V4-ch01-instrument And Process Control Philosophy Rev 1

PETRONAS RAPID Project Johor, Malaysia 350 KTA LLDPE PLANT Project n° 61070F Process Design Package

Nov Vol.

VOLUME 4

CHAPTER 1

INSTRUMENT AND PROCESS CONTROL PHILOSOPHY

© INEOS Commercial Services UK Limited. All rights reserved. This document is the property of INEOS Commercial Services UK Limited, and the information and images it contains are strictly confidential and may not be altered or amended, copied, used or disclosed without the express permission of INEOS Commercial Services UK Limited.

2012 : 4

OWNER REFERENCE

Technologies

PETRONAS RAPID PROJECT 350 kta LLDPE PLANT

Project

Package

RAPID

L20

Originator

INE

Discipline

Doc. Type

Unit n°

Serial n°

PRO

DES

3200

0011

Rev.

Page

1

1 / 24

LICENSOR REFERENCE Project

Unit n°

Doc. Type

Doc. Code

Sequent. n°

61070F

3200

SP

-

011

SPECIFICATION INSTRUMENT AND PROCESS CONTROL PHILOSOPHY

INSTRUMENT AND PROCESS CONTROL PHILOSOPHY

1

12-Dec-12

PDP update

FMA

A. CONIL

A. CONIL

0

05-Nov-12

ISSUE FOR PDP

A. CONIL

A. CONIL

A. CONIL

XA

16-Sep-12

FOR COMMENT

A. CONIL

A. CONIL

A. CONIL

REV.

DATE DD-MMM-YY

STATUS – REVISION MEMO

WRITTEN BY (name & visa)

CHECKED BY (name & visa)

APPROVED BY (name & visa)

Document revisions. © INEOS Commercial Services UK Limited. All rights reserved. This document is the property of INEOS Commercial Services UK Limited, and the information and images it contains are strictly confidential and may not be altered or amended, copied, used or disclosed without the express permission of INEOS Commercial Services UK Limited.

OWNER REFERENCE

Technologies

PETRONAS RAPID PROJECT 350 kta LLDPE PLANT

Project

Package

RAPID

L20

Originator

INE

Discipline

Doc. Type

Unit n°

PRO

DES

3200

LICENSOR REFERENCE

Rev.

Project

Unit n°

Doc. Type

Doc. Code

Sequent. n°

61070F

3200

SP

-

011

Serial n°

0011 Page

1

2 / 24

SPECIFICATION INSTRUMENT AND PROCESS CONTROL PHILOSOPHY

CONTENTS 1.

INTRODUCTION................................................................................................................................................................ 3 1.1

2.

ABBREVIATIONS ..................................................................................................................................................... 3

CONTROL AND PROTECTION SYSTEM REQUIREMENTS ................................................................................... 5 2.1 RELIABILITY.............................................................................................................................................................. 5 2.2 DCS HARDWARE IMPLEMENTATION ................................................................................................................ 5 2.3 SIS HARDWARE IMPLEMENTATION .................................................................................................................. 6 2.4 CONTROL SYSTEM INTERFACES ...................................................................................................................... 7 2.5 DCS CONFIGURATION .......................................................................................................................................... 8 2.5.1 REGULATORY CONTROL ............................................................................................................................. 8 2.5.2 SEQUENCES.................................................................................................................................................. 10 2.6 INTERLOCK FUNCTIONALITY ............................................................................................................................ 11 2.6.1 SIS INTERLOCK ............................................................................................................................................ 11 2.6.2 DCS INTERLOCK .......................................................................................................................................... 12 2.6.3 RESETS ........................................................................................................................................................... 12 2.6.4 OVERRIDES ................................................................................................................................................... 12 2.7 OPERATOR INTERFACE ..................................................................................................................................... 13 2.7.1 DISPLAYS ....................................................................................................................................................... 14 2.7.2 HISTORICAL DATA AND TREND DISPLAYS .......................................................................................... 14 2.7.3 ALARMS .......................................................................................................................................................... 15 2.7.4 OPERATOR INTERFACE AND PANEL ..................................................................................................... 16 2.8 SECURITY ............................................................................................................................................................... 16 2.9 ENGINEERING FACILITIES ................................................................................................................................. 16 2.10 EARTHING AND LIGHTNING PROTECTION ................................................................................................... 17 2.11 ADVANCED PROCESS CONTROL (APC) ........................................................................................................ 17

3.

INSTRUMENTATION...................................................................................................................................................... 18 3.1 GENERAL ................................................................................................................................................................ 18 3.2 FIELDBUS ................................................................................................................................................................ 19 3.3 INSTRUMENT/CONTROL POWER/AIR SUPPLY ............................................................................................ 20 3.3.1 POWER SUPPLY ........................................................................................................................................... 20 3.3.2 INSTRUMENT AIR ......................................................................................................................................... 20

4.

ANALYSERS ................................................................................................................................................................... 20

5.

FIRE AND GAS DETECTION ....................................................................................................................................... 20

6.

PACKAGE INSTRUMENTATION AND CONTROL .................................................................................................. 21

7.

MOTOR CONTROL ........................................................................................................................................................ 22

8.

DCS/SIS PROJECT ENGINEERING ........................................................................................................................... 23 8.1 8.2 8.3 8.4

DESIGN .................................................................................................................................................................... 23 TESTING .................................................................................................................................................................. 23 INEOS TECHNOLOGIES REQUIREMENTS ..................................................................................................... 24 LIST OF INSTRUMENTATION VENDORS ........................................................................................................ 24

© INEOS Commercial Services UK Limited. All rights reserved. This document is the property of INEOS Commercial Services UK Limited, and the information and images it contains are strictly confidential and may not be altered or amended, copied, used or disclosed without the express permission of INEOS Commercial Services UK Limited.

OWNER REFERENCE

Technologies

PETRONAS RAPID PROJECT 350 kta LLDPE PLANT

Project

Package

RAPID

L20

Originator

INE

Discipline

Doc. Type

Unit n°

PRO

DES

3200

LICENSOR REFERENCE

Rev.

Project

Unit n°

Doc. Type

Doc. Code

Sequent. n°

61070F

3200

SP

-

011

Serial n°

0011 Page

1

3 / 24

SPECIFICATION INSTRUMENT AND PROCESS CONTROL PHILOSOPHY

1.

INTRODUCTION This document defines the generic standard requirements for the control and instrument protection systems on INEOS Technologies licensed polyethylene plants. The overall intent of the PDP with reference to control and instrumentation is to provide the following information: Controls and interlocks specific to licensed technology required to operate the plant safely and reliably. The minimum general requirements on the licensee and detailed engineering contractor required to ensure that the overall standard of implementation and operation is sufficient to operate the plant safely and reliably Sufficient detail is provided to allow the licensee and detailed engineering contractor to design and operate the plant safely and to meet the guarantees. Other sections of the PDP volume 4 provide specification for complex regulatory control, sequences, interlocks and any supervisory control schemes where this is not clear from the PIDs. The licensee and detailed engineering contractor are responsible, during the detailed engineering and implementation, for ensuring that the final installed system is safe, reliable and operable. This document and the others in the control PDP volume 4 provide guidance in achieving these aims. Throughout the control PDP the words may, should, and must have the following specific meaning: May: is used where an alternative provision is acceptable to INEOS Technologies Should: is used where INEOS Technologies prefers the provision Must: is used where the provision is mandatory

1.1

ABBREVIATIONS DCS

Distributed Control System

(Main plant control system)

SIS

Safety Instrumented System

(Protective system)

PLC

Programmable Logic Controller (May be used for control of package equipment)

PID

Piping & Instrumentation Diagram

SIL

Safety integrity level. (Defined in IEC61508, IEC61511)

© INEOS Commercial Services UK Limited. All rights reserved. This document is the property of INEOS Commercial Services UK Limited, and the information and images it contains are strictly confidential and may not be altered or amended, copied, used or disclosed without the express permission of INEOS Commercial Services UK Limited.

OWNER REFERENCE

Technologies

PETRONAS RAPID PROJECT 350 kta LLDPE PLANT

Project

Package

RAPID

L20

Originator

INE

Discipline

Doc. Type

Unit n°

PRO

DES

3200

LICENSOR REFERENCE

Rev.

Project

Unit n°

Doc. Type

Doc. Code

Sequent. n°

61070F

3200

SP

-

011

Serial n°

0011 Page

1

4 / 24

SPECIFICATION INSTRUMENT AND PROCESS CONTROL PHILOSOPHY APC

Advanced Process Control system

PDS

Process data sheets (in PDP volume 2)

RTD

Resistance Thermal Device

© INEOS Commercial Services UK Limited. All rights reserved. This document is the property of INEOS Commercial Services UK Limited, and the information and images it contains are strictly confidential and may not be altered or amended, copied, used or disclosed without the express permission of INEOS Commercial Services UK Limited.

OWNER REFERENCE

Technologies

PETRONAS RAPID PROJECT 350 kta LLDPE PLANT

Project

Package

RAPID

L20

Originator

INE

Discipline

Doc. Type

Unit n°

PRO

DES

3200

LICENSOR REFERENCE

Rev.

Project

Unit n°

Doc. Type

Doc. Code

Sequent. n°

61070F

3200

SP

-

011

Serial n°

0011 Page

1

5 / 24

SPECIFICATION INSTRUMENT AND PROCESS CONTROL PHILOSOPHY

2.

CONTROL AND PROTECTION SYSTEM REQUIREMENTS DCS system will consist of a number of controllers which will be configured to carry out the normal control of the plant. The field instrumentation, actuated valves and motor controls will be connected to the DCS controllers via field wiring and the DCS I/O system. Screens and keyboards will allow the panel operator to control and monitor the performance of the plant through process schematic displays, trends and alarms. A separate Safety Instrumented System (SIS) with its own instrumentation will protect the plant against major hazards. If APC is within the scope of the project then, a PC dedicated to the APC will be interfaced to the DCS. The DCS, SIS and other control equipment should be located in an air conditioned control building. Operator consoles should be located in the central control room. Other equipment including marshalling systems, controllers and I/O systems should be located in an associated equipment room.

2.1

RELIABILITY The control system and instrumentation must be of fail safe design. No single fault in controllers, operator interface, communications highway, power supplies or external interfaces should result in the loss of process control or loss of process visibility to the operators of any significant section of the plant. If any failure of an operator screen occurs then it must be possible to use an alternative without any need for reconfiguration. Operators and system engineers must be trained on the control system prior to the plant starting up.

2.2

DCS HARDWARE IMPLEMENTATION DCS controllers should be dual redundant. The total number of controllers for the plant will be dependent on the DCS system selected. For control purposes the plant must be divided into sections, each controlled by a single redundant pair of controllers containing all the regulatory control, sequences and DCS interlocks for that plant section. The sections of the plant must be defined to remain within controller loading constraints and to minimise peer to peer communication between controllers. Separate sections of the plant that can be operated independently of each other (e.g. reactor and extruder) should not share controllers. The effect of complex calculations, sequences and interfaces on controller loading must be taken into account. Control functions must be split between I/O cards to minimise the safety and process impact of any failure. The possibility of multiple control loops failing simultaneously due to I/O card failure must be assessed by the detailed engineering contractors HAZOP team to ensure that the design case for relief constraints or other protection limits are not breached.

© INEOS Commercial Services UK Limited. All rights reserved. This document is the property of INEOS Commercial Services UK Limited, and the information and images it contains are strictly confidential and may not be altered or amended, copied, used or disclosed without the express permission of INEOS Commercial Services UK Limited.

OWNER REFERENCE

Technologies

PETRONAS RAPID PROJECT 350 kta LLDPE PLANT

Project

Package

RAPID

L20

Originator

INE

Discipline

Doc. Type

Unit n°

PRO

DES

3200

LICENSOR REFERENCE

Rev.

Project

Unit n°

Doc. Type

Doc. Code

Sequent. n°

61070F

3200

SP

-

011

Serial n°

0011 Page

1

6 / 24

SPECIFICATION INSTRUMENT AND PROCESS CONTROL PHILOSOPHY 2.3

SIS HARDWARE IMPLEMENTATION The Safety Instrumented System (SIS) protects people, the plant and the environment against abnormal situations that result in serious risks and hazards requiring a higher degree of protection than the DCS system alone can provide. It forms a protection layer on top of the basic process control system, operator alarms and monitoring. The overall safety of the plant is dependent on all levels of protection functioning effectively. The system consists of field instrumentation and actuators, cabling and logic processors. A data link transfers information to the DCS system and the operator interacts with the SIS through the interlock displays on the DCS. The process measurements from SIS instrumentation, alarms and trip status are also available for use on the schematic displays. Hardwired push buttons are provided on the operator panel for SIS interlocks that can be manually initiated. During detailed engineering the safety instrumented system must be designed and proof test intervals defined to meet the required SIL rating and probability of failure on demand. The requirement to avoid spurious trips must also be considered. The SIS system must be implemented in accordance with IEC61508/61511. The notes below are for guidance. The SIS system should be independent of other layers of protection such as control scheme and pre alarms. If an instrument fails and gives a signal outside the normal process range the interlock must trip. The instrument range must be defined to be well beyond normal and abnormal expected process ranges. Where multiple instruments are used to measure the same process variable a discrepancy alarm should be raised in the DCS if they differ by a significant amount and the fault must be corrected. The entire protection system must be designed to be failsafe: de-energise or open circuit to trip. All input trip initiation signals and output trip actuation signals must be hardwired. Serial or other communication links for this duty must not be used. I/O must be allocated to I/O cards using the same principles as for the DCS I/O allocation. Any field or local starts must not be able to inhibit operation of any interlocks. All SIS instruments and valves should be powered from the SIS system power supply. During detailed engineering the data link to the DCS must be designed to have sufficient speed and reliability not to cause any impact on control sequences or loops. Signals that may impact on control should be hardwired to the DCS to give improved speed of response and reliability where required. All remotely operated on/off valves must have both open and closed limit switches (proximity type). Where switches are used in an interlock both open and closed switches should be connected to the

© INEOS Commercial Services UK Limited. All rights reserved. This document is the property of INEOS Commercial Services UK Limited, and the information and images it contains are strictly confidential and may not be altered or amended, copied, used or disclosed without the express permission of INEOS Commercial Services UK Limited.

OWNER REFERENCE

Technologies

PETRONAS RAPID PROJECT 350 kta LLDPE PLANT

Project

Package

RAPID

L20

Originator

INE

Discipline

Doc. Type

Unit n°

PRO

DES

3200

LICENSOR REFERENCE

Rev.

Project

Unit n°

Doc. Type

Doc. Code

Sequent. n°

61070F

3200

SP

-

011

Serial n°

0011 Page

1

7 / 24

SPECIFICATION INSTRUMENT AND PROCESS CONTROL PHILOSOPHY SIS. Where “not closed” is specified in the interlock description this means that the closed limit switch is not made or that the open limit switch is made and conversely for “not open”. The protection system interlocks must be active at all times. The majority of interlocks in the SIS are likely to be SIL1, which can normally be achieved using standard instruments and on/off valves or motors operating in a fail safe manner. Generally one sensor and one final element would be expected as a minimum for each interlock. Specific requirements are shown on PIDs. Higher integrity interlocks, SIL2 or 3, will require increased levels of redundancy and / or increased levels of diagnostics to ensure interlock integrity Using standard failsafe instrumentation a SIL2 interlock must continue to operate safely in the event of unsafe failure of any single component of the interlock. Generally a 2 out of 3 or 1 out of 2 voting system on sensors and a 1 out of 2 voting system on final elements would be expected. In this case (subject to interlock reliability analysis) it may be possible to use common instruments for control and interlock functions. Normally a middle of three selection would be carried out in the SIS with the result hardwired to the DCS for control. Specific requirements are shown on PIDs. A SIL3 interlock must remain safe following the unsafe failure of any two components and must normally be engineered independently of other control and interlock systems. The SIS logic solver must be certified by an appropriate regulatory authority (e.g. TÜV) as suitable for protection up to at least SIL3. 2.4

CONTROL SYSTEM INTERFACES Interfaces with the main DCS control system can communicate bulk data to or from other devices through a serial or specific digital connection. Interfaces may be required to the following items:  Plant wide management information system, if required by the Licensee  Plant data historian  Independent protection system (SIS)  Intelligent Motor Control Centre  Analyser systems  Package plant: e.g. extruder, weigh feeders, etc  Machinery monitoring systems: e.g. Bentley and Nevada systems  Weighing systems  Fire and gas system  Anti surge monitor systems  APC (if APC is within the contract scope) Where parameters are used in the basic level of control on the DCS they must not be transferred through an interface unless it has been engineered to be fault tolerant (redundant) and sufficiently reliable. The interface must be fast enough to achieve the required control functions. Particular care must be taken over the speed of interface between DCS and motor control centre, safety instrumented

© INEOS Commercial Services UK Limited. All rights reserved. This document is the property of INEOS Commercial Services UK Limited, and the information and images it contains are strictly confidential and may not be altered or amended, copied, used or disclosed without the express permission of INEOS Commercial Services UK Limited.

OWNER REFERENCE

Technologies

PETRONAS RAPID PROJECT 350 kta LLDPE PLANT

Project

Package

RAPID

L20

Originator

INE

Discipline

Doc. Type

Unit n°

PRO

DES

3200

LICENSOR REFERENCE

Rev.

Project

Unit n°

Doc. Type

Doc. Code

Sequent. n°

61070F

3200

SP

-

011

Serial n°

0011 Page

1

8 / 24

SPECIFICATION INSTRUMENT AND PROCESS CONTROL PHILOSOPHY system (SIS) and large vendor packages (e.g. extruder). The interface between the DCS and the APC does not need to be redundant. Diagnostic signals must inform the operator if any communications interface to the DCS fails. Detailed engineering must determine if any failsafe actions are required. 2.5

DCS CONFIGURATION

2.5.1

Regulatory Control The regulatory control forms the basic level of control that is required to operate the plant in a stable condition without undue operator action. The functionality should reside within the DCS controllers for the plant. The requirements for the standard non-complex items of regulatory control are defined by the standards within this document together with the PIDs and instrument data sheets. Complex regulatory controls requiring further definition are described in separate documents within the PDP volume 4.

2.5.1.1

General All tuning parameters including alarm settings, PID tuning parameters, filter constants, and sequence tuning parameters must be changeable from the operator console following the entry of a suitable supervisor password. It should be possible to enter simulated values for all process variables (PVs) from the operator screen following the entry of a supervisor password. All simulated signals must be clearly indicated (as simulated) on the display and it must be possible to generate a list of simulated variables. All basic control points should be executed at a frequency of 1s or faster. In the event of a DCS failure all outputs should go to failsafe positions (after a short time delay if the DCS has such facilities).

2.5.1.2

Analogue inputs Analogue input should have the following characteristics Resolution of 3 or 4 significant figures, with a maximum of 4 figures before decimal point or 3 after. First order input filter to remove noise adjustable on line – default filter time 0s High and low alarm facilities – to be disabled by default Alarm hysteresis – 1% of range by default

© INEOS Commercial Services UK Limited. All rights reserved. This document is the property of INEOS Commercial Services UK Limited, and the information and images it contains are strictly confidential and may not be altered or amended, copied, used or disclosed without the express permission of INEOS Commercial Services UK Limited.

OWNER REFERENCE

Technologies

PETRONAS RAPID PROJECT 350 kta LLDPE PLANT

Project

Package

RAPID

L20

Originator

INE

Discipline

Doc. Type

Unit n°

PRO

DES

3200

LICENSOR REFERENCE

Rev.

Project

Unit n°

Doc. Type

Doc. Code

Sequent. n°

61070F

3200

SP

-

011

Serial n°

0011 Page

1

9 / 24

SPECIFICATION INSTRUMENT AND PROCESS CONTROL PHILOSOPHY Out of range / hardware failure alarm facilities – to be indication only by default Historisation – minimum every 5s 2.5.1.3

Controllers Controllers should have the following characteristics: Features of an analogue input Out of range / hardware failure alarm facilities – to be low priority by default On failure of the input signal the controller should switch to manual mode. In Manual mode the SP should track the PV value to allow bumpless switch between manual and auto. Adjustable setpoint and output limits – to be configured at maximum range by default Windup prevention – If controller output hits an output limit then integral action must be stopped to prevent unnecessary controller windup. The master controller in a cascade control scheme should be output limited if the slave controller hits a setpoint limit. Initialisation – If a slave controller in a cascade control scheme is in manual or automatic instead of cascade then the output of the master controller should track the setpoint of the slave controller to allow bumpless switch between auto or manual and cascade. It should be possible to change all alarm and limit settings by online calculation. Historisation of SP, PV and OP – minimum every 5s

2.5.1.4

Discrete input A discrete input should have the following characteristics: State change alarm – to be disabled as default Historisation minimum every 5s

2.5.1.5

Motors Motors that are controlled from the DCS should have the following characteristics: Setpoint (SP) manipulated by the operator or automatic control Indicate running/stopped status (PV) to the DCS from the motor starter.

© INEOS Commercial Services UK Limited. All rights reserved. This document is the property of INEOS Commercial Services UK Limited, and the information and images it contains are strictly confidential and may not be altered or amended, copied, used or disclosed without the express permission of INEOS Commercial Services UK Limited.

OWNER REFERENCE

Technologies

PETRONAS RAPID PROJECT 350 kta LLDPE PLANT

Project

Package

RAPID

L20

Originator

INE

Discipline

Doc. Type

Unit n°

PRO

DES

3200

LICENSOR REFERENCE

Rev.

Project

Unit n°

Doc. Type

Doc. Code

Sequent. n°

61070F

3200

SP

-

011

Serial n°

0011 Page

1

10 / 24

SPECIFICATION INSTRUMENT AND PROCESS CONTROL PHILOSOPHY Both SP and PV must be displayed on the operator screen in schematic form. Failure alarm raised if the SP and PV do not match after a time period (~5s) Default low priority. Historisation of PV – minimum every 5s 2.5.1.6

Valves On/off valves should have the following characteristics: Setpoint (SP) manipulated by the operator or automatic control One open and one closed limit switch indicating position (PV) Both SP and PV must be displayed on the operator screen in schematic form. Failure alarm raised if the SP and PV do not match after a time period (~5s) Default low priority.

2.5.2

Sequences Sequences carry out actions that it would be impractical for the operator to carry out due to frequency of or number of actions required. The functionality should reside within the DCS controllers for the plant. They should execute at sufficient speed to achieve the process requirements. This is particularly critical for the withdrawal sequence and the agglomerate detection on rotary valves sequence. Sequences are defined in additional documents in the PDP volume 4. The detailed sequence descriptions in the PDP form the basis of a functional design specification for the DCS vendor, but require further development to include the correct response to DCS hardware failures etc The sequences are broken down into a number of named steps carrying out specific process activity. Each step is broken down into a set of actions described by pseudo code or sequential function charts (SFC). Each sequence performs prestart checks, where required, to ensure that process conditions and equipment line-ups are suitable for the sequence to start. All controllers and equipment used by the sequence are put into program mode during the prestart phase of the sequence. This should prevent the operator from manipulating these items of equipment while the sequence is running. Each sequence must have a failure monitor to detect abnormal process events or equipment failures that would prevent the sequence from operating successfully. On detection of a failure condition, the sequence must drive the plant to a predefined safe condition and then produce a clear message

© INEOS Commercial Services UK Limited. All rights reserved. This document is the property of INEOS Commercial Services UK Limited, and the information and images it contains are strictly confidential and may not be altered or amended, copied, used or disclosed without the express permission of INEOS Commercial Services UK Limited.

OWNER REFERENCE

Technologies

PETRONAS RAPID PROJECT 350 kta LLDPE PLANT

Project

Package

RAPID

L20

Originator

INE

Discipline

Doc. Type

Unit n°

PRO

DES

3200

LICENSOR REFERENCE

Rev.

Project

Unit n°

Doc. Type

Doc. Code

Sequent. n°

61070F

3200

SP

-

011

Serial n°

0011 Page

1

11 / 24

SPECIFICATION INSTRUMENT AND PROCESS CONTROL PHILOSOPHY indicating the cause of failure. All equipment/controllers should be released automatically to allow the operator to take any necessary actions. The operator must be able to easily identify the cause of the failure and restart the sequence at an appropriate point once the fault has been cleared. On restart or recovery all equipment and controllers should be returned to program mode (or equivalent) to prevent changes by the operator. The failure conditions and actions and recovery actions must be further developed during detailed engineering. All parameters used by sequences should be alterable on-line by the engineer, without the need to restart the sequence. 2.6

INTERLOCK FUNCTIONALITY Interlocks protect the plant, personnel and the environment in the event of abnormal situations. Such situations may occur through equipment or control failure or operator error or process upset. Interlocks with a low integrity requirement should be implemented in the DCS system. Where a higher integrity is required (SIL1 or above) then the interlocks must be implemented within a separate safety instrumented system (SIS). (See section on SIS hardware implementation) The preliminary allocation of interlocks to SIS and DCS is defined on the PIDs. This allocation must be reviewed during detailed engineering. The interlocks are marked on the PIDs and a separate document in the PDP gives a description of the function of each interlock. Interlocks have been separated into those to be implemented on the DCS and those to be implemented on the SIS based on preliminary SIL calculations. Interlocks to be implemented in the SIS are marked „I-xxxx-S‟ on the PID and those to be implemented on the DCS are marked „I-xxxx-O‟.

2.6.1

SIS Interlock The SIS system must be designed in accordance with IEC61508/61511. Interlock reviews must be carried out during detailed engineering taking account of local conditions to determine the required integrity level (SIL) and probability of failure on demand (PFD) for each interlock conditions to satisfy local and international regulations. Each interlock must then be designed to meet these integrity and reliability requirements. The SIL levels specified in the PDP in volume 4 – interlock description - are based on generic safety hazards without regard to local conditions and practices. The interlocks must be designed to meet these integrity levels as a minimum. Local safety, environmental or commercial issues or specific issues resulting from detailed design or identified in interlock reviews may require integrities higher than those specified and these must be considered during detailed engineering. Any interlocks specified for machinery protection or required as part of vendor packages should be installed within the SIS if the integrity requirements are SIL1 or above. Each interlock consists of input conditions, interlock logic, and outputs.

© INEOS Commercial Services UK Limited. All rights reserved. This document is the property of INEOS Commercial Services UK Limited, and the information and images it contains are strictly confidential and may not be altered or amended, copied, used or disclosed without the express permission of INEOS Commercial Services UK Limited.

OWNER REFERENCE

Technologies

PETRONAS RAPID PROJECT 350 kta LLDPE PLANT

Project

Package

RAPID

L20

Originator

INE

Discipline

Doc. Type

Unit n°

PRO

DES

3200

LICENSOR REFERENCE

Rev.

Project

Unit n°

Doc. Type

Doc. Code

Sequent. n°

61070F

3200

SP

-

011

Serial n°

0011 Page

1

12 / 24

SPECIFICATION INSTRUMENT AND PROCESS CONTROL PHILOSOPHY

Any live analogue values used in the SIS and the trip status of inputs and outputs must be transmitted to the DCS for display and alarm. This alarm should be shown on the relevant schematic display and on the interlock display.

2.6.2

DCS Interlock The functional requirements for DCS interlocks are identical to those for the SIS (See SIS interlock section) The interlocks must function at all times, regardless of whether the plant item involved is being driven by a sequence or is in manual or local mode. The logic for DCS interlocks should scan at 1s maximum.

2.6.3

Resets The reset philosophy is common for the SIS and DCS interlocks. The licensee must have a safe method for managing interlock resets following a trip. This must consider both the design of the interlocks and the procedure for operating them to ensure that the operator can recover from a trip in a safe and controlled manner.

2.6.3.1

Interlocks with Manual Reset Each trip output must have a separate manual reset (except those with auto reset). When the interlock trips, the equipment must remain in the tripped state until reset.

2.6.3.2

Interlocks with Automatic Reset Where auto reset is specified on the interlock (refer to Process Interlock Description within the PDP volume 4) the interlock must be reset automatically when the trip causes are healthy and then may be operated by the DCS / operator.

2.6.4

Overrides The override philosophy is common for the SIS and DCS interlocks. The differences (if any) are identified in the following text. The licensee must have a policy for controlling and minimising the application of overrides to ensure that the plant is operated safely.

© INEOS Commercial Services UK Limited. All rights reserved. This document is the property of INEOS Commercial Services UK Limited, and the information and images it contains are strictly confidential and may not be altered or amended, copied, used or disclosed without the express permission of INEOS Commercial Services UK Limited.

OWNER REFERENCE

Technologies

PETRONAS RAPID PROJECT 350 kta LLDPE PLANT

Project

Package

RAPID

L20

Originator

INE

Discipline

Doc. Type

Unit n°

PRO

DES

3200

LICENSOR REFERENCE

Rev.

Project

Unit n°

Doc. Type

Doc. Code

Sequent. n°

61070F

3200

SP

-

011

Serial n°

0011 Page

1

13 / 24

SPECIFICATION INSTRUMENT AND PROCESS CONTROL PHILOSOPHY Overrides on interlocks will be required to allow maintenance and testing. The interlocks must be designed so that overrides are not required during any normal process activities including startup and shutdown. There should be override facilities available on each input and output. If there is an override it should not disable any associated alarm on the input. Any applied SIS and DCS override should be shown clearly against the relevant input or final actuation device on both the schematic display and the interlock display of the DCS screen and recorded in the DCS event log. If available on the DCS the received PV of the actuating device (valve or motor) should be shown on the interlock display. SIS overrides should be applied to and removed from the SIS system from the DCS interlock displays and transmitted over a data link to the SIS system. In order to prevent the overrides being applied by mistake a separate hardwired „permit overrides‟ button on the operator panel must be pressed by the operator before an override is applied. This button is wired directly to the SIS and initiates a 2 minutes timer within the SIS. New overrides can be applied from the DCS during this time only. The button should be keylocked. This button has no effect on the ability of the operators to remove overrides or reset interlocks from the DCS. The second „remove SIS overrides‟ push button on the operator panel, hardwired to the SIS, is required to allow the operator to remove all overrides. This is to ensure that the plant can be put in a safe state in the event of a failure of the data link between the DCS and the SIS. Both of these buttons must be designed to be failsafe. There may be multiple pairs of buttons covering different sections of the plant. There is no requirement for an independent override permit button for DCS interlocks. 2.7

OPERATOR INTERFACE The primary operator interface for the plant is the DCS terminals. These allow the panel operator to monitor and control the plant through operating schematics, alarms and trends. It also provides the primary interface for the operator to interact with the Safety Instrumented System A separate panel for emergency stop buttons is used for functions that are required to allow the plant to be put into a safe state independently of the DCS system. A separate operator station with screens and panel will be required for each major area of the plant (See section Operator interface and panel for details) All aspects of the interface must be designed to be as clear and simple as possible in order to minimise the risk of operator error.

© INEOS Commercial Services UK Limited. All rights reserved. This document is the property of INEOS Commercial Services UK Limited, and the information and images it contains are strictly confidential and may not be altered or amended, copied, used or disclosed without the express permission of INEOS Commercial Services UK Limited.

OWNER REFERENCE

Technologies

PETRONAS RAPID PROJECT 350 kta LLDPE PLANT

Project

Package

RAPID

L20

Originator

INE

Discipline

Doc. Type

Unit n°

PRO

DES

3200

LICENSOR REFERENCE

Rev.

Project

Unit n°

Doc. Type

Doc. Code

Sequent. n°

61070F

3200

SP

-

011

Serial n°

0011 Page

1

14 / 24

SPECIFICATION INSTRUMENT AND PROCESS CONTROL PHILOSOPHY Other aspects of the operator environment such as control room layout, lighting, and location of telephones and radios must also be designed to minimise impact on operations. 2.7.1

Displays The DCS displays should consist of plant schematics which allow the operator to monitor the plant. All measurements shown on the PIDs or developed in detailed design, including those from separate vendors‟ instrumentation packages, should be available on the displays. An overview display must be configured to allow the operator to monitor all the most important variables on the plant on one screen. Schematic displays should be configured to monitor each plant area and to facilitate specific process operations (e.g. feed treatment, compressor start-up). Each of these displays should be designed to contain the appropriate information to minimise the need for operators to switch between displays. The process flow of the schematic should generally be from left to right and/or from top to bottom. Interlock displays should be configured for interacting with the interlocks. The preferred format for these displays is a cause and effect chart. The displays for the independent protection system must be separate from the displays for the DCS interlocks, but should include similar information. Complex control schemes and calculations should have dedicated displays to allow the full control scheme to be inspected. The preferred format for these is flow diagrams showing the flow of the calculations involved. The displays should be designed to be as simple and intuitive as possible. They should not based on PID drawings. Particular attention should be made to making display standards consistent, minimising unnecessary or repeated information and making navigation between displays simple. The call up time for schematics and associated live data must be less than 2 seconds.

2.7.2

Historical data and trend displays The historical data and trending system is used to monitor plant performance in real time and for analysing historical plant performance and incidents. All analogue and discrete measurements, controller setpoints and outputs, calculated variables and motor and valve conditions should be recorded into the history database. Data must be sampled at a minimum of 5s and retained for a minimum of 1 week. Some variables may need to be sampled more frequently depending on their process requirements. Any data compression must be designed not to impact data quality.

© INEOS Commercial Services UK Limited. All rights reserved. This document is the property of INEOS Commercial Services UK Limited, and the information and images it contains are strictly confidential and may not be altered or amended, copied, used or disclosed without the express permission of INEOS Commercial Services UK Limited.

OWNER REFERENCE

Technologies

PETRONAS RAPID PROJECT 350 kta LLDPE PLANT

Project

Package

RAPID

L20

Originator

INE

Discipline

Doc. Type

Unit n°

PRO

DES

3200

LICENSOR REFERENCE

Rev.

Project

Unit n°

Doc. Type

Doc. Code

Sequent. n°

61070F

3200

SP

-

011

Serial n°

0011 Page

1

15 / 24

SPECIFICATION INSTRUMENT AND PROCESS CONTROL PHILOSOPHY Alarms and operator actions must be recorded into an event long with a resolution of 1s minimum and be retained for a minimum of 1 week. A set of predefined trends associated with each main display should be configured to assist the operator in monitoring the plant. The system must allow the operator to define new trends as necessary for operational conditions with the variables and ranges required without loss of information. All variables should be available to be trended at all operating positions. The licensee may require an additional plant information system interfaced to the DCS that provides plant data to engineers for analysis over the factory IT system. 2.7.3

Alarms Alarms are the primary means of alerting the panel operator to events which require manual intervention. They are a key element in assuring the safety and reliability of the plant. The PIDs detail the primary process alarms required. Additional alarm points associated with package plant and other systems must be specified during detailed engineering. During detailed engineering an alarm review must be carried out to determine the priority of each alarm. INEOS Technologies recommends three levels of annunciated alarm priorities (Emergency, high and low). The numbers of higher priority alarms must be small compared to lower priority alarms. The priority should be determined by the necessary speed of response and the consequences of the operator failing to respond. The number of alarms must be kept to the minimum necessary, by avoiding unnecessary duplication of alarms for a single event and removing alarms that require no immediate action by the operator. The alarm system must be well designed and maintained otherwise the safety of the plant may be at risk. The alarm system must be designed to allow the operator to navigate quickly to the schematic display showing the alarm. All alarms should require acknowledgement by the panel operator. The DCS system must provide an alarm summary display that allows alarms to be sorted in alarm priority or chronological order. The alarms generated by the safety instrumented system must be displayed in the DCS. First up alarms should be clearly identified for operator. All alarms should be presented to the operator within 3 seconds of the alarm being detected by the instrument.

© INEOS Commercial Services UK Limited. All rights reserved. This document is the property of INEOS Commercial Services UK Limited, and the information and images it contains are strictly confidential and may not be altered or amended, copied, used or disclosed without the express permission of INEOS Commercial Services UK Limited.

OWNER REFERENCE

Technologies

Project

Package

RAPID

L20

Originator

INE

Discipline

Doc. Type

Unit n°

PRO

DES

3200

LICENSOR REFERENCE

PETRONAS RAPID PROJECT 350 kta LLDPE PLANT

Rev.

Project

Unit n°

Doc. Type

Doc. Code

Sequent. n°

61070F

3200

SP

-

011

Serial n°

0011 Page

1

16 / 24

SPECIFICATION INSTRUMENT AND PROCESS CONTROL PHILOSOPHY The licensee must have a procedure for managing and safely eliminating spurious alarms in order to keep the alarm frequency down to a level where the operator can effectively respond. 2.7.4

Operator interface and panel It is recommended that the control room equipment be grouped in three sections as follows: Polymerisation: Finishing: Engineering facilities:

4 screens minimum 2 screens minimum See main document.

The number of screens required should be reviewed following DCS selection, taking into account the requirement for backup facilities. A single keyboard may be used for two screens. Additional screens may be beneficial during the commissioning period. A hardwired panel contains facilities which are required to be independent of the DCS system. These include emergency buttons to put the reaction into a safe state by isolating feeds and killing reaction in the event of a DCS failure and buttons to permit interlock overrides to be applied to the SIS. The status of these buttons should be recorded in the DCS event log. These are described further in the overrides section of this document and the interlock descriptions section of the PDP volume 4. 2.8

SECURITY A security system – either, password or keylock and appropriate security policy must be in place to prevent unauthorised or accidental modifications to the DCS or SIS parameters. Appropriate protection measures must be put in place to guard against computer viruses and unauthorized access over computer network Suitable software back-up facilities should be provided.

2.9

ENGINEERING FACILITIES For the commissioning and maintenance of the control system an Engineer's console should be located in a separate room adjacent to the control room. The Engineer‟s console may be used as an additional operating console. It should consist of: - a screen and keyboard which duplicates the function of the operator station - a colour printer used for printing out screens and program listings - a screen and keyboard for the DCS configuration workstation. This equipment may be combined depending on the selected DCS manufacturer's approach to software configuration.

© INEOS Commercial Services UK Limited. All rights reserved. This document is the property of INEOS Commercial Services UK Limited, and the information and images it contains are strictly confidential and may not be altered or amended, copied, used or disclosed without the express permission of INEOS Commercial Services UK Limited.

OWNER REFERENCE

Technologies

PETRONAS RAPID PROJECT 350 kta LLDPE PLANT

Project

Package

RAPID

L20

Originator

INE

Discipline

Doc. Type

Unit n°

PRO

DES

3200

LICENSOR REFERENCE

Rev.

Project

Unit n°

Doc. Type

Doc. Code

Sequent. n°

61070F

3200

SP

-

011

Serial n°

0011 Page

1

17 / 24

SPECIFICATION INSTRUMENT AND PROCESS CONTROL PHILOSOPHY Other equipment for configuring the safety system, PLCs and analysers etc. should also be located in the engineers‟ room 2.10 EARTHING AND LIGHTNING PROTECTION Earthing and lightning protection for the instrumentation system, including the DCS and plant protection system, must be in accordance with the DCS vendors practice. In addition, the earthing requirements as specified by the certifying authority for intrinsic safety systems must be followed. 2.11 ADVANCED PROCESS CONTROL (APC) If specified, APC is defined in an additional document in the PDP volume 4. APC allows automatic optimisation of plant performance. Additional calculations determine plant and /or product parameters that allow the operator to manually optimise the operation of the plant. It is not required for the basic plant operation. The functionality will reside in a separate PC communicating with the DCS.

© INEOS Commercial Services UK Limited. All rights reserved. This document is the property of INEOS Commercial Services UK Limited, and the information and images it contains are strictly confidential and may not be altered or amended, copied, used or disclosed without the express permission of INEOS Commercial Services UK Limited.

OWNER REFERENCE

Technologies

PETRONAS RAPID PROJECT 350 kta LLDPE PLANT

Project

Package

RAPID

L20

Originator

INE

Discipline

Doc. Type

Unit n°

PRO

DES

3200

LICENSOR REFERENCE

Rev.

Project

Unit n°

Doc. Type

Doc. Code

Sequent. n°

61070F

3200

SP

-

011

Serial n°

0011 Page

1

18 / 24

SPECIFICATION INSTRUMENT AND PROCESS CONTROL PHILOSOPHY

3.

INSTRUMENTATION

3.1

GENERAL Instrumentation supplied with package units should also follow these requirements. The use of local mounted indicating only instrumentation should be kept to a minimum; the PIDs show the minimum requirements of INEOS Technologies. Measuring systems should use smart transmitters where possible, fitted with a local indicator displaying in engineering units. Process switches for alarms and trips should be avoided. Temperature measurements should use locally mounted transmitters and RTD sensors unless otherwise specified. In plant areas where hydrocarbon gas may condense under normal ambient temperature conditions, transmitters should be installed so that the instrument impulse pipe work is free draining, heat traced and insulated to stop condensation from occurring anywhere in the impulse pipe work. Differential pressure transmitters should be used for measuring liquid levels. On hydrocarbon service, the low pressure connection should be kept dry, by heat tracing. All instruments installed on vessels or pipe work containing dry powder, must have sintered metal filters installed in the pipe connection to the instrument. If tuning fork level detectors are installed on vessels containing powder they must slope downwards if installed on the side of the vessel. Top mounted is the preferred method. Smart positioners should be fitted to all control valves. Where split range control valve operation is identified on the PIDs, this must be performed in the DCS. Flow control loops on pulsating services (e.g. flow meters located at dosing pumps discharge, noted on instrument datasheets in volume 5) must be carefully designed to eliminate noise on flow signals, meet accuracy requirement and minimize dead times. The detailed engineering contractor must ensure that the over size factors applied to the sizing of control valves are such that the minimum flows specified in the instrument process data sheets can be easily achieved within the normal rangeability of the selected control valve. Shut-off class for control valves and on/off valves are specified to be consistent with ANSI/FCI 70.2 and API 598 respectively. The valves must be fail safe for both electrical and instrument air failure, the PIDs and valve PDS indicating the failure action. Valves are usually spring return. Valves that are also connected to the plant protection system should be fitted with a solenoid valve, which is de-energized to force the valve to the failure position. Remotely operated on/off valves should be fitted with open and close proximity switches. Safety relief valves should be sized and installed in accordance with API 520 and 521.

© INEOS Commercial Services UK Limited. All rights reserved. This document is the property of INEOS Commercial Services UK Limited, and the information and images it contains are strictly confidential and may not be altered or amended, copied, used or disclosed without the express permission of INEOS Commercial Services UK Limited.

OWNER REFERENCE

Technologies

PETRONAS RAPID PROJECT 350 kta LLDPE PLANT

Project

Package

RAPID

L20

Originator

INE

Discipline

Doc. Type

Unit n°

PRO

DES

3200

LICENSOR REFERENCE

Rev.

Project

Unit n°

Doc. Type

Doc. Code

Sequent. n°

61070F

3200

SP

-

011

Serial n°

0011 Page

1

19 / 24

SPECIFICATION INSTRUMENT AND PROCESS CONTROL PHILOSOPHY Restriction orifice plates, non-return valves and piping elements that are used to restrict the flow rate to be relieved by a safety device must be clearly identified by the engineering contractor, and displayed on the list of plant safety devices. Electrically powered equipment including motors, Transmitters and all electrically powered field instrumentation should be protected to IP55 minimum. In flammable gas area all transmitters and all electrically powered field instrumentation should be certified suitable for installation in zone 1 or zone 2. In areas where combustible dust is a hazard, the equipment should be certified as suitable for installation in zone 22 or zone 21 areas, as identified on the drawings. In dust hazard areas the equipment must have the appropriate IP rating and temperature class. In an area where both flammable gas and combustible dust hazards are present, all transmitters and all electrically powered field instrumentation should be certified for installation in both zone 1 or 2 and zone 21 or 22. The zone definition should be in accordance with IEC60079-10. Requirements for specific instruments are contained in the Engineering Manual and instrument datasheets in volume 5. 3.2

FIELDBUS Foundation Fieldbus or Profibus may be used for communication links between the field instrumentation and the DCS. The communication links between the field instrumentation and the SIS must be via conventional 4 -20 mA, and digital on/off signals. Electric motor controls may also communicate with the DCS via a fieldbus link. A single vendor should be responsible for the complete system that includes the DCS, the field instrumentation wherever possible, and the fieldbus design and operation. Fieldbus must be of fail safe design. Loss of communications or power must cause the valve(s) to travel to their fail-safe position. The fieldbus, including power supplies and cards, must be fully redundant for process control, and process sequence operations; no single failure should result in the loss of more than one control loop, or the operator‟s ability to access the plant or parts of the plant. In the event of a failure of a measuring element or transmitter it must still be possible for the operator to move the position of the control valve from the DCS. Basic regulatory control may be performed in the field, but the transmitter and associated control valve must be on the same cable spur. Communication between cable spurs must be avoided for process control. The higher level controls that involve the primary elements of cascade or advanced controls must be performed in the DCS. At least 30% spare capacity must exist on each spur at the time of plant start up. The fieldbus communications for the very fast operating sequences and field devices identified elsewhere in the PDP volume 4 must be such that there is no deterioration in the performance of the sequences, otherwise conventional wiring links must be used instead.

© INEOS Commercial Services UK Limited. All rights reserved. This document is the property of INEOS Commercial Services UK Limited, and the information and images it contains are strictly confidential and may not be altered or amended, copied, used or disclosed without the express permission of INEOS Commercial Services UK Limited.

OWNER REFERENCE

Technologies

PETRONAS RAPID PROJECT 350 kta LLDPE PLANT

Project

Package

RAPID

L20

Originator

INE

Discipline

Doc. Type

Unit n°

PRO

DES

3200

LICENSOR REFERENCE

Rev.

Project

Unit n°

Doc. Type

Doc. Code

Sequent. n°

61070F

3200

SP

-

011

Serial n°

0011 Page

1

20 / 24

SPECIFICATION INSTRUMENT AND PROCESS CONTROL PHILOSOPHY 3.3

INSTRUMENT/CONTROL POWER/AIR SUPPLY

3.3.1

Power supply All instruments, control and safety systems must be provided with a secure uninterruptible power supply (UPS), with at least 30 minutes of battery backup to allow safe shutdown of the plant in the event of a major power failure All UPS systems must have fault alarms on the DCS and be regularly tested to ensure static switch operation and the actual battery capacity. Failure of the normal feed to a distribution board should be alarmed in the DCS. Dual redundant items of equipment should have separate electrical supplies. If smart devices are installed in the Electrical (MCC) switchgear, then these devices should be powered from a UPS with 30 minutes capacity. A separate UPS may be required for the plant communications system; the Licensee and detailed engineering contractor should determine the requirements. Refer to the Electrical section of the PDP volume 1 for further details of the electrical supply requirement.

3.3.2

Instrument air Refer to the utility summary section for the PDP in volume 1. The plant should have at least 30 minutes spare capacity (provided from Battery limit) in the event of a major site air supply failure.

4.

ANALYSERS Refer to the analyser datasheets in volume 5 for details of analysers.

5.

FIRE AND GAS DETECTION Refer to the Safety Guidelines document for fire and gas detection requirements in volume 1.

© INEOS Commercial Services UK Limited. All rights reserved. This document is the property of INEOS Commercial Services UK Limited, and the information and images it contains are strictly confidential and may not be altered or amended, copied, used or disclosed without the express permission of INEOS Commercial Services UK Limited.

OWNER REFERENCE

Technologies

PETRONAS RAPID PROJECT 350 kta LLDPE PLANT

Project

Package

RAPID

L20

Originator

INE

Discipline

Doc. Type

Unit n°

PRO

DES

3200

LICENSOR REFERENCE

Rev.

Project

Unit n°

Doc. Type

Doc. Code

Sequent. n°

61070F

3200

SP

-

011

Serial n°

0011 Page

1

21 / 24

SPECIFICATION INSTRUMENT AND PROCESS CONTROL PHILOSOPHY

6.

PACKAGE INSTRUMENTATION AND CONTROL The vendor must provide functional specifications for control schemes and all instruments required for control, monitoring and protection of the package. These must be adequate to allow the package to be started-up, operated (including fault finding) and shutdown in a safe and reliable manner. The specifications must provide sufficient information to allow the control and protection systems to be configured in the plant DCS and safety systems if required. All control and instrumentation must be designed and installed in accordance with the principles defined in Instrument and Process Control Philosophy. This document must be provided to the package vendor. As a minimum instruments shown on the PIDs must be included. Any exceptions must be approved by INEOS Technologies. The functional specifications for control must include the following: Regulatory control schemes required for the normal operation of the package including any controls required to start-up or shutdown the package. Alarms and the associated settings where required to alert the operator to carry out actions preventing a hazard, equipment damage or unwanted process condition. This specification must include details of the hazard protected against and the actions to be taken. Interlocks and the associated settings required to protect against abnormal situations leading to a safety hazard, equipment damage or unwanted process condition. This specification must include details of the hazard protected against. Interlocks must function separately from any control or sequence (e.g. if a startup sequence is disabled then the interlock must remain operational). Sequences where required to facilitate the startup or shutdown or other routine operation of the package. It is vendor‟s responsibility to specify any required interlocks to mitigate any known or foreseeable hazard and to ensure integrity Generic hazards have been identified in INEOS Technologies Technical Documentation (e.g. Interlock Description, Safety Guidelines, HSE report, comments to HAZOP review report if any, etc…). However, all hazards must be identified and associated protective measures fully developed by detailed engineering and package vendor The interlocks and controls covering “Ineos Technologies” specific process hazards are described in the PDP volume 2 and volume 4. All interlocks must be designed to comply with IEC61508/61511. A review must be carried out by the DE contractor with the licensee and the vendor to determine the safety integrity levels of interlocks. The interlocks must be designed to meet the safety integrity levels.

© INEOS Commercial Services UK Limited. All rights reserved. This document is the property of INEOS Commercial Services UK Limited, and the information and images it contains are strictly confidential and may not be altered or amended, copied, used or disclosed without the express permission of INEOS Commercial Services UK Limited.

OWNER REFERENCE

Technologies

PETRONAS RAPID PROJECT 350 kta LLDPE PLANT

Project

Package

RAPID

L20

Originator

INE

Discipline

Doc. Type

Unit n°

PRO

DES

3200

LICENSOR REFERENCE

Rev.

Project

Unit n°

Doc. Type

Doc. Code

Sequent. n°

61070F

3200

SP

-

011

Serial n°

0011 Page

1

22 / 24

SPECIFICATION INSTRUMENT AND PROCESS CONTROL PHILOSOPHY Control and interlocks may be integrated into the DCS and SIS or remain separate in the vendor‟s Control and Interlock Systems (refer to packages process data sheets for specific requirements). If the control and interlocks remain in the vendor's Control and Interlock Systems they must be interfaced to the DCS. All process information from instruments and control must be available on the DCS.

7.

MOTOR CONTROL Intelligent motor control modules are preferred. Where these are used the detailed engineering contractor should ensure that a secure redundant software link is provided to interface the intelligent modules with the DCS. It must be a fast link displaying motor status change within 3 seconds. The contractor must ensure that the link is fast enough to perform an automatic start of spare equipment without inducing process shutdown. Remote and local commands are shown on PIDs. Motors that are powered at high voltage should have their power consumption displayed on the DCS. The recommended electrically powered equipment protection is described in the section Instrumentation/General of this document.

© INEOS Commercial Services UK Limited. All rights reserved. This document is the property of INEOS Commercial Services UK Limited, and the information and images it contains are strictly confidential and may not be altered or amended, copied, used or disclosed without the express permission of INEOS Commercial Services UK Limited.

OWNER REFERENCE

Technologies

PETRONAS RAPID PROJECT 350 kta LLDPE PLANT

Project

Package

RAPID

L20

Originator

INE

Discipline

Doc. Type

Unit n°

PRO

DES

3200

LICENSOR REFERENCE

Rev.

Project

Unit n°

Doc. Type

Doc. Code

Sequent. n°

61070F

3200

SP

-

011

Serial n°

0011 Page

1

23 / 24

SPECIFICATION INSTRUMENT AND PROCESS CONTROL PHILOSOPHY

8.

DCS/SIS PROJECT ENGINEERING The design, implementation, testing and commissioning of the control system must be carefully controlled in order to avoid future operational problems and safety hazards.

8.1

DESIGN A Functional Design Specification (FDS) must be developed by the detailed engineering contractor and system supplier(s). This should include functionality for all standard components (e.g. PID controller, valve, interlock etc and standard requirements for display characteristics and navigation, philosophies for alarm handling, trends, security etc) and detailed specifications for all control, sequence and interlocks, interfaces, instrument ranges, trip and alarm settings, spares/expansion philosophy. Where control of package equipment is included in the DCS the package system vendor should be involved in the relevant sections of the FDS design. This is particularly important for the complex packages such as extruders. The relevant output from HAZOPS, SIL reviews and alarm reviews should be included in the FDS.

8.2

TESTING The supplier of the DCS must pre-test the software against the FDS. The detailed engineering contractor/licensee must test the software at a factory acceptance test (FAT). This testing of the DCS may be done in several stages covering: Generic standards testing: This should cover generic system software components and philosophies. It should be carried out before these standards are used for bulk configuration. Hardware and standard components: This should cover all system hardware, I/O testing, interfaces to other systems and all non complex controls, indications and displays. All interfaces to the DCS / SIS system must be tested. It may be possible to ship the bulk of the DCS system to site following completion of this stage of testing if the remaining testing can be completed without it. Complex controls: This should cover all interlocks, complex control schemes and, sequences and their associated displays. A simple simulation may be required to effectively test these controls. Where there is significant complexity in package equipment control the vendor should be present for the testing.

© INEOS Commercial Services UK Limited. All rights reserved. This document is the property of INEOS Commercial Services UK Limited, and the information and images it contains are strictly confidential and may not be altered or amended, copied, used or disclosed without the express permission of INEOS Commercial Services UK Limited.

OWNER REFERENCE

Technologies

PETRONAS RAPID PROJECT 350 kta LLDPE PLANT

Project

Package

RAPID

L20

Originator

INE

Discipline

Doc. Type

Unit n°

PRO

DES

3200

LICENSOR REFERENCE

Rev.

Project

Unit n°

Doc. Type

Doc. Code

Sequent. n°

61070F

3200

SP

-

011

Serial n°

0011 Page

1

24 / 24

SPECIFICATION INSTRUMENT AND PROCESS CONTROL PHILOSOPHY The detailed design contractor is responsible for the overall consistency of the integrated control system and of the fulfilment of all requirements for the overall plant control. 8.3

INEOS TECHNOLOGIES REQUIREMENTS In order to ensure that INEOS Technologies design and safety requirements are met certain documents must be supplied for review. Refer to PDP volume 1 for documents to be reviewed by INEOS Technologies during detailed engineering. INEOS Technologies may attend the FAT for DCS and SIS. An engineer who was involved with the control system design and configuration from the DCS vendor should be on site during the commissioning period of the plant. The licensee must have a trained engineer responsible for commissioning and operation of the control systems.

8.4

LIST OF INSTRUMENTATION VENDORS List of instrument vendors for some items (e.g. withdrawal valves…) are included in the PDP volume 1.

© INEOS Commercial Services UK Limited. All rights reserved. This document is the property of INEOS Commercial Services UK Limited, and the information and images it contains are strictly confidential and may not be altered or amended, copied, used or disclosed without the express permission of INEOS Commercial Services UK Limited.