ONSHORE FUCTIOAL SPECIFICATIO FS # PLC

ENGINEERING FOR Rev 0

SERVICES PROGRAMMABLE LOGIC
NEW DELHI
Discipline ISTRUMETATIO
COTROLLER
Page : 1 of 21

FUCTIOAL SPECIFICATIO

PROGRAMMABLE LOGIC COTROLLER

(PLC)

OIL AND NATURAL GAS CORPORATION LIMITED

INDIA
 ONSHORE FUCTIOAL SPECIFICATIO FS # PLC
ENGINEERING FOR Rev 0
SERVICES PROGRAMMABLE LOGIC
NEW DELHI
Discipline ISTRUMETATIO
COTROLLER
Page : 2 of 21

IDEX
TABLE OF COTETS

Clause o. ITEM Page o.

1.0 Scope of Document 3

Standards and Specifications 3

2.0
2.1 Reference Specifications 3

3.0 Scope of Supply 3

Programmable Logic Controller 3

4.1 General 3

4.2 System Hardware Requirements 4

4.0
4.3 System Software Requirements 11

4.4 Electrical Requirements 15

4.5 Functional Requirements 17

5.0 Equipment Protection 18

6.0 Installation, Inspection and Testing Requirement 19

7.0 Documentation 20

8.0 Tagging and Nameplates 21

9.0 Review and Approval 21

10.0 Preparation for Shipment/ Transportation 21

11.0 Receipt and Storage 21

 ONSHORE FUCTIOAL SPECIFICATIO FS # PLC
ENGINEERING FOR Rev 0
SERVICES PROGRAMMABLE LOGIC
NEW DELHI
Discipline ISTRUMETATIO
COTROLLER
Page : 3 of 21

1.0 SCOPE OF THIS DOCUMET

1.1. This specification describes the essential considerations in the selection, installation,
calibration, testing and commissioning of Programmable Logic Controllers (PLC). This
specification is applicable to PLC for package equipment, PLC for Safety Systems such as
ESD, FSD and F&G, and PLC for plant safety shutdown logics as a part of DCS.

1.2. The Contractor shall be responsible for the design, manufacture, configuration, installation,
testing, operational functionality, training, shipment, installation and commissioning at site,
documentation and support for the PLC.

2.0 STADARDS & SPECIFICATIOS

2.1. Reference Specifications

a. Specification No. 3.6 : Instrumentation Design Criteria
b. Project P&IDs

3.0 SCOPE OF SUPPLY

3.1 The PLC System shall include all the sub-systems described in this specification, Engineering
software, PLC Console and all necessary interfaces for maintenance modifications,
monitoring, testing and troubleshooting.

3.2 The scope of supply shall also include start-up and commissioning spares as suggested by the
Manufacturer. Two years' spares requirement list shall also be furnished with price quotation.
Refer clause 3.6.21 of Instrumentation Design Criteria for Instrument spares philosophy.
Contractor shall supply consumables for six months and all special tools also.

4.0 PROGRAMMBALE LOGIC COTROLLER

4.1 GEERAL

4.1.1 Use of Standard Products

4.1.1.1 The PLC shall be chosen for simplicity, use of established proven components, use of
techniques that minimize the need for maintenance, ease of configuration and overall integrity
of design.

4.1.1.2 The system shall be microprocessor based and shall be composed of standard hardware and
system software, which can be configured to meet the stated requirements.

4.1.1.3 The standard operating system software shall not require modification to meet any of the
project requirements.

4.1.2 On-Line Card Changeover

4.1.2.1 All printed circuit boards shall be able to removed or installed while the system is operating
without causing hardware damage or system errors. On-line replacement of any module shall
be possible in such a way that removal and addition of a module shall be possible without de-
 ONSHORE FUCTIOAL SPECIFICATIO FS # PLC
ENGINEERING FOR Rev 0
SERVICES PROGRAMMABLE LOGIC
NEW DELHI
Discipline ISTRUMETATIO
COTROLLER
Page : 4 of 21

energizing the system. Further there shall not be any interruption the system or the process
while replacing a faulty module wherever redundant modules are provided

4.1.3 PLC Scan Time

4.1.3.1 The scan time of the PLC shall be 250 milli-seconds or better. Scan time of PLC is defined as
the cycle time taken by the system to read input, process input executing logic, and update
control output for all the logics configured within the system. Other activities like diagnostic
routines, output/dump of data to peripherals, or any other activity that consume processor time
shall also be accounted while computing scan time.

4.1.4 Hazard Analysis and Risk Assessment

4.1.4.1 The PLC implementation plan for safety-related PLC shall be based on the Hazard Analysis
and Risk Assessment specification developed by the Contractor.

4.1.5 Detail Design

4.1.5.1 The detail design, installation, commissioning and testing, pre-start-up Safety Review, PLC
start-up operation, Maintenance and periodic functional testing and PLC decommissioning
shall be as per IEC 61508.

4.1.5.2 The system shall be designed such that the testing frequency for any single component is not
less than 3 months. The Contractor shall provide a set of test procedures for each PLC loop to
enable this testing frequency to be met in accordance with the requirements of IEC 61508.

4.2 SYSTEM HARDWARE REQUIREMETS

4.2.1 The PLC shall be "Fault avoidant" and shall be based on high -reliability, high- availability
programmable electronic systems.

4.2.2 PLC envisaged for safety-related functions, such as ESD-FSD PLC and F&G PLC shall be
certified to TUV AK 6, and shall be suitable for use on systems requiring SIL 3 integrity in
accordance with IEC 61508.

4.2.3 The overall system availability of the PLC shall be 99.99% or better. Single point component
failure shall not result in the loss of availability of entire PLC.

4.2.4 Input/ Output System

4.2.4.1 The I/O modules shall be mounted in the I/O racks located in the Control Room. The maximum
number of Input/ Output per I/O module shall be limited as per the following table :

So. Type of configuration o. of I/Os

1. Single I/O system 8
2. Dual I/O system 16
3. Triple Redundant system 32

4.2.4.2 Each I/O shall be galvanically isolated from external control circuit by suitable means. The
minimum isolation level between I/O and logic circuit shall be 1000 VDC.
 ONSHORE FUCTIOAL SPECIFICATIO FS # PLC
ENGINEERING FOR Rev 0
SERVICES PROGRAMMABLE LOGIC
NEW DELHI
Discipline ISTRUMETATIO
COTROLLER
Page : 5 of 21

4.2.4.3 Each I/O shall be protected against the reversal of polarity of the power voltage to I/O.

4.2.4.4 Each I/O module shall have a LED per channel to indicate the status of each Input/ Output.

4.2.4.5 Each input shall be provided with filters to filter out any noise in the input line and contact
bouncing noise.

4.2.4.6 The PLC inputs shall be provided with only dry contacts (Potential free) unless otherwise
specified. All the inputs shall preferably be double ended i.e. two wires per input and not with
common return for all inputs.

4.2.4.7 The interrogation voltage to the input contacts shall be powered from separate power supply/
supplies and shall not be a part of PLC, unless otherwise specified. This power supply shall be
supplied at one point and shall be distributed by the Contractor.

4.2.4.8 In case of triple redundant system, if standard system architecture does not allow triplicate
signal conditioning circuits per I/O, dual redundant signal conditioning circuits shall be
provided per I/O.

4.2.4.9 Output contacts from the PLC shall be potential free dry contacts. Wet contacts/ powered
contacts/ TTL outputs etc. shall not be acceptable. Contractor must provide arc suppression
device for each output contact. The output contact rating in general, shall be as follows:

So. Applicable for Voltage Current

Rating Rating
1. All output cards driving solenoid 110 VDC 0.5A
valve and alarm annunciator system
unless otherwise specified.

2. All LT motor/ pumps/ compressor output 240 VDC 5.0A

cards unless otherwise specified.

3. All HT motors/ pumps/ compressor 220VDC 2.0A

(6.6KV Inductive and above) output
cards unless otherwise specified.

However, LSTK contractor shall propose the electrical scheme and the Voltage ratings for the
"Output Contact ratings" based on the electrical system/ Switchgears selected during design
and detailed engineering and submit the same for ONGC's approvals.

4.2.4.10 Each output shall be short circuit proof and protected by fuse. Visual indication of fuse blown
must be provided for each module.

4.2.4.11 The communication of I/O system with central processor shall be redundant with complete
error checking. Details as per clause 4.2.7.4 of this document.
 ONSHORE FUCTIOAL SPECIFICATIO FS # PLC
ENGINEERING FOR Rev 0
SERVICES PROGRAMMABLE LOGIC
NEW DELHI
Discipline ISTRUMETATIO
COTROLLER
Page : 6 of 21

4.2.4.12 Wherever redundant communication bus and communication interface of I/O subsystem with
central processor are specified, Contractor must ensure that healthiness of each redundant
module is monitored.

4.2.4.13 It shall be possible to exchange I/O modules while the system is in operation:

a. Without influencing other logic function than the one's which are covered by the I/O
modules being exchanged for single I/O configuration.
b. Without upsetting the process for dual I/O or dual PLC configuration.
c. In case of triple redundant system hot replacement of I/O modules shall be provided.
Additional slots must be provided in the I/O nest for hot replacement of these modules.
Also, hot replacement of the signal conditioning modules shall be possible. No output
shall be affected while replacing these modules in either case.

4.2.5 Processor System

4.2.5.1 The processor shall have capability to implement all the control functions required to
implement the logic scheme attached along with as logic/ ladder diagram.

4.2.5.2 The size of the memory shall be sufficient for storage of the program instructions required by
the logic schemes and other functional requirements. Offer shall indicate the amount of
memory capacity occupied by the actual program and spare capacity available for later program
modifications or additions.

4.2.5.3 Memory shall be non-volatile. However in case volatile memory is provided, battery back up
shall be provided with a minimum of 3 months lifetime to keep the program storage intact. A
battery drain alarm shall be provided at least one week before the battery gets drained. A
potential free contact shall be provided for hardwired annunciation in the central control room.

4.2.5.4 Watchdog timer shall be a software device. Watchdog timer shall continuously monitor the
healthiness of processors. Any hardware or software problem in the processor system, which
shall include, CPU, memory, power supply, communication interface etc. shall cause the watch
dog timer to report processor failure.

4.2.5.5 Wherever dual redundant processor is specified, redundancy shall be provided in such a way
that in case of failure of the main processor, the standby shall take over automatically. The
changeover shall bump less and the system shall be fail proof, unless any other requirement is
specified in the job specifications. Redundancy shall be provided for complete processor
system including CPU, memory power supply and communication sub system.

4.2.5.6 In case of triple redundant system all the three processors shall execute the same instructions/
programs and check their results and majority vote to correct any faulty result. The faulty
processor diagnostic shall be made available.

4.2.5.7 Failure of a single processor shall not affect the system. In case of failure of complete processor
system i.e. both processors in case of dual configuration and two or more in case of triple
redundant system outputs shall take fail-safe state automatically.
 ONSHORE FUCTIOAL SPECIFICATIO FS # PLC
ENGINEERING FOR Rev 0
SERVICES PROGRAMMABLE LOGIC
NEW DELHI
Discipline ISTRUMETATIO
COTROLLER
Page : 7 of 21

4.2.5.8 In case of multiprocessor configuration offer, the processors must be able to communicate with
each other over the interconnecting data link. Contractor must ensure that system performance
shall not be degraded by any means when such a system is offered.

4.2.5.9 It shall be possible to generate the first out alarm contact by the PLC in case where a group of
parameters are likely to trip a system

4.2.6 PLC Console

4.2.6.1 The PLC Console shall be used for programming, program storing, fault diagnostics, alarm
monitoring and sequence of event (SOE) recording.

4.2.6.2 It shall consist of a standalone IBM compatible PC with colour 19" size TFT LCD Monitor,
standard keyboard and sequence printer.

4.2.6.3 The console shall have suitable security provisions and all illegal entries shall be rejected by
the terminal and shall be identified by warning signal on Monitor.

4.2.6.4 Manual forcing of any input or output contact connected to PLC shall be possible from
keyboard.

4.2.6.5 It shall be possible to modify, add or delete the application program on line without affecting
the outputs.

4.2.6.6 PLC Console Monitor shall display logic and/ or ladder diagram indicating power flow and
shall show description and status of each contact. It shall also be possible to display process
alarms and diagnostic messages as and when they appear. Further it shall also be able to display
I/O map in a user-defined format.

4.2.6.7 It shall be possible to print out the ladder/ logic diagram on the dedicated PLC printer. The
Printer in addition shall also print out:

a. The diagnostic messages as and when generated and diagnostic reports, when called for.
b. Process alarms connected to the programmable logic controller as and when they appear
and alarm report whenever initiated. The choice of printing alarms on this printer shall be
operator selectable from a key lock switch on PLC console.
c. Shutdown report as and when initiated.
d. The I/O maps showing status of all inputs and corresponding out in a user defined format.

4.2.6.8 The PLC console shall be provided with self-diagnostics feature, which shall display error
messages and initiate an audible alarm if the fault is detected. A potential free contact for
diagnostic group alarm shall be provided which shall be connected to the hardwired alarm and
annunciator system.

4.2.6.9 In addition, a service unit or hand held programming unit for trouble shooting and initial check-
ups from local level shall be quoted separately.
 ONSHORE FUCTIOAL SPECIFICATIO FS # PLC
ENGINEERING FOR Rev 0
SERVICES PROGRAMMABLE LOGIC
NEW DELHI
Discipline ISTRUMETATIO
COTROLLER
Page : 8 of 21

4.2.6.10 The system shall be able to identify the failure at least upto the any module level including I/O
system and redundant processor through detailed TFT LCD Monitor display and report print
out.

4.2.6.11 Isolation shall be provided between the programming panel and related subsystems if there is
any possibility of high voltage from MONITOR being transmitted to other subsystems.

4.2.6.12 It shall also be possible to use PLC for plant operation, whenever specified. PLC console when
used for plant operation shall be supplied with dedicated operator keyboard.

4.2.6.13 Whenever PLC console is used for the operation of the plant, it shall be able to display process
dynamic graphics, overview and group display. It shall also be possible to operate the plant i.e.
start and stop of rotating machinery, opening and closing of valves etc. from dynamic graphics
and group displays. All such displays shall be user configurable.

4.2.7 PLC Communication Sub-System

4.2.7.1 The PLC communication subsystem shall be a digital communication bus that provides a high
speed data transfer rapidly and reliably between the processor, I/O Sub-system, PLC console
and other devices connected in the PLC System. The PLC shall communicate with the DCS via
dual serial interfaces to the DCS dual redundant data highway.

4.2.7.2 Safety-related shutdown signals to and from the PLC shall be via hard-wired I/O, not via the
data highway or other communications link.

4.2.7.3 Failure of equipment associated with communications shall not affect any aspect of the PLC
functionality.

4.2.7.4 Redundancy in PLC communication subsystem shall be provided as follows unless otherwise
specified.

a. The communication subsystem between PLC processor and I/O subsystem shall be
single unless otherwise specified. This shall include single communication bus and single
interfaces/ buffers.
b. For dual I/O configuration, each I/O sub set shall have separate communication interface
and bus for connecting to PLC processor.
c. For the triple redundant system, each processor shall have a separate set of PLC
communication subsystem.
d. The communication subsystem between processor subsystem and PLC console shall be
dual redundant, consisting of two separate communication interfaces and two buses, each
one configured in redundant mode, unless this is only used as programming aid.

4.2.7.5 In case of redundant PLC communication sub system, on the failure of the active device, the
redundant device shall take over automatically without interrupting the system operation.
Information about the failed device shall be displayed at local as well as on PLC console. It
shall be possible to manually switch over the communication from main bus/ device to
redundant bus/ device without interrupting any system function.
 ONSHORE FUCTIOAL SPECIFICATIO FS # PLC
ENGINEERING FOR Rev 0
SERVICES PROGRAMMABLE LOGIC
NEW DELHI
Discipline ISTRUMETATIO
COTROLLER
Page : 9 of 21

4.2.7.6 The mechanism used by the system for error checks and control shall be transparent to the
application information/ program. Error checking shall be done on all data transfers by suitable
codes.

4.2.7.7 Interface with DCS

4.2.7.7.1 The PLC shall be required to be interfaced to the offered Distributed Digital Control System
bus. A suitable interface shall be offered in order to achieve the following functions:

a. Display of all input points under alarm/ first out alarm connected to PLC or generated by
PLC on the main operator console.
b. Generate shutdown reports on logging printer of Distributed Digital Control System.
c. To receive certain operating commands from the operator console for the operation of
certain output devices connected to PLC.
d. To display diagnostic messages of PLC.

4.2.7.7.2 The interface shall be dual redundant.

4.2.8 System Spare Capacity:

4.2.8.1 Redundant capacity shall not be considered as spare capacity. The PLC shall be delivered to the
site with the following minimum spare capacity and expansion capabilities:

• I/O Racks shall contain 20% installed spare I/O modules.

a. Module types shall be provided in the approximate ratio of non-spare types and
distributed throughout I/O racks.
b. Other system components to support installed spare I/O, such as I/O power supply
capacity, terminal blocks, I/O cables, I/O communications, etc., shall be installed
with capacity for all installed I/O plus an additional 20% spare capacity.
c. If terminal blocks are pre-wired to the process I/O, then these shall also be pre-
wired to the spare I/O.
• I/O Racks shall have an additional 20% spare rack space without installed modules.
• Processing modules shall be sized so that the average load uses no more than 60% of the
processing capacity and memory. Historical storage shall have 75% spare capacity.
Estimating tools to calculate the expected processing and memory capacity usage shall be
included with the system.
• Cabinets that contain terminal blocks shall be provided with 20% spare terminal blocks.
This is in addition to the requirements above.
• Whenever relays are used to interface process input/ outputs with the PLC, 20%
additional relays shall be provided. In addition, 20% spare space shall be provided in
cabinets to install 20% additional relays in future.

4.2.8.2 Contractor shall quote separately for 5% modules as mandatory spares or minimum one module
of each type for all types of cards/ modules used in their system including I/O modules,
processor module, memory module, power supply module etc., but shall not include hardware
like hard disc, disc drives, MONITOR's terminals, switches etc.
 ONSHORE FUCTIOAL SPECIFICATIO FS # PLC
ENGINEERING FOR Rev 0
SERVICES PROGRAMMABLE LOGIC
NEW DELHI
Discipline ISTRUMETATIO
COTROLLER
Page : 10 of 21

4.2.8.3 Paper and cartridges required for printers or any other consumable item shall be supplied with
the system required for minimum of six months duration.

4.2.8.4 Safety barriers shall be provided for intrinsically safe input/ output circuits wherever specified.
In such cases, the system shall be designed intrinsically safe based on entity concept. The
barriers shall be certified by BASEEFA, CENELEC, FM, PTB, CMRI etc. for use in the area
classification as specified elsewhere in the job specifications. The proper selection of the safety
barriers shall be the Contractor's responsibility.

4.2.9 Bypass Switches

4.2.9.1 The following shall apply when dealing with maintenance bypasses:

• Maintenance bypasses shall form part of the overall PLC design to meet maintenance
and testing requirements. System design shall minimize the requirement for bypasses,
consistent with maintaining the required system integrity.
• Manual emergency shutdown switches shall not be bypassed under any circumstances.
• Maintenance bypass switches shall be implemented by hard-wired manual switches
directly connected to the PLC as digital input signal, and bypass functionality shall be
carried out by the PLC's application software.
• Maintenance bypass switches shall not operate multiple bypass functions.
• The system shall be configured so that only one maintenance bypass can be activated at
a time.
• Operation of any bypass switch shall be logged on the PLC and the DCS event loggers
and shall initiate a DCS alarm, a common alarm on the hard-wired annunciator.
• Bypass switches shall not inhibit associated process alarms.

4.2.9.2 The following shall apply when dealing with start-up bypasses:

• System design shall minimize the need for start-up bypasses.

• Start-up bypasses shall be initiated from soft-switches of the DCS stations in the Central
Control Room.
• Start-up bypasses shall be automatically reset by a time-out or by the associated process
parameter reaching normal limits.
• Start-up bypass time-out values shall be minimized, and shall be evaluated during risk
evaluation and HAZOP. Adjustment of start-up time-outs shall not be available to
operators.
• Start-up bypasses shall be alarmed and displayed to the operator on the DCS.
• A hard-wired key switch shall be provided to prevent unauthorized operation of the
Start-up bypass system.

4.2.10 PLC System Cabinets

4.2.10.1 All PLC system cabinets shall be completely wired with all modules in place. Inside cabinet
wiring shall preferably be done using ribbon type pre-fabricated cables.
 ONSHORE FUCTIOAL SPECIFICATIO FS # PLC
ENGINEERING FOR Rev 0
SERVICES PROGRAMMABLE LOGIC
NEW DELHI
Discipline ISTRUMETATIO
COTROLLER
Page : 11 of 21

4.2.10.2 All the cabinets shall be free standing, enclosed type and shall be designed for bottom entry of
cables. Cabinet structure shall be sound and rigid and shall be provided with removable lifting
lugs to permit lifting of the cabinets.

4.2.10.3 Cabinets shall be fabricated from cold rolled steel sheets of minimum 2 mm thickness suitably
reinforced to prevent warping and buckling. Doors shall be fabricated from cold rolled steel
sheet of minimum 1.6 mm thickness. Cabinets shall be thoroughly devoid of all sharp edges
and shall be grounded smooth after fabrication.

4.2.10.4 Cabinet finish shall include sand blasting, grinding, chemical cleaning, surface finishing by
suitable filter and two coats of high grade lacquer with wet sanding between two coats. Three
coats of paint in the cabinet colour shall be given for non-glossy high satin finish. Colour of the
cabinets shall be as per panel specifications.

4.2.10.5 Each cabinet shall be maximum 2100 mm high (excluding 100 mm channel base), 1200 mm
wide and 1000 mm deep, in general. Construction shall be modular preferably to accommodate
19" standard electrical racks. All cabinets shall be of same height. Maximum swing out for
pivoted card racks, doors and drawers shall be limited to 600 mm. Dimensions given here are
indicative/ tentative only, bidder shall take prior approval from the company for the finalization
of dimensions of cabinet at the time of Detail Engineering.

4.2.10.6 Cabinets shall be equipped with front and rear access doors,. Doors shall be equipped with
lockable handles and concealed hinges with pull pins for easy door removal.

4.2.10.7 Vent louvers backed by wire fly screen shall be provided in cabinet doors with ball bearing
type ventilation fans to remove dissipated heat effectively from cabinets.

4.2.10.8 230 VAC door switch operated incandescent lamps shall be provided for illumination in all
cabinets.

4.2.10.9 Equipment within the cabinet shall be laid out in an accessible and logically segregated
manner. Cable glands shall be provided for incoming and outgoing cables to prevent excessive
stress on the individual terminals. All metal parts of the cabinet shall be electrically continuous
and shall be provided with a common grounding lug.

4.2.10.10 Each I/O module shall be provided with separate terminals for individual inputs and outputs.
All inter cubicle and internal signal wiring shall be done using minimum 1 mm2 stranded
copper conductor, and power wiring shall be done using minimum 1.5 mm2 stranded copper
conductor. All terminals shall be suitable for minimum 2 mm2 cables.

4.3 SYSTEM SOFTWARE REQUIREMETS

4.3.1 The system software shall include all programs for the PLC and PLC console which are
required to perform all PLC functions including communication and self-diagnostics.
 ONSHORE FUCTIOAL SPECIFICATIO FS # PLC
ENGINEERING FOR Rev 0
SERVICES PROGRAMMABLE LOGIC
NEW DELHI
Discipline ISTRUMETATIO
COTROLLER
Page : 12 of 21

4.3.2 All operating and application software shall be the latest revision of all proprietary software
licensed to ONGC. The Contractor shall provide any new revisions of software during the
development of the project.

4.3.3 Logic program backup shall be provided in duplicate in CD/ DVD.

4.3.4 The PLC programming language for implementation of logic operations shall be based on the
following representations:

a. Logic diagrams - Binary logic symbols such as AND, OR, NOT Gates, Timers and Flip
Flops.
b. Ladder diagram - Series parallel connection of relay contacts.
c. Combination of (a) & (b) above.

4.3.5 Details of the diagnostic package and its related equipment and software shall be supplied by
the Contractor with the offer. A list of additional diagnostic packages available including their
description and capabilities shall be provided as a separate quote.

4.3.6 It shall be possible to print out the ladder/ logic diagram on a dedicated printer. The printer
shall also print out all diagnostic reports. Contractor must supply the off line software package
to enable the owner to modify/ add/ delete any part of program and for documentation.

4.3.7 Software for the generation of various displays including dynamic graphics, whenever specified
shall be provided.

4.3.8 The software for printing alarms, system as well as process and events on the PLC printer must
be provided. All alarms must be printed as and when they appear.

4.3.9 Software package for displaying I/O map showing status of inputs and corresponding output as
per logic shall be offered. The I/O map format shall be user definable.

4.3.10 Report generation software shall be provided for the user-defined format reports like on
demand, per shift, hourly, daily and weekly report.

4.3.11 All details and description shall be provided for the software package including the on-line I/O
testing software.

4.3.12 The system shall have an extensive set of self diagnostic routines which shall be able to identify
the system failure at least upto module level including redundant components and power
supplies through detailed MONITOR displays and report print out. Diagnostic software shall
have the capability to provide information about the failed modules/ system either in the form
of a system configuration display or provide information in the form of a statement.

4.3.13 Automatic self-testing and system diagnostics shall be incorporated in the PLC configuration.
At the local level, failure of a module in any subsystem shall be identified by an individual
LED. All testing and system diagnostics shall be a proven integral part of the standard system
and shall be completely transparent to the user when the application is implemented. Self-
 ONSHORE FUCTIOAL SPECIFICATIO FS # PLC
ENGINEERING FOR Rev 0
SERVICES PROGRAMMABLE LOGIC
NEW DELHI
Discipline ISTRUMETATIO
COTROLLER
Page : 13 of 21

diagnostic software shall have capability to detect faults which make the system permanently
close/ open in the I/O modules or I/O signal conditioning modules (in case of triple redundant
system). This may be achieved by automatically running the testing software at cyclic intervals.
The automatic cyclic testing feature shall also be provided for dual I/O configuration and dual
I/O signal conditioning for triple redundant system. The testing software cycle time may be
field adjustable by engineer. However, system performance shall not be degraded whenever
testing feature is specified.

4.3.14 System diagnostics shall identify all possible faults and provide a means to annunciate
diagnosed malfunctions. An alarm shall be initiated in the event of any malfunction or
authorized maintenance procedure, which as a minimum, shall consist of the following:

• Removal of, or any defect in, any logic unit, communication module or processor
• Removal of, or any defect in, any input or output module, channel on a module or I/O
interface device.
• Power supply failure

4.3.15 On-Line Self Testing

4.3.15.1 PLC systems shall be designed for high availability, with on-line self-testing.

4.3.15.2 As a minimum the following basic functions shall be verified by on-line testing:

• Individual check of the system's ability to change the state of an input channel
• Individual check of the system's ability to change the state of an output channel, i. e.,
loop back testing feature
• Check of the logic-solving ability
• Standard PLC diagnostics (watchdog, etc.)
• Power-up initialization checks and checks for communication failures.
• Testing of field wiring and End-of-line devices (ELDs)

4.3.15.3 The frequency of the self-diagnostic tests shall be required to provide 99.99% system
availability.

4.3.16 In case of dual I/O or dual signal conditioning modules for triple redundant system, whenever
output module testing software detects any faulty channel, the power supply to that particular
module in that particular bank is removed automatically and further testing on the
corresponding module in the other mirror image bank is stopped. However, the testing shall
continue uninterruptedly in other output modules. Testing software shall be capable of
detecting faults in case of normally closed system as well as in normally open system.

4.3.17 Feedback must be provided in case of triple redundant system from the output voter system to
detect any latest faults of the system in addition to other diagnostic software.

4.3.18 Diagnostic package and its related equipment and software shall be supplied. A list of
additional diagnostic packages available and the packages provided, including the description
and capabilities shall be provided with separate quote.
 ONSHORE FUCTIOAL SPECIFICATIO FS # PLC
ENGINEERING FOR Rev 0
SERVICES PROGRAMMABLE LOGIC
NEW DELHI
Discipline ISTRUMETATIO
COTROLLER
Page : 14 of 21

4.3.19 Security Measures

4.3.19.1. The protective system implemented by a PLC shall be adequately protected against
unauthorized access by key-lock or password or a combination of both.

4.3.20 Application Software

4.3.20.1. The configuration language shall feature the choice of ladder, functional logic block, sequential
function chart or structured text programming and shall comply with IEC61131.

4.3.20.2. Functional logic blocks shall be pre-defined as standard for the system. The Contractor shall
submit the proposed format to the ONGC for approval prior to implementation.

4.3.20.3. Logic blocks may be used when a function block is not available.

4.3.20.4. Combination logic implementation shall use functional logic diagrams or cause and effect
charts.

4.3.20.5. Flow charts shall be used for sequencing.

4.3.20.6. Whichever method is chosen, the representation shall be kept as simple as possible to allow
participation by non-control system specialists such as operations, loss prevention and process
engineers.

4.3.21 Consideration shall be given to using application development tools that allow the PLC
application software to be presented in one of the preferred methods to enable the project to:

• Eliminate a large portion of work through the design phase

• Eliminate coding errors in not having to translate the application specification from a
functional logic diagram to ladder code
• Provide effective documentation.

4.3.22 All protective system shall be self-documenting in:

• Original programming of the application

• Any changes made after the installation

4.3.23 The following shall be generated as a minimum:

• A program listing that includes a functional description

• A system configuration
• Logic or ladder diagrams
• A cross-referenced listing of tag numbers and program use locations
• The application software shall be structured and annotated to provide anyone with a
good understanding of the protection implemented.
 ONSHORE FUCTIOAL SPECIFICATIO FS # PLC
ENGINEERING FOR Rev 0
SERVICES PROGRAMMABLE LOGIC
NEW DELHI
Discipline ISTRUMETATIO
COTROLLER
Page : 15 of 21

4.3.24 All networks shall be fully annotated including logic description, alarm and trip set points and
point tag numbers. This shall appear on the maintenance/ engineering PC and hard copy
printouts.

4.3.25 It shall be possible to download at least minor changes in software from the programming
terminal to the protective system while it is on-line without disturbing the operation of the
plant. Adequate testing procedure shall be available to verify the new logic prior to activating it
in the on-line program.

4.3.26 The Contractor shall provide a complete list of the limitations to on-line changes.

4.3.27 Software changes throughout all phases of the project shall be controlled in accordance to IEC
61508.

4.3.28 Key lock and password protection shall be provided to prevent downloading of altered software
to the operating PLC, and unauthorized software code on the programming terminal.

4.3.29 The application software shall not use more than 60% of the available system memory. The
central processing unit shall, under normal working conditions, be less than 50% loaded. This
loading shall be demonstrated during FAT. Worst-case conditions shall also be simulated to
determine if degradation of loading is within acceptable limits. These include multiple alarms,
automatic shutdowns and so forth.

4.3.30 Sequence of Events (SOE) handling shall be implemented so that time and date stamping
provides a correct sequence for troubleshooting. The PLC shall perform SOE recording but the
display shall be via the PLC Console. The DCS shall not be used as SOE recorder. SOE
resolution shall be 1 millisecond. The PLC shall be provided with access to the local printer for
printing SOE logged data, programme listings, systems alarms and the like.

4.3.31 Access to System

4.3.31.1 Normal access to the system for operations purposes shall be from the DCS workstations.

4.3.31.2 If engineering and maintenance functions cannot be accessed from the DCS workstation, a
separate engineering workstation computer shall be provided at each PLC location.

4.3.31.3 The System shall allow application software to be developed and tested off-line on the
Engineering Workstation.

4.3.31.4 Failure of any component in the operator interface shall not cause a spurious shutdown, nor
shall the component failure go undetected.

4.4 ELECTRICAL REQUIREMETS

4.4.1 The power supply configuration to the PLC shall be kept as simple as practical. Complex
external mechanical change over system using contactors shall not be used.
 ONSHORE FUCTIOAL SPECIFICATIO FS # PLC
ENGINEERING FOR Rev 0
SERVICES PROGRAMMABLE LOGIC
NEW DELHI
Discipline ISTRUMETATIO
COTROLLER
Page : 16 of 21

4.4.2 The PLC shall use supplies from 24VDC battery systems, to reduce the UPS requirements. The
24 VDC battery power shall be provided with dual 50% battery banks and dual chargers.

4.4.3 Operation of PLC shall be completely unaffected by a momentary loss of power of the order of
20m sec.

4.4.4 The primary power source to the PLC shall be capable of supplying power for nominal periods
of not less than 2 hours for the ESD PLC and 24 hours for the F&G PLC. These periods shall
be confirmed by the Contractor following project risk assessments and HAZOP.

4.4.5 The PLC and its sub-components shall be selected so that two supply sources can be connected;
the power supply paralleling shall be integral to the equipment design. This eliminates the need
for complicated paralleling schemes in the electrical supply configuration and thus a common
point of failure.

4.4.6 The primary power supply system for the PLC shall have at least one common alarm as an
input to the PLC or the facility DCS so that any fault on the power supply systems is
annunciated in a permanently manned location. The common alarm shall annunciate at least
loss of supply to the system, charging system fault and low battery voltage.

4.4.7 The primary power supply shall be sized to the requirement of the installed load with
approximately 50% excess capacity for the manufacturer's design life of the batteries.

4.4.8 The electrical distribution to the PLC and its sub-components, including the distribution
network for interrogation voltage, shall be arranged so that there is no single point of failure
that will affect the availability of the system.

4.4.9 The PLC shall be suitable for correct operation in the event of the following supply variations:

• Voltage depression to 80% of system voltage for up to 10 seconds during motor starting
• System frequency tolerance of +/- 1% coincident with the AC voltage variation

4.4.10 Each I/O rack shall have a separate independent power supply system. Each power supply shall
be sized to take full load of the I/O rack/ signal conditioning panel/ rack and shall be provided
with dual redundant power supply. Suitable battery back up shall be provided to protect volatile
memory.

4.4.11 In general all output contacts and solenoids shall be powered with 110 VDC + 10% / 24 VDC
± 10% power supply. However, the actual interrogation voltages shall be as per job
specifications and logic diagrams.

4.4.12 Sequential starting of various load centers shall be provided whenever required.

4.4.13 Power distribution network shall use bus bars of adequate capacity with DPDT switches and
HRC fuses in each branch network. Vendor may select circuit breaker if short circuit
characteristics do not match the HRC fuse.
 ONSHORE FUCTIOAL SPECIFICATIO FS # PLC
ENGINEERING FOR Rev 0
SERVICES PROGRAMMABLE LOGIC
NEW DELHI
Discipline ISTRUMETATIO
COTROLLER
Page : 17 of 21

4.4.14 All cubicles lighting shall be on 240 VAC, 50 Hz normal power supply.

4.4.15 Earthing Requirements

4.4.15.1 Each cabinet, console and other equipment supplied, as a part of PLC system shall be provided
with an earthing lug. All these lugs shall be properly secured to the AC mains earthing bus.

4.4.15.2 All circuit grounds, shields and drain wires of control cables shall be connected to the system
ground bus which shall be electrically isolated from AC mains earthing bus. This bus shall be
typically of 25 mm wide and 6 mm thick of copper.

4.4.15.3 All barriers, if used, shall be securely grounded. Safety barrier ground wire shall be capable of
carrying a maximum fault level current of 0.5 A at 250 RMS per barrier.

4.5 FUCTIOAL REQUIREMETS

4.5.1 The PLC used for safety-related/ shutdown functions shall execute the following distinct
shutdown levels:
• ESD-0 - Whole Plant Shutdown of all systems except navigation aids, emergency radio
and emergency lighting
• ESD-1 - Process Unit/ Train Shutdown, if applicable.

4.5.2 Alarms And Sequence of Events

4.5.2.1 Control Room Alarms (Process)

4.5.2.1.1 First-out indication shall be provided for alarms.

4.5.2.1.2 Pre-shutdown alarms shall be generated and displayed by the plant DCS. Generally these will
be generated by the field devices connected to the DCS that monitor the same process variable
as the PLC shutdown initiation device.

4.5.2.1.3 Shutdown alarms displayed by the DCS shall be initiated by the same logic that implements the
shutdown. The DCS inputs shall provide an independent and positive indication that a PLC has
executed a shutdown.

4.5.2.1.4 Consideration shall be given to the technology of expert systems to enhance alarming. Features
shall include:

• Qualifying individual alarms by comparing against other input criteria

• Providing criteria for rate of change
• Predicting when a dangerous condition is about to occur and cutting back on critical
variables to bring the process or equipment into a safe operating region

4.5.2.2 Control Room Alarms (System)

4.5.2.2.1 System alarms generated by the PLC to indicate system malfunction shall be annunciated in the
DCS.
 ONSHORE FUCTIOAL SPECIFICATIO FS # PLC
ENGINEERING FOR Rev 0
SERVICES PROGRAMMABLE LOGIC
NEW DELHI
Discipline ISTRUMETATIO
COTROLLER
Page : 18 of 21

4.5.2.2.2 Alarms from the F&G PLC shall be clearly segregated from those from the ESD PLC.

4.5.2.3 Visual Alarms

4.5.2.3.1 Visual alarms in the field or located on local field panels shall be oriented and shaded to ensure
that alarms are clearly visible in bright sunlight. LED clusters are preferred and shall be used
for visual indicating lamps to provide reliable and fault free operation.

4.5.2.4 Alarm Functionality

4.5.2.4.1 Consideration shall be given to implement the required alarm functionality from the application
program of the PLC, allowing the use of simple devices in panels. The same signals can then
also be used to map through onto the DCS with the same functionality.

4.5.2.5 Visibility of Annunciator Lamps

4.5.2.5.1 Test, acknowledge and reset buttons shall be located so that all affected annunciator lamps are
clearly visible from the button location. If the PLC is implementing the alarm functionality, the
test feature shall be directly built into the PLC, thus testing the entire system.

5.0 EQUIPMET PROTECTIO

5.1 Environmental Conditions

5.1.1 The PLC shall in general be housed in pressurized, air-conditioned rooms, with temperature
and humidity maintained within the ranges 21-240 C, and 45-55% RH. The Contractor shall
allow for air-conditioning failure, when the ambient conditions could rise to 500 C and 95% RH
for periods upto 8 hours.

5.1.2 The Contractor shall ensure that the PLC environment complies with ISA S71.01 and ISA
S71.04.

5.2 Equipment oise

5.2.1 The system shall have a very high noise immunity in order to ensure safe and reliable operation
when subjected to electrical radio frequency interference and Electromagnetic disturbances
expected in a plant. The maximum acceptable noise level for the PLC system in the Control
Room shall be 55 db measured at a distance of 1m lateral from the source and 1.5m vertical
from the floor with a sound level meter using the "A- weighted" sound level scale.

5.3 Hazardous Areas

5.3.1 The PLC will be located in non-hazardous area within pressurized rooms for ESD-FSD PLC
and F&G PLC function.

5.3.2 For equipment PLC, it may be located in classified plant area as specified by equipment
manufacturer, following standards for that type of hazardous area.
 ONSHORE FUCTIOAL SPECIFICATIO FS # PLC
ENGINEERING FOR Rev 0
SERVICES PROGRAMMABLE LOGIC
NEW DELHI
Discipline ISTRUMETATIO
COTROLLER
Page : 19 of 21

6.0 ISTALLATIO, ISPECTIO & TESTIG

6.1 Calibration, inspection and testing requirements shall in general be as per clause 3.6.10; 3.6.19
and 3.6.20 of Instrumentation Design Criteria. In addition, the following shall also be taken
care of.

6.2 The acceptance tests shall include:

• Hardware and software tests

• Factory Acceptance Test (FAT)
• Site Acceptance Test (SAT)

6.3 The tests undertaken shall demonstrate that each of the following responsibilities has been
fulfilled:

• The system is tested as an integrated system

• The hardware and software responsibilities are fulfilled
• All tests are documented in a checklist fashion
• The system is fully proven and ready for service.

6.4 The test procedures shall be developed in parallel with the system design.

6.5 The test procedures shall be developed by the Contractor as system engineering proceeds and
shall be published at least one month before commencement of the first factory test.

6.6 Any component of hardware or software failed during a test shall be re-tested as necessary to
prove rectification has been completed satisfactorily.

6.7 Hardware Tests

6.7.1 Comprehensive hardware tests shall be completed by the Contractor prior to any acceptance.
Contractor shall carry out the following tests as part of their QA procedure and sign off as part
of the QA requirement:

• A heat soak test of 48-hour duration shall be carried out

• All modules will be tested individually after being installed in the purchased system.
• The Contractor shall provide documented test programs that fully exercise all functions in
the purchased system.
• The Contractor's quality control test records shall be made available for examination.

6.8 Factory Acceptance Test (FAT)

6.8.1 Before the system is delivered to the site, satisfactory performance of the entire system shall be
demonstrated. The system shall simulate the final onsite configuration as closely as possible.

6.8.2 Detailed test schedules, including at least the tests listed below, shall be submitted for the
Company's approval one month before the testing. The Contractor shall have a technician and
 ONSHORE FUCTIOAL SPECIFICATIO FS # PLC
ENGINEERING FOR Rev 0
SERVICES PROGRAMMABLE LOGIC
NEW DELHI
Discipline ISTRUMETATIO
COTROLLER
Page : 20 of 21

test equipment available full time during testing. The tests shall be conducted after the 48 hours
heat soak test.

• Inspection of equipment
• Shock or vibration test (Contractor shall supply certification to demonstrate such a test
was passed for the generic system)
• Power supply variations
• Radio interference test
• Functional tests, including:
1. Operator control panel functions
2. Module replacement and standby changeover
3. Operation of multiple processors
4. Operation of communication channels, including PLC to DCS communication
link
5. Operation of power supplies
6. Failures and interaction between different parts of the system
7. Systematic diagnostic test, including self-test facilities
8. System and report alarms
• Electrical isolation test
• Application logic test
• Application software functional change test as per the Logic and/ or the Cause and
Effect diagrams
• System responsiveness (e.g. scan time, alarm discrimination, logging and screen
updates)
• SOE test, including accuracy of time-stamping
• Spare capacity verification

6.9 Site Acceptance Test (SAT)

6.9.1 The SAT shall essentially be a repeat of the FAT with the following additions:

6.9.2 The connecting wiring between distributed components shall be the actual field installed wiring
and cable.

6.9.3 The field inputs and shutdown devices shall be connected and exercised to confirm the correct
connection and compatibility of the field components.

6.9.4 Test of interfaces with actual systems i.e. DCS etc.

6.9.5 A repeat of the FAT shall be required after field connections of the actual system connections
are made. Input output signal simulation shall be at the transmitter end to enable the system to
be tested end-to-end.

7.0 DOCUMETATIO

7.1 The documentation requirements shall in general be according to clause 3.6.23.2 of

Instrumentation Design Criteria.
 ONSHORE FUCTIOAL SPECIFICATIO FS # PLC
ENGINEERING FOR Rev 0
SERVICES PROGRAMMABLE LOGIC
NEW DELHI
Discipline ISTRUMETATIO
COTROLLER
Page : 21 of 21

8.0 TAGGIG & AMEPLATES

8.1 Tagging and Nameplate requirements shall in general be according to clause 3.6.23.1 of
Instrumentation Design Criteria.

9.0 REVIEW & APPROVAL

9.1 Review and approval of purchase specifications and other related documents shall in general
be according to clause 3.6.23.3 of Instrumentation Design Criteria.

10.0 PREPARATIO FOR SHIPMET/ TRASPORTATIO

10.1 The PLC shall be prepared for shipment in accordance to clause 3.6.23.4 of Instrumentation
Design Criteria.

11.0 RECEIPT & STORAGE

11.1 Receipt and storage of the PLC shall be in accordance to clause 3.6.23.5 of Instrumentation
Design Criteria.