192 Yer Pe I35 0008

Yanbu Export Refinery Project
PROJECT DESIGN BASIS 192B.1 SPECIFICATIONS - Project Specification For Alarm Management System (ALMS) Document No.: 192-YER-PE-I35-0008 Revision No.: FF Issue Date: 28 April 2008
TABLE OF CONTENTS 1.0 2.0 3.0 3.1 3.2 3.3 3.4 3.5 4.0 4.1 4.2 5.0 6.0 6.1 6.2 7.0 8.0 9.0 10.0 11.0 PURPOSE................................................................................................................... 3 SCOPE........................................................................................................................ 3 REFERENCE DOCUMENTS & STANDARDS ........................................................... 4 Conflicting Requirements ............................................................................................ 4 YERP Reference Documents...................................................................................... 4 Engineering Equipment and Material Users Association ............................................ 4 Saudi Aramco Specifications and Standards .............................................................. 4 Project Specifications and Drawings ........................................................................... 4 DEFINITIONS & ABBREVIATIONS ............................................................................ 5 Definitions.................................................................................................................... 5 Abbreviations............................................................................................................. 11 SOLUTION REQUIREMENTS .................................................................................. 11 ALARM ANALYSIS REQUIREMENTS ..................................................................... 11 Alarm Management Documentation.......................................................................... 13 Alarm Management of Change (MOC)...................................................................... 14 ADDITIONAL APPLICATION SOFTWARE FUNCTIONS......................................... 14 ALARM DATA COLLECTION ................................................................................... 15 REPORTS ................................................................................................................. 15 SERVER AND THIN CLIENT CONFIGURATION..................................................... 15 SYSTEM MAINTENANCE ........................................................................................ 16
General Confidential Page 2 of 16

1.0
PURPOSE The purpose of this Specification, together with the referenced Saudi Aramco standards, specifications and drawings, is to describe the functional and technical requirements for an Alarm Management System (ALMS) that forms part of the Yanbu Export Refinery Project. The Yanbu Export Refinery Project (YERP) is the development and installation of a new Grassroots full conversion refinery in the Kingdom of Saudi Arabia that will process Arabian Heavy crude into gasoline, diesel, and LPG products. As currently defined, the refinery will also modify existing terminal facilities for import of crude feed and export of products. The refinery will be located in Yanbu Industrial City on the west coast of Saudi Arabia on the Red Sea. The entire project includes refinery process units, utilities and interconnecting piping, associated feedstock and refined product storage / logistics facilities, as well as the offsite services necessary to support the safe and efficient operation of the refinery.
2.0
SCOPE This document describes the overall requirements and functional specifications for the alarm management and analysis system. The functional specification provides the minimum basis for the Main Automation Contractor (MAC) to meet the functional specifications listed herein. The MAC may include functionality that meets or exceeds the functional specifications. The MAC shall be responsible for the stated performance of their solution. The general requirement for the alarm management system is as follows: Based on site-wide use of the application software. Recommended or required training are to be listed and included as a separate item. The software shall be capable of providing the statistical and historical information that allows the facility to track the performance of the alarm management program, with identifiable areas for improvement, and the ability to continuously monitor the results of change. Ability to audit and enforce alarm changes and parameters in the base application is required.

In addition to the alarm analysis application, YERP PMT will implement applications and/or services that are capable of accomplishing the main aspects of an alarm management program. The MAC shall address or include the following capabilities: 1. Alarm Performance Tracking (analysis and reporting) 2. Alarm Management of Change (documentation and tracking) 3. Alarm Enforcement and Notification (process control software) 4. Operators Log and Response to Alarms or Alarm Conditions 5. Alarm Rationalization (analysis and documentation) 3.0 3.1 REFERENCE DOCUMENTS & STANDARDS Conflicting Requirements Any conflict between this document and any other project specification, or Saudi Aramco standards/specifications, shall be brought to the attention of the YERP PMT for resolution. 3.2 YERP Reference Documents The design, materials and construction of the equipment described herein shall comply with references listed below which are considered part of this specification. 3.3 Engineering Equipment and Material Users Association EEMUA Pub. No. 191 Alarm Systems - A Guide to Design, Management and Procurement
3.4
Saudi Aramco Specifications and Standards YERP-SAER-5895 YERP-23-SAMSS-060 Alarm Management Guidelines for Process Automation Systems Applications Integration Middleware
3.5
Project Specifications and Drawings 192-YER-PE-I35-0001 192-YER-PE-I35-0002 192-YER-PE-I35-0003 Main Automation Contractor Scope Definition Specification for Process Automation System Main Automation Contractor Supplier Services

192-YER-PE-I35-0010 192-YER-PE-I35-0023 4.0 4.1
Specification for Data Acquisition and Historian System (DAHS) Process Automation System Architecture Drawing
DEFINITIONS & ABBREVIATIONS Definitions Company Project Management Team (PMT): The Company Project Management Team (PMT) is the group responsible for the management of the entire project and is dedicated to the overall success, development and execution of the work and to ensure alignment across the numerous project interfaces. The PMT consists of Aramco Services Company and ConocoPhillips team members, partner(s), agency personnel, and contractors. These project management resources will form a cohesive, seamless team responsible for the project execution. Saudi Aramco (SA): Saudi Aramco as used in this procedure shall mean Saudi Arabian Oil Company and its affiliated companies, including, but not limited to Aramco Services Company. ConocoPhillips (COP): ConocoPhillips as used in this procedure shall mean ConocoPhillips Company and its affiliated companies, including but not limited to ConocoPhillips Yanbu Ltd. Yanbu Export Refinery Project (YERP): The Yanbu Export Refinery Project (YERP) as used in this procedure, shall also mean the Yanbu Export Refinery Company and its affiliated companies. It is also named as the COMPANY. Contractor or Contractors: Any Design, Construction or Service Contractor(s); Manufacturer(s); Vendor(s); Government Agencies; and other similar organization(s) having a contractual relationship or a prospective contractual relationship with the Company. When used in this or referenced documents the following words are used in the manner described below: Shall and must are used in the imperative sense. Will is used in the preferred sense. May is used in a permissive sense to state authority or permission to do the act prescribed or provide the function being defined in the prescribed manner, and the words no person may. or a person may not. mean that no person is required, authorized, or permitted to do the act prescribed. May not means that the item being described is not required, authorized, or permitted in the prescribed manner.

Includes means includes but is not limited to. A number of definitions that are important in the understanding of alarms and alarm management concepts are listed below and may be used in conjunction with this document. Abnormal situation Active alarm Alarm flood An industrial process is being disturbed and the automated control system can not cope and the operations team must intervene to supplement the control system. An alarm condition which is on (i.e. limit has been exceeded and condition continues to exist). The situation where more alarms are received than can be physically addressed by a single console operator. The threshold at which this overload occurs is not clear and should be defined by each site. Some companies use a range of alarm rates such as: alarm floods are considered to occur when more than 30 alarms are transmitted in any single 10 minute period or successive periods of greater than 10 alarms per 10 minute window. Other more aggressive plants have set lower thresholds such as 20 or even 10 alarms per single 10 minute window. The ranking of alarms by severity and response time. Often limited to 3 levels where the critical level requires immediate operator action, medium level requires action very quickly and the lowest level requires action within the next few minutes. A process whereby a multi-functional team determines what alarm configuration (priority and settings) is required for individual parameters in the control system. Also known as Alarm rationalization. See Shelved Alarms See Alarm Objectives Analysis Indication or message of a plant condition requiring operator awareness only, immediate action is not required. See nuisance alarm
Alarm priority
Alarm Objectives Analysis (AOA) Alarm Shelving Alarm rationalization Alert Background alarm

Cognitive workload
Cognitive workload refers to the effort required to perform mental activities. Highly skilled activities that do not require significant visual or auditory attention to perform typically impose a low level of cognitive workload. Activities that require thinking, decision-making or evaluation impose a high level of mental effort. The sufficient knowledge and skill required to effectively perform an activity or task. A member of the operations team who is assigned to monitor and control a portion of the process and is working at the control systems console. The highest level of alarm priorities immediate operator action is required or a serious plant incident will occur. An approach for performing field interviews to understand the appropriate requirements The physical organization of equipment (consoles, tables, radios, etc.) in a control room. An alarm condition which has been disabled will not be annunciated to the operator if the alarm limit is violated and will not be displayed on the alarm summary display. Note: Some control systems differentiate Inhibited and Disabled alarms Disabled may historize the alarm event (even though it is not annunciated to the operator) whereas Inhibited alarms are not historized, annunciated or displayed. Distributed Control System or process control system. Computer based control and information systems installed to monitor and control manufacturing facilities. A systematic approach to the design and creation of graphical interfaces which follow the work of Vicente and Rasmussen (1990). The interface is designed to reflect the constraints of the work environment in a perceptually visible way.1
Competency Console operator Critical alarm Contextual inquiry Control room layout Disabled alarm
Distributed Control System (DCS) Ecological interface design

EEMUA
The Engineering Equipment and Materials Users Association (EEMU) is an organization of major Oil, Gas & Petrochemical companies, power generation, utility & transmission companies, and process & construction companies which was formed in 1983 to "reduce costs and improve safety by sharing experience and expertise, and by promotion of distinct engineering users interests. One area that EEMUA covers is the process control systems design and installation area. In 1999 The organization created a publication called Alarm Systems A Guide to Design, Management and Procurement, EEMUA Publication No. 191. Emergency shutdown system typically associated with a Safety Instrumented System. Failure Modes and Events Analysis: A formal methodology for analyzing how processes or systems might fail. FMEA is valuable for designing solutions that anticipate how failures might occur or prevent failures from occurring. A structured analysis technique to assess the hazards and operability of a process design. An alarm condition which is off (i.e. limit has not been exceeded and condition does not presently exist). An alarm condition which has been turned off by the operator so that it will not be triggered under any condition (i.e. limit has been exceeded and alarm condition does not exist). The operator will receive no annunciation of the inhibited alarm. The alarm information will not be logged in the alarm journal. Note: Some control systems differentiate Inhibited and Disabled alarms Disabled may historize the alarm event (even though it is not annunciated to the operator) whereas Inhibited alarms are not historized or annunciated International Standards Organization. The important process variables which describe the overall condition of the production units performance. Typically indicator list would include plant production, product quality, energy efficiency, conversion rates, etc. Management of Change: A formal procedure specifying how changes are to be made to specific systems within an organization. An application which changes the alarm settings semi- or automatically based on the different operating states or modes of the equipment or plant.
ESD FMEA
HazOps Inactive alarm Inhibited alarm
ISO Key Performance Indicators (KPIs) MOC
Mode based alarming

Nuisance alarm Operating intent
Nuisance (or background) alarms are those which do not generate a specific action or response from the console operator. Refers to how the plant is to be run as specified by operating targets and limits (Sutton, 1997). Typically operational targets are explicitly defined in the operating instructions and the control system settings, operating limits may be explicitly or implicitly specified depending on plant practices. A set of explicit guidelines and instructions that, when followed by the operational personnel, will minimize deviations from design or operating intent. Principle Component Analysis (PCA) multivariate technique for determining the underlying structure in process data. PCA reduces the information contained in a wide ranging data set down into a lower dimensional space displaying the underlying information structure. Programmable Logic Controller Projection to Latent Structures or Partial Least Squares (PLS) multivariate modeling technique for estimating or predicting the property of variable from a set of input data. Schematic representations of the physical equipment in a processing plant and their interconnections describing the flow and conversion of materials from feed to products. A structured process which assesses the hazards of a process plant design. Can include a risk component and sometimes referred to as a Process Hazard and Risk Analysis (PHRA). See PHA.
Operating procedure PCA
PLC PLS
Process Flow Diagrams (PFDs) Process Hazard Analysis (PHA) Process Hazard and Risk Analysis (PHRA) Piping and Instrument Diagrams (P&IDs) Safety related alarm
Detailed schematics showing the processing equipment and piping as well as its related instrumentation and sensors.
An alarm which is claimed to provide significant risk reduction from hazards to people and which is implemented independently from the process control system.

Shelved alarms
An alarm which has been acknowledged by the operator and removed from their main alarm list and placed onto a specific shelved list of alarms. The alarm is temporarily prevented from reoccurring on the main alarm list until it is removed from the shelved list. Transition activities between two groups or teams of shift workers for the purpose of information exchange to ensure continuity and stability in production, in that, the oncoming shift is sufficiently aware of past activities, problems and operational goals. An analysis of the plants safety protection levels as defined by IEC 61508/61511 and ANSI/ISA S84. Defines one of four possible levels for specifying the safety integrity requirements of the Safety Instrumented Systems. Safety Instrumented Systems (SIS) are the specialized highintegrity instrument and control systems which are implemented to address specific layers of protection determined from a SIL analysis. A SIS is usually independent of the process control system to ensure no single point of failure in the safety protection system. Alarms that have been selectively removed from the alarm summary displays by the console operator through an application or display but remain in their alarm state. Standard Operating Procedure see Operating Procedure
Shift handover
SIL analysis
SIS
Shelved alarms Standard Operating Procedure (SOP) Stale alarms Standing alarms State estimators
Alarms that have been acknowledged but remain in their alarm state for an extended period of time. The average number of active alarms at any one time. Sometimes Standing and Stale alarms are used interchangeably. Model based support application which predicts the condition of the plant based on a variety of plant measurements. Often used as a component of an early warning system to support console operators situational awareness and thereby augment the alarm system. Generally computer-based software applications and displays that are designed to aid the console operators in performing their work.
Support applications

Suppress
An alarm is suppressed when an operator initiated application or an automated system determines that the alarm is not necessary under certain process conditions. A computer station with a display (CRT or LCD), keyboard, and pointing device (mouse, trackball, etc.).
Workstation
4.2
Abbreviations ALMS BMS DAHS DCS ESD FGS PAS MAC Alarm Management System Burner Management System Data Acquisition and Historization System Distributed Control System Emergency Shut Down (also referred to as a Safety Instrumented System SIS) Fire and Gas System Process Automation System Main Automation Contractor
5.0
SOLUTION REQUIREMENTS Solution shall be based on the site-wide use of the application software with multiple users. Hardware requirements to effectively operate the software are to be described in the solution. Any third party software applications necessary to capture PAS data for the solution shall be included. Any third party software applications, that is not necessary to operate the application, but beneficial in the performance of the solution shall be described.
6.0
ALARM ANALYSIS REQUIREMENTS The software application shall allow YERP to analyze the alarm system performance and benchmark them against industry best practices like EEMUA 191 or other different criteria in accordance with plant-defined metrics. The software shall be capable of analyzing and providing the following metrics for any multiples or configurable time periods. Number of Configured alarms by user-defined areas and units hierarchy grouping.

Alarm priority distribution based on number of configured alarm tags defined in DCS. Alarms distribution per timer period to provide the amount of alarms for user specified time interval over a time period. Alarm frequency by tag to provide the information of the most frequently occurring alarms. Alarms by alarm type to sort the alarms by event type, such bad measurement, low/high Alarm, etc. Alarm Flood Detection to provide the duration of alarm flooding as per the specified threshold. Alarm by condition to report alarm and event based on the filtering conditions. Time alarm acknowledged/alarm return to normal. To provide the time of alarm activation, acknowledge by operator and alarm return to normal. Standing Alarms over time period to identify the alarms that remain active for longer than the specified threshold. Chattering Alarms to identify nuisance and alarms activating and clearing repeatedly within short time interval Duplicate Alarms to identify an alarm that persistently occur within a short period of time of another alarm as per specified. Disabled Alarms to report the information of alarm suppressed over time period. Consequential Alarms to identify parent/child relationship between alarms as per specified. Operator/Process Change Analysis of controller mode change, controller MV/SV intervention DCS tag information listing function block type in DCS, alarm settings, alarms enabled state, alarm priority, engineering unit, range and description.
The software shall be fast, robust, accurate and capable of handling large amounts of data. Limitations shall be described. The software shall be capable of generating various alarm analysis documents, such as an event viewer, statistical reports and KPI reports, based on userdefined tag grouping. The ALMS shall be easily accessible by individuals on a plant-wide network via a web browser. The software must allow the user to view, search in the Alarm & Event viewer, and identify problems or conditions that are related to alarms.

The ability to generate KPI report for the selected time period. The software shall allow the users the ability to display alarm data by the selected time period and alarm conditions. The Alarm & event viewer of the application shall provide the ability to filter the data by: Start and end period in term of date time up to the second User-defined plant hierarchy or sub-system Event categories The fields in the alarm & event records
It is desirable to support SQL query mechanism by filtering the events on the multiple conditions. The alarm analysis shall have the ability to display the historical alarm database in graph or chart for analyzing the KPIs and evaluating performance. The application shall have the capability to export alarm historian data (i.e. text file, Plant Historian, Oracle, MS-SQL). Capability to integrate or access alarms via OPC from all process control systems, safety systems, and equipment monitoring systems into a single alarm presentation system. Ability to separate or classify the alarm & events based on the following types of alarm & event message: System alarm messages Process alarm messages Mode/status change messages Sequence messages Operation guide messages Operation record messages ESD Sequence of event message
The rate of event occurrence in alarm historical database can be display in trend or graph for maximum one month. 6.1 Alarm Management Documentation The alarm management documentation shall be easily accessible by individuals on a plant-wide network via a web browser preferably Windows Internet Explorer. The software shall allow the users the ability to define and customize the parameters of KPI of the alarm documentation program to meet YERPs alarm philosophy and alarm management strategies.

The alarm database functionality will include or provide access to the history of alarm documentation changes (i.e. information from past alarm rationalization sessions available or accessible.). 6.2 Alarm Management of Change (MOC) The solution shall have capabilities and features to provide alarm management of change documentation. The software shall have a mechanism to document the reason why each alarm was changed and provide a history of all past reasons. The software shall have the ability to trigger E-mail notifications when alarm setting in DCS or alarm master database is changed. The software shall have the ability to provide the audit trails for the application configuration change and operation enforcement. The software must have the ability to display MOC and print MOC as audit report. The audit report shall be exportable to MS-Excel, PDF or HTML format. 7.0 ADDITIONAL APPLICATION SOFTWARE FUNCTIONS Application software shall have a master database that contains the tag name, tag description, function block type, alarm inhibition/disable and alarm settings. The database shall be uploaded from DCS through OPC interface. The Application software shall also have the capability to compare current DCS alarm settings with an alarm master database that contains the rationalized alarm settings. The program shall identify alarm mismatches. The application software shall have the capability to enforce alarm configurations on the DCS according to the user per-defined alarm settings in the alarm master database. An alarm shelving feature shall be available in DCS. The operator shall be required to apply the alarm enforcement via a dialog box that requires a reason instead of just using a supervisory key. Operating Mode-based suppression: The DCS shall provide the ability to suppress alarms or change alarm settings according to the plant operating mode. Examples of operating modes are: Shutdown Start up Steady operation Turn down mode Plant maintenance

The preferred method of transitioning to these modes is for the alarm handling system to logically make a calculation of mode and recommend through an operator message when mode switches should be made. Only when confirmed by an operator response will alternate alarm settings or alarm suppression be enabled. Allow configurable E-mail or related notifications to individuals or groups. 8.0 ALARM DATA COLLECTION The application shall provide the connectivity to DCS and ESD/FGS/BMS. State if application licenses are server based or based on the PAS platform. The collection of PAS alarm data via OPC A&E for the software application shall not impede or hinder the PAS control capabilities. Alarm data collection shall be automated. Collection frequency shall be configurable. Self-monitoring of the data collection availability / completeness is required. The solution shall include predefined automated notifications of data collection errors or problems. 9.0 REPORTS The application software shall be capable of generating KPI statistical report and operating reports. The reporting package shall be capable of generating standard and ad hoc reports. The base reporting package should include automatic generation of pre-defined standard metrics reports on a predefined basis (i.e., standard monthly performance reports). The application shall be capable of porting standard, custom, or ad hoc reports to Adobe or the Microsoft Office Suite of products, for example Excel. The reports shall be accessed through an interactive web page. 10.0 SERVER AND THIN CLIENT CONFIGURATION A minimum of one data server is required. The server shall have storage capacity to keep historical alarm database online for 6 months. The data server shall reside on the PIN. The application must use the currently approved Windows based software. Application software shall include thin client architecture to support 20 users.

11.0
SYSTEM MAINTENANCE The application shall have the capability to backup and restore application databases, reports, templates, etc. Software updates and licensing updates must be capable of network installs and local installs.

192 Yer Pe I35 0008

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

192 Yer Pe I35 0008

Uploaded by

Copyright:

Available Formats

Yanbu Export Refinery Project

General Confidential Page 2 of 16

Yanbu Export Refinery Project

General Confidential Page 3 of 16

Yanbu Export Refinery Project

Yanbu Export Refinery Project

192-YER-PE-I35-0010 192-YER-PE-I35-0023 4.0 4.1

Yanbu Export Refinery Project

General Confidential Page 6 of 16

Yanbu Export Refinery Project

Distributed Control System (DCS) Ecological interface design

General Confidential Page 7 of 16

Yanbu Export Refinery Project

HazOps Inactive alarm Inhibited alarm

ISO Key Performance Indicators (KPIs) MOC

Mode based alarming

Yanbu Export Refinery Project

Nuisance alarm Operating intent

Operating procedure PCA

General Confidential Page 9 of 16

Yanbu Export Refinery Project

Yanbu Export Refinery Project

Yanbu Export Refinery Project

Yanbu Export Refinery Project

Yanbu Export Refinery Project

Yanbu Export Refinery Project

Yanbu Export Refinery Project

General Confidential Page 16 of 16

You might also like