ICS SPECIFICATION

PART 2 - IPS & F&G SYSTEMS

NOTICE :
THIS DRAWING AND THE CEGELEC OIL & GAS
INFORMATION IT CONTAINS IS THE 72, avenue de la liberté
SOLE PROPERTY OF ABU DHABI GAS 92739 NANTERRE Cedex (France)
INDUSTRIES LTD. IT SHALL NOT BE
Tel. 33 (0)1 55 51 40 00
REPRODUCED OR LENT WITHOUT
THE AGREEMENT OF THE OWNER Fax. 33 (0)1 55 51 40 01

PROJECT No. A52.5295

ASAB & BAB ICS PROJ ECT

TITLE

ICS SPECIFICATION
PART 2 - IPS & F&G SYSTEMS
1 07/07/2005 Issued for Implementation

SIZE OLD DRAWING No. FILE NAME

P5223/30/0223
A 11/06/2005 Issued for Review/Comments
A4 ICS Specification Part 2_1.doc
DRAWING No. SHEET REV
SCALE
REV. DATE REVISION DESCRIPTION PREP.BY CHECKED APPD
NTS
P5223/30/0223/COM 1 of 18 1
 ICS SPECIFICATION P5223/30/P0223/COM
ABICS
PROJECT Cegelec P.N. A52.5295
PART 2 Date : 07/07/05
ESD & F&G SYSTEM Rev : 1
Page : 2 of 18

Revised Page Numbers: None

Notes: Second Issue

Filing: Division 1 – Engineering – Procurement Record Books

Part 1 – ICS System for ASAB & BAB
Section 3 – Material Specification

File Name: 874310838.doc 17/04/25 09:34

 ICS SPECIFICATION P5223/30/P0223/COM
ABICS
PROJECT Cegelec P.N. A52.5295
PART 2 Date : 07/07/05
ESD & F&G SYSTEM Rev : 1
Page : 3 of 18

TABLE OF CONTENTS

1 GENERAL REQUIREMENTS 4
2 SYSTEM OVERVIEW 5
2.1 GENERAL 5
2.2 ESD 5
2.3 F&G 5
2.3.1 ESD Interface 6
3 SYSTEM DESIGN CRITERIA 7
3.1 SYSTEM REQUIREMENTS 7
3.1.1 General 7
3.1.2 ESD 7
3.1.3 F&G 7
3.2 SYSTEM LOADING AND SPARING 7
4 HARDWARE REQUIREMENTS 9
4.1 GENERAL 9
4.2 INPUT AND OUTPUT MODULES (I/O) 9
4.2.1 General Requirements 9
4.2.2 Analog Input 9
4.2.3 Digital Input 9
4.2.4 Digital output 9
4.2.5 Final Element 10
4.2.6 Cabling 10
4.3 PROGRAMMABLE LOGIC CONTROLLER 10
4.3.1 General requirements 10
4.3.2 Power supply modules 10
4.3.3 Main Processor Modules 11
4.3.4 Communication modules 11
4.4 AUTOMATIC SELF TESTING AND DIAGNOSTICS 12
4.5 ENGINEERING AND OPERATING WORKSTATIONS 13
4.6 SYSTEM INHIBIT AND MAINTENANCE FACILITIES 13
5 SYSTEM SOFTWARE CONFIGURATION REQUIREMENTS 15
5.1 GENERAL REQUIREMENTS 15
5.2 ALARM SIGNAL HANDLING 15
5.3 CONFIGURATION TOOLS 16
6 IMPLEMENTATION 17
6.1 SCOPE OF SUPPLY 17
6.1.1 Hardware and software supply 17
6.1.2 Services supply 17
7 DOCUMENTATION 18
7.1 GENERAL 18
7.2 FUNCTIONAL DESIGN SPECIFICATION 18

File Name: 874310838.doc 17/04/25 09:34

 ICS SPECIFICATION P5223/30/P0223/COM
ABICS
PROJECT Cegelec P.N. A52.5295
PART 2 Date : 07/07/05
ESD & F&G SYSTEM Rev : 1
Page : 4 of 18

1 GENERAL REQUIREMENTS
This specification covers the requirements of both the Instrumented Protection system (IPS) and the Fire &
Gas System (F&G).
Both systems shall be treated as independent systems but exceptions to the same will be specifically
indicated.
The overall modernisation philosophy shall be to replace the existing obsolete systems with dedicated,
programmable logic controller based, minimum AK V TÜV certified for SIL 3, able to communicate with
the new DCS system, for real time data exchange.
The new ESD and F&G systems shall be provided with all necessary associated modular devices
(processors, power supplies, communication modules, termination modules, I/O cards, terminals and wiring,
marshalling cabinets etc) installed in cabinets and completely wired and ready to connect to incoming cables.
They shall be “stand-alone” type, capable of operation without operator intervention and shall be
manufactured using state of the art microprocessors and peripherals equipment.
HONEYWELL shall provide standard field proven systems. ESD and F&G systems shall include only
complete, tested and operational programs that are fully documented and clearly described.
Any requirement for hardware and software that is not part of a standard product (i.e. developed specifically
for this project) shall be clearly identified as "special to project" hardware/software. HONEYWELL shall
identify any equipment in the offer that has less than six months plant operating experience. HONEYWELL
shall provide test reports prepared by recognised consulting and testing organisations.
The equipment offered for this project shall be of HONEYWELL’s latest proven design. HONEYWELL
shall categorically assure in writing that its basic system "architecture" and the hardware and software shall
be fully supported, for a minimum period of 15 years starting from signature of the contract.
HONEYWELL shall identify clearly the mechanism by which it shall ensure that full control of development
support and supply of the product can be maintained over the period of 15 years from installation.
The future hardware upgrade of the system module cards etc. e.g. upgrading CPU, memory etc. of a
controller can only be acceptable, provided the upgraded devices are fully compatible and can work along
with the devices of the already installed system and spare parts are also compatible with the existing
modules. Software upgrade of the system can only be acceptable, providing it shall not affect the hardware
and shall not pull down the entire installed system to an inoperable state or shall not render the system totally
obsolete.
A sequence of event recorder shall be provided in accordance with DEP 32.80.10.30-Gen. The time stamping
requirements specified in DEP shall be adhered to.
Plant events, utility events, operator action (override and manual trip) and IPS failures shall be logged on the
SER for incident analysis purposes. SER is to be provided for specific packages at high resolution e.g.
(compressors). A separate network is not to be used – the SER facility shall be inherent in the basic system.
The SER system shall primarily function as back up for the DCS logging equipment and provide a high
resolution audit trail. The SER shall be capable of storing 100,000 items (time stamped events) in a circular
file. The time stamp shall equal the IPS check time at the time the trip alarm is generated.

File Name: 874310838.doc 17/04/25 09:34

 ICS SPECIFICATION P5223/30/P0223/COM
ABICS
PROJECT Cegelec P.N. A52.5295
PART 2 Date : 07/07/05
ESD & F&G SYSTEM Rev : 1
Page : 5 of 18

2 SYSTEM OVERVIEW

2.1 GENERAL
For the details of the NGL extraction facilities refer Part 0 of the specification.
The I/O cabinets are to be located in the auxiliary room and shall be connected to the system processors by
means of HONEYWELL system cables. HONEYWELL shall state in case of any limitations due to distance.
The marshalling cabinets for IPS and FGS will also be located in the auxiliary room for the Main plant.
However for the IPS and FGS cabinets for the Lean Gas station, Booster Compressor and Thammama ‘C’,
the same shall be located in their respective control rooms.
HONEYWELL shall be aware that during the transfer phase, the ESD and F&G equipment cabinets might
have to be re-located from a temporary to a permanent position in order to facilitate structural changes and
material movements within the buildings. At that time, the process conditions will be “live” and
consequently a high degree of equipment security and rigidity will be necessary.

2.2 ESD
Presently the plant ESD equipment is relay based and located in the Main Control Room (MCR), auxiliary
room and in the remote substations. In the new set-up, they will be as per the overall system architecture, and
briefly described as follows.
For Plant # 1 at both ASAB and BAB, the ESD equipment will be located in substation No. 2 (SS #2) of
booster compressors area.
For Plants # 2, 4, 5 & 6 at ASAB and Plants # 2, 3, 4, 5, 6 &7 at BAB, the ESD equipment will be located in
the auxiliary room of the MCR.
For Plant # 9 at ASAB and Plant # 8 at BAB the ESD equipment will be located in the Lean Gas Station
Control building.
For the acid gas area at Thammama ‘C’, the ESD equipment will be located in the Thammama ‘C’ shelter.
HONEYWELL shall carry out the system sizing based on the I/O count and indicate the number of racks and
cabinets required.
The system shall meet a scan time of <300 ms. (This results in a time from input change to output response
of less than 600 ms with all spare capacity occupied).

2.3 F&G
Presently the plant fire & gas system equipment are located in the Main Control Room (MCR), auxiliary
room and in the remote sub stations. In the new set-up, they will be as per the overall system architecture,
briefly described as follows.
For Plant # 1 at both ASAB and BAB, F&G equipment will be located in Substation No. 2 (SS #2) of booster
compressors area.
For Plants # 2, 4, 5 & 6 at ASAB and Plants # 2, 3, 4, 5, 6 &7 at BAB, the F&G equipment will be located in
the auxiliary rooms of the MCR.
For Plant # 9 at ASAB and Plant # 8 at BAB, the ESD equipment will be located in the Lean Gas Station
Control building
For the acid gas area at Thammama ‘C’, the FGS equipment will be located in the Thammama ‘C’ shelter.

File Name: 874310838.doc 17/04/25 09:34

 ICS SPECIFICATION P5223/30/P0223/COM
ABICS
PROJECT Cegelec P.N. A52.5295
PART 2 Date : 07/07/05
ESD & F&G SYSTEM Rev : 1
Page : 6 of 18

Honeywell shall carry out the system sizing based on the information on the I/O count and indicate the
number of racks and cabinets required.
This F&G-PLC shall communicate directly with the new DCS system for transmitting alarms and faults etc.
Fire and Gas alarm signals, repeated by means of F&G outputs, shall be hardwired to, and displayed on,
mimic panel located in the MCR. The design and supply of a standalone mimic panel is also part of this
scope of the supply of HONEYWELL.
The remote controls for the firewater pumps, deluge valve controls, field warnings, shall be operated from
the ICS workstation via F&G I/O. The deluge release and fire water pump manual start shall be hardwired
push buttons on mimic panel. The fire water pump automatic start will be hardwired from the F&G PLC
system.
The existing stand-alone F&G in buildings shall remain stand-alone, but certain digital outputs from these
miscellaneous fire cabinets shall be connected to the relevant F&G systems for monitoring purpose.

2.3.1 ESD Interface

The F&G outputs, which are, designated ESD/blowdown functions to the process and utilities shall be
implemented in the F&G system and hardwired outputs shall be connected to the ESD system to implement
the final ESD function.

File Name: 874310838.doc 17/04/25 09:34

 ICS SPECIFICATION P5223/30/P0223/COM
ABICS
PROJECT Cegelec P.N. A52.5295
PART 2 Date : 07/07/05
ESD & F&G SYSTEM Rev : 1
Page : 7 of 18

3 SYSTEM DESIGN CRITERIA

3.1 SYSTEM REQUIREMENTS

3.1.1 General
The ESD and F&G PLCs shall be certified for SIL 3 when applied in conjunction with standard industrial
equipment (OREDA data or equivalent). TUV approval/ certification shall be in line with DIN V VDE0801
and shall be suitable for use in DIN V 19250 risk class V environments.
The systems shall monitor inputs in the form of discrete and analogue signals and digital controls.
All inputs shall be processed and monitored and in the event of activation, only the concerned circuitry's are
to be activated independently of the other circuitries.

3.1.2 ESD
The ESD system shall work in a TUV certified “fail safe” mode i.e. normally energised.
The ESD system shall be designed on the fail safe basis so that its failure shall place the process in a safe
operating shutdown condition.
The ESD system shall perform the logic for ESD, depressurisation, electrical isolation and process
shutdowns as per cause & effect diagrams.The system shall also have capability for online logic testing.
The ESD system shall also initiate process shutdowns in order to protect items of plant, shutdown specific
items of equipment and to ensure that they do not cause safety related hazards.
The ESD system shall provide highly secure, safe, reliable and effective monitoring, depressurising and
controlled shutdown of the plant, as described in the DEP 32.80.10.10 Gen & DEP32.80.10.30 Gen..

3.1.3 F&G
All F&G signals for the process and utilities areas shall be connected to and implemented on this new F&G.
Automatic outputs shall be provided to operate solenoid valves, HVAC system etc.
The F&G system shall work in a “fail safe” mode i.e. normally energised, except for deluge valve operations.
Energise to trip philosophy shall be adopted for deluge valves operations line fault detection shall therefore
be incorporated.

3.2 SYSTEM LOADING AND SPARING

Provision shall be made for I/O interface segregation with respect to the different process systems, or sub-
systems, within each plant.
HONEYWELL shall meet the following spare capacity requirements.
ESD spare I/O capacity and spare rack space: The installed spare capacity and spare space shall be done in
accordance with the following:
 The average total spare capacity of all types of I/O card of each plant area shall be 20 % of each
type of I/O card.
 The installed spare I/O capacity per cabinet will be calculated to achieve the above with not less
than 20 % spare capacity for any individual cabinet.

File Name: 874310838.doc 17/04/25 09:34

 ICS SPECIFICATION P5223/30/P0223/COM
ABICS
PROJECT Cegelec P.N. A52.5295
PART 2 Date : 07/07/05
ESD & F&G SYSTEM Rev : 1
Page : 8 of 18

 All spare I/O cards shall be supplied as pre-wired.

 Spare rack space shall follow the above requirements but with a minimum of 20 % per cabinet.
CPU memory allocation shall not exceed 50 % under the worst operating conditions (peaks & overshoots
during abnormal/ upset conditions) and even when all the spare capacity is used.
Spare memory for Application Program and Data Base shall be at least 30%.
Because the CPU Loading is subject to variation, the average value of CPU loading with user application
programs or special high level language support programs shall not exceed 50% of its maximum capacity.

File Name: 874310838.doc 17/04/25 09:34

 ICS SPECIFICATION P5223/30/P0223/COM
ABICS
PROJECT Cegelec P.N. A52.5295
PART 2 Date : 07/07/05
ESD & F&G SYSTEM Rev : 1
Page : 9 of 18

4 HARDWARE REQUIREMENTS

4.1 GENERAL
In cases of redundant equipment (power supply, CPU, I/O modules etc.) on failure, the switching duty to
standby shall be automatic and should not create any disturbance to the operation of the system. Failure of
any modules shall be annunciated and replacement of failed module shall be possible without isolating the
power supply.
HONEYWELL shall refer DEP 32.80.10.30: Instrumented protective systems for additional specifications
and requirements and confirm the same in the bid stage.

4.2 INPUT AND OUTPUT MODULES (I/O)

4.2.1 General Requirements

The I/O modules design shall be fitted with status and diagnostic LEDs (as a minimum, power supply status
and I/O channel status).
I/O points shall have full galvanic isolation.
The system shall be designed to automatically self test input and output cards in such a way as not to cause
any process disturbance, but shall reliably detect otherwise covert failures.
Input /output modules shall form part of the system feature which shall provide diagnostics for any faults in
the I/O modules. A standard requirement of the auto-test system shall be test-abort function in case of
genuine alarm.
I/O shall typically provide 4,8, 16 or 32 points per module and shall be capable of being mixed in any I/O
chassis. HONEYWELL shall provide the complete reference and data-sheet of proposed I/O modules.

4.2.2 Analog Input

Smart transmitters with 4-20 mA output shall be normally used for input. Analog inputs shall have open and
short circuit and out of range detection. The range shall be configurable per input channel and only accessed
via Engineering work station. The power for transmitters shall be supplied by the ESD.

4.2.3 Digital Input

Switches for ESD shall be normally closed contact to open on trip condition.
Switches for F&G shall have normally open (quiescent current) design and close on alarm/trip.
Consequently, continuous line monitoring capable of detecting open loops and short circuits shall be applied.

4.2.4 Digital output

Momentary or latched type outputs shall be possible on each channel and the same shall be software
selectable.
Output requirement:
 Output to solenoid valves: 24 VDC normally energised. A few outputs may be specified to be in
de-energised state i.e. deluge release SOVs. These shall be provided with line monitoring
facilities. The power for the solenoids shall be supplied from the ESD system. All digital output

File Name: 874310838.doc 17/04/25 09:34

 ICS SPECIFICATION P5223/30/P0223/COM
ABICS
PROJECT Cegelec P.N. A52.5295
PART 2 Date : 07/07/05
ESD & F&G SYSTEM Rev : 1
Page : 10 of 18

channels shall have a minimum contact rating of 2A at 24 VDC and suitable for a power
consumption of 17W to 20W per solenoid at 24V DC.
 Outputs to Motor Control Centre or to packaged unit control panel: Output contacts to motor
control centre shall be 24 VDC, 2A. The required 24 VDC power supply shall be supplied by
the ESD system. The volt free contacts shall be closed during normal operation and open during
safety trip or fail-safe position.

4.2.5 Final Element

The automatic output actions performed by the FGS shall be entirely independent of the DCS. If the process
unit or rotating equipment will be tripped by the FGS, the FGS final element shall be implemented as a
potential free contact output which is routed to a digital input of the relevant process IPS. For equipment
packages that are fully self contained, see DEP 32.31.09.31-Gen.
Final elements that constitute a personnel hazard when actuated, such as extinguishing agent release systems,
shall have safety features to ensure evacuation of personnel before release.

4.2.6 Cabling
For special requirements regarding cabling, refer to DEP 80.47.10.30-gen and DEP 80.47.10.31-Gen.

4.3 PROGRAMMABLE LOGIC CONTROLLER

4.3.1 General requirements

ESD and F&G systems shall be implemented in a TUV certified SIL 3 fault tolerant, dual or triple modular
redundant format so that no single component or module failure shall cause a system failure or process
shutdown. These systems shall have a fully duplicated or triplicated architecture from the I/O modules to the
main processor. Systems shall be specifically designed for safety applications. Integrated systems comprising
general purpose PLC hardware are not acceptable. Dual redundant systems shall be diagnostics based 100N
architecture.
Parallel signal channels shall be fully isolated from the others while performing parallel control. These
systems shall employ a voting scheme or enhanced self-diagnostics to provide a high integrity, error free,
and uninterrupted process operation with no single point of failure.
System components shall be rack-mounted, modular design, plug-in type. Modules shall be replaceable
without the need for special tools.
The system shall have self-diagnostic programs that run independent of the application programs on a
continuous basis with fault detection capability down to the I/O module individual channel. All modules
shall be replaceable on line without causing further system degradation. Re-initialisation of replacement
module shall be automatic.
Identification and location of faults and status shall be automatic, by means of indicators (LED) located on
each module with displays of faults on maintenance/inhibit local console and with common fault alarm and
status displayed on DCS via a redundant digital high speed communication links.

4.3.2 Power supply modules

The PLC shall operate with a minimum dual redundant power supply. Each power supply shall be
individually capable of supporting the power requirements of all modules.
Each power supply shall feed a separate power rail.

File Name: 874310838.doc 17/04/25 09:34

 ICS SPECIFICATION P5223/30/P0223/COM
ABICS
PROJECT Cegelec P.N. A52.5295
PART 2 Date : 07/07/05
ESD & F&G SYSTEM Rev : 1
Page : 11 of 18

The power supply modules shall be fitted with status and diagnostic LED’s (as a minimum, module status,
fault).
The power supply module shall be replaceable without affecting the working of any other modules in the
controller.
The F&G system shall be provided with battery backup facilities to sustain full operation of the system for a
period of 8 hours. The ESD system shall be provided with battery backup facilities to sustain full operation
of the system for a period of 30 minutes.

4.3.3 Main Processor Modules

Identical operating software and applications programs, including fault history, residing in each processor
memory shall be executed independently. The processor shall also execute a voting of all data received and
transmitted to the I/O modules that will control the process.
Input signal shall be separated into two or three isolated paths from the input terminal of the input module to
the voter circuit output.
The ESD and F&G PLC’s shall be provided with individual battery back-up to maintain the integrity of the
memory for six (6) months in case of power failure. Battery degradation shall be included as part of the
diagnostic alarm.
The system must be protected from unauthorised or accidental modification of programs (password).
HONEYWELL shall indicate the protection procedures available on its system.
All facilities necessary for making modification to the logic system should be provided as part of the
program development and maintenance console.
Scan time: To ensure suitable response for activation and sufficiently accurate time stamping, the scan or
cycle time of IPS-PLC shall be less then 300ms. The maximum time from input state change to output state
change is then 600ms. For rotating equipment it shall be confirmed that the cycle time is sufficient to protect
the equipment i.e. process safety time of the equipment exceeds twice the cycle time plus response time of
initiator and final element and process

4.3.4 Communication modules

4.3.4.1 General requirements:

Communication module shall be automatically and permanently tested to ensure that it is not out of service.
Identification and location of faults and status shall be automatic, and shall be transmitted to DCS.
The communication cable shall be flexible for ease of installation and termination within equipment cabinets.
Cable and fittings shall be of top quality and shall be field proven.
The system shall be designed for quick and easy connection and disconnection of devices.
HONEYWELL shall provide the complete references and data-sheets of the communication modules in the
Functional Design Specification.

4.3.4.2 Internal communications:

All PLC internal communication shall de duplicated or triplicated, and shall be via SIL-3 approved.
All such internal communication includes:
 Communication between the main processors,
 Communication between the main processors and the I/O modules,

File Name: 874310838.doc 17/04/25 09:34

 ICS SPECIFICATION P5223/30/P0223/COM
ABICS
PROJECT Cegelec P.N. A52.5295
PART 2 Date : 07/07/05
ESD & F&G SYSTEM Rev : 1
Page : 12 of 18

 Communication between the main processors and the communication modules.

4.3.4.3 DCS communication modules:

ESD and F&G Systems are network devices or nodes of the Control System network similar to Operator
Control Station, DCS Controllers.
Communication ESD and F&G to DCS: Refer to the DEP 32.30.20.11-Gen..

4.3.4.4 Printer interface:

Each ESD shall be able to be connected to a printer permanently. Auto documentation (including logic
diagrams) print out facility shall be provided for all application programs. The ESD shall print out only on
request.

4.3.4.5 Engineering workstation:

Each ESD shall be permanently connected to a programming/maintenance console to allow upload/download
memory, real time data transfers, system maintenance, and modification to current program.
HONEYWELL shall provide all devices (port, cables, and fittings) to ensure operational communication.

4.4 AUTOMATIC SELF TESTING AND DIAGNOSTICS

The system shall be self-checking and shall ensure that no ‘dormant’ component fault is present. The main
processor modules shall run regular and frequent diagnostics in between the execution of the application
program in such a manner as not to interfere with the basis cycle time operation of any program.
As a minimum, on-line diagnostics shall perform the following:
 Check voting and fault detection circuit.
 Vote and verify all memories.
 Vote and verify all inputs and outputs.
 Diagnostic check of operating system and user program.
 Reveal all hidden faults or the potential of a fault occurrence and provide a sufficient warning for
plant maintenance to correct the situation before a system failure occurs.
Diagnostic alarms shall be accessible through the maintenance console; LED’s on the modules and on the
DCS via the communication links.
In addition to the system alarms accessed through the communication links, HONEYWELL shall provide a
common hardwired volt free alarm contact for each one of the following faults:
 Main processor failure.
 Power supply module failure.
 I/O module failure (common to all modules).
 Internal communication failure.
PLC shall have its internal “watchdog” contact arranged so that a common signal is initiated for a system
fault. Signal shall be available on hardwired alarm contact.

File Name: 874310838.doc 17/04/25 09:34

 ICS SPECIFICATION P5223/30/P0223/COM
ABICS
PROJECT Cegelec P.N. A52.5295
PART 2 Date : 07/07/05
ESD & F&G SYSTEM Rev : 1
Page : 13 of 18

HONEYWELL shall state clearly in the Functional Design Specification how the system is diagnosed (type
of diagnostic, scan time, etc.) and which alarms are available.

4.5 ENGINEERING AND OPERATING WORKSTATIONS

A complete console with the operating system and programming software shall be supplied for the ESD and
F&G systems per Control room i.e. MCR, Booster Station and Lean gas station.
These consoles shall be PC based, including latest microprocessor, disk and memory of sufficient capacity
and relevant peripherals. It shall be equipped with the latest version of a proven latest operating system (e.g.
Microsoft Windows or Windows NT) and with the programming and maintenance software.
The operating and system programs shall be written such that they can be updated with changes to the
operating system and does not become superannuated.
The programming and maintenance software shall include, but shall not be limited to the following minimum
software requirements:
1) System and I/O configurations identifying each module type location and tag name
2) System data base including tag names, descriptions, type, etc...
3) Programming user program (ESD and SER),
4) Maintenance system,
5) Online modification of user program
6) Automatic on line documentation,
7) Off line testing of the control program including full emulation of program and monitoring of the
emulated program,
8) On line monitoring of the program execution in the PLC,
9) Downloading facilities,
10) Output overrides, this function shall only be performed under password protection and work
permit conditions.
11) Inputs/outputs forcing facility shall be provided (for testing and maintenance purposes).
12) Logging of forced inputs and outputs
The HONEYWELL supplied program development and maintenance console shall be equipped with
password security to access the different levels of operation.
Application program shall be identified by the date and time of last CPU loading or by a revision number
automatically updated in order to ensure the identity between source and object running program.

4.6 SYSTEM INHIBIT AND MAINTENANCE FACILITIES

The following override facilities (key switches) shall be provided for the ESD system from the DCS
auxiliary consoles. Two different inhibit modes shall be available:
 Operational or start-up overrides
 Maintenance overrides
The Maintenance Override Switch (MOS) shall be provided only for those IPF initiators where a second or
back-up indication and an associated means to stop the process are available to the operator. A time limit
shall be placed on the duration that a MOS is initiated.

File Name: 874310838.doc 17/04/25 09:34

 ICS SPECIFICATION P5223/30/P0223/COM
ABICS
PROJECT Cegelec P.N. A52.5295
PART 2 Date : 07/07/05
ESD & F&G SYSTEM Rev : 1
Page : 14 of 18

The ESD MOS are software switches that shall reside in the ESD. Actuation of the override switch shall
suppress automatic trip and ESD action from the related input but shall not suppress the alarm function. Only
when the master MOS enable switch (hardwired) is enabled the individual MOS will be accepted by the
logic. The DCS/ESD logic shall ensure that no more than one MOS per group can be active at any time.
All MOS related events shall be recorded on the SER with a time stamp and shall also be printed on the DCS
printer.
Refer to DEP 32.80.10.10: Classification and Implementation of Instrumented Protective Functions, Issue
October 2001 for design requirements and implementation aspects.
HONEYWELL shall provide the ESD system in accordance with the Shell DEP. The exact number of the
start-up/maintenance overrides will be decided during the detailed design. However, HONEYWELL shall
suggest the method for functionality implementation at remote stations such as Booster and Lean Gas station.
The tag numbers of the input signals that requires start-up inhibits facility and its reset conditions will be
provided to HONEYWELL during detailed engineering.

File Name: 874310838.doc 17/04/25 09:34

 ICS SPECIFICATION P5223/30/P0223/COM
ABICS
PROJECT Cegelec P.N. A52.5295
PART 2 Date : 07/07/05
ESD & F&G SYSTEM Rev : 1
Page : 15 of 18

5 SYSTEM SOFTWARE CONFIGURATION REQUIREMENTS

5.1 GENERAL REQUIREMENTS

The application software’s for the project shall be based on standard software typical modules. The
application software shall be structured as defined in the Cause and Effect Diagrams and detailed functional
logic diagrams.
Each operational logic sequence for a separate unit of the plant shall have a corresponding software module
designed to operate as a stand-alone functioning unit. Each module shall be labelled. Similarly, the common
functions for the whole plant, such as Emergency Shutdown, shall have a separate software module, and be
labelled.
Subroutines shall not be utilised in the application program. Programming shall be accomplished using
standard conventional software packages (i.e. alarm levels, values.).
Programmable systems shall be fully configurable by the USER and shall require no specialised
programming whatsoever.
Program shall be performed using function block logic diagrams rather than ladder logic diagrams.
HONEYWELL shall provide cause and effect diagrams on the system using programs.
Function block diagrams with comment boxes and narrative descriptions shall be provided. All ESD
Software shall have complete function blocks diagrams containing descriptive function blocks comments,
tags, identification of all bits and words used, and be complemented with necessary full narrative
descriptions of each logic section. The top of the first page of the documentation shall bear a full project title.
Links with other control systems shall be clearly identified and documented.
Memory allocation table shall be provided.
Data table assignment lists shall be provided. Complete listings of all data table files, and bit assignments
used throughout the programs containing the memory address, symbolic or tag name and cross reference to
function block usage within the programs shall be provided.
Program changes and modifications shall be fully recorded by the application software development tool and
shall be available as part of the on line documentation facility.

5.2 ALARM SIGNAL HANDLING

Alarm signal handling shall be as per DEP 32.80.10.30 Gen. The ICS system shall be used to perform all IPS
alarm handling, indication, annunciation, logging and printing. In some exceptional situations, it may be
acceptable if an IPF is implemented with the operator as one link of the IPF chain, even when the SIL of the
function is SIL1 or higher. An example of such case is fire and gas alarms. This is only acceptable provided
that :
 the operator has time to take action i.e. the process safety time exceeds the sum of the IPF
response time and the operator response time.
 The alarm is a hardwired alarm outside the DCS (fire and gas alarms).
For IPS system alarms and IPS utility alarms, more (or all) diagnostic information may be transmitted from
the IPS to the DCS ins addition to the common alarms. Alarms can then be shown individually or combined,
depending on the action to be taken by the operator. Help screen should be provided to indicate causes and
action associated with the alarms. The necessary actions shall be taken to ensure that mean time to repair
figures of the IPS does not deteriorate so as to jeopardise plant safety or plant availability. Any time delay

File Name: 874310838.doc 17/04/25 09:34

 ICS SPECIFICATION P5223/30/P0223/COM
ABICS
PROJECT Cegelec P.N. A52.5295
PART 2 Date : 07/07/05
ESD & F&G SYSTEM Rev : 1
Page : 16 of 18

due to system constraints between IPS trip initiation and DCS alarm presentation shall be less then 3
seconds.
The first trip action occurring in each UZ group (first failure) shall be detected by the IPS. A first up flag
shall be transmitted to the DCS and the DCS display shall differentiate the first up alarms from subsequent
alarms, until the first up reset is activated and the first up flag removed by the IPS. First up reset is done
using a separate switch in the DCS or preferably when the trip function itself is reset (avoiding the need for a
separate first up reset).

5.3 CONFIGURATION TOOLS

HONEYWELL shall define the facilities and methods for implementing configuration on its system. It shall
submit a description of the software used to configure the system including the software releases intended to
be used.
HONEYWELL shall state in writing if the configuration can be done offline on a personal computer or on a
system console with keyboard.
HONEYWELL shall reconfirm that new or modified configuration can be downloaded on line on the
system, for the application programs and database.

File Name: 874310838.doc 17/04/25 09:34

 ICS SPECIFICATION P5223/30/P0223/COM
ABICS
PROJECT Cegelec P.N. A52.5295
PART 2 Date : 07/07/05
ESD & F&G SYSTEM Rev : 1
Page : 17 of 18

6 IMPLEMENTATION

6.1 SCOPE OF SUPPLY

6.1.1 Hardware and software supply

HONEYWELL shall provide the hardware, system software and application software to meet the
requirements of this specification for Instrumented Protective System(s).
HONEYWELL shall provide:
 Control and I/O devices.
 Program development and maintenance consoles.
 System software applicable to all user requirements.
 Interfaces to DCS.
 Cabinets for ESD devices.
 System cables.
 Sequence of event recorder with printer.
HONEYWELL shall be aware that there is likely to be a requirement for early delivery of some hardware
and software to facilitate configuration, speed up field termination and to provide facility for site training.

6.1.2 Services supply

HONEYWELL's responsibility shall include but is not limited to the following:
1) System engineering..
2) Analyse and review the FLDs provided by CEGELEC (Functional Logic Diagrams).
3) System programming and configuration.
4) Complete documentation.
5) Factory testing.
6) Site acceptance testing.
7) Packing and shipping.
8) Installation services.
9) Training.
10) Pre-commissioning, commissioning assistance.
HONEYWELL shall also provide the responsibility for the activities listed below:
1) ESD detail engineering.
2) Logic configuration.
3) DCS interface configuration.
4) SER configuration.

File Name: 874310838.doc 17/04/25 09:34

 ICS SPECIFICATION P5223/30/P0223/COM
ABICS
PROJECT Cegelec P.N. A52.5295
PART 2 Date : 07/07/05
ESD & F&G SYSTEM Rev : 1
Page : 18 of 18

7 DOCUMENTATION

7.1 GENERAL
In addition to the general documentation requirements specified in the ICS specification, the following
requirements are specific for the ESD system..

7.2 FUNCTIONAL DESIGN SPECIFICATION

HONEYWELL shall issue a FDS document which is specific to its system and which fully defines the way
in which all functionality is to be configured in the Safety Systems. This document shall be submitted for
approval prior to commencement of the Safety System’s configuration and shall include as a minimum:
1) Introduction
2) System overview
3) Hardware set-up assignments
4) Software set-up assignments
5) Typical loops description
6) I/O Assignment Philosophy
7) Processor split philosophy (whenever the system requires a more then one processor)
8) Interface to DCS
9) Auto test facility
10) Functional logic diagrams
11) Signal flow diagrams
12) Area database definition.
The FDS together with the I/O list will then become the reference for configuration and testing.

File Name: 874310838.doc 17/04/25 09:34