CHAPTER-1 : SYSTEM DESIGN BASIS

Objectives of Interlock system Pre-requisites & Challenges faced by Interlock designers Methods of System Design Specification Possible Communication Gaps & Prevention

INTRODUCTION
The Interlock system in a Plant or Equipment is governed by Process Criticality & Automation requirement. The Objective Functions of an interlock system can be one or more of the following: PERMISSIVES: Start-Up of a system in a safe, sequential way. TRIPS: Shut-Down of a system for Pre-determined system abnormalities or by Operator decision in a safe, sequential way. SEQUENCE: Providing repetitive system functions in sequence. ANNUNCIATION: Providing Information to the operator by driving devices like lamps, hooters/horns, counters, alarm annunciators & other HMI devices. OPERATION: Providing the desired level of Automation in the Operation of system for convenience of Process Management.

DESIGN ENGINEER PRE-REQUISITES

The Design Engineer translates the system requirements to the Interlock system hardware & software specifications & its application. For Design Engineer, Thorough Understanding of the following is essential Process or system operations, requirements, abnormalities and possible damages due to maloperation. Ability &limitations of the individual components (hardware & software) of the Interlock system. The functions that could be achieved through the interlock system as a whole.

CHALLENGES FACED BY DESIGN ENGINEER

Although, the needs of the Operating Personnel are widely varying, In general, it is always possible for the Design Engineer to meet or exceed the requirements & expectations. Most Often, when requirements are not met, it arises on account of human limitations as listed below and not because of inherent limitations in interlock design & hardware availability.

(a) Poor Communication by the Process Engineer: This may arise due to incomplete definition of system requirements / System ambiguously or wrongly defined / missed out functions due to Process engineer not having communicated with Equipment Engineer or assumption that the objective is not achievable. (b) Poor understanding by the control Design Engineer: This may arise due to negligence to understand the requirements in totality / Wrong interpretations or assumptions on the system requirements / Assumption that certain requirements are not achievable due lack of experience or knowledge. (c) Poor Planning and Unsystematic approach: This may arise due to negligence to specify requirements while Procurement of components that are connected to the interlock system eg. Missing out Limit switch requirement or Specifying Wrong Failure position for Shutdown valves, missing out or Specifying Wrong SIL requirement of Transmitters / Valves etc. Points (a) & (b) can be avoided by improving the communication & having more interaction between different Groups. Point (c) can be avoided by adopting a systematic approach.

SYSTEM SPECIFICATION
The role of the Control Design Engineer is to ensure that the Interlock system Designed is true to the system as envisaged by the Process engineer keeping in mind Operators convenience & the problems faced by maintenance engineer. The System design requirements are decided early in the project & communicated through the following Documents which are a Normally part of BDEP (Basic Design Engineering Package) of Plant or Equipment Vendor Documents P&IDs : In most simple cases , the entire Details of the Interlock requirements can be (i) shown in the P&ID

Figure 1a

(ii)

Cause & Effect Matrix: The Cause & effect Matrix is a document which provides the Details of the Interlock Causes & Effects in tabular form. This document has to be viewed in conjunction with interlock details shown in the P&ID.

Figure 1b

(iii)

Control Narrative / Philosophy: For Complex process & equipments, the Control Narrative / Philosophy document is normally provided by the Licensor/Manufacturer which provides the description of the interlock functions & implementation in Clear, Precise & Easy to Understand Language.

Figure 1c

(iv)

Logic Diagrams: For Equipments & Process unit, sometimes the Logic Diagram is provided by Manufacturer/Licensor. When provided, the same should be insisted to be

in line with ISA symbols (ISA S5.2) & thoroughly reviewed by the control Design Engineer to ensure that sufficient level of Clarity is provided.

(v)

Figure 1d I/O List : The I/O List Document provides the I/Os namely AI , DI , DO & AO for the Interlock system which is usually the PLC (Programmable Logic Controller) or DCS (Distributed Control system).

Figure 1e (vi) Alarm & Set point Summary: The Alarm & Set point Summary document provides the set points for Alarms & Trips used in the Interlock system including the Range & Engineering Units. In many cases, this document is combined with I/O summary to provide the information in a single document.

Figure 1f

PREVENTION OF COMMUNICATION GAPS

While the P&Ids are being prepared, the process engineer should discuss with the Control Design engineer to have complete clarity on the scope, representation & objectives. Thorough & comprehensive review of the P&Ids by the Control Design Engineer taking view of complete system requirements. The P&Ids must be subsequently revised by the Process Engineer. Preparation of a write-up on interlock requirements on the P&ID can be jointly done by the Process Engineer (covering process & operation requirement) & Control Design Engineer (covering the system to achieve the goal) The Binary Logic Diagrams should be prepared & this is the surest way to ensure thorough understanding of the Control, safety & Operation objectives. While preparing the Binary Logic Diagrams, whether Positive Logic or Negative Logic is followed should be clearly mentioned to avoid confusion. When multiple Documents define the same interlock function eg. P&ID and Cause & Effect matrix. Consistency across documents should be ensured & thoroughly reviewed. Selection of switch action should be selected on case to case basis & may be contrary to overall philosophy followed. Eg Limit switch contact may be normally open (NO) as a fail safe design. Whereas, Start Signal to Anti Surge Controller may be Normally Closed (NC). Input from Operators can be sought in the initial phase to firm up details of Annunciation & Operation like Hard wired consoles, HMIs etc to avoid Last minute hardware additions/modifications. A Lack of consideration of all Different possibilities of the actual systems working may lead to faulty design. This can be prevented by thorough simulation considering each & every possibility in the Operation Life cycle of the system. This is generally helped by the features provided by Modern day PLC software advances. Simulation checks of this nature should be undertaken during the FAT (Factory acceptance Test) of the Interlock system ie. PLC or DCS.