Manual de RTU

PDVSA N° TITLE

REV. DATE DESCRIPTION PAG. REV. APPD. APPD.

APPD.BY DATEDATE

VOLUME 9–I

� PDVSA, 1983

K–309 SCADA SYSTEMS

FOR APPROVAL

Eliecer Jiménez Alejandro NewskiAUG.94 AUG.94

ENGINEERING SPECIFICATION

AUG.94 L.T.0 57 E.J. A.N.

ENGINEERING DESIGN MANUAL

ESPECIALISTAS

APPD.BY

��

REVISION DATE


SCADA SYSTEMS

Page 1

AUG.940

PDVSA K–309

Menú Principal Indice manual Indice volumen Indice norma

��

Index

Page

1 SCOPE 4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

2 CODES, STANDARDS AND PRACTICES 4. . . . . . . . . . . . . . . . . . . .

3 DEFINITIONS 5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

4 GENERAL REQUIREMENTS 6. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.1 Function 6. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.2 System 6. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.3 Design 6. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.4 Process Details 6. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.5 Control Systems 7. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.6 Design 7. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.7 Availability 8. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.8 Communications 8. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.9 ESD System 8. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.10 System Capacity 9. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.11 Port Connections 9. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.12 Protection 9. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

5 MASTER STATION 9. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.1 Function 9. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.2 Hardware 10. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.3 Software 10. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.4 Scada Applications 12. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.5 Redundancy and Back–up 19. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.6 Diagnostic and Documentation 20. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.7 Control Room 21. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

6 REMOTE STATIONS 28. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.1 General 28. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.2 Architecture 28. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.3 Hardware Characteristics 29. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.4 Cabinets and Wiring 34. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.5 Power Supply 36. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.6 Grounding System 36. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.7 Radio Frequency Interference (RFI) 36. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.8 System Hardware Testing 36. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.9 Software 37. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

http://www.intevep.pdv.com/santp

http://www.intevep.pdv.com/santp/mid/indice_mid.htm

http://www.intevep.pdv.com/santp/mid/vol09-1/indice_vol09-1.htm

REVISION DATE


SCADA SYSTEMS

Page 2

AUG.940

PDVSA K–309


��

Index (Cont.)

Page

6.10 System Software Test 44. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.11 Diagnostic and Maintenance Equipment 46. . . . . . . . . . . . . . . . . . . . . . . . . . . .

7 NETWORKS 46. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.1 Functional Networks 46. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.2 Communications 47. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.3 Communications Security 47. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.4 Time Synchronization 47. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.5 Node Software 48. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.6 Remote Networks Integration 48. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.7 Security Access 48. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.8 Plant Network 49. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.9 Data–entry Type Checking 49. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.10 Automatic Periodic Storage of Data 50. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.11 Interaction with Other Systems 50. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

8 TELECOMMUNICATION SYSTEMS 51. . . . . . . . . . . . . . . . . . . . . . . . . . 8.1 Technology 51. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8.2 Modem 51. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8.3 Communication Protocols 52. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

9 SYSTEM TUNING 53. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9.1 Proportional Control Loops 53. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9.2 Discrete on–off Control Loops 57. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

10 INSTALLATION AND COMMISSIONING 57. . . . . . . . . . . . . . . . . . . . . .

11 Q. A. / Q. C. 57. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .




REVISION DATE


SCADA SYSTEMS

Page 3

AUG.940

PDVSA K–309


��

FOREWORD

This document is the result of several years’ work by engineers in the petroleum industryof Venezuela (PDVSA).

The recommendations presented in this publication are not intended to supersedeapplicable laws and regulations.

Users of this recommended practice are reminded that no publication of this type can becomplete, nor, can any written document, be substituted for qualifed engineering analysis.

Suggested revisions are invited and should be submitted to:

The manager

PDVSA Engineering Standards,

C/O INTEVEP – TENA División,

Apartado 76343

Caracas – 1070A

Venezuela




REVISION DATE


SCADA SYSTEMS

Page 4

AUG.940

PDVSA K–309


��

1 SCOPEThis section covers PDVSA requirements for the design, specification, installationand commissioning of supervisory control and data acquisition (SCADA) systems.All guidelines of the introduction specification K–300 shall also be explicitlyfollowed.

2 CODES, STANDARDS AND PRACTICESANSI/NFPA 70 National Electric CodeANSI C37.90–1978 Surge WithstandCCITT V.22CCITT V.22 bisCCITT X.25IEC 65A (Secretariat) 123 – Functional Safety of

Programmable Electronic Systems: Generic Aspects.IEC 65A (Secretariat) 122 – Software for computers in the

Application of Industrial Safety Systems.IEC–68–2–6 Sinusoidal vibrationIEC–68–2–27 ShockIEC–68–2–34 Random vibration wide bandIEC 529IEC 801–X Electromagnetic Compatibility for Industrial Process

Measurement and Control EquipmentIEC 801–X Electromagnetic Compatibility for Industrial Process

Measurement and Control Equipment.IEC 801–1 General IntroductionIEC 801–2 Level 3 (8KV) – Electrostatic Discharge RequirementsIEC 801–3 Level 3, Radiated Electromagnetic Field

RequirementsIEC 801–4 Class 3, Electrical Fast Transient/Burst RequirementsIEC TC77B (Secretariat) 72, Magnetic Field (Radiated

Susceptibility)IEEE 1100 GroundingIEEE 472–1974IEEE 802.3, 802.4 and 802.ISA SP50.1–82 “Compatibility of analog signals for Electronic

Industrial Process Instruments”ISA SP84–x “Programmable Electronic System (PES) for use in

Safety Applications” – when availableISO 9001 – Quality Management and Quality Assurance

Standards




http://www.intevep.pdv.com/~citonline/espanol/cat_norm_inter_frame.htm

REVISION DATE


SCADA SYSTEMS

Page 5

AUG.940

PDVSA K–309


��

McGraw–Hill compilation of open systems standards by HAROLDC. FOLTS.

MIL–HDBK–217 EMIL – STD 461C Part 4MIL – STD 462MIL–HDBK–472 Maintainability predictionNEMANFPA 75 Protection of Electronic EquipmentRFC 768/791/792/793/821/854/959/1098.SWEDISH standard MRP II – CRT’sTechnisher Uberwachungs–Verein (TUV) Regnal – TechnicalSupervisory AssociationTUV Rheinland Class 5 Safety Equipment Certification as

it relates to:DIN VDE 0110/01.89 Isolation Requirements for Equipment within

Low–Voltage Systems; Dimensioning of clearanceand Creeping Distances.

DIN VDE 0113DIN VDE 0116/10.89 Electrical Equipment of FurnacesDIN VDE 0160/04.89 Electronic Equipment to be used in Electrical Power

Installations and their assembly into Electrical PowerInstallations

DIN VDE 0165DIN VDE 0170DIN VDE 0470DIN VDE 0801/01.90 Principles for Computers in Safety Related systemsDIN VDE 0804DIN VDE 19250/01.89 Fundamental Safety Aspects to be Considered for

Measurement and Control Protective EquipmentISBN 3–88585–315–9. Microcomputers in Safety Techniques

(TUV–handbook) An Aid to Orientation For Developerand Manufacturer

3 DEFINITIONSAll definitions are listed in specification K–300.




REVISION DATE


SCADA SYSTEMS

Page 6

AUG.940

PDVSA K–309


��

4 GENERAL REQUIREMENTS

4.1 FunctionThe SCADA system shall consist of a master terminal unit (MTU), which gathersall the various measurement and control information and equipment status datavia telecommunication links with intelligent remote terminal units (IRTU) locatedin various process plants and via displays aid the plant operator supervise allprocess operations linked to the system, at one central location and enable theoperator take the necessary actions to ensure safe and optimum operatingconditions of the process plants.

4.2 SystemThe SCADA system is an element vital to operations that collects information,performs the control action and provides all the field information necessary for theplanification of the process at the various supervisory and strategic levels. TheSystem shall have fully automatic facilities for exchange of information to and froma database.

4.3 DesignThe system design shall provide the necessary information to the controllerslocated in the IRTU in order to optimize the process. The Optimization processshall be performed off–line, by other computers, via digital communicationnetworks provided within the system.

4.4 Process DetailsThis specification details the generic requirements of a SCADA system. Theactual process plant details supervised by the SCADA system are given in anannex containing:

� Process control diagrams

� Details of measurement and control functions

� Loop diagrams

� Instrument schedule

� Block diagram of master station with all IRTU’s

� Power supply to MTU and IRTU’s

� Grounding system at MTU and IRTU’s.




REVISION DATE


SCADA SYSTEMS

Page 7

AUG.940

PDVSA K–309


��

4.5 Control SystemsThe SCADA system assisted by Computers performs via dynamic real time dataprocessing supervision and Control Functions via telemetry utilizing datacommunication channels in serial form either of the low or medium quality. Thescanning period is less than one third of the natural period of the process.

The Control Functions are divided into two levels, the local control and the remotecontrol from the operator stations at the MTU. The local control is located in theIRTU and programmable with the security that its execution under the IRTUoperating System is achieved within the time necessary for the process. Theremote control is restricted to initiations of a sequence of start–up, shutdown orchange of set–point of the local control. The local control functions shall notdepend in any manner on the communication links, and the IRTU, in the failure ofcommunications links with the master station, shall not result in the maloperation/sof the process.

The control system design shall be advanced type, i. e., in addition to normalcontrol loops based on flow, level, pressure, temperature, analysis, etc., each ofthe set points of these loops shall have an option of being resetable, between thelimits of plus 10% and minus 10% based on energy or mass or thermodynamicbalances or dynamic model calculations.

Ratio, cascade loops and wide range flow measurement systems shall bejudiciously implemented together with dynamic pressure reduction orreboiler/furnace heat cut–off/compressor flow protection systems in order tosafeguard plant and ensure stable operation, for example, operating a plant atlower throughput rather than shutting it down.

4.6 DesignThe SCADA system shall be of modular design, with latest field proven hardwareand software, consisting of operator consoles with screens, process input/outputdevices, electronic controllers, multiplexers, bulk data storage, communicationsystems, termination cross–boards, signal conditioning equipment andengineering/maintenance screens in order to perform on–line reconfiguration andto test all system components with on line and off–line diagnostics.

The system shall be updatable with new equipment and/or improvements.




REVISION DATE


SCADA SYSTEMS

Page 8

AUG.940

PDVSA K–309


��

4.7 AvailabilityThe system shall be designed for maximum availability, safety, and integrity99.99% or better in both fail–safe and fail danger modes. This figure excludes thelink between the IRTU and MTU as the telecommunications system has aminimum availability of 98%. Availability is defined as:

Availability % �Mean Time to Failure (MTTF)

MTTF � Mean Time To Repair (MTTR)� (100)

Availability figures shall be provided, with method of calculation and allassumptions clearly stated. Data for failure rates shall be derived from MIL HDBK217 E wherever possible. Calculations shall be based on the ISA SP84 committeerecommendations.

The design system availability shall be based on MARKOV configurationdiagrams and the correlation of the MTBF and the MTTR of the System parts andalso the availability of the spare parts at the various stations both the master andthe IRTU’s.

Any system failure fault shall be to a fail–safe state.

4.8 CommunicationsCommunications between the MTU and consoles shall be digital. Thecommunications system shall have automatic selfchecking facilities and includea fully redundant second link, that is automatically switched into service on failureof the primary operating link. Reset back to primary operation shall be manual viakeyswitch or password entry.

The telecommunication system shall link the master station with the remotestations using the medium or low quality channels. It shall also include all theprotocols necessary for processing the messages with a high probability of errorsand even under these conditions make efficient and optimum use of thetelecommunication channel.

4.9 ESD SystemThe SCADA shall not perform emergency shut down (ESD) requirements of theplant. The ESD system shall be a separate entity in accordance with PDVSASpecification K–336.




REVISION DATE


SCADA SYSTEMS

Page 9

AUG.940

PDVSA K–309


��

4.10 System CapacityThe SCADA shall cover the project requirement and have minimum 30 percentspare rack space, 30 percent on installed I/O conversion, controller andmultiplexer capacity and 30 percent on area space in the equipment room.

4.11 Port ConnectionsThe SCADA shall have port connections to link with other equipment both at theMTU and IRTU – stand alone controllers, supervisory and optimizationcomputers, PLC’s and interface with protocols such as MAP, Ethernet, MODBUS,Allen Bradley, Data Hiway, Tiway, Genius, etc. This shall include simultaneoustransmission of information to these equipments and also receive instructionsfrom them.

4.12 ProtectionThe system shall be protected against errors and hardware damage resulting fromelectrical transients on power or signal wiring, generated by switching largeelectrical loads, by power line faults, lightning strikes and lightning induced surgeson power or signal cables in accordance with IEEE 472–1974.

All components of the SCADA shall be immune to electromagnetic radiation andradio frequency interference generated by hand held walkie–talkie sets inaccordance with IEC–801, 1 to 3.

5 MASTER STATION

5.1 FunctionThe master Terminal Unit (MTU) shall serve as a central collector of all informationinputs from the field and process the data to make available on demand at alloperating stations of the SCADA system and to the various application programsrun in the system.The MTU shall be configured as a combination of intelligent elements that areinterconnected via a local area network.The MTU shall additionally serve as an administrative and maintenance stationof either the local area network or the wide area network with the nodes andservices, permitting at the same time the maintenance of a local area network.The following minimum functions shall be available:

� Supervision of remote stations� Annunciation and acknowedgement of alarms and events� Classification of alarms and events� Printing of alarms and events




REVISION DATE


SCADA SYSTEMS

Page 10

AUG.940

PDVSA K–309


��

� Historical storage of alarms and events� Input signal processing (analog, digital, thermocouple, RTD and pulse

frequency)� Historical data storage of input process signals� Display of process measurement signals (bar and trend)� Access control and security levels� Implementations of specific applications.

5.2 Hardware

The architectural systems shall be based on local networks and in the model client– server in which the operator stations are the intelligent clients of a computernetwork that provides them with the information on demand.

There are two fundamental designs of the master station, both based on networktechnology, the use of communication servers, database servers and intelligentoperator stations, one based on microcomputers and the other based onminicomputers.

It is the clear responsibility of the SCADA system designer to establish with clarityin detail the limitations of the architectural systems based on networks comprisedof microcomputers, attractive from an economic point of view but are limited intheir expansion capabilities.

The architectural systems based on minicomputer used as database servers aremore stable and have a large capacity for expansion which indicate that differencebetween one system and the other is based on the complexity of the processoperations.

5.3 Software

Operative system

The station shall run a multitask real time operative system based on interruptionsand having as reference the process plant to be controlled with preferences givento UNIX and OpenVMS operative systems.

5.3.1 Data base

The data base shall contain in real time all necessary data and applicationprograms that are run in the MTU in order to meet the process operationalrequirements as per paragraph 4.4.

The data base shall not depend on any program language. If the data base isaltered it shall not be necessary to alter manually any reference already preparedfor the system, programs or special applications.

In the event of any modification to data base the modification to the pointers shallbe performed automatically.




REVISION DATE


SCADA SYSTEMS

Page 11

AUG.940

PDVSA K–309


��

Expandability

The system shall have 100% expansion capacity.

Access restriction

The access to data base is through use of password.

Modification

The database shall be modifiable on line from the operator or maintenanceconsole in a transparent form during the normal operation of the SCADA system.

The concurrent access to database fields shall be avoided in order to ensuresimultaneous operations are not performed in the same field.

The system shall possess an interactive facility that permits modifications todatabase intuitively.

5.3.2 Specific Applications

The system shall have facilities to develop specific applications in high levellanguage using the internal libraries of the SCADA system, posses access tosystem database both for reading and writing.

Application programs in machine or assembler language are not acceptable andtheir use is only permitted subject to PDVSA approval.

Languages

They shall be the latest version of the following:

– FORTRAN

– PASCAL

– C

– C + +

Libraries

Each language shall be complete with its specific library that permits themanagement of database in real time.

The access to database shall be Bi–directional, i.e. permit read and write in thevarious database fields at the same time.

The documentation of all the routines shall be complete in its use and facilitate towrite necessary commands.

Sources

The system documentation shall be complete with all the sources of the variousapplication programs developed for the SCADA system.




REVISION DATE


SCADA SYSTEMS

Page 12

AUG.940

PDVSA K–309


��

5.4 Scada ApplicationsThe software system shall perform the tasks detailed below.

5.4.1 Process displays

� P& ID’s and other “graphic pictures” shall detail a particular area of the processor provide an overview of more than one area of the unit. Values shown onthese displays shall be updated at a 4 second interval to optimize the ergonomicinterface to the operator. e.g., minimize eye strain and fatigue. Critical valuesshall be updated at a one–half second rate.

� Group displays shall show the values and status of the primary operatingparameters in both numeric and graphic (bar) form a minimum of six displaypoints. Any data point shall be capable of being assigned to one or moregroups. The operator shall be able to make process changes to any of thepoints assigned to this display (i.e., setpoint, mode, output, etc.).

� Point detail display shall characterize every parameter and attribute of the datapoint. The individual data point shall be manipulable in either an on–processor off–process mode depending on security level.

� Group trend display shall graphically present historical process data, for anyor all six points on an x–y axis with the x axis representing time. This timeresolution shall be selectable by the operator. In addition, the six points shallbe trendable on a operator selectable time base using real time data. They axis shall represent the range of the process variable 0 to 100% or an operatorselectable band, either unipolar or bipolar. Each trend shall have an uniquecolour.

� Hourly average shall display the last 8 hourly averages for the points of theselected group display in tabular form including the corresponding clock times.The points shall be identified by both Point ID and Descripton.

� Help displays shall provide detailed information to the operator about aparticular function.

5.4.2 System displays

� System status displays shall show the state of every major component in thesystem and individual modules or nodes to be started, stopped, switched (forthose nodes with primary and backup) or checked for status and operability.

� Console status display shall show the state of each device in the consoleincluding node number, printer assignments, disc assignments andmaintenance requirement. It shall permit to enter time, day and date, loadanother node, shut down a node, change printer assignments and change theaccess level from this display.

� Box point summary shall show the point ID., Description, IRTU to which thepoint is assigned and the slot number for each requested point.




REVISION DATE


SCADA SYSTEMS

Page 13

AUG.940

PDVSA K–309


��

� Point usage list shall show the descripton, hardware location, IRTU to whichpoint is assigned, trends to which point is assigned and logs to which any pointID is assigned.

� Point attribute summary shall show the point ID(s) of one or all points whichcontain one of the following operator selectable attributes.

– Alarm Inhibit – Inhibit action

– Alarm Disable – Computer set point

– Manual PV – Loaded

– Substituted PV – Not Loaded

– Uncertain PV – Error

– Bad PV – Fail

– Manual Mode – Hold

– Cascade Mode – Shutdown

– Program Mode – Emergency Shutdown

� Node point summary shall provide a listing of all points within the selectedmodule. It shall be arranged in point ID order and contain the point descripton,group number and device address. A separate display shall be available foreach node/module.

5.4.3 Network access

Operator Station shall allow access to business related data documentation inaccordance with specification K–362. Applications running in different platformsof the Network shall appear in a window on the screen and interact with the user.Security mechanisms shall prevent using the Network to manipulate processcontrol network data.

The screen shall have the option of retaining the primary process control windowin full view at all times, not obscured by other windows. The screen shall maintainthe secure operational path to the valve when the WINDOWS environment hasa failure.

The system shall enable access and control between remote system networks inaccordance with pre–defined access levels.

5.4.4 Alarm management

a. Alarm logic

When a point goes into alarm, it shall cause the alarm summary window to flash.The operator shall, by acknowledging the alarm from any operator keyboard,cause the alarm to cease flashing on the CRT. They shall remain on the screen




REVISION DATE


SCADA SYSTEMS

Page 14

AUG.940

PDVSA K–309


��

until the alarm initiating condition has returned to normal. The system shall recordthe time of occurrence of the alarm, the time of acknowledgement of the alarm andthe time of the return–to–normal of the point.

b. Alarm annunciator

The display shall function similar to the traditional annunciator. The display shallhave a minimum of 30 windows, each capable of accepting up to 10 inputs. Whenan alarm occurs, the window shall flash and change to the color corresponding tothe alarm priority level–Red for emergency, Yellow for High. Onacknowledgement, the window shall stop flashing but retain the color until thealarm (all alarms assigned to the window) is cleared.

Each window shall be a touch target to allow the Operator to quickly accessadditional information or another display regarding the alarm.

c. Alarm priority

The system shall be intelligent type and assign different levels of process alarmpriority to any point during configuration. These priorities shall distinguishbetween low, high and emergency alarms. The system shall provide a separatevolt–free contact for each of the three alarm levels to drive audible devices.

The Specific system responses to each priority shall be:

Alarm Priority Display Print on event recorderEmergency Yes Yes

High Yes Yes

Low Yes Yes

d. Alarm suppression

Under pre–defined conditions, alarms shall be capable of being cut out andprevent alarms from being reported when alarming would be obvious (such aspreventing a low pressure alarm when the associated pump is off). This“intelligent” alarming shall be configurable and modifiable.

The system shall on a per point basis enable, disable or inhibit alarms and thefollowing table defines the actions of each category:

Display Print on Event recorderEnable Yes Yes

Disable No Yes

Inhibit No Yes

All operator actions which changes a point’s alarm status shall be recorded in theevent recorder.




REVISION DATE


SCADA SYSTEMS

Page 15

AUG.940

PDVSA K–309


��

e. Alarm display

Analog Alarms

Time Point ID AlarmType

AlarmPriority

Alphanumeric Description

AlarmLimit

CurrentValue

Eng.Units

HH:MIN:SEC XXXXXX PVHI H Up to 24Characters

XXXXXX XXXXXX PSIG

Deadband

All analog inputs shall have an assignable alarm deadband value. Before an inputis defined as returned to normal the input must have returned into the normaloperating range within the deadband value. The deadband value shall beselectable 0.5 to 5%.

Digital Alarms

Alarm Alarm AlphanumericTime Point ID Type Priority Description

Up to 24

HH:MIN:SEC XXXXXXXX TRIPPED E CHARACTERS

The display shall readily distinguish between acknowledged andun–acknowledged alarms. If an alarm condition returns to normal prior to beingacknowledged, it shall remain flashing on the screen with a unique identifiablecharacteristic. On acknowledgement, the alarm shall be removed from thescreen. A minimum of twenty alarms shall be displayed on each page, with aminimum of five pages available for display. The total number of alarms in thesummary shall be displayed on each page to assess the current alarm situation.The last five alarms shall always be shown in a window on all displays.

5.4.5 Analog output/digital interlock action inhibition

The system shall via configuration place any output in a “Inhibit” state. Theoperator shall place the output in its desired safe state prior to inhibition. Thesystem shall then prevent the alteration of the mode, mode attribute, externalmode switching state and ouptput while in the inhibited state. In addition, thesystem shall prevent the point from being re configured and deleted until theoperator reconfigures to place the output in its normal state. Both configurationactions shall be ‘‘Check” before ‘‘Operate” type.

5.4.6 Event management

The system shall be intelligent type and store all events whether operator initiated,actuated by interlocks or spurious. Typical events are:

� Valve opening/closing/staying at an intermediate position� Rotating equipment starting/stopping




REVISION DATE


SCADA SYSTEMS

Page 16

AUG.940

PDVSA K–309


��

� Controller changed from auto to manual or vice–versa

� Controller changed from cascade to manual set

� Controller set point changed from computer to manual

� Change of set points, operator or computer initiated (STORE VALUES FORLAST 48 HOURS ONLY)

� Change of output value to valve – controller or operator initiated (STOREVALUES FOR LAST 48 HOURS ONLY).

Typical event printer log:

Time Point ID Alphanumeric Description

Event type Log on printer

HH:MIN:SEC XXXXXX Upto 24 characters Stopped Yes

HH:MIN:SEC XXXXXX Started Yes

HH:MIN:SEC XXXXXX Computer set point Yes

HH:MIN:SEC XXXXXX Control now manual Yes

HH:MIN:SEC XXXXXX Set point now cascade Yes

HH:MIN:SEC XXXXXX Set point increased toXXXXXXX

No

HH:MIN:SEC XXXXXX Output to valve decreasedto XXXXXXX

No

5.4.7 Logs, special/periodic/event driven

� The system shall generate logs for specified set of points or data at specifiedintervals or on demand basis.

� The system shall generate periodic logs of points previously configured: hourly,shift, daily, monthly.

� The system shall record events pertinent to the process with the exact date,time of occurrance and categorize as follows:

– Operator initiated actions (change of set point, change from auto to manualor vice–versa, change from cascade to auto or vice–versa manual outputchanges, manual start or stop, etc.).

– Alarm occurrance, acknowledgement and return to normal.– Spurious/abnormal equipment start or stoppages or valve opening and

closures.– Automatic interlock initiated actions and valve opening and closures.– Failure of equipment/s to respond to automatic interlock initiated or operator

initiated actions within 3 seconds.– System Status Changes/Error Messages/Maintenance Messages.




REVISION DATE


SCADA SYSTEMS

Page 17

AUG.940

PDVSA K–309


��

� Log DisplaysThe screen shall display all logs–special, periodic or event driven andprocess/system histories.

The exact date and time when the value was read shall be logged. The report shallalso indicate the data collection start and completion times

5.4.8 Process history

Plant operations data shall be separated into two subcategories–Continuous andEvent Driven. Continuous history includes the Base System Averages on anhourly, daily, specific month, 30–day, specific year and 365–day basis for up to2000 points for at least 96 hours of 1 minute snapshots, plus availability of otherhistorical data on different time scales (e.g. fast scanning, 1–day averages .

5.4.9 System history

System status, error and maintenance action identification messages on anhourly, daily, specific month, 30–day, specific year and 365–day basis.

5.4.10 Printer assignment

The operator shall direct logs or screen display to any printer. The system shallprovide for back up of a failed printer with another printer. This printer shallcontinue with its normal functions and additionally handle the functions of thefailed printer until it is restored. The data currently accumulated for these logsshall be protected in case of printer failure and the system shall print automaticallyon restart.

5.4.11 Documentation

The system shall be complete with all documentation necessary to configure,install, startup, operate and maintain the system. All maintenance documentationshall be oriented to facilitate expedient repair with minimum downtime.

5.4.12 Self testing

Each system module shall contain four (4) levels of test to ensure that the moduleis performing correctly prior to being placed in operation and to monitor itsperformance while in operation.

The various procedures shall be displayed live on the screen. All the results bothcorrect and incorrect operations shall be displayed and appropriate failuremessages logged on the printers.

a. The first level shall be the Startup Tests. These tests shall reside in ROMand shall be automatically executed following power–on or restart of themodule. They shall verify the correct operation of the basic logic on eachPCB in the module. Failures shall be indicated by means of LED(s) on eachPCB and on the screen.




REVISION DATE


SCADA SYSTEMS

Page 18

AUG.940

PDVSA K–309


��

b. The second level shall be the Quality Logic Tests. These tests shall beautomatically loaded and executed after the startup test “a”. These testsshall verify the correct operation of the module hardware and qualify it forloading its on–process software. Failure shall be indicated on the screen.

c. The third level of testing shall be On–Process Tests. These tests shall beparts of the on–process software of each module and shall be executedperiodically whether a module is primary or backup. A recoverable errorshall be error message report for analysis by maintenance personnel. Anon–recoverable error shall cause the module to be shut–down, recordedin the system error message and indicated to the operator. A printed errorhistory shall be available to be returned to factory with the failedPCB/module.

d. The fourth and most extensive level of testing shall be the Off–Process Tests.These tests shall be loaded by maintenance personnel when automatic tests(levels a, b, c) cannot resolve a problem. These tests shall have the followingfunctions:

� Display the system error event record

� Display the hardware and software revision status of all modules on thenetwork

� Display a snapshot of the system status, including all nodes, modules,boxes, etc.

� Display the contents of memory of any node, module, box, etc.� link the system to supplier’s technical assistance center.

e. Node isolation

The engineer shall be able to isolate the node from the system and performdetailed off–line diagnostics to test the nodes, microprocessor(s), memory, andcommunications.

5.4.13 Bulk data storage

The SCADA shall include an optical or magnetic disk based bulk data storagesystem with capacity to maintain the following information and facilitate on–lineup/downloading to/from on tape or cartridge units.

Trend histories of twice the amount of analog variables specified for at least 96hours of 1 minute snapshots, plus availability of other historical data on differenttime scales (e.g. fast scanning, 1–day averages for last and actual calendarmonth, shift average for the actual and previous week, etc.). This information shallbe available to the operator console on line.

Configuration of the complete SCADA, with the capacity of loading each and everypiece of equipment, software program and data base (including points, graphicsand displays) at a very quick speed.




REVISION DATE


SCADA SYSTEMS

Page 19

AUG.940

PDVSA K–309


��

Logging of all alarms and events occurred in the last 48 hours.

5.5 Redundancy and Back–upThe master station shall be 100% backup type, provided with equipments andprograms that permit to have a hot standby backup of the database and otherinformations essential for process operation. It shall be designed to conserve theoperation of the system even in the event of failure of any of the criticalcomponents.

Hot stand–by

The master station shall operate continuously under a hot stand–by configurationwhereby, the computer that was the primary shall begin to collect all the fieldinformation and update the database based on this new information in real timeand at the same time make available all the field information to the operatorstations and also store all historical data. It shall transfer all this information to thestand–by computer at least once every minute.

a. Transference time

The transfer of information between the two C.P.U.’s shall be performed within 5seconds.

b. Switching time

The total time from an initiation (manual or automatic) to a transference betweenCPU’s shall be less than 1 minute and the system shall guarantee continuousoperation in the field during this transfer.

c. Transfer facilities

After the transference of information from field, the system shall have the facilityto additionally transfer other information to ensure the consistency of the system,such as loads of remote stations, application programs, displays, etc.

d. Transference channel

The only channel acceptable for this transference shall be the local area network.The use of interCPU and parallel bus channels are Not acceptable.

Watchdog transference panel

There are two available methods to detect failures of the MTU computer – oneutilizing an external supervisory circuitry via independent communicationchannels when each CPU detects the absence of a signal generated by softwareat an outlet port; the other preferred method is to maintain a periodiccommunication via a network between the two CPU’s and in the event thismessage is not received, the backup CPU initiates a transfer sequence.




REVISION DATE


SCADA SYSTEMS

Page 20

AUG.940

PDVSA K–309


��

Function and start–up assignments

Start–up

At black start both CPU’s shall have the capacity to function as a master unit anda CPU shall convert into a stand–by status on receipt of a signal confirming thatthe other CPU has completed its start–up sequence and has complete controlover all peripherals.

Start–up discrepancy

In the event of any malfunction of the two CPU’s whereby both of them try toconvert themselves as a master, this discrepancy shall be detectable, theoperation stopped automatically and the start–up sequence reinitiated with a timedelay between the start of each CPU.

Master CPU failure detection

The master CPU shall send a message to the standby CPU (or to the supervisioncircuitry) atleast every 5 seconds to inform that it is functioning correctly.When this message is not received the standby CPU shall assume that the otherCPU has failed.

5.6 Diagnostic and Documentation

The system shall be complete with two copies of documentation and diagnostictapes.

� SCADA application

– Operator’s Manual– Maintenance Manual– Diagnostics manual– Description manual

� Master station (servers and workstations)

– Installation manual– Maintenance manual– Diagnostic manual (including original media & programs)– Operating system manual– Networking software manual– Network management




REVISION DATE


SCADA SYSTEMS

Page 21

AUG.940

PDVSA K–309


��

� Remote stations (IRTU)

– Operation manual– Maintenance (hardware/software) manual– Programming language manual– Operating system manual– Manual and source code of any application

� Diagnostics and licences

– Two copies of off line diagnostics programs and licences of any softwareinstalled in the system

5.7 Control RoomIt shall be designed ergonomically as an integral part of the SCADA to enable theoperator supervise and control all plant operations and make the decisions forprocess optimization.

It shall contain in one room:

� Operator consoles with high definition graphic colour displays

� Alarm annunciator on Class I service.� Printers.

ADJACENT to the control room, but in the same building, shall beengineer/maintenance screens, cabinets with hardware, printers and auxiliariesfor on–line system test, maintenance and modification facilities.

5.7.1 Operator console

The operator console shall be the unique interface for the visualization of processdata, with the exception of class 1 alarm panels (e.g. Fire Alarms).

The operator console shall consist of the following equipments:

� Graphic displays operating in windows environment with keyboards� Radio and telephone jacks� Printers� Class 1 Alarm Panel� Pointing devices–mouse, touch screen, trackball, etc.

Two screens shall be minimum for a system. The number of operator stationsshall be agreed with PDVSA operations personnel.

The console shall be factory assembled and wired, complete with all necessarydevices ready for on–site installation, the latter shall consist of placing theconsoles in position, connection of supply wiring and communication cables.

SCADA devices other than those specifically required for the operator consolefunction shall be located in a separate equipment room.




REVISION DATE


SCADA SYSTEMS

Page 22

AUG.940

PDVSA K–309


��

The graphic displays shall have automatic synchronization facilities of minimum76 Hz (vertical sync.), minimum resolution of 800 x 600 pixels with a 0.25 mm. dotpitch and shall comply with SWEDISH standard MRP II for radiation emissions.

The CRT’s shall be rotatable 300° in a horizontal direction and from minus 14° toplus 30° in a vertical direction.

The keyboards shall be standard “QWERTY” type and in addition possessfunctional keys (membrane type, dust and liquid spillproof) to perform the principalfunctions such as:

� Alarm acknowledgement and silencing� Alarm display� Increase or decrease set point or manual output� Initiate (start)� Stop.

Touch targets shall be configurable in any size from full screen down to a singlecharacter space. All targets shall be ‘‘check” before ‘‘operate”. Multiple touchtargets shall be assignable to any display. These additional touch targets shall beconfigurable for calling up associated displays on other screens:

a. Initiate an operator action (i.e., open a valve, start or Stop a motor or initiatea sequence etc.)

b. Call up another display or displays

c. Send a display to other screens in the console

d. Change the displays on several screens in the console at the same time,giving the operator a complete detailed view of a particular area of interestin the process.

For safety and consistency purposes, any touch target on a custom graphic shallaccess one of several other graphics, depending upon process or otherconditions; e.g., the targets shall be ‘‘intelligent type”. The Operator shall touchthe same target under normal and abnormal conditions, with the systemdetermining the proper graphic for display.

To ensure quick access all parameters (PV, high limit, low limit etc.) for a givenpoint shall be addressable by the same point tag number identification (ID).

In addition to standard screen displays which only cover limited areas of the plant,the system shall provide complete plant displays on a wall in order to provide atotal vision of the status to the operator for example:

This wall display will show the entire refinery or offshore platform/s or pipelinesystem and whenever there is an upset in one particular area of the system thewall display will show its effect on other areas of the plant complex.




REVISION DATE


SCADA SYSTEMS

Page 23

AUG.940

PDVSA K–309


��

The displays on the wall and the screens shall have pan–zoom (magnifying glass)facilities.

Operator station

Each display/keyboard and its associated electronics shall be totally independentand failure of one display or Keyboard, shall not affect any other station.

� Display devices installed outside control room shall be touchscreen ormembrane type keyboard only and also meet NEMA standards in a dustyenvironment.

� Each operator station shall access all process data of the particular plant. Alloperator stations shall be interchangeable amongst each other for operation ofthe entire process plant.

� The operator station shall always provide, time of day in hours and minutes,date by day, month, and year and page number if multiple–page displays areused.

� Operator station shall be equipped with a keylock or password system toprevent unauthorized altering of configuration, programming and engineeringparameters. The keylock or password shall not interfere with normal operatortasks.The operator station shall disable any device connected to the system that hasmonopolized or locked up data communications.

All commands entered on the operator’s keyboard shall be displayedimmediately and acknowledged on the screen within one second. It shall notprevent access for a new command entry for more than one second.

Disk drives

� Shall be in accordance with paragraph 5.7.2.

Printers

Each operator console shall be provided with two printers, one for alarm/eventlogging and the other for reports. They shall be high resolution dot matrix type withgraphic capabilities and reproduce any screen display.

The printers shall be industrial grade, high speed, 400 cps or greater with ribboncartridge. The interface shall be either EIA RS232C, RS422A or centronicsparallel interface. Line length shall have a minimum of 132 characters. Theprinters shall have self–contained test and diagnostics to aid in trouble shooting.The noise level shall not exceed 55 db (A).




REVISION DATE


SCADA SYSTEMS

Page 24

AUG.940

PDVSA K–309


��

Keyboard

The keyboards shall have a minimum of 50 configurable keys for assigning themost frequently used displays. These keys shall each have two independently litLED’s. The LED’s shall be configurable for specific event alarm annunciation. Alldisplays shall shall be retrievable within 2 seconds using dedicated function keys.

� Page forward/Backward

� Display Forward/Backward

� Call Associated display/prior display

� Access a Help display associated with the current display

� Access the message Summary Display

� Access the Alarm summary/Alarm Annunciator Display

� Print an image of the current display (including graphics)

� Access the System Menu.

Trend pen interface

Each screen shall be able to assign six trend pens from any point in the data base.The operator shall range any pen to any selectable scale between 0 and 100% ofa point’s range.

Operating displays

The displays available to the operator are process displays to monitor and controlthe plant and system displays to view system status and make limited changes toit. See paragraphs 5.4.1 and 5.4.2.

5.7.2 Engineering/maintenance work station

It shall be close to or inside the same room where the I/O and other equipment arelocated. A minimum of two screens and two printers shall be provided.

The station shall run all system diagnostics and perform all necessary tasks tocorrect any problems in the SCADA. Keyboard and printer shall be identical to thatof the operator console.

The station shall normally be on view–only mode, but it shall perform control andoperational tasks, as required by normal plant operation via keylock or passwordfunction.




REVISION DATE


SCADA SYSTEMS

Page 25

AUG.940

PDVSA K–309


��

Disk drives and load media

� One disk drive system shall be provided for each station. Each disk systemshall store the entire SCADA configuration. Additional disc drives shall beprovided as required for historical trend recording or other functions.

� Disk systems, shall be fast loading tape cartridge or optical disks, high density,high speed device, not required for use during normal operation.Once the initial system software is loaded into the system, it shall not benecessary to use cartridge discs to restore a failed node. A copy of the nodesfiles shall be loadable from on–line bulk memory.

Configuration

The system configuration as detailed in paragraph 6.9.5 shall be done by fill in theblank type fields.

Data base

a. Data points

The engineer shall be able to remove or add new data points, modify existing datapoints and install the points in any applicable node, without removing that nodefrom service or affecting any existing points in the system. The system shalldetermine and advise if a proposed new point ID is already in use in the system.

The system database shall support at least 16 characters tagnames (point ID).

b. Multiple load

The system shall load/install multiple data points from the load media to anyapplicable node on line, without affecting that node.Configuration recovery

The system shall permit to recover the configuration of a node, its data base andstore it in mass storage or the removable media (optical disc or cartridge) for laterreloading.

Utilities

The system shall include the utilities, files and management tools necessary toformat the load media, copy floppies (or cartridges), copy files from one source toanother, delete files, list the directories of files and view or print the data within afile. The system shall also include text edit features similar to a word processor.




REVISION DATE


SCADA SYSTEMS

Page 26

AUG.940

PDVSA K–309


��

System documentation tool

The system documentation tools shall effectively manage changes in the SCADAenvironment. This function can query the entire operating database for entitiesand selected parameter values on–line. These queries shall be saved and theresult output to the screen, a file on a bulk storage device or to a printer.

A data file utility shall be provided that can create, display and manipulate filesconsisting of named fields of data. The following functions shall be provided:

– Set up tabular text files composed of records of named fields.– Create and update documentation files. These files include fields that can be

updated on command by the system and can contain location information,parameter values and programs using specific tagname.

– Sort and filter files by field.– Output results to a file or printer.

Graphics

a. Residence

The system shall be capable of storing (on–line) and accessing at least 100custom graphic displays. All graphics shall be accessible on any screen by callingup the displays by name, or by target zones on a operator station, or assigned toa configured key.

b. BuildingThe system’s custom graphic (schematic) building facility shall possess thefollowing minimum characteristics:

– Create and store new graphic pictures, copy a display from different graphicformats, rename displays, and modify any portion of a display using cut, pasteand undo facilities.

– Detail a graphic to a single pixel resolution. The graphic or any part of it, shallbe capable of being scaled from one pixel to one screen size.

– Both full size and half size text shall be available and selectable on aper–character basis.

– Real time updating shall be provided for at least 100 data values in each display.Dynamic graphic symbol updating includes changing symbols, such as closedbreaker symbol in place of an open breaker symbol, or a change of color basedon existing conditions.

– Any point attribute shall be capable of being used in the graphics program fordisplay or used for conditionally changing the graphic based upon engineer’sassignment of unique behavior characteristics (if ... then type statements).

– Any analog value shall be capable of being built into a bar graph. The bars shallbe oriented either horizontally or vertical and be of any height or width. Multiple




REVISION DATE


SCADA SYSTEMS

Page 27

AUG.940

PDVSA K–309


��

bars shall be assignable to a single display. Bar color shall be selectable on asingle bar basis. Individual bars shall change color upon the occurrence of aspecified event, such as going into an alarm condition.

– Ability to define targets which will be used by the operator in monitoring and/orcontrolling the plant from graphic displays. The targets shall be visible at alltimes or invisible until a predetermined condition occurs at which time the targetbecomes visible. A minimum of one hundred targets shall be configurable pergraphic.

– The graphic compiler shall create a source file and an object file and notify anyerrors in the definition of the display. The compiler shall also verify that all pointID’s referenced by the graphic are loaded in the system.

Logs, reports, trends, journals.

The engineer shall be able to create, modify or delete logs or reports or trend viaconfiguration and in addition select automatic or on demand printout.

History archiver

The engineer shall have access to history module to assist in analyzing data onparticular equipment or event.

Data collection shall be enable at all times. The specific data to be collected shallbe defined in one of definition files. The values collected shall be numeric anddiscrete type.

The real time collection rate shall be at least 300 values per second. Aftercollection, the data shall be temporarily stored on the hard disc. Archiving shallbe accomplished automatically from the hourly files on the hard disc. Thearchiving rate for real times values shall be at least 100 values per second. Whenthe archive media reaches ninety (90) percent of capacity, a message shall beoutput advising the user of that condition. In order to minimize the storagerequired, the collected analog data shall be processed through a compressionalgorithm which applies a deadband to each point value. This deadband valuemust be exceeded before the new point value will be passed for archiving.The History Archiver shall also collect and archive continuous history valuesobtained from the History Module, all real time journal entries and ASCII files fromthe History Module.The retrieval function shall be available from two sources, the Operator’s stationand the History Archiver system.

The engineer, from the History Archiver system, shall be able to access value forpresentation in trend or tabular format, for transmission to a remote personalcomputer. The retrieved values shall be converted to a DIF format for furtheranalysis by third party software packages.




REVISION DATE


SCADA SYSTEMS

Page 28

AUG.940

PDVSA K–309


��

6 REMOTE STATIONS6.1 General

The intelligent remote terminal units (IRTU) shall gather all information to and fromthe field and transmit the data to the MTU. The remote stations shall receiveinformation from the field equipment via standard process interface units, such asanalog current loops, digital signals and any digital communication network.

The IRTU shall also execute control actions on the field items either asprogrammed or on demand from the operator. The control units shall have thecapacity to implement redundancy at loop level.

The IRTU architecture shall be modular, low electrical energy consumptiondistributed process type, that is, the IRTU shall have a central processor thatmanages the primary functions of the equipment but also permit the existence ofslave processors designated to support specific functions within the IRTU, suchas conversion or linearisation of signals or communication interfaces withintelligent type equipment located in the field.

The IRTU software shall be based on real time operative system, managedthrough interruptions and its design shall be fault tolerant.

The IRTU shall be located in NEMA 4X type cabinets, contain power supply andenergy conversion equipment, IRTU circuitry, the telecommunications equipmentof the station and the terminals for connecting with field mounted equipment. SeePDVSA specification K–300 for additional details.

All printed circuits of the remote terminal units (IRTU’s) shall be protected againstdamage/malfunction due to humidity through application of a protective coatingover all components. The coating shall be atleast 5 mils thick and shall beguaranteed for minimum 5 years.

6.2 ArchitectureThe IRTU’S are conformed of 5 basic functional units.

6.2.1 Central processor unit (CPU)This acts as a coordinator processing all the information, both inputs from the fieldequipments and also the signals emanating from the master station.

6.2.2 Inputs/outputs circuitryThese units convert all electrical signals in various forms coming from the field intodigital signals that can be processed by the IRTU. Also included are necessaryelectronic circuits to interconnect the IRTU with intelligent equipments mountedin the field.

6.2.3 Communications circuitryThe communication ports (gateways) of CPU interface with communicationchannels of the master station. The IRTU shall also have additional gateways to




REVISION DATE


SCADA SYSTEMS

Page 29

AUG.940

PDVSA K–309


��

link with other equipment using protocols other than that used for the SCADAsystem.

6.2.4 Integrity circuitry and supervision

The system shall incorporate facilities to continuously verify that both hardwareand software systems are functioning correctly. In the event of any failure thesystem shall send a signal to external sources the cause of failure.

6.2.5 Power supply

The IRTU shall operate on dual 24 volts D.C. supply. See PDVSA SpecificationK–331 for details.

The power supply unit shall supply all items mounted within IRTU and also to allfield mounted instrumentation as well.

The power supply shall be configured in redundant form so that the load is sharedand in the absence of one of the sources of supply the operation of the processplant of the remote terminal unit is not affected in any way.

The modules shall be independent operation type such that one unit shall beremovable while the rest of the equipment continues to function with the aid of thehot stand–by unit.

6.3 Hardware Characteristics

6.3.1 Control unit

Each system shall contain modular 100% backup with bumpless transfer mainprocessors operating asynchronously and in parallel. Each processor moduleshall consist of a microprocessor, memory, math co–processor, and necessarycommunication processors.

Each processor shall retain its memory in the event of a power failure or internalmalfunction for a minimum of six months. Battery backed up RAM shall becapable of retaining the application program in memory for a minimum of 6 monthsafter power loss. Each processor shall provide sufficient memory for the initialconfiguration plus 100% excess for future expansion.

A real time clock with a 10 msec resolution shall be available for time dependentfunctions. Each microprocessor shall be capable of scanning and updating theI/O and executing user–defined logic a minimum of 4 times per second.

a. Word length

The processor shall operate internally or externally with 16 or 32 Bits. It shall alsoperform mathematical operations with operands with double the accuracy of thatof IEEE standard for floating decimal point.

b. Interrupt management




REVISION DATE


SCADA SYSTEMS

Page 30

AUG.940

PDVSA K–309


��

The processor shall receive vectorial interruptions for the management of digitalinputs at high speed.

c. Mathematical co–processor

The control unit shall have facility to insert, a commercially available modelmathematical co–processor designed to perform extensive calculations, on abase available on the control unit circuit board.

The operative system of the remote station shall recognize the insertion of themathematical co–processor during its start–up and shall automatically offer itsfunctions to existing applications without need of reprogramming or recharge ofthe IRTU.

d. Non–volatile storage capacity

The control unit shall have non–volatile memory (ROM or EPROM) to store all theprograms and applications either standard that of the manufacturer or the specificprogrammes designed for the system.

The supplier shall also supply the necessary equipment for the programming ofthe EPROM memories.

e. Memory storage with battery back–up

The control unit shall have a memory, not less than 256 KB that has batteryback–up (LITHIUM or battery RAM). The battery life period shall not be less than40000 hours.

f. Capacity of operational memory

The control unit shall have a minimum of 256 KB RAM memory for the regularoperation of the unit. There shall be spare space to expand the memory withadditional 100%.

g. Date/clock

The control unit shall have a clock with battery back–up with the followingcharacteristics:

� Resolution (selectable between 1 and 100 milliseconds).� Precision (selectable between 5 and 25 P.P.M.).

The clock shall recognize leap year, 28/29/30/31 day months and Julian formatcalendar.

The system shall have the capacity of synchronizing all remote terminal units(IRTU) with the MTU clock and also with a remote time standard provided bya satellite through an external signal in IRIG B form.

h. Redundancy




REVISION DATE


SCADA SYSTEMS

Page 31

AUG.940

PDVSA K–309


��

Equipment to be backed up shall be as follows:

� CPU function back–up including memory and communication card (1:1back–up).

� Back–up of analog input/output cards for control loops (1: 1 back–up).� Back–up of power supply cards to CPU’s and I/O cards (1: 1 back–up).� Back–up of internal–bus between CPU and Input/Output (1: 1back–up).

The remote terminal units shall have redundant control units. These have shallbe hot stand–by type and shall enter into operation when the system integrationsupervision circuitry detects a fault in the functioning of the principal control unit.

The switch–over to the stand–by unit shall be automatic and bumpless viasoftware and the system shall detect the change only through the receipt of thefailure signal by the system integration supervision circuitry.

6.3.2 Input/output Modules

All modules shall be equipped with:

� Automatic self calibration� Normal mode rejection ratio of 15 db or better at 60 Hz� Common mode rejection ratio of 80 db or better, from 0 to 100 KHz� Sampling rate 1–5 milliseconds maximum per channel

All inputs and outputs shall meet the following minimal requirements onconversion accuracies:

• Analog to digital conversion • Digital to analog conversion

� ��

� ��

� ��

� �� !��

Input modules

The system shall accept following input signals directly from field:

� Digital: Dry contact rated for 24 volts DC with any interposing relay mounted ina separate cabinet.Digital input signals shall be conditioned by a low–pass filter up to 15 ms. Eachindividual input signal path on the input module shall be automatically tested forproper operation at least every 10 minutes. Each digital input shall have statusindicator for the individual channel and be individually fused with blown fuseindication.




REVISION DATE


SCADA SYSTEMS

Page 32

AUG.940

PDVSA K–309


��

� Analog: 4–20 mA, 1–5 VDC or 0–100 mVDC signals from 2 wire transmitters

� Thermocouples, ANSI standard types J, K, E, T, B, S, R, RTD (3 wire) 10 ohmCopper, 100 ohm Platinum, 120 ohm Nickel.Thermocouple inputs shall have built in automatic cold junction compensationand linearization. A single module shall accommodate all types ofthermocouples.

� RTD inputs shall have 12 bit minimum analog to digital conversion.

� Pulse Inputs at rates up to 20 kHz. Each input shall be filtered, converted toengineering units and the data validity checked. These inputs shall be opticallyisolated and current limited to protect against inadvertent damage. They shallbe configurable as status, latched inputs or accumulator inputs.

The functions performed on the respectively configured inputs shall include:

Status Input:

� Direct or reverse sense

� Alarming of off–normal state

� Alarm delay (must be exceeded before re–alarming)

Latches input:

� Change of status reporting

� Hold of off–to–on transition for 1.5 seconds

Accumulator Input:

� 16 bit accumulator, up to 25 PPS

� Up or Down direction counting.

Where inputs have 2 independent sensors for 100% back–up or 3 independentsensors for 2 out of 3 voting as defined by the logic diagrams the diagnostics shallbe included in the application program.

Output modules

The system shall provide output signals to transducers, solenoid valves, motors,pumps, compressors, alarm annunciators, etc.

Analog: 4–20 mA signals Output characteristics:

� Direct or reverse operation

� D/A per output

� Power regulator per output




REVISION DATE


SCADA SYSTEMS

Page 33

AUG.940

PDVSA K–309


��

� Software calibration

� Loopback output

� 5 segment output characterization

� Default options upon failure

� Hold

� Got to zero occurrence.

Digital (contact) output shall have the following characteristics:

� Mechanical relay dry contact rated for 24 volts D.C., 2A with any interposingrelay mounted in a separate cabinet

� Individual contact suppression

Configurable as: Momentary (10 ms – 1 min.) Latched Pulse–width modulated(1 s to 120 s on time)

� Individually definable default state

� Output readback verification

Output modules shall fail to the safe state upon microprocessor failure. Digitaloutputs shall be current rated for an inductive load with a minimum of 1 A per pointat 60°C. Modules shall be rated for full load at maximum specific conditions.

Digital output modules shall operate with a � 10% voltage variation.

The module shall detect and alarm open or shorted field circuits as well as powermonitoring. If any energize to trip signals are specified in annex load monitoringshall be required.

6.3.3 Digital communication transmitter interface

The process I/O subsystem shall have a fully tested interface to communicate withmicro–processor based transmitters. This interface shall utilize an all–digitalprotocol to obtain maximum accuracy from signal source to SCADA and shall,from the operators console, be able to configure, rerange, determine transmitterstatus and load the transmitter date base. The interface shall also determine if thetransmitter data base has been changed fron a source other than the operatorstation and warn the operator.




REVISION DATE


SCADA SYSTEMS

Page 34

AUG.940

PDVSA K–309


��

6.4 Cabinets and Wiring

� All equipment shall be mounted in standard cabinets suitable for a safeenvironment, with a minimum IEC 529 – IP 51 certification. The cabinet interiorfinish shall be white and fitted with a fluorescent light inside.

� Any part of the scada equipment located outside air conditioned rooms shallmeet NEMA standards to comply with the area classification and any specifiedcorrosive atmospheres (marine, ammonia, chlorine, hydrogen sulphide, etc.)complete with inert gas purge.

� Cabinets shall be free–standing, completely assembled, wired in accordancewith specification K–330 and designed to operate between 0–60°C and 5 to95% non–condensing ambient conditions.

� Cabinets shall be fully enclosed with doors in front and rear as required.

� Adequate ventilation shall be provided to keep the temperatures within designspecifications. An over temperature alarm shall trip when the temperature isgreater than 45°C.

� The equipments, electronic circuitry and wiring shall be arranged to facilitategood access and perform maintenance safely.

� Engraved nameplates shall be provided for each cabinet, peripherals, andsubsystems such as controllers, multiplexers, communication devices, etc.Legends shall be approved by PDVSA.

� The system wiring shall meet the MIL–STD–461C Part 4 per MIL–STD–462:

For conducted susceptibility –

– Method CS 01, power leads

– Method CS 02, power leads– Method CS 06, power leads, spikes.

For radiated susceptibility –

– Method CS 01, magnetic field

– Method CS 02, induced magnetic field– Method CS 03, electric field

� Termination assemblies shall be mounted within the cabinets. Allinterconnecting cables shall be tagged at both ends using shrink sleeve typemarkers or equivalent.




REVISION DATE


SCADA SYSTEMS

Page 35

AUG.940

PDVSA K–309


��

Wiring

All wiring and terminals shall be segregated according to type of signal as follows:

Analog – standard, 24 volts D.C.

– intrinsically safe

Digital – standard, 24 volts D.C.


Thermocouple

Frequency – standard, 24 volts D.C.


Terminal blocks for input and output signals shall be non–hygroscopic.

Terminals shall be tinned and clearly identified. The size of terminal block shallbe consistent with the size, viz. #18 awg.

Analog wiring shall be shielded cable of twisted pairs. All wiring shall be strandedcopper except for thermocouple where it should match the T/C type. Theterminals for T/C shall match the specified thermocouple wire.

Color coding for wiring shall be as follows:

110 VAC

Hot – BlackNeutral – White

Ground – Green

24 VDC

Positive – RedNegative – Black

Ground – Green




REVISION DATE


SCADA SYSTEMS

Page 36

AUG.940

PDVSA K–309


��

6.5 Power Supply

All equipment shall comply with the latest IEC, IEEE, EIA, NEMA, ISA, NEC, UL,FM, CSA or COVENIN standards.

The IRTU equipment shall operate on 24 volts. D.C. All flourescent lights andsocket outlets shall operate on 110 volts, 60Hz., A.C.

� Each power user (consoles, controllers, I/O devices, etc.) shall have a separatecircuit breaker with its own fuse.

� The IRTU shall supply 24 VDC power to electronic transmitters or other externaldevices requiring electrical power. Each process I/O device shall be providedwith self regulatory capability to assure proper power levels.

� Independent redundant power supplies shall be used for I/O subsystems andcommunication devices (including interfaces), such that any individual powersupply unit failure does not have any effect on the operation of the IRTU andalso without the need to switch to battery back up facility.

6.6 Grounding SystemThe grounding system for metallic enclosures and electronic circuits shall beseparate and designed for connection to the main grounding System of the plant.The grounding system shall have a maximum resistance of I OHM. See PDVSASpecification N–201 and IEEE 1100.

6.7 Radio Frequency Interference (RFI)� Equipment shall have RFI protection against hardware damage and system

error. Error caused by RFI shall not exceed 0.1 percent of span for exposureto a field strength of 10 volts/meter over the frequency range of 10–1000 MHz.

� Minimum clearances and shielding shall be maintained between datacommunication link and power cabling, transformers, motors, etc. The designshall maintain minimum separation distance between process interfaceequipment, process, controllers, remote multiplexers and electrical substationequipment to protect the IRTU from power system noise.

� The plant radio transmitter/receiver station shall be installed in a separatecabinet, remote from the IRTU equipment.

6.8 System Hardware Testing

It shall cover the following areas:� Continuity check of cross–board and interconnecting cables� AC and DC power checks� Proper operation of backup devices� Diagnostic checks of all devices� Proper operation of communication network




REVISION DATE


SCADA SYSTEMS

Page 37

AUG.940

PDVSA K–309


��

6.9 Software

6.9.1 Functional modes

The software of the IRTU (and its peer on the MTU) shall allow as a minimum thefollowing functional modes.

a. Operation

In this mode the remote terminal unit performs the tasks of data acquisition andcontrol executing in concurrent form whatever additional software characterizedfor this configuration.

b. Scanning

In this mode the remote terminal unit shall report to the master station the valuesof the points supervised under one of the following three schemes:

� Report by exception

� Total report through interrogation

� A combination of exception and interrogation.

c. Out of scan sequence

In this mode the remote terminal unit does not report to the master station thevalues supervised but shall maintain in operation all the automatic controlfunctions, the special applications and save all the changes of the variables in analarm condition in a temporary memory bank for eventual reporting to the masterstation when the next scanning sequence occurs as per paragraph 6.9.1.b.

The modes described in paragraphs 6.9.1b. and 6.9.1c. shall be selectable fromthe master station and notified to the remote terminal unit. In the event of failureof the master station the procedure per paragraph 6.9.1c. shall be initiatedautomatically without disturbing the process.

6.9.2 Configuration and maintenance

In this mode the tasks of configuration and maintenance of the remote terminalunit shall be made possible interrupting all the functions performed as perparagraph 6.9.1. The user executes the functions in this mode through aman–machine interface supported with a terminal or portable programmer thatshall be connected to a communication port or configuration channel of the remoteterminal unit as described in paragraph 8.2.6.

The software of the remote terminal unit shall permit the selection of the mode ofoperation from the configuration terminal and/or the master station.

The functions in this mode shall be executable from the master station as well andthe necessary software shall be incorporated.




REVISION DATE


SCADA SYSTEMS

Page 38

AUG.940

PDVSA K–309


��

6.9.3 Programming and debugging

In this mode the user shall be able to load all the application programs in theremote terminal unit and also perform de–bugging. The same man–machineinterface and configuration channel used in paragraph 6.9.2 shall also perform thisfunction.

This mode shall be initiable from the master station and allow both downloadingand uploading the programs and the configuration of the remote station. Theoperation in this mode shall inhibit the level of operator access to the remotestation and shall be operable only under the maintenance level.

6.9.4 Operative system

The system shall comply with the following requirements:

a. Multitasking

The system shall perform various tasks simultaneously, the number of the thesetasks being only limited by the availability of memory in the remote terminal unit.The total number of simultaneous possible tasks shall be indicated.

b. Managment through interruption

The operative system shall perform associated tasks at different levels ofinterruption through available hardware.

c. Communication facilities between tasks

The operative system shall include facilities to communicate, synchronize andexclude while performing routine tasks.

d. Priority allocation

The operative system shall assign priorities to each task with the objective ofgiving levels of importance to other tasks.

The operative system shall also administer the resources available in the remotestations on the basis of these priority assignments.

e. Memory management

The operative system shall incorporate facilities to manage the memory availablein the remote terminal units.

f. Error management

The operative system shall include the mechanisms for the detection andmanagement of errors and return to correct normal operation. The system shallalso include facilities to inform:

� Type of error and its condition




REVISION DATE


SCADA SYSTEMS

Page 39

AUG.940

PDVSA K–309


��

� The number of times of occurrences of each error condition� The duration of each error condition� The task that led to the error condition.

g. Watchdog timers

The operative system shall be equipped with watch dog timers and also themechanisms for its updating.

6.9.5 Controllers

The device shall be with multiple processor architecture providing continuouscontrol for analog loops, sequencing and logical operations for discrete signals.

The algorithms shall be contained in functional control built–in block, which shallbe configurable and connectable to implement the desired control strategies.

Controller Communications

Controllers shall be capable of peer–to–peer communications with othercontrollers across nodes to accomodate interactive control strategies without thenecessity of hardwiring. The data types (discrete, integer, floating point, etc.) thatcan be communicated between control devices shall not be restricted.

All process connected devices shall interface with process signals via signalconditioning (including filtering), linearization and scaling as needed.

Redundancy

The control system architecture shall provide continuous uninterrupted control inthe event of any single failure in the controller, including:

� Control and communication CPU’s

� Memory

� I/O and Network communications

� Power

� Peer–to–peer communications between controllers.

Back–up controllers shall be identical to the primary controllers

Change over to the back–up controller shall be automatic and provide forcontinuation of full automatic and bumpless control without operator intervention.

The back–up scheme shall ensure that only error free memory transfer are madeto the back–up controller and that they accurately reflect the state of the failedcontroller prior to occurrence of the failure.

The back–up scheme shall cover both configurable and programmable controlfunctions without the need of using special configuration or programming step.




REVISION DATE


SCADA SYSTEMS

Page 40

AUG.940

PDVSA K–309


��

Algorithms

� Control algorithms shall be cyclically executable, at least, twice per second.Lower or higher scan execution rates shall be available to suit specific processapplication needs. Algorithms shall allow bumpless transfer from manual toautomatic, cascade or programmable control and viceversa. Algorithms shallbe non–saturating to prevent reset wind–up.

� Control algorithms shall allow on–line changing of its tuning constants andparameters, set–points, outputs and operation modes through the availablecontrol language for the control device in order to allow advanced control.

The controller device shall maintain a current data base image for each primarycontroller by receiving data base changes every 500 msec at least.

The controller configuration shall be downloaded or uploaded from the shareddatabase through the communication link.

The following algorithms shall be available for performing compensation andcalculation functions:

� Data acquisitions

� Flow Compensation

� Middle–of–3 Selector

� High–Low Selector

� Variable Dead Time with Lead–Lag

� Linearization

� Calculator (up to 40 character expression).

As a minimum, the following additional functions shall be performed on analoginput signal but not be limited to:

� Test for Substituted Value (PV)

� Conversion to Engineering Units

� Normalization (% of EU range)

� Open Thermocouple Detection

� Propagation of Value Status

� Alarms Limit Testing for, PV High, PV low, PV High–High and PV Low–Low

� Rate–of–Change Positive

� Rate–of–Change Negative

� Deadband (1/2, 1,2,3,4,5 %)




REVISION DATE


SCADA SYSTEMS

Page 41

AUG.940

PDVSA K–309


��

Regulatory control

The regulatory control function shall be performed by microprocessor controllersutilizing plant input/output signals as defined below. Regulatory control pointsshall be configured via pre–defined and user–defined algorithms to execute thecontrol strategies required.

The algorithms selectable to manipulate regulatory control points shall be:

� PID

� PID with feedforward� PID with external reset feedback� Position Proportion� Ratio Control Fixed, Auto Ratio, Auto Bias� ramp Soak� auto/Manual Station� Switch� Override Selector� Non–linear gain� Adaptive control� Self–tuning� Remote/local station

Functions supported automatically for regulatory points shall be:

� PV source selection� Mode Manual, Auto Cascade, Backup Cascade� Mode Attribute Operator, Program� Remote Cascade� Remote Request� Remote Shed� Reset windup Protection� Override Propagation� Target Value Processing

Sequential control

The sequential control functions shall be performed by microprocessor controllersutilizing plant input/output signals. Sequential control points shall be configurablevia display templates to execute the required sequential control functions througha versatile mix of algorithms available for use in logic points. The logic points shallhave the following capability:




REVISION DATE


SCADA SYSTEMS

Page 42

AUG.940

PDVSA K–309


��

� Up to twelve (12) input connections

� Up to twelve (12) Output connections

� Up to sixteen (16) logic blocks

Each logic block shall have access to execute the following algorithms:

� Logic (AND, OR, NOT, NAND, NOR, XOR)

� Compare Real (EQUAL, NOT EQUAL, GREATER THAN OR EQUAL TO,LESS THAN OR EQUAL TO)

� Delay, on Delay, off Delay

� Pulse (Fixed, Max time, Min Time)

� Watchdog timer

� Flip–Flop

� Check for bad value

� Switch

Logic points shall link parameters without output destinations, e.g., calculated PVvalue, to parameters without input sources, e.g., controller gain.

The sequential control functions shall accommodate two types of interlocks,permissive and overrides. The permissive shall provide an “allow” functions to theoperator or program to command a specific output state. The override shall “force”a specific output state without operator or program intervention.

Ladder logic control

a. Logic control using familiar ladder logic

b. Off–line or on–line ladder development and emulation

c. On–line viewing of ladder diagrams and the ability to perform dynamicdebugging

d. Ability to manually set sensor variables for ladder diagram checkout

e. Ability to provide hard–copy documentation of all ladder diagrams

f. The ability to suppress the operation of a ladder diagram if any processvariable within the ladder diagram is placed off–line.

The types of operations allowed in ladder diagrams shall include:

a. Derived points, i.e., software generated inputs

b. Contacts that may represent either digital or analog values

c. Ability to treat analog values as digital through the use of dead–bands




REVISION DATE


SCADA SYSTEMS

Page 43

AUG.940

PDVSA K–309


��

d. And or logic functions

e. Change an up/down/level status transitional digital value

f. Arithmetic functions (add, subtract, multiply, and divide)

g. Time delay relays, i.e., timers that become true when expired

h. Up and down counters, and

i. Go to function (to bypass portions of ladder diagrams).

Configuration of controller and sequences

The configuration of the controller devices with the required functions shall bedone at any screen using an interactive (one–line) technique withfill–in–the–blanks forms.

All configurations shall be kept in memory or in suitable magnetic or opticalstorage in the event of power failure.

It shall be possible to load a previously configured control or sequence schemeover the communication link from any screen or from a host computer.

It shall have facilities to update or modify loop configuration in complex controlalgorithms without disturbing the normal operation of other loops in the controller.

The network configuration shall be modifiable with the entire system on–line toadd a node or add new software to an existing node, etc.

Programmable devices

� Free programmable computing devices, working on engineering language,(e.g. C, Basic, Fortran) or high–level Manufacturer languages, shall beavailable on the SCADA.

� These devices shall perform calculations for advanced process control,optimization or reporting. These calculations shall be available on the operatoror engineering stations on–line, either on a continuous or on–request basis.

� The engineering station shall create, develop and edit the calculation program.




REVISION DATE


SCADA SYSTEMS

Page 44

AUG.940

PDVSA K–309


��

6.10 System Software Test

6.10.1 The system shall incorporate comprehensive self–diagnostics such that allpermanent and transient faults are identified, alarmed and reported. Thediagnostic package shall be extensive enough to identify problems at board level.No upset of the process or loss of control shall occur.

All testing described shall be performed automatically on–line and withoutdisturbing the process or reducing the reliability of the SCADA system. Thediagnostics described above shall be built into the operating system of the SCADAhardware reporting the following faults as a minimum.

In addition, a class 1 alarm shall be generated on the operator station with audiblesignal and the event shall be logged on the printer.

� CPU failures

� Memory Faults, both PROM and RAM� Microprocessor faults� Communications faults� I/O interface or addressing faults� Application program and hardware layout consistency� I/O module faults� Voted signal discrepancy on inputs and outputs� Voted discrepancy on calculated values within application program� Load power or fuse faults on field circuits� Power supply faults including battery back–up monitoring and output voltage

verification� Over temperature conditions.

I/O module diagnostics shall be able to detect and alarm I/O point faults of thefollowing types:

� “stuck–on” – short circuited failure of a discrete input or output

� “stuck–off – open circuit failure of a discrete output.

Status indicators shall be provided to indicate normal operation or faultconditions on each replaceable module. In addtion, each fault shall initiate ahard alarm contact and an internal fault flag for communication to SCADA.

� Data Transmission Errors: The system shall continuously monitor for errors indigital data transmission between any two system devices. The system shalllog and notify the operator when an error is detected.

� Loss of both the active and redundant CPU shall cause system outputs tofreeze at their last position.




REVISION DATE


SCADA SYSTEMS

Page 45

AUG.940

PDVSA K–309


��

6.10.2 Self testing

Each system module shall contain four (4) levels of test to ensure that the moduleis performing correctly prior to being placed in operation and to monitor itsperformance while in operation.

The various procedures shall be displayed live on the screen. All the results bothcorrect and incorrect operations shall be displayed and appropriate failuremessages logged on the printers.

a. The first level shall be the Startup Tests. These tests shall reside in ROMand shall be automatically executed following power–on or restart of themodule. They shall verify the correct operation of the basic logic on eachPCB in the module. Failures shall be indicated by means of LED(s) on eachPCB and on screen.

b. The second level shall be the Quality Logic Tests. These tests shall beautomatically loaded and executed after the startup test “a”. These testsshall verify the correct operation of the module hardware and qualify it forloading its on–process software. Failure shall be indicated on the screen.

c. The third level of testing shall be On–Process Tests. These tests shall beparts of the on–process software of each module and shall be executedperiodically whether a module is primary or backup. A recoverable errorshall be error message report for analysis by maintenance personnel. Anon–recoverable error shall cause the module to be shut–down, recordedin the system error message and indicated to the operator. A printed errorhistory shall be available to be returned to factory with the failedPCB/module.

d. The fourth and most extensive level of testing shall be the Off–Process Tests.These tests shall be loaded by maintenance personnel when automatic tests(levels a, b, c) cannot resolve a problem. These tests shall have the followingfunctions:

� Display the system error event record

� Display the hardware and software revision status of all modules on the network� Display a snapshot of the system status, including all nodes, modules, boxes,

etc.� Display the contents of memory of any node, module, box, etc.� link the system to supplier’s technical assistance center.

e. Node Isolation

The engineer shall be able to isolate the node from the system and performdetailed off–line diagnostics to test the nodes, microprocessor(s), memory, andcommunications.




REVISION DATE


SCADA SYSTEMS

Page 46

AUG.940

PDVSA K–309


��

6.11 Diagnostic and Maintenance EquipmentThe supplier shall deliver with the system, at least (2) two sets of the equipmentrequired for diagnostics and maintenance of any element of the system.

In the case of IRTU, the supplier shall deliver all equipment necessary to diagnoseand reprogram the IRTU. It shall include any software and/or hardware requiredto prefer any change in IRTU programs.

7 NETWORKS

7.1 Functional NetworksThe communications network shall support a variable length message protocolsupporting multiple master operations with a common interface link to all devices.

The communications subsystem shall support on–line expandability throughmodularized components and provide extended communications up to 300metres without the use of repeaters.

Operator consoles and host computer shall have access to data from any and allcontrollers, PLC’s and I/O devices connected to the communications link.

Communications throughput shall ensure that operator consoles are updated, atleast, once every 4 secs. to reflect process parameters and status changes fromthe field devices.

All components of the communications cable system shall be lead–sheathed andarmoured, suitable for direct burial when required.

Communications with the system network shall be high speed, secure, redundantand based on the International Standard Organization seven–layer Open SystemInterconnect model. While this model is not fully defined at present, processinput/output system shall currently be compatible with Real Time–MAP as definedby ISA committee SP–72, which incorporates three layers. This communicationschannel shall be reported, and, if required, the cables will be switched. Operationof the process shall not be affected by this switching.

The process communications network shall also accommodate, in a fullyintegrated manner, dedicated logic (PLC) controllers. These controllers shallhave peer–to–peer communication capability with other process controllers onthe network.




REVISION DATE


SCADA SYSTEMS

Page 47

AUG.940

PDVSA K–309


��

7.2 Communications

7.2.1 The distributed digital system shall include a high–speed network to control allcommunications between consoles, nodes, etc. It shall:

a. be redundantly cabled.

b. be equipped with independent transmitter and receiver for each cable.

c. be based on IEEE 802.4 or 802.3.

d. have UTP, coax and fiber optic options.

e. switch periodically between the primary and backup line/cable without disruptingoperations, to ensure that each link is healthy.

f. notify the operator of any failure and remain on the good link.

g. contain no mechanical relays at any point.

7.3 Communications SecurityNetwork shall meet the following requirements:

a. incorporate logical addressing to allow efficient transmission to redundant nodeswith both the primary and backup modules database updated simultaneously.

b. include a 16 bit polynominal Cyclic Redundancy Check (CRC) verification onevery frame.

c. include message length checks.

d. employ anti–jabber circuitry.

e. be of totally sound design to expect no more than one undetected error in 1.000years of operation.

7.4 Time SynchronizationTime synchronization shall be employed to ensure strict coordination betweenmodules. A clock synchronization pulse shall be transmitted to all networkmodules at least every one hundred (100) milliseconds. In addition, actual realtime shall be transmitted to each module at least every fifty (50) milliseconds.Drifting of actual real time shall be no more than three (3) seconds (.0035%) perday (24 hour period).




REVISION DATE


SCADA SYSTEMS

Page 48

AUG.940

PDVSA K–309


��

7.5 Node SoftwareNode software shall be layered and modular.

The “Software environment” layer shall provide the application software with a setof software services common to all modules/nodes and a uniform interface,regardless of the type of module/node. Each module/node shall contain the samereal time operating system which schedules all tasks and communications.

The “base applications” software layer shall define and execute the basicfunctions of a particular ‘‘personality” for a module/node.

7.6 Remote Networks IntegrationThe system network shall communicate through a Plant Network with remotesystem networks without duplication of the point database. The followingfunctions shall be supported:

� Any node of the system network can read write any point parameter in remotesystem network data.

� The remote tagnames can be included in standard group or detail displays,custom graphics and control programs in the system or in computingenvironments.

� The system can transfer files from and to remote network.� Cascade Control between the system and the remote system can be achieved.

7.7 Security AccessEach system network shall be configured with the security access permitted toremote system networks. Every point parameter information and file transferrequest shall be checked for proper authorization per security configuration.

� Read only access� Read and Write access, and� No access.Point parameter access shall be further restricted by:

� Process connected network identifiers.File transfer shall be further restricted by the volume ID of the bulk storagedevices.

7.7.1 Security

The system shall support at least four levels of access, by keylock control. Inaddition, password security shall be available for specific functions.

7.7.2 View only

At this, lowest level, the process shall be capable of being monitored, but no dataentry or process changes shall be made.




REVISION DATE


SCADA SYSTEMS

Page 49

AUG.940

PDVSA K–309


��

7.7.3 Operator access

At this, changes to ‘sensitive’ parameters (tuning constants, process ranges,etc.)shall not be permitted. Points subject to these constraints shall be determinedby off–line configuration. Changes required to effectively control the plant shallbe permitted.

7.7.4 Supervisor access

At this level, the sensitive parameters will be available as well as all those at theoperator’s level. Any changes shall be reported in the operator’s journal.

7.7.5 Engineer access

At this level, all data base parameters, and full functionality shall be available foroff process configuration, display building, etc.

7.7.6 The security default

Level of access shall be defined on a per CRT basis, and shall be changeable onlyby keyswitch selection of a higher access level.

7.7.7 Configurable levels or access

Shall be provided for certain system functions such as saving and restoringspecific data bases; startup and shutdown of modules; changing system time anddate, enable and disable alarms; and accessing maintenance functions.

The system shall request automatic change of password every month.

7.8 Plant NetworkThe system shall be connected to a Plant Network that is based on IEEE 802.3,802.4 or 802.7 protocols. The Plant Network shall have dual cables. If a networkcable fails the communications shall be implemented on the other cable.

7.9 Data–entry Type CheckingShall be incorporated into the system to prevent entry of the incorrect type of datae.g., alpha versus numeric, etc. If an invalid entry is attempted, an audible errortone shall be generated and appropriate error message shall be displayed.




REVISION DATE


SCADA SYSTEMS

Page 50

AUG.940

PDVSA K–309


��

7.10 Automatic Periodic Storage of DataThe system shall be capable of performing either manually or automatically,periodic storage (system checkpointing) of all module memory contents to anon–volatile storage medium to provide a backup database of current processand system parameters in the event of a complete failure of a module’s memoryor the inadvertent deletion of module’s contents by the user.

7.11 Interaction with Other Systems

7.11.1 Function of connection for external systems

The interactions with external systems shall perform the interchange ofinformation between the different levels of operative systems with those of thesupervisory levels thus permitting the supervisory systems to have a globalinformation of the operations in the field.

The scada systems shall permit access to real time data on demand alwaysbearing in mind that this procedure shall not prevent the supervisory operativefunction of the entire scada system.

The system shall permit the receipt of incoming information from the supervisorylevels and permit the insertion of these data in the data base in real time in orderto adjust the setpoints of operation of the associated process with the system orinformation to be displayed on the screen.

The SCADA systems shall not accept any direct command coming from anyexternal system but present it to the operator for acceptance and record as anevent on the SCADA system.

7.11.2 Facilities offered

Periodic file transmission

The system shall be capable of sending information to external systems in adefined file format or a flat file.

The tasks in charge of handling the information format and the transmition of thefile shall have a fixed selectable schedule and its priority shall be low enough toavoid any interference with SCADA functions.

Asynchronus file reception

The system shall accept incoming files from external systems subject to thefollowing restrictions:

� Access restriction: any file accessing the SCADA system shall leave an audittrail in the system, even if it is not accepted by the operator.

� Operator accept: any file accessing the system shall be presented to theoperator in the graphic displays requesting acceptance from the operator. If thefile is rejected the system will notify to the sender with a message.




REVISION DATE


SCADA SYSTEMS

Page 51

AUG.940

PDVSA K–309


��

� Change alarm: any file containing information that can produce a change ofmore than 10% in any process variable shall generate a system alarmindicating the affected variable to the operator, requesting confirmation beforeacceptance.

7.11.3 Communication protocols

The protocol stack accepted for interaction with external systems shall be TCP/IPover the network or over CCITT X.25.

� Network level: shall be in accordance with RFC 791 and 792 (IP/ICMP)

� Transport level: shall be in accordance with RFC 793 and 768 (TCP/UDP)

� File transfer: shall be according to RFC 959 (FTP)

� Message handling: shall be according to RFC 821 (SMTP)

� Terminal emulation: shall be according to RFC 854 (TELNET)

� Network management: shall be according to RFC 1098 (SNMP V2).

8 TELECOMMUNICATION SYSTEMS

8.1 TechnologyThere are two types of technologies available for the telecommunication servicesof a SCADA system, one based on audio systems using modems and the otherutilizing digital connections.

The use of either one of these depends on the types of existing systems oftelecommunication in or around the location of the remote stations. The selectionof the technology to be utilized for the configuration of the telecommunicationsystem is critical for the SCADA system itself.

8.2 Modem

8.2.1 Transmission

The transmission signal level shall be 0 dBm over a balanced load resistance of600 ohms. This level shall be adjustable in steps of 0.5 dBm, as a minimum, andshall have an adjustable range between + 3 dBm and –15 dBm. All leveladjustments shall be discrete type.

8.2.2 Reception

The reception level shall be 0 dBm over a balanced load resistance of 600 ohms.This audio receiver shall have a minimum dynamic range of 60 dB and detect thefrequency shift key (FSK) signal in the signals with a minimum signal to noise ratioof 30 dB.




REVISION DATE


SCADA SYSTEMS

Page 52

AUG.940

PDVSA K–309


��

8.2.3 Stability adjustments

During the interval between MTBF of a modem, its adjustment levels shall not vary,within a range greater than ± 3 dB and the annual variation of the transmitted signalshall not be greater than ± 1 dB.

8.2.4 Audio channel quality

The communication channel shall be BELL 3002 standard with a confidence levelgreater than 99%.

8.2.5 Speed of transmission

The modem shall comply with standards CCITT V.22 and V.22 bis.

The modem shall permit communication speeds of 1200, 2400 and 4800 bits persecond (BPS). The speed selection shall be automatic depending on the signalquality reception. A manual speed selection facility shall also be available.

8.2.6 Digital interface

The modem digital connection shall comply with the standard CCITT V.24 or in itsabsence with EIA RS232D standards. These standards include the physicalcharacteristics of the connection ports.

8.2.7 Power supplies

The modem shall be powered from the same source of supply as the remotestation.

8.2.8 Keying

The modem shall activate the transmission circuit via a radio equipment throughthe use of the command CTS and/or RTS as a sign of pre–transmission with animplementation of a programmable delay adjustable from 0 to 1000 millisecondsin steps of 50 milliseconds.

The signal management circuit shall ensure upto 2500 volts galvanic isolation onboth sides.

8.3 Communication ProtocolsThe communication protocols shall guarantee the communication between themaster station and the remote stations independent of the quality of thecommunication.

8.3.1 Level

The protocol shall have a functional level 2 of the OSI model (data link) and shallhave the necessary algorithms for error detection and correction.

8.3.2 Type

The protocol system shall be asynchronous and with a master/slave hierarchy i.e.The master station shall function at an upper level and the slave level shall not




REVISION DATE


SCADA SYSTEMS

Page 53

AUG.940

PDVSA K–309


��

possess the capacity to initiate a communication without having been interrogatedpreviously.

8.3.3 Multilevel capacity

The protocol shall have the communication capacity at different physical levelsallowing the connection of slave stations to a remote master station. Thesestations shall be recognizable by the system and shall interchange messages withother stations of the same or another level.

8.3.4 Error detection and correction

The protocol shall detect and correct errors in received data messages. The errordetection and correction shall be based on CRC–CCITT CODE or better.

8.3.5 Interface with other protocols

The system shall communicate with other protocols, through the use of dedicatedcommunication controllers, based on software that can run in the installedhardware of the MTU and IRTU. This facility is especially required for interfacingwith intelligent equipment located in the field.

9 SYSTEM TUNING

9.1 Proportional Control LoopsThe system shall include facilities for tuning of linear control loops based onuniversal methods developed by GREG SHINSKEY et al and for non–linear loopsas detailed below.

The method detailed in I.S.A.–INTECH JOURNAL, AUGUST 1993 issue consistsof a relay which gives a step to the controller output alternately in oppositedirections when the measurement crosses the set point. The discrete switchingcauses the loop to oscillate at its ultimate period Tu and the ratio of the relayamplitude ‘d’ to the measurement amplitude ‘a’ defines the ultimate gain of thecontroller. The magnitude of the step shall be sufficient to obtain a curve whichpermits legible readings of ‘a’ and ‘d’.

Fig. 1 shows a block diagram of the self–oscillation principle.




REVISION DATE


SCADA SYSTEMS

Page 54

AUG.940

PDVSA K–309


��

FUNCTIONTRANSFER

FUNCTIONTRANSFER

PV

SELF–OSCILLATION PRINCIPLE

SP

CONTROLLER

RULESTUNING

RELAY

PROCESS




REVISION DATE


SCADA SYSTEMS

Page 55

AUG.940

PDVSA K–309


��

Fig. 2 shows a plot of relay output and measurement output.

MEASUREMENT

a

CONTR. OUTPUT

TUNING PERIOD

TIME

UT

INITIALIZATION

d

RELAY OUTPUT

PLOT OF RELAY OUTPUT AND PROCESS OUTPUT DURING TUNING.




REVISION DATE


SCADA SYSTEMS

Page 56

AUG.940

PDVSA K–309


��

The intelligent tuner as detailed in Fig. 3 shall be incorporated into the system.

INTELLIGENT TUNER IMPLEMENTED INTO CONTROLLER

FOR TUNINGIS SELECTEDCONTROL LOOP 2

TUNER

LOOP nCONTROL

LOOP 2CONTROL

LOOP 1CONTROL

I/OREMOTE

CONTROLLER DATA BASE

INTELLIGENTRTM/1




REVISION DATE


SCADA SYSTEMS

Page 57

AUG.940

PDVSA K–309


��

The processor rejecting values of ‘a’ and Tu not measurable and automaticallyincreasing controller output in steps of 1% upto a maximum of 10%. See Fig. 4.

& STARTSETUPCONFIRM

DIAGRAM OF MODEL PROGRAM.

ACTIVE TUNING COMPLETE

OR MODIFYREDESIGN

REJECT

REJECTREJECT

REJECTACCEPT OR

COMPLETEDCOMPUTATION

IS CORRECTACCESS TO LOOP

1. LOOP IDENTIFICATION

3. INITIATE TUNING4. COMPUTATION

2. SETUP5. ENG. APPROVAL

9.2 Discrete on–off Control LoopsThe discrete action output signal shall ensure that the speed of the action of thevalve is adequate to ensure that there are no sudden “surges” or“depressurization” effects in the process.

In the event a number of valves are opened or closed simultaneously the order inwhich the valves operate shall be carefully evaluated in order to ensure acontrolled “shutdown” or start–up of the plant or equipment.

10 INSTALLATION AND COMMISSIONINGAll installation and commissioning shall be performed in accordance with projectdrawings and specifications.

11 Q. A. / Q. C.All items shall conform with the procedures detailed in specification K–369.




Manual de RTU

Documents

technical assistance center

remote terminal units

electrical power installations

bulk data storage

performing correctly prior

remote terminal unit

balanced load resistance

interposing relay mounted