in both audible and visual alarms. Alarm condition shall be immediately indicated to operator, regardless of display being viewed at time of alarm. Operator station shall have a button for acknowledgment of an alarm condition.
Alarm acknowledgment shall cause flashing video to cease, but alarm indication shall remain as steady inverted video or red until alarm condition is corrected. Alarm history and current alarm summary shall as a minimum show last 100 alarms in chronological order. Alarms shall be sorted by sequence, priority, or status. If specified, alarm sequence of events capability with 100 ms resolution shall be provided. System shall inform operator of malfunctions before they become ‘fatal’. For example, if system has redundant 24 V dc power supplies, each of the power supplies shall have a status input to system such that failure of a power supply can be sensed and repaired while redundant supply maintains system operation.
System shall have alarm capabilities to notify operator of process upsets. Notification shall be made on CRT. In addition, other direct indication, for example back light keyboard keys, is desirable. Screen call up shall require only single actions, for example one keystroke or one touch target, to access critical operating screens. System shall be capable of sustaining standard operation during process upsets in spite of large number of alarms generated and output adjustments required.
Consoles shall continue to enable operators to view and control process with minimal slowdown (for example a factor of two but in no case longer than 5 s response to change screens) by system while logging all alarms and updating all changing values.
b. Visual alarm shall appear on the displays indicating group or particular loop in alarm, as configured. Alarm indication shall consist of group or loop alphanumeric identification displayed as flashing inverted video or flashing red. Visual alarm shall begenerated if any process variable exceeds absolute or deviation limits. If loop in alarm is accessed, visual alarm indication shall continue on display and remain until alarm condition is corrected.
c. Audible alarms shall be solid state, pulsating type, installed in operator station.
d. System shall permit establishment of alarm priorities to guide operator quickly to the most urgent alarm condition. Alarms shall
be capable of being suppressed based on alarm priority.
e. A printer shall be included to record time of occurrence and type of each alarm on system. Alarm shall be individually configurable to print on specified basis of priority. System files shall include alarm history such that data on alarm occurrences is readily available to operator.
9.4.7 Abnormal Event Handling
a. The SCADA system shall provide for abnormal conditions occurring either within the system or in a sub-system. In particular the following events shall be handled:
(i) Alarm clearing before acknowledgment
(ii) Printer breakdowns
(iii) Alarm avalanches (flood)
b. The system shall be able to assemble data and to print various kinds of standard reports, all of which shall be available on demand via a single keystroke. The system shall provide the following basic types of reports as a minimum:
(i) Event lists
(ii) Operator action reports
(iii) Custom reports with fixed or variable formats, or both
c. The above reports shall be able to use real time data, historical data, trend data or calculated data generated or stored on any node in the system or any connected device to the system, for example PLCs, supervisory computer or process computers. Logging functions shall be capable of being initiated by the operator on demand, or on a predefined schedule. All points in the system shall be available for logging. A logging report function shall be available on the operator workstation to enablethe engineer to make free-format reports of text and data that may be printed on a printer connected to the operator workstation. The report types shall be:
(i) On demand
(ii) At a predefined time (for example hourly, shift or daily)
(iii) Event triggered
(iv) Real time events with six hours worth of data to help in diagnosing shutdown incidents. These reports shall be stored on separate files from historical and trend data
d. Events shall be capable of being historized, and subsequently recalled for logging or display purposes. In the event of a printer failure, the system shall provide an alternative path for printing or maintain the events in the console print buffer and alert the operator. In any case the alternative print path shall be readily accessible and print out the data without loss.
9.5 Trending
System shall be capable of real-time and historical trends. Trends shall display tag name, engineering units, span, and alarm status. Control points shall be controllable from their trend display. At least three points shall be trended on the same plot, distinguished by different colors. Multiple plots shall be displayed on the same screen. Trends shall have scroll feature to display value and time at a selected point, as well as adjustable time base and measurement span.
Historical trend data shall be stored by system for display at a later time. System shall as a minimum have capacity to trend all points with a 15 s resolution for 96 hours. All points (including associated set points and outputs) shall be trended. ‘Windowing’ shall be provided to allow display of a trend as part of an active graphic display. Variables to be stored shall be selectable at operator station. Stored data shall be available for display at any time in same manner as real time trend display. There shall be no interference between historical data storage and real-time trend data display. Historical trend data shall be available at computer interface.
9.6 Reports and Logs
The report function shall allow the user to define fixed or free format logs, define periodic execution and to select the output device. The fixed format logs shall report current and historical data and display the information on any operator or engineer’s station. The report generator shall have the ability to specify report generation on demand or on a time schedule basis. It shall be possible to define the output device (printer, or CRT storage media).
10 System Performance
10.1 System Availability
The control system, when in a redundant processor configuration, shall have an availability requirement of 99.99 percent when a MTTR of less than 60 minutes is assumed. The vendor shall demonstrate that the system has this availability. Single point component failure shall not result in loss of availability of the control system.
10.2 System Reliability
Vendor shall provide a listing of the failure modes of the SCADA system and the impact of such failure on the system performance. The MTBF and MTTR numbers for the system shall be provided.
10.3 Performance Specifications
10.3.1 The vendor shall provide a system that will meet the following performance specification:
a. Each operator station shall have access to 2000 tags b. Each operator station shall have access to 200 user-defined graphics
c. All displays and graphics when accessed, including fully active dynamic elements shall be complete within 4 s
d. The frequency update for real time data shall be at least once every 4 s
e. Historical data display shall occur within 5 s of call up
10.4 On Line Replacement
All system components shall be easily removed and replaced. I/O modules and redundant modules and devices shall be removable with the power on, without disturbing field wiring or other wiring not directly associated with the item being removed.
10.5 System Diagnostics
Vendor shall provide a diagnostic program for off-line testing of all devices in the system.
10.5.1 Module Status and Fault Identification.
a. The system shall be provided with continuous on-line self diagnostics to monitor the state of all the nodes and communication cables in the system including:
(i) Control processors
(ii) Communication processors
(iii) Input / output modules
(iv) Operator workstations
(v) Engineering workstations
(vi) Communication cables
(vii) All peripherals
b. Each diagnostic shall be capable of recognizing the following operational states:
(i) On-line: Normal and fault restricted operation
(ii) Active: Fault restricted operation, standby state, test state
(iii) Inactive: Failed state identifying nature of failure, turned off state, physical removal from the system.
10.5.2 Processor and Communication Loading Status.
a. Device diagnostics shall be available showing the status of all devices in the system. As a minimum the following shall be included:
(i) System status display showing network devices and their health
(ii) Status of all communication systems showing each device and the communication path (primary active or secondary active, cable A or cable B in service)
(iii) The detailed loading status of each device or cable
b. Diagnostic displays shall be provided for each module in thesystem. It shall be possible to use these in trouble shooting the system. An on-line help screen shall be provided, which shall provide an interpretation of the error codes, and diagnostic messages.
10.6 System Clock and Synchronization
The SCADA system clock shall be synchronized with the network clock and all devices on the network, to ensure synchronous communications in the transmission and reception of data and control characters.
11 Documentation
The vendor is required to furnish all drawings and documents. These documents shall include the following:
11.1 With Bid
a. Conceptual system architecture drawing
b. Bill of material showing the complete list of all hardware and software furnished with the system.
c. General arrangement of cabinets and consoles, with front and rear views.
11.2 After Order
a. Complete cabling, wiring and schematic drawings
b. System operating, maintenance and engineering manual
c. Power and grounding plan
11.3 After Kick Off Meeting
a. Functional specification fully defining the SCADA system functional relationship to the control equipment.
b. Specifications for all interfaces and programs.
c. Fabrication drawings showing dimensional detail for cabinets and consoles.
d. Drawing showing equipment location, terminal panel location, power entry point, and breaker location.
e. A system startup procedure describing the sequence of events for powering and commissioning the system. A boot up procedure shall be provided for fast system recovery in case of system lockup or loss of power.
11.4 As Built
a. Complete database.
b. Complete cabling, wiring and schematic drawings.
11.5 Electronic Documentation
a. All hardware and software manuals.
b. Two copies of the database in electronic form.
12 Factory Acceptance Test
12.1 SCADA systems shall be subjected to a factory acceptance test (FAT) at the vendor’s facility. Client will witness the test. Prior to FAT, the vendors shall have
completed their own check for hardware and software functionality and integrity. The vendor, with assistance from Company, shall develop a detailed FAT procedure
that describes the testing to be conducted at the vendor’s facility.
12.2 The FAT shall demonstrate the integrity of each component, functionality of the application software, redundancy of processors, I/O modules, and power modules. Functional test of software shall use appropriate simulation of inputs and observing the correct output. The vendor shall provide any test equipment required to facilitate the verification of the system.
12.3 All test reports shall be properly documented. Any deficiency noted during the test shall be corrected before shipment to site.