Control Philosophy PDF

URHOUD-Organisation Ourhoud
PROJECT SPECIFICATION
ORGANISATION OURHOUD
REALISATION DES INSTALLATIONS DE PRODUCTION D’HUILE
OURHOUD, ALGERIE
CT-99-010-040
CONTROL PHILOSOPHY
URHOUD - Organisation Ourhoud
CONTROL PHILOSOPHY
CONTENTS
ABBRIVIATIONS
1.0 INTRODUCTION
1.1 General Description
1.2 Scope
1.3 Environmental Conditions
2.0 OPERATING AND CONTROL PHILOSOPHY

2.1 Introduction
2.2 Central Processing Facility
2.3 Wellheads and Satellite Stations
3.0 INTEGRATED CONTROL SYSTEM

3.1 Introduction
3.2 Design Principles
3.4 Architecture
3.5 Location of ICS Equipment
3.6 Packaged Plant Units
3.7 Power Supplies
4.0 PROCESS CONTROL AND PROCESS SHUTDOWN SYSTEMS

4.1 Functional Requirements
4.2 Technical Requirements
4.3 Communications Sub-System
4.4 Process Shutdown
4.5 Operator Interfaces
5.0 SUPERVISORY CONTROL AND DATA ACQUISITION SYSTEM

5.2 SCADA Software
5.3 Design Philosophy
CONTROL PHILOSOPHY
6.0 EMERGENCY SHUTDOWN SYSTEM

6.1 Introduction
6.2 Levels of Shutdown
6.5 Pushbutton Matrix Panels
6.6 ESD System Sensors and Actuator Devices
7.0 FIRE AND GAS SYSTEM

7.1 Introduction
7.2 System Outline
7.3 Fire Zones
7.4 Risk Evaluation
7.5 F&G Executive Actions
7.6 Pushbutton Matrix Panel
7.7 Mimic Display Panel
8.0 MANAGEMENT INFORMATION SYSTEM

9.0 FIELD INSTRUMENTATION

9.1 General
9.2 Hazardous Area Requirements
9.3 Actuator Operating Medium
10.0 REFERENCE DOCUMENTS

10.1 International Codes and Standards
10.2 Project Documents
APPENDIX 1 ICS DATA HIGHWAY CONNECTION

CONTROL PHILOSOPHY
ABBREVIATIONS
ac alternating current
ALARP As Low As Reasonably Practicable
ANSI American National Standards Institution
API American Petroleum Institute
BOPD Barrels of Oil per Day

BS British Standards
CCR Central Control Room

CD ROM Compact Disc Read Only Memory
CER Central Equipment Room
C&I Control and Instrumentation
CPF Central Processing Facility
CSF Central Storage Facility
CTR Compressor Technical Room
dc direct current
ESD Emergency Shutdown

EWS Engineering Work Station
FAT Factory Acceptance Test

FCI Fluid Controls Institute
FEED Front End Engineering and Design
F&G Fire and Gas
HPU Hydraulic Power Unit

HV High Voltage
HVAC Heating, Ventilation and Air Conditioning
ICS Integrated Control System

IEEE Institute of Electrical and Electronic Engineers
IEC International Electrotechnical Committee
I/O Inputs and Outputs
CONTROL PHILOSOPHY
ABBREVIATIONS (cont’d)
IR Infra Red
IS Intrinsically Safe
ISA Instrument Society of America
ISO International Standards Organisation
km kilometre
LTR Local Technical Room

LED Light Emitting Diode
LEL Lower Explosive Limit
MAC Manual Alarm Callpoint

MCC Motor Control Centre
MIS Management Information System
msec millisecond
no. number
OLE Object Linking and Embedding

OPC OLE for Process Control
OTR Oil Technical Room
PC Personal Computer
PCS Process Control System
PDC Power Distribution Controller
PLC Programmable Logic Controller
PSD Process Shutdown
PSU Power Supply Unit
RTU Remote Terminal Unit
SCADA Supervisory Control and Data Acquisition

SCSSV Surface Controlled Sub-Surface Safety Valve
SI System International
CONTROL PHILOSOPHY
ABBREVIATIONS (cont’d)
SQL Structured Query Language
TMR Triple Modular Redundant
UCP Unit Control Panel

UHF Ultra High Frequency
UPS Uninterruptible Power Supply
Vdc direct current volts

VDU Visual Display Unit
VHF Very High Frequency
WCP Wellhead Control Panel

CONTROL PHILOSOPHY
1. INTRODUCTION
The Ourhoud field is located in Eastern Central Algeria in the Hassi Berkine basin
approximately 320 km South East of Hassi Messaoud and 1200 km South East of Algiers.
The reservoir area is approximately 20 km long by 4 km wide and extends across three
blocks, namely 404, 405 and 406a. The anticipated nominal oil production is 230,000
barrels of oil per day (BOPD) for approximately 8 years and then declines progressively to
20,000 BOPD at year 25 (field design life). Any gas produced will be re-injected.
The Ourhoud Development will consist of : -

 43 oil production wells (Note 1)
 16 water injection wells
 3 gas injection wells
 8 water source wells
 8 utility water wells
 7 satellite stations, each typically collecting production fluids from several oil
wells, and including a multi-phase flow meter, oil, lift gas, injection water and
dilution water manifolds, flare system, satellite substation, etc.
 A Central Processing Facility (CPF) with three separation trains, gas treatment
and compression facilities, oil export pumps, utility systems, various buildings (e.g.
for control rooms, electrical equipment, compressors, emergency generator), etc.
 An Industrial Base attached to the CPF and comprising workshops, warehouses,
offices, security building, guard house, etc.
 instrumentation, control and shutdown systems
 telecommunications systems
 electrical systems
 permanent living camp
 temporary military camp
 roads
 air strip, etc.
Maximum distance between the CPF and a satellite station is approximately 10 km, and the
maximum stand-out distance from satellite station to wellhead is approximately 3 km.
The Client is Organisation Ourhoud.
CONTROL PHILOSOPHY
Note 1 : 27 Production wells flow lines only will be connected to satellites. The design of
plant shall be based on 43 oil wells, but the scope of construction of flow lines
and wells should be based on 27 wells.
1.2 Scope
This Philosophy covers the general requirements for major control and instrumentation
(C&I) systems for the following areas of the Ourhoud Surface Facilities Development : -
 Wellheads
 Satellite stations
 Central Processing Facility (CPF)
 Major plant packages within CPF
 Central Storage Facility (CSF)
1.3 Environmental Conditions
A summary of expected environmental conditions are given in Table 1.1 below.
Table 1.1
Location Sahara Desert
Elevation 225 m
Latitude 31 ºN
Absolute maximum ambient temperature 60 ºC
Absolute minimum ambient temperature -2 ºC
Maximum outside design temperature 55 ºC
Minimum outside design temperature 0 ºC
Controlled inside design temperature (CCR/CER) 24 ± 2 ºC
Controlled inside design temperature (CTR/OTR) 30 ± 2 ºC
Maximum outside design relative humidity 49 %
Minimum outside design relative humidity 15 %
Controlled inside design relative humidity (CCR/CER) 50 ±10 %
Controlled inside design relative humidity (CTR/OTR) Not controlled
Control and Equipment Rooms will be pressurised with double door airlock arrangements
and cable entries sealed by multi-cable transits as necessary. Further details of
environmental conditions are given in the Project Basis of Design and in the Technical
Specification for HVAC Systems.
CONTROL PHILOSOPHY
2. OPERATING AND CONTROL PHILOSOPHY
2.1 Introduction
The primary objective of the control and instrumentation (C&I) systems for the Ourhoud
Surface Facilities Development is to enable the plant to be safely and efficiently operated
with minimal operations staff. The plant operators will rely on the C&I systems to
provide safe, fully integrated, automatic control and monitoring with minimal intervention.
All C&I systems shall be based on the use of proven principles and equipment and,
wherever possible, standard design. Sufficient, but not excessive, information shall be
transmitted to the Central Control Room (CCR) to enable adequate monitoring of process,
safety and ancillary systems from the central location.
The C&I for the Development will consist of a number of integrated sub-systems as listed
below and described in detail later in this document or in other referenced documents : -
 Integrated Control System (ICS) (see Section 3)
 Wellhead and Satellite Station Controls (see Section 2.3)
 Mechanical Package Controls (see Section 2.2.2)
 Field Instrumentation (see Section 9)
Monitoring and control of the Ourhoud production and oil treatment facilities will normally
be from the CCR in the Control Building located at the CPF, using the ICS Operator
Stations (OSs).
Local controls within the CPF shall be minimised, being generally restricted to those
required for maintenance and start-up activities.
Control and monitoring of satellite stations and wellheads is described in Section 2.3.
System configuration shall be referred to V-2171-001-A-301 and developed by ICS

Supplier.
CONTROL PHILOSOPHY
2.2 Central Processing Facility
2.2.1 General Description
The safe management of the CPF will be based on four levels of control : -
 Normal Process Control System which carries out regulatory control of flows,
pressures, temperatures, etc., within pre-defined limits
 Process Shutdown System which carries out low level shutdowns of process
equipment in the event of minor excursions of process variables outside preset
limits
 Emergency Shutdown System which shuts down part or all of the plant in the
event of a more serious process upset condition or a specified Fire or Gas alarm
condition
 Flare and Blowdown System which relieves overpressure from process pipework
or equipment and disposes of the inventory safely.
Apart from C&I facilities incorporated within Package UCPs, process and utility plant at
the CPF will be controlled and monitored directly by the ICS. All of Package UCPs shall
interface with the ICS by serial link, or hard wiring as appropriate.
2.2.2 Package Unit Control Panels
Package UCPs will be used for control of various major items of equipment. The
currently identified UCPs and proposed locations are shown in Table 2.1 below.
Table 2.1
Duty Location
Injection Water Pumps CER
Air Compressor Package CER
Albian/Barremian Water Fine Filter Package CER
Produced Water Treatment Package CER
Inert Gas Generation Package CER
Wellbore Dilution Water Pumps CER
Glycol Regeneration Package CTR
Stripper Overheads Compressors CTR
Recompressors CTR
Booster and Lift Gas Compressors CTR
Injection Gas Compressors CTR
Crude Oil Export Pumps OTR
CONTROL PHILOSOPHY
Duty Location
Emergency Diesel Generator Substation #2
Alternative Wet HP Fuel Gas Heater Substation #2
Start-up Wet Fuel Gas Heater Substation #2
Sewage Treatment Package Located outside beside Packagded Equipment
Air Treatment Package Located outside beside Packagded Equipment
Potable Water Treatment Package Located outside beside Packagded Equipment
Fire Water Pumps Located outside beside Packagded Equipment
2.3 Wellheads and Satellite Stations
2.3.1 General Description
Each wellhead will be provided with a hydraulically operated wellhead control panel
(WCP), which will include facilities for local well start-up. Normal operation of the
wellheads will be from the WCP, using manual isolation valves and local instrumentation.
Shutdown valve command and status signals shall be connected to the CCR ICS utilising a
Remote Terminal Unit (RTU) at the wellhead. The RTU will also incorporate shutdown
facilities for the wellhead.
Control, monitoring and shutdown of satellite stations will generally be from the CCR via a
distributed module (controller node or RTU) of the ICS. Each satellite station will
incorporate production, test and lift gas manifolds, multi-phase flow meter with individual
metering of oil, gas and water, shutdown valves, control valves and local instrumentation.
Each well will typically be tested on a twice monthly basis by routing the selected well to
the multi-phase flow meter using manual valves. Multi-phase flow meter measurements,
(pressures, temperatures and flows), will be sent to the satellite ICS and transmitted to the
CCR.
Lift gas manifolds shall incorporate individual flow control loops for each oil production
wellhead with associated flow controllers integrated in the local ICS controller node.
Flow controller setpoints are remotely adjustable from the CCR Operator Stations.
CONTROL PHILOSOPHY
2.3.2 Production Wellhead Shutdown Philosophy
Each oil production line at the wellhead shall be provided with three fail-safe, actuated
shutdown valves, namely, downhole, wing and independent over-pressure protection valve.
In addition, gas lift lines will be provided with one shutdown valve. All shutdown valves
shall incorporate a local manual reset mechanism and a test facility to enable the valves to
be partially closed periodically to ensure correct operation of the shutdown systems.
The wing and gas lift valves will be initiated either from the WCP, (following detection of
high or low pressure in the flow-line, or manual pushbuttons), from the RTU (gas or fire
detected, automatically from upper AGP-Satellite) or from manual pushbuttons on the
shutdown matrix in the CCR.
Shutdown of individual wells or satellite station groups of wells can be initiated by

pushbuttons in the CCR.
The independent over-pressure protection valve will close on detection of a potential

pipeline over-pressure situation detected by a flowline pressure sensor integral with the
valve actuator.
The downhole, surface controlled, sub-surface safety valve (SCSSV) shall close on receipt
of local shutdown signals only from : -
 A local pushbutton at the gate of well area
 An extra low pressure sensor in the riser
 Low pressure of hydraulic system in WCP
 Confirmed fire or gas in well area
2.3.3 Satellite Station Shutdown Philosophy
Incoming and outgoing oil lines between the satellite stations and wellheads and between
the satellite stations and CPF will be provided with manual isolation valves only.
Actuated shutdown valves shall be provided in the lines to and from the multi-phase flow
meter to enable equipment isolation in the event of abnormal process conditions, and each
lift gas line from CPF satellite.
2.3.4 Signal Transmission Philosophy
Single optical communication way shall be used for data transmission between satellite
stations and wellhead RTUs. Multi-core fiber optical cable shall be used and shared with
telecommunication system.
CONTROL PHILOSOPHY
3. INTEGRATED CONTROL SYSTEM
3.1 Introduction
The term “Integrated Control System” (ICS) is used to define a fully integrated process
control, monitoring, protection and safety system for the entire installation. This Section
outlines the general requirements for the ICS. See Sections 4 to 8 for details of individual
component parts of the system.
RAM study shall be carried out in the beginning of engineering stage.
The proposed approach to the ICS will be the selection of a single supplier for the entire
system. This strategy has the following advantages : -
 single source responsibility for the complete ICS
 reduced requirement for customised communications interfaces between the
various sub-systems (from different suppliers)
 reduced hardware, software and Project services costs
 reduced operational manpower
 reduced spares holding and increased inter-changeability of components
 reduced training
In addition to the operational and maintenance efficiencies achieved by this approach, the
safe operation of the facility will be enhanced by common equipment and procedures for all
process control and safety related actions.
3.2 Design Principles
The design principles to be adopted are summarised as follows : -

 a fully integrated control system
 ESD and F&G systems to operate completely independently from each other and
from the PCS, PSD and SCADA systems
 acceptance of Vendor’s standard equipment. Non standard equipment and
special solutions shall only be used if technical benefits can be demonstrated
 complexity of systems to be kept low. System design shall be developed from a
minimum requirements point of view
 sufficient information to be transmitted to the CCR to enable full process, utility
and safety monitoring and control of the complete Development by a minimum
number of operators.
CONTROL PHILOSOPHY
 number of alarms to be kept to a minimum. Critical alarms and selected control

and monitoring functions shall, based on a specific criticality assessment, be
presented to the operator in the CCR. The alarm system shall be designed to
suppress information not required by the operators.
 alarm system shall enable the initial cause of an alarm or shutdown situation to be
identified
 After Factory Acceptance Tests (FATs), the ICS shall have fully installed 20%
spare capacity, including processors, I/O cards of each type, field terminals,
historical disk space, PSU capacity, etc.
 All components of the ICS shall be ‘Year 2000 compliant’
 Issue of the successful field record of at least two years with the same type of
components and architecture and with an installed capacity greater than 15000
I/O’s. References shall be transmitted to Company with an identified contact
(Company, location, name, position, E-mail, Phone and Fax numbers).
The ICS will monitor and control, as identified, the following areas of plant : -
 processing and utility facilities within CPF -monitoring, control, shutdown
 F&G systems throughout the Development -monitoring and shutdown
 ESD systems throughout the Development -monitoring and shutdown
 electric motors throughout the Development -monitoring and shutdown
 satellite stations -monitoring and shutdown
 oil production wells -monitoring and shutdown
 gas injection wells -monitoring and shutdown
 power distribution system -monitoring only
Control of the Development shall generally be based on process control nodes or UCPs
distributed throughout the facility in LTRs or close to the equipment which they are
controlling, as described in Section 2.0.
3.4 Architecture
The ICS shall consist of the following, physically segregated component parts : -
 Process Control System (PCS) which shall directly or indirectly control and
monitor all process plant
 Process Shutdown (PSD) system (incorporated within PCS), which shall
undertake low level shutdown actions
CONTROL PHILOSOPHY
 Supervisory Control and Data Acquisition (SCADA) systems for wellhead and
satellite station two-way communication (incorporated within the PCS)
 Emergency Shutdown (ESD) system to ensure safe isolation and shutdown of the
facility under potentially serious process upset or specific F&G conditions
 Fire and Gas (F&G) system to protect personnel and plant from the effects of
flammable gases and fire
 Management Information System (MIS)
 Simulator
 Leak Detection System of the export pipeline
 Facilities, for each ICS system, for monitoring the sequence of events, including
alarms/shutdowns, operation of defeat/override facilities and event reports from
motor control systems and Package UCPs.
3.5 Location of ICS Equipment
The main control console will be located in the CCR and shall incorporate Operator
Stations, Engineering Work Station, ESD/F&G matrix panels, PA panel, CCTV monitors
and intercom/telephone/radio facilities. The Management Information System terminal
and F&G mimic display will also be located within the CCR.
Printers will be located in a dedicated printer room adjacent to the CCR.
The ICS equipment and field termination cabinets for the CPF will be located either in the
instrument Central Equipment Room (CER) in the CPF Main Control Building adjacent to
the CCR, in the Compressor Technical Room (CTR) in Substation #1 or in the Oil
Technical Room (OTR).
Satellite stations will be controlled and monitored from the CCR via an ICS controller
node in the satellite station instrument room.
RTUs will be located at each wellhead for signal transmission between the wellheads and
the satellites.
Leak Detection System with RTU and I/O unit shall be installed in control room in CSF.
CONTROL PHILOSOPHY
3.6 Packaged Plant Units
Packaged process and utility plant units shall be either directly controlled by the ICS, or
may be supplied with separate control systems (Package UCPs). Control and monitoring
variables from the UCPs shall be re-transmitted to the ICS via Modbus serial link or
hard-wired as appropriate.
Detailed diagnostic facilities, e.g. machine monitoring, shall be provided at the UCPs and
overview information repeated to the CCR. Where UCPs are PLC based and large
amounts of data are required within the CCR, serial links (Modbus) shall be used to
transmit information to the ICS.
3.7 Power Supplies
Within the CPF and satellite stations, the ICS will be powered from Redundant
Uninterruptible Power Supply (UPS) systems. The UPS systems shall include battery
back-up, in the event of total loss of mains power, for a minimum of 30 minutes for
PCS/PSD/ESD systems and 2 hours for F&G/Telecoms systems.
UPS power shall be distributed at 230V, 50 Hz to the ICS equipment and to Package
UCPs. UPS systems shall be located in the CPF Main Control Building, in the relevant
electrical sub-stations/LTRs and in the satellite station instrument/electrical rooms.
A redundant spare ac to dc power supply unit (PSU) shall be provided for each panel,
cabinet or suite of cabinets with a redundant internal dc power supply system. This will
enable plant operation to continue while a faulty PSU is being replaced.
Loop power (nominally 24 Vdc) shall be derived from the ICS or UCPs for all field
instrumentation. Solenoid valves shall have 24 Vdc coils.
Instrument/telecoms power supplies to the oil production and gas injection wellheads will
be provided by cable from the satellite stations.
CONTROL PHILOSOPHY
4. PROCESS CONTROL AND PROCESS SHUTDOWN SYSTEM
The Process Control System (PCS) is an integral component of the ICS and shall perform
the majority of plant control functions. The PCS shall have sufficient redundancy of
hardware to ensure that no single fault within the PCS shall cause loss of control
functionality.
The PCS shall perform the following functions :

 regulatory control of all key parameters; flows, pressures, temperatures, levels,
etc., for process and utility systems at the CPF
 protective shutdown of process and utility plant (PSD) in the event of a process
upset condition
 monitoring of each satellite station and wellhead via the SCADA system and
Operator Stations
 sequence logic control for start-up or auto-changeover, etc., of process and
mechanical equipment
 incorporate extensive automatic self diagnostic features, running on-line during
normal functioning, to monitor the performance of all hardware, software and
communications within the system
 presentation of process information to the operator and facilities for the operator
to issue control commands
 monitoring of all Package UCPs
 monitoring of electrical power distribution and standby generator status
 logging of selected events and operator actions, together with all warning and trip
alarms
 editing and calculation of production reports
 storage of live process data on hard disc and CD ROM
 Process Control System Manuals and Instructions, presented and stored on CD
ROM
Blowdown system shall be performed by PSD. The blowdown action shall be actuated
manually with permissive of AGP (See Section 6.2) and may be stopped by operator. In
the automatic blowdown is required only for emergency depressurisation of compressors
by the initiation from ESD system.
CONTROL PHILOSOPHY
4.2 Technical Requirements
The PCS shall allow dependable and effective control of the plant and shall be designed for
maximum integrity and reliability by providing dual redundant control processors,
communications sub-system and back-up power supplies. A failure of a single controller
module shall not affect the control of any loop. In the event of two coincident failures of
redundant controller modules the outputs shall be permuted to a safe value.
The redundancy of the input/output cards will be determined in accordance with the results
of the “RAM” study.
The design of the PCS, I/O racks and cabling shall permit selective shutdown of duplicated
processing facilities without prejudicing the control of the rest of the plant.
The controller functions shall be executed by microprocessor based multi-loop controllers

with capabilities for peer to peer communications. Configuration shall easily be achieved
with the use of function software block techniques. The controllers shall provide
algorithms necessary to implement advanced control strategies, sequencing and logic
functions.
All control loops shall be arranged to fail safe, e.g. by : -

 holding current set point or valve position in the event of a controller failure
 changing cascade or supervisory loops to conventional control in the event of
‘master’ controller failure
Data acquisition sub-systems shall interface multiplex analogue, digital, pulse and discrete
signals and shall be capable of processing linear and non-linear signals, such as temperature
input signals, square root for differential pressure flow measurements, etc.
Although the design objective is to minimise system complexity, customised software

based facilities shall be provided within the PCS for certain applications. Typically these
facilities shall include start sequence logic for gas compressors, etc. The final control
system configuration shall be determined during detail design of the process and utility
facilities.
System Suppliers shall employ a library of proven system configuration ‘modules’ directly
applicable to oil and gas production facility applications.
CONTROL PHILOSOPHY
4.3 Communications Sub-System
Dual redundant communications sub-systems shall be provided for communications

between the control processors, I/O processors, Operator Stations and other components
of the ICS, e.g. SCADA, ESD, F&G, etc. A failure in a single branch of the
communications network shall not affect the control of any loop. In the event of two
coincident failures of redundant communications network branches, links between
controller modules and the operator’s interface with the CPF will be lost but process
control shall be maintained.
The maximum loading of all communication sub-systems including serial interfaces, shall
not exceed 60%. The higher level redundant communications network loadings shall not
exceed 50% (between nodes as opposed to within nodes).
Interfaces to the ESD and F&G systems shall be designed to ensure that the integrity of
these systems is not compromised by any fault in the PCS.
Interfaces to other control systems, e.g. UCPs, shall be designed to ensure that the PCS is
fully protected from corruption and invalid commands emanating from such systems.
In order to reduce the quantity of hard wired signals, and associated cabling costs,
extensive use of serial interfaces shall be employed. Serial interfaces shall generally be
used between the major process Package UCPs and other heavy interface signal systems,
e.g. Motor Control Centres (MCCs) and electrical distribution system status signals.
The serial interfaces should standardise on a single protocol for commonality, e.g. RS485
using Modbus RTU protocol.
4.4 Process Shutdown
The logic facilities for Process Shutdown (PSD) actions may be incorporated within the
PCS, but shall be based on segregated and fully redundant hardware. The hardware and
software configuration for the PSD shall be such that each processor shall check the
control action of the other, and failure of one processor shall not affect the operation of the
other.
PSD loops and redundant process equipment, e.g. duty/standby pumps, should be allocated
to different I/O cards and controller files to minimise the impact of control system
hardware failure.
CONTROL PHILOSOPHY
Trip actions initiated via the PSD may be reset at the ICS Operator Station, and no local
reset in the field will normally be required. Overrides and inhibits for start-up and
maintenance may be undertaken within the PSD system. The operation of overrides or
inhibits shall be monitored and controlled by a requirement for passwords and the
incorporation of alarms and time-out circuits.
4.5 Operator Interfaces
4.5.1 Operator Stations
The Operator interface with the process and utility plant shall primarily be by console
mounted Operator Stations in the CCR. Each Operator Station shall comprise a VDU, a
keyboard, and an activating device.
The operation keyboard for OSs shall be of water-proof, semi-stroke or pressure sensitive
type; access to control and display functions shall be possible through dedicated control
and function keys. The function keys shall include dedicated keys for most often used
functions, such as; confirm/delete, open/close, next/previous, alarm/buzzer acknowledge,
tune, trend and mimics/groups of mimics direct access. An industrial type trackball shall be
added to the keyboard.
It is envisaged that six Operator Stations will be required for the control and monitoring of
the complete Development, typically four for Process systems and two for ESD/F&G
systems.
Each Operator Station shall, however, have full PCS/PSD/ESD/F&G and SCADA
Operator capability such that any area of the Development can be monitored from any
Station.
All Operator Stations shall have the capability to provide the full range of standard
operator facilities. Typically, these facilities comprise : -
 Operator Station Security, including password or key-switch protection
 Display Hierarchy
 System Flow Diagrams, using graphic process displays with control/alarm details,
and providing operator information and guidance
 Group Displays arranged such that interactions between control loops can be
ascertained
 SCADA status displays
 Fire and Gas Status Displays
CONTROL PHILOSOPHY
 ESD Status Displays

 alarm and plant status listings in order of initiation, detailing class of alarm i.e. trip,
pre-alarm, status information, etc. The system shall be able to discriminate
between individual alarms occurring in a short period of time
 real-time trends and short term historic trending on all analogue process variables,
with selectable long term historic trends as required
 malfunction reporting, including full diagnostic facilities down through to Smart
field instrumentation, and including all serial communications links.
4.5.2 Engineering Work Station
The CCR shall contain one Engineering Work Station (EWS) which shall, as a minimum,
include the following facilities : -
 configuration of the system and point database
 building of all Operator graphic displays
 saving and loading of all configuration data
 library of symbols, abbreviations, etc., used within the system
 comprehensive Help displays to facilitate configuration of the system.
The EWS shall be capable of both on-line and off-line configuration of the system.
4.5.3 Data Logging and Printers
A data logging facility shall be provided for status changes and general operational data,
and a printer provided for record of all alarms. A separate colour printer shall be
provided for hard copy from trend displays, screen dumps, etc., from any Operator Station
VDU.
A dedicated printer associated with the sequence of events facility (see Section 3.4) shall
also be provided.
4.5.4 Spare Operator Interface Units
A spare Operator Station, Engineering Work Station and printer of each type shall be
provided to ensure continuity of operations in the event of a Station or printer failure.
CONTROL PHILOSOPHY
5. SUPERVISORY CONTROL AND DATA ACQUISITION SYSTEM
The SCADA system is an integral component of the Integrated Control System and shall
provide the interface to the satellite stations and the wellheads. The SCADA system shall
gather information from each satellite station controller node or RTU and associated
wellhead RTUs. SCADA systems may also be considered at other areas of the
Development (e.g. gas injection wells, etc.,) where there is a requirement for the
acquisition of data from remote locations and an ICS controller node is not warranted.
The operator interface to the SCADA system shall be via the ICS Operator Stations in the
CCR. Dual redundant fibre optic cables shall be used from the satellite stations to the
CER and the SCADA node in the CER shall include dual controllers.
Interface Function in CSF is,

 transmit the process data from CSF to CPF for leak detection system
 transmit isolation command signal of export pipeline from CPF to CSF
The satellite station interface unit shall perform the following functions : -
 obtain field data periodically from wellhead RTUs
 issue control commands to each wellhead RTU
 issue automatic shutdown signal to each wellhead RTU
 transmit manually initiated shutdown signals from the CPF pushbutton matrix to
individual wellhead RTUs
 control and monitor lift gas, injection water and dilution water manifolds at
satellite stations
Each SCADA interface unit shall poll wellhead RTUs to request status changes and
measured values on a cyclic basis. To reduce the amount of data transferred a
“report-by-exception” technique shall be used, such that only changes that have occurred
since the last poll will be returned by the RTU.
To ensure that the process data held in the interface unit database is a true reflection of the
actual conditions, a full scan of each wellhead RTU shall be initiated to retrieve the actual
state or value of all points following : -
 a start-up situation
 an RTU reset
 restoration of communications after an outage
CONTROL PHILOSOPHY
 periodically at a user defined interval (typically 24 hours)

 operator demand
The interface unit(s) shall detect loss of communications with an RTU and raise a
corresponding alarm on the CCR Operator Stations. Similarly, RTU malfunctions, such
as card failures, signal faults and power supply failures, shall be alarmed on the CCR
Operator Stations.
Following loss of communications between an interface unit and an RTU or between the
CPF and an interface unit, the RTU shall initiate a shutdown of equipment connected to
that RTU after a user defined, adjustable, period (typically 15 minutes).
RTUs shall be site configurable. Facilities shall be provided for manual entry of data, and
for the operator to selectively disable and enable scanning.
The ICS Supplier shall include within his bid for portable facilities, which can be readily
taken between satellite stations and/or wellheads, to undertake detailed fault diagnosis of
the satellite station nodes and wellhead RTUs. The Supplier shall advise any alternative to
the use of a portable facility for fault diagnosis.
5.2 SCADA Software
The following SCADA software shall be provided as a minimum : -

 Operating System software
 Network software
 Standard SCADA software
 Applications software
 SCADA utilities which will be used to change user-configurable parameters and
assist with the day-to-day operation of the system
 Diagnostic tools

The SCADA interface between ICS in CER and ICS in satellite shall be defined as data
highway bus extension with dual redundant optical fiber cable and it shall be connected as
daisy chain. Refer to Appendix 1.
The SCADA interface between satellite and wellhead RTUs shall be single communication
with one optical fiber cable.
The SCADA system shall be of well proven technology and be user friendly using open
standards for monitoring and control of RTUs.
CONTROL PHILOSOPHY
6. EMERGENCY SHUTDOWN SYSTEM
6.1 Introduction
The ESD system is an integral component of the Integrated Control System and shall
ensure the safe isolation and shutdown of equipment at the CPF, satellite stations and
wellheads under process upset conditions, fire detection or flammable gas detection.
The objective of the ESD system, in order of priority, is to : -
 protect personnel
 protect the environment
 protect plant equipment
 maintain production
The ESD system will be limited to applications that require executive action for a
shutdown to a safe condition. Control functions such as pump auto start or sequencing
logic shall be handled by the PCS/PSD. Process shutdown functions following minor
process upset situations and the blowdown function shall be accommodated within the
PSD system.
6.2 Levels of Shutdown
The ESD system shall initiate high levels of shutdown in the event of major hydrocarbon
system upset, fire, or hazard to personnel. Lower levels of Process Shutdown (PSD) shall
be undertaken by the PCS or by logic systems within Package UCPs.
All shutdown actions shall be preceded by a pre-alarm on the ICS Operator Stations.
The shutdown system shall provide four levels of shutdown as listed below : -
AU-0 Plant General Emergency Shutdown.
This shutdown level will shutdown and isolate all hydrocarbons throughout the
CPF. All utilities will be tripped except emergency generator, firewater pumps
and diesel transfer pumps and flare system. Manual initiation of this level of
ESD can be made from the CCR pushbutton matrix panel. The AU-0 actions
will be initiated by the ESD system only.
CONTROL PHILOSOPHY
AU Zone Emergency Shutdown.
This shutdown level will isolate all hydrocarbons incoming and outgoing of the
relevant fire zone, isolate electrical power and shutdown combustion equipment.
Manual initiation of this level of ESD can be made from the CCR pushbutton
matrix panel, and from pushbuttons at each fire area in CPF, satellite and
wellhead. This level of shutdown will be initiated by ESD system only in CPF and
PSD system in satellites and wellheads.
AGP General Production Shutdown.
This shutdown level results in the shutdown of facility equipment in the relevant
fire zone at the CPF, satellite/wellhead. Manual initiation of this level of
shutdown can be made from software switches on the ICS console for each zone
in the CPF. For each wellhead, it is initiated by a pushbutton on the wellhead
control panel or from the CCR. This level of shutdown will generally be
undertaken by PSD system.
Equipment Level Shutdown.
This shutdown is the lowest level shutdown and shall take manage the individual
equipment protection following a minor process upset. Generally, this shutdown
level is initiated by set point on process value, e.g high/low level, flow, pressure,
temperature etc.. These actions will generally be undertaken by Package UCPs
and/or PSD system.
Any lower level shutdowns shall also be initiated by a higher level shutdown as cascade.
The detail shutdown action logic should be defined in the General Safety Logic Diagrams
for ESD and PSD, (Drawings D-000-1370-201/219).
The Emergency Shutdown facilities are to be handled in a dedicated ESD system with low
likelihood of failure.
The ESD system shall be fault tolerant with a high availability and be equipped with
self-test and self-diagnostics capabilities.
The ESD system will be based on a programmable system design and will utilise
proprietary Programmable Logic Controllers (PLCs) configured to 1oo2D principles to
provide the required level of reliability and availability.
CONTROL PHILOSOPHY
The results of RAM study may allow for simplification of the final safety architecture.
Where ESD outputs operate ‘field’ mounted solenoid valves, the solenoid valves must
remain de-energised after restoration of the normal condition, until reset from both the
ESD system and locally at the solenoid valve using a manual reset facility.
Provision shall be made to allow full automatic and manual routine testing of the shutdown
systems. Override/defeat facilities shall be provided to allow system testing and
maintenance.
The proposed system comprises two (redundant) VDU/keyboard based units, located in
the CER and directly linked to the ESD/F&G system cabinets. Access to the
override/defeat facilities shall be key or password protected. Alarms shall be provided at
the Operator Stations to warn that an override is in use and it shall not be possible to clear
these alarms until the override is removed. The number of overrides/defeats currently in
use must be permanently displayed to the operator.
The ESD system shall employ a fail safe concept, i.e. the ESD system shall revert to the
least hazardous condition upon failure of any I/O module, logic processor, field sensor,
actuator or power source. This requirement shall be achieved by employing a
‘de-energise to trip’ design. During normal operation, with the plant in a healthy
condition, inputs from sensors, the logic system, and outputs to the final control elements
shall be energised. The system will interpret the de-energising of an input as a trip
demand and will de-energise the appropriate outputs to initiate a shutdown. This design
shall also ensure a shutdown on loss of electrical power to the system inputs, outputs or
logic or on loss of communications to satellite stations or wellheads.
The ESD system shall be designed for high integrity and shall be a standalone system, i.e.
system components such as logic processors, sensors, actuators, cabling, etc., shall be
completely independent of other control and monitoring systems.
The operator interface will be via the ESD matrix panel (see Section 6.5) with alarms and
status indications available on the ICS Operator Stations.
Field cables to the ESD marshalling cabinets shall be marshalled via dedicated field
junction boxes.
ESD shutdown signals to electric motors shall be executed via 24 Vdc ESD output signals
to an interposing relay cabinet in the relevant electrical sub-station.
CONTROL PHILOSOPHY
The ESD system shall be capable of discriminating between several shutdown initiation
signals in close succession to ensure that shutdown output actions are executed in the same
sequence as the inputs are received (i.e. first in, first out).
The maximum ‘input to output’ response time of the ESD system shall not exceed 500
milliseconds.
6.5 Pushbutton Matrix Panels
Two ESD pushbutton matrix panel sections shall be incorporated within the CCR control
console for manual initiation of defined ESD actions as identified on the Safety Logic
Diagrams. The matrix sections shall be allocated for CPF ESD pushbuttons and
Satellite/Wellhead shutdown pushbuttons respectively.
Outputs from the ESD matrix for ESD duty shall be hard-wired to the output terminals of
the ESD system cubicles. Inputs to the ESD matrix for ESD duty shall be hard-wired
from the input terminals of the ESD system cubicles.
All pushbuttons will be protected against inadvertent operation by hinged covers.
Pushbuttons shall be provided on the matrix to initiate : -

 Plant emergency shutdown (AU-0)
 Zone emergency shutdown (AU)
 Individual satellite station shutdown
 Individual wellhead shutdown
 Each compressor Trip
6.6 ESD System Sensors and Actuator Devices
The process sensors for ESD inputs shall be dedicated to ESD duty only and shall be
connected to the process via dedicated pipe tappings. Facilities shall be provided for
direct process simulation testing from the process connection.
ESD system field cabling from sensors and to actuators shall be totally segregated and run
via dedicated junction boxes hardwired direct to the ESD I/O cabinets in the CER.
ESD inputs from the Fire and Gas system shall be hardwired and generated only from
confirmed Fire or Gas situations (i.e the result of 2ooN voting at the higher LEL alarm
setting).
CONTROL PHILOSOPHY
Final ESD actuation devices, e.g. shutdown valves, shall be dedicated to the shutdown
duty. The principle of using modulating control valves with an ESD solenoid in the
actuating medium supply line is not acceptable.
Where a shutdown valve is initiated by both ESD and PSD systems, separate solenoid
valves shall be provided for each shutdown system. The ESD solenoid valve shall have a
local manual reset facility.
ESD/PSD initiating devices shall generally be based upon analogue transmitters in the field
with signal monitoring facilities in the ICS system cabinets. The use of field switch
devices shall be avoided where possible.
7. FIRE AND GAS SYSTEM
7.1 Introduction
The F&G system is an integral component of the Integrated Control System and the prime
objective is to protect personnel and plant from the effects of flammable gases, smoke and
fire. The F&G system will be independent of the ESD and control systems but will action
process shutdown through the ESD system. The F&G system shall automatically alert
personnel audibly, and in noisy areas, visually, of a fire condition or abnormal hydrocarbon
release via the facility PA system (supplied by other).
The associated alarms shall be monitored by the F&G system enabling controlled
corrective actions, automatic and/or manual, to be effected. Such corrective actions may
result in partial or total shutdown of production and enable manual initiation of
hydrocarbon inventory blowdown from an isolated section of plant.
In the case of a hydrocarbon gas release, the combustible gas detection system will respond
to the level of accumulation and shall be designed to alarm at two levels. Alarm levels will
typically be 20% and 50% of the Lower Explosive Limit (LEL) in open areas of the plant.
An automatic fire detection system shall be provided utilising heat, flame or smoke
detectors selected, by fire zone, according to risk evaluation.
F&G detectors shall be supported by manual, ‘break glass’ callpoints distributed

throughout the CPF.
CONTROL PHILOSOPHY
The operator interface will be via : -

 F&G pushbutton matrix panel (see Section 7.6)
 F&G alarm status displayed on mimic panels (see Section 7.7)
 F&G alarms and status indications available on a dedicated ICS Operator Station
graphic display
The F&G system will be connected to the ICS via a dual redundant Modbus serial links.
7.2 System Outline
The F&G system will be based on a programmable system design and will utilise
proprietary Programmable Logic Controllers (PLCs) in a redundant configuration, similar
to the ESD system described in Section 6.3. The F&G system shall be fault tolerant with
a high availability and be equipped with self-test and self diagnostics capabilities.
Buildings within the CPF and IB areas will be protected with addressable type fire
detectors and panels, reporting to a Main Fire Alarm Panel (MFAP) in the control building.
Information shall be transmitted from the MFAP to the F&G PLCs for critical alarm
reporting and executive actions via Modbus serial link.
Inputs to the Fire and Gas system shall consist of fire detectors in all areas and combustible
gas detectors in parts of the installation where flammable gas could accumulate.
The following inputs from the field shall be hardwired to the F&G field termination or
system cabinets in the CER, satellite substation instrument room or RTU at wellhead,
using addressable or non-addressable systems as appropriate : -
 Manual Alarm Call Points (MACs)
 infra red (IR) flammable gas detectors (including hydrogen, if applicable, from
UPS batteries)
 IR flame detectors
 status alarms from various equipment items, e.g. fans, fire dampers, etc.
Some Mechanical Packages (e.g. Booster/Lift gas compressors) may be provided with fire
and gas detection equipment included within the Package. In these specific instances, the
F&G logic associated with these detectors shall be integrated into the Package UCP to
execute shutdown actions as required. F&G status signals from these UCPs shall be
hard-wired to the F&G system and hence to the mimic displays in the CCR and SCR (see
Section 7.7).
CONTROL PHILOSOPHY
It shall be possible to remove and replace modules whilst the system is energised.
Removal of a module shall generate a fault alarm which shall be annunciated at the
Operator Stations in the CCR. Each module shall have front mounted status LEDs
identifying alarm, fault, power on, etc.
All connected sensor loops shall be monitored for ground faults, short circuits, cable
breaks and power failure. An alarm shall be generated in the event of any malfunction.
7.3 Fire Zones
The CPF shall be segregated into fire zones, generally the same as the areas created by the
layout of the facility, e.g. compressors, separators, storage areas, etc. However, smaller
areas may also form separate fire zones depending upon accessibility of such areas to fire
fighting crews, the type of equipment or materials housed therein and whether a fixed fire
protection system is required to operate automatically within the area.
7.4 Risk Evaluation
All areas of the Development shall be evaluated during detail design to achieve the highest
standard of system integrity and ensure the most appropriate selection of detecting device
type, quantity, location, fire extinguishant, etc.
A general guide to the type of detectors to be applied to a particular risk will be as

identified in Table 7.1 below.
Table 7.1
Risk Detector Type
Ordinary Combustibles Smoke/Heat
Flammable Gases Gas/Flame/Heat
Flammable Liquids Flame/Heat
Electrical Smoke/Heat
Generally a minimum of two fire detectors, not necessarily of the same type, shall be
allocated to each working space.
The fire detection design shall minimise the different types of detectors in order to restrict
the range of spares and facilitate maintenance familiarity. However, the prime design
feature for detector selection will be their speed of response to incipient fire conditions
compatible with overall reliability.
CONTROL PHILOSOPHY
7.5 F&G Executive Actions
On a confirmed fire and/or gas detection, various counter measures shall be undertaken to
limit the escalation or minimise the consequences of the hazard, e.g. deluge release,
shutdown and isolation of equipment, etc. Fire and Gas executive actions, identified as
Safety Logic Diagrams D-000-1370-301 to 356, to be undertaken by the F&G system
upon fire and/or gas detection.
7.6 Pushbutton Matrix Panel
One F&G pushbutton matrix panel shall be provided and installed in the CCR control
console for manual initiation of fire fighting. The pushbuttons will initiate extinguishant
release on a fire zone basis for CPF, IB and Satellite, and start firewater pumps.
7.7 Mimic Display Panel
A F&G mimic display panel shall be located in the CCR and shall provide operators with
indication of fire zone, type of hazard detected and output action taken in that zone. The
mimic shall identify each fire zone and display, for each zone, the specific alarm or status
condition.
Another mimic display panel shall be located in the Security Control Room (SCR) in Fire
Station. The mimic panel in SCR shall include pushbuttons for manual initiation of Fire
pumps.
CONTROL PHILOSOPHY
8. MANAGEMENT INFORMATION SYSTEM
A PC based Management Information System (MIS) shall be provided within the CCR.
The MIS shall continuously gather selected plant data from the ICS via the data highway.
The MIS shall have a well proven interface to the ICS and shall use an industry standard
operating system allowing proprietary software packages to be utilised.
The MIS shall typically gather and process the following information : -
 key process data from the CPF, wellheads and satellite stations
 machine monitoring data
 tank storage data
 electrical data
 ESD and F&G data
The MIS shall have facilities for : -

 long term storage of alarms and events
 trend data storage
 long term storage of selected measurement values
 alarm analysis
 production and status reports
 machine monitoring reports
 printing reports.
Tailored reports shall be provided as follows : -

 Production and Status Report Once a day
 Production and Status Report Each Shift
 Machine Monitoring Report Once a day
 Motor Run-time Report Once a day
 Material Balance Report Once a day
 Utility Consumption Report Once a day
 Safety Report Once a day
CONTROL PHILOSOPHY
9. FIELD INSTRUMENTATION
9.1 General
The design principle for field instrumentation shall be to provide sufficient measurement
signals to the ICS to enable safe and efficient operation of the Development from the CCR
facilities. Minimum, but sufficient, local gauges and indicators shall be provided to
facilitate local start-up of major plant items where applicable, and to assess the basic
process status in the event of control system failure and possible local venting actions.
The design objective is to obtain maximum standardisation of specification, manufacturer

and model number of components throughout the installation for both operational and
maintenance reasons. At an early stage of the Project, an instrument vendor list shall be
prepared and agreed with the Client. However, for certain specific applications, Package
suppliers of large plant shall be allowed to supply their standard proven components,
subject to approval.
The units of measurement for the installation shall be generally in accordance with the
System International (SI) standard.
Transmitted electric signals shall operate in the 4-20 mA signal range, using a nominal
voltage level of 24 Vdc on a two wire transmission circuit. Smart transmitters shall be used
wherever possible, using HART protocol. However, transmitters used as inputs to the
ESD System shall not be used in Smart mode.
Alarm and shutdown initiating devices shall generally be based upon analogue transmitters
in the field with signal monitoring facilities in the ICS system cabinets. The use of field
switch devices shall be avoided where possible.
Details of field instrumentation requirements are provided in the General Specification for
Instrumentation.
Cable entries to CCR, CER and LTRs shall be sealed (e.g. by use of multi-cable transit
frames) to prevent ingress of flammable gases.
CONTROL PHILOSOPHY
9.2 Hazardous Area Requirements
9.2.1 Equipment Selection
In general, electrical instrumentation located in hazardous areas shall be certified

flameproof (EEx’d’). Where suitable EEx’d’ equipment is not available, consideration
will be given to the use of intrinsically safe (EEx’i’) or purged (EEx‘p’) equipment. If
EEx’i’ equipment is selected, galvanic isolators (rather than Zener barriers with dedicated
IS earth bars) shall be used.
All instrumentation equipment, materials and installation methods shall comply and fully
satisfy the statutory requirements for the area classification identified on the Project
Hazardous Area Drawings.
9.2.2 Certification and Inspection
To ensure that all hazardous area components are correctly certified, a comprehensive
certification dossier shall be produced during detail design. The certification dossier shall
include all construction components (e.g. cable glands, junction boxes, etc.) as well as
instrument equipment items.
9.2.3 Hazardous Area Classification
All instruments installed in hazardous areas shall be suitable for use in a Zone 1, Gas
Group IIA, Temperature Classification T3, environment.
No electrical instrumentation equipment shall be installed in Zone 0 areas.
9.3 Actuator Operating Medium
9.3.1 Central Processing Facility
Unless process conditions dictate otherwise, control valves and fail-safe shutdown valves
within the CPF shall be pneumatically actuated utilising instrument air. In specific
instances where instrument air is not suitable, consideration shall be given to the use of
actuators powered by hydraulic oil.
Where fail safe or fast action is not a requirement, isolation valves with electric motorised
actuators may be used.
CONTROL PHILOSOPHY
9.3.2 Satellite Stations
Preliminary investigations have identified that satellite station control and shutdown valves
should be electro-hydraulically actuated using electrical power derived from the CPF.
Any increased requirements for actuated valves at the satellite stations shall be taken into
consideration before final selection of satellite station actuator operating medium.
9.3.3 Wellheads
Previous investigations have identified that surface and downhole shutdown valves at the
oil production and gas injection wellheads should be hydraulically actuated using hydraulic
power units (HPUs) located within the WCPs.
The HPU pumps are powered from the relevant satellite station via buried cable that also
provides power for the corrosion inhibitor pumps at the oil production wellheads.
CONTROL PHILOSOPHY
10. REFERENCE DOCUMENTS
The design, construction and installation of the C&I systems shall, as a minimum, comply
with the applicable codes and standards given in Sections 10.1 and 10.2 below.
10.1 International Codes and Standards
Document Number Document Title

ANSI B16.5 Pipe Flanges and Flanged Fittings
ANSI/FCI 70.2 Control Valve Seat Leakage
ANSI/ISA S5.1 Instrumentation Symbols and Identification
API MPMS Manual of Petroleum Measurement Standards
API RP 520, Part l Sizing, Selection and Installation of Pressure-Relieving Devices in
Refineries, Sizing and Selection
API RP 520, Part ll Sizing, Selection and Installation of Pressure-Relieving Devices in
Refineries, Installation
API RP 521 Guide for Pressure-Relieving and De-Pressuring Systems
API RP 526 Flanged Safety-Relief Valves
API RP 527 Commercial Seat Tightness of Safety Relief Valves with Metal to Metal
Seats
API RP 550, Part l (see Installation of Refinery Instruments and Control Systems, Process
Note 2 below) Instrumentation and Control
API RP 550, Part ll (see Installation of Refinery Instruments and Control Systems, Process Stream
Note 2 below) Analyzers
API RP 551 (see Note 2 Process Measurement Instrumentation
below)
API RP 552 (see Note 2 Transmission Systems
below)
API RP 554 (see Note 2 Process Instrumentation and Control
below)
API RP 555 (see Note 2 Process Analyzers
below)
BS 5351 Steel Ball Valves for the Petroleum, Petrochemical and Allied Industries
IEC 60079-0 Electrical Apparatus for Explosive Gas Atmospheres, Part 0:General
Requirements
IEC 60079-1 Electrical Apparatus for Explosive Gas Atmospheres, Part 1:Construction
and Verification Test of Flameproof Enclosures for Electrical Apparatus
IEC 60079-2 Electrical Apparatus for Explosive Gas Atmospheres, Part 2:Electrical
Apparatus-type of protection “p”
IEC 60079-7 Electrical Apparatus for Explosive Gas Atmospheres, Part 7:Increased Safety
“e”
CONTROL PHILOSOPHY
IEC 60079-11 Electrical Apparatus for Explosive Gas Atmospheres, Part 11:Construction
and Test of Intrinsically Safe and Associated Apparatus
Document Number Document Title
IEC 60331 Fire Resisting Characteristics of Electrical Cables
IEC 60332 Test on Electrical Cables under Fire Conditions
IEC 60529 Degrees of Protection Provided by Enclosures (IP Code)
IEC 61131 Method of Programming
IEC 61508 Draft Functional Safety : Safety Related Systems
IEEE 802, Parts 3 and 4 Information Processing Systems - Local Area Networks
ISA S75.01 Control Valve Sizing Equations
ISA S84.01 Application of Safety Instrumented Systems for the Process Industry
ISA 5167-1 Measurement of Fluid Flow by means of Pressure Differential Devices - Part
1:Orifice Plates, Nozzles and Venturi Tubes Inserted in Circular
Cross-Section Conduits Running Full
ISA 5168 Measurement of Fluid Flow - Evaluation of Uncertainties
ISO 9000 Quality Systems - Principal Concepts and Applications
ISO 9003 Specification for Final Inspection and Test
ISO 12207 Development of the Application
Note 1. In the case of conflict between the above Codes and Standards, the most
stringent shall apply.
Note 2. Although API RP 550 is now obsolete, the requirements contained therein are to
be complied with except where superseded by the later API Recommended
Practices RP 551, 552, 554 and 555.
CONTROL PHILOSOPHY
10.2 Project Documents
Doc. No (Company) Doc. No. (JGC) Document Title
ORH-TP-J-87001 S-000-1371-101 Control Philosophy

ORH-SP-J-87002 S-000-1371-103 Specification for Emergency Shutdown System
ORH-SP-J-87020 S-000-1371-104 Specification for Fire and Gas System
ORH-SP-J-87021 S-000-1371-105 Specification for Instrument/Electric Interface Cabinet
ORH-SP-J-87022 S-000-1371-106 Functional Specification for Field Termination Cabinet
ORH-SP-J-87073 S-000-1371-107 Architectural and Operational Requirement for Integrated
Control System
ORH-SP-J-87023 S-000-1371-111 Functional Specification for Process Control System and
Process Shutdown System
ORH-SP-J-87024 S-000-1371-112 Specification for Human Machine Interface of Integrated
Control System
ORH-SP-J-87027 S-000-1371-115 Functional Specification for Serial Interface
ORH-SP-J-87028 S-000-1371-116 Functional Specification for Leak Detection System
ORH-LJ-J-87001 S-000-1371-121 Alarm/Trip Setpoint List
ORH-LJ-J-87002 S-000-1371-122 ICS Input/Output List
ORH-SP-J-87065 S-000-1371-123 Specification for Push-Button Matrix
ORH-SP-J-87066 S-000-1371-124 Specification for F&G Mimic Panel
ORH-SP-J-87063 S-000-1371-201 Specification for Auxiliary Panel
ORH-SP-J-87011 S-000-1372-001 Specification for Simulator

ORH-SP-J-87010 S-000-1372-002 Specification for Management Information System
ORH-SP-J-87067 S-000-1372-003 Specification for Management Information System Tag List
ORH-SP-J-87068 S-000-1372-004 Specification for Management Information System Reports
ORH-DX-J-87001 D-000-1370-200 General Safety Logic Diagram Overview

ORH-DX-J-87002/ D-000-1370-201/ General Safety Logic Diagram for ESD & PSD System
87020 219
ORH-DX-J-87101/ D-000-1370-301/ Safety Logic Diagram for Fire & Gas PLC
87160 360
CONTROL PHILOSOPHY
APPENDIX-1
ICS DATA HIGHWAY CONNECTION
This appendix shows the philosophy of ICS data highway connection.
Satellite-7 . Wellhead
.
. .
. .
. .
.
. .
. .
. .
.
. .
. .
. .
CER
.
. .
. .
. .
.
. .
. .
. .
.
. .
. .
. .
.
. .
. .
. .
: Redundant Optical Fiber Cable (Daisy Chain)

: Single Optical Fiber Cable

Control Philosophy PDF

Hochgeladen von

Dokumentinformationen

Originalbeschreibung:

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Control Philosophy PDF

Hochgeladen von

Copyright:

Verfügbare Formate

URHOUD-Organisation Ourhoud

2.0 OPERATING AND CONTROL PHILOSOPHY

3.0 INTEGRATED CONTROL SYSTEM

4.0 PROCESS CONTROL AND PROCESS SHUTDOWN SYSTEMS

5.0 SUPERVISORY CONTROL AND DATA ACQUISITION SYSTEM

6.0 EMERGENCY SHUTDOWN SYSTEM

7.0 FIRE AND GAS SYSTEM

8.0 MANAGEMENT INFORMATION SYSTEM

9.0 FIELD INSTRUMENTATION

10.0 REFERENCE DOCUMENTS

APPENDIX 1 ICS DATA HIGHWAY CONNECTION

BOPD Barrels of Oil per Day

CCR Central Control Room

ESD Emergency Shutdown

FAT Factory Acceptance Test

HPU Hydraulic Power Unit

ICS Integrated Control System

LTR Local Technical Room

MAC Manual Alarm Callpoint

OLE Object Linking and Embedding

RTU Remote Terminal Unit

SCADA Supervisory Control and Data Acquisition

TMR Triple Modular Redundant

UCP Unit Control Panel

Vdc direct current volts

WCP Wellhead Control Panel

1.1 General Description

The Ourhoud Development will consist of : -

1.3 Environmental Conditions

A summary of expected environmental conditions are given in Table 1.1 below.

2. OPERATING AND CONTROL PHILOSOPHY

System configuration shall be referred to V-2171-001-A-301 and developed by ICS

2.2 Central Processing Facility

2.2.1 General Description

2.2.2 Package Unit Control Panels

2.3 Wellheads and Satellite Stations

2.3.1 General Description

2.3.2 Production Wellhead Shutdown Philosophy

Shutdown of individual wells or satellite station groups of wells can be initiated by

The independent over-pressure protection valve will close on detection of a potential

2.3.3 Satellite Station Shutdown Philosophy

2.3.4 Signal Transmission Philosophy

3. INTEGRATED CONTROL SYSTEM

RAM study shall be carried out in the beginning of engineering stage.

3.2 Design Principles

The design principles to be adopted are summarised as follows : -

 number of alarms to be kept to a minimum. Critical alarms and selected control

3.3 General Description

3.5 Location of ICS Equipment

Printers will be located in a dedicated printer room adjacent to the CCR.

3.6 Packaged Plant Units

3.7 Power Supplies

4. PROCESS CONTROL AND PROCESS SHUTDOWN SYSTEM

4.1 Functional Requirements

The PCS shall perform the following functions :

4.2 Technical Requirements

The controller functions shall be executed by microprocessor based multi-loop controllers

All control loops shall be arranged to fail safe, e.g. by : -

Although the design objective is to minimise system complexity, customised software

4.3 Communications Sub-System

Dual redundant communications sub-systems shall be provided for communications

4.4 Process Shutdown