KUWAIT OIL COMPANY (K.S.C.)

STANDARDS PUBLICATION

KOC STANDARD

FOR

SHUTDOWN SYSTEMS

DOC NO : KOC-1-004

STANDARDS DIVISION

KUWAIT OIL COMPANY (K.S.C.)

DOC. NO. KOC-1-004

STANDARDS PUBLICATION

KOC STANDARD

FOR

SHUTDOWN SYSTEMS

DOC. NO. KOC-1-004

Page 1 of 53

STANDARDS DIVISION

REV. 2

KOC STANDARD

DOC. NO. KOC-1-004

FOR

SHUTDOWN SYSTEMS

Page 2 of 53

DOC. NO. KOC-1-004

REV. 2

(FORMERL Y 01 5-JH-1905)

ISSUING AUTHORITY:

STANDARDS DIVISION

TABLE OF CONTENTS

FOREWORD

PAGE NO.

REV. 2 DOC. NO. KOC-1-004

SCOPE

Page 3 of 53

APPLICATION

TERMINOLOGY

3.1 Definitions 3.2 Abbreviations

REFERENCE CODES AND STANDARDS

4.1 Conflicts 4.2 List of Standards and Codes

ENVIRONMENTAL CONDITIONS

SERVICE CONDITIONS

6.1 General 6.2 Equipment in Hazardous Area

HEALTH SAFETY AND ENVIRONMENT

DESIGN CONSIDERATIONS

8.1 General 8.2 Logic Grouping

SYSTEM DESCRIPTION

9.1 Emergency Shutdown (ESD) System 9.2 Sequencing and Shutdown Logic System (SSLS) 9.3 Manual Shutdown 9.4 Final Control Element 9.5 Process Override Switch (POS) 9.6 Maintenance Override Switch (MOS) 9.7 User Interfaces

EQUIPMENT DESCRIPTION

10.1 General 10.2 Programmable Logic Controller (PLC ) 10.3 Relay Based System

DOC. NO. KOC-1-004 Page 4 of 53 REV. 2

EQUIPMENT CABINETS

1 1 .I PLC Cabinets 1 1.2 Relay Cabinets 1 1.3 Operator Fascia 1 1.4 Cabinet Labelling Requirements

EQUIPMENT LAYOUT

FIELD CABLING AND INTERNAL WIRING

POWER SUPPLY

PERFORMANCE, INSPECTION AND TESTING REQUIREMENTS

1 5.1 Quality Control (QC) 15.2 Shop Inspection and Performance Testing 15.3 Shop Testing (Component Level) 15.4 Factory Acceptance Test (FAT) 15.5 Site Acceptance Test (SAT) 1 5.6 Electromagnetic Compatibility and Radio Frequency

Interference

QUALITY ASSURANCE

PACKING, MARKING AND DOCUMENTATION

17.1 General 17.2 Documentation 1 7.3 System Registration and Warranty

SPARE PARTS AND MAINTENANCE REQUIREMENTS

ACKNOWLEDGEMENT

FOREWORD

This document "KOC Standard for Shutdown Systems" (KOC-1-004, Rev.2) is intended to provide the minimum requirements for Shutdown Systems and the equipment for Emergency Shutdown (ESD) and Sequencing and Shutdown Logic System (SSLS) for installation at various KOC facilities in Kuwait.

REV. 2 DOC. NO. KOC-1-004

This Standard has been approved by the Standards Division in consultation with the Standard Technical Committee (STC) for use throughout the corporate Engineering and operational functions of Kuwait Oil Company (K.S.C.).

Page 5 of 53

This Standard "KOC Standard for Shutdown Systems" (KOC-1-004, Rev.2) supersedes the existing "KOC Recommended Practice for Shutdown System Panels" (KOC-1-004, Rev. 1 ), which stands withdrawn.

This Standard has been issued by the Standards Division in order t o achieve the following objectives:

a) to provide the design basis for shutdown systems, and system architecture, performance, inspection, and testing requirements for Shutdown System equipment ;

b t o provide technical guidance and establish the base document for detailed engineering with a view to achieve uniformity, quality, reliability and efficiency in an economical manner;

C) to maintain the KOC requirements of safety and protection t o plant, personnel and environment established by KOC's Fire & Safety regulation, Health, Safety & Environmental Management System (HSEMS) and HSE Policy;

d to utilise operational expertise to eliminate the shortcomings experienced in the existing systems, and to include design features based on technological advancement in this field.

Feed back as well as any comments or suggestions derived from the application of this Standard at any stage of design, construction or operation are invited and should be directed to:

Supdt. Standards Division (Chairman, Standards Technical Committee) Loss Prevention Group, K.O.C, P.O.Box-9758, Ahmadi- 61 008,State of Kuwait.

Task Force responsible for the Standard

The preparation of this Standard was entrusted by Standards Technical Committee to the Task Force (TF-1/03) comprising of the following members: -

Dr. Mohammad llyas Standards Div. : Team Leader Tel No.61406 Mr. A.Unnikrishnan Standards Div. : Author 1 Member Tel No. 61 633 Mr. Louis Thiagaraj Opns. Svcs.Dept.(S&E) : Member Tel No.22416

SCOPE

DOC. NO. KOC-1-004

This Standard describes the basic requirements for Shutdown Systems and equipment for Emergency Shutdown (ESD) and Sequencing and Shutdown Logic Systems (SSLS) for installation at various KOC facilities within Kuwait.

This Standard covers the design basis for shutdown systems and system architecture, performance, inspection and testing requirements for ESD and SSLS equipment.

Page 6 of 53

APPLICATION

REV. 2

The design, performance, inspection and testing of Shutdown Systems and equipment shall fully comply with all the relevant requirements specified in this Standard and the referenced standards 1 codes mentioned herein.

Any exceptions or deviations from this Standard, along with their merits and justifications, shall be brought t o the attention of KOCfs Controlling Department for their review, consideration and amendment by Standards Division (if required).

Compliance with this KOC Standard does not of itself confer immunity from legal or statutory obligations.

TERMINOLOGY

Definitions

For the purposes of this Standard the following definitions apply.

Availability

The Probability that a system will be able t o perform its designated function when required for use.

Electromagnetic Compatibility

The ability of equipment to function satisfactorily in its electromagnetic environment without introducing intolerable disturbances to that environment or to other equipment.

The capability to go to a predetermined safe state in the event of a specific malfunction.

Fault Tolerance

Built-in capability of a system to provide continued correct execution of its assigned function in the presence of a limited number of hardware or software faults.

Protocol

Data packaging and transmitting / receiving guidelines t o which the digital link must adhere.

Safety Integrity

The probability of a safety related system satisfactorily performing the required safety functions under all stated conditions within a stated period of time.

Safety lntegrity Level

Discrete level for specifying the safetj

REV. 2 DOC. NO. KOC-1-004

f integrity req

Page 7 of 53

uirements of the safety functions t o be allocated to safety related systems in accordance with IEC-6 1 508.

Voting System

Redundant system that requires at least "m" of the "n" channels/devices ( m out of n ) to be in agreement before the system can take an action.

Abbreviations

CPU -

CRT -

DCS -

EEPROM -

EIA -

EMC -

EM1 -

ESD -

FAT -

Central Processing Unit

Cathode Ray Tube

Distributed Control System

Electrically Erasable Programmable Read Only Memory

Electronic Industries Alliance

Electromagnetic Compatibility

Electromagnetic Interference

Emergency Shutdown

Factory Acceptance Test

DOC. NO. KOC-1-004 Page 8 of 53 REV. 2

F&G

HAZOP

HSE

HSEMS

HVAC

I10

IS

I SA

KOC

LED

MCC

MOS

MTBF

P&ID

PLC

POS

RAM

RFI

RTD

SAT

SCADA

SIL

SSLS

TMR

Fire and Gas

Hazard and Operability

Health, Safety and Environment

Health, Safety & Environmental Management System.

Heating, Ventilating and Air Conditioning

Input/Outputs

Intrinsically Safe

The Instrumentation, Systems, and Automation Society

Kuwait Oil Company

Light Emitting Diode

Motor Control Center

Maintenance Override Switch

Mean Time Between Failures

Piping and Instrumentation Diagram

Programmable Logic Controller

Process Override Switch

Random Access Memory

Radio Frequency Interference

Resistance Temperature Detector

Site Acceptance Test

Supervisory Control and Data Acquisition

Safety Integrity Level

Sequencing and Shutdown Logic System

Triple Modular Redundant

DOC. NO. KOC-1-004 Page 9 of 53 REV. 2 1 UPS - Uninterruptible Power Supply

VDU - Visual Display Unit

W/S Work Station

REFERENCE CODES AND STANDARDS

Conflicts

In the event of conflicts between this Standard and the latest edition of standards1 codes referred herein, or other purchase or contractual requirements, the most stringent requirement shall apply.

List of Standards and Codes

Shutdown System and equipment used shall conform in design, manufacture, performance, inspection and testing, except where otherwise specified, wi th the current issue and amendments of the applicable codes, standards and 01 5 series of KOC specifications, of which the following are cited in this Standard:

International Standards

IEC 60529 Degrees of Protection Provided by Enclosures

IEC 60617 Graphical Symbols for Diagrams

IEC 61000 Electromagnetic Compatibility (EMC)

IEC 61 0 8 2 Preparation of Documents used in Electrotechnology

IEC 61 508 Pt. 1 t o 7 Functional Safety of Electrical / Electronic / Programmable Electronic Safety Related Systems

IEC 6 1 1 3 1 Pt. 1 to 5,7&8 Programmable Controllers

National Standards

EIA 232F

EIA 422A

lnterface between Data Terminal Equipment and Data Circuit Terminating Equipment Employing Serial Binary Data Interchange

Electrical Characteristics of Balanced Voltage Digital lnterface Circuits

EIA 485A

IEEE 518

IEEE 488

Electrical Characteristics of Generators and Receivers for Use in Balanced Digital Multipoint Systems

ISA 5.2

ISA 18.1

4.2.3 KOC Standards

KOC-E-004 Part- I

KOC-E-004 Part-2

KOC-E-004 Part-3

KOC-E-01 1

Guide for Installation of Electrical Equipment t o Minimise Electrical Noise Inputs t o Controllers from External Sources

REV. 2 -

DOC. NO. KOC-1-004

Standard Digital Interface for Programmable lnstrumentation

Page 1 0 of 53

Binary Logic Diagrams for Process Operations

Annunciator Sequences and Specifications

KOC Recommended Practice for Selection, Installation and Maintenance of Electrical Equipment in Hazardous Areas: General Requirements

Flameproof Enclosure "d"

Intrinsic Safety "i"

KOC Standard for Uninterruptible Power Supply Systems

KOC Standard for Hazardous Area Classification

KOC Standard for Packing, Marking and Documentation

KOC Standard for Basic Design Data

KOC Standard for Spare Parts and Maintenance Data

KOC Standard for lnstrumentation and Control System Design

KOC Recommended Practice for Fire & Gas System Panels

KOC Standard for Instrument Cables

KOC Standard for Fire & Gas Detection Equipment

01 5 Series of KOC Specification

This Standard makes reference t o the following KOC specifications, which shall be designated by KOC Controlling Department, on a project specific basis wi th addendum sheet as required:

REV. 2 DOC. NO. KOC-1-004

01 5-JH-1904 Distributed Control Systems (DCS)

Page 11 of 53

0 1 5-JH-1909 Instrumentation for Packaged Equipment

01 5-JH-1911 Standard Auxiliary Control Room Cabinets

0 1 5-YH-1004 Specification for Emergency Shutdown and Depressurising System Requirements

ENVIRONMENTAL CONDITIONS

The environmental conditions in Kuwait are severe and shall be considered carefully before selection of equipment for shutdown system. The equipment for outdoor installation shall be suitable for continuous operation

traces of hydrogen sulphide.

Refer t o "KOC Standard for Basic Design Data" (KOC-G-007), which provides the detailed design information regarding the environmental, site and utility supply conditions prevailing throughout the KOC Facilities.

SERVICE CONDITIONS

General

The ESD and SSLS system control equipment shall be installed in an indoor air-conditioned iocation (inside control building) unless otherwise specified.

Controi and auxiiiary rooms are provided wi th air-conditioning with a normal temperature of 2 4 OC (75 OF) and controlled humidity. However, the ESD and SSLS systems are required to continue operation without failure, without error and without incurring long or short-term damage t o the equipment during the HVAC upset conditions, when the temperature in the room is from 5 OC to 5 0 OC ( 4 1 ' ~ t o 122 OF) and the humidity is up t o 9 0 % (non- condensing).

Equipment in Hazardous Area

Where any equipment is to be installed in a hazardous area, i t shall'conform to the relevant parts of KOC Recommended Practice for Selection, Installation and Maintenance of Electrical Equipment in Hazardous Areas (KOC-E-004).

The general classifications for plant groupings shall be in accordance w i th the Project Drawing entitled "Hazardous Area Classification " prepared in conformity wi th KOC Standard for "Hazardous Area Classification" (KOC-G- 002).

DOC. NO. KOC-1-004

The equipment t o be installed in a hazardous area shall be certified for use in those areas by a testing authority of an international recognition. The list of testing and certifying agencies acceptable t o KOC are given in KOC-E- 0 0 4 Part-2. The copies of relevant certification documents shall be submitted for KOC review and approval.

HEALTH SAFETY AND ENVIRONMENT

Page 12 of 53

All relevant safety requirements of KOC1s Fire & Safety regulation, Health, Safety & Environmental Management System (HSEMS) and HSE Policies shall be adhered t o while performing the Shutdown System design.

REV. 2

DESIGN CONSIDERATIONS

General

(Completelpartial) of Facility, and where necessary depressurising of process equipment, in order t o prevent the development of a hazardous condition that may be caused by process upset and/or an external event, such as fire.

The ESD system shall be designed to achieve the following objective:

a) protection of personnel;

b) protection of equipment;

c prevention of pollution;

d) safe and reliable operation with on line monitoring;

e) continuity of production (by minimising spurious shutdowns).

The Sequencing and Shutdown Logic System" (SSLS) shall be an independent system designed to provide logic functions for sequencing and control (auto start of standby equipment, organised normal shutdown etc.) including for packaged equipment (when a dedicated control system is not provided).

Loqic Grouping

DOC. NO. KOC-1-004

The ESD system functions shall be defined in the P&ID, Cause and Effect diagram and shall relate to the control of ESD valves, depressurising systems and the interface with other systems to trip electrical motors, turbineslpackaged equipment and other electrical supplies.

The P&ID/ Cause and Effect diagram shall identify all the ESD input and output signals by their respective "Trip level" groups. A typical form of "Trip level" group identification is given below:

Page 13 of 53

Trip Level group- 2.1, where 2 indicates the ESD Level and 1 indicates the group of equipments in a particular area of the facility such as CRU area, Desalter area etc.

REV. 2

The SSLS shall perform all logic functions other than those dedicated to the ESD system like start-up permissive, normal shutdown sequences, sequence monitoring, trip-alarm time stamping, runninglstandby pump control etc.

The sequencing and interlocking functions, shall mainly be organised and initiated from the DCS operator station, but shall be executed by Sequencing and Shutdown Logic System (SSLS) unless otherwise specified.

SYSTEM DESCRIPTION

Emergency Shutdown (ESD) Svstem

General

The ESD system shall provide automatic protection for the entire facility when a shutdown is initiated by dedicated sensors in the plant, or by operator intervention at the ESD operator fascia. In addition, a system-wise depressurisation facility shall be provided (wherever identified) from the operator fascia panel using a lockable switch with built-in time delay.

The ESD system shall act independently of all other systems t o sense emerging abnormal operating conditions, automatically react t o such conditions by shutting down and /or isolating and/or venting as appropriate in accordance wi th the cause and effect diagram / risk analysis findings from "HAZOP" etc.

The ESD system shall be provided with redundant interface with other systems like F&G system, DCS, packaged equipment,. motor control centre (MCCI, HVAC etc. as applicable.

DOC. NO. KOC-1-004 Page 14 of 53 REV. 2

d) Redundant interface using serial communication link between ESD and other systems shall be limited to status monitoring of any safety device or equipment. However, shutdown initiating request signals between systems such as F&G system and ESD system, ESD system and Engine Management System etc. shall be hardwired.

e) The ESD system shall be designed t o maximise reliability and availability with very high degree of user-friendliness t o handle hardware or software related engineering/maintenance/operation tasks.

f ) All shutdown operations shall be designed on "Fail t o Safe" basis. Specifically all outputs shall fail to a safe shutdown condition in the event of electrical de-energisation, loss of signal, ESD system equipment failure etc.

9.1.2 Shutdown Levels

The safety requirements and risk involved in the Facility shall be analysed and a Cause and Effect diagram produced with various levels of shutdown. The diagram shall list all initiating field devices and corresponding outputs, wi th the objective of minimising the effect of a failure, allowing those parts of the Facility t o continue operation, where their safety and operability is not affected by the failure.

Four levels of shutdown have been classified as follows:

Level 1 : Total Plant Shutdown wi th Depressurisation.

Level 2: Total Plant Shutdown without Depressurisation.

Level 3: Production Train Shutdown.

Level 4: Local Process Element and Related Shutdown.

3 System Availability and Reliability

a) The system shall be designed according t o the level of reliability required, the economics of the various options and the complexity of the logic arrangements.

b) In order t o maximise system availability without compromising reliability, redundancy arrangement shall be incorporated within those elements of the ESD system, which may be subject to common1 normal mode failure.

c) The safety integrity levels for any particular application should be evaluated based on Cause and Effect diagram.

DOC. NO. KOC-1-004

d) Redundant components and signal paths along with extensive use of active diagnostics are to be used in the design of ESD system to achieve prompt and positive shutdown action for real emergency situation.

e) Redundancy shall allow on-line (under power condition) testing and corrective maintenance jobs such as replacement of I10 modules, processor modules, memory modules, power supply modules, communication interfaces, I10 bus cables, communication cables, etc. without affecting the operation of the ESD system and without requiring any process shutdown.

Page 15 of 53

f) Majority voting arrangements shall be implemented as per Cause and Effect diagram t o ensure that single failures do not generate spurious shutdowns.

REV. 2

g) The power supply, I10 grouping, processor allocation, field interconnections etc. shall be so designed that the system could be point-wise, module-wise isolatable across the entire system without affecting the basic safety and operation of the facility.

9.1.4 Fault Tolerance

In the event of any unresolved hardwarelsoftware discrepancy or faults, the equipment shall remain tolerant while continuing execution of its function and allow repair without process interruptions in accordance wi th the requirements of IEC 61 508.

Such low-safety operating condition of the system shall be hardwired t o the operator console and alarmed continuously until the conflicts are successfully resolved. The system shall log the specifics of such discrepancies wi th time stamping in the alarm journals.

In the event of any I10 module fault, the faulty module shall be automatically switched-off, while the redundant module keeps up operation.

Fault on I10 modules shall activate the hardwired alarms on the operator fascia, in addition t o repeating the software alarm on ESD and DCS workstations wi th address, point and channel specifics. On rectification of fault, the module shall automatically return t o normal operation without affecting the operation of the system.

9.1.5 Logic Design

a) Cause and Effect Diagram

DOC. NO. KOC-1-004

It.

. . . 111.

iv.

vi .

vii.

Page 16 of 53

viii.

REV. 2

On the basis of available information, an initial Cause and Effect diagram shall be prepared during the basic engineering stage and developed during the detailed engineering stage t o a fully functional and safe ESD system t o cover all equipment in the Facility.

The design shall give emphasis for enhancement of protection to personnel and equipment, availability of process systems and production (avoiding spurious shutdown), minimisation of pollution t o the environment etc.

The effect of a failure shall be minimised in the system design in order t o eliminate unnecessary shut down of other portions of the Facility, where the safety and normal operating conditions are not affected by the cause of such failure.

The inputs to the system shall be derived from field devices, manual intervention in the field or control room, signals from the F&G panel, and other plant automation systems. These initiating inputs shall form the row header of the Cause and Effect diagram.

The outputs shall cause appropriate actions such as pre- alarm, alarm, shut down, isolation, depressurisation and initiate purge or blowdown as necessary of all parts of the Facility adversely affected. The outputs shall form the column heading identifying the alarm by type (hardwired /software) and location (operator console, DCS, ESD W/S, F&G W/S etc.).

Enhanced availability and quick restart of any system in the Facility shall be incorporated wherever appropriate by means of POSIMOS.

To enable a quick Facility restart after a trip, venting should be a manual function controlled by the operator, except in cases such as fire, where for prime safety reasons automatic venting is essential.

Venting manual controls shall be installed in the field and the control room operator fascia with reset facilities. The system shall not be restarted from a tripped position unless it has been manually reset by the operator.

DOC. NO. KOC-1-004 Page 17 of 53 REV. 2

ix.

xi.

xii.

... XIII.

xiv.

Appropriate signals shall be transmitted t o other systems to enable those systems to take action when an emergency shut down occurs. For example:

DCS controllers shall be set to manual with zero or preset values or tracked outputs when the related system is shut down.

Auto-start attempts on standby equipment shall be inhibited.

All alarm signals shall bring up visual indication on appropriate DCS graphics pages, and initiate the control room audible alarm. In addition, where operating personnel in other locations require to be informed by audible and visual alarms of the nature and location of the emergency, these features should be indicated on the Cause and Effect diagram.

To eliminate integrity loss due t o single mode failures, at least t w o independent means shall be provided to detect the presence of any abnormal condition that can lead to a dangerous situation requiring executive shutdown action.

Where more than one train or standbylload-sharing pump etc. could be affected by a failure of a common device, the field instrument design should be re-evaluated and the common mode failure eliminated (e.g., a switch detecting low-low pressure of a common header shall be supplemented by switches serving each train). Where such a common mode situation cannot be eradicated, additional field sensors, output devices and 2003 ( two out of three) voting systems should be installed.

All ESD level 1 & 2 field input devices shall be organised minimum in 2003 ( two out of three) voting and output actuators (solenoids etc.) minimum in 1002 (one out of two ) voting. For other lower level of ESD, the field devices shall be provided in accordance wi th P&ID.

In cases where a shutdown of a Facility section will lead to shutdown of other equipment unless there is operator intervention, warning of the required action shall be notified to the DCS operator by an alarm. The ESD system shall monitor the down-line equipment and take the necessary executive action i f the operator intervention does not prevent an out-of- limits condition occurring.

xv. When a trip will unavoidably lead t o the shutdown of other sections, such shutdowns shall be initiated under the executive action of the system, not by allowing a process condition to go out of limit as a result of the primary shutdown.

xvi. The Cause and Effect diagram shall indicate all motor circuits, which shall have an interlock wi th the ESD system to enable intervention under emergency conditions.

REV. 2 DOC. NO. KOC-1-004

b) Logic Diagram

Page 18 of 53

I. The functional logic diagram shall be prepared wi th logic symbols in accordance wi th ISA 5.2 format based on Cause and Effect diagram.

ii. The logic diagram for PLC based systems should be drawn in accordance wi th the special requirements for the selected shutdown system equipment. All inputs and outputs shall have the respective I10 address noted, and annotation shall be added t o assist ease of identification of the logic sequences wi th the system programme ciphers, such that the logic diagram and the PLC ladder diagram printout relate t o each other and logic problems traced on the logic diagram can be quickly related to the correct programme parameter.

. . . 111. Logic diagram for relay-based systems shall have

identification adjacent t o the logic gate, of all main relays and timers, numbered in accordance w i th the wiring diagrams.

iv. The logic diagram shall include:

all inputs and outputs together w i th their type and any interface conditioning;

sequencing and cross-relationship between systems within the ESD and outside, including DCS manipulation signals;

derivation and destination of all signals including shutdown alarms, field repeats etc.;

Process Override Switches (POS) and Maintenance Override Switches (MOS) together wi th their respective normallbypass indications;

timers wi th their settings;

logic reset, local and console mounted ESD push- buttons, vent and ESD valve openlclose buttons and all other controls;

all other relevant equipment or activities t o complete the logic system.

C) Ladder Logic Diagrams

I.

. . II.

iv.

The manufacturer/supplier shall develop fully detailed ladder logic diagrams.

Where relay systems are specified, the diagram shall be prepared in accordance wi th the requirements of IEC 61082 and IEC 6061 7.

The diagram shall be clearly annotated for ease of understanding and cross-referenced t o the logic diagram.

The ladder logic diagrams for PLC systems shall be in the conventional ladder logic form wi th a clear and unambiguous identification of tags, symbols, elements etc.

9.1.6 Alarm Logic

a) The alarm sequence used shall be in accordance with ISA 18.1 and shall complement that selected for the DCS pre-alarm system. The alarm occurrences shall be stored and time stamped in strict chronological order and presented to the DCS in that order, so that first-up identification is irrespective of the DCS scan time. The display and event logging shall be organised in the DCS as well as in ESD workstation as applicable.

b) Pre-alarms with no logic function shall be connected directly to the DCS from the field.

C) Acknowledgement, reset, and historisation of the alarms should be by data signals received from the DCS. For details on DCS , refer to 01 5 Series of KOC Specification " Distributed Control Systems" (01 5- JH-1904).

d) All switched state changes, resets, valve open/close, valve speed checks, motor stoplstart, sequence steps etc. shall be reported to the DCS for event logging.

REV. 2 DOC. NO. KOC-1-004

-

Page 19 of 53

e) In PLC based systems the ESD workstation shall preserve the alarm summary for a minimum period of 1 0 0 days and shall be provided wi th facility t o copy the alarm journal for selected criteria t o a removable electronic file.

Signal Sense

REV. 2 DOC. NO. KOC-1-004

All circuits shall be arranged in fail-to-safe mode, and all field devices shall openlde-energise to trip.

Page 20 of 53

System Reset

a) The logic system shall not be self-resetting. Operation of the appropriate reset key switch shall be necessary after a trip. After reset and setting of key switch for the necessary process override, pushbutton initiators on the control room ESD fascia panel shall be used t o set the start sequences in operation by energising the circuits to the field pushbutton stations.

b) Operation of the field buttons shall open or close the valves provided the logic is reset. In cases where a field reset is not specified, controi room reset of the logic shall directly energise the solenoid valves.

C) System Reset shall be designed t o provide the following:

I .

. . 11 .

. . . I!!.

iv.

v.

vi.

The reset switches shall be hardwired spring return pushbuttons.

The reset switches shall be provided on the ESD fascia panel and/or local panels and/or field locations as appropriate and approved by KOC.

The reset switches shall be grouped in accordance wi th the facility group. e.g. each bank of crude separation plant, desa!ter-A!B etc;

No facility could be started without being manually reset by the operator.

Any tripped facility shall not automatically restart upon normalisation of the related field inputs until reset by the operator.

Once the reset is activated and plant is in operation, any reset activation shall be inhibited by the logic of the system. ..

I 9.2 Sequencing and Shutdown Logic System (SSLS)

a) The sequencing and shutdown logic system (SSLS) shall control the lower level process functions in a facility, which includes, but not be limited t o the following:

REV. 2 DOC. NO. KOC-1-004

I. sequencing control;

Page 21 of 53

. . 11. packaged unit control(direct/through interface);

. . . 111. time stamping of multiple trip alarms;

iv. running and standby equipment selection and start-up systems;

v. normal shutdown of local process element ;

vi. interfacing wi th the DCS for controller manipulations;

vii. interfacing wi th ESD,F&G system for safety management;

b) Unless otherwise specified, the logic design, equipment description, system architecture, software, operating requirements for the SSLS shall be similar t o that of the ESD system except the following:

I. The requirement for certification for PLC from an internationally recognised organisation shall be waived with prior approval from KOC.

ii. 110s shall be simplex, except in highly critical cases specifically called for by KOC.

C) The SSLS shall include the logics for any special operation such as filter reconditioning, acid washing etc. as applicable even though such operations are of infrequent nature. This would avoid forcing of inputs, outputs and logic status at PLC logic level t o initiate such special operation.

d) SSLS shall have on-line programming capability such as on line debugging, programme addition & deletion, programme uploading & downloading, forcing etc. shall be available without causing shutdown t o the actual process. The deletion of programme shall be provided wi th password protection.

e) Where logic for packaged units is t o be installed in the SSLS, the packaged unit manufacturer shall provide logic diagrams and assist in the testing of the programme affecting its equipment t o ensure proper functioning of the packaged equipment.

DOC. NO. KOC-1-004

f) Sequence logic shall be provided w i th auto, semi-auto and manual modes of operation through appropriate programmable interfaces t o facilitate following functions:

i Auto mode:

Page 22 of 53

The sequence shall be initiated automatically according t o the stipulated process condition and/or time schedule. Thereafter all the steps of the sequence shall be advanced automatically according to the time programme and event accomplishment.

REV. 2

. . 11 . Semi-auto mode:

The sequence shall be initiated manually but all the steps of the sequence shall be advanced automatically according t o the time programme and event accomplishment.

. . . 1 1 1 . Manual Mode:

The sequence shall be initiated manually and all the steps of the sequence shall also be advanced manually in a step-by- step manner.

Trip-Alarm Handling

Alarm-handling for packaged equipment shall include an individual first-up sequence, which shall initiate a common alarm on the general DCS graphics. A full field repeat of the lamp status shall be provided where recommended by the packaged unit manufacturer, and the provision shall include alarm Accept, Reset and Test from the field in addition t o those from the DCS.

Start/Stop Initiation

a) Reset and initiation of the various logic programmes shall be from the DCS or from field panels according to equipment type.

b) A fascia panel shall be incorporated adjacent t o the operator fascia wi th hardwired stop buttons and status lamps for each package or main equipment set. Operation of these buttons shall initiate controlled sequenced shutdown of the relevant equipment.

C) The SSLS shall provide feedback t o the DCS, for manipulation of controllers as necessary for the shutdown and t o position the system in a suitable state for re-start. Instructions to close individual or group ESD valves shall pass from the SSLS to the ESD system.

Manual Shutdown

Operation of a manual shutdown initiator shall override any defeats that are currently in operation. There shall be no facility to override manual shutdown initiated from the field or the control room fascia panel.

REV. 2 DOC. NO. KOC-1-004

Final Control Element

Page 23 of 5 3

The output from the ESD system shall operate shutdown valves and depressurising valves installed in the process piping. For the location and details on shutdown valves and depressurising valves, refer t o 0 1 5 Series of KOC Specification for Emergency Shutdown and Depressurising System Requirements "01 5-YH-1004".

According t o the criticality of the service, ESD valves may be self-resetting upon resumption of signal or may require manual field reset of the solenoid valve as indicated on the P&ID.

Where a manual reset is required, the reset action shall be from a pushbutton located at a safe distance from the valve. Necessary POS timing shall be configured t o facilitate operator response time t o reset such devices.

All ESD valves shall be provided with a field panel wi th pushbuttons and repeating lamps adjacent t o the valve, indicating the status, as detailed below. Legend shall be in English and Arabic languages:

Speed failure detection logic shall be installed for all ESD valves wi th limit switches as indicated on the P&ID. This shall consist of a timer, initiated when the valve is instructed to open or close, set at 50% longer than the normal operating time. The logic shall notify an alarm t o the DCS if the set time is elapsed before the field limit switch is operated.

Reset button Trip button Tripped lamp Ready for reset lamp Reset accepted lamp

Black Red Red White Green

DOC. NO. KOC-1-004 Page 24 of 53 REV. 2

If an ESD valve is also required for use as a process interrupt, the interrupt service shall operate through an additional solenoid valve in series wi th the ESD solenoid valve and positioned so that the ESD function will overrule the process function. The valve speed failure logic shall be modified accordingly. For this service, an additional lamp shall be installed on the field panel with the following legend:

Process Interrupt Yellow

Vent valves shall be equipped with field stations as follows:

O ~ e n Button Black 1 Close Button Red Available Lamp White

The openlclose function of vent valve shall only be available when the relevant shut-down logic is in a level 1 or 2 tripped condition. Reset of the logic shall also close the vent valve.

General requirement

POS shall be provided t o override unhealthy field inputs in order to facilitate start-up, which shall automatically be released upon normalisation of the field input or preset time approved b y KOC, whichever is earlier.

In case the process condition has not normalised within the preset time, i t shall result in start failure, and accordingly abort the start-up, or shutdown the equipment, as the case may be. Next start attempt shall be enabled only after resetting the system manually.

\ A l l v v n i i e the timer is running, the overridden inpiit shall mt Pievefit reset of the logic, however the alarm status of the field inputs, which are overridden by POS, shall not be masked.

When the process is in normal operating condition, activation of POS shall be inhibited programmatically.

The field inputs which need t o be overridden by POS t o facilitate start-up, shall be alarmed at DCS console graphic as follows:

I. The tag number of the field device in "Red" foreground flickering as long as alarm persists.

. . 11. The tag number shall be shrouded in a magenta box as long

as the POS is active.

f) All the above requirements shall be provided irrespective of the system used viz. PLC or relay based.

REV. 2 DOC. NO. KOC-1-004

9.5.2 POS for PLC based system

Page 25 of 53

a) POS shall be software switches in the ESDI SSLS logic except where specifically indicated in the P&ID. Access t o POS preset time setting shall be password protected.

b) Activation and release of POS shall be logged into the alarm journals of the ESD I SSLS workstation and displayed graphically.

9.5.3 POS for relay based system

a) POS shall be pulse initiated by spring return key switches on the ESD operator fascia.

b) Activation and release of POS shall be logged into the alarm journals of the DCS.

C) The status indicating lamps of appropriate colour shall be provided in the operator fascia.

9.6 Maintenance Override Switch (MOS)

9.6.1 General

a) MOS shall be provided t o override all field inputs designated t o trip the facility in order t o facilitate maintenance of field devices without interrupting the plant operation.

b) There shall be a common MOS permissive key in the ESD operator facia panel with t w o positions i.e. 'MOS-enabled' and 'MOS-off'. When key switch is in the MOS enabled position, there shall be a red status alarm on the ESD operator fascia panel, which shall flash until the MOS is off.

C) The alarm status of the field inputs, which are overridden by "MOS", shall not be masked.

d) MOS switches for multiple field inputs used in voting systems shall be grouped together.

9.6.2 MOS for PLC based system

The MOS shall be software switches provided w i th password protection in the ESDISSLS logic, unless otherwise specified.

If specifically called for by KOC in the project specification hard wired key locked MOS shall be provided similar t o that for relay based system as specified in clause.9.6.3.

MOS interfaces shall be configured tag-wise on the graphics of the ESD workstation.

Activation and release of MOS shall be logged into the alarm journals of the ESD / SSLS workstation and displayed graphically.

MOS for ESD system and SSLS shall be segregated and each separately grouped in the graphics.

The field inputs which need to be overridden by MOS t o facilitate maintenance work, shall be alarmed as follows:

I. The tag number shall be in black foreground shrouded in a magenta box as long as the MOS is active, at DCS console graphic.

11. The fill colour of MOS switch shall be "Red" if MOS is activated and; "Green" if MOS is normalised at the ESD workstation graphics.

9.6.3 MOS for relay based system

a) MOS shall be hardwired key locked switches mounted in the ESD cabinet, the interface cabinet or in an adjacent identical cabinet.

b! lVIQS activation shall input to the DCS and bring up an "override in operation" alarm and shall print on the event log.

C) The field inputs which need to be overridden by MOS t o facilitate maintenance work, shall be alarmed at the DCS as detailed below:

The tag number shall be in black foreground shrouded in a magenta box as long as the MOS is active at DCS console graphic.

d) For details of the MOS cabinets refer to 0 1 5 Series of KOC Specification "Standard Auxiliary Control Room Cabinets " ( 01.5-JH- 191 1).

9.7 User Interfaces

9.7.1 General

The user interfaces shall include the operator interface and Maintenance I Engineering interfaces. The operator interface is used for communication of information between the operator and the ESDISSLS system and the MaintenanceIEngineering interfaces are used t o programme, test, and maintain the SSLSIESD system.

9.7.2 Operator Fascia

a) General

I . The operator fascia shall be a lay-floor easel-type lamp and pushbutton panel built in to the DCS furniture in an operator- accessible position. It shall consist of separate sections, each provided wi th a separate hinged translucent cover.

. . 11 . The fascia shall be provided with all pushbuttons and key

switches for shutdown, venting, overrides, reset and permissive switches, as required in accordance wi th KOC approved drawings.

b) Start-up Section

I This shall include logic reset and process override key switches and sequence start buttons for the top-level system startup, including train start, permissive for vital equipment and others as approved by KOC.

. . 11. Each keylbutton group shall be backed up b y status lamps

for:

system tripped;

reset accepted;

override in operation;

attempting;

running.

1 REV. 2 DOC. NO. KOC-1-004

-

Page 27 of 53

. . . 111. The logic system shall be analysed to derive logical signal

conditions for the noted status lamps. Where opening and closing controls for individual valves are required from control room and is indicated on the P&ID, the relevant pushbuttons shall be incorporated in this section.

C) Shutdown Section

REV. 2 DOC. NO. KOC-1-004

I.

1 1 .

... 111.

iv.

Page 28 of 53

This shall include stay-put pushbuttons for the top-level system trips and other trip inputs t o packaged equipment etc. as approved by KOC.

Operation of these buttons shall promote a trip regardless of the process conditions reported t o the ESD system by the field instrumentation, and regardless of any failure within the ESD system.

All vent systems shall have dedicated open/close buttons. These buttons shall be enabled when the related shutdown logic is tripped (level 1 or 2 only). When the logic is reset, these valves shall close.

Lamps ("Red" for depressed, "Green" for released) with lamp test buttons shall be provided for each position, indicating the status of the pushbutton.

d). Common Section

This section shall provide the following hardwired command buttons/switches, status indications and alarm annunciator as minimum:

I.

. . 1 1 .

... 1 1 1 .

iv.

v.

vi.

key operated switches for various levels of ESD activation as per system requirements;

ESD reset switches;

ESDISSLS status;

a hardwired alarm annunciator on first-out sequence shall be also provided for ESD-1&2 level alarms;

ESD valve status / rotating equipment run status;

MOS enable switch and status alarm;

vii. any POS in operation;

DOC. NO. KOC-1-004

viii. comman fault lamps (diagnostic and voting);

I ix. common alarm lamp (any system tripped);

Page 29 of 53

x. two-tone audible alarm (1- diagnostic or voting fault, 2- trip alarm);

REV. 2

xi. accept, mute and lamp test pushbuttons.

9.7.3 MaintenanceIEngineering interfaces

a) Maintenance / Engineering interfaces shall provide the means to programme, test, and maintain the PLC based SSLSIESD system, which allows access to the internal working of the PLC(s) programme on a restricted hierarchy level.

b) Programming capability such as on line debugging / programme addition and deletion or programme uploading and downloading shall

available from this terminal. The system shall be provided with the facility to reveal the changes made.

C) This unit is mounted in the engineer's console room or any other location as specified to achieve the following functions:

I. system hardware configuration;

ii. application software development, documentation, and downloading to the system PLC;

. . . 1 1 1 . access to application software for changes, testing, and

monitoring;

iv. viewing system resources and diagnostic information;

v. changing system security levels and access t o application software variables.

d) The engineer station shall consist of a standalone personal computer (PC) and a dedicated printer, mounted on a desk unit in the Engineer console room.

e) The engineer's PC shall access the PLC via a communication port and the system shall enable on-line changes of the programme, or facilitate loading or downloading of revised operating software.

EQUIPMENT DESCRIPTION

General

The Emergency Shutdown (ESD) System and the Sequencing and Shutdown Logic System (SSLS) equipment shall be accomplished using separate Programmable logic controllers (PLC), unless otherwise specified.

Programmable logic controllers (PLC) are preferred due to the high reliability, flexible control, easily modifiable programme, easy trouble shooting, reduced space requirement etc.

The relay-based systems shall be used, only where the extension of existing relay based systems are required and specifically called for by KOC in the project specification.

Pronrammable Logic Controller (PLC )

General

The PLC shall be microprocessor based, using state-of-the -art technology, manufactured in conformity wi th the requirements of IEC 61 131, with proven high levels of safety integrity. The system shall be suitable for continuous operation without failurelerror at service conditions as specified in clause 6.0 of this Standard.

The PLC shall include all hardware assembled and wired in cabinets, wi th all associated software, fully programmed, configured and tested t o meet the logic design requirements.

The PLC shall have the following features as a minimum:

I. fault tolerance and selective redundancy;

ii. comprehensive system diagnostics;

. . . 111. easy on-line fault detection and repair;

iv. simpler and user-friendly programming;

It shall operate under stored programmes written in ladder logic, complete with monitoring and programme development facilities.

The PLC shall be of modular, field expandable design for expansion of hardware and or application software. Each module shall be keyed to allow installation in only one direction.

The PLC shall be complete with all associated interfaces for communication to the DCS/F&G/SCADA etc. as required.

DOC. NO. KOC-1-004

The PLC hardware shall be specially designed for shut down service and shall incorporate features to minimise the possibility of failure. Internal diagnostics shall detect unsafe system operation and fail all outputs t o the de-energised state.

The PLC shall be designed t o provide the entire system redundant, including, processors, I10 buses, system power and loop power supply, interfaces such as for ESD workstations and DCS, interconnecting communication cables etc.

Page 31 of 53

The equipment shall continuously detect, diagnose and message automatically the discrepancies and deviations between the installed hardware and software of the redundant systems.

REV. 2

Where Sequence of Event Recording Capability is specified in the project document, the supply shall include all integrated hardware and software along wi th dedicated PC and printer.

The PLC shall be suitable for 11 0 volts, 5 0 hertz (Hz) input power supply from UPS, unless otherwise specified.

In addition t o the software based logic, the PLC shall be provided wi th means t o shutdown the Facility, by isolation of power to outputs etc., so that the operator could bring the entire facility t o safe shutdown in a controlled manner independent of the ESD system equipment.

1 0.2.2 System Architecture

a) General

I . Unless otherwise specified, the PLC based ESD system shall be designed for performing the functions in accordance with IEC 61508 t o meet the Safety Integrity Level-3 (SIL-3), certified by an internationally recognised organisation approved by KOC.

. . 1 1 . Duplex system, triplex system or any latest proven system

architecture to meet the criteria given in clause 10.2.2-a(i) shall be provided with prior approval from KOC.

Duplex System

DOC. NO. KOC-1-004

I. The duplex system shall have redundant, self-checking, PLC with 1 out of 2 voting and enhanced diagnostics features (1 002 D) as a minimum in accordance wi th IEC 61 508, unless otherwise specified.

ii. The redundant PLC shall be provided with automatic fail-over system. Fail over to back up components shall not effect system performance or operations.

Page 32 of 53

. . . III. Failure of transfer to back-up components or malfunction of

the parallel redundant units shall be monitored and alarmed.

REV. 2

Triplex Systems with Triple-Modular Redundancy (TMR) :

I . The TMR system shall employ three isolated control systems, using 2003 ( two out of three) voting t o provide high integrity, error free, operation with extensive diagnostics facilities.

ii. For diagnosed PLC failure, the PLCs shall operate as an adaptive system, where the running PLCs can revert t o duplex mode or simplex mode as pre-programmed or engineer selected, with appropriate alarms generated locally and at the DCS.

Processor Module

The processor modules shall contain the main processor unit to perform the application programme storage, data storage, operating system functions, and the execution of the application programme functions.

a) The CPU along with the software shall be capable of performing the following functions as a minimum:

I. application programme execution;

11 input and output discrepancy checking and auto testing;

. . . 111. diagnostics and fault reporting;

iv inter CPU communications;

v. parity checking and Cyclic Redundancy Checking (CRC) system for remote communications.

The processor shall be provided wi th removable EEPROM and / or memory flash card.

DOC. NO. KOC-1-004

In the event of power outage, the application programme and configuration details resident in the RAM and hardware clock shall be instantly buffered by the lithium battery.

The battery backup shall retain stored programmes in the RAM memory for a minimum period of 2 years. The PLC shall allow replacement of the batteries without disconnection of power supply.

The PLC shall be capable of storing data including the following types:

Page 33 of 53

I . input / output status;

REV. 2

. . 11. set value for timers and counter;

. . . 111. alarm conditions;

iv. parameters and recipes for the machine or the process.

It shall have necessary serial interface t o download and upload programme through portable laptop computer in addition t o the engineering workstation.

There shall be provision for continuous monitoring of power supply devices, and backup battery of the RAM and clock.

The CPU shall be provided with status and diagnostic indicators for the display of status and fault in the PLC hardware/ software.

Power t o CPU and support modules shall be distributed by a motherboard or backplane for each rack. A dual bus architecture with active redundancy shall be employed.

The CPU front panel shall include a connector that provides interprocessor communication to peripheral support devices.

The integrity of the system shall be monitored by watchdog timer.

The CPU shall have LED indications for:

I. Transmit data activity in progress.

. . 11. Receive data activity in progress.

DOC. NO. KOC-1-004 Page 34 of 5 3 REV. 2

10.2.4 Input / Output (110) modules

The inputloutput modules shall be rack-mounted opticallylgalvanically isolated, plug-in type, to provide connection between the Facility process equipment and the PLC.

The number of ways should be selected t o economically match the connected equipment signal groups to achieve the segregation between groups of equipment, start-up groupings, voting systems on different cards, runlstandby pumps on different cards etc.

The I10 modules shall be distinctly identified according t o the input and output types.

The input modules shall contain contact debouncing networks and signal filtering to remove noise.

All 110s used shall be local t o the processor and remote 110s are not acceptable unless expressly approved b y KOC on an application basis.

Every loop shall be individually provided w i th fuse and isolators.

The redundant I10 buses shall be routed inside the cubicles and no routing of I10 buses external t o the cubicle is acceptable.

All I10 points shall have a minimum 1500 volts rms electrical isolation between the field device I10 circuitry and the PLC internal logic circuits.

110 modules shall be removable without disturbing field wiring. Field wiring shall be capable of termination using industrial grade crimped lugs or pins on conductors.

Each I10 module shall contain a visual indicator to display the status of the individual input or output points.

Each 110 cards shall be clearly identified t o show Its function, type and shall be tagged according to the P&ID legend adjacent to the appropriate status lamp.

All inputs and outputs shall be monitoredlsupervised t o distinguish between the cable disconnection/power failure or real emergency like the actuation of sensor /final control element.

Redundant field input devices and output actuators shall be connected to different I10 modules.

For all ESD levels, redundant output modules shall be connected in parallel.

DOC. NO. KOC-1-004

The Facility Main process equipment and the respective standby equipment shall not be connected t o the same I10 module.

Any abnormal status derived from transmitters participating in ESD sequence shall be directly connected t o the redundant 110s of PLC irrespective of i ts ESD level. Necessary repeat alarm t o DCS shall be provided, either by soft-link or by hardwiring from the ESD 110s.

-

Page 35 of 53

The input module shall consist of the necessary electronic circuitry for signal conditioning, fault isolation, data conversion, data transfer to the PLC processor through I10 bus, status indication, etc. t o cater for various types of inputs as required.

REV. 2

The PLC shall be provided with input modules capable of accepting signals directly from various types of field devices including the following:

etc.) Push buttons Pressure transmitters Selector switches Flow transmitters

I Relav contacts I Analvtical instruments. I Proximity switches Potentiometers Logic gates

Various categories of input modules shall be provided with hardware suitable for connection of different input signals to meet the project requirements, which include but not limited to the following:

I .

II.

... 111.

iv.

v.

vi.

volt free contacts from field switches;

AC and DC inputs from devices that operates at 24V, 1 IOV, 120V, 250V ;

analogue signals of 0 - 2 0 m A , 4 - 2 0 mA , -20 to + 2 0 mA , 5 - 3 0 V DC, 12-24V DC, 0-5V DC, 0-1 0 V DC, -5 t o + 5 V DC, -10 t o + I O V DC;

Transistor - Transistor Logic (TTL);

low level signals from Thermocouple types E,J,K,T,B,R, S etc;

RTD input.

DOC. NO. KOC-1-004 Page 36 of 53 REV. 2

The PLC shall be provided with output modules capable of delivering output signals t o various types of field devices including the following:

Discrete Output field devices Analogue Output field devices

Annunciators Analogue meters Alarm horns Chart recorders Motor starters Variable speed drives

/ Logic gates I MOVs I MOVs

U) The output modules shall contain necessary interface, electrical isolation, status indication, conditioning and power level conversion circuitry for the processor output signal, before the signal is transmitted t o the field devices.

V) Output modules shall be provided with hardware suitable for driving various categories of output devices t o meet the project requirements, which includes but not limited t o the following:

I. AC and DC output signals for devices that operates at 24V, 1 1 OV, 1 20V, 250V ;

ii. analogue signals of 0 - 2 0 mA, 4 - 2 0 mA, - 2 0 to + 2 0 mA, 5-30 V DC, 12-24V DC, 0-5V DC, 0-1 0V DC, - 5 to + 5V DC, -10 t o + I O V DC;

... 1 1 1 . Transistor - Transistor Logic (TTL).

10.2.5 Communication Requirements

The communication module shall provide the programme and data exchange between external devices and the processing unit to effect the functions such as programme transfers, data file transfers, monitoring, diagnostics etc.

The ESD and SSLS shall have a redundant data interface with the DCS t o communicate alarm, status etc. The ESDISSLSIDCS interface shall be achieved by an established and proven protocol.

The communication protocol shall be fully compatible wi th type of Plant Automation systems such as DCS, F&G System and Condition Monitoring and Engine Management System.

Unless otherwise specified, the PLC shall have a minimum of one (1) number spare interface module, that can interface w i th any device at a later stage through serial communication port.

e) The data transfer rates shall be not less than 9600 baud.

f) The communication capability shall include the following:

I. peer to peer communications;

11. bi-directional communication between the PLC and the communication network via an interface;

iii. communication with "SMART" analogue field transmitters;

iv. communication protocol shall comply wi th the requirements of IEC 61 131-5, EIA 232C, EIA 422 A, EIA 485 and IEEE 488 standards. Any other communication protocol t o meet a particular projects requirement shall be specified in the projects contract document.

10.2.6 lnterface Module

a) These modules shall contain the primary signal handling devices, including the IS isolators and the loop powering devices. These modules shall be organised such that the groups of similar barriers or other devices are collected together.

b) lnterface Modules shall be located in a marshalling cabinet to facilitate interconnection between the field cable and the cable plug type of connection specified.

10.2.7 Signal Transducers and Converters

These devices as expressly approved by KOC on an application basis, shall be located in a marshalling cabinet or in a separate discrete equipment cabinet .

10.2.8 Power Supply Module

a) These modules shall contain the power distribution bus and termination facility for the tw in feeder power supply input from the shutdown system UPS.

b) The module shall have inbuilt transformation equipments to convert the voltage to the required levels for the functioning of all associated hardware.

C) The power supply modules shall have built-in diagnostic and monitoring facility t o check out of range voltages and over temperature conditions.

d) The power supply modules shall have integral fuse protection, LEDs to indicate power supply faults, and alarm contact to indicate the fault for remote annunciation.

e) The redundant power supply shall not be paralleled at the input side, t o avoid propagation of any fault, tripping both supplies.

1 0.2.9 Operating System

a) The operating system shall allow multiple applications t o run simultaneously. The designer / manufacturer shall structure the programmes so that trains, packaged equipment, utilities and other separable systems are handled as individual groups. The I10 distribution shall be dedicated to the same groups.

b) The programme shall be resident in the PLC memory. The memory shall be battery backed t o retain the programme without corruption during periods of complete power failure. Downloading of the programme to PLC from the programming terminal should be possible or removable EEPROM / Flash cards shall be provided unless otherwise specified in the project document.

C) The programme shall also be stored on a hard disk drive, and shall provide keyboard initiated re-booting facilities in the event of a total loss of the programme. During and after the programme loading procedure, all logic systems shall retain the tripped position, requiring operation of the overall and group re-sets, before any external devices are energised.

1 0.2.10 Programming Aids

a) An engineering station shall be used for programme development, programme storage, fault diagnostics, system monitoring, application documentation etc.

b) All programming and configuration shall be performed by the SSLS/ESD system equipment manufacturer or system integrator approved by the manufacturer. Prior approval shall be taken from KOC in this regard. h

C) A portable programmer (high-speed notebook computer) and a dedicated colour printer shall be provided for this purpose unless otherwise specified. The programmer hardware shall be capable of supporting the software proposed and shall include the following:

I. adequate processor capacity to display any screen within less than 3 seconds;

11. hard disk shall have 100% spare capacity after the installation and configuration of all software required;

... 111. battery operation for minimum three (3) hours;

REV. 2 DOC. NO. KOC-1-004

iv. robust carry case for the programmer and all accessories.

Page 39 of 53

d) The engineer station should be mounted in the engineer console room.

e) The screen display during programming, alterations, plant review and debugging shall be produced in ladder diagram format with conventional real time relay style representation of contacts, timers, gates etc. All the programming aids shall be available at the engineer's level only.

f) The engineering station shall be protected securely against unauthorised access by a combination of hardware devices and software key inputs. Different access levels shall be programmed as required and approved by KOC, accessed by secret key commands or passwords for the varying hierarchy levels.

g) The programming software shall have the following minimum functionality:

i.

. . 11 .

. . . 111.

iv.

V.

vi .

vii.

viii.

modify, programme and re-programme the PLCs;

monitoring of I10 status and registers;

override (force) each I/O;

examine data table with the PLC programme running;

save and restore functions of programmes onto hard disc and floppy disk;

provide a searching function t o locate and display selected rung instructions or addresses;

provide printouts of fully cross-referenced documentation including ladder diagram wi th all annotations;

hardware and software diagnostics for setting up and debugging programmes and the communication network.

h) The following requirements shall apply t o programming techniques:

I.

II.

... 111.

iv.

v.

vi.

vii.

... VIII.

!Xi

REV. 2 DOC. NO. KOC-1-004

the programming format shall be traditional relay ladder logic diagram;

Page 40 of 53

the capability shall exist t o change a contact from normally open (NO) t o normally closed (NC), add instructions, change addresses, etc. without deleting and reprogramming the entire rung;

i t shall be possible to insert relay ladder diagram rungs anywhere in the programme;

a single command shall be available t o delete entire rungs;

it shall be necessary to perform t w o operations to remove the entire ladder logic from the memory that serves as a safeguard for the programmer;

a built-in clocklcalendar feature shall be integral t o the CPU and available t o the programming terminal, application programme, or message generation.

data contained in the memory shall be available to the programmer and displayed on the CRT of the terminal. This monitoring feature shall be available for 110 status, timerlcounter data, files, and system status. Ladder logic rungs shall be displayed on the CRT with rung numbers in sequential order.

it shall be possible to manually force the 110 either ON or OFF using the programming terminal, and the events shall be registered.

there shall be a key-lock security access and password protection for software modification and inputloutput forcing functions.

10.2.1 1 PLC Diagnostics

a) The PLC shall provide full self-diagnostics and automatic on-line testing of channels without the need for input or output isolation or overriding and without bringing up the discrepancy alarm. This feature shall, if necessary, be automatically inhibited in the single unit mode of multiple PLC systems.

b) Diagnostics and testing shall be performed automatically on line and shall not disturb the process or reduce the reliability of the system.

C) The means of diagnostic shall be capable of identifying, locating and reporting the following as a minimum:

I .

11.

... 1 1 1 .

iv.

v.

vi .

vii.

viii.

monitoring of application programme;

CPU faults;

checking of memory integrity;

communication faults;

I/O module faults and signal discrepancy;

load power or fuse faults on field circuits;

power supply faults;

monitoring of internal voltages and currents delivered by the power supply unit not t o exceed the limits allowed.

d) The 110 diagnostics shall be able t o detect and alarm I10 point's faults of the following types:

i. short circuited failure of a discrete input or output;

. . 1 1 . open circuit failure of a discrete output.

e) Minimum automatic self-test period for logic circuits shall be once every 30 minutes. Fault information shall be available and displayed t o the maintenance staff in a manner that enable fault diagnosis upto a module level.

f) Status indicators shall be provided t o indicate normal operation or fault conditions on each replaceable module. Each fault shall be communicated to DCS for alarm.

1 0.2.12 On-line Equipment Replacement

a) It shall be possible t o replace the failed components when the system is on-line without disruption t o the process or isolation of power.

b) Any requirement of antistatic protection needed t o facilitate replacement / maintenance of module shall be provided at the respective panels.

1 0.2.1 3 Spare Capacity

a) When all known system requirements are met, including for packaged units and an additional 5 % has been allotted for system development during the execution of the project, there shall be an installed spare capacity of 20% to allow for future expansion.

REV. 2 DOC. NO. KOC-1-004

b) The installed spare capacity (20%) shall be across the board in respect of 110 cards, power supplies, terminations etc. and shall be fully wired down. In addition to the installed spares, the cabinets1 racks1 chassis shall have sufficient space t o accommodate an additional 20% of the installed system.

Page 42 of 53

C) Each PLC processors shall have more than 50% memory capacity (RAM) free when all programming and configuration is complete and utilisation of conventional memory for the system operation is fully taken up.

10.3 Relay Based svstem

10.3.1 General

a) Hardwired relay based system shall be used only where the extension of existing relay based systems are required and specifically called for by KOC in the project specification.

b) The relay-based system shall be backed up by a manual final interface panel with pushbutton contacts directly connected into the outputs t o the final control elements (valves), so that operation of the manual pushbutton breaks the power supply. Additional contacts shall inform the DCS, regarding the state of the shutdown activity.

C) The relays used shall be with environmentally sealed coils and contacts. The relay shall be plug-in I base -mounted type with screwed terminals. Rack-mounted cards with multiple relays and rear edge connectors shall only be used with KOC approval. Where such systems are allowed, screw terminals should be used, to allow the interconnection circuits to be installed and maintained without the use of soldering or wire wrapping techniques.

10.3.2 System Availability and Testing

a) Techniques shall be used for maximising the system availability without loss of integrity. All main sequence loops shall be duplicated from single input signals, with voting relays at the sequenc.e end points and separate fused supplies to each loop. A discrepancy alarm shall be provided.

b) It shall be possible to test the trip action of each parallel circuit on line by use of flip-out terminals. By use of spring return output-latching switches, it shall be possible to test the complete circuit from input to output and to observe the change of state in each case.

DOC. NO. KOC-1-004

Circuit Loading

To minimise the risk of contact fusing, the circuit loading shall be not more than 50% of the loading allowed for the relay contacts. This figure shall include the surge current and the load of any external device. The power distribution shall be arranged through quick-blow fuses in such a way that the maximum current through any contact cannot exceed the contact rating.

Page 43 of 5 3

Input/Output for Relay based System

REV. 2

a) All inputs shall be allocated with an input relay. The trip alarm contact to the DCS shall derive from separate contacts on the input relay.

b) All relays (or bases) shall have Light Emitting Diode (LED) indication of the state of the coil (the LED shall be lit, in the coil-energised state).

C) Outputs/inputs t o the DCS shall be by volt free contact in both directions

EQUIPMENT CABINETS

PLC Cabinets

The cabinets shall be with easily removable and replaceable components, manufactured t o complement existing equipment layout and colour.

Multiple cabinets shall be bolted together on the side. It shall be installed in such a way that there is sufficient clearance available to open their front and rear doors.

For further details regarding the cabinets, refer 015 Series of KOC Specification "Standard Auxiliary Control Room Cabinets " ( 01 5-JH-191 1).

Relay Cabinets

The relay cabinet shall be constructed in accordance with 01 5 Series of KOC Specification "Standard Auxiliary Control Room Cabinets " ( 01 5-JH- 191 1). Standard designs shall be used throughout and the colour selected shall complement the existing equipment.

The relay groups shall be rack or chassis mounted, with easily removable and replaceable components.

The power supply distribution within the cabinets shall be fused and segregated down t o the smallest practical related sub-circuits for retaining plant on line to the maximum extent in the event of any fault.

Operator Fascia

REV. 2 DOC. NO. KOC-1-004

ESD and SSLS shall have a combined operator fascia of metal construction, which shall be integrated into the DCS operating console suitably finished t o match the DCS and control room colour scheme. The enclosure shall contain cable connectors wired t o the key switches, lamps and push-buttons. The lid of the ESD pushbutton shall be of clear plastic, hinged at the rear.

Page 4 4 of 53

Switches and lamps shall be of best quality industrial type. Incandescent lamps shall utilise a minimum of two bulbs with access from the front for replacement. LED cluster lamps shall only be used if they are bright and clearly readable in all possible light conditions.

Cabinet Labelling Requirements

All information labels shall be in dual language, English and Arabic.

Labels in the front of cabinet shall include the tag number and service. The service descriptions are to be submitted to KOC for approval.

Labels in the rear of cabinet shall be engraved with the tag number only.

All labelling shall be clear and unambiguous and manufactured of white laminated plastic with black engraving.

EQUIPMENT LAYOUT

The control of the Facility shall be centralised at the Control Building. The ESD and SSLS equipment and accessories shall be placed in the Control Room or an Auxiliary Room as approved by KOC. For details on Control Building refer to "KOC Standard for Instrumentation and Control System Design "(KOC-1-001).

The ESD and SSLS shall report via system data bus t o the DCS to provide a single process view for the operator.

The operator fascia panel shall be installed in the control room. This shall provide manual shutdown and status indication of an area and /or ievei basis as appropriate to the plant operation. The chosen system shall utilise the DCS window for all display functions. Repeat outputs to field displays,shall be provided as required.

The maintenancelengineering console for PLC-based system complete with visual display unit (VDU) and printer shall be installed in the engineer's console room or at a specific location in the control building approved by KOC.

All layout and space allocation should be arrived at in conjunction with those required for the DCS, Fire and Gas (F&G), packaged equipment and other relevant systems where they exist or are t o be installed. For details on F&G system panels refer t o "KOC Recommended Practice for Fire and Gas System Panels" (KOC-1-005) and for details on fire and gas detection equipment refer to "KOC Standard For Fire and Gas Detection Equipment" (KOC-L-006).

REV. 2 DOC. NO. KOC-1-004

FIELD CABLING AND INTERNAL WIRING

Page 45 of 53

All electronic field equipment shall be wired to local junction boxes. The number and location of the boxes shall be chosen t o achieve the following:

a) Segregate the signal and power levels, separate ESD from all other control signals.

b) Signals going to different interface types shall be segregated t o the appropriate multicore cable system.

From the field junction boxes, multicore cables shall carry the signals to marshalling cabinets mounted in the control building. Intrinsically safe (IS) cables shall be light blue, all other cables shall be grey or black.

All ESD field inputs/outputs shall be terminated in a separate marshalling cabinet with distinct identification.

Each cable shall be fully terminated on one rail in the cabinet. Marshalling on the rail is not permitted.

Frnm the marsha!!Ing cabinet the signals shall then be conveyed t o the ESD I10 racks by use of multi-pin plugs and sockets and multicore cable.

All interconnecting cables shall be tagged at both ends.

The interconnecting cables shall not be routed across components in the cubicles. They shall exit the cabinets via a plate divided into t w o or more pieces such that the exit can be sealed after installation and organisation of the cables. An overall screen shall be fitted, connected to the instrument earth. The cables shall be of non-armoured type, run by secure routes. The cables shall conform to the requirements as specified in "KOC Standard for Instrument Cables" (KOC-1-01 1).

All internal wiring shall be carried out using a minimum of 0.75 mm2 sized cables. All connections, cables etc. shall be clearly marked in accordance wi th the manufacturer's circuit diagrams approved by KOC, t o facilitate faultfinding and repair.

POWER SUPPLY

The ESD system shall be so arranged that its logic, field-sensing instruments, field output devices, the I10 interface and the engineer console are fully powered from the Facility extended dual redundant UPS system. The UPS shall have sufficient capacity to operate stand-alone for a minimum period of 4 hours after the failure of Mains power supplies.

The power supplies shall be arranged so that any PLC or relay circuit shall run on any active supply, normally on a power-sharing basis and from one supply under fault conditions, with bumpless changeover.

Clear remote UPS indicationlalarm shall be provided in the control room to indicate status of the UPS. An alarm to the DCS shall be generated in the event of a failure of one supply. For details of UPS refer t o KOC Standard for " Uninterrupted power Supply System" (KOC-E-01 1 ).

PERFORMANCE, INSPECTION AND TESTING REQUIREMENTS

Qualitv Control (QC)

All items are to be designed, manufactured, inspected and tested under the control of a documented QAIQC system.

Any special reference t o inspection and testing within the detailed sections of the project document are additional to and shall not replace or reduce the general QA/QC requirements.

KOC or it 's appointed representatives shall be permitted t o witness the manufacturer's QAIQC systems operating during design, fabrication, assembly and testing.

Shop Inspection and Performance Testing

The manufacturer/supplier shall submit the inspection and test plan t o KOC for approval.

The shutdown system equipment shall be subjected to routine tests at the manufacturer's Works in accordance with IEC 61 131-2. Any special tests, if required, should also be carried out as specified in the project document.

Conducting type tests may be waived, subject t o submission of type test certificates for identical equipment, wi th prior approval f rom KOC.

The manufacturer/supplier shall be responsible for all inspection and testing of equipment prior to delivery. No equipment shall be delivered until all applicable tests have been completed and all defects rectified and re-tested successfully. Documentary evidence of the test report shall be available for KOC review upon request.

Shop Testing (Component Level)

REV. 2 DOC. NO. KOC-1-004

KOC reserves the right to witness shop testing or t o request additional testing according to its requirements. The detailed requirement shall be noted by KOC on the manufacturer's proposed inspection and test plan.

Page 47 of 53

The inspection and test plan shall detail the methods used to identify and eliminate early failures (infant mortality), heat soak failures and faulty component failures; and should clarify whether the tests are at item or assembly level. The schedule shall include' testing of system cables, pre- wired assemblies and cabinet wiring, and shall as a minimum include a 2- hour elevated temperature test of the complete assembly.

The certificate of inspection and shop test shall not be accepted until all items on the inspection and test schedule are completed and signed by the manufacturer's QAIQC personnel and KOC has witnessed tests according to their requirements.

Factory Acceptance Test (FAT)

The FAT shall be conducted in stages. These stages are:

a) Stage 1 : Preliminary Functional Test

The preliminary full functional test shall be conducted by the manufacturer. All equipment and controls, logic and communication shall be passed by the manufacturer's quality department before taking the equipment forward t o the next stage of the FAT.

b) Stage 2: Heat Soak Test

Prior t o the commencement of the witnessed functional test, the equipment shall be subjected t o a heat soak test. This test shall be conducted for a period of not less than 48 hours at an average temperature of not less than 50 OC (1 22 OF). During the test period, all the equipment shall be powered on and be in the normal operating condition. All inputs and outputs shall be driven at their maximum voltage/current. All events shall be recorded for KOC review.

A t KOC discretion, this test may have to be repeated if modifications are made as a result of acceptance testing.

DOC. NO. KOC-1-004 Page 48 of 53 REV. 2

C) Stage 3: Witnessed Full Functional Test

I. This test shall be conducted at the manufacturer's premises witnessed by KOC. The scope shall be to functionally test the complete system.

ii. All I10 signals shall be simulated and all engineer screen functions shall be checked for the display and correct system operation. Alarm function and time stamping, and the communications t o the DCS shall be checked. Redundancy, fail-over and system diagnostics shall also be checked against the requirements of the functional specification.

15.4.2 The FAT shall be performed at the Manufacturer's Works where the equipment is engineered and assembled.

15.4.3 FAT test procedure and acceptable performance criteria shall be submitted by the manufacturer for KOCrs approval prior t o FAT.

15.4.4 While performing the FAT, the following items shall be covered as a minimum:

perform visual inspection t o verify the conformity t o this Standard and project specification, which includes check on cabinet finish and dimensions, internal cabinet space & cable access for system expandability etc.;

verification of material list for various items against KOC approved drawings/documents, which includes physical checks on all modules for redundancy & installed spares;

verification of performance which includes check on memory availability & memory utilisation, system administration and access level, redundancy management, power consumption etc.;

verification of system software , diagnostics and operational test wi th simulated field instrument signals. This includes configuration checks such as process representation, colour-coding, alarm, data indication, graphic symbols etc.;

check on the nameplate data and tagging in accordance wi th this Standard and project document.

15.5 Site Acceptance Test (SAT)

15.5.1 Site Acceptance Test shall be witnessed by KOC representative, on completion of the installation of the equipment a t KOC site.

DOC. NO. KOC-1-004 Page 49 of 53 REV. 2

This test shall include witnessing of full functionality of the system including the interfacing wi th DCS and any other systems as required.

The manufacturer shall provide a detailed SAT procedure along w i th record sheets t o log the verification and measurement data for KOC review and approval before carrying out the test.

As pre-requisite for SAT, a copy of the documents/drawings approved by KOC shall be made available for immediate reference on-site which includes cabinet layout, P&IDs, cause & effect diagram, logic & ladder diagrams, system architecture, loop diagrams, safety and protective devices setting schedules, memory mappings, interconnection wiring diagrams etc.

All signal and interconnecting cables shall have been tested for continuity and insulation and such records shall be made available prior t o start-up of SAT.

Before commencement of the actual site test, the verification of the cabinetlconsole layouts, cooling arrangement and working space shall be carried out t o ensure that the individual devices are easily accessible for maintenancelcalibration without removal of trunking, wiring, supports etc.

The signals used for testing shall be actual field signals unless otherwise approved by KOC.

Test the serial interface for transfer of all data between ESDISSLS and other systems like DCS etc. using actual system equipment, or an emulation PC as a minimum.

The SAT shall comprehensively cover the following:

a) the tests carried out at FAT level (items under clause no.15.4.4) shall be repeated at site t o ensure that the system is fully operational at the site;

b) electrical checks on power and communication cable routings, cable segregation, termination, earthing for cabinets /signallintrinsically safe circuits etc.;

C) check all status indications and interfaces wi th operator console, DCS and other plant automation systems such as F&G, Engine Management, Condition Monitoring etc.;

d) system maintenance checks from ESD workstation and laptop such as power flow, forcing, downloading, system boot-up etc.

Electromagnetic Compatibility and Radio Frequency Interference

The shutdown system equipment shall be so designed and manufactured that under normal operating conditions, the associated system shall be unaffected by electromagnetic disturbances likely t o be encountered and shall not radiate RFI which shall affect the normal operation of other electronic devices.

REV. 2 DOC. NO. KOC-1-004

The equipment for ESD and SSLS shall be electromagnetically compatible wi th the power supply and other items of the system and shall be tested in conformity with the requirements of IEC 61 131 and IEC 61000.

Page 5 0 of 53

The protection against radio interference, voltage dips and lightning surges shall be in accordance with" Guide for Installation of Electrical Equipment to Minimise Electrical Noise Inputs to Controllers from External Sources " IEEE STD 518.

QUALITY ASSURANCE

The manufacturer/supplier shall operate a quality system to ensure that requirements of this Standard are achieved. The quality system shall preferably be based on the IS0 9000 series of standards and the manufacturer shall demonstrate compliance by providing a copy of the accredited certificate or the manufacturer's quality manual. Verification of the manufacturer's/supplier~s quality system is normally part of the prequalification procedure, and is therefore not detailed in the core text of this Standard.

PACKING, MARKING AND DOCUMENTATION

General

All correspondence, drawings, instructions, catalogues, design calculations or any other written information shall be in the English Language.

All dimensions, units of measurements, physical constants, etc. shall be in the SI units, unless otherwise specified.

Documentation

Documentation shall be provided to enable assessment of design, to verify the conformance with specified functionality, t a permit installation, operation, and maintenance of the suppiied equipment.

The documentation shall include, but not limited to, detailed description of system architecture and drawings of equipment, power, earthing and cooling requirements, wiring diagrams, logic diagrams, loop diagrams including all termination details, equipment safety certification dossier (as applicable), operation and maintenance manuals etc.

DOC. NO. KOC-1-004 Page 51 of 53 REV. 2

The following documents / drawings / software approved by KOC shall be provided in electronic format (CD / Data Diskettes):

I.

. . II.

... 111.

iv.

v.

vi.

vii.

... VIII.

ix.

X.

xi.

as-built drawings;

P&I Ds;

Cause & Effect Diagram;

ladder diagrams and loop diagrams;

safety and protective devices setting schedules;

cabinet internal layouts,

memory mappings;

interconnection wiring diagrams;

util ity software;

programme development tools;

backups of all application software etc.

For details on packing, marking and shipping documentation, refer t o KOC Standard for "Packing, Marking and Documentation" (KOC-G-004).

System Registration and Warrantv

Registration and licenses of operating systems, man machine interfaces, programme development tools, utility software etc. shall be in the name of KOC. It shall be ensured that the KOC Operations Group is fully aware of any updates or upgrades of the equipment/software, and warranty claims could be dealt wi th directly and not through a third party.

SPARE PARTS AND MAINTENANCE REQUIREMENTS

The manufacturer shall guarantee the availability of spare parts and continued support of the offered system for a minimum period of 1 0 years.

All system components should be segregated into trains and defined equipment as far as possible and shall be clearly identified and easily removable for servicing.

DOC. NO. KOC-1-004 Page 52 of 53 REV. 2

The manufacturer shall provide the recommended list of spare parts for the satisfactory operation of the equipment.

The following items shall be provided in the engineerlmaintenance console room for the use of maintenance personnel:

a) the maintenancelengineering programmer laptop loaded w i th PLC programme developer along wi th power f low and downloading utilities;

b) configuration kits required for I10 module bases, special tools for removal of modules, cabinet keys / programme access keys / passwords for access t o various levels;

c) copies of the documents specified in clause 17.2.3

For further details on spare parts and maintenance requirements, refer to KOC Standard for "Spare Parts and Maintenance Data" (KOC-G-009).

consisting of the following:

Mr. Ali H. Baba Mr. Mohd. Emam Mr. S. Kumar Dr. Mohammad llyas Mr. Khalid S. AI-Ali

( Standards Div.) ( Insp.& Corr. Dept. ( Standards Div.) ( Standards Div.) ( Gen.Proj. Div.)

DOC. NO. KOC-1-004 Page 5 3 of 5 3 REV. 2

ACKNOWLEDGEMENT

This Standard has been approved by the Standards Technical Committee (STC)

Chairman 1 Deputy Chairman

Secretary1 Member Member Member

Mr. Henry S. Hill ( Opns.Svcs.Dept.(S&E) Member

The draft of this Standard has been circulated to the KOC User Departments for their review and responses were received from the following:

ENGINEERING GROUP

Gen. Supdt. Engg. Svcs. Dept. Gen. Supdt. Proj. Mgmt. Dept.(S&E) Gen. Supdt. Proj. Mgmt. Dept. (N&W)

MAJOR PROJECTS GROUP

Gen. Supdt. Engg. Proj. Dept. (N&E) Gen. Supdt. Engg. Proj. Dept .(S&W)

INDUSTRIAL SERVICES GROUP

Gen. Supdt. Ahmadi Svcs. Dept. Gen. Supdt. Transport & Plant Dept.

DRILLING OPNS. GROUP

OPERATIONS GROUP (S&E)

Gen. Supdt. Opns. Svcs. Dept.(S &E) Gen. Supdt. M&EO Dept.

OPERATIONS GROUP tN&W)

Gen. Supdt. Opns. Svcs. Dept. (N&W)

LOSS PREVENTION GROUP

Gen. Supdt. Fire & HSE Dept.

DIVIDED ZONE GROUP

Gen.Supdt.Drill.Engg.& Supp.Svcs. Dept. Supdt. Proj. Engg. & Facilities Div.

This KOC Standard for "Shutdown System Panels" (KOC-1-004, Rev. 2) has been prepared by the Task Force (TF-1/03) comprising of the following members: -

Dr. Mohammad llyas (Standards Div.) : Team Leader Tel No.6 1 406 Mr. A.Unnikrishnan (Standards Div.) : Author / Member Tel No.61633 Mr. Louis Thiagaraj (Opns. Svcs. Dept S&E): Member Tel No.22416