Ips M in 290
Ips M in 290
Ips M in 290
FOR
1. SCOPE ..................................................................................................................................... 3
2. REFERENCES ......................................................................................................................... 3
3. UNITS ....................................................................................................................................... 5
4. PLC SPECIFICATION FOR EMERGENCY SHUT-DOWN (ESD) SYSTEMS....................... 5
4.1 General .............................................................................................................................. 5
4.2 Processor Unit.................................................................................................................. 6
7. RELIABILITY REQUIREMENTS............................................................................................ 26
8. ENCLOSURE AND CABINET REQUIREMENTS................................................................. 26
9. SHOP INSPECTION AND TESTING..................................................................................... 29
10. TRAINING REQUIREMENTS............................................................................................... 32
1
IPS-M-IN-290
APPENDICES:
2
IPS-M-IN-290
1. SCOPE
This Standard Specification covers the minimum requirements for Programmable Logic Controllers (PLC) to be applied
in Iranian Petroleum Industries Projects.
Since the volume of interlocking encountered and the severity of application dictates different requirements on the PLC
equipment, this Standard specification has been divided in three basic categories, according to specific application,
namely:
Each one of the above mentioned parts applies to the relevant application only and shall not be considered for the other
applications.
It shall be noted that; in a given project, not all of the above mentioned applications may be encountered. Therefore
selection of the specification shall be made carefully according to the specific application.
2. REFERENCES
Throughout this Standard the following standards and codes are referred to. The editions of these standards and codes
that are in effect at the time of publication of this Standard shall,to the extent specified herein, form a part of this Stan-
dard. The applicability of changes in standards and codes that occur after the date of this Standard shall be mutually
agreed upon by the Company and the Vendor.
Y 32.11 "Graphic Symbols for Process Flow Diagrams in the Petroleum and Chemical
Industries" (R 1985)
BS-381C "Specification for Colors for Identification, Coding and Special Purposes" (1987)
3
IPS-M-IN-290
MIL-HDBK-217 "Reliability Stress and Failure Rate Data for Electronic Equipment"
MIL-STD-1629A "Procedures for Performing a Failure Mode Effects and Criticality Analysis"
UL (UNDERWRITER LABORATORY)
802.3 "Carrier Senseple Multiple Access (CSMA) with Collision Detection (CD)
Access Method and Physical Layer Specification"
"Programmable Electronic System in Safety Related Applications, Parts 1 & 2" (1987)
4
IPS-M-IN-290
3. UNITS
This Standard is based on International System of Units (SI), except where otherwise specified
4.1 General
4.1.1.1 The system shall be "fault tolerant" by employing three processors and voting logic, reliable fail safe configu-
ration, to eliminate emergency maintenance under panic conditions.
4.1.1.2 The system shall be totally independent and dissimilar in design, hardware and software from the main control
system, thereby eliminating susceptibility for both systems to fail under similar conditions.
4.1.1.3 Redundant components shall be of different manufacturing production runs, to minimize possible latent manu-
facturing defects within the redundant components, preferably.
4.1.1.4 The processors shall be provided with both internal and external watch-dog timers, to check the program exe-
cution. The PLC shall also be provided with internal self-checking programs, to be executed regularly as part of the
normal start up/running sequence.
4.1.1.5 The system shall be protected against nuisance trips; that is a trip caused by a factor which is not intended to
trip the system, such as; short power outages.
4.1.1.6 All precautions shall be undertaken to keep the shutdown and process control systems independent of each
other, to simplify operation and maintenance.
4.1.1.7 The shutdown system shall be provided with an integral annunciator with a retained, first-out sequence. Each
event shall be annunciated even if the acknowledge push botton is defeated intentionally. Where system is supplied in
conjunction with DCS, pre-shut-down alarms may be transmitted to DCS via suitable gateway.
4.1.1.8 The proposed PLC shall be of distributed architecture enabling to network different PLC’s, each of them serv-
ing as an area shut-down system.
4.1.1.9 The system shall be modular, multiple processor, industrial type Programmable Logic Controller mounted in
standard 19" rack according to EIA 310C standard.
4.1.1.10 The PLC system shall provide adequate self-diagnostic capability for system hardware and software. The
PLC Vendor shall provide the following minimum diagnostic programs:
4.1.1.11 Critical I/O system components shall be provided with sufficient redundancy to ensure reliable operation un-
der fault conditions.
4.1.1.12 Any single fault in PLC shall not prevent a shutdown on a genuine input demand nor initiate a nuisance shut-
down.
4.1.1.13 The PLC system shall have a reliable redundant components for all inputs, logic, power supplies, outputs, and
communication hardware.
5
IPS-M-IN-290
4.1.1.14 Each critical PLC input and output module must be fully tested and fault diagnosed automatically by the PLC
system. This must include turning the input and output module off and on routinely, with the necessary logic verifying
successful operation of the module.
4.1.1.15 Each PLC processor must be fully tested and fault diagnosed. The failure of a processor must not interfere
with the system operation. Each processor data base must be continuously updated.
4.1.1.16 The failure of a single component, card, module, communication link, power supply, equipment rack, etc.
shall not result in an unsafe operating condition or the failure of the portion of the process connected to that input or
any other input or the process connected to. The system shall continue it’s operation and remain available after such a
failure.
4.1.1.17 The PLC redundant inputs, outputs, and processors shall be located in different equipment racks with sepa-
rate power supplies and communication hardware. On loss of communication to the output module, the outputs shall go
to a "safe" state.
4.1.1.18 PLC’s interconnecting highways shall be redundant, with both highways continuously tested and alarmed in
case of failure. Highway switching devices shall be tested on a routine basis. The testing and diagnostics shall be per-
formed by the PLC system automatically.
4.1.1.20 The Vendor shall provide a detailed failure mode and effect analysis (cause and effects analysis) to ensure
compliance with this Standard.
4.1.1.21 The system components and subsystems shall be capable to operate in the environmental conditions as speci-
fied in project documentations.
4.1.1.22 The PLC system Cards shall be capable to be inserted or withdrawn while the system is operating with no
need to disconnect the power to the system.
4.1.2.1 Since hardware reliability is an essential feature for a trip system to avoid spurious tripping and trip fail danger
faults, only components with predictable reliability and known performance shall be used. For more details reference
shall be made to article 7.0 herein.
4.2.1.1 The Central Processing Unit (CPU) shall continuously scan the application program stored in memory, along
with the status of all inputs, and execute specified commands to the appropriate outputs.
4.2.1.2 Quick-Reference chart shall be permanently attached to the inside surface of the PLC’s enclosure front door.
The chart shall clarify the proper module or PCB placement and assist in the interpretation of the status indicators.
4.2.1.3 The processor shall be of modular design employing EIA 310C 19" rack installation principle.
4.2.1.4 The processor shall the remote I/O system connection capability.
4.2.1.5 The processor shall be capable to be equipped with local/parallel I/O system for high speed processing applica-
tions.
6
IPS-M-IN-290
4.2.1.7 The I/O memory scan time shall be better than 1 m sec/KB for parallel I/O’s.
4.2.1.8 The processor shall be equipped with the following interfacing modules, as required:
- PLC to PLC
- Data Highway
- MAP/OSI multivendor interfacing
4.2.1.9 A key-operated modeselect switch shall be provided to select the CPU operating mode. These shall include:
The selected operating mode shall be visually indicated on the PLC front panel and/or the engineering workstation.
4.2.1.10 The processor shall be capable to accept a microcomputer and a printer device for program entry and docu-
mentation of the application program stored in the PLC memory (i.e., ladder diagram, I/O cross-reference and memory
listing).
4.3.1 General
4.3.1.1 The internal memory shall be sized such that at least 50% spare memory is available after definition of the I/O
tables and entry of the application program. Once the application program has been entered into the memory, it shall
remain resident until deliberately changed. A power failure or power-off condition shall not-affect the content of mem-
ory. A keylock memory-protect feature shall be incorporated to prevent accidental or unautorized alteration of the appli-
cation program.
4.3.1.2 Safeguarding against incorrect memory alteration should be considered by employing permanent memories
back-up, in which the information is stored as a physical property which cannot be lost, i.e., UVPROM (Ultra Violet
Erasable Programmed Read Only Memory).
4.3.1.3 EAPROM’s (Electrically Alterable Programmed Read Only Memories) shall be avoided on all tasks which is
related to safety.
4.3.2.1 Dynamic RAM shall be considered for processor internal memory as scratch pad memory.
4.3.3.1 ROM with sufficient capacity shall be provided stored with the executive program (Operating System).
4.3.3.2 UVPROM shall be provided as program and data table storage medium.
4.4.1 General
4.4.1.1 All field instruments and equipment, external to the PLC, shall be terminated in terminal strips located in mar-
shalling rack cabinets (equipped with safety barriers, if requested in Purchase Order). Cabling from the Vendor supplied
7
IPS-M-IN-290
marshalling rack cabinets to the PLC interface modules shall be via cord sets with plug and socket connections. Detail
of the cord sets shall be supplies by the Vendor in his bid proposal.
4.4.1.2 The I/O interface shall be modular in design. Terminations shall be connected to the I/O chassis, not to the I/O
modules.
4.4.1.3 It shall be possible to install the I/O module in any configuration within each I/O chassi, regardless of the
signal voltage level. Anyhow the I/O cards shall be arranged according to the voltage levels, inside the I/O chassy
and/or enclosure.
4.4.1.4 All I/O modules shall be plug-in type in EIA 310C 19" rack chassis and shall permit insertion or removal from
the chassy without disturbing the external wiring.
4.4.1.5 There shall be no need to disconnect the power to faulty or other modules for removing and/or replacing the
cards.
4.4.1.6 All modules shall be capable to operate with either 24 V dc or 115 V ac power to the I/O, as specified in the
project Purchase Order.
4.4.1.7 All modules shall be made of printed circuit board with a permanent front cover with identification labels and
status indicators.
4.4.1.8 The status of all inputs and all outputs and the location of any fault within the I/O, shall be indicated on the
visible front edge of the I/O modules.
4.4.1.9 The I/O interface shall be of bus-oriented system. Application of parallel I/O system shall be limited to the
local I/O’s housed in the same enclosure as the processor.
4.4.1.10 Each I/O rack shall be provided with an I/O interface with sufficient redundancy to suit triple redundant proc-
essor system and meet Availability requirements mentioned herein.
4.4.2.1 All field sensor devices shall be connected to the PLC via the discrete input modules. The modules shall be
available in 8, 16, and 32 points type for greater flexibility and cost saving.
4.4.2.2 Vendor shall submit his filtering method, complete with his input module circuit diagram with his bid proposal
for Company’s evaluation. Filtered input modules shall only be used for noisy input signals.
4.4.2.3 LED status indicators shall be provided on the front edge of module, as a troubleshooting aid, to indicate status
of inputs.
4.4.2.4 The DC or AC inputs shall be of opto-coupler isolated type with fault indication on the front edge of module.
4.4.2.5 Adequate redundancy shall be provided for input modules to meet availabililty requirements.
4.4.2.6 All input modules shall withstand a dielectric test voltage of 2500 V dc or 1000 V ac rms plus twice the work-
ing voltage of the circuit for at least one minute, according to UL 508 standard.
4.4.3.1 All field output devices shall be activated by the PLC via the discrete output modules, such as; Motor Control
Centers (MCC), pilot lights, alarm annunciators, solenoid valves, relays, and/or valves.
4.4.3.2 The output modules shall be fused for protection of system and shall be capable of withstanding an inrush
current of ten times the rated output load for a short period of time.
8
IPS-M-IN-290
4.4.3.3 All output modules shall be of isolated type and shall withstand a dielectric test voltage of 2500 V dc or 1000
V ac rms plus twice the working voltage of the circuit for at least one minute according to UL 508 standard.
4.4.3.4 The modules shall have self-diagnostic capability with LED displays on the front edge of module to signify the
probable faults in the module.
4.4.3.5 Modules shall be available with 8, 16, and/or 32 points per card.
4.4.3.6 Sufficient redundancy shall be foreseen in the output modules to meet the safety application involved and
availability requirements.
4.5.1 General
4.5.1.1 Power supplies shall be redundant and monitored type. Upon a drop in the supply voltage below it’s minimum
rated level, proper action shall be taken to bring the process into a safe condition.
4.5.1.2 The redundant power supply unit may be mounted in the same enclosure as the CPU, or may be a separate unit
connected via a heavy-duty cable. Additional power supply units may be used to extend the I/O capacity. Power supply
units shall be identical to minimize spare parts requirements.
4.5.1.3 Internal critical fusing on power supply modules and field inputs and outputs shall be duplicated to avoid a
spurious plant trip due to fuse aging. Fuses shall be of the alarming type wired to annunciator to alarm on malfunction.
These alarm counts shall be included in the active I/O count.
4.5.1.4 Incoming line voltage monitoring shall be provided. Should the line voltage drops below it’s minimum rated
level for more than one half cycle, the power supply unit shall signal the CPU to stop communication with the I/O inter-
face module before the loss of logic-level power to the CPU occurs. Fail-safe design shall insure that, an invalid output
command transmission does not occur during a power dip.
4.5.1.5 Automatic shutdown of the power supply unit shall occur whenever overvoltage, undervoltage, and/or overcur-
rent conditions are detected at the output side of the unit. Such a status shall be indicated on the ESD annunciator and
on the front edge of reach power supply unit.
4.5.1.6 The power supply input circuit shall have independent overcurrent protection, as well as transient overvoltage
protection.
4.5.1.7 The PLC design shall preclude incorrect commands to the field output devices when main system power is
applied or restored, i.e., power to the logic circuitry shall be applied well before I/O circuits, and when all circuits have
been reset.
4.5.1.8 Redundant processor power supplies shall not be loaded 100%, but rather around 70%.
4.6.2 The program loader shall consist of two 3½" disk drives, a board to interface to the PLC, 40 MB hard disk, VGA
CRT display, positive depression QWERTY keyboard and a functional keyboard.
4.6.3 The loader terminal shall permit to address ladder logic by label in addition to numbered address.
4.6.4 The terminal shall provide full ladder logic documentation of floppy disk for back-up purpose. In the event that
PLC memory is purposely cleared, memory may be reloaded from the back-up copy.
9
IPS-M-IN-290
4.6.5 The terminal shall be capable to monitor the status of ladder logic as it is executed (real-time). Also, a search
function shall be provided to locate contacts quickly, using either line number or contact type.
4.7.1 General
4.7.1.1 ESD software shall be of high quality to ensure reliable operation throughout its life.
4.7.1.2 The programming device shall be equipped with a compiler to translate user’s programs into the machine lan-
guage software to be loaded into the processor.
4.7.1.3 The programming device shall be equipped with necessary softwares to accept user programs in two different
languages, i.e., ladder diagram and Control System Flowchart (CSF).
4.7.1.4 The programming language shall be of structured type, in a manner to enable software rationalization, for eas-
ier manageability, transparency, and cost efficiency.
4.7.1.5 The programming device shall be equipped with suitable software, to allow monitoring of the status of the
PLC as specified in 4.6.5.
5.1 General
This application includes shutdown or startup of a single equipment to prevent it from working under extreme condi-
tions which may damage the equipment.
In plants employing DCS, this function usually will be incorporated in DCS. Anyhow, in plants with Single Loop Digi-
tal Controller (SLDC), conventional electronic controllers, or pneumatic controller technology, such a function usually
is implemented via relay logic. In the latter cases, PLC is specified herein as a substitute of the conventional relay logic
technology.
5.1.1.1 The processor, I/O System, and power supplies shall be of dual hot stand-by type. The dual stand-by proces-
sors shall have a common data base, staying fully informed of each other’s status at all times.
5.1.1.2 Switching time of faulty controller to the back-up shall be insignificant in comparison to the process changing
time.
5.1.1.3 The system shall be of; modular, multiple processor, industrial, controller type. The PLC hardware shall be
mounted in 19" standard rack according to ANSI/EIA 310C.
5.1.1.4 The PLC system shall be provided with self-cheching diagnostic on initialization and on each cycle. The errors
revealed by diagnostic program shall be classified as "fatal" and "non-fatal" to be stored in a designated table. Fatal
errors shall energize a failure notification and necessary protection, i.e., taking in action of the redundant unit.
10
IPS-M-IN-290
5.2.1.1 The processor shall be capable to accept; remote, local, and intelligent I/O system, together or independently.
5.2.1.2 The processor shall preferably employ industrial backplane data bus for connecting different modules of the
PLC.
5.2.1.3 The processor’s CPU shall continuously scan the user’s control program, stored in the memory, along with
status of all inputs and execute specified commands to the appropriate outputs.
5.2.1.4 The processor’s CPU shall be provided with a "Watchdog" timer to measure the time that CPU consumes to
execute the user’s program. If the consumed time exceeds a predetermined value, the watchdog timer shall cause the
processor to indicate a fault condition and shuts down the processor in a safe manner with switch-over to stand-by proc-
essor.
5.2.1.5 The processor shall have preferably, the following types of memory:
5.2.1.6 The processor system shall be of a genuine distributed architecture design allowing distributed multiprocessor
application. This feature is specially required to distribute functionally and geographically the PLC system for different
units of the plant. This feature is an advantage besides the intelligent I/O system.
5.3.1.1 Dynamic RAM shall be provided for each dual redundant processor for storage of data tables, application pro-
gram and processor scratch pad memory. Minimum capacity of RAM shall be sized according to the application in-
volved plus 50% spare capacity.
5.3.2.1 ROM with sufficient capacity shall be provided for storing the executive program (Operating System).
5.3.2.2 Electrically Alterable Programmable Read Only Memory (EAPROM) shall be provided in conjunction with
the dedicated application program RAM, as a backup media for storage of programs and data tables.
5.3.2.3 The dedicated RAM and corresponding EAPROM capacity shall be sized according to the application involved
plus 50% spare capacity.
5.4.1.1 The I/O system shall be modular in design and shall comprise of one or more heavy duty chassis. Terminations
of the I/O shall be to the I/O chassy, not to the I/O modules.
11
IPS-M-IN-290
5.4.1.2 The I/O interface shall be of bus-oriented system preferably. Serial I/O system shall be employed for remote
I/O’s. Application of parallel I/O shall be limited to local I/O’s housed in the same enclosure as the processor.
5.4.1.3 The I/O chassis shall be rack-mounted in an EIA 310C standard 19" rack.
5.4.1.4 Local I/O’s shall be connected to the processor by backplane data bus. Remote I/O’s shall be connected to the
processor by means of serial data highway.
5.4.1.5 The serial I/O interface shall provide a serial outgoing bus which is emanated from the processor and con-
nected to the processor parallel backplane bus through a serial-to parallel converter. The serial interface shall be resi-
dent in the processor unit chassy.
5.4.1.6 Each parallel I/O rack shall be provided with a parallel interface module to communicate with processor paral-
lel I/O interface or other parallel I/O interface modules. An LED shall be provided on the front panel of the module to
indicate proper communication from the preceding module. The interface module shall be provided in full redundant
hot standby configuration.
5.4.1.7 Each serial I/O rack shall be provided with a serial I/O interface module for connecting the remote I/O modules
to the serial link. The serial I/O interface module shall be provided in full redundant hot stand-by configuration.
5.4.1.8 I/O modules shall be capable to operate with either 24 V dc or 115 V ac power to the I/O field according to the
specific project requirements, as indicated in data sheets.
5.4.1.9 The modules shall be replaceable while the system is hot. An offset backplane connector in the Printed Circuit
Board (PCB) shall prevent installation of a module in wrong direction.
5.4.1.10 All modules shall be made of Printed Circuit Board with a permanent front cover with identification labels
and status LED indicators.
5.4.1.11 All I/O modules shall be capable to operate in the environmental conditions as stated in the project data
sheets.
5.4.1.12 Modules that need to be calibrated, e.g. analog input modules, shall have defect and test facilities that allow
in-situ calibration by a single maintenance personnel.
5.4.1.13 Each output module shall control a separately fused supply to each associated actuator. The output fuses shall
be individually accessible.
5.4.2.1 All field sensor devices shall be connected to the PLC via the discrete input modules. The modules shall be
limited in variety for ease of maintenance, spare parts stock, and economical justification.
5.4.2.2 LED status indicators shall be provided on the front edge of module, as a troubleshooting aid, to indicate status
of inputs and fuse blow-out fault condition.
5.4.2.3 The DC or AC inputs shall be of opto-coupler isolated type with fault indication on the front edge of module.
5.4.2.4 The module shall withstand a dielectric test voltage of 2500 V dc or 1000 V ac rms plus twice the working
voltage of the input circuit for at least one minute according to UL 508 standard.
5.4.3.1 All field output devices, activated by the PLC, shall be via the discrete output modules.
5.4.3.2 The output modules shall be fused type for the output circuit, and shall be capable to withstand an inrush cur-
rent of ten times the rated output load for a short period of time. The modules shall withstand a dielectric test voltage of
12
IPS-M-IN-290
2500 V dc or 1000 V ac rms plus twice the working voltage of the circuit for at least one minute according to UL 508
standard.
5.4.3.4 Sufficient redundancy shall be foreseen in the output modules to meet the smooth and reliable operation of the
PLC system.
5.4.3.5 An LED status indicator shall be provided on the front edge of module, to indicate status of the output and fuse
blowout fault, as a troubleshooting aid.
5.4.4.1 Network communication modules shall be provided for both Master/Slave and Peer-to-Peer networking of the
PLC’s in a multi processors PLC system.
5.4.4.2 The Peer-to-Peer network communication shall have an access determination protocol based on either IEEE
802.4 token bus or Carrier Sense Multiple Access with Collision Detection (CSMA/CD) protocol according to IEEE
802.3 standard.
5.5.1 General
5.5.1.1 Power supplies shall be redundant and monitored type. Upon a drop in the supply voltage below it’s minimum
rated level, proper action shall be taken to bring the process into a safe condition by the PLC system.
5.5.1.2 The redundant system’s power supply unit may be mounted in the same enclosure as the CPU, or may be a
separate unit connected via a heavy-duty cable. Auxiliary power supply units shall be used to extend the I/O capacity.
Both types of power supply units shall be identical, to minimize spare parts requirements.
5.5.1.3 Internal critical fusing on power supply modules and field inputs and outputs shall be duplicated to avoid a
spurious plant trip due to fuse aging. Fuses shall be of the alarming type wired to annunciator, to alarm on malfunction.
These alarm counts shall be included in the active I/O count.
5.5.1.4 Incoming line voltage monitoring shall be provided. Should the line voltage drops below it’s minimum rated
level for more than one-half cycle, the power supply unit shall signal the CPU to stop communication with the I/O inter-
face modules, before the loss of logic-level power to the CPU occurs. Fail-safe design shall insure an invalid output
command transmission does not occur during a power dip.
5.5.1.5 Automatic shutdown of the power supply unit shall occur whenever overvoltage, undervoltage, and/or overcur-
rent conditions are detected at the output side of the unit. Such an status shall be indicated on the front edge of each
power supply unit.
5.5.1.6 The power supply input circuit shall have independent over current protection, as well as transient over-voltage
protection.
5.5.1.7 The PLC design shall preclude incorrect commands to the field output devices when main system power is ap-
plied or restored, i.e., power to the logic circuitry shall be applied well before I/O circuits and when all circuits have
been reset.
5.5.1.8 Redundant processor power supplies shall not be loaded 100%, but rather around 70%.
5.5.1.9 The Cards of the logic power supplies shall be so arranged as to permit any one of them to be removed for
maintenance while the system stays on-line and under power.
13
IPS-M-IN-290
5.6.2 The program loader programming device shall consist of two 3½" floppy disk drives, a board to interface to the
PLC, 40 MB hard disk, VGA CRT display, positive depression QWERTY keyboard and functional keyboard.
5.6.3 The program loader programming device shall permit to address ladder logic by label in addition to numbered
address.
5.6.4 The terminal shall provide full ladder logic documentation on floppy disk for backup purpose. In the event that
PLC memory is purposely cleared, memory may be reloaded from the backup copy.
5.6.5 The terminal shall be capable to monitor the status of ladder logic as it is executed (real time). Also, a search
function shall be provided to locate contacts quickly, using either line number or contact type.
5.6.6 The terminal shall be capable to force the output contacts to required position by the operator command.
5.7.1 General
5.7.1.1 The software shall be of high quality to ensure reliable operation throughout its life.
5.7.1.2 The programming device shall be equipped with a compiler to translate user’s programs into the machine lan-
guage to be loaded into the processor.
5.7.1.3 The programming device shall be equipped with necessary softwares to accept user programs in two different
languages, i.e., ladder diagrams and Control System Flowchart (CSF).
5.7.1.4 The programming language shall be of structured type, in a manner to enable software rationalization, for eas-
ier manageability, transparency, and cost efficiency.
5.7.1.5 Software facilities shall be provided to test the logic of the program at regular intervals, in order to check the
performance of the system.
6.1 General
6.1.1.1 The batch control shall be performed by a; packaged, preconfigured, PLC based control system.
6.1.1.2 The package shall be capable to control, from simple, single product/single-stream processes to complex multi-
product/multi-stream processes.
6.1.1.3 The system shall comprise of Programmable Logic Controller (PLC) for process control and an industrial
micro-computer for operator interface, recipe management, and plant control.
6.1.1.4 The batch control package shall have the following features:
- Recipe control to be developed and altered off-line and loaded into the batch control package.
- A recipe formula which can be altered on-line to accommodate unexpected changes.
14
IPS-M-IN-290
6.1.1.5 The PLC shall have a high-level instruction set in addition to Sequential Function Chart (SFC) programming
to allow segmenting the control scheme and programming it into the PLC memory.
6.1.1.6 The PLC proposed for batch control shall be of distributed architecture type in a manner that several PLC’s
may be networked together with pertinent workstation and programming terminals.
6.1.2.1 The PLC system proposed for batch control system shall contain control strategies for both continuous loops
and discrete devices, to perform the continuous control of the required batch operations.
6.1.2.2 The continuous control loop strategies shall range from simple regulatory PID control to advanced user-
defined algorithm controls.
6.1.2.3 The continuous and discrete control strategies shall be capable to be configured by means of the operator inter-
face terminals.
6.1.2.4 The number of controller loops available in the PLC system shall be equal to the numbers defined in the pro-
ject data sheets plus 50% more control loops for future expansion and trimming of the control system.
6.1.3.2 Both processors of the PLC shall share a common data base, staying fully informed of each other’s status at all
times. One PLC’s processor shall act as a lead, with the other ready as a backup.
6.1.3.3 When a fault occurs, the backup controller shall resume the control, smoothly and automatically.
6.1.3.4 Parallel and serial I/O, or a combination of both configurations shall be incorporated into the redundant system
as may be required in each specific project.
6.1.3.5 Switching time between controllers shall be insignificant considering the nature of the process encountered.
6.1.4.1 The system shall be modular, multiple processor, industrial controllers in standard 19" rack according to
ANSI/EIA 310C standard.
6.1.4.2 The operator consoles shall be designed and constructed according to ANSI/HFS 100 considering the human
engineering factors.
6.1.4.3 The PLC vendor shall provide the following diagnostic programs on his proposed system:
6.1.4.4 The errors revealed by above mentioned diagnostics shall be classified as "fatal" or "non-fatal" and stored in a
specially designated table. Fatal errors such as; memory failure or low power supply, shall cause a "fatal relay" action to
energize a failure notification and failure protection scheme, i.e., taking in action the redundant unit.
6.1.4.5 The failure designated table shall be capable to be examined, by programming tools provided in the PLC, for
specific failure area and shall be capable to be diagnosed accordingly.
6.1.4.6 The PLC system shall be capable for use within a multivendor environment by employing, MAP/OSI interface.
6.1.4.7 The system shall be capable to operate in the project environmental conditions, as specified in project data
sheets.
15
IPS-M-IN-290
6.2.1 General
6.2.1.2 The processor shall be equipped with advanced instructions set including file handling, sequencers, diagnostic,
shift register, and program control instructions.
6.2.1.3 The processor shall be capable to be equipped with local parallel I/O system for high-speed processing applica-
tions.
6.2.1.4 The processor shall have suitable programmable input interrupts and global status flags.
6.2.1.5 The processor shall be capable to be organized as a multiprocessor system to perform the following tasks,
minimally:
- Run a single program where a complex task requires; fast, parallel processing, to optimize the performance.
- Run individual programs while communicating with each other for close-coupled multi-process coordination.
6.2.1.6 Each processor in a multi-process configuration shall support a main application program while performing
background tasks for non-time-critical functions.
6.2.1.7 The I/O memory scan time shall be better than 1 mSec/KB for local (parallel interface) I/O unit. The scan time
for remote I/O (serial interface) shall be better than 4 mSec per rack of remote I/O.
6.2.1.8 The processor unit shall be equipped with the following interfacing modules:
- Host computer
- PLC-to-PLC
- Data highway
- MAP/OSI interfacing to DCS
6.2.1.9 The CPU shall have multiple contexts for storing more than one program in memory.
6.2.1.10 The processor unit shall be equipped with both parallel and serial I/O interface units to be used for I/O sys-
tem.
6.2.2.1 Each processor module shall be equipped with 32-bit microprocessor and suitable built-in Random Access
Memory (RAM). The built-in memory size shall be minimally 40 KWord.
6.2.2.2 The CPU unit shall have RS-232/RS-423, or RS-449/RS-422 connection port, in addition to the data highways
for remote I/O scanner connection.
6.2.2.3 The CPU shall have parallel I/O port in addition to above mentioned ports for connecting local I/O units to the
processor.
6.2.2.4 The CPU of the PLC shall preferably be an 80486-based multiprocessing computer with one processor card to
emulate the PLC function.
6.2.2.5 The CPU module shall be capable to support DOS, OS/2 and Unix Operating Systems.
6.2.2.6 The CPU shall preferably employ industrial backplane for connecting different modules of the PLC. The back-
plane shall use Extended 32-bit Industrial Standard Access (EISA) bus system preferably.
16
IPS-M-IN-290
6.2.2.7 The CPU shall continuously scan the application program stored in memory, along with the status of all inputs,
and execute specified commands to the appropriate outputs.
6.2.2.8 The CPU operating mode shall be visually indicated on the CPU module front panel. The fault conditions of
the CPU shall also be indicated.
6.2.2.9 The CPU shall be capable to be connected to a computer device for program entry, and a printer for documen-
tation of the application program stored in the PLC’s memory (e.g. ladder diagram, I/O cross reference and memory
listing).
6.2.2.10 The CPU shall be provided with a "Watchdog" timer to measure the time that CPU consumes to execute the
user’s program. If this time exceeds a predetermined value, the Watchdog timer shall cause the processor to indicate a
fault condition and shuts-down the processor in a safe manner.
6.2.2.11 The CPU shall be equipped with four distinct types of memory, preferably. These memories are:
Dynamic RAM shall be provided with suitable battery back-up; to retain program integrity, for storage of application
programs, data tables, and scratch pad memory. Minimum capacity of RAM memory shall be considered to be 8 K
Words.
6.3.2.1 ROM with sufficient capacity shall be provided for storing the executive program (Operating System).
6.3.2.2 Electrically Alterable Programmable ROM (EAPROM) shall be provided in conjunction with a dedicated
RAM. The logic application program shall be executed from a current copy in the PLC RAM. A second copy of logic
application program shall be held in EAPROM to enable loading back this copy into the RAM on command or auto-
matically. This procedure is necessary to provide protection against program loss by power failure. The dedicated RAM
and corresponding EAPROM capacity shall be considered 16 K Words minimally.
6.4.1.1 All field instruments and equipment external to the PLC shall terminate in terminal strips located in marshal-
ling enclosures specified in article 8 herein.
6.4.1.2 Cabling from the PLC vendor supplied marshalling enclosures to the PLC interface module shall be via cord
sets with plug and socket connections. Details of the cord sets shall be supplied by the Vendor for Company’s approval.
6.4.1.3 The I/O system shall be modular in design and comprise of one or more heavy duty chassis. Terminations shall
be to the I/O chasssis, not the I/O modules. The I/O chassis shall be rack-mounted, of EIA-310C 19" rack type, and
shall be connected to the processor by backplane data bus.
17
IPS-M-IN-290
6.4.1.4 The I/O interface shall be of bus-oriented system preferably. Serial I/O system shall be employed for remote
I/O. Application of parallel I/O system shall be limited to local I/O’s housed inside the same enclosure as the processor
module.
6.4.1.5 The serial I/O interface shall provide a serial outgoing bus which is emanated from the processor and con-
nected to the processor parallel backplane bus through a serial-to-parallel converter resident in the processor unit.
6.4.1.6 Each parallel I/O rack shall be provided with a parallel interface module to communicate with processor I/O
interface or other parallel I/O interface modules. The I/O interface module shall have two D type connectors; the male
connector shall be the IN port and the female connector shall be the OUT port. An LED shall be provided on the front
panel of the module to indicate proper communication from a preceding I/O interface module.
6.4.1.7 Each serial I/O rack shall be provided with serial I/O interface module for connecting the remote I/O modules
to the serial link. The serial I/O interface module shall be provided in full redundant hot stand-by configuration.
6.4.1.8 All types of I/O modules shall be provided with either 24 V dc or 115 V ac power to the I/O, as specified in the
project.
6.4.1.9 All modules shall be made of Printed Circuit Board (PCB) with a permanent front cover with identification
labels and status indicators. The PCB shall be simply inserted into the desired slot of the EIA 19" rack unit. An offset
backplane connector in the PCB shall be provided to prevent installation of a module upside-down.
6.4.1.10 There shall be no need to disconnect the power to the faulty or other modules for removing and/or replacing
the modules.
6.4.1.11 All I/O modules shall be capable to operate in the specified project environmental conditions.
6.4.2.1 This modules shall be provided to sense the status of limit switches, push-buttons, and other discrete sensors.
6.4.2.2 Since, noise suppression is of great importance in preventing false indication of inputs (e.g., turning on and off
because of noise), the Vendor shall submit his filtering methods complete with input module circuit diagrams with his
bid proposal to be examined and evaluated by the Company. Filtered input modules shall be employed only for noisy
signals; since, the more noise immune an input is, the slower it will be because of all the filtering required to reject
noise signals.
6.4.2.3 As a troubleshooting aid, LED status indicators shall be provided on the front cover of the module to show
inputs and fuse blown-out status.
6.4.2.4 Modules shall be available with 8, 16, and/or 32 points for greater flexibility of selection and cost savings.
6.4.2.5 There shall be no need to disconnect the pertinent wirings in order to replace modules.
6.4.2.6 The DC or AC inputs shall be of isolated type with optical isolation and LED indication of the opto-coupler
status on the front cover of the module.
6.4.3.1 This module shall be provided to interface to ON/OFF output devices, such as; motor starters, pilot lights,
solenoid valves, relays, and valves.
6.4.3.2 Discrete output modules shall be capable of withstanding an inrush current of ten times the rated load for a
short period of time without failure, since output loads are usually highly inductive and exhibit a large inrush current.
The output module shall be fused for system protection.
18
IPS-M-IN-290
6.4.3.3 All output modules shall be of isolated type and shall with-stand a dielectric test voltage of 2500 V dc or 1000
V ac rms plus twice the working voltage of the circuit (minimum) for at least one minute according to UL 508 standard.
6.4.3.4 The discrete output modules shall provide self-diagnostic assurance. Each module coverplate shall have dis-
play LED’s to signify the faults probable in the circuit, as a troubleshooting aid, in a manner to reduce maintenance
time.
6.4.3.5 Modules shall be available with 8, 16, and/or 32 points for greater flexibility and cost savings.
6.4.3.6 There shall be no need to disconnect the pertinent wirings, in order to replace faulty modules.
6.4.4.1 This module shall be intelligent, microprocessor-based and shall be provided to sense and/or drive analog sig-
nals. Analog inputs may come from devices, such as; thermocouples, strain gages, pressure sensors or any other process
variable that provides signal voltage or current. Analog outputs shall be of standard industrial signals and may be used
to drive devices, such as; voltmeters, x-y recorders, servo motor drives, control valves, and so on.
6.4.4.2 The analog I/O module circuit shall consist of either Digital-to-Analog (D/A) converters for outputs or
Analog-to-Digital (A/D) converters for inputs, to directly interface analog signals to the programmable controller.
6.4.4.3 The analog input module shall be capable to measure analog signals connected to its input and converts this
signal to high resolution value (minimally 12- binary value).
6.4.4.4 The analog input module shall be selectable (by the range jumpers or thumbwheel switch) for unipolar or bipo-
lar voltage inputs (0 to 5 V, 1 to 5 V, 0 to 10 V, -5 to +5 V, -10 to +10 V). The current mode for 0 to 20 mA, 4 to 20
mA, or 0 to 50 mA input devices may be employed by installing a 250 ohm resistor in parallel with the input on the
marshalling rack.
6.4.4.5 The analog input module shall be equipped with a front accessible span and offset potentiometer for calibration
purpose.
6.4.4.6 The I/O modules shall provide isolated inputs and outputs.
6.4.4.7 The analog output ranges shall be user selectable among the following values;
6.4.4.8 The I/O module shall accept and/or deliver eight differential inputs or outputs per module, preferably.
6.4.4.9 The module shall be equipped with LED diagnostic lights on the front plate of the PCB. If A/D or D/A conver-
sion do not occur in a predefined time a fault condition shall be indicated by the LED indicators.
6.4.4.10 Vendor shall quote the following information with his bid proposal:
6.4.5.1 The PID, I/O module shall be intelligent, microprocessor based and shall perform closed loop PID control. The
module shall be capable to control one or two PID loops independently or linked together by cascading (cascade the
output of loop 1 into the setpoint of loop 2) or decoupling.
6.4.5.2 The PID loop I/O module shall meet the requirements setforth in the following paragraphs;
19
IPS-M-IN-290
6.4.5.3 The PID module shall be capable to be used with all variety of I/O devices that operate in the 4 to 20 mA or 1
to 5 V dc range.
6.4.5.4 The following control features shall minimally be foreseen in the PID loop module;
- monitoring the process variable, comparing it with the desired setpoint, and calculating the required analog out-
put based on its internal programmable control algorithm,
- read the process variable (PV), applying a user programmable normalization and digital filtering to the PV,
- and detecting the loss of the PV.
6.4.5.7 The module shall be capable to accept two discrete inputs for MAN/AUTO status of each controller resident in
the module.
6.4.5.8 The PID loop module shall perform the following interfacing with PLC processor and/or the Operator Station;
6.4.5.9 PID loop module shall be provided for the batch control loops specified in project data sheets.
6.4.6.1 Remote I/O adapter module shall be provided to serve as an interface between I/O modules in remote I/O racks
and the PLC serial I/O interface.
6.4.6.2 The adapter module shall be of multi-drop type. The modules shall be of dual redundant, hot stand-by configu-
ration.
6.4.6.3 The module shall be capable to support minimally 16 I/O racks and shall have electrical (physical) connection
made by two RS-232C (25 pin) D type connectors. The vendor shall provide all cablings (ready to install type) and
terminations according to the project specific requirements.
6.4.6.4 The adapter module front plate shall contain status LED’s to indicate channel and module operating status.
6.4.6.5 The module shall have DIP switch on the printed circuit board to set the starting address for each channel and
perform other addressing selections of the module channels.
20
IPS-M-IN-290
6.4.6.6 The module shall have internal self-test routines to be activated at; start-up and/or initialization by the proces-
sor. A pass LED on the front plate shall indicate a successful module self-test. Channels connected to this module shall
have LED’s to indicate "active" link or link "fault".
6.4.6.7 One remote I/O adapter module shall be provided for each remote I/O rack, minimally.
6.4.7.1 The local I/O adapter module shall control the local I/O rack modules and communicate with the processor
parallel I/O interface or other local I/O modules, to be used for increasing the quantity of local I/O modules.
6.4.7.2 The module shall have two D type connectors, one male connector as IN port and one female connector as
OUT port to be connected to other local I/O modules.
6.4.7.3 The adapter module front plate shall contain status LED’s to indicate "active" link or link "fault".
6.4.7.4 The module shall be capable to connect up to 16 independent I/O racks together, minimally.
6.4.7.5 The module shall allow disconnection of a rack from the bus without shutting the system down.
6.4.7.6 The module shall have DIP switch on the Printed Circuit Board to set the configuration, output handling func-
tions, and module configuration.
6.4.7.7 One resident I/O adapter module shall be provided for each local I/O rack, minimally.
6.4.7.8 Sufficient redundancy shall be considered in providing local I/O adapter modules by the Vendor, to meet the
availability requirements.
6.4.8.1 ASCII interface module shall be provided in the PLC system as an interface between the programmable logic
controller and any peripheral device that generates and/or receives ASCII characters, such as; terminals and printers.
6.4.8.2 The interface shall provide RS-232C transmission with D-type 25 pin connectors.
6.4.9.1 The PLC system shall provide MAP/OSI gateway to be used for connecting the system to other vendor’s
PLC’s and/or to DCS.
6.4.9.2 The gateway communication to other systems shall be implemented by means of two RS-232C, 25-pin, D-type
connectors.
6.4.9.3 Diagnostic routine alarms of the PLC shall be transmitted to DCS, by this gateway.
6.4.9.4 The gateway shall accept continuous READ and WRITE commands from the DCS and shall provide mapping
of the PLC registers into the DCS.
6.4.9.5 The MAP gateway shall be capable to work as a node in multi-drop network.
6.4.10.1 Network communication modules shall be provided for both Master/Slave and Peer-to-Peer networking of
the PLC’s in a multi-processor PLC system.
21
IPS-M-IN-290
6.4.10.2 In a Master/Slave PLC networking configuration, there will be only one master processor which sends com-
mands out to other slave processors, and they respond appropriately. The Vendor shall quote the deterministic access
time in his bid proposal (basically for remote intelligent I/O system).
6.4.10.3 The Peer-to-Peer network mechanism shall allow any processor on the network to initiate messages. The ac-
cess determination protocol on the network shall be either token-passing protocol employing IEEE 802.4 token bus or
Carrier Sense Multiple Access with Collision Detection (CSMA/CD) protocol according to IEEE 802.3 standard.
6.5.1.1 Two industrial type workstations shall be provided for each PLC system as operator interface complete with all
accessories mounted in operator console.
6.5.1.2 The operator interface shall be; modular, multipurpose color graphic workstaion. The workstaion shall be di-
rectly connected to the PLC processor via data highway and shall have the capability to be networked with remote
PLC’s and I/O devices using interface modules.
6.5.1.3 The workstation shall be IBM PC compatible with 140 Mbyte hard disk and 3.5" dual high density floppy disk
drives with 1.44 MB capacity. The workstaion shall be used as general-purpose graphic-based program loader for the
PLC processor.
6.5.1.4 The CRT of the workstation shall be 14-inch (minimum) color and of VGA type.
6.5.1.6 The workstation shall be provided with NEMA type 4 front panels.
6.5.1.7 The workstation shall be provided with QWERTY-101 keyboard and additional functional keyboard for con-
trol diagram programming.
6.5.1.8 The workstation shall be provided with two serial and one parallel communication ports.
6.5.1.9 The power voltage of the workstation shall be 110/220 V ac, 50 Hz.
6.5.1.10 The operator console design shall be in accordance with the best human engineering factors, in a manner; to
reduce the effects of human errors, and shall be easy to operate type.
6.5.1.11 The operator console shall perform basically the following functions:
- Manipulation of control set-point and alarm setting values and also Manual, Auto, or Cascade operation for
PID loops.
- Performing hourly, shift-end, daily and monthly average and historical trends.
- Receipe generation.
22
IPS-M-IN-290
- Provide limited access to the PLC process for the purpose of maintenance. With this feature, maintenance per-
sonnel can gain limited access to do monitoring and change preset for counters and timers.
- Provide program storage function in some machine readable format on floppy disks.
6.5.1.12 The workstation should be provided with Ethernet Local Area Network (LAN) to be connected to other
workstations either in the same console or elsewhere.
In case of employing LAN, the Vendor shall provide necessary dedicated hardware and software for File Server.
In case of employing other LAN protocols, Vendor shall provide detail information with his bid proposal for Company
evaluation.
6.5.2 Printer
6.5.2.2 The printer shall be microprocessor based; high speed type with excellent letter quality.
6.5.2.3 Connection of the printer to the system shall be made by an integral serial interface port with RS-232C, 25-pin,
D-type connectors.
6.5.2.4 The printer shall support printing of block, character, and line graphics.
6.5.2.5 The device shall accept all types of ribbons, such as; four color, red/black and black only type. The ribbon of
the device shall be of commercially available brands.
6.6.1.1 The programming software shall be provided on the workstation and shall be menu driven software package
for programming, documenting and printing programs on-line.
6.6.1.2 The program shall be either DOS, Windows, or unix compatible and shall include a universal programming
interface to the PLC processor.
6.6.1.3 The program shall create, edit, and monitor any user program.
6.6.1.4 The program shall allow the operator to force any I/O point on the logic diagram and shall display any data file
starting with the Operator requested address.
6.6.1.5 The software shall display program documentation both on-line and off-line and store program on disk for
archiving or downloading to other processors.
6.6.1.6 The programming tools shall provide capability to print program files on the printers.
6.6.2.1 The Operating System program for the workstation shall be multi-tasking employing either MS-DOS, UNIX,
OS/2, or VMS and shall be of the version to work in conjunction with Windows 3 software. Windows NT may be pro-
posed for workstation Operating System.
23
IPS-M-IN-290
6.6.2.2 The PLC processor shall be provided with an executive program to control the functionality of the PLC, and
shall control the action of CPU to perform the following tasks:
6.6.2.3 The executive program shall set outputs to a safe state when a fault detected by diagnostic program and wait
for fault clearance before putting the processor to the start condition.
6.6.2.4 If a power fail has been occurred, the executive program shall turn all outputs to off state and prepare the
processor for power-up starting.
6.6.3.1 This type of software shall be provided, by Vendor, enabling the control engineer to write and store application
softwares in the user memory, in order to; perform the required control over the batch process.
6.6.3.2 User software shall contain batch configuration data for PLC’s with software configuring facility language
programs.
6.6.3.3 The configuration program (if applicable) shall typically consist of assigning I/O points to particular I/O rack,
defining the processor how much memory and I/O is available, assigning specific memory for tasks, determining "fatal"
versus "nonfatal" faults, and other items to be performed interactively on the program loader.
6.6.3.4 The user program shall typically implement operator interfacing, communications, data acquisition and super-
visory control.
The program shall also aid in generating the reports on logic diagrams, I/O image chart, data table map, file operation
summary, cross reference report, instruction comments and index. Vendor shall submit the language programs available
on his system with his bid proposal for Company’s evaluation and appraisal.
6.6.4.1 The diagnostic software shall be provided on the system workstation as a complete hardware/software diagnos-
tic package that; gathers data from the processor to pinpoint the problems as they occur.
6.6.4.2 The software shall communicate machine/process diagnostic information to MMI software to be displayed in
high-resolution color graphics.
6.6.4.3 The workstation shall receive data table information once every control program cycle to ensure faults are de-
tected quickly.
6.6.4.4 The software shall be of menu-driven, Fill-In-The-Blanks configuration, preferably, in an easy to use manner.
6.6.4.5 The diagnostic package shall provide self-diangostic tests in the following categories:
24
IPS-M-IN-290
6.6.5.1 An interactive color graphic operator interface shall be provided in the system to provide all "plant floor" in-
formation through color graphic displays. The package shall be complete with graphic editor, program, and an interface
program to create, edit, display and update graphics.
6.6.5.2 The color graphic displays shall represent the plant operations using ANSI Y 32.11 symbols, enabling the op-
erator to monitor and control the process through the workstation.
6.6.5.3 The software shall be capable of alarm handling according to the user defined arrangement. The alarm han-
dling shall automatically signal the operator through a dedicated screen window on the display. Alarms shall also be
recorded in an alarm summary page.
6.6.5.4 The software shall perform; batch process management, recipe management, batch procedure control and batch
data logging functions.
6.6.5.5 The software shall provide archiving on disk facility for all alarms and operator commands.
6.7.1.1 The system power supply shall be provided to operate the PLC’s processor. The power supply shall be in re-
dundant hot stand-by configuration to provide power directly to the system chassis backplane, by inserting in two slots
of the chassy.
6.7.1.2 A battery compartment in the power supplies shall contain lithium batteries to provide backup power to the
memory and registers of the processor.
6.7.1.3 The power supply modules shall provide necessary power for use by processor rack modules. Other voltages as
required by the processor modules shall also be provided by the power supply modules.
6.7.1.4 At least two status indicators shall be provided on the front plate of the power supply module to indicate the
power is being applied to the module, and the battery is in good condition and power is applied to it.
6.7.1.5 The modules shall contain a front-accessible fuse holder, for ease of maintenance.
6.7.1.6 Processor power supplies shall not be loaded more than 70% of their ratings.
6.7.2.1 Slot power supplies shall be provided in each I/O rack chassy to provide power directly to the chassy back-
plane. The power supply shall be directly insertable into the I/O chassis backplane.
6.7.2.2 The power supply module for each chassi shall be in dual redundant hot standby configuration.
6.7.2.3 The input voltage to the power supply shall be either 110 V ac/50 Hz or 24 V dc as specified in the project data
sheets.
6.7.2.4 The power supply shall contain output power indicators to indicate if the voltage is being supplied to the back-
plane.
6.7.3.1 The auxiliary power supplies shall be provided in dual redundant hot stand-by configuration in each I/O chassy
or enclosure to serve the field mounted instruments, and to extend PLC’s I/O capacity.
25
IPS-M-IN-290
6.7.3.2 The power supply output shall be fused type with operating voltage of either 110 V ac/50 Hz or 24 V dc as
specified in the project data sheets.
6.7.3.3 The Vendor shall size the most suitable power supply system for each enclosure of the I/O system, to operate
at 70% maximum rating in normal operation.
6.7.3.4 The power supply unit shall have a front accessible fuse holder for ease of maintenance.
6.7.3.5 Auxiliary power supply units shall be identical to other power supplies, as much as possible, in order to mini-
mize spare parts stock requirements.
6.7.3.6 The auxiliary power supplies shall be redundant and of operator interface monitored type.
7. RELIABILITY REQUIREMENTS
7.1 The reliability for PLC system shall establish measuring guidelines to determine compliance with requirements
set-forward in this Standard specification and shall indicate risk as well as need for redundancy, fail-safe design, spare
part stocking, and any other protective measures available. Details of definition and equations are included in Appendix
A.
7.2 Software reliability aspects of the system should be discussed and approved by Company.
7.3 The equations indicated in Appendix A shall be used by the PLC vendor to perform detail calculations report of his
proposed system Availability and shall be submitted by his bid proposal to the Company.
7.4 The reliability report, in addition to the Availability result, shall contain the following:
8.1 General
8.1.1 The structure of the enclosures shall be made of heavy duty metal, suitable for self-support mounting.
8.1.2 The depth of the enclosure shall be consistent with the maximum depth of greatest contained control device plus
the electrical clearance. Anyhow the depth shall not be considered less than 500 mm.
8.1.3 All seams of the structure and surfaces of the body shall be continuous welded without any holes or knockouts,
permitted in it.
8.1.4 Stiffeners made of heavy steel shall be welded to the enclosure backs and sides to maintain flatness and rigidity
of the enclosure surfaces.
8.1.5 Maximum overall height of the enclosure shall not be more than 2200 mm.
8.1.6 A minimum of 20% clear sub-panel space surface shall be provided for each enclosure.
8.1.7 Each enclosure shall be equipped with removable sub-panels, made of 3.5 mm thick plates, mounted on collar
studs, for installing the equipment on this panel.
26
IPS-M-IN-290
8.1.8 Terminals shall be mounted on the sides of the enclosure or cabinet. Minimum distance of terminals from bottom
of enclosure shall be 460 mm. Terminals shall be supplied with screw type wire connectors and durable marking strips.
8.1.9 The wiring of the enclosures and cabinets, shall run in suitable wireways, protected with wireway doors. The
wireway shall be sized so that the sum of the cross-sectional areas of all contained conductors do not exceed 50% of the
interior cross sectional area of the wireway.
8.1.10 The wires used shall be of extra flexible, stranded copper type. The size of each conductor used shall be in
accordance with the application encountered. In no circumstances, the wires shall be considered less than 1.5 mm².
8.2 Enclosures
8.2.1 The enclosure shall have access doors for maintenance purpose.
8.2.2 The height and width of the enclosure doors shall be at least fifteen millimeters (15 mm) greater than the corre-
sponding height and width of enclosure opening.
8.2.3 Enclosure doors shall have sufficient rigidity to conserve alignment between mating parts (i.e., door fasteners
and locking devices).
8.2.4 A permanent metal drawing pocket shall be attached inside the door. This pocket shall be at least 300 mm wide
and shall be of sufficient depth to accommodate all pertinent drawings.
8.2.5 The width of the doors of an enclosure shall not exceed 600 mm.
8.2.6 Door swing shall be 165 minimally and shall be attached to the enclosure body with a continuous hinge.
8.2.7 A gland plate shall be incorporated at the bottom of the enclosure. This plate shall be made of steel plates with 5
mm thickness and shall be removable by suitable screws.
8.2.8 The enclosure shall have suitable EIA 19" rack mounting facilities for installing PLC rack modules.
8.2.9 A suitably sized circulation fan with removable anti-dust filters shall be incorporated in the enclosure for heat
removal.
8.2.10 The enclosure ingress protection shall comply with IEC-529/IP 56.
8.2.12 The enclosures shall house all PLC rack modules and necessary power supplies. The enclosures shall be ar-
ranged in a manner that; one enclosure to house all PLC system modules.
8.2.13 The enclosures shall preferably have the following nominal dimensions:
Height ≤ 2200 mm
Width ≤ 1200 mm
Depth ≥ 500 mm
8.2.14 The structure of the enclosure shall be made of heavy duty, minimally 2.5 mm thick metal plates.
8.2.15 The enclosures shall have additional top cable tray entrance, covered by suitable screwed metal sheet plates.
8.2.17 Quick reference charts shall be permanently attached to the inside of each enclosure front door. The chart shall
clarify proper module or PCB placement and assist in the interpretation of the status indicators.
27
IPS-M-IN-290
8.3.1 The operator console, if provided by the PLC vendor, shall be complete with all modules, systems and subsys-
tems in full accordance with the intent of this specification.
8.3.4 The height of the console shall be 1500 mm approximately, with top cover sloping to end side.
8.3.5 The console shall have a writing surface to accommodate the keyboard and function key with nominal depth of
300 mm at the height of 800 mm measured from the floor.
8.3.6 The console frame-work shall be made of sheet steels with minimum thickness of 3 mm. The side panels and
doors shall be made of minimally 1.5 mm thick sheet steel plates.
8.3.7 The console shall be painted by stove enameled method with texture finish in Sea Green (BS-381C, shade 217)
color.
8.3.8 The power and control cables shall enter from the bottom of the console by means of removable gland plates.
8.3.9 The console shall be equipped with a cabinet at lower part to accommodate all electronic modules in standard
EIA 19" card file rack. The cabinet shall have access doors from the front and back of the console.
8.3.10 The console shall be in accordance with the best human engineering factors corresponding with ANSI/HFS-
100.
8.4 Packaging
8.4.1 General
The manner in which a PLC and it’s pertinent I/O system is packaged is critical in determining whether or not a particu-
lar PLC system is feasible for a given application. Several of the factors involved in designing the package for a PLC
system are included herein, which shall be considered by the PLC Vendor.
8.4.2.1 Venting shall be used to transfer heat from the PLC to the environment where the enclosure is located in clean
areas, such as; control rooms. For proper operation, the vents should be near the top of the enclosure. Additional vent-
ing of the package at the bottom allows airflow through the enclosure, thereby increasing the efficiency of heat removal.
Vents shall be designed so that items like screws, nuts, etc., cannot inadvertently fall inside the equipment.
8.4.2.2 Forced air cooling technique shall be employed for heat removal where required, using fans, blowers, and fil-
tering. Since, as a mechanical device, fans and blowers are prone to failure and filters may clog with time, the PLC
packaging shall be capable to operate reliably without these devices, in case of their failure.
8.4.2.3 Heat sinking shall be used to remove heat of heat producing devices, such as; power supply transistors. The
heat sink radiating surface shall preferably be located outside the enclosure.
8.4.3 Wiring
8.4.3.1 Fixed wiring with suitable terminal blocks shall be provided for power supplies and field side of marshalling
racks.
28
IPS-M-IN-290
8.4.3.2 Removable wiring shall be typically used for I/O modules. In this case, the field wiring from the marshalling
rack shall be done to a removable terminal block. In order to remove an I/O module for repair or fuse replacement, the
terminal block on the I/O shall be detachable, to enable the module to be unplugged from the I/O rack backplane.
Inspection and testing is divided in two main categories which shall be performed by Vendor/Contractor and witnessed
by Company’s representative. These categories are:
The PLC Vendor shall submit his own test procedures (Factory Acceptance Test) for all hardware, software, and firm-
ware supplied, based on the requirements specified here-in. No material or equipment shall be shipped, unless all re-
quired tests conducted successfully and certified by the Company assigned inspector.
There are two broad test categories which shall be performed; functional test and Structural test.
Functional test shall be performed with software under test as a "black box". The test shall contain sets of data (both
legal and illegal) and checking of the corresponding outputs. The functional test shall concentrate on the external be-
havior of the system to detect functions that have not been implemented or does not operate properly. The "functional
test" procedure shall be submitted by Vendor for final Factory Acceptance Test (FAT).
"Structural Test", on the other hand, are the "white box" tests where detailed knowledge of the structure and coding of
software is required. This type of test shall be proposed by Vendor for quality assurance tests.
9.1.1 General
9.1.1.1 The tests shall demonstrate the functional integrity of all hardware and softwares. Company assigned inspec-
tors shall inspect the performance of all tests and they shall have access right to all facilities involved in the manufactur-
ing of the equipment purchased under this specification. The vendor shall maintain and/or replace any hardware or
modify the softwares, if the specified functions are not satisfactorily performed in Factory Acceptance Test on the Com-
pany’s inspector judgment. A detailed factory test procedure shall be submitted in the bid proposal by Vendor and shall
be agreed upon before starting the test. Vendor shall provide all necessary personnels and test equipment to perform the
tests as, and when required with the costs included in the bid price and separately indicated.
9.1.1.2 The basic goals of the Factory Acceptance Tests shall be as follows:
- To confirm proper design and implementation, demonstrating to the Company’s inspector that the system meets
the Company specifications.
- To establish that the system performs properly under load and under conditions of stress.
- To confirm proper system configuration and organization. This may involve; setting program priorities (for ex-
ample, which program runs first when several should be run), interconnection of system modules, etc.
- To look for unanticipated interaction between modules, such as; those which might be caused by two programs
inadvertently sharing the same memory location for different data.
9.1.2.1 Quality control shall be as per manufacturer’s quality control standard to assure the good performance of com-
ponents/modules used in the system.
29
IPS-M-IN-290
9.1.2.2 The sampling procedure for the tests will be defined by Company’s assigned inspectors.
9.1.2.3 The Vendor shall perform all routine tests on the modules in the system or a subsystem prior to power-up of
the system.
9.1.2.4 Functional tests for the system may be performed as a rehearsal for the Factory Acceptance Test at this stage.
9.1.2.5 Structural tests shall be performed to find defects in isolation and concentrates on missing paths, wrong paths,
and wrong actions within and between software modules. These tests shall be performed by Vendor’s engineers and
programmers intimately involved in the design and implementation of the system and inspected by Company’s repre-
sentative. The tests shall involve all possible paths in an set of sequence logic.
9.1.2.6 "Functional" and " Structural" tests are both required to prove that a control system works correctly. "Struc-
tural tests" shall be done as the software modules are coded, whereas "Function tests" shall be performed after the sys-
tem or the major subsystem is integrated. The final testing of the total system shall be Functional.
9.1.3.1 The Factory Acceptance Tests shall be performed when all the application software and data bases have been
coded and installed and the Structural tests of individual modules have been successfully completed.
9.1.3.3 The Company’s assigned inspector will perform this phase of the test and shall be applied to all hardware and
softwares of the system. The necessary workmanship and co-operation shall be provided by the Vendor, in addition to
all measuring instruments. All the subsystems shall be interconnected as "per-actual" interconnecting configuration in
the field.
The following paragraphs describe requirements for testing to be performed by Vendor and witnessed by the Company
assigned inspectors. The Company’s inspectors shall have the right to perform any test; themselves, ask for re-
performing any test, or ask for additional test as included in the Vendor’s approved proposal. test procedure
Company’s inspectors will carry out visual and mechanical testing principally to assure; correct, proper, and good
workmanship of the equipment.
When all procedures mentioned here-to-fore has been met, as a minimum, and all utility programs loaded, testing shall
proceed preferably with the following steps:
- First, the ability of the system to correctly read the field inputs must be confirmed.
- Secondly, these inputs shall be manipulated, preferably by appropriate signal sources connected to the input
terminals, and proper operation of the interlock levels checked.
- The ability of the operator to access the system will be very important at the computational safety level (level
2). The interlocks at this level which may have multiple operating modes, shall be tested separately by applica-
tion of a tester replacing the higher levels for the purpose of these testings.
- The proper operation on the regulatory level shall be checked by suitable tester and by changing the set-points
and other directives, through the operator interface.
30
IPS-M-IN-290
- The sequence levels of a batch control system shall be tested. First, the shared units shall be tested with their
local operator interface, if available, or the central operator interface. When this operation is confirmed to be
correct, testing shall proceed to more higher level functions, as they exist, until it is established that the shared
units all respond correctly to the simulated input signals from the process.
- In batch control, the logic for the main process vessels shall be tested (at this point, the logic is supported by all
functionality for the levels below and for the shared units).
- Outputs to files for logging and reporting shall be tested; the logging and reporting programs themselves may
be tested later, independently, after it is confirmed that the data received from the logic are correct.
- Software for production scheduling and other higher level functions shall be tested along with the other batch
control software.
- All process and equipment failure must be simulated and tested during this period, since many failure condi-
tions are difficult and/or time consuming to simulate when the system is connected to the actual process for the
field acceptance test.
- Software testing shall start with Operating System, then control programs and finally utility programs.
1) The Vendor shall submit his test plan at a suitable time before starting of the test. The test plan shall demon-
strate the properly execution of the functions, features, performance, and reliability of the system. The tests shall
avoid non relevant duplication and shall provide greatest coverage with fewer test cases.
2) Plans are required for both "Structural" and "Functional" tests. The plans should specify the sequence in
which a module or a function is to be tested, the required inputs and the anticipated results.
3) The plan for the "Structural test" shall cover all possible paths of logic in a module, and an appropriate subset
or combinations of the logic paths, by the Vendor’s designer and programmers judgment.
4) Company’s representative shall witness all "Structural tests" performed on the modules at any stage of manu-
facturing. Therefore, the test plan shall be suitably timed, to enable the Company’s representative to take part in
the tests.
Each test carried out shall be formally recorded. Any deficiency or problem found in equipment shall be corrected by
the Vendor and exactly recorded. Any changes in configuration, software or data shall be clearly recorded in test log
books.
9.2.1.1 After completion of tests mentioned here-above, the entire system shall be remained energized for 72 hours
continuously, with hands-off the system. The system performance for given simulated I/O shall be observed during this
72 hours.
9.2.1.2 Any malfunction of any kind shall be noted as "Observations" in the Final Acceptance Test report and submit-
ted to the Company for decisions.
31
IPS-M-IN-290
All the latest changes in programs and data-bases, as performed during acceptance test shall be transferred on floppy
diskettes (four copies). Two copies shall be shipped separately by express mail to Company and two other copies shall
be shipped with the PLC system.
The Company assigned inspectors shall sign all Factory Acceptance Test (FAT) reports and log books and consequently
issue a certificate of shipment on satisfactory completion of witnessing tests. Vendor shall properly pack the system
according to shipping instructions and packaging specifications furnished to him by Company and forward all equip-
ment to the Company’s site.
The procedures for Site Acceptance Test are specified in "PLC Construction Standard" IPS-C-IN-290.
10.1 The system supplier shall provide Company’s personnel with adequate training for equipment maintenance and
operation, to get them familiar with the system. The Supplier/Vendor shall provide a description of the training courses
available for his system with the duration and cost of each course by his bid proposal for evaluation. The training
courses shall minimally provide the following subjects:
10.2 The training shall be provided before the work is installed on site. The courses shall be scheduled so as not to be
concurrent; so that a single person may attend all courses.
- location,
- duration,
- schedule,
- pre-requisites,
- training facilities provided.
11.1 General
Documentation of the PLC shall be provided in accordance with, but not limited to, the general requirements as men-
tioned in this section and as listed in the Purchase Order.
Vendor drawings shall be prepared by Computer Aided Drafting (ACAD) system, preferably. Minimally five copies
and one reproducible of all system drawings shall be provided to the Company. Two copies of ACAD drawings shall
also be provided on 3.5" diskettes.
32
IPS-M-IN-290
11.2 Drawings
11.2 1 All system design drawings shall be prepared and submitted for Company’s approval in accordance with recog-
nized standards. Every effort shall be made to minimize the total number of drawings prepared by applying of common
drawings wherever practicable, without loss of clarity.
11.2.2 Prior to start of manufacturing, the Vendor shall submit all drawings for Company’s approval.
11.3.1 Vendor shall prepare and issue a complete set of updated drawings incorporating all modifications, additions or
other changes that have been made during manufacturing and site precommissioning, before final Site Acceptance
Tests.
11.3.2 Each drawing issued at this stage shall be clearly marked with "as-built" stamps and dated accordingly.
11.4.1 PLC Vendor shall incorporate logic design, provided by the company, into his system.
11.4.2 The Company will provide control building, auxiliary rooms and data highway support details to the Vendor.
Vendor shall consider all these constraints in his PLC system design.
11.4.3 Company’s requirements for graphic displays, report format details, DCS compatibility, tabular displays and
drawing numbering system shall be considered by PLC Vendor.
11.4.4 Grounding, power supply and other interfacing details, as required, for each project, shall be fulfilled by PLC
Vendor.
11.5.1.1 Complete listings of the PLC programs, including; system configurations, I/O configurations, ESD configura-
tions, and safety interlock or any other configuration encountered, shall be provided by PLC Vendor.
11.5.1.2 The documentation shall be provided on both paper and magnetic media. Magnetic media shall be readable
by readily available microcomputers.
11.5.1.3 List of all equipment items giving type, manufacturer, etc., shall be provided by the Vendor.
11.5.1.4 Dimensions, weight, power requirements (start-up and running) for all equipment items shall be provided.
11.5.1.5 In addition to above mentioned documents, the following shall also be provided:
- layout drawings
- cabling and termination drawings
- I/O summary and interface specification
- list of all spare parts, tools, test equipment and installation equipment
- packing & transportation specification including storing requirements.
33
IPS-M-IN-290
11.6.1.1 The system hardware description shall generally meet the following format:
- Full technical description of the hardware subsystem and its components, supported by diagrams and discus-
sions of the operating principle.
11.6.2.1 For every software module a full written description of its functions with detail of objectives shall be pro-
vided. The details of descriptions shall be sufficient to allow the determination of the functions of each module.
11.6.2.2 Printed listings of configuration in conjunction with machine readable media configuration codes shall be
provided by the Vendor for the system and each module of the system. The listings shall include comprehensive com-
ments to allow a programmer to make any adjustment to the module for any reason. The appropriate module mainte-
nance techniques shall also be provided.
11.6.2.3 Vendor shall provide all informations required to perform editing and loading of the configuration programs
into the system. Additional information on amendment and replacement of configuration program shall be provided by
Vendor.
11.6.2.4 Two copies of the system database listings on the magnetic media shall be provided to the Company prior to
the Site Acceptance Test. After completion of the acceptance test, sufficient quantities of "as-built" version shall be
submitted to the Company, as specified in the project specification.
11.6.2.5 In addition to above mentioned configuration programs, two complete sets of "master" control system con-
figuration on magnetic media shall be provided for PLC batch control system.
Volume 6 Drawings
34
IPS-M-IN-290
APPENDICES
APPENDIX A
RELIABILITY ESTIMATION DEFINITIONS AND ASSUMPTIONS
The measurement for reliability estimation shall be expressed in terms of Availability, Failure rate, Mean Time Between
Failure and repair duration time (Mean Time To Repair). The data used to calculate the above mentioned terms shall be
universally accepted predictions (i.e. Mil-STD-Handbook 217 predictions), which quantifies expected useful life of
components, utilized under real service conditions.
1
MTBF =
R1 + R2 + ... + Rn
R1 through Rn are the failure rates of components used in the equipment or system.
The MTBF calculation for each equipment used and the whole components shall be submitted for evaluation in
each bid proposal.
The cumulative probability of failure shall be expressed as an exponential decay function, in the form of:
R = e-rt
Where R is the probability that the system operates without failure in a duration indicated by time t, and r is the
failure rate for the class of device as extracted from generally accepted predictions (i.e. Mil-STD. HDBK 217).
The DCS vendor shall provide his certified (MTTR) which will be the measure of repair duration time. Such a
document shall indicate the skills, test instruments and repair spare stocks required to achieve the stated MTTR.
d) availability
Steady state availability shall be calculated as a fraction of time which the system is operational and shall be
expressed as:
For serial subsystems the overall availability shall be calculated by the equation:
A = A1.A2................An
and for parallel subsystems the net availability will be estimated by the equation:
A = 1 - [(1-A1) (1-A2).....(1-An)]
35