Professional Documents
Culture Documents
COMMON REQUIREMENTS
I-CR-002
Rev. 1, December 1994
I-CR-002
Rev. 1, December 1994
CONTENTS
1. FOREWORD
2. SCOPE
3. NORMATIVE REFERENCES
2
2
4
5. FUNCTIONAL REQUIREMENTS
5.1 Control levels, distribution
5.2 SAS functions
5.3 Package integration and categorising
5.4 Man machine interface
5.5 Process and system alarms, events
5.6 Programming
5
5
6
9
10
12
13
6. SYSTEM REQUIREMENTS
6.1 Hardware
6.2 Software
14
14
15
ANNEX A
16
18
_______________________________________________________________________________
NORSOK Standard
1 of 20
I-CR-002
Rev. 1, December 1994
FOREWORD
This standard has been developed by the NORSOK Standardisation Work Group.
SCOPE
This standard covers functional and technical requirements and establishes a basis for
engineering related to Instrument Control and Safety System Design. This standard shall be
used together with I-CR-001, Field Instruments and I-CR-003, Installation of electrical,
instrument & telecommunication. It is the companies aim to utilise system vendors
standards in order to achieve the most cost effective solution, also considering LCC.
NORMATIVE REFERENCES
ISO 10418 Recommended practice for analysis, design, installation and testing of basic
surface safety systems on offshore production platforms.
EN 50081-2 Electromagnetic compability generic emission standard.
EN 50082-2 Electromagnetic compability generic immunity standard.
4.1
Definitions
SAS
_______________________________________________________________________________
NORSOK Standard
2 of 20
Figure 1
I-CR-002
Rev. 1, December 1994
_______________________________________________________________________________
NORSOK Standard
3 of 20
4.2
I-CR-002
Rev. 1, December 1994
SAS unit
Inhibit
Override
Supression of alarm
Alarm filtering
PDS
Abbreviations
ANSI
API
CCR
CPU
DnV
ESD
F&G
FAT
FB
FWP
HVAC
IEC
IFEA
IMS
ISA
ISO
LED
LER
MCC
MMI
NDE
NE
NPD
OLF
_______________________________________________________________________________
NORSOK Standard
4 of 20
OS
PCS
PDCS
PDS
PSD
RIO
RTD
SINTEF
T/C
SAS
UPS
VDU
LCC
I-CR-002
Rev. 1, December 1994
Operator Station
Process Control System
Power Distribution Control System
Plitelighet av datamaskin baserte sikkerhetssystemer (reliability
of computer based safety systems)
Process Shut-Down (System)
Remote Inputs/Outputs
Resistance Temperature Device
Stiftelsen for Industriell og Teknisk Forskning ved Norges
Tekniske Hyskole (The Foundation for Scientific and Industrial
Research at the Norwegian Institute of Technology)
Thermo Couple
Safety and Automation System
Uninterrupted Power Supply
Visual Display Unit
Life Cycle Cost
FUNCTIONAL REQUIREMENTS
5.1
5.1.1
F&G
I.
II.
III.
PCS
I.
II.
III.
IV.
_______________________________________________________________________________
NORSOK Standard
5 of 20
I-CR-002
Rev. 1, December 1994
PSD
I.
II.
III.
IV.
PDCS
I.
II.
III.
5.1.2
Functional Distribution
The process systems shall be logically distributed into separate SAS units and/or SAS
programs in order to optimise mechanical completion, commissioning and maintenance.
5.2
SAS functions
5.2.1
ESD
The ESD system shall have the following features:
I.
It shall be possible to test the ESD logic without degrading the platform safety and
reducing the production rate.
II.
The platform shall be protected even in case of loss of power or single failure of
electronic parts.
III.
Common ESD reset function shall be provided in the CCR, in addition to local
resets.
IV.
Status of the ESD system, ESD valve status, inhibit and override facilities shall be
available in the CCR.
V.
VI.
PDS or an equal calculation method shall determine the ESD system configuration,
aiming for a simple solution.
VII. The ESD information and operation shall be easily accessible to the CCR operator
without unnecessary time delay.
VIII. The operator interface may be a VDU based solution or a combination of LED/switch
operated matrix and VDU(s).
IX. The ESD output signals to field devices shall be hardwired.
_______________________________________________________________________________
NORSOK Standard
6 of 20
5.2.2
I-CR-002
Rev. 1, December 1994
X.
XI.
Communication between ESD and F&G can be by means of a dedicated safety bus,
serial links or hardwired.
F&G
The F&G system shall have the following features:
I.
II.
It shall be possible to override PA alarms and FWP start due to the on-line test
requirements.
III.
Delay of audible PA alarms to LQ and possibility for inhibition of the audible alarms
shall be provided in the CCR.
IV.
V.
VI.
VII. Communication F&G and ESD can be by means of dedicated safety bus, serial links
or hardwired.
VIII. Information about geographical arrangements of detectors and fire areas shall be
available in the CCR.
IX.
X.
Hot work status, per safety area should be available in the CCR.
XI.
Status of F&G alarms, inhibits, override and release of protection facilities shall be
provided in the CCR.
XII. Selection of FWP priorities, running/available status of FWPs, ring main pressure
and FWP fault indication shall be available in the CCR.
XIII. The F&G information shall be easily accessible to the CCR operator without
unnecessary delay.
XIV. The information on an integrated F&G mimic/matrix shall be kept to a minimum and
the F&G mimic/matrix shall typically contain:
XV. Common gas alarm per safety area.
XVI. Common fire alarm per safety area.
_______________________________________________________________________________
NORSOK Standard
7 of 20
I-CR-002
Rev. 1, December 1994
HVAC
The HVAC safety related functions should be integrated in the F&G system. No separate
SAS unit for HVAC functions should be implemented.
5.2.4
PCS
LED/switch operated process mimic should be avoided. PCS statuses and operation
commands should be available on VDU only.
5.2.5
PSD
PSD functions shall be implemented in separate SAS unit(s). Machinery protection is not
considered as PSD level.
5.2.6
PDCS
The purpose of the PDCS is to control and monitor the electric power generation and
distribution network.
5.2.7
MCC
The MCC may be controlled from any SAS unit and following principles are acceptable:
I. Distributed concept based on suppliers standard intelligent MCC bus concept.
II. RIO with potential free contacts rated for the voltage used in MCC control circuitry.
III.Hardwired signals.
The MCC shall proceed into pre-defined selectable state (on/off/steady) in the event of loss
of data communication.
The PDCS status shall be available in CCR. Separate LED/switch operated electrical
mimic panels should be avoided. PDCS status should be available on VDU screen pictures.
5.2.8
I-CR-002
Rev. 1, December 1994
III.Ballast system
IV.Environmental and Platform Monitoring System
V. Corrosion Monitoring System
VI.Condition Monitoring System
VII.Fuel & flare gas metering
VIII.Oil Storage and Off-loading System
Typical IMS functionality is:
I. Long term storage of alarms and events.
II. Trend data storage.
III.Long term storage of selected measurements values.
IV.Alarm analysis.
5.3
5.3.1
Category of packages.
I. Category A, SAS integrated packages.
Packages fully integrated in SAS standard hardware/software. Control and monitoring
are programmed / configured in the SAS system by the project according to Package
Vendor specifications.
I. Category B, SAS partly integrated packages.
Package with control functions programmed/configured by Package Vendor in standard
SAS hardware / software. Non standard hardware may be used for special functions
like turbine governor.
I. Category C, SAS Stand-alone packages.
Packages with only serial link or hardwired signal communication interface to other
_______________________________________________________________________________
NORSOK Standard
9 of 20
I-CR-002
Rev. 1, December 1994
SAS units. Vendor supplies separate logic for machinery protection, control and
monitoring.
I. Category D, Stand-alone locally controlled packages.
Packages with local control only. Vendor supplies separate logic unit for control.
These control units are not considered as SAS units and no external communication is
required.
5.4
5.4.1
Operator station
The CCR Operator Stations shall as a minimum meet the following functional
requirements:
I. The SAS shall give possibility to monitor all process and safety signals from any
Operator Station. Silent type of alarm/event printers shall be located in CCR or in area
adjacent to CCR.
I. The operator shall be able to request a colour hard copy of any VDU picture.
I. Number of printers shall be kept at a minimum. Failure of one OS or one printer shall
not stop printing possibilities. The printout shall be available on request.
Local operator stations may be used in local panels.
Temporary Operator Stations should be available for test and commissioning purposes.
5.4.2
V. Alarm list.
_______________________________________________________________________________
NORSOK Standard
10 of 20
I-CR-002
Rev. 1, December 1994
VI.Event list.
VII.Sequence display.
VIII.Control display.
5.4.3
Use of colour
The colour coding as shown in tables below shall be used for process and service lines and
equipment. Further definition may call for lines consisting of dashes of different colours if
lines or equipment are designed for multiple fluids.
Table 1 Coulors of process and utility medium
Process/utility medium
Oil
including diesel, crude, lubrication,
seal, hydraulic oil and drilling mud.
Gas
including fuel, HP, LP, injection,
relief, flare gas.
Water
including potable, ballast, drill,
produced, cooling, injection water and
steam.
Air
including instrument and plant air.
Fire fighting
including fire water and foam.
Chemicals
including glycol, scavenger, chemicals,
cooling and heating medium, drilling
and other chemical additives.
Colour selections
Brown
Yellow
Green
Blue
Orange
Violet
Colour selection
11 kV
690 V
400/230 V
230V UPS
Blue
Orange
Yellow
Brown
_______________________________________________________________________________
NORSOK Standard
11 of 20
I-CR-002
Rev. 1, December 1994
Colour selection
Active alarm
Warning
Fault alarm status
Suppressed/blocked
Red
Yellow
Violet
Blue
Use of symbols
SAS vendor standard VDU symbols shall be used.
5.4.5
Trend facilities
The SAS shall have capabilities for short and long term trending of any analogue signal.
On line structuring of trends should be available.
5.5
5.5.1
Definitions
Alarms arise when an abnormal situation occurs.
Example: HH level in separator, motor overload.
Event is a change of process status or operators interaction with process.
Example: Change of controller's setpoint.
System alarm is activated if SAS functions fail or exceed pre-defined limits.
Example: Digital input card failure or analogue input less than 3mA.
5.5.2
Time tagging
Events, process and system alarms must be time tagged with highest resolution but not less
than the scan rate, and related to the central Real Time Clock.
No events or alarms shall be lost in the SAS.
The alarms shall be time tagged where it is first detected.
_______________________________________________________________________________
NORSOK Standard
12 of 20
5.5.3
I-CR-002
Rev. 1, December 1994
5.5.4
Acoustically
II.
Programming
5.6.1
II.
On line programming.
III.
Load and unload application programs including database structure via common bus.
IV.
V.
It shall be possible to monitor on line any dynamic variable in any relevant SAS unit
via bus for debugging purposes.
VI.
Function blocks
To the extend possible, the SAS vendors or Company standard existing function blocks
shall be applied. Function block oriented programming should be used.
_______________________________________________________________________________
NORSOK Standard
13 of 20
SYSTEM REQUIREMENTS
6.1
Hardware
I-CR-002
Rev. 1, December 1994
Remote I/O
In order to minimise cabling and hook-up offshore RIO should be used where applicable.
6.1.2
6.1.3
6.1.4
SAS termination
Any cross wiring shall be included in the SAS units termination part. Signal conditioning
units shall be rack or rail mounted.
It shall be possible to isolate field signals from the SAS unit(s) without disconnecting the
cable cores from the terminals.
All I/O channels, including spares shall be pre-wired.
The SAS shall be designed in such way that the termination part can be delivered to site at
an early stage while testing of application programs continue at SAS vendors workshop.
Reconnection facilities shall be pluggable.
6.1.5
_______________________________________________________________________________
NORSOK Standard
14 of 20
6.1.6
I-CR-002
Rev. 1, December 1994
Hardware expandability
Spare capacity shall be measured per SAS unit and per card type at time of plant start-up.
For a well defined mechanical package, a lower quantity of spare/ expandability can be
accepted.
Table 4 Hardware expandibility table
Task
I/O cards
Disk capacity
6.2
Software
6.2.1
CPU performance
Spare capacity
10 % installed spare
25 % possible extension
40 % spare installed
100 % possible extension
CPU load of SAS unit(s) at the time of plant start-up shall not exceed 75%. CPU load
means percentage of time available for application program (internal CPU handling tasks
excluded).
Memory
It shall be possible to expand memory without any change of application programs and
there shall be 75% spare capacity at time of plant start-up of SAS.
6.2.2
Bus load
Bus load at the time of plant startup shall not exceed 75% of by the vendor recommended
bus load.
6.2.3
Time synchronisation
Time synchronisation means that internal time between different units shall not deviate
more than 50 msec. The SAS system shall get time vector from platform clock.
_______________________________________________________________________________
NORSOK Standard
15 of 20
I-CR-002
Rev. 1, December 1994
ANNEX A
_______________________________________________________________________________
NORSOK Standard
16 of 20
I-CR-002
Rev. 1, December 1994
_______________________________________________________________________________
NORSOK Standard
17 of 20
I-CR-002
Rev. 1, December 1994
ANNEX B
_______________________________________________________________________________
NORSOK Standard
18 of 20
I-CR-002
Rev. 1, December 1994
Time
response
1 sec
Time response
Max. 2 sec
2 sec
4 sec
15 sec
Time response
2 0 msec
_______________________________________________________________________________
NORSOK Standard
19 of 20
I-CR-002
Rev. 1, December 1994
Digital clock
synchronisation
Alarm tagging
A
D
Field actuator
response time
Figure 2
Time response
5 sec
3 sec
2 sec
2 sec
OS scan/display time
Communication time
CPU
Analogue clock
synchronisation
_______________________________________________________________________________
NORSOK Standard
20 of 20