446RDP Ge WPR 000 SPC in 0010 - 1 (2o541wpukzm)

REFINING AND PETROCHEMICAL COMPLEX PROJECT OF THE
ECUADORIAN PACIFIC
TECHNICAL SPECIFICATION FOR

ALARM MANAGEMENT SYSTEM
446-RDP-GE-WPR-000-SPC-IN-0010
27 September 2012
Houston (Bellaire)
6330 West Loop South, Bellaire 77401, United States of America
Tel: +1 713 407-5000
WorleyParsons International, Inc.
© Copyright 2012 WorleyParsons Pty Ltd

REFINING AND PETROCHEMICAL COMPLEX PROJECT OF THE ECUADORIAN PACIFIC
TECHNICAL SPECIFICATION FOR ALARM MANAGEMENT SYSTEM
CONTENTS
1. SCOPE ............................................................................................................................ 4
2. ACRONYMS .................................................................................................................... 5
3. REFERENCES ................................................................................................................ 7
3.1 Industry Codes ................................................................................................................. 7
3.2 Applicable Ecuadorian Codes, Standards, and Requirements ......................................... 7
3.3 Applicable PDVSA Codes, Standards, and Requirements ............................................... 8
3.4 Project Specifications ....................................................................................................... 8
4. RESPONSIBILITIES AND REQUIRED SPECIFICATIONS .......................................... 10
4.1 Responsibility ................................................................................................................. 10
4.2 Conflict Requirements .................................................................................................... 10
4.3 Required Specifications .................................................................................................. 10
5. DEFINITIONS ................................................................................................................ 13
6. GENERAL AND TECHNICAL REQUIREMENTS ......................................................... 15
6.1 General .......................................................................................................................... 15
6.2 Alarm and Warning Classification ................................................................................... 17
6.3 Alarm Characteristics ..................................................................................................... 18
6.4 Alarm Prioritization ......................................................................................................... 19
6.5 Alarm Suppression ......................................................................................................... 21
6.6 Alarm Configuration ........................................................................................................ 24
6.7 Alarm and Event Presentation ........................................................................................ 25
6.8 Alarm Design .................................................................................................................. 26
6.9 DCS Alarm Traffic........................................................................................................... 27
6.10 DCS Alarm Documentation............................................................................................. 28
6.11 Analysis Reports ............................................................................................................ 28
Appendices
Page 3
1. SCOPE
This specification has been prepared to support development of the Basic Engineering Package
(BEP) for The Refining and Petrochemical Complex Project of the Ecuadorian Pacific (herein after
“Company”) to be located in Manabí, Ecuador.
The purpose of this Technical Specification for Alarm Management System is to establish a sound
basis to help achieve incident free operation and assist the operator in returning the plant to normal
operating condition after an upset or trip. The alarm management will be implemented in the plant
DCS.
This specification is not intended to be used for purchase purposes.
Any deviation from this document requires prior written approval by the Company.
Page 4
2. ACRONYMS
ALMS Alarm Management System

AMS Asset Management System
AOA Alarm Objective Analysis
BEP Basic Engineering Phase
BMS Burner Management System
DCS Distributed Control System
DDS Detail Design Specifications
EPC Engineering Procurement and Construction
ESD Emergency Shutdown System
FF Foundation Fieldbus
FDS Functional Design Specifications
FGS Fire, Gas and Smoke Detection and Protection System
HART Highway Addressable Remote Transducer
HAZOP Hazard and Operability Study
HMI Human Machine Interface
HTML Hyper Text Markup Language
I/O Input /Output
ICSS Integrated Control and Safety System
IPF Instrumented Protective Function
LCD Liquid Crystal Digital
LOPA Layer Of Protection Analysis
LOR Local Operators Room
MAC Main Automation Contractor
MIS Management Information System
MCMS Machine Condition and Monitoring System
MCR Main Control Room
MOC Management of Change
MTC Main Communications Contractor
Page 5
OTS Operator Training Simulator

PLC Programmable Logic Controller
PST Partial Stroke Test
RF Radio Frequency
RTD Resistance Temperature Detector
SIH Satellite Instrument House
SIL Safety Integrity Level
SIS Safety Instrumented System
SOE Sequence Of Events
TCP/IP Transmission Control Protocol/Internet Protocol
UPS Uninterruptible Power Supply
URS User Required Specifications
Page 6
3. REFERENCES
Where a date or edition of a reference document is shown, this defines the version applicable to
RDP. Where no date or edition is shown, the latest version approved by the issuing authority as
the effective date of the contract shall be the version applicable to RDP.
These standards are considered complementary to each other. When there is a discrepancy
between standards, specifications, drawings, etc., the contractor shall inform the Company of the
discrepancy in writing along with the proposed resolution which shall be approved by the Company.
Failure to do so does not relieve the contractor from conforming to these requirements.
Compliance with all applicable Ecuadorian codes, standards and requirements is mandatory
regardless of the manufacturing country of origin and/or whether or not Ecuadorian standards are
specifically referenced in this specification.
3.1 Industry Codes
Engineering Equipment Material Users Association
Publication 191 Alarm System, a Guide to Design, Management and Procurement
International Electrotechnical Committee (IEC)
IEC 61804-3 Electronic Device Description Language (EDDL)

IEC 61508 Functional Safety of electrical/electronic/programmable safety-related systems
IEC 61511 Functional Safety – Safety Instrumented Systems for the Process Industry sector
International Society of Automation (ISA)
ISA 5.1 Instrumentation Symbols and Identification

ISA 5.3 Graphic Symbols for Distributed Control/Shared Display Instrumentation, Logic and
Computer Systems
ISA-18.2 Management of Alarm Systems for the Process Industries
3.2 Applicable Ecuadorian Codes, Standards, and Requirements

Ecuadorian Electrical Code
Ecuadorian Work Code
Regulations of Risks Labor Relations The Institute Ecuadorian Security Social (IEES)
Page 7
Rules of Safety and Hygiene of PetroEcuador Regulation Environmental For Activities

Electric in Ecuador (Decree 1761)14 Aug. 2001.
3.3 Applicable PDVSA Codes, Standards, and Requirements
Petroleos de Venezuela - PDVSA
K-308 PDVSA Specification – Distributed Control Systems
K-335 Packaged Unit Instrumentation
3.4 Project Specifications
Specification Number Specification Title
10045D -000-GE-DB-001 Basic Engineering Design Data
10045D -000-IN-SP-001 Specification for General Specification of Instrument
10045D -000-IN-DB-001 Instrument and Control Design Basis and Criteria
10045D -000-PR-DB-002 Overall Refinery Design Basis
10045D -000-IN-AD-K335 Addendum to PDVS K-335-Packaged Unit Instrumentation
10045D-000-IN-SP-050 Specification for Integrated Control and Safety System
10045D-000-GE-PR-005 Project Numbering Procedure
Specification for Machinery Protection and Condition

10045D-000-IN-SP-062
Monitoring System
446RDP-PC-WPR-000-GEN-IN-0001 MAC Scope Of Work
446RDP-GE-WPR-000-SPC-IN-0001 Technical Specification for Distributed Control System (DCS)
Technical Specification for Distributed Control System (DCS)

446RDP-GE-WPR-000-SPC-IN-0002
Configuration
Technical Specification for Safety Instrumented System (SIS)
Design
446RDP-GE-WPR-000-SPC-IN-0004 Technical Specification for Safety Instrumented System
Technical Specification for Safety Instrumented System

Configuration
Page 8
446RDP-GE-WPR-000-SPC-IN-0006 HMI Graphics Guidelines
446RDP-GE-WPR-000-SPC-IN-0007 Technical Specification for Fire and Gas Detection System
Technical Specification for Burner Management System

(BMS)
446RDP-GE-WPR-000-SPC-IN-0010 Technical Specification for Alarm Management System
Technical Specification for Plant Automation and Control

Systems Design
446RDP-GE-WPR-000-SPC-IN-0021 Technical Specification for Enterprise Integration
Technical Specification for Partial Stroke Testing of Air

Operated ESD Valves
Page 9
4. RESPONSIBILITIES AND REQUIRED SPECIFICATIONS
4.1 Responsibility
In response to this specification, the MAC accepts full responsibility for the detail design,
integration, material, and quality assurance. The vendor’s equipment must conform to all
applicable government regulations and purchase order requirements. Any deviations from
this specification shall be submitted to the Contractor to receive Company approval.
4.2 Conflict Requirements
Some requirements in this specification may be modified by an addendum or by the other

specific requirements.
A discrepancy consisting of the application of inconsistent standards of quality or

performance in relation to the Work or ambiguity or conflict within different parts of
documents shall be resolved by applying the most stringent standards or combinations as
follows:
− RDP Specifications
− International Codes and Standards

− Ecuadorian Standards, Regulations and INENs
− Project Specifications and Standards
If there are any conflicts between this specification and any other specifications or
addenda, or any deviations to this specification, the Vendor shall bring the matter to
Company for technical jurisdiction and approval.
Vendor shall state in the quote which standards have been applied or not and submit any
deviations, exception and clarification to the Contractor to receive Company approval.
4.3 Required Specifications
4.3.1 The Contractor shall produce a URS, to clearly detail the function and purpose of
the system. It shall address as minimum operational, performance, regulatory,
engineering and HSE requirements. The URS shall be approved by the RDP prior
to progressing design.
Page 10
4.3.2 Following approval of the URS, the Contractor shall produce a FDS. The FDS shall
be submitted for RDP approval at key stages of the design phase life cycle. The
FDS shall clearly detail the technical solution proposed by the Contractor, to supply
a system which meets this specification. The FDS shall include the following
information:
1. Work and Equipment that the Contractor has included within the Scope.
2. Work and Equipment that the Contractor has excluded from the Scope.
3. System Architecture, Equipment Specifications and Measurable

Performance
4. Details of calculations, logic configuration such as Cause and Effect

Diagrams, logic diagrams.
5. Typical operating and application software structure and listings.
6. Vendor proprietary technical literature and drawings.
7. Reference Company technical documents, applicable specifications and

any addenda.
4.3.3 The FDS is purely a technical document and shall not contain any correspondence
of a commercial or project management nature.
4.3.4 The FDS shall be used as a basis for the development of the DDS. The DDS shall
be a unique document with revision and approval pages and shall incorporate
specific technical detail of the systems. Such detail shall include, but shall not be
limited to, network drawings, hardware lists, software lists, communications
protocols and calculations.
4.3.5 The DDS shall be a live document and developed through the detailed design
phases of the project.
4.3.6 The DDS shall be approved by RDP at key stages of the design phase life cycle,
as identified in the Contractors procedures.
Page 11
4.3.7 The Contractor shall also use the DDS as a basis for developing the system Test,
Commissioning and Acceptance Procedures that shall be used during FAT and
SAT activities.
4.3.8 The DDS shall be kept up to date, at practical intervals, so that it can be used as a
reference manual for use by RDP during the course of the project.
Page 12
5. DEFINITIONS
5.1.1 Acceptance (and accepted) shall be understood to mean written acceptance (and as
accepted in writing).
5.1.2 Approved equal shall be understood to mean that a substitution to the specified product
must be approved in writing by the Company.
5.1.3 Contract documents shall be understood to mean the purchase order along with its
attachments and references.
5.1.4 Contractor shall be understood to mean the EPC Contractor(s), an authorized employee of
the EPC Contractor(s), or a designated firm or individual representing the EPC
Contractor(s).
5.1.5 MAC shall be understood to mean the Main Automation Contractor to design, engineer,
supply, provide, test, support, and assist all Automation related tasks, activities and
interface with Owner/Customer, Contractors, Manufacturers, and Suppliers including
shippers, exporters, construction contractors etc.
5.1.6 MTC shall be understood to mean the Main Telecommunications Contractor to design,
engineer, supply, provide, test, support, and assist all Telecommunications related tasks,
activities and interface with Owner/Customer, Contractors, Manufacturers, and Suppliers
including shippers, exporters, construction contractors etc.
5 . 1 . 7 PMC shall be understood to mean Integrated Project Management Team and/or Project
Management Contractor to manage scope of work, project’s all aspects including
financials, commercials, technical, accept/disapprove deliverables from contractors
/suppliers /manufacturers / construction contractors / MAC etc., planning, and scheduling
along with construction, coordination with all contractors including MAC, suppliers,
manufacturers and act / perform tasks/duties as Owner/Customer and make representation
as Customer among outside stakeholders.
5.1.8 Supplier shall be understood to mean the party entering into a Procurement contract with
the Contractor to supply material or equipment described in the contract documents.
5.1.9 Manufacturer shall be understood to mean the person or firm producing or fabricating the
product.
Page 13
A Manufacturer's name or figure number specified in an individual item description is only

for a reference; an approved-equal substitution may be made, subject to the Contractor's
prior review and Company's approval.
5.1.10 Owner/Customer/Company shall be understood to mean the Firm / Company who have
made financial investment and upon completion of successful start-up of the Refinery and
Petrochemical complex will own/maintain and operate the complex include buy / sell raw
materials, finished products along meeting regulatory compliance.
Page 14
6. GENERAL AND TECHNICAL REQUIREMENTS
6.1 General
6.1.1 The design of the alarm system shall follow the practices set forth in the EEMUA
publication 191 Alarm System, a Guide to Design, Management and Procurement,
ISA 18.2 Management of Alarm Systems for the Process Industries and in
accordance with IEC 61508.
6.1.2 Alarms shall only be conceived if operator has a related action.
6.1.3 This specification is based on open communication standards and shall provide
integrated software applications to perform device and equipment monitoring,
documentation, and predictive diagnostics.
6.1.4 The ALMS shall be dedicated to the function of the instrumentation and equipment
assets and shall function independently of control systems or instrument
manufacturer model.
6.1.5 The ALMS shall generate and organize alarming functions for FF, HART, and
conventional control instruments.
6.1.6 The number of disparate system alarms and irrelevant alarms must be minimized
consistently with operational requirements to avoid alarm flooding and minimize the
number of standing alarms.
6.1.7 Alarm priorities shall be specified using consistent criteria that help the operators
prioritize their response.
6.1.8 Alarm parameters shall be set properly to avoid nuisance alarms.
6.1.9 Alarms shall be presented consistently and clearly to the operator in a way that
facilitates timely and accurate response.
6.1.10 In abnormal situation, a pop-up screen with guidelines/procedures shall be

available to start shutdown of the unit or corrective actions and minimize flooding of
alarms.
6.1.11 An alarm, in general, shall be understood to mean any signal (audible or visible)
used for alarming purpose and indicating to the operator, an equipment or process
malfunction or abnormal condition requiring a response regardless of whether it
Page 15
originates in the MAC supplied equipment (DCS, SIS), third party supplied control
systems (package vendor PLC, BMS for heaters, F&G system, etc.), third party
supplied equipment (Package vendor individual device), electrical or mechanical
equipment common alarm, unless otherwise identified as to its purpose or origin in
the context of this specification.
6.1.12 A warning, in general, shall be understood to mean any signal used for signaling
purpose regardless of whether it originates in the MAC supplied equipment (DCS,
SIS), third party supplied control systems (package vendor PLC, BMS for heaters,
F&G system, etc.), third party supplied equipment (Package vendor individual
device), electrical or mechanical equipment common alarm, unless otherwise
identified as to its purpose or origin in the context of this specification.
6.1.13 A master alarm database with complete cause and consequence information for all
configured alarms and events shall be configured.
6.1.14 Regular audits of alarms shall be evaluated for changes, proper settings and need
for alarm.
6.1.15 Alarm Rationalization shall be performed periodically for the need of alarms,
actions from operations and to evaluate cause and effects if there are no actions
from operations when alarms are being activated.
6.1.16 Automated Alarm Alert functionality shall be configured and shall send alarms or
alerts to a pager or email notification. This feature shall help escalate at higher
level about impending problems and get additional help in timely manner during
abnormal situation.
6.1.17 MAC’s scope of work includes Alarm Management and Rationalization.
6.1.18 Operators shall receive instructions and systematic training in all realistic
operational usage of the Alarm System. Realistic training can be provided in the
form simulator training via OTS. The OTS shall provide training in management of
all types of disturbances, malfunctions, and abnormal situations. The duration and
intensity of training shall make operators proficient in managing the alarm
management system during critical situations when need arises.
6.1.19 The alarm system shall be properly documented, and clear roles and
responsibilities shall be established for maintaining and improving the system, it
should also ensure that each alarm defined in the system is documented with a
description of the purpose of the alarm and a criticality assessment.
Page 16
6.2 Alarm and Warning Classification
6.2.1 The alarms portrayed at the DCS can be classified by type as (a) process alarms,
(b) system alarms and (c) external alarms.
6.2.2 Process Alarms: Process alarms refer to abnormal process events that are neither
planned nor expected. Process alarms shall contain:
1. Absolute alarms (e.g. HIGH HIGH, HIGH, LOW, LOW LOW analog signals
generated by comparison against defined alarm settings)
2. Change of state alarm (e.g. a pump change from OFF state to ON state and
vice versa)
3. Discrepancy alarm (e.g. running feedback lost from a motor without giving a
stop command)
4. Deviation alarm (generated if the difference between two analog signals

exceeds a certain value)
5. Rate of change alarm (generated if the rate of change of analog signal
exceeds the setting)
6.2.3 System Alarms: Report an abnormal condition or fault in the hardware or software
system (e.g. failure of Central Processing Unit, failure of I/O, failure of
communication). System alarms must be presented on a separate screen.
6.2.4 External Alarms: Control systems alarms that indicate process failure related to
environmental impacts; therefore identifying a clear danger to health and safety
(e.g. exceeded LEL, exceeded H2S limits). Subject alarms are included in an
annunciation panel (e.g. fire and gas panel).
6.2.5 Warnings: Events that are utilized to optimize the process conditions.
1. Reminders of activities (e.g. sampling of the product during the shift,

maintenance).
2. Notification of events that may require intervention.
The events shall not be presented to the operator in the same way as the normal
process/system alarms but can be categorized as “Messages”. Pop-up screens
shall not be used.
Page 17
6.3 Alarm Characteristics
6.3.1 Alarm system shall be designed to ensure that the operator is able to process
alarm information with adequate time during high alarm traffic volume (e.g. power
failures/dips). This requires the configuration of the alarms so the operator can
rapidly assess where alarms are occurring in the plant, the meaning of the alarms,
and what actions need to be taken first.
6.3.2 The alarm must be able to notify the operator in an appropriate way as follows:
1. An audible warning
2. A visible warning of the alarm condition on a dedicated screen
3. Clear presentation of the problem on the process screens
4. Provision of descriptive text messages that leads to the appropriate response
6.3.3 The characteristics that a well configured alarm must have are as follows:
1. The alarm must have a significant operational value.
2. The alarm shall not have correlation with other alarms.
3. The alarm shall have an adequate actuation time.
4. Appropriate prioritization must be attributed to the alarm; indicating the
severity of the problem. This prioritization is important to define, during the
activation of several alarms, which of them must be processed first.
5. The alarm must contain an appropriate message that is easily understood.
6. The alarm must help the operator identify the problem, guide him to take an
appropriate action and draw his attention to the impact.
7. The alarm system shall not be used for process control.
6.3.4 The alarm settings of DCS, SIS and other sub systems shall be displayed
dynamically in DCS.
6.3.5 “Process Alarms”, “System Alarms”, “Warnings”, and “External Alarms” must be
announced differently so that the operator can distinguish them both audibly and
visually.
6.3.6 The alarm system shall be able to generate basic alarms provide the functionality
needed to detect simple disturbances in the process. The system must be able to
generate the following kinds of alarms:
Page 18
 Conventional state variable alarms comparing analogue measurements

with predefined static or dynamic alarm limits
 Component fault alarms (e.g. indicating a discrepancy between control and

feedback signals, sensor failure etc.).
 System alarms indicating a problem in the alarm or process control system

itself.
 Simple group alarms.
6.4 Alarm Prioritization
6.4.1 General Design
1. Alarms shall be prioritized according to its severity and operator available

response time. The operator response time shall be considered during the
HAZOP/LOPA in order to minimize high priority alarms. Operators shall
respond to all alarms as quickly as possible. Alarm priorities are defined to
help guide the operator in determining the order of the operator’s
responses. Three priority levels will be used for audible alarms. Alarms are
prioritized according to the following criteria within the suggested range of
distribution:
 The severity of the consequence is measured in terms of health,

safety, and environmental impact, protection of equipment, quality,
and productivity.
 The time available to take effective action
Refer to section 6.8, Alarm Design, for visual and audible annunciation
Table 6-1: Priority Summary Table
Immediate operator action is required (less than 2 minutes response time) to

Priority 1
address developing hazardous conditions that could result in injury to people,
(HIGH
releases to the environment or serious equipment damage. This priority level
Priority)
typically comprises 5% to 15% of all alarms.
Priority 2 Rapid operator action is required (2 to 10 minute response time) to prevent a serious
(MEDIUM processing problem or address abnormal conditions that could quickly lead to a
Page 19
Priority) shutdown or hazardous conditions for personnel and/or equipment. This priority level
typically comprises 15% to 30% of all alarms.
Operator action is required (typically 10 to 30 minute response time depending on
Priority 3
the alarm), but facilities are still in an acceptable operating regime. Hazardous
(LOW
conditions and higher priority alarms are possible if “LOW priority” alarms are not
Priority)
addressed promptly. This priority level usually comprises 55% to 80% of all alarms.
Other alarm "priorities" to be considered:
Not an audible alarm. This priority is used to highlight specific events or process
LOGGING
conditions that contribute to a common trouble alarm or to record when a specific
Priority
process condition has been reached.
2. Measurement comparison (deviation) alarms shall be “LOW Priority.”
3. Measurement comparison alarms shall only have a positive set point. Use
the mathematic ‘ABSOLUTE’ function for the purpose.
4. Voted SIS pre-trip alarms shall be provided in advance of all trip alarms. All
pre-trip alarms shall be “HIGH Priority.”
 DCS-based alarms shall be provided for all measurements used to

generate a SIS trip. The pre-trip alarms shall be provided in
advance of the SIS pre-trip alarm and shall be either a “LOW” or
“MEDIUM” priority.
 All SIS voted inputs shall be compared and a larger than specified
deviation between sensors shall trigger an alarm.
 For 2 voted SIS inputs, the average value shall be sent to the DCS
for comparison with the DCS measurement.
 For 3 voted SIS inputs, the middle value shall be sent to the DCS
for comparison with the DCS measurement.
 Redundant DCS measurements shall be compared and alarmed

on measurement deviation exceeds setpoint.
5. It shall not be possible for the operator to change alarm priorities, the alarm
configuration system shall allow only authorized personnel to make
Page 20
changes after MOC has been approved by all involved parties such as
engineering, operations, management, and maintenance.
6.5 Alarm Suppression
6.5.1 Alarm Suppression Criteria
1. Immediately following a trip, alarms that occur as a direct consequence of

the trip and are no longer relevant shall be automatically suppressed to
avoid alarm flooding. (Automatic Suppression)
2. Alarms those are not relevant in the current mode or operation, as during
start-up, cleaning, etc., shall have the ability to be automatically
suppressed. (Mode Based Suppression)
3. Alarms from offline equipment shall have the ability to be suppressed to

minimize unnecessary standing alarms. (Automatic or Manual
Suppression)
4. HIGH priority” alarms and other alarms that are relevant even though
equipment is offline shall not be automatically suppressed. To support
testing and other abnormal application requirements, the operator shall be
able to disable suppression, if required.
5. When an alarm is suppressed, it shall be labeled “Disabled” or “Inhibited”.
6. The status of each alarm suppression group shall be readily visible to the
operator.
7. Advanced configuration shall be performed to implement alarm

suppression during abnormal situation. Alarm inhibition shall also be
provided during equipment maintenance or plant shutdown.
6.5.2 Automatic Suppression
1. Alarm suppression shall provide relief from alarm flood in critical plant
situations.
2. Wherever possible, similar types of alarms from a single piece of

equipment shall be grouped together as a common trouble alarm to avoid
alarm flooding.
Page 21
3. Alarm suppression logic in the control systems can be used to help

manage alarm trip points and priorities appropriate to the current mode of
operation and remove unnecessary or redundant alarm information from
the operator’s immediate attention. (Examples include spare pumps,
sequenced operations).
4. The strategy and logic used for alarm suppression shall be well
documented and easily accessible to the operator.
5. All SIS trip related subsequent alarms shall be suppressed except for the
initial trip alarm.
6. "Cutout" indicates that the alarm is allowed to activate, but that the active
alarm is subsequently removed without operator action. The pump is used
as an equipment example for explanation purposes:
All pump-related alarms (e.g. flows, pressure) shall be cutout when the
pump is taken out of service. Out-of-service pump status will be monitored
and alarms will be automatically re-enabled when any measurement
indicates the pump might be in service in case the pump is accidentally
turned on.
7. Alarms to be suppressed shall be grouped together. Each automatic

suppression group shall behave as follows:
 DCS graphical HMI screen that both enables/disables the group

and displays its status shall be provided.
 When an alarm in the group occurs, it is annunciated in the normal
way with any subsequent alarms in that group automatically
suppressed.
 Suppression shall be removed when the operating condition
returns to normal or when the operator manually removes
suppression.
 Automatic suppression shall disable alarms, not inhibit them.
6.5.3 Manual Suppression
1. Manual alarm suppression option shall be configured for every alarm. The
alarm suppression privilege shall be password protected. Suppression
Page 22
alarm reminder shall be configured to prevent the alarms from remaining in

a suppressed condition longer than necessary.
2. To reduce noise during upsets, a “LOW priority” alarm horn cut-out may be
provided to allow the operator to eliminate the audible annunciation of
“LOW priority” alarms for intervals of up to 30 minutes.
3. When logical conditions are true, verifying that particular equipment is

offline, a screen target is enabled. The target can be selected by the
operator to suppress all alarms to the designated suppression group.
4. The suppressed alarms may be re-enabled either manually by the operator

at any time or will be automatically re-enabled when the status conditions
are no longer satisfied.
6.5.4 Mode Based Alarming
a. Inactive alarms for the current mode of equipment operation (e.g.

regeneration of dehydrators/reactors, system start up, cleaning) shall be
suppressed and prevented from activation.
b. The operator shall be able to enable or disable mode based alarming via
DCS HMI graphical screen target located at either MCR or LCR or LOR.
c. Transfer of alarm settings from one mode to another mode shall be

automatic once enabled by the control system logic.
d. Time delays shall be included in mode actuation conditions when it is

necessary to allow time for process to change from one mode to another
mode, so as to avoid transient alarm activation.
6.5.5 Alarm Disabling
i. Alarm disabling shall prevent an alarm from actuating while still detecting
and logging the underlying event.
ii. Temporary disabling of nuisance alarms shall be granted through purpose

designed software with secure password access. Alarm disabling access
type shall be determined and approved by Company.
iii. Prioritized alarms shall not be disabled by this process.
Page 23
iv. Alarms shall only be disabled for a limited time period. Disabled time
period shall be determined and approved by Company.
v. Reports showing user-disabled alarms and/or suppressed alarms shall be

readily available for display.
6.5.6 Alarm Inhibition
1. Alarm inhibiting shall prevent detection of the underlying event, and hence
any alarm, display or logging of the event.
2. The DCS shall offer an option to inhibit inconvenient and/or noisy alarms
with the exclusion of “External Alarms.”
3. A clear indication of the status of inhibition shall be shown on the DCS HMI
screen for inhibited alarms.
4. The inhibition of alarms shall convert the method of notification of “HIGH

priority” process alarms temporarily into an action of lower priority without
disabling the detection of the alarm.
6.6 Alarm Configuration
6.6.1 General Requirements
1. To minimize the incidence of nuisance and irrelevant alarms, the following

guidelines shall be followed:
 Any vendor-supplied default alarm configuration parameters shall

be removed from package equipment with vendor approval prior to
configuring the control systems alarms. Specific parameters
shall be configured for these required alarms.
2. The use of process deviation alarms shall be restricted to those important
control loops where “Absolute Alarms” are unable to provide adequate
warning, for example, because the required alarm activation point varies
with the controller setpoint.
3. Duplicate alarms for the same measurement shall be avoided, except for
tank gauging.
4. Specific requirements for bad Process Variable alarm shall be determined
and approved by Company.
Page 24
5. Operator-initiated or routine automatic actions to start or stop equipment or

open or close valves shall not generate alarms. Such events shall be
logged in the event file. Failure of the commanded action shall be
alarmed when appropriate.
6. Alarm deadband input filter and debounce timer shall be set cautiously to
avoid nuisance alarms.
7. Event shall not be configured as an alarm, i.e. a change in equipment
status or valve position.
8. Measurements comparison deviation alarm set points shall be set initially

as follows, subject to revision during detail engineering:
a. Flow, 10%
b. Pressure, Differential Pressure 10%.
c. Temperature, 5ºC.
d. Level, 10%.
6.7 Alarm and Event Presentation
6.7.1 Alarm summary
1. An “Alarm Summary” display shall be provided to display acknowledged

alarms and non-acknowledged alarms that are still active. Display screens
shall be accessible by the operator utilizing a single click or keystroke
function.
2. The “Alarm Summary” shall have the capability to be sorted by priority,

acknowledgement, chronological order, etc.
3. DCS HMI screens shall be provided for navigation from the alarm summary
to the most relevant graphical display within one to two clicks or
keystrokes.
4. Unacknowledged alarms shall be clearly distinguished from acknowledged

alarms by blinking, reverse highlighting or similar. This technique shall only
be used for acknowledgment.
5. The “Alarm Summary” shall be logged in the DCS or in a SOE system,

which can be dedicated or an integral part of the DCS or SIS. The alarm
summary logging shall be determined and approved by Company.
Page 25
6. SOE system shall be considered only for high speed scanning of specific
groups of alarms or events for the purpose of post fact failure analysis of
process equipment such as boiler, compressor, etc., and electrical
generation and distribution systems. Typically, the resolution shall be one
millisecond or faster.
7. Alarm messages on the “Alarm Summary” screen shall include the

following Fields, as a minimum, with adequate resolution to identify the
sequence of alarms:
 Date/Time of alarm activation

 Instrument tag
 Description
 Alarm identifier (HH, LL, etc.)
 Engineering units
 Priority
 Alarm limit
 Present value
 Location - unit or equipment
8. “Warning Messages” shall not be shown on the “Alarm Summary” screen.

An additional DCS graphical screen shall be provided for warning
messages.
9. In case of systems that use “Alarm Messages”, a screen dedicated to

alarms is not necessary provided that the operator can call the screen of
alarms by a single click.
10. Re-alarm tag shall not be used.
11. A historical log of alarms and events shall be available to operators to

analyze incidents and events.
6.8 Alarm Design
6.8.1 Visual Annunciation
Page 26
i. First Out Alarms - A SIS trip alarm is an indication that a trip has occurred.
A “First Out” indication is then used to discriminate between related SIS
trip alarms to identify the first initiator of the trip.
ii. Alarm priorities shall be denoted by the following visible conventions:
HIGH HIGH Priority Black text on red background
Orange text on normal

MEDIUM MEDIUM Priority
background
LOW LOW Priority Yellow text on normal background
LOGGING LOGGING Priority White Text on normal background
6.8.2 Audible Annunciation
 A different tone shall be used for each alarm priority. Low priority audible
tone shall be automatically suppressed either permanently or for a period
during times of high alarm traffic volume.
 Higher priority alarms shall always activate an audible tone and shall not
allow deactivation by an operator.
 Distinct audible tones will be selected for each alarm priority. Audible tones
shall be determined and approved by Company.
 A maximum of 4 different alarm sounds is recommended, and it shall be

easily distinguishable between different alarm sounds.
6.9 DCS Alarm Traffic
6.9.1 General requirements
Page 27
 The DCS alarm management system shall log all the alarms and events. It
shall have capability to assess the plant alarm performance by generating
the key performance indicators as per ISA-18.2 guidelines.
 The capability for monitoring alarm traffic volume is essential for identifying
situations that have the potential for overloading the operator. Alarm traffic
monitoring results will be considered as an input for the facilities near-
miss/increased-risk monitoring program. Average and peak alarm rates
shall be reported on a 10 minute basis following ISA-18.2 convention.
6.10 DCS Alarm Documentation
6.10.1 General
 The results of the alarm design and implementation process shall be

recorded in an alarm manual by plant operation. In addition to basic
identification and priority, the following Alarm Objective Analysis (AOA)-
derived information shall be recorded for each alarm:
1. Possible causes.
2. Items to check to verify the cause.

3. Corrective action to consider.
4. Consequences if missed.
 The alarm manual shall also contain all pertinent information related to the
use and management of the alarm system such as:
1. Applicable management of change procedures.

2. Operator training practices.
3. Specific procedures and metrics to monitor the health of the alarm.
4. Alarm testing procedures.
5. Past alarm system audit and performance monitoring results.
6.11 Analysis Reports
6.11.1 Alarm system analysis generates insight into the health of the alarm system and
operation in general. The Alarm Management System shall be designed to
Page 28
generate analysis reports that can be activated on demand or triggered

automatically and sent to an email inbox or printer.
6.11.2 Typical Alarm Management System reports shall include the following:
1. Activity Reports
• Alarms per Hour
• Alarms per Day
• Alarms per Minute
• Alarms per Month
• Alarms per Unit
• Alarms per Area
• Alarms per Shift
• Alarms per Operator
• Alarms per Tag
• Alarms per Priority
• Operator Changes per Hour
• Operator Changes per Day
• Operator Changes per Minute
• Operator Changes per Month
• Operator Changes per Unit
• Operator Changes per Area
• Operator Changes per Shift
• Operator Changes per Operator
• Operator Changes per Tag
• Time in Alarm per Tag
• Time in Alarm per Tag and Priority
• Time to Acknowledge per Tag
• Time to Acknowledge per Tag and Priority
Page 29
• Stale Alarms per Tag
• Stale Alarms per Tag and Priority
• Standing Alarms per Tag
• Standing Alarms per Tag and Type
• Chattering Alarms
• Related/Duplicate Alarms
2. Configuration Reports
• Alarm Distribution by Priority

• Alarm Distribution by Priority per Unit
• Alarm Distribution by Priority per Area
• Alarm Distribution by Priority per Operator
• Alarm Distribution per Tag
• Alarm Distribution per Tag per Unit
• Alarm Distribution per Tag per Area
• Alarm Distribution per Tag per Operator
• Alarm Distribution per Inhibited Status
• Alarm Distribution per Impact Category and Level
• Alarm Distribution per Response Time
3. Rationalization Reports
• Current Configuration
• Recommended Configuration
• Recommended Configuration Changes
• Projected Configuration
4. Management of Change - Change Audit Reports
• Operator Changes in Past 24 Hours

• Operator Changes in Past 12 Hours
Page 30
• Operator Changes Last Shift

• Alarms Inhibited in Past 24 Hours
• Alarms Inhibited in Past 12 Hours
• Alarms Inhibited Last Shift
• Configuration Discrepancies
• Operator Log Notes
All of the above reports shall be available in a free format reporting tools. They shall be
available / transferable in commercially available software (e.g. MS-Office products).
Page 31

446RDP Ge WPR 000 SPC in 0010 - 1 (2o541wpukzm)

Uploaded by

Copyright:

Available Formats

You might also like

446RDP Ge WPR 000 SPC in 0010 - 1 (2o541wpukzm)

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

446RDP Ge WPR 000 SPC in 0010 - 1 (2o541wpukzm)

Uploaded by

Copyright:

Available Formats

REFINING AND PETROCHEMICAL COMPLEX PROJECT OF THE

TECHNICAL SPECIFICATION FOR

WorleyParsons International, Inc.

© Copyright 2012 WorleyParsons Pty Ltd

2. ACRONYMS .................................................................................................................... 5

3. REFERENCES ................................................................................................................ 7

3.1 Industry Codes ................................................................................................................. 7

3.2 Applicable Ecuadorian Codes, Standards, and Requirements ......................................... 7

3.3 Applicable PDVSA Codes, Standards, and Requirements ............................................... 8

3.4 Project Specifications ....................................................................................................... 8

4. RESPONSIBILITIES AND REQUIRED SPECIFICATIONS .......................................... 10

4.1 Responsibility ................................................................................................................. 10

4.2 Conflict Requirements .................................................................................................... 10

4.3 Required Specifications .................................................................................................. 10

5. DEFINITIONS ................................................................................................................ 13

6. GENERAL AND TECHNICAL REQUIREMENTS ......................................................... 15

6.1 General .......................................................................................................................... 15

6.2 Alarm and Warning Classification ................................................................................... 17

6.3 Alarm Characteristics ..................................................................................................... 18

6.4 Alarm Prioritization ......................................................................................................... 19

6.5 Alarm Suppression ......................................................................................................... 21

6.6 Alarm Configuration ........................................................................................................ 24

6.7 Alarm and Event Presentation ........................................................................................ 25

6.8 Alarm Design .................................................................................................................. 26

6.9 DCS Alarm Traffic........................................................................................................... 27

6.10 DCS Alarm Documentation............................................................................................. 28

6.11 Analysis Reports ............................................................................................................ 28

This specification is not intended to be used for purchase purposes.

ALMS Alarm Management System

MTC Main Communications Contractor

OTS Operator Training Simulator

3.1 Industry Codes

Engineering Equipment Material Users Association

Publication 191 Alarm System, a Guide to Design, Management and Procurement

International Electrotechnical Committee (IEC)

IEC 61804-3 Electronic Device Description Language (EDDL)

International Society of Automation (ISA)

ISA 5.1 Instrumentation Symbols and Identification

3.2 Applicable Ecuadorian Codes, Standards, and Requirements

Ecuadorian Work Code

Rules of Safety and Hygiene of PetroEcuador Regulation Environmental For Activities

3.3 Applicable PDVSA Codes, Standards, and Requirements

Petroleos de Venezuela - PDVSA

K-308 PDVSA Specification – Distributed Control Systems

K-335 Packaged Unit Instrumentation

3.4 Project Specifications

Specification Number Specification Title

10045D -000-GE-DB-001 Basic Engineering Design Data

10045D -000-IN-SP-001 Specification for General Specification of Instrument

10045D -000-IN-DB-001 Instrument and Control Design Basis and Criteria

10045D -000-PR-DB-002 Overall Refinery Design Basis

10045D -000-IN-AD-K335 Addendum to PDVS K-335-Packaged Unit Instrumentation

10045D-000-IN-SP-050 Specification for Integrated Control and Safety System

10045D-000-GE-PR-005 Project Numbering Procedure

Specification for Machinery Protection and Condition

446RDP-PC-WPR-000-GEN-IN-0001 MAC Scope Of Work

446RDP-GE-WPR-000-SPC-IN-0001 Technical Specification for Distributed Control System (DCS)

Technical Specification for Distributed Control System (DCS)