Module 5: CONTROL SYSTEMS DOCUMENTATION

1 Introduction The main engineering documents generally used for efficient running, maintenance, and upgrading of a chemical facility are Alarm and Trip Systems, PLC documentation, and Pipe and Instrumentation Diagrams (P&ID). Documentation standards and symbols for all aspects of process control have been standardized by the Instrumentation, Systems, and Automation Society (ISA), in conjunction with the American National Standards Institute (ANSI). The P&ID documentation has been covered in module 3, therefore this module will only cover alarm and trip systems and PLC documentation.

2 Alarm and Trip Systems

The purpose of an alarm system is to bring a malfunction to the attention of operators and maintenance personnel, whereas the purpose of a trip system is to shut down a system in an orderly fashion when a malfunction occurs, or to switch failed units over to standby units. The elements used in the process control system are the first warnings of a failure. This could show up as an inconsistency in a process parameter, or as a parameter going out of its set limits. The sensors and instruments used in the alarm and trip system are the second line of defense, and must be totally separate from those used in the process control system.

2.1 Alarm and Trip Documentation

The types of information required in Alarm and Trip documentation are: 1. Safety requirement specifications; 2. Logic diagram with functional description; 3. Functional test procedures and required maintenance; 4. Process monitoring points and trip levels; 5. Description of Alarm and Trip system action if tripped;

Page | 1

6. Action to be taken if the alarm and Trip system power is lost; 7. Manual shutdown procedures; 8. Time requirements to reach safe status; 9. Restarting procedures after Alarm and Trip system shutdown.

Test procedures are needed to verify operation of the total Alarm and Trip system. These procedures must not pose any hazards or cause spurious trips, and must have the ability to detect wear, slow operation, leaking shutoffs, and sticking devices. A test procedure is necessary for an Alarm and Trip system, and should be available for all alarm and trip devices.

The test procedure should contain the following information:

1. Frequency of testing; 2. Hazards that may be encountered; 3. Drawing and specification information; 4. Test equipment; 5. Performance limits; 6. Test procedure.

The results of the system testing must record any problem areas found, and the corrective action taken. Typical Alarm and Trip system test results will have the following information:

1. Time and date of test; 2. Test personnel; 3. System identification; 4. Test procedure; 5. Results of test; 6. Corrective action taken; 7. Follow-up required; 8. Alarm and Trip system operational.

Page | 2

3 Programmable Logic Controllers (PLC)

A programmable logic controller (PLC) or programmable controller is a digital computer used for automation of electromechanical processes, such as control of machinery on factory assembly lines, amusement rides, or lighting fixtures. PLCs are used in many industries and machines, such as packaging and semiconductor machines. Unlike general-purpose computers, the PLC is designed for multiple inputs and output arrangements, extended temperature ranges, immunity to electrical noise, and resistance to vibration and impact. Programs to control machine operation are typically stored in battery-backed or non-volatile memory. A PLC is an example of a real time system since output results must be produced in response to input conditions within a bounded time, otherwise unintended operation will result. The earliest PLCs were limited to discrete I/O, basic Boolean logic functions (AND, OR, NOT), timers, and counters. However, versions soon appeared with analog I/O, math functions, PID control algorithms, and other functions required for process control applications. Logic circuits, ladder diagrams, truth tables and Boolean expressions are used for programming PLCs. You have been introduced to Boolean expressions, truth tables and logic circuits in module 5. In this section you will be introduced to the basics of Ladder logics.

3.1 Ladder logic

Ladder logic is a programming language that represents a program by a graphical diagram based on the circuit diagrams of relay-based logic hardware. It is primarily used to develop software for Programmable Logic Controllers (PLCs) used in industrial control applications. The name is based on the observation that programs in this language resemble ladders, with two vertical rails and a series of horizontal rungs between them. Logic ladder equivalent of electronic logic gates are shown below:

Page | 3

Type

Gate logic symbol

Boolean algebra between A & B

Ladder Truth table Equivalent

AND

OR

A+B

NOT

NAND

NOR

Page | 4

Exercise Construct a ladder logic diagram and the truth table for the circuit below:

Solution

3.2 PLC Documentation

The PLC documentation is a very important engineering record of the process control steps, and, as with all technical descriptions, accurate detailed engineering records are essential. Without accurate drawings, changes and modifications needed for upgrading and diagnostics are extremely difficult or impossible. Every wire from the PLC to the monitoring and control equipment must be clearly marked and numbered at both ends, and recorded on the wiring diagram. The PLC must have complete up-to-date ladder diagrams (or other approved language), and every rung must be labeled with a complete description of its function.

The essential documents in a PLC package are:

1. System overview and complete description of control operation; 2. Block diagram of the units in the system; 3. Complete list of every input and output, destination, and number; 4. Wiring diagram of I/O modules, address identification for each I/O point, and rack locations;

Page | 5

5. Ladder diagram with rung description, number, and function.

It is also necessary to have the ability to simulate the ladder program off-line on a personal computer, or in a background mode in the PLC, so that changes, upgrades, and fault simulations can be performed without interrupting the normal operation of the PLC, and the effects of changes and upgrades can be evaluated before they are incorporated.

4. Hazard and Operability (Hazop) study 4.1 Definition Hazard and Operability (HAZOP) study is a structured and systematic examination of a planned or existing process or operation in order to identify and evaluate problems that may represent risks to personnel or equipment, or prevent efficient operation. 4.2 Documentation required for HAZOP study The basis for HAZOP study should include the following documentation: Process flow diagrams (PFD); Piping and instrumentation diagrams (P&IDs); Layout diagrams; Material safety data sheets (MSDS); Provisional operating instructions; Heat and material balances; Start-up and emergency shut-down procedures.

4.3 Hazop Procedure 1. Divide the system into sections: Each section of the plant such as reactor, product purification, etc will be selected for HAZOP study; 2. Choose a study node: A node is a specific location in the process in which (the deviations of) the design or process intent are evaluated. Examples: separators, heat exchangers, pumps, compressors, etc. 3. Describe the design intent The design intent is a description of how the process is expected to behave at the node. 4. Select a process parameter

Page | 6

5. Apply a guide-word Use keywords to focus the attention of the Hazop team upon deviations from process intent and their possible causes. These keywords are divided into two sub-sets: Primary Keywords which focus attention upon a particular aspect of the design intent or an associated process condition or parameter. Examples of primary key words include: Flow Pressure Composition Temperature Level

Secondary Keywords which, when combined with a primary keyword, suggest possible deviations. Below is the standard list of secondary key words. No Less More Reverse Also The design intent does not occur (e.g. Flow/No), or the operational aspect is not achievable (Isolate/No) A quantitative decrease in the design intent occurs (e.g. Pressure/Less) A quantitative increase in the design intent occurs (e.g. Temperature/More) The opposite of the design intent occurs (e.g. Flow/Reverse) The design intent is completely fulfilled, but in addition some other related activity occurs (e.g. Flow/Also indicating contamination in a product stream, or Level/Also meaning material in a tank or vessel which should not be there) The activity occurs, but not in the way intended (e.g. Flow/Other could indicate a leak or product flowing where it should not, or Composition/Other might suggest unexpected proportions in a feedstock) The design intention is achieved only part of the time (e.g. an air-lock in a pipeline might result in Flow/Fluctuation) Usually used when studying sequential operations, this would indicate that a step is started at the wrong time or done out of sequence As for Early

Other

Fluctuation Early

Late

Page | 7

6. Determine causes Causes are the reasons why the deviation could occur. Several causes may be identified for one deviation. It is often recommended to start with the causes that may result in the worst possible consequence. 7. Evaluate consequences Consequences are the results of the deviation, in case it occurs. They may comprise both process hazards and operability problems, like plant shut-down or reduced quality of the product. 8. Recommend action: What? When? Who? Actions fall into two groups: 1. Actions that remove the cause. 2. Actions that mitigate or eliminate the consequences. 9. Record information The HAZOP results are usually recorded in work-sheets. The work-sheets may be different depending on the scope of the study. The columnar format below shows entries (columns) that are generally included. DEVIATION CAUSE CONSEQUENCE SAFEGUARDS ACTION

Safeguards are facilities that help to reduce the occurrence frequency of the deviation or to mitigate its consequences. These include detectors and alarms, automatic control system, an inert gas blancket in storages of flammable substances, total trip of the activity, pressure safety valves (PSV), etc. 10. Repeat procedure (from step 2)

5. Hazop for control systems and PLCs (CHazops) The purpose of a CHazop is to examine how control systems deviate from designated function, (for example produce incorrect output for a given input) and the effect that this would have. CHazops examine whether the proposed or current safeguards will adequately prevent the deviation or mitigate its consequences. 5.1 CHazop methodology The general approach for a CHazop is to begin by defining the scope of the control system in block flow diagram format showing the main functional components with their data transfer paths identified. These

Page | 8

will include the interfaces to the plant sensors and actuators and operators. The operational diagrams then represent the design the design representation as an equivalent to the P&ID used in process Hazop. Each component of the control system is then examined for potential deviation by applying appropriate guidewords. General CHazop Guidewords applied to control system components include: Hardware: Device error; Bad measurement Loss of signal (zero read); Loss of signal (full-scale read); Signal erratic; I/O failure; Abnormal temperature, etc.

Software: Program corruption; Memory management error; Endless loop, etc.

When all components have been checked for their impact on the process under the above fault conditions the identified parts are then subjected to an overview set of guidewords to test for general failures and their impact on the controlled process. General CHazop overview guidewords applied to control system include: Power failure; Power surges; Redundancy in system architecture, etc.

Page | 9