Sei sulla pagina 1di 29

FUNCTIONAL SPECIFICATION

DISTRIBUTED CONTROL SYSTEM

20149.EQP.STA.FUN REV. 0 DECEMBER 1994

ISSUE

PBM

STIE

STIN

SEPT. 95

REV.

DESCRIPTION

PREP.D CHK.D APPR.D DATE

Il presente documento RISERVATO ed di propriet dell'AGIP. Esso non sar mostrato a Terzi n sar utilizzato per scopi diversi da quelli per i quali stato inviato. This document is CONFIDENTIAL and the sole property of AGIP It shall neither be shown to third parties nor used for purposes other than those for which it has been sent

20149.EQP.STA.FUN Rev. 0 December 94 Sheet 2

FOREWORD Rev. 0 Total number of pages 29 December 1994 Issue in conformity with the E.E.C. directives This specification replaces and supersedes the following specification: 03390.CMP.STA.SPC. "DISTRIBUTED CONTROL SYSTEM".

Il presente documento RISERVATO ed di propriet dell'AGIP. Esso non sar mostrato a Terzi n sar utilizzato per scopi diversi da quelli per i quali stato inviato. This document is CONFIDENTIAL and the sole property of AGIP It shall neither be shown to third parties nor used for purposes other than those for which it has been sent

20149.EQP.STA.FUN Rev. 0 December 94 Sheet 3

TABLE OF CONTENTS 1. 1.1. 1.2. 1.2.1 1.2.2 1.2.3. 2. 2.1. 2.2. 2.3. 2.4. 2.4.1 2.4.2 2.4.3 2.5 2.5.1 2.5.2 2.5.3 2.6. 2.7. 2.8 2.8.1 2.9 2.10. 2.10.1. 2.11. 2.11.1. 2.11.2. 2.11.3. 2.11.4. 2.11.5. GENERAL Scope Normative references European, national and international normative references Normative references from other Organisations Internal normative references FUNCTIONAL NORMATIVE REQUIREMENTS Definitions Symbols and abbreviations Operative environment Functional Requirements Functions of the system Structure of the system Software of the system Boundary conditions, limits and exclusions Interconnections Interfaces with other systems Integrated ESD system Ergonomics Safety Non repetitive functional requirements Telecontrol functions Requirements for Quality Management and Assurance Additional requirements for review Tests and inspections Documentation Documentation with the tender Documentation for approval Documentation to be used by the Company for the plant design Test documentation Final technical documentation

Il presente documento RISERVATO ed di propriet dell'AGIP. Esso non sar mostrato a Terzi n sar utilizzato per scopi diversi da quelli per i quali stato inviato. This document is CONFIDENTIAL and the sole property of AGIP It shall neither be shown to third parties nor used for purposes other than those for which it has been sent

20149.EQP.STA.FUN Rev. 0 December 94 Sheet 4

1. 1.1.

GENERAL Scope This specification sets out the minimum requirements for the design, fabrication and testing of a Distributed Control System for hydrocarbons production and treatment plants. For all the aspects not covered by this specification, reference is made to the applicable Normative references and to the project technical documentation, and in particular to: Technical Data Sheet (T.D.S) Inspection Data Sheet (I.D.S.) Requested Documentation Data Sheet (R.D.D.S.), which shall indicate the project data and the special choices made. The technical requirements of this Functional Specification are based on considerations relevant to performances and efficiency. All the requirements refer therefore to objective logic and then cannot be discriminatory. Any proposed alternative shall be evaluated if its operative and performance validity, as requested by this document, is demonstrated.

Il presente documento RISERVATO ed di propriet dell'AGIP. Esso non sar mostrato a Terzi n sar utilizzato per scopi diversi da quelli per i quali stato inviato. This document is CONFIDENTIAL and the sole property of AGIP It shall neither be shown to third parties nor used for purposes other than those for which it has been sent

20149.EQP.STA.FUN Rev. 0 December 94 Sheet 5

1.2

Normative references The Normative references and the Publications relevant to the Distributed Control System are listed here below. As far as applicable, a priority reference shall be given to the EN normative references and to the CENELEC harmonisation documents or, in their absence, to the international, ISO, IEC, and to the national ones, CEI, CEI/UNEL, UNI. The requirements of Laws and Rules issued by the local Authorities or Legal Bodies, under which jurisdiction the plants shall be installed, shall be always respected.

1.2.1

European, International and National Normative references

EUROPEAN CENELEC

INTERNATIONAL IEC

NATIONAL CEI/CEI UNEL

TITLE ( NOTE 1 )

HD 384 EN 60439-1 () EN 60917 ()

364 439-1 () 917 ()

64-8 (note 2) 17-13/1 (note 2) 48-17

HD 528 S1 () EN 60529 () EN 50014 () EN 50020 () EN 50039() HD 481.1 () EN 801-2 () HD 481.2 ()

890 () 529 () ---

17-43 70 - 1

31-8

---

31-9

--801-1 () 801-2 () 801-3 ()

31-10

65-5

65-6

65-7

Electrical installations at nominal voltage up to and including 1,000 V a.c. or 1,500 V d.c. Low-voltage switchgear and controlgear assemblies. Part 1 : Type-tested and partially type-tested assemblies. Modular order for the development of mechanical structures for electronic equipment practices. A method of temperature-rise assessment by extrapolation for partially type-tested assemblies (PTTA) of low-voltage switchgear and controlgear. Degrees of protection provided by enclosures (IP Code) Electrical assemblies for potentially explosive atmosphere. General prescriptions. Electrical assemblies for potentially explosive atmosphere. Intrinsically safe i protection mode. Electrical assemblies for potentially explosive atmosphere. Intrinsically safe i electric systems. Electromagnetic compatibility for industrialprocess measurement and control equipment Part 1 : General Introduction Electromagnetic compatibility for industrialprocess measurement and control equipment Part 2 : Electrostatic discharge requirements Electromagnetic compatibility for industrialprocess measurement and control equipment Part 3 Radiated electromagnetic field requirements

Il presente documento RISERVATO ed di propriet dell'AGIP. Esso non sar mostrato a Terzi n sar utilizzato per scopi diversi da quelli per i quali stato inviato. This document is CONFIDENTIAL and the sole property of AGIP It shall neither be shown to third parties nor used for purposes other than those for which it has been sent

20149.EQP.STA.FUN Rev. 0 December 94 Sheet 6

European, International and National Normative references (cont.)


EUROPEAN CENELEC INTERNATIONAL IEC NATIONAL CEI/CEI UNEL TITLE ( NOTE 1 )

--HD 405. 1 S1 () ---

332 - 3 332 - 1 () 754

20 - 22

Tests on electric cables under fire conditions. Tests on electric cables under fire conditions. Part 1: Test on a single vertical insulated wire or cable. Electric cables - Test on gases evolved during combustion. Rubber insulated cables which do not propagate the flame and having a low emission of toxic and corrosive fumes and gases. International Electrotechnical Vocabulary.Automatic control. Element designation in electrotechnology. Preparation of documents used in electrotechnology Part 1 : General requirements. Recommendations for the preparation of electric circuit diagrams Preparation of documents used in electrotechnology. Part 3: Connection diagrams, tables, and lists. Graphical symbols for diagrams. Part 2: Symbols elements, qualifying symbols and other symbols having general application. Graphical symbols for diagrams. Part 7: Switchgear, controlgear and protective devices. Graphical symbols for diagrams. Part 8: Measuring instruments, lamps and signalling devices. Graphical symbols for diagrams. Part 13: Analogue elements Graphical symbols for diagrams. Part 12: Binary logic elements

20 - 35 20 - 37

------EN 601082-1 () HD 246.4

--50-351 750 1082-1 () 1082-2

20 - 38 ----3-36 3-33

---

1082-3 617 - 2 ()

---

3 - 14

---

617-7 () 617-8 () 617-13 () 617-12 ()

3-19

-------

3-20 3-24 3-26

Explanation notes for tables in paragraph 1.2.1 1) The titles of the IEC Publications, when these are correspondent to the CEI and CENELEC normative references, are the translation of the relevant original titles. 2) Normative references with minor modifications with respect to the IEC Publication. 3) The normative references and the publications with the indication() are fully correspondent to the CEI national ones. Differently, the treated matter is identical, but the requirements can be different. 4) When required, the symbology contained in ISA S5.1 and ISA S 5.2, listed in paragraph 1.2.2. shall be utilised for the execution of logic diagrams.

Il presente documento RISERVATO ed di propriet dell'AGIP. Esso non sar mostrato a Terzi n sar utilizzato per scopi diversi da quelli per i quali stato inviato. This document is CONFIDENTIAL and the sole property of AGIP It shall neither be shown to third parties nor used for purposes other than those for which it has been sent

20149.EQP.STA.FUN Rev. 0 December 94 Sheet 7

European, International and National Normative references (cont.)

EUROPEAN CENELEC

INTERNATIONAL NATIONAL IEC CEI/CEI UNEL

TITLE ( NOTE 1 )

---------

6385 3511 --5167 - 1

----CNR-UNI 10003 CNR-UNI 10023

Ergonomic principles in the design of work systems. Process measurement control functions and instrumentation - Symbolic representation. Physic Units: S.I. International Unit System Rate measurements for fluid flows by diaphragms, nozzles and Venturi tubes. Rate measurements for fluid flows by diaphragms, nozzles and Venturi tubes,

1.2.2

Normative references from other Organisations Instrumentation symbols and identification. Binary logic diagrams for process operation. Annunciator sequences and specifications. Hardware testing of digital process computers. Manual and automatic station control, supervisory and associated telemetering. Electromagnetic susceptibility of process control instrumentation equipment.

ISA S 5.1 ISA S 5.2 ISA S 18.1 ISA RP 55.1 ANSI C 37.2 SAMA PMC 33.1

1.2.3

Internal Normative references

20140.EQP.STA.FUN "INSTRUMENTATION BOARDS"

Il presente documento RISERVATO ed di propriet dell'AGIP. Esso non sar mostrato a Terzi n sar utilizzato per scopi diversi da quelli per i quali stato inviato. This document is CONFIDENTIAL and the sole property of AGIP It shall neither be shown to third parties nor used for purposes other than those for which it has been sent

20149.EQP.STA.FUN Rev. 0 December 94 Sheet 8

2. 2.1.

FUNCTIONAL NORMATIVE REQUIREMENTS Definitions Reference is made to Normative references listed in paragraph 1.2 for definitions and terminology. The followings definitions are used, too: a) Operator's station Unit where the information are centralised, able to process sequences and supervision programmes, and acting as interface between the peripheral units and the operator. b) Operator's console Man/machine interface unit for the control of the plant, able to process data from other units. c) Local operator's video terminal Man/machine local interface unit connected to a peripheral unit for processing data for the visual display of process parameters and plants associated logic. d) Acquisition data remote terminal unit (RTU) Section of the system monitored by one or more operator's stations (or operator's local video terminals) through a data communication line, acting as interface with the plant and able to execute logic for the local control. e) Data interface system Intermediate unit able to commute signals and messages between the stations of the system and stations of external systems. f) Unit Section of the system made by an hardware and software integration able to operate autonomously in conformity with the requirements of the system configuration. g) Communication lines Physical connections among the units of the system for communications and data exchange. h) Communication protocol Specifications and procedures for the structure of the messages exchanged among the units.

2.2.

Symbols and abbreviations Reference is made to Normative references listed in paragraph 1.2.1 for symbols and abbreviations.

Il presente documento RISERVATO ed di propriet dell'AGIP. Esso non sar mostrato a Terzi n sar utilizzato per scopi diversi da quelli per i quali stato inviato. This document is CONFIDENTIAL and the sole property of AGIP It shall neither be shown to third parties nor used for purposes other than those for which it has been sent

20149.EQP.STA.FUN Rev. 0 December 94 Sheet 9

2.3.

Operative environment The system shall be suitable for the environment conditions of the installation site. In detail, all the listed here below environment factors which can have influence on the life of materials and on safety shall be taken into consideration: minimum and maximum temperature; combined influence of temperature, humidity and contaminants (formation of condense); elevation above the sea level; presence of solids, sand, dust; presence of corrosive and polluting substances; formation of fouling or mildew; seismic effects; direct or indirect e lectric shocks; electromagnetic influences; installation in atmosphere with hazard of explosion and/or fire; mechanical stresses and vibrations (including violent impacts and harmonic type vibrations which could occur in the normal operation service).

Il presente documento RISERVATO ed di propriet dell'AGIP. Esso non sar mostrato a Terzi n sar utilizzato per scopi diversi da quelli per i quali stato inviato. This document is CONFIDENTIAL and the sole property of AGIP It shall neither be shown to third parties nor used for purposes other than those for which it has been sent

20149.EQP.STA.FUN Rev. 0 December 94 Sheet 10

2.4. 2.4.1

Functional Requirements Functions of the system The system shall be able to satisfy all the control and monitoring functions, providing the operator with all the instruments necessary for a complete and correct management of the process control. The configuration of the system shall be designed to guarantee an high level of reliability and availability. Each component shall be replaced, in case of fault or malfunctioning, without affecting the continuity in the operations of the system. The maximum attention shall be paid in providing a selective distribution of the electric supply. The whole system shall have the maximum flexibility in being connected with other systems or for future extensions. The following main functions are required to the system: Data acquisition Visual display of the events (elements state and process conditions) Automatic continuous control of the process with the possibility of manual intervention on controllers and logic. Visual display of the plant's diagrams Pre-arrangement for the remote management of controls/supervision system. Management and process calculations and print of the reports. Historical record of data. Transmission of data to external systems. Self-diagnostic Automatic selection of the off-service sections of the system and automatic insertion of the relevant stand-by units (if any). The stand-by units shall be indicated in the Data Sheet. Initial loading of the software by floppy disk or streaming tape. The system's units shall be connected to a data communication line. The configuration of the communication system shall be based on a hierarchical structure with several levels which shall guarantee the reliability of the data transmission. The configuration and the dimensions of the system shall allow the transmission of the data at the same time to the addresses of the various joints. The highest level of communication, identified by the high transmission speed, shall be provided for the interface with a remote supervision system, when required. The system or its units shall be managed in accordance with the following procedures: a) Local Supervision and Control (Manual) This procedure allow the management of the units of the plant by the operator with step by step sequences, the execution of start/stop instructions (for equipment, engines) and opening/closure instructions (for valves) and the acquisition and the visual display of the safety shut downs managed separately by the control system. b) Remote Supervision (Manual) It allows the management of the plant by the operator from the remote control centre, with step by step sequences, as per "Local Supervision and Control". c) Automatic Local It allows the management of the plant by the operator, by utilising instructions activating automatic control and management sequences.

Il presente documento RISERVATO ed di propriet dell'AGIP. Esso non sar mostrato a Terzi n sar utilizzato per scopi diversi da quelli per i quali stato inviato. This document is CONFIDENTIAL and the sole property of AGIP It shall neither be shown to third parties nor used for purposes other than those for which it has been sent

20149.EQP.STA.FUN Rev. 0 December 94 Sheet 11

With this procedure the intervention of the operator shall be required only for special operations conditions. d) Automatic Remote It allows the telecontrol through sequences activated with macro instructions operated from the remote Operative Centre to which the system is connected by the data network used to transmit to the Centre all the information relevant to the operating conditions, production and maintenance of the plant. This operative procedure allows, therefore, the management of the plant by the operator with procedures defined time by time on the basis of the requirements for operating the plant, as, for instance:

macro instructions/sequences for the control of equipment and elements. input of parameters for an automatic operating/maintenance management.

2.4.2

Structure of the system The structure of the system, the data relevant to its configuration and the required performances shall be indicated in the Technical Data Sheet. All the possible solutions to optimise and integrate the configuration of the system shall be verified and proposed during the development of the design. The structure shall be designed on the basis of the following main fixtures: Interface of the operator with both on-line and off-line functions for the configuration, visual display, control and filing of data Interface unit with the process and the data acquisition Communication system Interface unit with the supervision system Electric supply Boards and containers. All the system, however, shall be designed taking into account the following characteristics: Electromagnetic compatibility with outside interference towards the system and vice versa. Modularity and flexibility such to permit the adaptation of the system to restrains given by the plant and allow its future extension. High availability through the utilisation of reliable components and stand-by units for the equipment. Facility in the identification and replacement of fault parts. Real-time operative systems and totally tested software. Hierarchical distribution of the control functions. Integration of the automation and safety functions (for a system complete with ESD "Emergency Shut Down") Data Base and application software easily configurable with guided and interactive procedures. Access to communication via externalsystems with upper hierarchical level.

Il presente documento RISERVATO ed di propriet dell'AGIP. Esso non sar mostrato a Terzi n sar utilizzato per scopi diversi da quelli per i quali stato inviato. This document is CONFIDENTIAL and the sole property of AGIP It shall neither be shown to third parties nor used for purposes other than those for which it has been sent

20149.EQP.STA.FUN Rev. 0 December 94 Sheet 12

A typical schematic configuration of a Distributed Control System is shown in fig. 1 here below:

Figure 1: Typical configuration of a Distributed Control System

Il presente documento RISERVATO ed di propriet dell'AGIP. Esso non sar mostrato a Terzi n sar utilizzato per scopi diversi da quelli per i quali stato inviato. This document is CONFIDENTIAL and the sole property of AGIP It shall neither be shown to third parties nor used for purposes other than those for which it has been sent

20149.EQP.STA.FUN Rev. 0 December 94 Sheet 13

2.4.2.1

Operator's interface The operator's interface shall have at least two stations (one in stand-by), each able to display visually the process parameters and to guarantee to the operator the management and the control of the plant. A typical operator's station shall include: Colour 19" monitor Facilities (mouse, track ball, touch screen) Operative keyboard Alphanumeric configuration keyboard Printer

When required, the operator's station shall include also a panel or a console, with lamps and push buttons for the signals and the activation of the emergency sequences, and a configuration station. The operator's interface shall be provided at least, in its configuration, with the possibility to insert an additional operative station and a printer to connect directly to the data line of the system. It shall be designed such that a single back-up station shall be able to guarantee the whole operability of the system for off-service or non operability of the normally operating one. From the operator's station it shall be possible to access all the data of the plant suitably grouped in video pages displayed on a colour monitor. The types and the quantity of the video pages required shall be defined in the project documents on the basis of the following information: a) Overview pages They give to the operator a general and immediate overview of the operative conditions of the plant, by displaying visually any alarm situation of the process variables (deviation and/or out-of-range) with interactive references to the detail pages. b) System pages They display visually all the units connected to the data communication line and representing the system joints, with the real-time indication of the operating state of the equipment (main/back-up, fault) and of the diagnostic messages. c) Group pages They allow the normal control operations by the operator. The selected page shall be identified on the monitor by a plant unit's number and title. The characteristics to be visually displayed for the required control shall be specified time by time in the project documents. d) Detail pages They display the information relevant to a selected point with a complete description of the service. This type of page shall contain all the detailed information with additional data, as range limits, alarm threshold, etc. In addition, they shall allow to operator the quick access to the manual/automatic control stations and make possible, thanks to the keyboard and the utilisation of codes or access selectors, the modification of parameters and data relevant to the examined points.

Il presente documento RISERVATO ed di propriet dell'AGIP. Esso non sar mostrato a Terzi n sar utilizzato per scopi diversi da quelli per i quali stato inviato. This document is CONFIDENTIAL and the sole property of AGIP It shall neither be shown to third parties nor used for purposes other than those for which it has been sent

20149.EQP.STA.FUN Rev. 0 December 94 Sheet 14

e) Trend pages They display the recorded process variables. Each of these variables can be selected for the reading of the real-time or historical data. Each page shall be updated in real-time with the newly acquired process values. f) Alarms pages In these pages, the display of the alarm state of a variable shall be automatic with an optical and an acoustical indication. Suitable summary pages shall be programmed with the indication of the last 10 alarms, in order of occurrence. The following information shall be displayed for each alarm: day, hour, minutes and seconds of occ urrence; identification tag of the Data Base point relevant to the alarm signal; description of the service; alarm type.

The priority levels and the characteristics needed for their configuration shall be indicated in the Technical Data Sheet. g) Synoptic pages They display graphically the process lines and the equipment with the relevant instrumentation. Each of them shall be organised to display at least: measure value for each analogue variable state of equipment, pumps, valves, etc. alarm for analogue or digital variables. The equipment in the Operator's interface shall have the following characteristics: Printers Printers and video copiers for the man/machine interface functions shall be of the serial type. Calculation and filing unit The calculation and filing unit shall process the data acquired from the interface modules and shall record on tape the parameters for which the historical file is required. Local operator monitor The operator's stations can be utilised for the local management of the plant or its areas with specific function of local control substation, on the basis of the control strategy. The operator's console may be replaced by a 19" colour monitor operating as terminal for the calibration and maintenance procedures, on the basis of the quantity of signals to be controlled from the local control substation.

Il presente documento RISERVATO ed di propriet dell'AGIP. Esso non sar mostrato a Terzi n sar utilizzato per scopi diversi da quelli per i quali stato inviato. This document is CONFIDENTIAL and the sole property of AGIP It shall neither be shown to third parties nor used for purposes other than those for which it has been sent

20149.EQP.STA.FUN Rev. 0 December 94 Sheet 15

2.4.2.2

Process interface unit These units are directly linked to the field instruments (as, for instance, transmitters, valves, pressure switches, etc.) with the scope to control the process and to generate start and stop sequences both in normal operating conditions and in absence of communication with the operator's station. Each interface unit shall be able to acquire from the field inlet signals of different type (analog, state and/or computation digital), and to activate towards the process digital and analog outlets. The inlet and outlet signals shall be of the intrinsically safe or non-intrinsically safe type, as per the classification of the relevant plant's area. All the signals, however, shall be galvanically insulated from the system. The I/O cards shall be protected against short circuits, transients, overvoltages and disturbance from radio frequencies. Acquisition cards with different back-up levels, as defined in the Data Sheet, shall be provided for the control analogue signals and for the shut down ones. The instructions cards shall be able to pilot solenoid valves and any other field actuator. Suitable relays shall be provided for insufficient rate. The opportunity to associate one or more units to each area, or more areas under the same unit, shall be evaluated, on the basis of the number and functions relevant to each plant's area and of the interdependence among the areas. Some units shall be located in field cabins or buildings with the function of local subsystem, on the basis of the extension of the plant (or plant's areas). The data processing units shall be provided with a back-up power supply network. Each single controller shall work at 70% of its capacity. The quantity and type of inlet/outlet signals, necessary for the dimensioning of the unit's acquisition, control and back-up modules, shall be defined in the technical data sheet.

2.4.2.3

Communication system The units in the system shall be interconnected by cables (bus) to form a data communication network. The physical exclusion or insertion of an unit (joint) shall not compromise the traffic of signals on the same line, which shall maintain the required characteristics. The interface modules in the communication and data exchange system shall be provided with back-up units. The physical supports (cables) for the communication bus among the joints shall be backed-up, with automatic commutation from one line to the other for any failure or malfunction.

2.4.2.4

Interface units with the supervision system The communication system shall be able to interface with the supervision equipment by means of interface units (gateways, bridges) in the data communication lines.

Il presente documento RISERVATO ed di propriet dell'AGIP. Esso non sar mostrato a Terzi n sar utilizzato per scopi diversi da quelli per i quali stato inviato. This document is CONFIDENTIAL and the sole property of AGIP It shall neither be shown to third parties nor used for purposes other than those for which it has been sent

20149.EQP.STA.FUN Rev. 0 December 94 Sheet 16

2.4.2.5

Electric power supply The electric power supply, provided by a continuity system, shall be defined by the following parameters of the control system: Number of supply circuits Total power absorbed by the system and its main components Peak power required Power dissipated by the system Maximum period of time with lack of power which does not shut down the system.

The power supply circuits, properly equipped with switches, circuit breakers and fuses to guarantee the selectivity of the performances and the insulation, shall be provided for all the components and units of the control system. The power supply to the most important units, as the operator's station, the control units, CPU and I/O, shall be backed-up. 2.4.2.6 Boards and enclosures Boards and enclosures for the electric/electronic equipment shall comply with the Normative references listed in paragraph 1.1. and with the functional specification 20140.EQP.STA.FUN "INSTRUMENTATION BOARDS", which indicates all the mechanical and electric fabrication requirements.

Il presente documento RISERVATO ed di propriet dell'AGIP. Esso non sar mostrato a Terzi n sar utilizzato per scopi diversi da quelli per i quali stato inviato. This document is CONFIDENTIAL and the sole property of AGIP It shall neither be shown to third parties nor used for purposes other than those for which it has been sent

20149.EQP.STA.FUN Rev. 0 December 94 Sheet 17

2.4.3

System software The system software shall be developed on a modular base and distributed to all the units of the system, to reduce the risks of off-service conditions and optimise the functions. The central data processing and management units shall be configured as per the following software areas: Basic software of the operative system Diagnostic software Application software. If not otherwise required, each single software area shall be freely developed, provided that the achievement of the functional requirements is guaranteed.

2.4.3.1

Basic software (real time) The basic software of the operative system shall: be oriented towards real time applications for the process control support the multitasking and multiprocessor func tions manage the communication network through interface task guarantee the support and complete management of the peripheral units.

2.4.3.2

Diagnostic software The diagnostic software shall verify the operation status of equipment and software of the unit. In detail: verify dynamically the points configured in the Data Base (value, state and address) verify the state of the electronics at the level of each single card and module monitor and verify the measurements acquisition channels address failure and malfunctions messages for a clear and univocal identification of the interested element.

In addition, the following software shall be provided: On-line diagnostic This software shall operate continuously on all the parts on-line of the system. It shall have, as primary objective, the detection of operation anomalies, the evaluation of their gravity, the transmission of suitable alarm messages to the operator, and the implementation of suitable actions, as: exclusion of the fault equipment, commutation on the back-up equipment (if any), re-addressing of the functions on other peripheral units, etc. The diagnostic software, in addition to the detection of all the critical failures in the system, shall configure dedicated messages to be transmitted to the maintenance remote units. They shall also configure messages relevant to anomalies, malfunctions and failure in the monitored plant's equipment (fault signals from power suppliers, cards, barriers, solenoid valves, etc.).

Il presente documento RISERVATO ed di propriet dell'AGIP. Esso non sar mostrato a Terzi n sar utilizzato per scopi diversi da quelli per i quali stato inviato. This document is CONFIDENTIAL and the sole property of AGIP It shall neither be shown to third parties nor used for purposes other than those for which it has been sent

20149.EQP.STA.FUN Rev. 0 December 94 Sheet 18

Off-line diagnostic This software is applied to the units off-line from the system and the other equipment. Its scope is to detect the reasons of the failure or the defect in the sub-system. A system of diagnostic programmes, which will allow to test all the components of the system, both one by one and as a complex, shall be provided for each sub-system. They shall be resident or can be loaded from floppy disk. 2.4.3.3 Application software This software shall update the Data Base in the operator's station with the dynamic data from the plant. In addition to the acquired data and to the values of the analogue outlets, the Data Base shall include also all the standard calculated data and the generated calculated points (obtained from the manipulation of the standard calculations). Each application software for the management of the system's functions shall have access to this Data Base. 2.4.3.4 Standard functions The system shall manage the data relevant to the values and the states of the points configured in the Data Base area with a series of standard functions to provide: a) b) c) d) e) Management of calculations Visual display and print of the alarms Management of the elements Instructions Filings

The characteristics of these functions are described here below: a) Management of calculations The calculations shall be carried out on analogue and digital points and shall generate calculated analogue or digital type points. The analogue calculations shall be carried out with a basic period configurable independently from the other calculations and from the acquisition period of the points giving a contribution, which shall be of the analogue acquired, standard and non standard calculated, types. The standard analogue type calculations shall be: Calculation of the rate as per Codes and standards referred to the project Real-time average values on a maximum of 6 contemporaneous measurements The 4 arithmetical operations between two measures or etween b a measure and a constant value Real-time summation of several measures Operating period (hours) of a plant's element Count of the time period of events for measures, summations and alarms, and on Hourly/Daily/Weekly/Monthly basis for: Average, maximum and minimum value of a measure Integral of a measure Accumulation in the time of a measure.

Il presente documento RISERVATO ed di propriet dell'AGIP. Esso non sar mostrato a Terzi n sar utilizzato per scopi diversi da quelli per i quali stato inviato. This document is CONFIDENTIAL and the sole property of AGIP It shall neither be shown to third parties nor used for purposes other than those for which it has been sent

20149.EQP.STA.FUN Rev. 0 December 94 Sheet 19

The standard calculation of digital type shall be: function "OR" logic function "AND" logic function "XOR" logic with the following characteristics: calculated on changes of the considered points (acquired digital, standard calculated, non standard calculated) the calculation shall not be considered reliable when one of the points is considered unreliable. the calculation shall not be carried out on a value forced manually by the operator (out of scanning). b) Visual display and print of the alarms When not otherwise required, the management of the alarms shall be organised as follows: Detection of the alarm state Identification of the conditions for which a point is considered in alarm state. Generally, these conditions, for the alarms of the system, are: Acquisition anomalies Changes in the acquired value State change of an element It shall be possible to filter the data, to reduce the possibility of a configuration of alarms states due to special conditions originated by the operator. Management of alarms The alarm conditions shall be notified to the operators by visual display and print, as per ISA 18.1. A dedicated treatment may be associated to the priority level (acoustic signal, reference to the graphic operative page and/or start of the automatic intervention sequence). The priority levels and the treatment of the configured alarms shall be at least: Level 1: Level 2: Level 3: Level 3: Shut down/emergency alarms (from the ESD system) Out-of-range alarms Warning alarms Deviation from the fixed in advance alarms parameters.

Visual display of the alarms The alarms shall be visually displayed on the monitors of the station in proper dedicated pages, which shall be organised per plant's areas. The operator shall acknowledge the displayed alarms acting on a proper acknowledgement push button. The following parameters, at least, shall be displayed: Date and hour Error Code or Signal Tag Description Any numerical value.

Il presente documento RISERVATO ed di propriet dell'AGIP. Esso non sar mostrato a Terzi n sar utilizzato per scopi diversi da quelli per i quali stato inviato. This document is CONFIDENTIAL and the sole property of AGIP It shall neither be shown to third parties nor used for purposes other than those for which it has been sent

20149.EQP.STA.FUN Rev. 0 December 94 Sheet 20

Print of the alarms Each alarm event shall be printed in a row of the alarm print-out. If the dedicated printer is malfunctioning, the relevant data shall be transmitted automatically to the other printer. The data contained in the print-out row can be transmitted in parallel to other printers or required as files to be tape recorded. Filing It consists in the implementation of a file for alarms acknowledged by the operator, but still active. This file shall be ordered by time and continuously updated by the issue or cancellation of the alarm states. c) Management of the elements It is a function for the check of the state congruence of the plant's equipment and devices with the variation of the digital signals linked to them. The software logic, when an instruction has been transmitted, shall verify (after a programmable time interval) the congruence of the state of the addressed element with the feedback signals state. In case of discordance, the system shall issue an alarm signal, complete with all the characteristics associated to the relevant element. When required, the check for spontaneous variations of an element shall be provided, when the said element changes its state also in absence of any instruction addressed by the operator. The software shall also manage the digital signals for the protection of the equipment and relevant to the required alarm signals. d) Instructions The system shall manage the transmission of instructions towards the field interface units. These instructions shall be activated from the operative keyboard or video punters modifying in the Data Base of the system the state corresponding to the outlet digital signal. The success of the instruction shall be verified through the control of the final state. e) Filings The system shall provide a series of filing functions for the acquired points. These functions shall be essentially of two types:

historical type filing It allows to keep in the system memory, for a defined period, the history of a certain number of points in the Data Base. filing of events It allows to memorise a window of samples for a certain period before and after an event as, for instance, the intervention of an acquired or calculated digital.

Il presente documento RISERVATO ed di propriet dell'AGIP. Esso non sar mostrato a Terzi n sar utilizzato per scopi diversi da quelli per i quali stato inviato. This document is CONFIDENTIAL and the sole property of AGIP It shall neither be shown to third parties nor used for purposes other than those for which it has been sent

20149.EQP.STA.FUN Rev. 0 December 94 Sheet 21

2.4.3.5

Operator/plant interface functions These are functions interacting directly with the operator who shall operate through the operator's console or the local monitor. The main functions of this type are: a) operative automatic functions for the management of the plant; b) operative functions under request by the operato r for the management of the plant; c) service functions for updating the configuration of the points in the Data Base. Their characteristics are described here below: a) operative automatic function for the management of the plant Updating of the video pages Updating of points on the synoptic Visual display of the elements/equipment states Visual display and print ofevents Visual display and print of alarms Generation of print-outs

b) operative functions under request by the operator for the management of the plant Pages display A dedicated page with the alarms in a specific area of the plant can be displayed. The alarms, displayed by date and still active, shall be acknowledged by acting on a specific push buttons. The operator can utilise an instruction for the display of alarms already acknowledged but still active (starting from the meno recent). Video pages (synoptic and/or defined in advance pages) can be displayed by typing the code of the requested page. Transmission of instructions It shall be possible to transmit an instruction of analogue or digital type as follows: by selecting from the keyboard the element in the graphic display relevant to the object to which the instruction shall be transmitted and the instruction to be transmitted. by transmitting the instruction directly from the keyboard. Forcing of signals/measures (upon request by the operator) The operator shall have the possibility to force the value of a point in the Data Base: by selecting the type of analogue or digital point by inserting, by means of the keyboard or pointer, the tag of the point and the relevant value and/or state by displaying directly on the monitor the control windows by means of pointer and positioning the display on the relevant configured functions. Print-outs request The operator shall have the possibility to request a visual display and a print of all the print-outs relevant to the conditions of the plant.

Il presente documento RISERVATO ed di propriet dell'AGIP. Esso non sar mostrato a Terzi n sar utilizzato per scopi diversi da quelli per i quali stato inviato. This document is CONFIDENTIAL and the sole property of AGIP It shall neither be shown to third parties nor used for purposes other than those for which it has been sent

20149.EQP.STA.FUN Rev. 0 December 94 Sheet 22

c) Service functions for updating the configuration of the points in the Data Base. They shall refer mainly to the configuration of: Points of the system Print-outs Video pages Files Application software.

The characteristics which all the service configurations of the system have in common shall be: menu organisation on several levels with data insertion guided and monitored online. operative continuity of the system during the phase of data insertion and/or modification, by acting on a support structure which shall update the operative structure of the system only after the data congruence control. It shall be possible to modify the control software at the level of the single unit, leaving the interested joint on-line. The peculiar characteristics for each configuration function are described here below: Points of the system It shall be possible to add, modify or delete any analogue or digital point of the Data Base of the following types: Analogue acquired Analogue calculated Digital acquired Digital calculated Outlet digital Elements Real Entire Logic

The parameters which the function shall allow to configure shall have a permanent section containing all the data necessary for the identification the variable and a dynamic section linked to the values of the variable. In the Data entry phase, the parameters relevant to each point shall be visually displayed on the monitor by a spreadsheet. Print-outs The configuration, modification or deletion of all the print-outs of the system shall be feasible. The print-outs shall be obtained with programmes written in high level language which allows both to print in different formats the information relevant to the points of the Data Base (tags, descriptions, value/states, measurement units) and to refer to the filed data.

Il presente documento RISERVATO ed di propriet dell'AGIP. Esso non sar mostrato a Terzi n sar utilizzato per scopi diversi da quelli per i quali stato inviato. This document is CONFIDENTIAL and the sole property of AGIP It shall neither be shown to third parties nor used for purposes other than those for which it has been sent

20149.EQP.STA.FUN Rev. 0 December 94 Sheet 23

Video pages The addition, modification or deletion of video pages shall be feasible. The execution of these operations, totally protected by programming mistakes, shall not interfere with the on-line functions of the process. The protection shall be at different level both for the graphic type and the compilation and animation functions of the graphic pages managed directly from the operator's station. Interactive graphic procedures shall be utilised for the functions of graphic and/or semi-graphic configuration. The operator shall be able to draw, modify and/or delete directly on the monitor the graphic parts and to abilitate, replace and/or eliminate the existing video pages. The functions of configuration of the video pages shall make possible the preparation and updating of: Forms library (symbols library) Synoptic type video pages (with no pre-arranged structure) Pre-arranged structure video pages, as measurement trends, group pages, lists, histograms, etc. Files The function of configuration of the files shall allow the definition of the points to be managed and filed, in accordance with the following procedures: Historic file, to memoriseon file tapes the history of the Data Base points. Event file, to memorise a window of samples in a certain time period before and after an event (process, acquired or calculated). Application software programmes As application software programmes, are intended all those specific functions (calculation or not) necessary to the system to satisfy completely the requirements for the management of the plant and not provided in the standard calculation section. In order to answer to these necessities, the system shall manage two different types of application programmes: Application software programmes with pre-defined dedicated structure written in high level language, which shall be mainly utilised for the configuration of synoptic type video pages and print-outs. Application software programmes of generic type written in high level language utilising interface functions with the Data Base area. Its configuration functions shall be: definition of the application sof tware configuration of the calculation activities compilation software debugging

Each of the above functions may be executed with the system still on-line with no interference with any of the running functions. For the generic type application programmes, in addition, the confguratore shall carry out congruence controls to verify the exclusion of interference with other programmes (overlapped records of data, conflictuality, execution priority levels).

Il presente documento RISERVATO ed di propriet dell'AGIP. Esso non sar mostrato a Terzi n sar utilizzato per scopi diversi da quelli per i quali stato inviato. This document is CONFIDENTIAL and the sole property of AGIP It shall neither be shown to third parties nor used for purposes other than those for which it has been sent

20149.EQP.STA.FUN Rev. 0 December 94 Sheet 24

2.4.3.6

Process interface functions They are managed by the process interface unit and consist in a series of processes and controls based on the configuration and type of inlet and outlet signals. The acquisition and local control units shall operate independently from the central system, to which all the data necessary to the operator for the management of the plant's connected section shall be transmitted. The main functions, at least, shall be: Physical interface with the plant signals The physical interface shall be obtained with modules for the acquisition of inlet/outlet analogue/digital signals, which shall guarantee the insulation of the system's equipment and provide the conditioning, scanning, amplification and conversion (analogue to digital and vice versa) of the signals.

Execution of local scheduled process logic The management of the programmed control functions (sequences and controls) shall be configured in a module provided with non volatile but modifiable memory, able to allow the configuration of the application software programmes of the user through the video station of the local operator. In the configuration of the units as local control sub-station, the modules with control functions may be requested to carry out both the standard functions listed in paragraph 2.4.3.4. and the algorithms and the calculation functions indicated in the project documents.

Interface with other systems for the management of safety systems and/or other plants as, for instance, the electric power production and distribution plant The unit shall be able to manage, though proper modules, the transmission of data, via MODBUS/MODBUS extended, to other programmable logic systems. The interface shall be of the serial type, with speed programmable on electric standard defined in the data sheet.

Interface with a local network Communication cards provided with controller shall be utilised for the transmission and the exchange of information with the joints of the sub-system.

Il presente documento RISERVATO ed di propriet dell'AGIP. Esso non sar mostrato a Terzi n sar utilizzato per scopi diversi da quelli per i quali stato inviato. This document is CONFIDENTIAL and the sole property of AGIP It shall neither be shown to third parties nor used for purposes other than those for which it has been sent

20149.EQP.STA.FUN Rev. 0 December 94 Sheet 25

2.5

Boundary conditions, limits and exclusio ns This document shall be applied only to the Distributed Control System as unit up to the interface boards. Therefore, it does not apply to the field instrumentation, the ESD system, the Telecontrol and Supervision System, which functional requirements are not within the scope of this document. The following aspects shall be also taken into account, in function of the characteristics of the plant to be controlled, defined in the project documents:

2.5.1

Interconnections Whenever required, the Distributed Control System shall be supplied complete with all the cables for the interconnections of the interface boards with the electric equipment and packages, for the transmission of the field signals.

2.5.2

Interface with other systems During the design of the system, the interface with other computerised systems (as PLC dedicated to shut down functions) shall be taken into account, by interface with serial type communication ports, programmable with standard software language.

2.5.3

Integrated ESD system When an integrated system for the management of the safety and shut down functions is required, the control system shall be provided with suitable logs dedicated to the acquisition of these functions and the configuration (at Level 1) of the relevant alarms. The two systems shall be directly connected by the same bus, backed-up to guarantee the transfer of data (diagnostic, shut down and alarm) with priority with respect to the other units of the system. The operativity of the shut down functions (instructions and sequences) shall be protected by suitable access keys (insertion/exclusion/maintenance by-pass).

2.6

Ergonomics The architecture of the system, the assembly and the lay-out of the equipment shall reflect the ergonomics criteria and requirements stated in the Normative references (ISO 6385) and shall provide to the operators the maximum level of operability and functionality. The lay-out and the interfaces of the equipment (keyboards, printers, monitor and facilities) shall facilitate the intervention of the operator on the various video stations with simple movements. Any signalling and control facility, installed on the front of the boards, shall be positioned so that the correct identification and operability by the users is guaranteed.

Il presente documento RISERVATO ed di propriet dell'AGIP. Esso non sar mostrato a Terzi n sar utilizzato per scopi diversi da quelli per i quali stato inviato. This document is CONFIDENTIAL and the sole property of AGIP It shall neither be shown to third parties nor used for purposes other than those for which it has been sent

20149.EQP.STA.FUN Rev. 0 December 94 Sheet 26

2.7

Safety All the safety requirements indicated in the Rules and Laws for the prevention of accidents of the country where the plant is installed shall be applied. The separation of the conductors in accordance with their typology, as listed here below, and the different level of voltage shall be taken into account in the implementation of electric circuits: power and auxiliary a.c. and d.c. supply instruments supply analog and digital signals intrinsically safe circuits.

Proper earthing systems, both protection and operating, shall be provided, as indicated in the functional specification 20140.EQP.STA.FUN "INSTRUMENTATION BOARDS". 2.8 Non repetitive functional requirements The Distributed Control System, when required, shall provide the development of dedicated software programmes for the conversion, preparation and coding of the data to be transmitted to the Supervision and Telecontrol system, to be compatible with the telecontrol system and to guarantee the remote management. 2.8.1 Telecontrol functions The transmission equipment shall allow the supervision system to interrogate the various units to carry out the function of telecontrol and telemeasurement on logic/analog elements and variables allocated to the units of the control system. The characteristics relevant to the employed transmission supports, the distances among the modules and the geographical co-ordinates shall be indicated in the project documents. All the telecontrol functions shall be managed by the system with high level language application software programmes. They shall make possible: To read all the Data Base and write freely in the area allocated to the non standard calculated points (analogue and digital) To define own areas in the local Data Base to be used as temporary areas for the calculations To utilise automatically the printers of the operator's stations To verify timing, priorities and correct execution of the application software programmes. 2.9 Requirements for Quality Management and Assurance Requirements for Quality Management or Quality Assurance, where appropriate, are contained in the Specification enclosed in the Tender documents.

Il presente documento RISERVATO ed di propriet dell'AGIP. Esso non sar mostrato a Terzi n sar utilizzato per scopi diversi da quelli per i quali stato inviato. This document is CONFIDENTIAL and the sole property of AGIP It shall neither be shown to third parties nor used for purposes other than those for which it has been sent

20149.EQP.STA.FUN Rev. 0 December 94 Sheet 27

2.10. 2.10.1

Additional requirement for review Tests and inspections The Distributed Control System, and all its equipment and auxiliaries, extent of the supply, shall be made available for inspection, during and after their fabrication. All the tests and inspections shall be carried out by the Contractor or by his designated Representative. They shall be attended and approved by the Company's inspectors or authorised Representatives. All the equipment, the assistance personnel and whatever else necessary for the execution of the scheduled tests and inspections shall be provided by the Contractor. The tests and inspections shall be at least those indicated by the Normative references and/or listed in the Inspection Data Sheet. They shall be carried out in conformity with the procedures indicated in the relevant Normative references and with the following provisions:

The procedures for the tests required, but not specified in the Normative references, shall be indicated in the Inspection Data Sheet. The procedures for any other inspection and test, not specified in the Normative references and in this specification, shall be defined time by time. The type test for the auxiliaries shall be requested when they comply with the relevant Normative references. The Contractor shall verify that the test has been carried out and provide all the relevant documentation. The provisions for the type test shall be valid also for the acceptance tests of the auxiliaries, provided that they are submitted to the inspections listed in the Inspections Data Sheet.

The inspections and tests shall be carried out in accordance with the following classification:

Type test Acceptance test Special test.

All the relevant documentation, as copies of certificates, drawings, specifications, test procedures, cards prepared with the collected data, shall be made available to the Company for review. 2.10.1.1 Type test Scope of the type test is to verify the conformity of a specific product with the normative references and the original design. The execution of the type test shall be the complete responsibility of the Contractor. The test can be carried out on prototypes or equipment and/or components samples. Any approval of equipment and/or components similar to those included in the supply, as the prototypes, shall be of exclusive competence of the Company, which has the right to require any test selected among the type ones.

Il presente documento RISERVATO ed di propriet dell'AGIP. Esso non sar mostrato a Terzi n sar utilizzato per scopi diversi da quelli per i quali stato inviato. This document is CONFIDENTIAL and the sole property of AGIP It shall neither be shown to third parties nor used for purposes other than those for which it has been sent

20149.EQP.STA.FUN Rev. 0 December 94 Sheet 28

2.10.1.2

Acceptance test Scope of the acceptance test is to ascertain, through the review of documents and the execution of reduced but significant tests and inspections, the conformity to the technical requirements of the original design and the compliance with the Companys requirements. Any defect in the material or in the fabrication shall be detected by the acceptance test too. This test shall be carried out under the responsibility of the Contractor, on all the equipment of the Distributed Control System to be supplied. The test and inspections included in the Acceptance test shall be those listed in the Normative references and in the Inspection Data Sheet. In detail, the following activities shall be carried out: Visual and dimensional inspections Mechanical tests Electric tests Functional tests Hardware inspections Software review

The final shop acceptance test shall be carried out with all the boards and equipment interconnected. The signals from/to the field shall be simulated by simple devices connected to the terminal strips. 2.10.1.3 Special test They include all the tests and inspections not included in the type or acceptance tests, and that the Company may specifically require. The list of tests and inspections, and, when necessary, the execution procedures shall be indicated in the Inspection Data Sheet (I.D.S.) enclosed to the project specification. 2.10.1.4 Test procedures The control system shall pass with positive results the test indicated by the Rules and listed in the Inspection Data Sheet, and which shall be carried out in conformity wit the Contractor's procedures, approved and officially accepted by the Company. The following elements, at least, shall be contained in the procedure for each single test: execution procedure equipment and fixtures utilised acceptance criteria and limits, in compliance with the relevant Rules and the project documents part of the system or unit to which the procedure is applied.

Il presente documento RISERVATO ed di propriet dell'AGIP. Esso non sar mostrato a Terzi n sar utilizzato per scopi diversi da quelli per i quali stato inviato. This document is CONFIDENTIAL and the sole property of AGIP It shall neither be shown to third parties nor used for purposes other than those for which it has been sent

20149.EQP.STA.FUN Rev. 0 December 94 Sheet 29

2.11 2.11.1

Documentation Documentation with the tender a) Company's Data Sheet filled in any part and with attachments (if any). b) Information useful for the correct evaluation of the tender, as, for instance: information on the equipment type and Manufacturer's standard components dimensions and weight of boards an/or equipme nt and of the packing.

2.11.2

Documentation for approval The approval given by the Company to the documentation, if necessary, shall be relevant only to the formal review of the parameters indicated in the project documents.

2.11.3

Documentation to be used by the Company for the plant design The Contractor shall supply to the Company all the documentation necessary for the execution of the plant design and for the installation of the system, object of the supply.

2.11.4

Test Documentation The test documentation shall include at least the following documents: complete certification relevant to the type, acceptance and special tests. list of the executed inspections and tests, and description of the procedures and utilised instruments.

2.11.5

Final technical documentation The final documentation, with the exception of catalogues and publications provided by the Contractor and sub-Contractors (if any), shall include the following data: name of the Contractor name of the Company identification tag, defined by the Company title of the document reference to the Company's order.

The documentation shall be subdivided as follows: a) Design and installation instructions b) Operative instructions c) Maintenance instructions The inclusion of the description and the drawings in catalogues or publications provided by the Contractor will be accepted, provided that: the catalogues (or publications) shall contain all the data and the requested information in their final form; the catalogues (or publications) shall be relevant to the supplied types and the materials, object of the supply, are clearly identified among those shown in the document. The documentation submitted to the Company's approval shall be included in the final documentation, in the revision approved by the Company.

Il presente documento RISERVATO ed di propriet dell'AGIP. Esso non sar mostrato a Terzi n sar utilizzato per scopi diversi da quelli per i quali stato inviato. This document is CONFIDENTIAL and the sole property of AGIP It shall neither be shown to third parties nor used for purposes other than those for which it has been sent