K 360

PDVSA
ENGINEERING DESIGN MANUAL

VOLUME 9II ENGINEERING SPECIFICATION
PDVSA N
TITLE
K360
PROGRAMMABLE LOGIC CONTROLLERS
0
REV.
AUG. 94
DATE
FOR APPROVAL
DESCRIPTION DATE
30
PAG.
L.T.
REV.
E.J.
APPD. DATE
A.N.
APPD.
APPD.BY Eliecr Jimnez
AUG. 94 APPD.BY Alejandro Newski
AUG. 94
E PDVSA, 1983
ESPECIALISTAS
ENGINEERING SPECIFICATION
PDVSA K360 REVISION DATE
PDVSA
Men Principal
AUG.94
Page
Indice manual Indice volumen
Indice norma
Index
Page
1 SCOPE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 CODES, STANDARDS AND PRACTICES . . . . . . . . . . . . . . . . . . . . 3 DEFINITIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 GENERAL REQUIREMENTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

4.1 4.2 4.3 4.4 4.5 4.6 4.7 4.8 4.9 4.10 5.1 5.2 5.3 5.4 5.5 5.6 5.7 6.1 6.2 6.3 6.4 7.2 7.3 7.4 7.5 7.6 7.7 System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Modification Capability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Communications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . System Capacity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Port Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Assembly . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ESD System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . General . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Cabinets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Redundancy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Power Supply . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Grounding System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Radio Frequency Interference (RFI) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . System Hardware Testing shall Cover the Following Areas . . . . . . . . . . . . Control Strategy Integrity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Controllers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Programmable Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . System Software Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Data Base . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuration Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . System Documentation Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Self Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4 4 5 5
5 6 6 6 7 7 7 7 7 8
5 HARDWARE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
8
8 12 13 14 14 14 14
6 SOFTWARE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
15
15 15 19 19
7 CONFIGURATION MAN MACHINE INTERFACE . . . . . . . . . . . . .
21
21 21 22 22 22 22
PDVSA
Men Principal
AUG.94
Page
Indice norma
Index (cont.)
Page
8 NETWORKS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
8.1 8.2 8.3 8.4 8.5 8.6 8.7 9.1 9.2 Functional Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Communications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Security Network Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Time Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Node Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Remote Networks Integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Security Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Proportional Control Loops . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Discrete OnOff Control Loops . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
23
23 24 24 24 25 25 25
9 SYSTEM TUNING . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
25
25 30
10 SPECIFICATION FORM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 INSTALLATION AND COMMISSIONING . . . . . . . . . . . . . . . . . . . . . . 12 Q.A. / Q.C. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
30 30 30
PDVSA
Men Principal
AUG.94
Page
Indice norma
FOREWORD
This document is the result of several years work by engineers in the petroleum industry of Venezuela (PDVSA). The recommendations presented in this publication are not intended to supersede applicable laws and regulations. Users of this recommended practice are reminded that no publication of this type can be complete, nor, can any written document, be substituted for qualifed engineering analysis. Suggested revisions are invited and should be submitted to:
The manager PDVSA Engineering Standards, C/O INTEVEP TENA Divisin, Apartado 76343 Caracas 1070A Venezuela
PDVSA
Men Principal
AUG.94
Page
Indice norma
SCOPE
This section covers PDVSA requirements for the design, specification, installation and commissioning of programmable logic controller (PLCS) systems. All guidelines of the introduction Specification K300 shall also be explicitly followed.
CODES, STANDARDS AND PRACTICES

ANSI/NFPA 70 ANSI C37.901978 A.P.I. RP550. National Electric Code Surge Withstand
IEC 65A (Secretariat 123) Functional Safety of Programmable Electronic Systems: Generic Aspects. IEC 65A (Secretariat 122) Software for computers in the Application of Industrial Safety Systems. IEC 6826 Sinusoidal vibration IEC 68227 Shock IEC 68234 Random vibration wide band IEC 529 Electromagnetic Compatibility for Industrial Process Measurement and Control Equipment. IEC 8011 General Introduction IEC 8012, Level 3 (8KV) Electrostatic Discharge Requirements IEC 8013 Level 3 Radiated Electromagnetic Field Requirements IEC 8014 Class 3 Electrical Fast Transient/Burst Requirements IEC TC77B (Secretariat) 72 IEEE 4721974 IEEE 1100 ISA SP50.182 ISA SP84x ISO 9001 MILHDBK217 E MIL STD 461C Part 4 MIL STD 462 Grounding Compatibility of analog signals for Electronic Industrial Process Instruments Programmable Electronic System (PES) for use in Safety Applications when available Quality Management and Quality Assurance Standards Magnetic Field (Radiated Susceptibility) IEC 801X
PDVSA
Men Principal
AUG.94
Page
Indice norma
MIL HDBK 472 NEMA NFPA 75 TUV Rheinland Class 5 DIN VDE 0110 DIN VDE 0113 DIN VDE 0116/10.89 DIN VDE 0160/04.89
Maintainability prediction Protection of Electronic Equipment Safety Equipment Certification as it relates to:
Electrical Equipment of Furnaces Electronic Equipment to be used in Electrical Power Installations and their assembly into Electrical Power Installations
DIN VDE 0165 DIN VDE 0170 DIN VDE 0470 DIN VDE 0801/01.90 DIN VDE 0804 DIN VDE 19250/01.89 ISBN3885853159
Principles for Computers in Safety Related Systems Fundamental Safety Aspects to be Considered for Measurement and Control Protective Equipment Microcomputers in Safety Techniques (TUVHandbook). An aid to orientation for developer and manufacturer.
3 4
DEFINITIONS
All definitions are listed in Specification K300.
GENERAL REQUIREMENTS
4.1 System
The PLC system shall consist of a central termination unit which gathers all the various inputs from the process plant, a central processor system consisting of one or more microprocessors which give output signals whenever any of the inputs reaches a predetermined unsafe level and via displays aid the plant operator supervise all process operations linked to the system.
PDVSA
Men Principal
AUG.94
Page
Indice norma
This specification details the generic requirements of a PLC system. The actual process plant details supervised by the PLC system are given in an annex containing: S Process control diagrams S Details of measurement and control functions S Loop diagrams S Instrument schedule S Block diagram of system S Power supply S Grounding system All systems that utilise only one microprocessor is subject to PDVSA approval.
4.2
Design
The design shall be modular, with latest field proven hardware and software, process input/output devices, microprocessors, signal conditioning equipment and engineering/maintenance facilities in order to perform online reconfiguration and to test all system components with online diagnostics. The system software and hardware shall be updatable with new equipment.
4.3
Modification Capability
The PLC shall allow the inclusion and/or removal of additional control units or devices or printed circuit boards (PCB) without causing process upset and/or removal equipment shutdown. The control loops, displays, sequences, etc., shall be easily modifiable, save the rewiring necessary to accept additional process inputs/outputs. These capabilities shall be achievable with the PLC online.
4.4
Availability
The PLC shall possess high integrity and fault tolerance so that no single failure of any component or device shall cause the loss of operability of more than one loop. Any system failure shall be to a failsafe state. This includes all module removal and cable faults.
PDVSA
Men Principal
AUG.94
Page
Indice norma
The PLC shall be designed for maximum availability, safety, and integrity of 99% in both failsafe and fail danger modes where availibility is defined as: Mean Time to Failure (MTTF) MTTF ) Mean Time To Repair (MTTR)
Availability % +
(100)
This availability shall be based on MARKOV configuration diagrams and those of MTBF and MTTR of the equipments. Data for failure rates shall be derived from MIL HDBK 217E wherever possible. Calculations shall be based on the ISA SP84 committee recommendations, when they become available.
4.5
Communications
Communications between the PLC and other equipment shall be via a digital communication link system. The communications system shall have automatic selfchecking facilities and include a fully redundant second link, that is automatically switched into service on failure of the primary operating link. Reset back to primary operation link shall be manual via key switch or password entry.
4.6
System Capacity
The PLC shall cover the project requirement and have minimum 30 percent spare rack space, 30 percent on installed I/O, conversion, controller and multiplexer capacity, and 30 percent on area space in the Equipment room.
4.7
Port Connections
The PLC shall have port connections to link with standalone controllers, supervisory and optimization computers and interface with protocols like MAP, Ethernet, MODBUS, Allen Bradley, Data Hiway, Tiway, Genus, etc. This shall include the simultaneous transmition and reception of information from these equipments.
4.8
Protection
The system shall be protected against errors and hardware damage resulting from electrical transients on power or signal wiring generated by switching large electrical loads, by power line faults, lightning strikes and lightning induced surges on power or signal cables in accordance with IEEE 4721974. All components of the PLC shall be immune to Electromagnetic Radiation and Radio Frequency Interference such as generated by hand held walkietalkie sets in accordance with IEC 8011 to 3.
4.9
Assembly
The system shall be factory assembled and wired, complete with all necessary devices ready for onsite installation, the latter consisting of placing the
PDVSA
Men Principal
AUG.94
Page
Indice norma
equipments in position, connection of power supply/inputs/outputs wiring and communication cables.
4.10
ESD System
The PLC system for emergency shut down (ESD) system shall be in accordance with PDVSA Specification K336.
HARDWARE
5.1 General
The process input/output equipment shall be designed to ensure data acquisition, regulatory control and sequential control functions are performed in an integrated manner utilizing common equipment such that a process signal is terminated no more than one time regardless of its numerous uses within the PLC. Input and output signals identified as critical in annex shall have 100% backup from the input termination assemblies, through all I/O processing (including all internal busses), the controller and back to the output assembly. Separate processors are required for process network communications, communication with process I/O modules and for control processing. In addition, each process I/O module shall have its own microprocessor and shall perform functions such as alarming, signal characterization, engineering unit conversion and output readback checking. Control processing shall occur at a guaranteed interval and shall be decoupled from fetching of process I/O data and peertopeer communications. Each controller shall be configurable to allow an optimum mix of point types for a particular application. This mix not only applies to I/O signal processing, but to the controller s configuration of regulatory control, regulatory PV, logic, digital composite and process module points. Memory management within the controller shall be automatic. If memory is required, the controller shall allocate and manage it. Process input/output cabinets shall accept dual 24 VDC input power sources. DC power supplies within the cabinets shall be redundant and faulty power supply unit replaceable online. DC power supplies shall have an LED indicator and an alarm contact for each of the following conditions: S Loss of DC power S Improper charging to battery backup S Ground fault Digital Communication Transmitter Interface The process I/O subsystem shall have a fully tested interface to communicate with microprocessor based transmitters. This interface shall utilize an alldigital
PDVSA
Men Principal
AUG.94
Page
Indice norma
protocol to obtain maximum accuracy from signal source to PLC and shall, from the operators console, be able to configure, rerange, determine transmiter status and load the transmitter date base. The interface shall also determine if the transmitter data base has been changed from a source other than the operator and warn the operator. MODULES The system shall provide continuous monitoring of analog and digital (contact) inputs signals at a fast scan and processing speeds. The following common functions shall be performed: S Signal isolation S Signal conditioning S Surge protection (IEEE 4721974) Processors Each processor module shall consist of a microprocessor, memory, math coprocessor, and necessary communication processors. The processor shall be mechanically and electrically isolated. They shall retain memory in the event of a power failure or internal malfunction for a minimum of six months. Battery backed up RAM shall be capable of retaining the application program in memory for a minimum of 6 months after power loss. The memory shall be sufficient for the initial configuration plus 100% excess for future expansion. A real time clock with a 10 msec resolution shall be available for time dependent functions such as rate calculations. The PLC shall be capable of scanning and updating the I/O and executing userdefined logic a minimum of 4 times per second. I/O general Each module type shall have unique mechanical and electronic keying. Keying shall prevent physical insertion and online activation of a module in a wrong location. The module type identifier shall be automatically recognized by the operating system and fault diagnostics required in Paragraph 6.4. Input/Output shall also have individual load/fuse status indication. Thermocouple inputs shall have built in automatic cold junction compensation and linearization. A single module shall accommodate all types of thermocouples. All inputs and outputs shall meet the following minimal requirements on conversion accuracies: Analog to digital conversion Resolution 14 bits Digital to analog conversion Resolution 12 bits
PDVSA
Men Principal
AUG.94
Page
10
Indice norma
Linearity + 1 bit (LSB) Repeatability + 1/2 bit (LSB) Accuracy + 0.1% full scale Input modules
Linearity + 1 bit (LSB) Repeatability + 1/2 bit (LSB) Accuracy + 0.25% full scale
The system shall accept following input signals directly from field: S Digital: Dry contact rated for 24 volts DC with any interposing relay mounted in a separate cabinet. S S S S S S Analog: 420mA, 15 VDC or 0100 mVDC signals from 2 wire transmitters Automatic self calibration Normal mode rejection ratio of 15 db or better at 60 Hz Common mode rejection ratio of 80 db or better, from 0 to 100 KHz Sampling rate 15 milliseconds maximum per channel Thermocouples, ANSI standard types J, K, E, T, B, S, R, RTD (3 wire) 10 ohm Copper, 100 ohm Platinum, 120 ohm Nickel. S RTD inputs shall have 12 bit minimum analog to digital conversion. S Pulse Inputs at rates up to 20 kHz. Each input shall be filtered, converted to engineering units and the data validity checked. These inputs shall be optically isolated and current limited to protect against inadvertent damage. They shall be configurable as status, latched inputs or accumulator inputs. The functions performed on the respectively configured inputs shall include: Status Input S Direct or reverse sense S Alarming of offnormal state S Alarm delay (must be exceeded before realarming) Latches input S Direct or reverse sense S Change of status reporting S Hold of offtoon transition for 1.5 seconds
PDVSA
Men Principal
AUG.94
Page
11
Indice norma
Accumulator Input S Direct or reverse sense S 16 bit accumulator, up to 25 PPS S Up or Down direction counting. Where inputs have 2 independent sensors for 100% backup or 3 independent sensors for 2 out of 3 voting as defined by the logic diagrams, the diagnostics shall be included in the application program. Digital input signals shall be conditioned by a lowpass filter up to 15 ms. Each individual input signal path on the input module shall be automatically tested for proper operation at least every 10 minutes. Output modules The system shall provide output signals to transducers, solenoid valves, alarm annunciators and DCS interface I/O. Analog: 420 mA signals Output characteristics: S Direct or reverse operation S S S S S S S S D/A per output Power regulator per output Software calibration Loopback output 5 segment output characterization Default options upon failure Hold Got to zero occurrence.
Each digital (contact) output shall have the following characteristics: S Mechanical relay dry contact rated for 24 volts DC, 2A with any interposing relay mounted in a separate cabinet S Individual fuse with blown fuse indication S Individual contact suppression Configurable as: Momentary (10 ms 1 min.) Latched Pulsewidth modulated (1 s to 120 s on time) S Individually definable default state S Output readback verification Output modules shall fail to the safe state upon microprocessor failure. Digital outputs shall be current rated for an inductive load with a minimum of 1 A per point at 60C. Modules shall be rated for full load at maximum specific conditions.
PDVSA
Men Principal
AUG.94
Page
12
Indice norma
Digital output modules shall operate properly with a 10% voltage variation. The module shall detect and alarm open or shorted field circuits as well as power monitoring. If any energize to trip signals are specified in annex, load monitoring shall be required.
5.2
Cabinets
S All equipment shall be mounted in standard cabinets suitable for a safe environment, with a minimum IEC 529 IP 51 certification. The cabinet interior finish shall be white and fitted with a fluorescent light inside. S Any part of the PLC equipment located outside air conditioned rooms shall meet IEC standards to comply with the area classification and any specified corrosive atmospheres (marine, ammonia, chlorine, hydrogen sulphide, etc...) complete with inert gas purge. S Cabinets shall be freestanding, completed assembled, wired in accordance with PDVSA Specification K330 and designed to operate between 060C and 5 to 95% noncondensing ambient conditions. S Cabinets shall be fully enclosed with doors in front and rear as required. S Adequate ventilation shall be provided to keep the temperatures within design specifications and an over temperature alarm shall trip when the temperature is greater than 45C. S The equipments, electronic circuitry and wiring shall be arranged to facilitate good access and perform maintenance safely. S Engraved nameplates shall be provided for each cabinet, peripherals, and, subsystems such as controllers, multiplexers, communication devices, etc. Legends shall be approved by PDVSA. S The system wiring shall meet the MILSTD461C Part 4 per MILSTD462: For conducted susceptibility S Method CS01, power leads S Method CS02, power leads S Method CS06, power leads, spikes For radiated susceptibility S Method RS01, magnetic field S Method RS02, induced magnetic field S Method RS03, electric field. S Termination assemblies shall be mounted within the cabinets. All interconnecting cables shall be tagged at both ends using shrink sleeve type markers or equivalent.
PDVSA
Men Principal
AUG.94
Page
13
Indice norma
Wiring All wiring and terminals shall be segregated according to type of signal as follows: Analog Digital Thermocouple Frequency Standard, 24 volts D.C. Intrinsically safe Standard, 24 volts D.C. Intrinsically safe Standard, 24 volts D.C. Intrinsically safe
Terminal blocks for input and output signals shall be nonhygroscopic. Terminals shall be tinned and clearly identified. The size of terminal block shall be consistent with the wire size, viz # 18 AWG. Analog wiring shall be shielded cable of twisted pairs. All wiring shall be stranded copper except for themocouple where it should match the T/C type. The terminals for T/C shall match the specified thermocouple wire. Color coding for wiring shall be as follows: 110 VAC Hot Neutral Ground 24 VDC Positive Negative Ground Red Black Green Black White Green
5.3
Redundancy
Equipment to be backed up shall be as follows: S Backup of power supply cards to CPUs and I/O cards (1:1 backup). S Backup of internalbus between CPU and Input/Output (1:1 backup).
PDVSA
Men Principal
AUG.94
Page
14
Indice norma
5.4
Power Supply
All equipment shall comply with the latest IEC, IEEE, EIA, NEMA, ISA, NEC, UL, FM, CSA or COVENIN standards. The equipment shall operate on 24 volts. D.C. All flourescent lights and socket outlets shall operate on 110 volts, 60 Hz., A.C. S Each power user (consoles, controllers, I/O devices, etc.) shall have a separate circuit breaker with its own fuse. S The PLC shall supply 24 VDC power to electronic transmitters or other external devices requiring electrical power. Each process I/O device shall be provided with self regulatory capability to assure proper power levels. S Independent redundant power supplies shall be used for controllers, process I/O subsystems and communication devices (including interfaces), such that any individual power supply unit failure does not have any effect on the operation of the installed PLC equipment and also without the need to switch to battery back up facility.
5.5
Grounding System
The grounding system for metallic enclosures and electronic circuits shall be separate and designed for connection to the main grounding System of the plant. The grounding system shall have a maximum resistance of I OHM. See PDVSA Specification N201 and IEEE 1100.
5.6
Radio Frequency Interference (RFI)

S Equipment shall have RFI protection against hardware damage and system error. Error caused by RFI shall not exceed 0.1 percent of span for exposure to a field strength of 10 volts/meter over the frequency range of 101000 MHz. S Minimum clearances and shielding shall be maintained between data communication link and power cabling, transformers, motors, etc. The design shall maintain minimum separation distance between process interface equipment, process, controllers, remote multiplexers and electrical substation equipment to protect the PLC from power system noise. S The plant radio transmitter/receiver station shall be installed in a separate cabinet, remote from the PLC equipment.
5.7
System Hardware Testing shall Cover the Following Areas

S S S S S Continuity check of crossboard and interconnecting cables AC and DC power checks Proper operation of backup devices Diagnostic checks of all devices Proper operation of communication network
PDVSA
Men Principal
AUG.94
Page
15
Indice norma
SOFTWARE
6.1 Control Strategy Integrity
The security of the PLC shall be ensured by providing the internal security and failure protection circuitry such that any single component or subsystem failure shall not cause interruption or loss of more than one control or sequence output. The PLC shall include extensive internal self checks and status indicators so that no external diagnostics are required to determine operational status. The system shall function with minimum maintenance and designed so that servicing can be performed with process units online with no control degradation.
6.2
Controllers
The control device shall be microprocessor based with multiple processor architecture providing continuous control for analog loops, sequencing, and logical operations for discrete signals. The algorithms shall be contained in functional control builtin block, which shall be configurable and connectable to implement the desired control strategies. All cascaded or interconnected loops shall reside in the same controller. No interwiring between controllers is allowed. Controller Communications Controllers shall be capable of peertopeer communications with other controllers across nodes to accomodate interactive control strategies without the necessity of hardwiring. The data types (discrete, integer, floating point, etc.) that can be communicated between control devices shall not be restricted. All process connected devices shall interface with process signals via signal conditioning (including filtering), linearization and scaling as needed. Redundancy (only for PLCs with more than one microprocessor) The control system architecture shall provide continuous uninterrupted control in the event of any single failure in the controller, including: S Control and communication CPUs S S S S Memory I/O and Network communications Power Peertopeer communications between controllers.
The fault detection and exclusion of the faulty processor shall be automatic and provide for continuation of full automatic and bumpless control without operator intervention.
PDVSA
Men Principal
AUG.94
Page
16
Indice norma
The backup scheme shall ensure that only error free memory transfer are made to the backup controller and that they accurately reflect the state of the failed controller prior to occurrence of the failure The backup scheme shall cover both configurable and programmable control functions without the need of using special configuration or programming step. 6.2.1 Algorithms S Control algorithms shall be cyclically executable, at least, twice per second. Lower or higher scan execution rates shall be available to suit specific process application needs. Algorithms shall allow bumpless transfer from manual to automatic, cascade or programmable control and viceversa. Algorithms shall be nonsaturating to prevent reset windup. S Control algorithms shall allow online changing of its tuning constants and parameters, setpoints, outputs and operation modes through the available control language for the control device in order to allow advanced control. S Algorithms shall include but not be limited to: Flow compensation Alarming Accumulation Logic Lead/Lag Dead time Switch double pole, double throw Signal selector (Hi, Low, Medium, Avg.) Characterizer Ramp and Soak Timer Free format calculation or program (up to 40 character expression) The controller device shall maintain a current data base image for each primary controller by receiving data base changes every 500 msec at least. The controller configuration shall be downloaded or uploaded from the shared database through the communication link via an external device.
PDVSA
Men Principal
AUG.94
Page
17
Indice norma
6.2.2
Regulatory control Regulatory control points shall be configured via predefined and userdefined algorithms to execute the required control strategies. The algorithms selectable to manipulate regulatory control points shall be: S PID S PID with feedforward S PID with external reset feedback S Position Proportion S Ratio Control Fixed, Auto Ratio, Auto Bias S ramp Soak S auto/Manual Station S Switch S Override Selector S Nonlinear gain S Adaptive control S Selftuning Functions supported automatically for regulatory points shall be: S PV source selection S Mode Manual, Auto Cascade, Backup Cascade S Mode Attribute Operator, Program S Remote Cascade S Remote Request S Remote Shed S Reset windup Protection S Override Propagation S Target Value Processing
6.2.3
Sequential control Sequential control points shall be configurable via CRT templates to execute the required sequential control functions thourgh a versatile mix of algorithms available for use in logic points. The logic points shall have the following capability: S Up to twelve (12) input connections S Up to twelve (12) Output connections S Up to sixteen (16) logic blocks
PDVSA
Men Principal
AUG.94
Page
18
Indice norma
Each logic block shall have access to and be capable of executing the following algorithms: S Logic (AND, OR, NOT, NAND, NOR, XOR) S Compare Real (EQUAL, NOT EQUAL, GREATER THAN, GREATER THAN OR EQUAL TO, LESS THAN, LESS THAN OR EQUAL TO) S Delay, on Delay, off Delay S Pulse (Fixed, Max time, Min Time) S Watchdog timer S FlipFlop S Check for bad input S Switch Logic points shall have the capability to link parameters without output destinations, e.g., calculated PV value, to parameters without input sources, e.g., controller gain. The sequential control functions shall also accommodate two types of interlocks, permissive and overrides. The permissive shall provide an allow function to the operator or program to command a specific output state. The override shall force a specific output state without operator or program intervention. 6.2.4 Ladder Logic Control e. f. g. h. i. j. Logic control using familiar ladder logic Offline or online ladder development and emulation Online viewing of ladder diagrams and the ability to perform dynamic debugging Ability to manually set sensor variables for ladder diagram checkout Ability to provide hardcopy documentation of all ladder diagrams The ability to suppress the operation of a ladder diagram if any process variable within the ladder diagram is tagged or placed offline.
The types of operations allowed in ladder diagrams shall include: a. b. c. d. Derived points, i.e., software generated inputs Contacts that may represent either digital or analog values Ability to treat analog values as digital through the use of deadbands And or logic functions
PDVSA
Men Principal
AUG.94
Page
19
Indice norma
e. f. g. h. i. 6.2.5
Change an up down level status transitional digital value. Arithmetic functions (add, subtract, multiply, and divide) Time delay relays, i.e., timers that become true when expired Up and down counters, and Go to function (to bypass portions of ladder diagrams).
Configuration of controller and sequences The configuration of the PLC with the required functions shall be done using an interactive technique. All configurations shall be kept in memory or in suitable magnetic or optical storage in the event of power failure. It shall be possible to load a previously configured control or sequence scheme over the communication link from a host computer. It shall have facilities to update or modify loop configuration in complex control algorithms without disturbing the normal operation of other loops in the controller. The network configuration shall be modifiable with the entire system online to add a node or add new software to an existing node, etc.
6.3
6.3.1
Programmable Devices
Free programmable computing devices, working on engineering language, (e.g. C, Basic, Fortran) or highlevel Manufacturer languages, shall be available on the PLC. The mainmachine interface described in paragraph 7 shall create, develop and edit the program.
6.3.2
6.4
System Software Test

The PLC shall include automatic online diagnostic facilities to test all hardware and software system components such that all permanent and transient faults are identified, alarmed and reported.
PDVSA
Men Principal
AUG.94
Page
20
Indice norma
All testing described shall be performed automatically online and without disturbing the process or reducing the reliability of the PLC system. The diagnostics described above shall be built into the operating system of the PLC hardware. These diagnostic routines shall be validated by a third party agency such as TUV Rheinland. Diagnostics shall be capable of identifying, locating and reporting the following faults as a minimum: S Scan failure of main or I/O processors S S S S S S S S S S Memory Faults, both PROM and SRAM Microprocessor faults Communications faults I/O interface or addressing faults Application program and hardware layout consistency I/O module faults Voted signal discrepancy on inputs and outputs Voted discrepancy on calculated values within application program Load power or fuse faults on field circuits Power supply faults including battery backup monitoring and output voltage verification S Over temperature conditions. I/O module diagnostics shall be able to detect and alarm I/O point faults of the following types: S stuckon short circuited failure of a discrete input or output S stuckoff open circuit failure of a discrete output. Status indicators shall be provided to indicate normal operation or fault conditions on each replaceable module. In addition, each fault shall initiate an internal fault flag and hard alarm contact for communication to Central Control Room. Fault information shall be available and displayed for the maintenance staff in a manner that enables fault diagnosis to a module level. S Device Failures: The system shall continuously monitor the status of all system devices, components and communications (both main and backup) for failure. Upon failure it shall initiate a class 1 alarm at the operator station to allow the operator to easily identify the failed device. S Data Transmission Errors: The system shall continuously monitor for errors in digital data transmission between any two system devices. The system shall log and notify the operator when an error is detected.
PDVSA
Men Principal
AUG.94
Page
21
Indice norma
CONFIGURATION MAN MACHINE INTERFACE

The PLC shall be designed ergonomically to enable the operator supervise all plant operations and make the decisions to ensure safe operating conditions. It shall contain auxiliaries such as manmachine terminal interface or portable programmer for online system test, maintenance and modification facilities. The station shall normally be on viewonly mode, but it shall be capable of performing control and operational tasks, as required by normal plant operation via special keylock or password function. The displays and auxiliaries shall form part of the PLC system itself or could be part of any Distributed control/scada system installed in the process plant. The number of CRTS/printers/hand held programmers shall be subject to PDVSA approval. PLC Configuration The system configuration as detailed in paragraph 6.2.5 shall be done by fill in the blank type fields. 7.1 Load Media S Each disk system shall store the entire PLC configuration through optical discs, cartridges or similar devices. Additional disc drivers shall be provided as required for historical trend recording or other functions. S Disk systems, shall be fast loading tape cartridges or optical disks, high density, high speed device, not required for use during normal operation. Once the initial system software is loaded into the system, it shall not be necessary to use cartridge discs to restore a failed node. A copy of the nodes files shall be loadable from online bulk memory.
7.2
Data Base
Data Points The man machine interface shall be able to remove or add new data points, modify existing data points and install the points in any applicable node, without removing that node from service or affecting any existing points in the system. The system shall determine and advise if a proposed new point ID is already in use in the system. Multiple Load The system shall load/install multiple data points from the load media to any applicable node on line, without affecting that node.
7.3
Configuration Recovery
The system shall permit to recover the configuration of a node, its data base and store it in mass storage or the removable media (optical disc or cartridge) for later reloading.
PDVSA
Men Principal
AUG.94
Page
22
Indice norma
7.4
Utilities
The system shall include the utilities, files and management tools necessary to format the load media, copy floppies (or cartridges), copy files from one source to another, delete files, list the directories of files, and view or print the data within a file. The system shall also include text edit features similar to a word processor.
7.5
System Documentation Tool

The system documentation tools shall effectively manage changes in the PLC environment. This function can query the entire operating database for entities and selected parameter values online. These queries shall be saved and the result output to the screen, a file on a bulk storage device or to a printer. A data file utility shall be provided that can create, display and manipulate files consisting of named fields of data. The following functions shall be provided: Set up tabular text files composed of records of named fields Create and update documentation files. These files include fields that can be updated on command by the system and can contain location information, parameter values and programs using specific tagname. Sort and filter files by field Output results to a file or printer
7.6
Documentation
The system shall be complete with all documentation necessary to configure, install, startup, operate and maintain the system. All maintenance documentation shall be oriented to facilitate expedient repair with minimum downtime.
7.7
Self Testing
Each PLC system shall contain following test levels to ensure that the module is performing correctly prior to being placed in operation and to monitor its performance while in operation. a. The first level shall be the Startup Tests. These tests shall reside in ROM and shall be automatically executed following poweron or restart of the module. They shall verify the correct operation of the basic logic on each PCB in the module. Failures shall be indicated by means of LED(s) on each PCB and on the display. b. The second level shall be the Quality Logic Tests. These tests shall be automatically loaded and executed after the startup test a. These tests shall verify the correct operation of the module hardware and qualify it for loading its onprocess software. Failure shall be indicated on the display. c. The third level of testing shall be OnProcess Tests. These tests shall be parts of the onprocess software of each module and shall be executed periodically whether a module is primary or backup. A recoverable error shall be error
PDVSA
Men Principal
AUG.94
Page
23
Indice norma
message report for analysis by maintenance personnel. A nonrecoverable error shall cause the module to be shutdown, recorded in the system error message and indicated to the operator. A printed error history shall be available to be returned to factory with the failed PCB/module. d. The fourth and most extensive level of testing shall be the OffProcess Tests. These tests shall be loaded by maintenance personnel when automatic tests (levels a, b, c) cannot resolve a problem. These tests shall have the following functions: S Display the system error event record S Display the hardware and software revision status of all modules on the network S Display a snapshot of the system status, including all nodes, modules, boxes, etc. S Display the contents of memory of any node, module, box, etc. S link the system to supplier s technical assistance center. e. Node Isolation The man machine interface shall be able to isolate the node from the system and perform detailed offline diagnostics to test the nodes, microprocessor(s), memory, and communications.
NETWORKS
8.1 Functional Requirements
The communications network shall support a variable length message protocol allowing any node in the network to have continuous access to other devices with a common interface link to all of them. The communications subsystem shall support online expandability through modularized components. It shall be capable of providing extended communications up to 300 metres without the use of repeaters. It shall have access to data from any and all controllers, DCSs and I/O devices connected to the communications link. Communications throughput shall be sufficient to ensure that operator consoles are updated, at least, once every 4 secs. to reflect process parameters and status changes from the field devices. All components of the communications cable system shall be leadsheathed and armoured, suitable for direct burial. Communications to the system network shall be high speed, secure, redundant and based on the International Standard Organization sevenlayer Open System Interconnect model. While this model is not fully defined at present, process
PDVSA
Men Principal
AUG.94
Page
24
Indice norma
input/output system shall currently be compatible with Real TimeMAP as defined by ISA committee SP72, which incorporates three layers. This communications channel shall be reported, and, if required, the cables will be switched. Operation of the process shall not be affected by this switching.
8.2
Communications
The system shall include a fully tested highspeed network to control all communications between consoles, nodes, etc. It shall: a. b. c. d. e. f. be redundantly cabled be equipped with independent transmitter and receivers for each cable have twisted pair or coax or fiber optic options switch periodically between the primary and backup link/cable without disrupting operations, to ensure that each link is healthy. notify the operator of any failure and remain on the good link contain no mechanical relays at any point.
8.3
Security Network Requirements

S incorporate logical addressing to allow efficient transmission to redundant nodes, with both the primary and backup modules database updated simultaneously S include a 16 bit polynominal Cyclic Redundancy Check (CRC) checksum verification on every frame S include message length checks S employ antijabber circuitry S expect no more than one undetected error in 1000 years of operation. S Automatic retransmission in the event of error. S Continuous checking of redundant link. S Switchover to alternate link or cable on failure shall be automatic without disrupting the system operation. S The system shall allow connection and disconnection of devices to/from the link without disrupting any other connected, devices or peripherals. S Builtin cable fault isolation. S System level fault diagnosis. S Lightning protection.
8.4
Time Synchronization
Time Synchronization shall ensure strict coordination between modules. A clock synchronization pulse shall be transmitted to all network modules at least every
PDVSA
Men Principal
AUG.94
Page
25
Indice norma
one hundred (100) milliseconds. In addition, actual real time data shall be transmitted to each module at least every fifty (50) milliseconds. Drifting of actual real time shall be no more than three (3) seconds (.0035%) per day (24 hour period).
8.5
Node Software
Node Software shall be layered and modular. The Software environment layer shall provide the application software with a set of software services common to all modules/nodes and a uniform interface, regardless of the type of module/node. Each module/node shall contain the same real time operating system which schedules all tasks and communications. The base applications software layer shall define and execute the basic functions of a particular personality for a module/node.
8.6
Remote Networks Integration

The system network shall communicate through a Plant Network with remote system networks without duplication of the point database. The following functions shall be supported: S Any node of the system network can read/write any point parameter in remote system network data. S The remote tagnames can be included in the system or in computing environments S The system can transfer files from and to remote network S Cascade Control between the PLC and the remote system can be achieved.
8.7
Security Access
Each system network shall be configured with the security access permitted to remote system networks. Every point parameter information and file transfer request shall be checked for proper authorization per security configuration. S Read only access S Read and Write access and S No access
SYSTEM TUNING
9.1 Proportional Control Loops
The system shall include facilities for tuning of linear control loops based on universal methods developed by GREG SHINSKEY et al and for nonlinear loops as detailed below.
PDVSA
Men Principal
AUG.94
Page
26
Indice norma
The method detailed in I.S.A.INTECH JOURNAL, AUGUST 1993 issue consists of a relay which gives a step to the controller output alternately in opposite directions when the measurement crosses the set point. The discrete switching causes the loop to oscillate at its ultimate period Tu and the ratio of the relay amplitude d to the measurement amplitude a defines the ultimate gain of the controller. The magnitude of the step shall be sufficient to obtain a curve which permits legible readings of a and d.
RELAY
TUNING RULES SP TRANSFER FUNCTION CONTROLLER TRANSFER FUNCTION PROCESS PV
Fig 1. SELFOSCILLATION PRINCIPLE
PDVSA
Men Principal
AUG.94
Page
27
Indice norma
RELAY OUTPUT CONTR. OUTPUT
MEASUREMENT
INITIALIZATION
TUNING PERIOD TU TIME
Fig 2. PLOT OF RELAY OUTPUT AND PROCESS OUTPUT DURING TUNING.
PDVSA
Men Principal
AUG.94
Page
28
Indice norma
The intelligent tuner as detailed in Fig. 3 shall be incorporated into the system.
REMOTE I/O
CONTROL LOOP 2 IS SELECTED FOR TUNING RTM/1 INTELLIGENT TUNER
CONTROLLER DATA BASE
CONTROL LOOP 1
CONTROL LOOP 2
CONTROL LOOP n
Fig 3. INTELLIGENT TUNER IMPLEMENTED INTO CONTROLLER
PDVSA
Men Principal
AUG.94
Page
29
Indice norma
The processor rejecting values of a and Tu not measurable and automatically increasing controller output in steps of 1% upto a maximum of 10%. See Fig. 4.
5. ENG. APPROVAL COMPUTATION COMPLETED
ACCESS TO LOOP IS CORRECT ACCEPT OR REJECT REJECT

1. LOOP IDENTIFICATION
2. SETUP
CONFIRM SETUP & START
REJECT
REJECT
REDESIGN OR MODIFY 4. COMPUTATION ACTIVE TUNING COMPLETE 3. INITIATE TUNING
Fig 4. DIAGRAM OF MODEL PROGRAM.
PDVSA
Men Principal
AUG.94
Page
30
Indice norma
9.2
Discrete OnOff Control Loops

The discrete action output signal shall ensure that the speed of the action of the valve is adequate to ensure that there are no sudden surges or depressurization effects in the process. In the event a number of valves are opened or closed simultaneously the order in which the valves operate shall be carefully evaluated in order to ensure a controlled shutdown or startup of the plant or equipment.
10 SPECIFICATION FORM
FORM No. 20.2x TITLE Programmable logic controllers
The form is included at the end of this specification.
11 INSTALLATION AND COMMISSIONING

All installation and commissioning shall be in accordance with project drawings and specifications.
12 Q.A. / Q.C.
All items shall conform with with procedures detailed in Specification K369.

K 360

Hochgeladen von

Dokumentinformationen

Originalbeschreibung:

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

K 360

Hochgeladen von

Copyright:

Verfügbare Formate

PDVSA

ENGINEERING DESIGN MANUAL

PROGRAMMABLE LOGIC CONTROLLERS

APPD.BY Eliecr Jimnez

AUG. 94 APPD.BY Alejandro Newski

PDVSA K360 REVISION DATE

PROGRAMMABLE LOGIC CONTROLLERS

7 CONFIGURATION MAN MACHINE INTERFACE . . . . . . . . . . . . .

PDVSA K360 REVISION DATE

PROGRAMMABLE LOGIC CONTROLLERS

10 SPECIFICATION FORM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 INSTALLATION AND COMMISSIONING . . . . . . . . . . . . . . . . . . . . . . 12 Q.A. / Q.C. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

PDVSA K360 REVISION DATE

PROGRAMMABLE LOGIC CONTROLLERS

PDVSA K360 REVISION DATE

PROGRAMMABLE LOGIC CONTROLLERS

CODES, STANDARDS AND PRACTICES

PDVSA K360 REVISION DATE

PROGRAMMABLE LOGIC CONTROLLERS

PDVSA K360 REVISION DATE

PROGRAMMABLE LOGIC CONTROLLERS

PDVSA K360 REVISION DATE

PROGRAMMABLE LOGIC CONTROLLERS

PDVSA K360 REVISION DATE

PROGRAMMABLE LOGIC CONTROLLERS

equipments in position, connection of power supply/inputs/outputs wiring and communication cables.

PDVSA K360 REVISION DATE

PROGRAMMABLE LOGIC CONTROLLERS

PDVSA K360 REVISION DATE

PROGRAMMABLE LOGIC CONTROLLERS

PDVSA K360 REVISION DATE

PROGRAMMABLE LOGIC CONTROLLERS

PDVSA K360 REVISION DATE

PROGRAMMABLE LOGIC CONTROLLERS

PDVSA K360 REVISION DATE

PROGRAMMABLE LOGIC CONTROLLERS

PDVSA K360 REVISION DATE

PROGRAMMABLE LOGIC CONTROLLERS

Radio Frequency Interference (RFI)

System Hardware Testing shall Cover the Following Areas

PDVSA K360 REVISION DATE

PROGRAMMABLE LOGIC CONTROLLERS

PDVSA K360 REVISION DATE

PROGRAMMABLE LOGIC CONTROLLERS

PDVSA K360 REVISION DATE

PROGRAMMABLE LOGIC CONTROLLERS

PDVSA K360 REVISION DATE

PROGRAMMABLE LOGIC CONTROLLERS

PDVSA K360 REVISION DATE

PROGRAMMABLE LOGIC CONTROLLERS

System Software Test

PDVSA K360 REVISION DATE

PROGRAMMABLE LOGIC CONTROLLERS

PDVSA K360 REVISION DATE

PROGRAMMABLE LOGIC CONTROLLERS

CONFIGURATION MAN MACHINE INTERFACE

PDVSA K360 REVISION DATE

PROGRAMMABLE LOGIC CONTROLLERS

System Documentation Tool

PDVSA K360 REVISION DATE

PROGRAMMABLE LOGIC CONTROLLERS

PDVSA K360 REVISION DATE

PROGRAMMABLE LOGIC CONTROLLERS