Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
0% found this document useful (0 votes)
25 views24 pages

Ips G in 260

Download as pdf or txt
Download as pdf or txt
Download as pdf or txt
You are on page 1/ 24

IPS-G-IN-260

ENGINEERING AND INSTALLATION STANDARD

FOR

INDICATING LIGHTS, ALARMS

AND

PROTECTIVE SYSTEMS
IPS-G-IN-260

CONTENTS : PAGE No.

1. SCOPE ..................................................................................................................................... 3
2. REFERENCES ......................................................................................................................... 3

3. UNITS ....................................................................................................................................... 3
4. GENERAL ................................................................................................................................ 3
5. INDICATING LIGHTS............................................................................................................... 5
6. ALARM SYSTEMS................................................................................................................... 5

6.1 Alarms ............................................................................................................................... 5


6.2 Dedicated Alarm Systems .............................................................................................. 5
6.3 Integrated Alarm Systems .............................................................................................. 6

6.4 Audible Indication............................................................................................................ 8


6.5 Method of Operation....................................................................................................... 8
6.6 First-Out and Sequence of Events Systems............................................................... 9

6.7 Location ............................................................................................................................ 9


6.8 Installation ....................................................................................................................... 10
6.9 Electrical Design Requirements ................................................................................... 10
6.10 Alarm Actuation ........................................................................................................... 11

6.11 Testing .......................................................................................................................... 13


6.12 Documentation (Alarm Record) .................................................................................. 13
7. PROTECTIVE SYSTEMS....................................................................................................... 13

7.1 Basic Design .................................................................................................................. 13


7.2 Logic Equipment............................................................................................................ 14
7.3 Alarm Displays ............................................................................................................... 15
7.4 Power Supply ................................................................................................................. 16

7.5 Wiring .............................................................................................................................. 16


7.6 Field Elements................................................................................................................ 16
7.6.1 Sensors .................................................................................................................... 16

7.6.2 Actuators.................................................................................................................. 17
7.7 Test and Bypass Facilities .......................................................................................... 17
7.8 Redundancy in Protective Systems ............................................................................ 18
7.9 Solenoid Operated Valves............................................................................................ 18

8. Documentation....................................................................................................................... 18

1
IPS-G-IN-260

FIGURES :

FIG. 1 SCHEMATIC SHOWING DEDICATED ALARM SYSTEM


VERSUS INTEGRATED ALARM SYSTEM................................................................. 7
FIG. 2 INTEGRATED ALARM DISPLAY ................................................................................. 8
FIG. 3 METHODS OF OBTAINING ALARM SIGNALS....................................................... 12

SPECIFICATION SHEETS FOR ANNUNCIATOR SYSTEMS ................................................... 20

2
IPS-G-IN-260

1. SCOPE

This Standard covers the general requirements governing the design, construction and installation of the following:

a) Indicating Lights.
b) Alarm Systems.
c) Protective Systems.

It is intended to be used in oil, gas, and petrochemical industries.

2. REFERENCES

Throughout this Standard the following Standards and Codes are referred to. The edition of these Standards are in effect
at the time of publication of this Standard shall, to the extent specified herein, form a part of this Standard. The applica-
bility of changes in standards and codes that occur after the date of this Standard shall be mutually agreed upon by the
Company and the Vendor.

API (AMERICAN PETROLEUM INSTITUTE)

RP 550 "Manual on Installation of Refinery Instruments and Control System Part 1:


Process Instrumentation and Control, Section-13 Alarms and Protective Devices"

ISA (INSTRUMENT SOCIETY OF AMERICA)

S 5.2 "Binary Logic Diagrams for Process Operations"


S 18.1 "Annunciator Sequences and Specification"

ANSI/NEMA (NATIONAL ELECTRICAL MANUFACTURERS ASSOCIATION)

MG 1 "Motors and Generators"


ICS 6 "Enclosure for Industrial Controls and Systems"

BSI (BRITISH STANDARD INSTITUTION)

BS 2757 "Method for Determining the Thermal Classification of Electrical Insulation"

IPS (IRANIAN PETROLEUM STANDARDS)

IPS-E-IN-190 "Transmission Systems"


IPS-E-IN-250 "Distributed Control System"

3. UNITS

This Standard is based on International System of Units (SI), except where otherwise specified.

4. GENERAL

4.1 Control systems for one or more process units shall be usually centralized in control rooms. A centralized alarm
system providing visual and audible indication at each control location shall be provided in a method which makes that
consistent with the centralized control philosophy.

3
IPS-G-IN-260

4.2 Instrumentation for alarm and protective systems shall be reliable. The degree of reliability shall depends on the
severity of the following risks involvements :

a) Hazard to personnel.
b) The value of the equipment damaged.
c) The value of the product lost.
d) The effect on the environment.

Because this type of instrumentation may remain inactive for long periods, a means of periodically checking these sys-
tems while the process units are operating shall be provided.

4.3 In modern digital instrumentation systems, lower priority alarms, called "alerts" are being used extensively as an
operating tool. Alerts are generally software-generated. They may be used to signal that controlled variables are outside
of relatively tight normal limits, that outputs are approaching upper or lower limits, or that other variables are approach-
ing or will eventually cause critical conditions.

4.4 The specification shall be based on the use of electric system. The pneumatic system may be only used on special
cases with approval of purchaser engineer.

4.5 Solid-state annunciator systems are preferred.

4.6 Wherever possible, the concept of intrinsic safety, shall be applied.

4.7 Lists shall be prepared of all alarm and trip settings, showing per circuit: tag number, instrument range, switch
point in operating units, and the equivalent setting in bar(g) when initiators are actuated by pneumatic signals.

4.8 Function descriptions as well as basic block diagrams, logic diagrams, etc., shall be made in addition to the engi-
neering drawings.

4.9 Interconnections with electrical department circuits shall be made in an interconnection box. Those relays having
contacts in a control circuits maintained by electrical department shall be installed in this interconnection box to avoid
live parts in the isolated instrument control boxes when maintenance is carried out.

4.10 On large process units where a multiplicity of automatic alarms is installed, consideration should be given to the
provision of an automatic logging device in the control room, which will record sequentially all warnings and their time
and clearance.

4.11 Instrumentation, alarms, shutdowns and other controls supplied with "Packaged" units, ancillary plant and pro-
prietary equipment shall conform with this Standard. They shall also be the same type and manufacture as selected for
the rest of the plant. Any departure from this rule is to receive the prior written approval of the Purchaser.

4.12 Switches in equipment shutdown service shall be direct operated type. Except for flow application (when high
accuracy is required).

4.13 Wiring for switches shall be two-conductor and shall not use the common hot wire technique.

4.14 Where more than one process unit is incorporated in the control room, audible horns of different tones shall be
used to indicate the location of the alarm.

4.15 Acknowledge and lamp test switches shall be provided for both local and remote annunciator cabinets.

4.16 All critical alarms shall be located on the control house panel board or control consoles, shall be annunciator type,
and shall be both visible and audible. Non-critical alarms may be displayed on control room video display units associ-
ated with digital instrument systems or computer systems.

4.17 Howlers and buzzers for telephone, fire alarm and toxic gases detection system shall be separate and distinctly
different from each other and form the buzzer for the signal system.

4
IPS-G-IN-260

4.18 On major items of equipment, e.g. gas compressors, where operator action is required at the equipment itself, a
detailed display identifying the fault conditions shall be given local to the equipment and a single unit alarm provided in
the control room. In this circumstance, acceptance in the control room shall not alter the state of any local alarm light.
Any subsequent fault shall reactivate the single unit alarm.

4.19 Integral switches in standard recording and controlling instrument for trip alarm actuation shall not be used.

4.20 The top half of nameplates shall be engraved in the English language, the bottom half shall be left blank.

5. INDICATING LIGHTS

5.1 Indicating lights serve to indicate on the instrument panel the status of process equipment, such as valves being
open or closed, pumps being in operation or stopped, etc.

5.2 When the equipment can only be operated manually and remote indication is needed a visual indication is suffi-
cient.

When the equipment status can be changed automatically, e.g. starting of stand-by pumps an audible alarm is also re-
quired.

5.3 The following colors shall be used for indicating lights:

- unsafe condition; red


- operative and safe; white
- switch in override position; yellow
- valve open; green
- valve closed; red
- motor runs; green
- motor stopped; red

Note:

When valve is in intermediate position, both the green and the red light shall be on.

5.4 Indication lights shall be kept separate from alarm lights.

6. ALARM SYSTEMS

6.1 Alarms

Alarm and alert systems used in petroleum industries are divided into two broad categories dedicated and integrated
style (see Fig. 1).

6.2 Dedicated Alarm Systems

6.2.1 A dedicated alarm system has a separate visual indication for each alarm point as well as a separate actuating
device. In some cases, it may be practical to combine a number of actuating devices so that operation of any one of them
would produce an indication on a common remote visual alarm. The alarm point of the sensor is determined, either by a
set-point adjustment (such as in a pressure or temperature switch) or simply by installation location (such as for a level
switch). Wiring between the actuating device and the annunciator shall be direct and separate from other alarms so that
a failure of one will not affect others.

6.2.2 In most dedicated alarm systems, each point can be provided with a set of isolated auxiliary output contacts that
change state when that point is actuated. These contacts may be used to retransmit alarm signals to other displays.

5
IPS-G-IN-260

6.2.3 Dedicated alarms may also accept analog inputs in the form of current, voltage or direct thermocouple and resis-
tance temperature detector signals. The alarm trip point shall be determined by an integral set-point adjustment for each
input.

6.3 Integrated Alarm Systems

Integrated alarm and/or alert systems may be in the form of standalone alarm-only units or they may be integral parts of
larger distributed or computer-based control systems. For distributed control systems, see IPS-E-IN-250.

Integrated alarm system visual indication may be via one or more of the following (see Fig. 2):

1) Flashing or colored messages displayed over other information on a cathode ray tube (CRT).
2) Cathode ray tube displays dedicated to alarm indication and formatted accordingly.
3) Indicator lights in various forms.
4) Printed messages on hard copy devices.

6
IPS-G-IN-260

KEY
FAL low flow alarm. PSL low pressure sensor.
FSL low flow sensor. TAH high temperature alarm.
PAL low pressure alarm. TSH high temperature sensor.

SCHEMATIC SHOWING DEDICATED ALARM SYSTEM VERSUS


INTEGRATED ALARM SYSTEM
Fig. 1

7
IPS-G-IN-260

An audible signal indicates the actuation of any alarm. Alarms shall be actuated by:

1) Making or breaking external switch contacts.


2) Monitoring electronic analog inputs in dedicated alarm modules.
3) Internal system logic.

When deciding on system configuration, consideration shall be given to the level of reliability required. For example,
extremely critical alarms may require inputs directly from switches connected to the process in field locations. On the
other hand, low priority alerts may be software-generated in the intelligence section of the CRT display of a distributed
control system. Intermediate requirements may dictate that analog-input alarm devices or main frame Computergener-
ated alarm inputs be used.

INTEGRATED ALARM DISPLAY


Fig. 2

6.4 Audible Indication

6.4.1 Alarm systems, whether dedicated or integrated, require an audible indication to alert the operator that an alarm
has been actuated. The visual indication shall be used for identification and evaluation.

6.4.2 Audible signals shall be in the form of bells, buzzers, horns, or electronic signals. These audible signals shall be
differentiated so that either the location in the plant the seriousness of the condition can be indicated. For example, some
may merely indicate an upset condition while others indicate to the operator that a shutdown has occurred. Shutdown
alarms shall be designed to initiate an audio signal distinct from all other alarms.

6.5 Method of Operation

6.5.1 Upon actuation of a point in a dedicated alarm, an alarm light shall flashes and an audible device shall sounds.
An acknowledge push button shall be provided for silencing the audible device and switching the light to a steady-on
state. Another push button shall be provided for testing the alarm lights and, where practicable, for testing the other

8
IPS-G-IN-260

components of the system. The acknowledge and test switches may be made common to a number of alarm system cabi-
nets.

6.5.2 ISA recommended practice 18.1 shall be used for selection of desired operation sequence. Although different
type of sequences are available in ISA 18.1 but type A sequence is the most common type.

6.5.3 Upon actuation of an alarm point in an integrated alarm system, a light shall be illuminated or caused to flash. In
CRT-based systems, an alarm message shall be displayed on the screen in a prominent location, possibly flashing or
appearing in a distinguishing color. An audible device shall also sound. One or more acknowledge buttons shall be pro-
vided to acknowledge the alarm condition. In some systems, the button may also call up a different display with addi-
tional information relative to the alarm condition. A logging system may also be actuated to document the alarm mes-
sage. In any case, fast indication of the individual alarm variable is essential (see 4.10).

6.5.4 Field contacts and relay contacts of alarm systems shall be designed to open and close in response to power sup-
ply and process operating conditions as follows:

PROCESS FIELD CONTACTS RELAY CONTACTS


OPERATING CONDITIONS Power either on or off Power on Power off
Normal Close Close open
Abnormal Open Open Open

6.6 First-Out and Sequence of Events Systems

6.6.1 A process system or a piece of equipment such as a compressor may have a number of protective devices that
could actuate a shutdown. In such circumstances, it may not be obvious which device initiated the shutdown and as a
result it could be time-consuming to locate the source of trouble. Dedicated alarm systems shall have a first-out (first-
failure) feature.

The point that initiated the shutdown shall be identified by means of a fast flashing light (other methods may be used)
after the alarm condition has been acknowledged and the audible alarm silenced. See also 7.3.2.

6.6.2 More sophisticated dedicated systems may indicate the exact sequence in which any number of alarm points were
actuated. Integrated systems may also accurately indicate a sequence of events if the sequence is relatively slow. How-
ever, if the sequence is fast, these systems may not be capable of providing the required time discrimination for a true
sequence-of-events indication. Characteristics of the system (scan rate, location, events in the scan, and the priority of
events in the communication scheme) shall be considered when using an integrated system for sequence-of-events indi-
cation.

6.7 Location

6.7.1 Dedicated alarms shall be combined in a cabinet or in multiple cabinets mounted on instrument panels located in
the control room. Such central read-out systems as cathode ray tubes or printers shall be console or desk mounted, al-
though panel mounting is feasible.

6.7.2 In some instances, it may be advisable to locate an annunciator cabinet with audible alarms in an area close to the
equipment that is being monitored. In these instances a remote common trouble alarm shall be installed in the associated
control room. This configuration, with the annunciator located to attract immediate attention, could be used for com-
pressors and furnaces to ensure prompt action on the part of field operators. Under some circumstances, it may be neces-
sary to provide an explosionproof annunciator. The selection of the alarm system shall be always comply with the elec-
trical classification of the area in which it is to be installed.

9
IPS-G-IN-260

6.8 Installation

6.8.1 The installation of field switches shall be made in accordance with the appropriate section of instrument installa-
tion of IPS standards for flow, pressure, level, temperature, and so forth.

6.8.2 Alarm systems installed in a control room shall be positioned for maximum visibility and operator convenience.
The relationship of alarms to other instrumentation may also be important. The proper location of the acknowledge push
button is important since it must be used by the operator after each alarm.

6.8.3 The audible device shall be installed where it will attract attention but will not be unnecessarily loud.

6.8.4 Good installation practice requires the use of a pair of wires to each field sensor rather than the use of common
wires. This simplifies maintenance and troubleshooting procedures, improves system security, and may be required to
achieve intrinsic safety.

6.8.5 Power supply and relay systems for alarm systems shall be installed in the control center basement, back of con-
trol panel/or in auxiliary room.

6.9 Electrical Design Requirements

6.9.1 Dedicated alarm annunciators shall be designed for operation from 110-Volt, single-phase, 50-Hz power sources,
or 24 V d.c. In integrated systems, the voltage to external contacts shall be direct current at low levels. d.c.-powered
annunciator systems (24 V d.c.) is preferred (see 7.4).

6.9.2 In cases where "bouncing" field contacts (such as that experienced on some liquid levels during startup) or other
types of repetitive upsets could cause repeated annoying alarms, a separate audible disconnect switch shall be used. An
adjustable dead band or a 3- or 4- second time delay shall be used to correct the problem. The elimination of annoyance
alarms should not be ignored since an expedient, on-the-spot means will usually be found to circumvent or nullify the
alarm altogether if it is a nuisance. Such a situation could be hazardous.

6.9.3 Alarm circuitry shall be designed to prevent feedback to or from interconnected power and control circuits. This
situation is especially of concern where common audible, acknowledge, or lamp testing circuits are employed. The use
of final control elements operated by more than one sensor may also cause feedback problems. In this situation, the
location of power sources for the various parts of the system shall be considered carefully. Problems may develop not
only from feedback, but also because of a power failure or interruption. As a result, the system may not produce the
signals intended by the designer.

6.9.4 Care shall be taken to ensure that voltage dips and momentary outages do not cause unwanted alarm actuation.
This situation shall be prevented by the use of normally de-energized circuits, or, in the case of normally energized cir-
cuits, the use of time delays or uninterruptible alternating or direct current power supplies. Arguments favoring the nor-
mally energized systems emphasize the fail-safe characteristics of such a design; those in support of de-energized cir-
cuits stress the reduction of nuisance alarms. Other factors such as the likelihood of burnout for continuously energized
coils in relays or solenoids or the problems encountered with normally open sensor switches shall be considered.

6.9.5 Experience and good judgment shall be combined in the selection of electrical contacts for relays and sensors.
With the use of lowlevel direct-current voltages in alarm circuits, hermetically sealed contacts shall be used to prevent
the effects of dust, corrosion, and contact film. If this type of contact is not available, switches that remain in the closed
position during normal operating periods with abnormal process conditions causing the contacts to open shall be used.
Fail-safe circuitry is inherent with this practice. However, circumstances may exist where it is more practical to use
contacts that close when the abnormal condition occurs. The corrosive effects of atmospheric contamination along with
factors such as heat and vibration shall be evaluated in selecting electrical contacts. If mercury switches are used, they
shall be mounted where they are unaffected by vibration.

6.9.6 Enclosures and wiring for the installation of alarm sensors must meet the requirements of the area in which they
are located. Intrinsically safe systems eliminate the need for explosionproof enclosures for field sensors in classified

10
IPS-G-IN-260

areas. Hermetically sealed switch contacts eliminate the need for explosionproof enclosures that are otherwise required
in Division 2 areas. Weatherproof enclosures shall be used for outdoor use with intrinsically safe systems and hermeti-
cally sealed switches regardless of area classification.

6.10 Alarm Actuation

Alarms may be actuated by changing states of external contacts, by exceeding set-point limits of direct connected ana-
log inputs, or by using logic or computational functions in digital systems (see Fig. 3)

1) Direct connected switches

Direct connected switches shall be separated, independent sensors connected directly to the process equipment.
Devices such as temperature, pressure, level, and flow switches are included in this category. These sensors oper-
ate an adjustable switch contact through a mechanical linkage if the process variable exceeds predetermined lim-
its. A scale and pointer may be provided to indicate roughly the set point at which the switch will be actuated. As
a rule, these devices do not have a means of indicating the value of the measured or process variable, a separate
indicator shall be provided, with a separate process connection to facilitate setting and checking calibration. In
critical applications, the use of a precise indicating switch that will provide an accurate measurement as well as
an indication of set point is probably justified.

2) Auxiliary switches

Auxiliary switches may be located within an instrument that performs a different primary function such as indi-
cating, recording, transmitting, or receiving the variable to be alarmed. There are many electromechanical meth-
ods may be used to operate these switches from changes in a measured variable. The alarm point shall be adjust-
able but its setting may be not ordinarily indicated. Since a failure of the measuring system in the instrument
means the variable is no longer being monitored, as well as a loss of the alarm, auxiliary switches shall be used
for less critical applications than direct connected sensors.

3) Transmitter monitoring switches

Transmitter monitoring switches are alarm switches that measure the output of an analog transmitter. They may
be either electronic or pneumatic and can be set to actuate at any value of the transmitter range. They may have a
scale with the set pointer indicating the trip point. Some are equipped with an indication of both cut-in and cutout
settings.

Alarm switches monitoring transmitter outputs shall be easily added to a control system. They shall be located
within the control room thus to minimizing wiring costs to a central annunciator. They shall be installed without
a process shutdown. They nevertheless suffer from the same limitation as auxiliary switch type of alarm in that
they become inoperative upon failure of the transmitter.

11
IPS-G-IN-260

METHODS OF OBTAINING ALARM SIGNALS


Fig. 3

12
IPS-G-IN-260

4) Analog inputs

Analog input alarm systems shall accept standard current, voltage, thermocouple, and resistance temperature de-
tector input signals directly. Each input point shall be provided with set-point and dead-band adjustments, along
with integral indicator lights to indicate abnormal conditions. Systems of this type shall include a meter and the
necessary selector switches to indicate, on demand, the value of each set point and each input.

5) Calculated inputs

Calculated inputs shall be used with integrated alarm systems. They shall be generally software-generated by
computers or distributed control systems. Because of the intelligence available in these units, the variety of pa-
rameters that can be alarmed shall be unlimited.

6.11 Testing

Alarms and alarm actuators should be installed in such away to facilitate check-out of the alarms. The best method of
checking is through the operation of the alarm actuator. Where the alarm actuator is a contact in an instrument, or is
operated by the transmission medium, ranging of the instrument is a convenient way of verifying the alarm points. Pres-
sure switches in transmission lines can be shut off from the transmission line and calibrated with air pressure from an-
other source. Independent actuators such as level alarms may often be piped so that they can be flooded or drained.
Alarm systems should be installed to facilitate regular checks of individual alarms during the operation of the process
unit.

6.12 Documentation (Alarm Record)

A complete and accurate record of all alarm set points shall be maintained. This record will be useful when checking out
initial installations and is necessary for testing and for communicating changes that might be made in the course of sys-
tem operation.

7. PROTECTIVE SYSTEMS

7.1 Basic Design

7.1.1 Protective systems shall serve to:

a) Shutdown a process unit to protect equipment and personnel when dangerous conditions are reached.
b) Start-up stand-by equipment when necessary to continue operation.

7.1.2 Each protective system shall be provided with:

a) Overriding (test or by-pass) switches, to be used during process start-up and testing of the system.
b) Emergency switches, to be used for manual initiation of the shut down system in case if emergency.

7.1.3 These switches shall be of the rotary type, push-button switches are not acceptable, unless are used with "enable"
push-button which connected in series, or used with a protective rotatable cover.

7.1.4 All protective systems shall be engineered for purchasing from only one supplier as much as possible.

7.1.5 Components of protective systems shall, as far as feasible, be installed in the control room basement or auxiliary
room to facilitate maintenance and to reduce the amount of (flame-proof) equipment in the processing areas.

13
IPS-G-IN-260

7.1.6 Careful consideration shall be given to the interconnection of related initiating devices in such away that unnec-
essary shutdown actions due to failure of individual components is avoided.

7.1.7 Each component of a protective system shall be incorporated in such away, that the system will go to the safest
position in case of component failure.

7.1.8 To increase the reliability of the system, duplication of certain component shall be considered.

7.1.9 Protective systems shall move to their protective positions on loss of energy (e.g. electrical power, instrument
air). Protective systems on rotating machinery are exceptions to this and shall not move to the protective position on loss
of energy.

7.1.10 Any system that employs multiple sensors (voting) for a sensor application on a protective system shall be de-
signed to employ a "2 out of 3" voting concept. No other voting concept shall be permitted except for dual flame scan-
ners and proximity type shaft vibration detectors which shall use "2 out of 2" voting.

7.1.11 Protective system components shall not be connected to any instrument or control system external to the protec-
tive system. Exceptions proposed for microprocessor-based logic equipment shall be submitted for approval by the Pur-
chaser’s Engineer.

7.1.12 Protective system actuators shall remain in their protective state after a trip until manually reset, even if any trip
initiators return to their normal operating positions. All protective system actuators require local manual reset, unless
otherwise specified.

7.1.13 A logic diagram showing functions of the protective system shall be approved by the purchaser’s Engineer prior
to the start of system fabrication.

7.2 Logic Equipment

7.2.1 All logic equipment shall be comprised of one type of component. Systems containing a combination of different
types are not permitted.

7.2.2 Each protective system shall have its own logic equipment installations where one logic system is proposed to
protect multiple process units shall be approved by the Purchaser’s Engineer.

7.2.3 All logic for one system shall be in the same place, (e.g. single cabinet). All test facilities, including bypass
switches, for this logic must be located with the logic equipment. Any exceptions proposed shall be submitted for ap-
proval by the Purchaser’s Engineer.

7.2.4 Failure of any component or group of components within the logic equipment shall result in the system output
going to the desired mode of failure. Specific design features shall be included to ensure a predictable failure mode and
these shall be submitted for approval by the Purchaser’s Engineer.

7.2.5 All electronic logic equipment shall have electrically isolated sensor inputs that prevent electrical noise. Picked
up on incoming sensor wiring, from causing nuisance trips.

7.2.6 All electrical protective systems shall use time delays on all sensor inputs to avoid nuisance trips. Time delay
shall be 0.5 seconds except for flame detectors, unless otherwise specified.

7.2.7 Where microprocessor-based logic equipment is used for protective systems the following requirements shall ap-
ply:

a) The design of the logic equipment shall employ "2 out of 3" voting, or"modified 1 out of 2" voting. Failure of
two subsystems in either "2 out of 3" voting or "modified 1 out of 2" voting must result in the protective system
going to its desired mode of failure.

b) Each microprocessor-based logic subsystem shall have its own self-diagnostic tests to detect, locate, and
alarm internal faults.

14
IPS-G-IN-260

Self-diagnostic tests shall be built-in features, not requiring additional equipment or user programming. Self-
diagnostic tests shall include as a minimum:

1) Error detection in serial communications.

2) A "time-out" gate to detect halted microprocessor execution.

3) A set of instructions executed at each functional cycle to exercise active system components, including the
microprocessor.

4) A periodic memory check.

5) A check of each signal line of a parallel bus before a "read" or "write" operation to input or output compo-
nent.

c) Manual actuation push-button shall bypass the microprocessor-based logic equipment and allow direct initia-
tion of the protective system actuators. This facility is usually provided through PLC System if not provided
should be made over the panel for this purpose.

7.3 Alarm Displays

7.3.1 Protective systems with more than one initiator shall be supplied with a "first-out" feature that provides an indi-
cation of which initiator actuated first. This "first-out" feature capability shall be comprised of dedicated hardware, and
shall consist of one set for each protective system.

7.3.2 Normal operating sequence of the "first-out" alarm system shall be:

a) Process is normal-alarm lights are out, and horn is silent.

b) Process is abnormal-"first-out" alarm is flashing rapidly, other alarms are flashing slowly, and horn is sound-
ing.

c) Acknowledge button is pressed-"first-out" alarm continues to flash rapidly, other alarms become steady, and
horn is silenced.

d) "First-out" reset button is pressed-"first-out" alarm becomes steady.

e) Process returns to normal-alarm lights return to normal.

Proposals for alternatives to the operating sequence shall be submitted for approval by the Purchaser’s Engineer.

7.3.3 Protective systems shall include, a prealarm. Two separate sensors, one for the prealarm and one for the protec-
tive system, shall be used.

7.3.4 Annunciator window indicators that are part of the protective system shall be color coded: red for protective sys-
tem operation, and orange/amber for prealarm; and shall be grouped together on the bottom row of the display.

7.3.5 Actuation of each protective system, including those locally mounted, shall be separately alarmed in the main
control room.

7.3.6 All thermocouple temperature switch sensors shall have burnout indication and alarm. Burnout indication shall
be upscale for low temperature switches and downscale for high temperature switches.

7.3.7 Each protective system shall have a common flashing light indicating that any of the sensors or actuators con-
nected to the system has been bypassed. This bypass action shall be alarmed in the main control room.

7.3.8 Protective system bypass switches shall not bypass the alarm function of a sensor or defeat the "first-out" feature.
The sensor shall retain its ability to indicate even though it cannot cause protective system action when bypassed.

15
IPS-G-IN-260

7.3.9 Individual bypass indicators for each trip initiating sensor and each actuator must be provided and mounted on a
test/bypass panel, and local panel if separate.

7.3.10 A lamp and horn test push-button shall be provided wherever lamps and horns are used as indicators.

7.4 Power Supply

7.4.1 Protective systems are classified as essential instrumentation for power supply. Each electrically powered protec-
tive system shall be fed from a UPS.

7.4.2 Power sources for electrical protective systems shall be as follows:

a) Microprocessor-based logic equipment requiring a.c. power shall be fed from a UPS distribution panel capa-
ble of transferring from the normal UPS to the stand-by power supply in less than 50 milliseconds.

b) Rotating machinery protective systems shall operate from a d.c. power source at 24 volts.

c) All other electrical protective systems shall operate from a d.c. power source at 24 volts.

7.4.3 d.c. systems shall be fully isolated from ground.

7.4.4 All electrical protective systems shall be fused immediately adjacent to the distribution bus. Both conductors
shall be fused and appropriate disconnect switches included. Each individual sensor and actuator circuit shall be sepa-
rately fused. Sensor and actuator fused may be located in logic cabinets. Circuit breakers and fuses shall be arranged for
selective operation such that the protective device closest to the fault operates first.

7.4.5 Separate fusing shall be provided for indication (lights) circuits and testing circuits.

7.5 Wiring

7.5.1 All power source wiring between power source and individual protective systems shall be isolated from ground.

7.5.2 Individual protective systems shall utilize dedicated junction boxes, or barriers within junction boxes to clearly
segregate wiring of different protective systems. Segregated terminal blocks in the control house or other terminating
point for field wiring shall be used. All wiring shall be clearly separated on a system by system basis. Where multiple
sensors (voting) are used, sensors measuring the same process variable shall be segregated to isolate failures.

7.5.3 A ground fault detector system shall be provided for each protective system that will identify a faulted circuit
while the system is in the normal operation. The detector must be capable of identifying the specific protection system
or circuit causing a faulted condition.

Electronic fault finding devices or power transfer switching to an additional isolated power supply are acceptable meth-
ods to satisfy this requirement.

7.6 Field Elements

7.6.1 Sensors

7.6.1.1 Sensor contacts shall be single point contacts snap acting totally enclosed and made of non-corroding materi-
als, (SPDT) with, slave relays or semiconductor circuits utilized to meet any signal sensor multiple output requirement.
System sensors with auxiliary settings and contacts for auxiliary equipment cut-in service are not permitted except for
vibration sensors on rotating equipment.

16
IPS-G-IN-260

7.6.1.2 All sensors shall have separate process taps. Where a single orifice plate is to be used for liquid flow measure-
ment and protective system sensor purposes, the second set of taps on the orifice flange shall be used for the protective
system.

7.6.1.3 Where a flow sensor is used as a protective system input, a dedicated differential pressure transmitter shall be
used. Differential pressure switches can be used only with the user’s Engineer approval.

7.6.1.4 Electrical switches that utilize mercury ampules as electrical switch contact are not permitted, unless otherwise
specified.

7.6.1.5 If vibration is present at the process tap or normal instruments mounting point, protective system sensors shall
be mounted in a separate, more stable location.

7.6.1.6 Where current switches connected to conventional dedicated analog field transmitters are used as sensors for
protective systems, individual switches shall be located in a special area dedicated to that function. These switches shall
be protected by guards. If current switches are powered from sources other than the analog transmitter loop, such as 110
V a.c. 50 Hz., this power supply shall be designed for essential instrumentation.

7.6.1.7 All electrical level switches included in protective systems shall be external float type. Any exceptions pro-
posed shall be submitted for approval by the Purchaser’s Engineer.

7.6.2 Actuators

7.6.2.1 Bypass valves shall be provided with each actuator valve that fails closed. Block valves alone shall be provided
for valves that fail open. Limit switches shall be utilized to actuate an automatic bypass alarm when the bypass valve is
opened or when a block is closed. These limit switches shall move from a closed position to an open position as soon as
the valve moves from its normal operating position. Bypass valves shall be car sealed closed (CSC.)

7.6.2.2 Protective system valves shall reach a fully closed or fully open position within 10 seconds after a trip signal is
initiated by the logic equipment, except where faster closure times are required to meet design specification require-
ments. Exceptions to this maximum time shall be submitted for approval by the user’s Engineer. Solenoid valves shall
not have delay features.

7.6.2.3 Valves provided in protective systems shall be dedicated solely for protection and not be used for normal regu-
latory control or any other service. Any exceptions proposed shall be submitted for approval by the Purchaser’s Engi-
neer.

7.6.2.4 Protective system actuators that are powered from energy sources other than the logic trip signal must incorpo-
rate a design feature that moves the actuator to its protective position and locks in that position upon loss of any or all
other energy sources. Examples of equipment included in this category are pneumatic or hydraulic valves initiated by
electrical logic where the two energy, sources are separately derived.

7.7 Test and Bypass Facilities

7.7.1 Test (bypass) switches shall be provided on each field circuit for sensor and outputs which will permit the protec-
tive system to be tested without affecting plant operations. Bypass switches shall not inhibit any alarm. A separate alarm
indicating that a system has been bypassed is required. By-pass switch preferably should be installed in the control
room.

7.7.2 The sensor manifold shall allow on-line testing of the sensors and shall be approved by the Purchaser’s Engineer.

7.7.3 Continuous self checking features shall be included in protective systems (If applicable) to help ensure proper
operation. This feature also reduce nuisance or unnecessary actions that might result from certain type of system fail-
ures. Self checking systems are usually of aproprietary nature and employ unique signaling and wiring techniques to
detect and alarm failures in the protective system.

17
IPS-G-IN-260

7.8 Redundancy in Protective Systems

Although testing of protective systems is a means of ensuring a higher degree of reliability, testing can be expensive as
well as time consuming. And, because of the need to provide bypassing or deactivating features of some type, testing
can be somewhat hazardous. Through the use of additional, or redundant measuring devices, and, in some cases, redun-
dant final control elements, a significant improvement in the security of the system may be achieved. Protective systems
using multiple sensors and sophisticated voting logic to initiate action should be used. The investment cost will be
greater but the elimination, reduction, or simplification of testing procedures may warrant the added cost.

There are a number of factors that shall be considered to determine whether or not redundancy is warranted. The poten-
tial loss caused by a failure, the statistical possibility of a failure, and the potential for adverse consequences such as
increased nuisance shutdowns shall all be evaluated. Different systems with varying degrees of reliability shall ulti-
mately be selected for applications with varying degrees of risk.

7.9 Solenoid Operated Valves

7.9.1 Solenoid operated valves shall be suitable for 110, 24 volts d.c.

7.9.2 Instead of flame proof execution, consideration shall be given to constructions with potted (hermetically sealed)
coils and increased safety terminals, assented for use in division 2 areas.

7.9.3 Each solenoid valve shall be sub-fused separately in the relay box by means of clip-in type fuse terminals.

7.9.4 Manual reset shall be provided for all solenoid valves in safeguarding systems, except for applications where
after restoration of the normal situation, no difficulties are encountered, in cases where valves may return automatically
to their original position.

In those cases where a manual reset is required this feature shall be incorporated in the electric system by means of an
electric push-button mounted in a convenient location close to the solenoid valve.

Where mechanical manual reset is required when special control philosophies are applied the manual reset device shall
preferably be of the push-button type in the valve body.

External lever-arrangements with mechanical latching devices shall not be applied.

7.9.5 All inductive devices (e.g. solenoids) shall have suitably rated suppression diodes connected directly across the
coils.

7.9.6 Solenoids shall be energized so as not to interfere with the operation of any logic circuits. This may be achieved
by separate power supplies or static switches or relays.

7.9.7 Solenoid valves shall be used as pilot valves for instrument air hydraulic systems and shall be sized ½ in. maxi-
mum.

7.9.8 The coil shall be energized during normal operating conditions, unless otherwise specified.

7.9.9 Generally solenoid valves should be accessible at grade or permanent platform level and be adequately protected
against adverse weather conditions and accidental operation.

8. Documentation

8.1 Alarm and protective system documentation shall be submitted to the Purchaser’s Engineer for review at least four
weeks prior to the scheduled shop inspection date for check-out of all systems. Documentation shall include (but not be
limited to) the following:

18
IPS-G-IN-260

a) "As built" logic diagrams of all systems, including one drawing that shows all subsystem interrelated logic,
are required in the event that multiple drawings are used to fully describe the system.

b) Schematic, connection, and interconnection diagrams for trouble shooting and maintenance.

c) Pneumatic system tubing diagram.

d) Total equipment list with component manufacturers and model numbers.

e) Bill of materials for components.

f) Recommended spare parts list for 2 years continuous operation.

g) Trouble shooting procedure.

h) Testing procedures.

i) A complete description of the logic system and its operation.

8.2 Alarm and protective systems using microprocessor-based logic equipment shall include the following additional
documentation:

a) A block diagram of the system configuration.

b) A flow chart of the program software.

c) A listing of the source program which shall include comment statements to explain the function of each block.

d) A map describing the memory allocation.

e) A list of inputs and outputs complete with physical addresses.

f) The vendor’s standard equipment documentation, including (but not limited to) specifications, installation re-
quirements and operating manuals.

g) Startup and shutdown procedures.

8.3 For each alarm and protective system, a complete and accurate record of all alarm and shutdown trip points should
be maintained along with proper documentation of corrective actions or shutdown functions performed at each trip
point. This information will be needed when testing or troubleshooting a system and is necessary for communicating
changes that might be made in the course of system operation.

19
IPS-G-IN-260

SPECIFICATION SHEETS FOR ANNUNCIATOR SYSTEMS

(to be continued)

20
IPS-G-IN-260

(continued)

21
IPS-G-IN-260

ANNUNCIATORS

Instructions for IPS Forms E-IN-260 a & b

1) Write in Tag Number of entire Annunciator System.

2) Omit if single unit.

3) Specify cabinet mounting.

4) Specify type of cabinet.

5) Refers only to display and audible.

6) Specify power supply required.

7) Check White Translucent, or write in color of plate and engraving required. Specify window size in height ×
width.

8) Number of independent displays in one box, or position in cabinet.

9) If individual bullseyes, specify number and color required. If self-contained unit, specify number of normal
and off-normal lights and color of each. (Example-two red independent off-normal and one green common nor-
mal light.)

10) Describe display if other than blacklighted nameplate or bullseye. For example; backlighted prism, electrolu-
menescent, two-color pneumatically operated.

11) Specify type of logic unit which operates display and audible system.

12) Check required location of logic components.

13) Check enclosure class of logic components and or enclosure. General purpose relays inside an explosion
proof housing, or explosion proof relays will both satisfy the hazardous area classification. Use NEMA identifi-
cation System or ISA System RP 8.1.

14) Specify voltage across contacts which actuate alarm.

15) Give contact action.

16) Sequential alarm refers to "First Out" System.

17) Specify type of ring back, if applicable.

18) An operational test actuates audible as well as lamps.

19) Specify flasher location and model number.

20) Specify type of acknowledgment, and push-button locations.

21) Specify reset and push-button location.

22) Write in ISA sequence number as described in RP18. 1, Specifications and Guides for the use of General
Purpose Annunciators, or fill in the table for the sequence required.

23) Write in the model number, or describe type, if required.

24) Write in the model number, or describe type, if required.

25) Write in the model number, or describe type, if required.

26) Specify number required, and color.

22
IPS-G-IN-260

27) Specify power supply location i.e., in logic cabinet, or separate cabinet.

28) For any additional accessories required.

29) Fill in after selection is made.

23

You might also like