Section 12 — Instruments and Controls

Distributed Control Systems

IPE Engineering Practice IPE-EP-12-3-1

Document number: IPE-EP-12-3-1 · Section: 12 — Instruments and Controls

Operator Console 21
Power Supply 21

ADVANCED CONTROL 21

Design Principles 21
Hardware 21
Mass Storage 22
Operator and Engineer Interfaces 22
Software 22
Process Control Software 22

13.0 COMPUTER AND FOREIGN DEVICE INTERFACE 23

14.0 VAX INTERFACE 2414.0 VAX INTERFACE 24

SERVICES 25

General Description 25
Project Management 25
Engineering Services and Training 25
Documentation 25
Project Schedule 27
Shipment 27
Delivery 27
Maintenance 27
Consultation Services 27
“On Demand” Technical Assistance 27
Detail Configuration and Layout 27

ACCEPTANCE TESTING 28

General 28
Manufacturer’s Test 28
Factory Acceptance Test 28
Problems 29
Jobsite Acceptance Test 29
Commissioning Field Assistance. 29
Availability Test 29
Software Quality Assurance 30
Diagnostic Testing 30
EMI/RFI Testing 31

SCOPE

The purpose of this document is to define the hardware configuration, performance requirements, fabrication, documentation, and testing requirements of a microprocessor based, shared display, control system.
Any deviation from this Practice must be approved by the procedure described in EP 1–1–3.
A revision bar indicates all changes made to this Revision.

2.0 REFERENCES

The following codes and standards shall be considered as part of this Practice. All documents shall be the latest editions in force on the date of issuance of this Practice.

STANDARDS AND PUBLICATIONS

IPE Engineering Practices
EP 1–1–3 Deviations to IPE Engineering Practices
EIA
RS–232–C Interface Between Data Terminal Equipment And Data Communication Equipment Employing Serial Binary Data Interchange
NEMA
ICS6 Enclosures for Industrial Controls and Systems
SAMA
PMC 33.1 Electromagnetic susceptibility of Process Control Instrumentation

DEFINITIONS

Contractor - Company or business that agrees to furnish materials or perform specified services at a specified price and/or rate to the Owner.
Inspector - A Inflection Point Engineering, LLC appointed engineer or inspector.
Manufacturer - The recipient of a direct or indirect purchase order for materials and/or equipment. In this context, a direct order is one issued to a manufacturer by a contractor or the Owner. An indirect order is one issued to a manufacturer by a vendor (recipient of a direct order) for materials, fabricated components, or subassemblies.
Owner - Inflection Point Engineering, LLC.
Owner’s Engineer - A Inflection Point Engineering, LLC appointed engineer.
Purchaser - The party placing a direct purchase order. The purchaser is the Owner’s designated representative.
Vendor - Recipient of a direct purchase order.

GENERAL REQUIREMENTS

Vendor Responsibilities
The Vendor shall provide a complete Distributed Control System (DCS) that functions in accordance with the requirements set forth in this specification. The Vendor shall state whether the system offered has been proven by service in similar operations for at least one year. The Vendor shall list appropriate references.
The Vendor shall provide all information necessary for the proper installation and future expansion of the system. This shall include but not be limited to:
Systems block diagram, with supporting documentation as to expansion capabilities at all levels of the architecture.
Dimensional Data
Power required (amount of noise tolerated)
System grounding
Minimum environmental conditions for consoles, controllers, I/O modules, and Termination assemblies.
Isolation of radio frequency signals
Maximum allowable distances from various pieces of hardware
Heat Generation
EMI/REI interference with data signal requirements
Design and specifications of all system devices shall conform to applicable portions of the National Electric Code, latest edition, for installation in a general purpose area, with measurements and valves in a “Division 2” area, unless specifically noted otherwise.
Equipment furnished to this specification, and intended methods of installation and operation of the same, shall comply with applicable codes and regulations, federal, state and local law, National Health and Safety Act, Construction Safety Act, as well as Rules, Regulations and Standards of the Secretary of Labor.
Functional Criteria
The system described in this Practice shall allow dependable and effective process control and shall permit control and data acquisition function to be distributed as required.
Equipment cabinets may contain both controllers and process interface devices shall provide all A/D, I/O connections to the process. Process interface devices and I/O connections may be remote mounted from the controller. IPE will determine the location and environment of the equipment cabinets. Interconnections between devices shall be by plug–in metallic or fiber optic cables.
The DCS system shall perform, as a minimum, the following functions:
Alarm annunciation and display
On/Off indication
Start/Stop control
Process indication and control
Single–point indication of analog or digital variables
Signal conditioning
Operator displays with Graphics

Logging, archival, and trend displays
Interface to computer and foreign devices such as VAX’s, PLC’s, Chromatographs, and Tank Gauging Systems
Self Diagnostics
System Security
The system shall have the capability of displaying real time field configurable plant graphics
The system shall be able to change control schemes via keyboard manipulation. In addition to the keyboard, Vendor shall quote any other input devices such as touch screens and trackballs.
An interface to other digital systems shall be available. The system shall have a configurable interface to a VAX and preferably a configurable rather than programmable interface to microprocessor based systems which shall use asynchronous ASCII protocol. The VAX interface may use a proprietary protocol, and run at network speeds, (reference Section 11.1). Both the asynchronous and the network interface shall have the capability for two way data flow. Complete hardware, software, and configuration or programming requirements shall be specified and included.
The system shall have sufficient redundancy so that the failure of any one single unit or component in the system shall not cause all or essential parts of the system to fail, but shall allow continued operation of control loops. Essential parts shall include the minimum number of control processors for the control of all loops, a minimum of three CRT’s together with all software/hardware, complete operator interface, minimum number of communication processors including communication networks, and minimum number of power supply units to support these parts.
All equipment both within the cabinets and the operator console, shall be readily accessible for maintenance.
Proposal Documents

Each copy of the proposal shall include the following:

Technical Specification data sheets for all proposed equipment. System description and block diagram of proposed equipment and equipment arrangement. A well–documented estimate on loading of the DCS communication link shall be included in this system description for future expansion.
Itemized DCS Bill of Material. With each item priced in detail such that additional items can be added and prices easily adjusted.
Recommended spare parts list with current prices. The Vendor shall include in his proposal the recommended spare parts and an itemized list of the parts provided.
A written guarantee covering parts and labor for DCS hardware and software. Parts and labor involved in correction of DCS hardware or software failures shall be provided by the Vendor at no cost to IPE for a 12 month period to begin upon completion of the Jobsite Acceptance Test. Furthermore, the DCS Vendor shall assure that services shall be expedient to ensure system availability is maximized.
The name and address of the nearest service center and spare parts warehouse location and the number of technicians at that service center.

A letter stating the long range plans for the proposed system. This letter shall include future plans for the proposed system, sales, spare parts, service and support. The letter shall include a time table to software and hardware changes.
A compliance report shall consist of a list of all requirements contained in this specification. The DCS Specification Section numbers shall be on the left hand side of the report along with the bidder’s degree of compliance noted on the right hand side of the report. The bidders shall respond with “Yes” for compliance, and “No” for no compliance, with “Yes with clarification in Volume No., Section No.” for those sections that the bidder has acceptable alternatives, and “No with clarification in Volume No., Section No.” for those sections that the bidder has good reasons for not complying with the specification.
A list of current DCS users with similar applications and hardware along with names and phone numbers of personnel that can be contacted for references.
A proposed project schedule (Bar or Gantt Chart) with milestones to reflect the time allotted for each event which shall include, as a minimum, the following:
Initial Order
Kickoff Meeting
Periodic Inspections
Engineering Review of System Spec
Engineering Review of Test Procedure
Engineering Review of Hardware Design
Engineering Review of System Logic
Factory Performance Test
Factory Acceptance Test
System Configuration
Operator Interface Configuration (Graphics)
Jobsite Acceptance Test
Commissioning
Availability Test
The power and external grounding requirements for the DCS.
Proposed Operator, Maintenance, and Engineering training. Vendor shall specify and include start up assistance as part of the proposal.
Number of copies of Operation/Maintenance Manuals. Software and computer hardware may be proposed leu of hardcopy manuals.

SYSTEMS ARCHITECTURE

Description

The DCS System shall consist mainly of:

Operator Consoles
Engineering Workstation
Cabinet equipment containing controllers and I/O
Communication devices
Operator Console Functionality

The operator consoles shall present all relevant information and control facilities for the operator’s particular area of responsibility. It shall provide a common operator interface under normal operation, during process upset, and in the event of control equipment malfunction.
These basic functions shall be provided:
Graphics displays for operations.
Displays for maintenance and troubleshooting.
Dedicated space for hardwired switches.
Printing of alarms.
Printing or copying of all CRT displays upon demand.
Indications of control and non–control variables.
Manipulation of control loops, including set point, mode, and output.
Display of trends.
Alarm annunciation and display.
Process variable, tabular log display.
Start/stop pushbutton motor operation.
Status indication for on/off devices.
Configuration storage by floppy disk or equivalent. (i.e. optical disk, etc.)
In all cases the operator consoles shall provide a means for consolidating the tasks of monitoring and manipulating the process while using distributed devices to perform the actual process interface and control functions.
Each Operator Console shall have all the displays and data base for the monitoring and control for an area of the plant. In addition, each console shall be capable of displaying and controlling any or all areas of the plant when required without the necessity of reconfiguration. While still allowing displaying of any or all areas of the plant, the capability of controlling any or all areas of the plant shall be able to be locked out of each console.
Operator Console Hardware
The operator’s console shall consist of but not be limited to:
CRT Monitors
Keyboards and pointing devices
Electronics
Alarm Printer
Printer with Screen Image Capability
Programmable keys for use as an alarm annunciator
In addition, space shall be provided where the operators can have a writing surface without interfering with the keyboards. Space shall also be provided for the installation of a telephone, plant intercom and hard wired switches. Drawings, manuals, and specifications shall be provided for installation of the console, wiring, cables, and ancillary equipment.
Each Operator Console shall contain at minimum four CRT’s, four operator keyboards, electronics for the keyboard/CRT, alarm printer, printer with screen image capability, working space, and panel area for mounting of hard wired switches, telephones, radios, etc. All operator CRT’s shall have identical capabilities and keyboards.

The invocation time (as defined in Section 6.9 ) for group and detail displays shall be less or equal to one second. The invocation time for other displays including graphics, shall be less or equal to three seconds. The vendor shall state transmission speeds and the method of communication, (i.e. polling, interrupt, exception reporting, etc.). The maximum time for execution of commands from the operator console and update from field sensors shall be less or equal to three seconds.
CRT Monitor: The CRT monitor shall be a multi–color minimum 19 inch screen capable of displaying mixed alphanumeric/graphic information. Touch screens should be provided. Vendor shall quote the screen resolution and colors available.
Keyboards: The keyboard shall be located in front of each CRT monitor and be of sealed edge, radio frequency shielded, membrane switch construction. The keyboard shall enable the user to perform operating, tuning, maintenance and configuring functions. A key or software lock shall be provided to prevent unauthorized data entries. QWERTY engineering keyboards may also be required. Trackball, touch screen, mouse, or pointing device should be provided
Electronics: The operator console shall operate with 120 Vac, 60 Hz power, Each CRT/ Keyboard shall have its own power and electronics. Failure of a single power supply or electronics shall not result in the loss of more than one of the four CRT/Keyboards.
Programmable Alarm annunciator: A programmable annunciator shall consist of a minimum of 32 keys and lights which have changeable labels and configurable functions associated with them.
Alarm Printer: Each operator console shall include an alarm printer. This printer shall be dedicated for all alarm logging.
Printer with Screen Imaging Capability: Each operator console shall include a printer with the capability of printing screen images along with miscellaneous reports. Vendor shall quote printer resolution. Vendor shall quote a color printer (include resolution) as an option.
Engineering Workstation
Engineering Workstations shall be provided for configuration, advanced control, documentation, and DCS support use. Each workstation shall contain at minimum one CRT, keyboard, electronics, magnetic or optical storage media, and a printer with screen image capability.
If the basis for the Engineering Workstation is a commercially available personal computer or computer workstation, no special boards and firmware shall be required.
If the Engineering Workstation is based on the Operator Crt/Console, the workstation shall have a plug in QWERTY keyboard. The change in functionality between Operator and Engineering shall be keylock or password protected.
Controllers
Controllers shall be microprocessor-based devices capable of receiving and transmitting analog and digital (including smart transmitter) signals. The scan time for a control loop shall be configurable. Scan time for PID control shall not exceed 0.5 seconds. The Vendor shall quote the scan frequencies available and the associated loading factors. The controllers shall:
Be able to be started up without the assistance of any higher level devices, such as a computer.

Be configurable from the Engineering Workstation via the communication system.
Have multiple reduced performance levels prior to device failure built into the design architecture.
Be unaffected by failure of other devices connected to the communication system.
Retain all control configuration memory in the event of a power failure.
Be re-configured for adding or modifying loops on-line without loss of measurement or control of the process and without loss of system communications.
Be multi-loop. The maximum number of control loops shall not exceed 60 in any one processor. The processor peak loading shall not exceed 50% of the available IPE U cycles or data transfer capacity.
Have a Manual Bypass Unit. Manual bypass units shall be furnished for maintenance personnel. Each bypass unit shall display the process variable for the loop replaced. Transfer between automatic and manual modes, and vice versa, shall be bumpless; necessity of balancing before transfer is permissible. Manual output shall be retained by a means not subject to time degradation. The manual bypass unit shall allow replacement of I/O electronics without control interruption.
Algorithms: Algorithms shall include, but not be limited to:
PID (normal, nonlinear, and adaptive gain)
High/low select
Sum/subtract/multiply/divide
Ratio/bias/manual load
Lead/lag
Differential gap
Timer
Dead Time
Ramp Generator
Free-Form Calculation
Integrator/totalizer
Boolean logic (and, or, not, nor, nand, xor, xnor)
Discreet input interaction; eg., pulse counting, input PV switching, output switching, etc.
Process Variable I/O Devices
I/O devices shall process linear analog inputs, such as transmitter current signals, field transducer voltage signals, and non-linear analog inputs, providing square root for flow devices, and linearization for thermocouples and resistance thermometer bulbs. They shall also detect alarms and changes of state and shall be able to convey this information to higher level devices via the communication system.
Analog inputs shall be scanned at intervals selectable for each point. Analog inputs shall be checked against either an alarm value or high/low process limit value. The devices shall perform smoothing algorithms using previously converted values. Each input shall be checked against an overrange/underrange limit. If these limits are exceeded, the process input shall be placed in an alarm condition which can be displayed at an operator CRT.

The system shall be designed to interface to the following process signals:
Analog signals:
4 to 20 mA (self power and system power) transmitters
Low level (millivolt) signals (10mv to 10 VDC)
Thermocouple (J, K)
Resistance temperature detector - RTD (3 and 4 wire)
Smart field devices via the manufacturer’s protocol
Digital signals:
For two-way communications between controllers and smart transmitters vis the manufacturer’s protocol.
24 VDC
48 VDC
48 VAC

120 VAC

125 VDC

High Speed Pulse (1 to 65 KHz)
Device Loading

Spare capacity shall be 20% installed spares. There shall be no more than 16 inputs and outputs on any card and termination for controllers. For input indication devices, there shall be no more than 32 inputs per card and termination.

Systems Hardware
Terminal Panels: Field wiring to the control room shall be numbered and wired to readily identifiable terminals. The terminals shall show the vendors terminal number as assigned by IPE. Interconnecting wiring from terminal panels to the control systems shall be plug–ins, specifically identified, and furnished by the Vendor.
Power Supplies: Power to the control system shall be configured such that performance of one power supply does not affect the regulation of voltage of the others. Power supplies shall be rated for 120 Vac 60 Hz input. Power supplies for each rack shall be redundant. Upon failure of one power supply in the rack, the redundant one shall deliver 100% power to all equipment within that rack, and an alarm shall be sent to the DCS. The power supplies, distribution busbars or conductors, including DC output and AC input channels, shall be totally independent, segregated and redundant. The design shall exclude propagation of a failure in one system to another. The Vendor shall provide details of the power supply in each rack and console for review. It shall be possible to replace the power supplies and fans without interruption of control.
Equipment Cabinets: The equipment cabinets shall consist of the controllers, analog input and output devices, digital input and output devices, power supplies, signal conditioning processing devices, and foreign device interfaces.
Disk System
A disk system shall save and restore the configuration and constants information contained in the memory of the controllers and I/O devices. This disk system shall also be able to save and restore the display configuration of the operator console itself. Redundant hard disks shall be provided.

The vendor shall provide a complete system to backup any disk system(s) installed in the DCS. The media used for backup and restore shall be removable to permit storage off–site. The vendor shall state in the proposal the backup methodology (i.e. image or file) and the time in minutes required to backup and restore a full disk. If intervention is required to load multiple backup/restore media, the vendor shall notes this in the proposal.
Grounding: The grounding must comply fully with the National Electric Code. The Vendor shall provide a detailed technical specification for grounding all equipment. Specification shall include installation methods, wiring, and connector details. Maximum ground path impedance between any single conductor and the terminal point shall be specified.
HVAC Requirements: The Vendor shall provide a technical specification for the HVAC system in terms of the system heat load, humidity limits, and maximum permissible concentration of H2S, other vapor/gases. IPE will provide the HVAC system.

PROCESS MONITORING AND MANIPULATION

The following standard displays shall be provided.

Overview Display

This display shall present the operator with a plant (system) overview.

Group Display
Each group display shall consist of a minimum of eight faceplates. The design of the individual loop faceplates shall be approved by IPE. IPE shall be able to change the design of the faceplate without any additional cost or utilities. Each point shall be identified by a 10 character tag number consisting of characters from the standard ASCII set. The point shall also display a description of 24 characters minimum.
Any point in the system shall be able to be configured in any group and displayed in as many groups as necessary. The control point shall have PV, SP, output, control mode, alarm condition, and limits displayed digitally and/or graphically.
At the group display the operator shall be able to:
Select a control loop for control action.
Change control mode of the loop selected (automatic, manual, computer, cascade).
Change set point or target value.
Change output of loop while loop is in manual.
Select a loop and initiate further display such as detail, trend or hourly averages.
Issue commands to start/stop and open/close two–state equipment.
Acknowledge alarms.
Detail Display

The operator shall be able to call up any analog or digital point in the system for a detail display. For analog loops, the operator shall be able to manipulate set point, output, ratio, bias, and control modes through the detail display. For digital control points, the operator shall be able to issue commands to start/stop and open/close two–state equipments.

Tuning Display

The system shall provide a controller tuning display. The display shall provide a real time trend of the setpoint, process variable, and output with a scan interval of 5 seconds or less. Capability to trend one additional variable from the system shall be provided. The display shall also provide access to the tuning parameters. The span for the process variable, setpoint and output on the trend shall be individually selectable. Assignments to the tuning display shall be made by tag name or selection from the faceplate display. Intelligent (Auto–tuning) aids shall be provided with the system.

Trend Display
Trend display shall show an analog type display for all points in the system. A single trend display shall support trending for a minimum of four variables. The system shall support trends with 15 second snapshots for one week. Trend time basis shall be provided in the proposal. Data compression and averaging techniques shall be fully documented.
While a point is trended, another portion of the screen shall show the same alphanumeric information as the group display, and should permit operator manipulation of these loops. Means shall be provided to archive data on removable magnetic or optical media for long term storage. The vendor shall describe the method for retrieval of archived data.
System Status Display

The system shall continuously monitor all the devices (both primary and backup) on the communication system. When failure conditions are detected, the operator shall be alerted by an audible alarm. A system status display shall indicate type, location, nature of malfunctions, and system degradation due to the failure. Errors, faults, and malfunctions shall be described in text. Operators should be prompted with remedies for system failures.

Graphic Displays
The operator console shall be capable of producing interactive P&lD graphic displays with dynamic data. A minimum of 300 graphics with 50 dynamic data points per display shall be provided for each operator console. Graphics shall have the capability to show trend data, dynamic values, dynamic bars, faceplates and text together on the screen.
Graphics shall support the creation and use of an interactive “pop–up” faceplate. Selection of a dynamic variable on the display shall cause a user configured “pop–up” faceplate for that variable to appear on a user defined area of the display. Selection shall take no more than 2 touch targets or keyboard selections.
Full control capability shall be provided from the faceplate with less than 2 keystrokes. The “pop–up” faceplate shall change with the selection of another dynamic point. All remaining dynamic data on the display must be updated at the normal frequency when a “pop–up” faceplate appears.
A library of graphic symbols, figures, and characters is required. User–defined symbols and figures shall be provided. All updated displayed variables shall be refreshed within five seconds of the latest scan.

Graphic displays shall permit inclusion of any data available on the plant–wide DCS system. They will contain scan data from the field, data provided by application programs, operator entries, data from foreign devices interfaced to the DCS, and data imported from the VAX computer. The Vendor shall clearly state the maximum number of data points of each type that may be present on a single display page and the effect that the number of points on display has on display performance. The graphic display system shall have sufficient math capability to display the result of adding and subtracting two values in the system.
Blinking and color attributes shall be assignable to real–time data values and other selected graphic characters. These attribute states shall be changeable by the process software (e.g. alarm violation) or user application program.
Graphic displays shall be built and modified interactively from the engineer console. It shall be possible to examine display files on the engineer work console and print to hard copy. Partially built displays shall not affect normal system operation.
It shall be possible to dump completed displays to floppies or other media for fast and efficient recreation of destroyed displays.
Graphic displays shall have the capability to be linked to a minimum of 50 other displays through configurable touch targets or keyboard selections.
Operator Assignable Displays

The system shall provide a minimum of two group displays which have operator assignable control points. Assignments to this display shall be made without interrupting the normal operation of the console. The intent of the displays is to allow the operator to monitor any combination of points in the system on a single display as operating requirements change. From the display, the operator shall be able to access the points for changes with a minimum number of keystrokes.

Display Invocation Time

The invocation time for group and detail displays shall be one second or less. For all other displays the invocation time shall be three seconds or less. Invocation time is the time that the system takes from the initial request to completely fill and initially update a particular display. The displays shall be tested with a minimum of 50 dynamic data points in operation.

System Keylocks

Keylocks shall be provided to permit or restrict the operator actions for the following functions. Each function shall be individually permitted or restricted by configuration.

Changing tuning constants, filter time constants, and dead bands.
Changing process variable zero and span value.
Changing alarm limits.
Changing configuration of any of the loop parameters (control algorithm, signal type, and input source).
Changing output limits
Assignment of process units to an operator console

ALARM MONITORING OF PROCESS SIGNALS

General
Alarm monitoring shall be a function contained in each operator console. Alarm actuation should be done in the microprocessor–based controllers or I/O processors.
The ability to configure the following analog and digital signals shall be provided:
Analog inputs: Four types of alarms shall be associated with each input.
Separate high and low absolute value of the process variable.
High and low deviation of the process variable from the set point or target value.
Rate of change of process input alarm.
Separate high out of range alarm when an analog measurement exceeds 20 mA and low out of range alarm when an analog measurement drops below 4 mA.
Analog outputs: Separate high and low output alarm
Digital inputs: Alarm on field contact status open, close, or change of state.
Smart Transmitters:
Separate high and low absolute value of the process variable
High and low deviation of the process variable from the set point or target value.
Rate of change of process input alarm.
Status from transmitter diagnostics
Process Alarms Monitoring in Operator Console

The Operator Console shall be able to perform alarm monitoring for all the points assigned to that console.

Alarm Levels: The ability to assign each tag in the system an alarm level shall be provided. Four alarm levels shall be provided.
System alarm
Critical alarm
Regular alarm
Information alarm
No alarm

In addition there shall be additional alarms for DCS System functions.

A separate alarm horn sound shall be provided for system, critical, and regular alarms. The information alarm shall print on the alarm printer and alarm summary, but sound no alarm. The information alarm shall be available for custom graphic displays. The ability to assign no alarms on each point shall be provided.
All operator console displays shall provide alarm indication for system, critical and regular alarms. On P&ID graphic displays the alarm condition shall cause a color change in the tag, value, or dynamic display element.
The faceplate display for each point shall provide alarm indication and an alphanumeric code for the particular alarm. The ability to disable all alarms associated with a point shall be provided. When the alarms are disabled, the faceplate display shall indicate this condition.

Alarm Groups: The ability to assign each point in the system to an alarm group shall be provided. Each alarm group shall represent those alarm points associated with a specific piece of equipment, operating unit, or portion of the plant. Any point may exist in more than one alarm group. Each group shall support a minimum of 100 points. If any point in the alarm group goes into alarm it shall have a flashing display until the alarm is acknowledged from the keyboard. The ability to acknowledge all alarms in a group and to inhibit all alarms in a group shall be provided. If the group alarms are inhibited, all faceplates associated with that group shall indicate that condition. The ability to display the alarm condition of each group (no alarm, active alarm, acknowledged, unacknowledged) on a custom alarm overview graphic shall be provided.

Alarm Monitoring Sequence: The Alarm Monitoring Sequence shall be as follows.
Alarm Occurs;
Keyboard button flashes, console alarm sounds, and symbol on alarm overview flashes
External alarm contact closure provided
Printer types out tag, description, alarm, alarm set point, date and time
Alarm Acknowledgment; Operator presses acknowledge and silence keys
Keyboard button lights steadily
Audible alarm silenced and external alarm contact resets
Alarm displays stay red but stop flashing
Printer types out tag, description, date, time, and alarm acknowledgment
Point in alarm returned to normal after alarm acknowledgment;
Keyboard button’s light goes out
Alarm displays clear or return to green
Printer types out tag, description, date, time, and return to normal
Programmable alarm annunciator: A programmable alarm annunciator shall be provided. The annunciator shall consist of pushbuttons and lights. The ability to assign the alarms associated with each point to a pushbutton shall be provided. When an alarm occurs, a dedicated hard or soft pushbutton shall flash in accordance with the Alarm Monitoring Sequence. Depressing the pushbutton shall take the operator to a preconfigured screen (graphic, group, etc.) from which control action can be taken. Each push button may have multiple points assigned to it.
Alarm Summary Display
The alarm sequence summary display shall alert the operator when points are in alarm. The date and time of occurrence, point identification, type of alarm, and point description shall appear on the display.
The most recent alarm shall be shown at the top of the display, with date and time of occurrence displayed in month/day/year and hours, minutes, and seconds.
A point in alarm shall flash on the alarm summary display until it is acknowledged from the keyboard.
For operating ease, cross reference to the applicable alarm group and operating group shall be shown with each alarm on the display.

System Alarming
The system shall have self–diagnostic capability.
The operator shall be alerted to an equipment malfunction and, from one display shall be able to identity:
The device’s location on the network
The type of device
The diagnostic code
The communication system devices shall perform on–line self–checking routines; a malfunction shall be indicated on the operator interface.

LOGGING AND REPORTING

The distributed control system shall support alarm, event logging, and the production of process logs and reports. Alarm logging is defined in section 7 of this Practice. The logging and reporting system shall handle both line related (alarm and event logs) and page related (historical, process, periodic). It shall be possible to output both single–line messages and paged logs on the same printer.
All single–line messages waiting to be output shall be output after a paged log has been completed and before a new paged log is begun.
A top–of–page command must be sent whenever the output changes from paged log to single line or from single line to paged log.
All paged logs are of equal priority. Once the output of a report has started on a device, it shall run to completion without interruption by another queued report or single–line message.
The logging software shall provide for failover to another device if a printer fails. Device may be another printer or a hard disk. If failover is to a hard disk, utilities shall be provided for subsequent printing to the printer. Printer failure during the printing of a single–line message or a paged log shall result in the reprinting of either on the backup printer or hard disk. No alarm or event messages shall be lost due to printer malfunction or a backlog of messages.
The priority of outputs to a logger shall be single–line messages first and paged logs second. When a printer is put back in service after a failure, the highest priority item shall be output first. The ability to assign or request a particular report or event message to be output to one or more specified printer shall be provided.
The format and content of all logs and reports shall be configurable. All necessary utilities and hardware shall be provided. Configuration, programming, or hardware required for the logs and reports shall be provided.
Event Log: The event log shall keep a hardcopy record of process events which are of interest to the operator but are not necessarily alarms. It also includes messages from application programs running on the system. Typical events to be logged are:
Change in status of field equipment
Manual data entry from keyboard
Device placed in/out of service
Change in mode (auto/manual, local/remote)
Point placed on/off trend
Point placed on/off scan

Process Log: The system shall support the logging of any point in the database. Process logs shall support any combination of the following:
Current value
Hourly average, low value, high value
Shift average, low value, high value
Daily average, low value, high value

SYSTEM COMMUNICATION

General
The communication system shall allow information to be transferred between the operator consoles and the process I/O devices, such as the controllers and data acquisition devices. Redundant communication paths shall be provided for digital communication between devices down to the I/O level.
Failure of one device on the communication network shall not result in loss of communication between other devices on the network. The vendor shall quote the type of communication and topology in their bid. Failure of redundant communication buses shall not disable control functions of any device on the system.
Error Checking

All data transmission shall be checked by means of both a cyclic error checking code and use of bit pattern echo from the receiving unit or other secondary checks. The Vendor shall state the methods used.

Circuitry

Separate circuitry shall be used for each redundant cable. Any place in the DCS system where common or nonredundant circuitry is employed shall be specifically documented in the bid response.

Self Diagnostics
The system shall be capable of automatically alerting the Operator that a malfunction has occurred. The Operator shall then be able to display information on any CRT that identifies the components within the system that are malfunctioning. The system integrity status display shall present the following information:
Type and location of malfunctioning unit
Nature of malfunction
If back–up system is in use
Amount and type of degradation
Updates list and count of up to 10 different malfunctions.
From the Operator Console, the Operator shall be able to verify the condition of all devices connected to the redundant communications cable. Additionally, switching of redundant or backup devices shall be possible from this location. The self–diagnostic software shall be executed at least once every five seconds. This feature shall detect and isolate failures to the board level in all system components.

THE SYSTEM DATA BASE

Description
The system shall have a distributed database and configuration information philosophy. The configuration information shall be stored in each process interface and control device’s microprocessor–driven memory.
The Vendor shall state any limits to the number of points or tags available within the distributed database.

10.2 Database Upload and Download Capabilities

Upload shall be defined as the capability to checkpoint/save each system device’s operating system/personality plus its ”currently–executing” site–specific database parameters. The upload function shall be configurable, to be performed automatically (on a pre–defined schedule) and/or on–demand. Download shall be defined as the capability to fully restore the personality of any device, including its customer site–specific database. The vendor shall state the mechanisms of both the upload and download functions.

REDUNDANCY

Redundancy shall be provided at all levels of the distributed control systems to enhance reliability and prevent the failure of one device affecting the operations of the system.

Communications within the control system shall alert the operator of the failure of the main device and the automatic switching to the back–up device. The system shall have, as a minimum, the following:

Micro–Processor Based Controller

For all microprocessor-based shared control units performing regulatory control, a back-up system shall detect malfunction in the primary controllers, notify the operator, and resume control in the original mode. The transfer shall be bumpless.

Input/Output Modules

Where more than 4 control and/or 8 inputs outputs are shared in one electronic card for signal conditioning, multiplexing, or A/D, D/A conversion, then a fully redundant card shall be provided as a back–up The system shall have the capability of automatically transferring the functions to this redundant card on the loss of the main card. Design of redundant I/O shall be approved by the Owner’s Engineer.

Communication Electronics
Redundant data communication cables shall be utilized. Disconnection of such cables or operations with an unterminated cable shall not cause system failure.
A single electronic or mechanical relay failure shall not cause the operator to lose the view and control of the process. Automatic switch over to the back-up device shall be provided.
The Operator Console shall have a minimum of 3 CRT’s and associated keyboards in service for view and control.

I/O Multiplexor Devices

The use of these devices shall be limited to non-critical “indicate-only” variables. The design shall be modular and no more than sixteen (16) inputs shall be shared by one electronic card. These devices can also be used for digital I/O. The maximum number of digital I/O per card as well as redundancy for digital I/O shall depend on individual applications but shall not exceed eight.

Operator Console

The CRT’s may have individual or redundant power supplies, electronics, and network communication. No single failure of a power supply, CRT electronics, or communication processor shall cause a loss of functionality of the console to less than three CRT’s and associated Keyboards.

Power Supply
Redundant DC power supplies shall provide power to the distributed controls hardware. If switching is required, it shall be automatic from the main supply to the back–up with an alarm on the console. Loss of any component of the main power supply shall not degrade the backup power supplying 100% of load. The power supplies shall have separate input terminals in order to have the capability of connecting to two independent sources of incoming AC power.
The vendor shall provide a layout of the DC power supply system in the cabinets. Each device connected to the DCS bus shall have individual fuses. The DCS bus supplying power to individual devices shall be completely redundant. Power supplies shall be designed for fully loaded cabinets with 20% reserve for in–rush–protection.

ADVANCED CONTROL

Design Principles
Advanced Control shall be implemented in a microprocessor–based device. This device shall provide real–time based logical and computational operations, have access to the entire process data base, including historical and averaged data, and be fully integrated into the DCS.
All software shall be field proven; exceptions to this shall be clearly identified and specifically approved by IPE.
Hardware
The advanced control device shall have the capability to:
Access all process points in the DCS.
Access and modify DCS data base parameters.
Output and modify DCS setpoints.
Route single line textual messages to any CRT of any operator console. The message text shall be generated by the advanced control device.
The advanced control hardware should be comprised of a device and environment essentially identical to the regulatory controllers with extensions to accommodate programming in a high level, real–time, language.
The hardware design shall be capable of being extended by additional units. The limits in the number of points, configuration blocks, and high level language statements shall be explicitly stated by the vendor.

Mass Storage

Sufficient mass storage (hard or soft disk) shall be included as part of the DCS to save and restore all specified advanced control software including operating systems, support software, process software, and applications routines.

Operator and Engineer Interfaces
The operator interface with advanced control shall be through the Operator Console. The operator interface shall be identical to the interface with the regulatory controllers.
The engineer interface with advanced control shall be through the Engineering Workstation. This Workstation shall allow the engineer to configure or modify the parameters of any of the control algorithms used for advanced control. Additionally it shall provide the engineer the ability to implement user–defined control programs. The Workstation shall allow access to diagnostic, maintenance, utility, editing, compiling, task linking, and program testing software.
Software

The software shall be provided:

Testing: Program operation shall be tested without affecting the operation of the DCS.
High level language compiler: The compiler shall compile a recognized real time, high level language that is fully documented and tested. Vendor shall state the language used. Compiler shall generate new and modify existing programs.
Program/File Editor: A program/file editor shall provide the necessary tools to enable source code and other files to be created, modified or deleted. Program editing shall be interactive from the Engineer Console.
Program Debugging: Program debugging shall enable the safe testing of new or modified programs.
Self Diagnostics: The advanced control device shall include self–diagnostic routines. It shall be possible to determine both the run time and the percentage of U utilization.
Maintenance Utilities: Facilities shall be provided to load, dump, initialize, and recover the advanced control system using the appropriate storage media.
Process Control Software

The advanced control software shall provide a set of easy–to–use preprogrammed algorithms. A fill–in–the–blanks form or other easy functional method shall be used to configure the algorithms. Additionally, a high level language which can be used for user–designed control strategies shall be provided.

Algorithm Features: The advanced control algorithms shall contain all the algorithms from the regulatory controller with extensions for interfacing to the high level language. All alarms, status, transfer, error propagation provided in the regulatory controller shall be provided in the advanced controller.
High Level Language Features: The high level language shall allow for structured programming and shall contain at least the following features:
Assignment Statements: Access or change the value of one or more variables.

Control Statements: Specify program flow.
Delay Statements: Cause program delay for a specified time or until some event occurs.
Systems Communication Statements: Allow a program to communicate with other programs and to the DCS.
User Communication Statements: Allow a program to easily communicate with user peripherals such as printers, keyboards, CRT’s etc.
Comment Statements: Permit the use of extensive comments which can be free–formatted and should not affect the amount of memory or run time a program uses.
Mathematical Functions: Provide for the operations of addition, subtraction, multiplication, division, and raise to a power. Provide absolute value, average, minimum, maximum, square root, summation, natural logarithm (base e), common logarithm (base 10). Provide trigonometric functions of cosine, sine, tangent, arc cosine, arc sine, and arc tangent.
Logical Operators: Provide for the operations of greater than, less than, equal to, and, or, and not.
Array Structures: Data structures set up as arrays shall be allowed.
Multi–Precision Arithmetic: (at least) double precision arithmetic, 32 bit work length shall be provided.
Limitations: The vendor shall explicitly state the limitations of the advanced control device as they pertain to user–written control programs. Among these limitations shall be:
Program Size
Program Execution Time
Total Number of Programs
Total Program Size
Program Synchronization

COMPUTER AND FOREIGN DEVICE INTERFACE

Interfaces provided by the DCS vendor shall be configurable, rather than programmable, unless approved by Owner’s Engineer. The DCS vendor shall state explicitly the nature of the interface software. If configurable, any tools and/or facilities needed for IPE to completely reconfigure the interface shall be provided. If custom programmed, the DCS vendor shall state the language used (FORTRAN, C, assembler, etc.)
Assembly language shall only be used when no other option exists, and shall be limited to the maximum extent possible. If the interface can be programmed in more than one language, the DCS vendor shall provide quotations for each language variant.

Source code for custom programming shall be provided to IPE on approved magnetic media (IBM PC–DOS ASCII text) as well as any nature of tools or facilities necessary for IPE to regenerate executable code from the source code and install the new executable code in the DCS vendors equipment. If changes made by the DCS vendor at a later date require new or substantially modified source code, libraries, or configuration tools of any kind, these shall be provided by the DCS vendor to IPE at nominal cost.
The DCS Vendor shall provide written documentation on the interface protocol and shall be held accountable for the interface performance as per the documentation.
The interface devices shall be self–initializing, requiring no manual intervention to recover from events such as power failures, communication line failures, or manual reset of the processing device at either end of the communications link.
The interfaces shall be designed such that they can be easily reconfigured by IPE to add or delete data points as necessary.
The vendor shall provide information describing the security measures included in the DCS design which protect the DCS from intrusion when connected to foreign devices, including but not limited to computer and PLC interfaces and/or networks.
For DCS which offer connections to general purpose computer networks, the DCS to network interface shall include:
A means to selectively enable communication with up to 32 network nodes. These nodes may be specified by node names, physical or logical addresses, or other mechanism approved by IPE.
Communication with each node shall be software–switchable from the Engineering Workstation to read–only or read–write.
Unsolicited requests from unauthorized nodes or write attempts by nodes configured as read– only shall be logged to a system security log within the DCS. It shall be possible to review this log from the Engineering Workstation or print the log.

VAX INTERFACE

The DCS shall have a computer interface to all DEC VAX models from Microvax through VAX6000 Series, and shall communicate at a minimum of 64K baud, and preferably at network speeds of 1MB or better. This interface shall be configurable and not require programming by the customer. The interface shall provide two way data flow for such things as controller set points, process information and alarm status. The interface shall be integrated into the DCS system so that data passed from the VAX can be displayed on the DCS system consoles. The update frequency of the DCS data to the VAX shall be selectable, and shall not be longer than every 30 seconds for 5000 points.
The interface provided by the DCS vendor shall be arranged such that it can be modified by IPE to remove or add data points, or other similar changes. If this requires configuration tools and/or facilities of any type, the DCS vendor shall state explicitly what is required for the reconfiguration.
The vendor shall provide a description of any reconfiguration procedures, and shall provide these configuration tools as part of the deliverables.

The interface shall be designed such that in the event of loss of the communications link for a configurable period of time the DCS will notify the Operator personnel of the failure and log the failure. Logging of this or similar events to the system error summary, alarm printer, journal facility, or other mechanism shall be provided with sufficient detail to explicitly identify the problem which caused the failure.
The DCS Vendor shall provide a brief description of how their system shall provide the following functions from the Host Computer:
Change the controller state (Remote, Auto, Manual).
Displaying calculated values at the Operator Station CRT.
The ability to write messages to the Operator Station CRT.
Execute a read/write to controller parameters (tuning constants, remote setpoint, high/low scaling, etc.)

SERVICES

General Description

The Vendor’s services shall include all engineering and project management to be incurred by the Vendor in fulfilling the requirements of this specification. The vendor shall provide as an option the cost for software configuration.

Project Management
Project Management services shall be provided for the duration of the project.
The Project Manager shall provide one point of contact on all matters affecting the project between IPE and Vendor. He shall be responsible for ensuring all aspects of ’s requirements are met including but not restricted to:
Planning and scheduling.
Monitoring and reporting.
Technical and contractual liaison.
Attendance at meetings.
Engineering Services and Training
The Vendor shall include in the quotation charges for training of ’s engineers and operators on the configuration, programming, and operation of their system along with a recommended training program. Also included in the quote should be the cost for maintenance training.
As part of the engineering services the Vendor shall quote the cost of configuring of the system. Configuration drawings and function block diagrams shall be furnished by the vendor. Loop diagrams shall be provided by IPE. Vendor should include examples of worksheets in the quote that are required for the configuration of the system.
Documentation

Vendor shall include a list of the publications that are available and needed for the operations and maintenance of the Vendor’s system. Vendor shall show the number of copies to be provided with the Base system and the cost for each additional copy above their Base System number. The documentation included on the list shall meet the following minimum requirements:

It shall be of a coherent structure, consistent from one document to the next. Documents shall be fully indexed and cross referenced.
The issue number and date of issue of shall be stated on each page of each document. Changes from previous issues shall be clearly identified.
Documentation shall be provided to meet the needs of various system users, i.e. operators, engineers, maintenance technicians. Documentation may consist of a combination of published manuals and special–to–project publications.
The applications engineer’s manual shall describe all the facilities required to implement and modify all the configurable system functions at all levels of application.
The maintenance technicians manual shall include the following:
Equipment startup/shutdown procedures
Routine maintenance procedures
Routine preventive maintenance procedures
Online and offline diagnostic/testing procedures
Normal value range analog and digital indicators
Normal and trouble condition of all indicator lights
Location of all voltage test points and nominal values
Reference to interpret the meaning of all status codes and alarms
The operator’s manual shall describe in detail the operator interface and procedures for utilizing all his facilities for information retrieval, data entry, and control.
A hardware manual shall include the following:
Complete bill of material for all purchased items
Design philosophy
Description of the hardware configuration
Description of operation including operation of each component board
Equipment specifications
Wiring details and I/O schedules
Details of cabinet layouts
Power supply and distribution details
Equipment drawings
Circuit diagrams for all boards
Details of all interfaces to other vendor’s equipment
Spare parts information
Where the computer and foreign device interfaces are programmable or configurable, a manual shall provide clear, complete written documentation on the following:
Design philosophy.
Technical description of the software/configuration.
Language in which the program is written.
System flowcharts and dataflow diagrams.
A well annotated program/configuration listing.
A description for program linkage, including activation modes, parameters passed, and termination mechanisms.
A definition of data structures (internal and external) used.

System utilities for documenting the contents of the system and managing its development.
Software/configuration loading, backup, and downloading procedures.
Software/configuration diagnostic aids, performance monitoring utilities.
A list of all alarms and messages produced by the software or configuration.
Initialization/restart requirements.

Project Schedule

During the project, the Vendor shall provide a schedule of fabrication, system initiation, debugging, testing, issue and approval of documentation, etc. This schedule shall contain all the milestones from contract award to successful completion of the project. It should be updated and maintained as the project proceeds.

Shipment
IPE shall formally authorize shipment based on successfully completed acceptance testing and repair or correction of errors within the system’s product specifications. Based on the above, ’s Project Manager shall sign a document authorizing shipment.
The vendor shall be responsible for the following:
Crating and loading.
Insurance.
Complete shipping instructions will be furnished by IPE at a later date.
Delivery

The system delivery shall be made in accordance with the agreed project schedule. The Vendor shall be responsible for maintenance of the system until successful completion of acceptance tests at the plant site. Vendor shall price storage in the event of construction delays.

Maintenance

Single source maintenance is preferred. The Vendor shall provide the following:

List of recommended spare parts and prices.
List of recommended test equipment and prices.
List of special maintenance tools and prices.
Services and cost provided by vendors local maintenance for maintenance personnel.
Consultation Services

The Vendor shall provide consultation services for contract administration and specific technical questions relating to formatting of displays and configuration of control logic.

“On Demand” Technical Assistance

Technical Assistance shall be available via an 800 telephone number. This number shall be staffed 7 days a week, 24 hours a day to provide emergency technical support, with the expectation that this service will be used predominantly during normal weekday working hours. The Vendor’s technical assistance center shall be adequately staffed to ensure that issues begin to be addressed within 4 hours from initial call, by personnel considered to be expert in the area of concern.

Detail Configuration and Layout

Cabinet layout and assignment of each piece of instrument hardware shall be provided by Vendor.

ACCEPTANCE TESTING

General
Thirty days prior to the acceptance test period, the Vendor shall provide written notification to IPE of the acceptance test scheduled and include all details of the procedure. The acceptance test shall demonstrate to the satisfaction of IPE, that the system performs all functions as described in its product specification. All testing designated by the Vendor as acceptance testing shall take place in the presence of IPE to be witnessed by the Vendor.

All system hardware, peripherals, etc., used for acceptance testing shall be complete as specified and shall be the actual equipment to be shipped to the jobsite.
Full payment of monies shall not be made until all tests are successfully completed and approved by the Owner’s Engineer.
Records of all the testing shall be available for review by the Inspector.
Manufacturer’s Test
The test shall be designed to demonstrate that the portions of the DCS supplied by the Vendor shall perform their specified functions. A one week burn–in period for all components shall precede the start of the performance test. The test shall demonstrate the performance and accuracy required by the DCS specification.
Static and/or dynamic simulation inputs and outputs shall be used to satisfactorily prove all subsystems. Vendor shall quote as an option any computer–assisted simulation capabilities. Standard manufactuer test procedures shall be used to verify all system functions and specifications.
System hardware testing shall cover the following areas:
Visual inspection of all components, including wiring, hardware location, access, and proper labeling, and physical assembly.
Continuity check of termination panels and interconnecting cables.
AC and DC power checks
Proper operation and switching of backup devices.
Proper operation of the communication network under a simulated load.
Diagnostic checks on all devices.
System software testing shall cover the following areas:
Load and verify all devices and databases for physical presence and proper linkage.
performance, and software functions.
Check communications for proper operation and monitor for excessive transmitting/receiving errors.
All deficiencies and problems that arise during testing shall be corrected by the vendor prior to the Factory Acceptance Test.
A portion of the test will be run at the highest temperatures defined in the DCS specification, to ensure that the system performs satisfactorily under the environmental conditions required by the DCS specification.
Factory Acceptance Test

The IPE factory acceptance test shall not proceed until the Owner’s Engineer approves the results of this manufacturer test.
It shall be the responsibility of the Vendor to provide a suitable site for acceptance testing. Also, the Vendor shall provide any necessary test equipment and simulation facilities required for demonstrating Input/Output signals, equipment interfaces, etc. The site and facilities to be used for acceptance testing shall be approved or disapproved by IPE prior to written notification of the acceptance test schedule.
The Vendor shall provide any necessary personnel to:
Review acceptance test criteria.
Schedule and arrange test facilities.
Demonstrate the system according to the acceptance test criteria.
Analyze and interpret test results for IPE personnel.
Provide immediate assistance in case of system malfunctions during the acceptance test period.
IPE will provide or contract the personnel for the acceptance testing.
Each I/O point shall be tested by injection or reading a signal at the termination assembly. Smart transmitter points shall be tested for both input and communication. Signal input and output characterization shall be verified.
Hardware testing will verify the operation of redundant devices. Redundant devices will be tested by removal, disconnection of power, or manual failure of the redundant device. The following devices shall be tested:
Redundant power supplies
Controller Redundancy
I/O Processor Redundancy
Communication network redundancy
Problems

If problems or malfunctions develop in any part of the system during the acceptance test period, it shall be at the sole discretion of IPE to determine if corrections shall be made at the Vendor’s facility or jobsite.

Jobsite Acceptance Test

The vendor shall conduct a test of the system as soon as it has been installed at the jobsite in its final configuration. This test shall be a repeat of the factory acceptance test. This test shall be a major contractual hold point.

Commissioning Field Assistance

Vendor shall quote charges for assistance for field checkout and commissioning by a qualified company representative.

Availability Test
This test shall demonstrate that the system can perform the necessary system functions and meet the specified availability requirements. The test shall be performed after the completion of the Jobsite Acceptance Test and Commissioning.

The availability test shall be considered successful with performance of 99.9% availability within a continuous 1,000–hour period.
The system shall be considered available when all the following are true:
A hardware failure does not result in the complete loss of any system or process function.
No more than one Controller, I/O, or PLC fails at the same time.
Display and control of process devices can be undertaken from three of the four CRT’s in any given Operator Console.
There is no loss of the alarm logging function.
A test restart from time 0 shall be necessary when the total downtime in a 1,000–hour period exceeds 1 hour. For the purpose of this test, downtime includes the time taken to diagnose and repair a problem, but does not include any travel time.
When a system becomes unavailable, the test shall be terminated and restarted only after corrective action has solved the problem. Temporary fixes are not acceptable for the continuance of the test. All software/firmware errors and failures shall require the test to be restarted.
If the Operator has to interrupt the test because of a failure of the process equipment, the availability test shall stop and the accumulated time shall be recorded. On restart, the availability test shall continue from the time at which it was stopped.
Software Quality Assurance
The Vendor shall establish a Software Quality Assurance (SQA) group for the purpose of performing software tests beyond those normally performed by programmers. Program tests generally demonstrate whether the software does what the programmer intended. SQA tests determine whether the software does what the system needs.
The SQA group shall use benchmark programs for functional evaluation as well as system simulation for specification conformance, language deviation, error handling, implementation dependent characteristics, measurement of code densities, and operational speed requirements.
The SQA group shall keep a software error log (SEL). This shall be used to record occurrence, solution and corrected resolution.
Upon satisfactory completion of hardware tests, the programs shall be loaded and all programs demonstrated for compliance with the Practice. Where required to demonstrate the computation and/or real time capability of the system (e.g., plant performance calculations, data acquisition programs), suitable simulation equipment and techniques shall be provided by the Vendor.
Diagnostic Testing
The DCS shall integrate self–diagnostics into each of the functional drops distributed across the communications network as well as system communications testing that measures performance of the communications network with respect to the individual units. The self–diagnostics are to perform the basic testing of the internal functions of the units so as to complement the standard alarm functions. These self–diagnostics shall run during normal functioning of the control system and in a manner so as not to interfere with the real time performance of the units in the system.

The Vendor shall demonstrate the operation of all diagnostic and maintenance tests provided with the system. Errors shall be simulated to demonstrate the capability of the system to detect and report errors. Capability of the system to remain in operation during corrective maintenance work shall be demonstrated.
EMI/RFI Testing
The application of EMI/RFI protection components or configurations such as filtering shielding, minimal physical discontinuities and bonding shall be employed. This includes unit construction and packaging design to ensure easy serviceability and also that the integrity of EMI/RFI features, such as screening and gasketing, shall not be degraded during normal maintenance conditions.
Test for RFI shall be conducted using two “walkie–talkie” type high frequency portable transmitters. One shall be in the 26/28 MHz range. One shall be in the 460 MHz range. These units typically generate 2/5 watts of output power.
SAMA std. PMC 33.1 provides a method for classifying the degree of RFI susceptibility of process control instrumentation. All devices for this specification shall be shielded to a rating: Class 2 - abc: 0.5% span.

© 2026 Inflection Point Engineering, LLC. All rights reserved. The content of this page — including calculation methods, reference data, written analysis, interactive tools, and source code — is the intellectual property of Inflection Point Engineering, LLC and is protected under applicable copyright, trademark, and trade secret laws. Unauthorized reproduction, redistribution, modification, or derivative use in whole or in part is prohibited without prior written consent.

Disclaimer. This material is provided for informational and educational purposes only and does not constitute professional engineering advice. Calculations, reference data, and methodologies are based on published standards and accepted engineering practice but are not a substitute for engineering judgment, site-specific analysis, or review by a licensed Professional Engineer. Inflection Point Engineering, LLC makes no warranties, express or implied, regarding the accuracy, completeness, or fitness for a particular purpose of any content presented here, and shall not be liable for any direct, indirect, incidental, or consequential damages arising from its use. Users assume all risk associated with applying this content to real-world design, operations, or decisions.