PMAOPS305 Operate Process Control Systems

PMA02
Operations 305B
Operate Process Control
Systems
Hydrocarbon National Training Modules
Challenger TAFE 2004

Version 2 May 2005
Next Review May 2006
Issued by Training Coordinator ACEPT
371827881.doc
Version 2 May 2005
371827881.doc
PMA02
OPERATIONS 305B
OPERATE PROCESS
CONTROL SYSTEMS

Version 2 May 2005
371827881.doc
DEVELOPED BY
The Australian Centre for Energy

and Process Training
133 Salvado Road
SUBIACO WA 6008
Tel +61 +8 93825736
Fax +61 +8 9382 5798
A Division of CHALLENGER TAFE

Version 2 May 2005
371827881.doc
Version 2 May 2005
371827881.doc
A GUIDE TO THIS UNIT MANUAL
This manual contains the following sections: -
Understanding Competency Based Learning ii
Icons Used In This Manual vi
Contents vii
Introduction 1
The Module 5
Tables of Competency 137

Version 2 May 2005
371827881.doc
Understanding Competency Based
Learning
What is Competency?
Being COMPETENT at a job is: -
Ability to do the job Safely and Efficiently
Knowing why the job is being done.
Understanding the underlying principles of that job.

(Underpinning Knowledge)
In other words, Competency requires SKILL and KNOWLEDGE
Once you are competent you will be able to:

Complete the job to the required standard (skill)
Organise your tasks (efficiency)
Be able to react to the unexpected (contingency planning)
Be able to use your skills and knowledge (skills transfer)

for different situations
How is Competency Assessed?
Competency is assessed by your Assessor. The Assessor will gather evidence of

you being Competent. This evidence can be obtained in different ways, to suit the
job and the student. Examples include: -
Observing the student doing the job

Written questions
Oral questions
Examining examples of students work
Interviewing supervisors

Version 2 May 2005
371827881.doc
Your Assessor will outline how you will be
assessed at the start of the unit.
What if I am Not Yet Competent?

If you do not demonstrate competency, your assessor will arrange other
opportunities for you to do so. These may include: -
Re-Sitting Questionnaires
Repeats of activities
Alternate tasks of a similar nature.
The Assessor will also tell you which elements of the competency you are
not yet competent in.
So what do I need to know?

At the back of this resource manual is a set of tables. These tables show: -
What you have to be able to do. (Performance Criteria)
The Range or Variety of skill/knowledge (Range Statement)
The Ways in which you may be assessed (Assessment Method)
These tables are REALLY useful to help you study and identify
what you need to be able to do and know. Make sure you
understand these and ask your tutor if you do not.
A COMPETENCY UNIT is divided into ELEMENTS, and these are

divided into PERFORMANCE CRITERIA.

Version 2 May 2005
371827881.doc
COMPETENCY
ATING A MEAT PIE
ELEMENT 1 ELEMENT 2 ELEMENT 3
Prepare the Pie Eat the Pie Clean Up

For Afterwards
Eating
Performance Performance Performance

Criteria 3.1 Criteria 3.2 Criteria 3.1
Able to Lick Able to Wipe Able to
Fingers the Sauce off Clean
Shirt Crumbs off
Floor
Unit Name
and Code
Element or Part
of the
Competency
UNIT TITLE: PMA MAIN 201A
Undertake Minor Maintenance
Version 2 May 2005
371827881.doc
ELEMENT 1 OF 4: Able to Correctly Select and Use Spanners and Wrenches
PERFORMANCE Indicates RANGE

a knowledge-based METHOD
outcomeOFwith anRESULT
assessment of
CRITERION STATEMENT ASSESSMENT
learning consisting of written question(s).
1.1 The assessee must be
able to identify
ring spanners, open Oral/written Complete

ended spanners, questions
spanners and Incomplete
wrenches and state the socket spanners, then
purpose of each. hook spanners, pin
Indicates a knowledge
spanners, shifting Practical
and skills based outcome with an
assessment of learning
spanners, flogging activity
consisting of (real
a practical exercise.
spanners, pipe or
wrenches, strap simulated)
wrench, tension
wrench
Indicates a worked example or practical written exercise.
What you
must be How you
The scope of
able to do can be
things you
assessed
must be able to
do
Indicates important information and Critical Points.
Additional Material to increase Underpinning

Knowledge of the topic being studied
Icons Used In This Manual
Questions to help you check your knowledge.
GETTING YOUR HEAD AROUND IT!

Version 2 May 2005
371827881.doc
!
STOP!
CHECKPOINT

Version 2 May 2005
371827881.doc
CONTENTS
1.0 Interface with the keyboard or control panel.
1.1 Use keyboards, track ball and monitor and/or stand

alone controllers to access control panel
1.2 Monitor the process using the operator interfaces

and keep field operators informed on developments
1.3 Select appropriate controller modes to ensure

the effective control of process.
1.4 Undertake required set-point/output changes to

optimise plant and process conditions.
1.5 Access historical data and information.
1.6 Acknowledge messages and alarms
2.0 Access control information
2.1 Obtain relevant data and information from the control

system by applying systems knowledge.
2.2 Identify the status of individual pieces of equipment

from the control panel and use information to identify potential faults.
2.3 Interpret alarms and prioritise steps to ensure control

of system is maintained.
2.4 Minimise fluctuations and variations in process

through the interpretation of existing trends and
control schematics.
2.5 Record nature of variations/irregularities in accordance

with standard operating procedure
3.0 Control process variations and monitor normal operations.
3.1 Assess historical data to assist the identification

of problems and selection of troubleshooting techniques
to deal with them.
3.2 Process available information to identify potential faults.

Version 2 May 2005
371827881.doc
3.3 Undertake required set-point/output changes to optimise
plant and process conditions.
3.4 Optimise plant-operating conditions in accordance with

guidelines.
3.5 Adjust production in response to test results and control

panel information
3.6 Report and record adjustments and variations to

specifications/schedules to appropriate personnel
4.0 Facilitate planned and unplanned process start-ups

and shutdowns.
4.1 Select and apply operational procedures to planned

startup and shutdown processes to guide the required
process and sequence
4.2 Select and apply operational procedures to unplanned

shutdown processes to guide the required process and sequence
4.3 Communicate with all operational areas and personnel

affected by events to ensure that safety of the system and
process is maintained during the process
4.4 Implement all required emergency responses and ensure

the outcomes of these responses are communicated to all
affected areas
4.5 Log all required information for further action to provide

a historical record of all events.
5.0 Respond to alarms or out of specification conditions.
5.1 Identify which system is affected by the alarm or out of

specification condition
5.2 Examine the condition for signs of severity and check log
for currency of the occurrence
5.3 On control panels scroll through other screens to identify

what other alarms or abnormal conditions may be registered
5.4 Respond to the alarm or incident by following procedures
5.5 Communicate the problem to shift supervisor or the plant engineer

Version 2 May 2005
371827881.doc
5.6 Record the information on the appropriate log and/or ensure the
operations database is updated with details of the alarm.
5.7 Provide face to face details of the alarm and action taken to the
next supervisor at shift changeover.
5.8 Follow-up the incident to see that appropriate action has

been taken.
6.0 Control hazards
6.1 Identify hazards in the production/processing work area.
6.2 Assess the risks arising from those hazards.
6.3 Implement measures to control risks in line with procedures

and duty of care.
7.1 Resolve Problems
7.1 Identify possible problems in equipment, control systems or process
7.2 Determine problems needing action
7.3 Determine possible fault causes
7.4 Rectify problem using appropriate solution within

area of responsibility
7.5 Follow through items initiated until final resolution has occurred
7.6 Report problems outside area of responsibility to

designated person.

Version 2 May 2005
371827881.doc
INTRODUCTION
What is a Distributed Control System?
Distributed Control Systems (DCS) have been in the market place
since the 1980's. Prior to DCS, process plants used either discrete
control systems or centralised computer systems to control their process. So what is
a Distributed Control System? Put simply, a DCS is a process control system that has
its controlling entities distributed throughout a process plant. Each of these entities is
connected together via some form of communication highway that facilitates
communication between the entities and operator interface units.
In turn, operator interface units are used to control and monitor the process.
The various sub-sections include:
Operator interface unit.

Distributed controlling entity.
Field interface unit.
Communication highway.
Engineering interface unit.
Third Party interface.
Each of these sub-sections constitutes a major part within the control system. A brief
description of each sub-section is given below detailing its primary function.
Third Party Interface Engineering Interface

Units
Operator Interface Units
Communication
Highway
Process I/O Process I/O

Signals Signals
Field Interface Unit Distributed Control Distributed Control Field Interface Unit
Entity Entitiy
Distributed Control System Components

Operator Interface Unit
This device provides the process operator with a window to the process. The
interface will normally allow control of the process via a special keyboard. From the
keyboard the operator will be able to adjust process set points, stop/start devices and
a range of other tasks. The interface will also provide monitoring of the process via
dedicated interactive graphic displays. Other features may include access to
historical data, tuning capabilities and alarm management systems.
Distributed Controlling Entities

This is where the 'number crunching' or actual control takes place. These devices
usually reside within standard or industrial cabinets that may or may not be located in
the field. Often the cabinets are located in equipment rooms adjacent to the process
they are controlling.
The controllers themselves are microprocessor based and can provide a high level of
controlling power. The cabinets also contain interface devices to allow
communication with other distributed entities using the communications highway and
operator interface units.
Field Interface Units

The field interface units provide the actual interface or termination between the field
devices and the control system. The interface units may contain signal conditioning
electronics, galvanic isolation, transient suppression or field power options as
required by the application.
These units may be integrated with the distributed controlling entities but may reside
in their own cabinet. Some of these devices may be remote to the controller cabinets
and connected via a fibre optic cable.
Communication Highway
The communication highway can be considered as the major artery for all information
flow between the various components of the DCS. The communication highway
provides a reliable high-speed communication path for data travelling between
controller entities, operator interfaces, and other devices.
This upper level in the communication system is a highly secure system that provides
exceptional data integrity. Data throughput is maintained under heavy loading, which
may occur during plant-upset conditions. Various methods of data compression are
used to achieve this end.
Engineering Interface Unit

The engineering interface unit provides a window into the DCS for the plant process
engineer to program or monitor the system. The engineering interface unit is also
used to program the various control strategies and console graphics.
The engineering interface unit is not used by the plant operator and is considered an
engineering tool to program and maintain the DCS.
Usually the engineering interface unit is either a standard personal computer or a
customised device connected to the communication highway. It enables the plant
engineer to communicate directly with the various system components for tuning and
diagnostic purposes.
Third Party Interface

Third party interfaces allow foreign devices to communicate with the DCS. Such
interfaces are useful if data flow is required between dissimilar systems, or when
interfacing to a CHALLENGER computer system.
Today's modern process plant incorporates numerous specialised 'packages' in its
operation. These 'packages' may be used to analyse or process a substance prior to,
or in connection with, the main manufacturing task. Typically these 'packages' come
with their own unique instrumentation that has already been calibrated and
commissioned. In order to interface these third party 'packages' with the plant DCS, it
is necessary to have a suitable interface device.
Distributed Controlling Entity Architecture
DCE Communications Bus

This provides communication within the Distributed Control Entity itself. It allows data
flow between the Data Highway and Processing Modules. It also permits
communication between several Processing Modules within the DCE.
I/O Slave Bus
The Slave Bus provides the communication between the Processor module and the
slave modules within a PCU. It is separate from the Data Highway to permit higher
speeds of data transfer.
I/O System
Process I/O signals interface to the Distributed Control Entity via termination modules
or units. The terminations are connected directly the their corresponding slave
module which digitise the data and then pass the information, via the slave bus to the
Processor module. There are a variety of slave modules to suit various process
signals types.
Multiple Function Processing Module

SCADA SYSTEMS
Systems concepts
The term SCADA usually refers to a central system that monitors and controls a
complete site. The bulk of the site control is actually performed automatically by a
Remote Terminal Unit (RTU) or by a Programmable Logic Controller (PLC). Host
control functions are almost always restricted to basic site over-ride or supervisory
level capability.
Data acquisition begins at the RTU or PLC level and includes meter readings and
equipment statuses that are communicated to the SCADA as required. Data is then
compiled and formatted in such a way that a control room operator using the SCADA
can make appropriate supervisory decisions that may be required to over-ride normal
RTU (PLC) controls.
SCADA systems typically implement a distributed database which contains data
elements called points. A point represents a single input or output value monitored or
controlled by the system. Points can be either "hard" or "soft". A hard point is
representative of an actual input or output connected to the system, while a soft point
represents the result of logic and math operations applied to other hard and soft
points. The point values are normally stored as value-timestamp combinations; the
value and the timestamp when the value was recorded or calculated. A series of
value-timestamp combinations is the history of that point.
[edit]
Human Machine Interface
The HMI/SCADA industry was essentially born out of a need for a user friendly front-
end to a control system containing programmable logic controllers (PLC). While a
PLC does provide automated, pre-programmed control over a process, they are
usually distributed across a plant, making it difficult to gather data from them
manually. Additionally, the PLC information are usually in a crude user-unfriendly
format. The HMI/SCADA gathers information from the PLCs via some form of
communication method, and combines and formats the information. Since the early
1990s the role of SCADA systems in large civil engineering solutions has changed,
requiring them to perform more operations automatically. A sophisticated HMI may
also be linked to a database to provide instant trending, diagnostic data, scheduled
maintenance procedures, logistic information, detailed schematics for a particular
sensor or machine, and expert-system troubleshooting guides. Since about 1998,
virtually all major PLC manufacturers have offered integrated HMI/SCADA systems,
many of them using open and non-proprietary communications protocols. Numerous
specialized third-party HMI/SCADA packages offering built-in compatibility with most
major PLCs have also entered the market, allowing mechanical engineers, electrical
engineers and technicians to configure HMIs themselves, without the need for a
custom-made program written by a software developer.
Hardware solutions
SCADA solutions often have Distributed Control System (DCS) components. Use of
"smart" RTUs or PLCs, which are capable of autonomously executing simple logic
processes without involving the master computer, is increasing. A functional block
programming language, IEC 61131-3, is frequently used to create programs which
run on these RTUs and PLCs. Unlike a procedural language such as the C
programming language or FORTRAN, IEC 61131-3 has minimal training
requirements by virtue of resembling historic physical control arrays. This allows
SCADA system engineers to perform both the design and implementation of a
program to be executed on a RTU or PLC.
System components
The three components of a SCADA system are:
1. Multiple Remote Terminal Units (also known as RTUs or Outstations).
2. Master Station and HMI Computer(s).
3. Communication infrastructure
Remote Terminal Unit (RTU)

The RTU connects to physical equipment, and read status data such as the
open/closed status from a switch or a valve, read measurements such as pressure,
flow, voltage or current. By sending signals to equipment the RTU can control
equipment, such as opening or closing a switch or a valve, or setting the speed of a
pump.
The RTU can read digital status data or analogue measurement data, and send out
digital commands or analogue setpoints.
An important part of most SCADA implementations are alarms. An alarm is a digital
status point that has either the value NORMAL or ALARM. Alarms can be created in
such a way that when their requirements are met, they are activated. An example of
an alarm is the "fuel tank empty" light in a car. The SCADA operator's attention is
drawn to the part of the system requiring attention by the alarm. Emails and text
messages are often sent along with an alarm activation alerting managers along with
the SCADA operator.
Master Station
The term "Master Station" refers to the servers and software resposible for
communicating with the field equipment (RTUs, PLCs, etc), and then to the HMI
software running on workstations in the control room, or elsewhere. In smaller
SCADA systems, the master station may be composed of a single PC. In larger
SCADA systems, the master station may include multiple servers, distributed
software applications, and disaster recovery sites.
The SCADA system usually presents the information to the operating personnel in
the form of a mimic. This means that the operator can see a representation of the
plant being controlled. For example, a picture of a pump connected to a pipe can
show the operator that the pump is running and how much fluid it is pumping through
the pipe at the moment. The operator can then switch the pump off. The HMI
software will show the flow rate of the fluid in the pipe decrease in real time.
The HMI package for the SCADA system typically includes a drawing program that
the operators or system maintenance personnel use to change the way these points
are represented in the interface. These representations can be as simple as an on-
screen traffic light, which represents the state of an actual traffic light in the field, or
as complex as a multi-projector display representing the position of all of the
elevators in a skyscraper or all of the trains on a railway. Initially, more "open"
platforms such as Linux were not as widely used due to the highly dynamic
development environment and because a SCADA customer that was able to afford
the field hardware and devices to be controlled could usually also purchase UNIX or
OpenVMS licenses. Today, all major operating system are used for both master
station servers and HMI workstations.
Operational philosophy
Instead of relying on operator intervention, or master station automation, RTUs may
now be required to operate on their own to control tunnel fires or perform other
safety-related tasks. The master station software is required to do more analysis of
data before presenting it to operators including historical analysis and analysis
associated with particular industry requirements. Safety requirements are now being
applied to the system as a whole and even master station software must meet
stringent safety standards for some markets.
For some installations, the costs that would result from the control system failing is
extremely high. Possibly even lives could be lost. Hardware for SCADA systems is
generally ruggedized to withstand temperature, vibration, and voltage extremes, but
in these installations reliability is enhanced by having redundant hardware and
communications channels. A failing part can be quickly identified and its functionality
automatically taken over by backup hardware. A failed part can often be replaced
without interrupting the process. The reliability of such systems can be calculated
statistically and is stated as the mean time to failure, which is a variant of mean time
between failures. The calculated mean time to failure of such high reliability systems
can be in the centuries.
Communication infrastructure and methods

SCADA systems have traditionally used combinations of radio and direct serial or
modem connections to meet communication requirements, although Ethernet and IP
over SONET is also frequently used at large sites such as railways and power
stations.
This has also come under threat with some customers wanting SCADA data to travel
over their pre-established corporate networks or to share the network with other
applications. The legacy of the early low-bandwidth protocols remains, though.
SCADA protocols are designed to be very compact and many are designed to send
information to the master station only when the master station polls the RTU. Typical
legacy SCADA protocols include Modbus, RP-570 and Conitel. These communication
protocols are all SCADA-vendor specific. Standard protocols are IEC 60870-5-101 or
104 and DNP3. These communication protocols are standardised and recognised by
all major SCADA vendors. Many of these protocols now contain extensions to
operate over TCP/IP, although it is good security engineering practice to avoid
connecting SCADA systems to the Internet so the attack surface is reduced.
Future trends in SCADA

The trend is for PLC and HMI/SCADA software to be more "mix-and-match". In the
mid 1990s, the typical DAQ I/O manufacturer offered their own proprietary
communications protocols over a suitable-distance carrier like RS-485. Towards the
late 1990s, the shift towards open communications continued with I/O manufacturers
offering support of open message structures like Modicon MODBUS over RS-485,
and by 2000 most I/O makers offered completely open interfacing such as Modicon
MODBUS over TCP/IP. The primary barriers of Ethernet TCP/IP's entrance into
industrial automation (determinism, synchronization, protocol selection, environment
suitability) are still a concern to a few extremely specialized applications, but for the
vast majority of HMI/SCADA markets these barriers have been broken.
Recently, however, the very existence of SCADA based systems has come into
question as they are increasingly seen as extremely vulnerable to cyberwarfare or
cyberterrorism attacks. Given the mission critical nature of a large number of SCADA
systems, such attacks could, in a worse case scenario, cause massive financial
losses through loss of data or actual physical destruction, misuse or theft, even loss
of life, either directly or indirectly. Whether such concerns will cause a move away
from the use of SCADA systems for mission critical applications towards more secure
architectures and configurations remains to be seen, given that at least some
influential people in corporate and governmental circles believe that the benefits and
lower initial costs of SCADA based systems still outweigh potential costs and risks.
Practical uses
SCADA used as a control mechanism for chemical plants, electricity
generation, electric power transmission, electricity distribution, district heating.
Control mechanisms are described in Process Control.
EPICS is an example of an open source software environment used to develop and
implement SCADA system to operate devices such as particle accelerators
ACCESS CONTROL PANEL
1.1 At the completion of this topic, the learner must

be able to use keyboards, track ball and monitor
and/or stand alone controllers to access control panel
Almost all Control Systems require the Control Technician to input some information
or command in order to do its job. These commands may be anything from setting in
instructions, starting or stopping machinery, or activating an emergency sequence.
The Control Technician will also need to access information from the control system
data storage facilities, and this requires to technician to supply the system with
information or commands in order to display the desired information.
This information is usually input by a: -
KEYBOARD
TRACKBALL or MOUSE
TOUCH SCREEN MONITOR
Many systems have all of these input options.

The Trackball and the Mouse operate similarly, using the on screen pointer to select
a button or tag from the display. The right button on the mouse or trackball is clicked
to activate the display tag.
With a touch screen, all that is required is to touch the screen with your finger on the
touch pad and it will activate the tag. Touch screens generally do not have the depth
of control that is available with a mouse or trackball. Usually they are just for
changing from one display to another or calling up the faceplate of a controller.
Keyboards can be used for all the above, with the addition of being able to type in
information such as Shift Logs, Test results etc. Of course, the keyboard is
essential for engineers to configure and adjust any controllers. Keyboards are
also excellent for rapid call-up of specific pages. These displays usually have
a dedicated button on the keypads. Such a display could be an Alarm
Summary, Emergency sequence controller or the like.
The console keyboard is the communication interface between the operator and the
distributed control system. The keyboard provides interaction with the graphic
displays to enable the operator to adjust process parameters for efficient control of
the process. It also allows control of process alarms, access to process trend and
archive data, and in some cases engineering and maintenance functions.
The keyboard is an electronic device that connects directly into the console hardware
and provides a tactile and audible feedback to operator key actions. A membrane that
is a rugged long lasting surface suitable for the industrial control room environment
generally covers it. Designed for operator ease, the keys are divided into specific
areas to allow for ergonomic operation.
A typical keyboard has several functional areas, including:
Alpha/numeric keys: Used by the operator to enter alphabetic and

numeric information for tuning or
configuration purposes. Also used to call up
displays or control faceplates.
System keys: These are console system specific keys.

Typically these keys access the following data:
Alarm summaries
System hardware status
System help displays
Loop tuning details
Printer activation
Bookmark and recall function
Password access
Console configuration access

User defined keys: These keys can be assigned to specific
displays. This allows one key access to
frequently called displays. Overview displays
are normally assigned to these keys.
Alarm management keys: Allows the operator to acknowledge alarms

individually or all alarms on the current
display. Also provides a silence facility for
audible alarms.
Control keys: Control keys allow the operator to interact

with an assigned control faceplate on a
graphic display.
Field movement keys: These keys provide movement of an input

field from one position to another and also the
movement of a cursor within an active field.
Keys also allow specific functions for trend
displays, i.e. panning, zooming, etc.
Key-switches: Key-switches may or may not be installed.

Their usual function is to inhibit or enable
access to tuning or engineering functions.
Control Console Overview
The operator control console is the human-machine interface for the distributed
control system (DCS). The control console provides a window into the DCS to allow
the production operator to monitor and effectively control the process. The operator
can start and stop drives and pumps, adjust process set points to maintain
production targets, monitor and trend important process variables, and easily
interpret and manage process alarms.
Effectively the operator control console replaces the traditional control room mimic
panel. This has allowed the CHALLENGERisation of control in most modern
manufacturing facilities. This also realised a dramatic cost reduction in the
installation and running of these plants.
As shown on Appendix 3-A, the Operator Control Console is an integral part of the
DCS. Without the operator control console there is no effective way to view and
control the process.
In normal operation the operator console performs the following:
Receives operator commands from the keyboard, touch screen or similar, and
transmits the command via the communication system to the DCS
Displays process data on the CRT in faceplate or graphical format
Updates process information on displays as new values are received from the
DCS
Maintains a list of current data for all variables on display

Manages and displays process alarm, in a logical order
Maintains a list of the last set of alarms, this could be as many as 1000
Maintains trend data for a predefined period
Maintains reporting data for a predefined period
Monitors the status of the DCS hardware
Provides an archiving facility for historical data
Provides a printing facility for alarms, reports, screen displays, system events
Control Console Hardware

Todays operator control console is a rapidly evoling package. Control console
hardware that was state-of-the-art last year is being updated as new and faster
software and hardware systems are developed.
However the generic function of the control console is essentially the same. The
operator control console is a stand-alone hardware package. To operate, it needs
only AC power and a cable to interface it to the DCS communication system.
Windows Based Control Consoles

A recent innovation is the use of the ubiquitous Windows
Operating Platform for Process Control display and operation.
This is the same format we are familiar with in our daily use of
computers at home and work. The screen displays are very familiar to us as they use
the typical windows elements such as Tool Bars, Click Down Menus, and Multiple
Windows etc.
Anyone who is familiar with the Microsoft product Windows (and who isnt!) should
have no difficulty navigating around a control consul using this system.
This format of display has many advantages: -
As stated, most PC literate people are very familiar with the format.
The control consul need only be an inexpensive desktop PC.
Expensive touch screen monitors can be replaced with conventional PC

monitors using a mouse to click on and pop up elements.
Windows compatible programs can be loaded onto the PC (or networked),

enabling the consul to be used as a desktop workstation as well as a control
consul.
Many windows can be displayed on the screen at the same time; enabling
operators to more easily customise the display according to personal
preference or the situation. Group displays of Faceplates, trends, process
graphics and alarms may all be displayed at the same time.
STOP!
CHECKPOINT
1/. What are the components of a DCS?

___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
2/. What is the purpose of a Field Interface Unit?

___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
3/. What is the component that links all the other components together?
___________________________________________________________________
4/. Name five (5) functions of the Operator Control Console.

a)__________________________________________________________________
b)__________________________________________________________________
c)__________________________________________________________________
d)__________________________________________________________________
e)__________________________________________________________________
5/. What are the advantages of a Windows based operating platform?
MONITOR THE PROCESS

1.2 At the completion of this topic, the learner must be
able to monitor the process using the operator
interfaces and keep field operators informed on
developments.
The Screen Displays
Graphic Displays
The purpose of console graphic displays is to provide the operator with a truly
representative image of the current conditions of the process. This provides real time
data of important process values and the operating status of plant equipment. It is the
visual link between the operator and the process.
Operator console displays are organised in a hierarchical structure of plant overview
displays, secondary displays, group displays and loop details. This allows the
operator to quickly and easily find displays, and to observe process parameters with
a wide view, or in varying levels of detail.
Graphic displays are usually based on plant layout. This could be in the form of
Piping and Instrument Diagrams (P&ID's) or Plant Schematics. This form of structure
enables the operator to graphically picture the process and provide a clearer
understanding of control requirements.
Static Display Elements
There are a number of elements that make up a dynamic graphic display. These
elements fall into two categories. Either static/operational elements or dynamic
elements
The static/operational elements include:
Touch pads
Text information
Schematic and piping information
Graphic description
These elements convey low priority graphical information to the operator and enable
movement between displays.
Display Hierarchy
A clear structured hierarchy of displays greatly assists operators in finding the display
of interest. From an ergonomic point of view, displays should be organised in three
levels.
The three levels comprise:

A primary level that is an overview level and which may be reached directly from
`user defined' keys on the operator keyboard.
A secondary level that shows more detailed information of a part of the primary
level. Secondary displays may be accessed from display select points in the
primary display or directly from dedicated `display select panels'. These
displays will also have a series of `standard associated displays', including
group, trend, report, status, help, and alarm displays. Generally each primary
display will have a number of secondary displays associated with it.
A tertiary level that shows still further details on a part of the secondary level
display. Tertiary displays may be accessed by display select points on the
secondary display.
There is an index display associated with each primary display.
Index displays are used to go directly to secondary or tertiary displays.
Display Select Summary
This facility is used to assist operators in finding their way through the
display hierarchy and are summarised below:
User defined keys Linked directly to the overview displays.
Indexes
Each primary or overview display has an associated index
display that covers the secondary and tertiary displays in
that area.
Area identification Each primary display has an identification icon
that appears on every display under the
primary display.
Split screen points These points assist the operator in following
process lines that span over more than one
display.
Display select points Branching or Zoom points. Either touch or
keypad selected, they are used to provide
more detail on a specific area of the display
schematic. Usually links to a tertiary display.
Standard associated displays Linked to operating displays, these standard
displays may include group, trend, report,
status, help, and alarm displays.
Display select panel keys These keys can be used to directly call up
secondary displays.
A PRIMARY LEVEL DISPLAY
A SECONDARY LEVEL DISPLAY

Communication between Control Operator and Field Operators .
It is absolutely essential that effective communication exist between the Control

Operator and Field Operators.
Field Operators seldom have access on plant to the detail of information available to
the Control Operator. Modern plants, due to CHALLENGERised control, and cost
constraints, have often dispensed with on-plant process variable indicators so
prevalent on older facilities, where the actual process was often controlled by the
field operator.
Effective communication is something that is developed over time, with the Control
Operator being fully conversant with both the control of the plant, and experience as
a field operator as well. Ideally, both the Control Operator and Field Operator should
have experience of both ends of the communication scenario.
The communication should be economic, meaning the information passed between

the operators is only that which is required to keep the plant running efficiently and
safely. The Control Operator should only need to tell the Field Operators about
events that will affect their ability to carry out tasks and monitor the plant. This needs
to know aspect can only come with experience.
Examples of needs to know information could include: -
Safety Issues
Emergency Issues
Production Changes
Equipment Malfunctions
Requests to investigate possible problems
Non-routine equipment operation
Maintenance issues
Laboratory results
STOP!
CHECKPOINT
1/. What is a Graphics Display?

___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
2/. What is the three level Display Hierarchy of a screen?

Describe the function of each
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
3/. What is an Index Display?

___________________________________________________________________
___________________________________________________________________
4/. Give 5 examples of information that a Control Operator would need to

communicate to a Field Operator
5/. Give examples of Static Display Elements

SELECT CONTROLLER MODES

1.3 At the completion of this topic, the learner must be
able to select appropriate controller modes to
ensure the effective control of the process.
Parameters, Process Variables and other stuff!
PARAMETERS are the characteristic that we use to monitor a

process, things such as Flow Rate, Temperature, Level, and Pressure
etc.
PROCESS VARIABLES are values that change It is usually these
Process Variables that are controlled by the computer. They are a measurement of a
particular PARAMETER. Eg. Gas Flow Rate 300 cubic meters per hour. (3m/hr)
Flow is the parameter, Gas flow rate is the process variable, and 3m/hr is the
measurement or ENGINEERING UNIT
SET POINTS are the target for the computer to aim for. It will try to control the
PROCESS VARIABLE to achieve the SET POINT. Set Points are typically commands
given to the computer by the operator using an input device such as mentioned
above.
OUTPUT is the amount of effort the controller is using to achieve the SETPOINT. It is
expressed as a percentage (%) opening of the valve that the computer is controlling.
If the OUTPUT is 50%, then of course, the computer has made the valve open half
way. The operator can also change the OUTPUT by running the controller on
MANUAL MODE. When the controller is set to AUTOMATIC MODE, the controller
decides the OUTPUT, not the operator.
Imagine a car, it has many PARAMETERS; temperature, speed,
level, flow etc. Look at the parameter temperature; there are
the Oil, Water and Air-conditioning temperatures. These are
some of the cars Process Variables. Suppose the car has a
Cruise Control. It controls the speed of the car. The control operator
(driver) commands the control to maintain a speed of 100kmph. This is a
SET POINT. The controller will adjust the OUTPUT to maintain a speed of
100kmph AUTOMATICALLY. The driver can also change the output
themselves, by disabling the cruise control and pushing the accelerator
pedal. This changes the OUTPUT .MANUALLY.
Controller Modes
There are primarily three modes of operation of a controller.
Automatic
Manual
Cascade/Automatic
Automatic Control
In automatic mode, a controller will adjust the output, and control the final control
element (valve, switch etc.) to align the process variable with a set point or target.
The Control Operator selects this set point.
Auto control as applied to switch controllers such as pump stop/start situations

usually means that the controller will automatically switch the equipment on or off,
according to certain parameters, such as level, temperature etc. The value that
triggers the switch can often be set in by the control operator and could be likened to
a set point.
Automatic mode is generally the normal mode employed during steady plant
operation.
Manual Control
In manual mode, the output is adjusted by the Control Operator to control the final
control element (valve, switch etc.) The Control Operator must adjust the output to
control the process variable. The process variable will tend to wander unless the
operator is constantly changing the output with changing plant conditions.
Manual control as applied to switch controllers such as pump stop/start situations
usually means that the Control Operator has to switch the equipment on or off.
Manual mode is often used during shutdown or start-up, equipment or controller

malfunctions, or process upsets.
Often the process variables are so erratic during the above-mentioned situations, that
the controller is unable to maintain a reasonably stable state in automatic mode.
Cascade/automatic Control
Cascade control is a form of automatic control. The main difference is that one
controller determines the set point for the other controller.
The Control Operator will determine a set-point for the Primary or Master Controller,
this will in turn determine the set-point for the Secondary or Slave Controller.
This form of control is used to achieve closer and faster control when slow processes
are involved, such as on process heaters like crude oil heaters. A cascade control
system can achieve a 10 to 100 times improvement in control over a single loop
system used on the same process.
Cascade control is used for more accurate and faster primary loop control over
single-loop control by using a related secondary loop to pre-empt a deviation before it
develops in the primary loop.
Both these controllers must be run on Automatic for the cascade facility to work.
Usually the Parameters being controlled are different to each controller.
Dynamic Display Elements
As discussed, there are a number of elements that make up a dynamic graphic

display. The second category are called DYNAMIC ELEMENTS.
Dynamic elements convey high priority information to the operator that is essential to
control the process. These elements include:
Analogue elements
Digital elements
Faceplate elements
Pop-up faceplate elements
Trend elements
Process Control Loops
Control loops are the building blocks of a DCS. They pass information and
commands between Controllers, Measuring devices, Valves etc.
A
Process
Disturbance
or Load
Process
Variable
Final
Control Process
Element
Set Point
Error Signal
Measuring
Controller
Element
DATA FLOW DIAGRAM OF CLOSED LOOP

SYSTEM
Closed Loop
Here is a typical Closed Loop as it would appear on a Process & Instrument
FT
FIC
FY
I/P
PUMP
Diagram (P&ID)
Analogue Elements
There are various ways of displaying analogue information. The decision to use one
type of representation over another is dependent on the importance of the value. A
very important value will normally be shown in a bar and numeric form, with less
important values in numeric form only.
Colours of the values should conform to a predefined convention, similar to the
above colour chart. More important values will be displayed in a bright shade, with
less important values in a darker shade.
The values should change colour whenever the parameter goes into an alarm state.
For example, if a pressure creates a high priority alarm then the value should go from
green to red. The type of alarm should also be indicated next to the value. For
example, an `H' or 'L' to represent a high or low alarm condition.
The three common analogue elements include, numerical, bar and deviation bar.
These are described below.
Numerical
The value is displayed as a dynamic value, eg. 74 Mpa. The engineering unit will be
in a lower intensity than the value. The engineering unit may sometimes be omitted
and replaced by a live data designator. This approach relies on the majority of live
data having the same engineering unit type.
Bar
The value is displayed as a vertical bar that changes in size with the magnitude with
the parameter. A graduated grid along side the bar indicates the zero and span
points. A set point would be indicated by a triangle next to the bar.
Deviation Bar
The deviation from the normal or set point is shown as a bar that moves above or
below the required value.
Digital Elements
Digital elements on a graphic relate to symbols and text symbols. As mentioned in

the above section, there are various conventions that assist the operator in clearly
interpreting these elements.
For example, a pump that is running is typically shown by a pump-like symbol that is
filled in, or solid, and green. A pump that is stopped is shown by a pump-like symbol
in outline only, and orange. The colour and shape change shown for each state are
more easily interpreted by the operator.
Text elements are another form for displaying digital data. These elements may
appear as pop-ups, that is, they only appear under certain process operating
conditions, or they may toggle from one description to another to depict certain
operating conditions.
STOP!
CHECKPOINT
1/. What is a SETPOINT?
2/. What is the OUTPUT?
3/. What is an Analogue Element?
4/. What is a Digital Element?

5/. What is the difference between Auto, Manual and Cascade Control?
6/. Green usually indicates what state in a digital element?
7/. What is a Loop?
SET POINT/OUTPUT CHANGES

1.4 At the completion of this topic, the learner
must be able to undertake required set
point/output changes to optimize plant and
process requirements
Control keys
Control keys allow the operator to interact with an assigned control faceplate on a
graphic display. Once a faceplate has been selected either by keyboard input, touch
screen or track-ball, these keys allow the operator to perform any of the following
functions, dependent on faceplate type:
Stop and start devices
Change controller modes i.e. automatic. manual, cascade, ratio. computer
Adjust controller set point parameter
Adjust controller output parameter

Set point and output values can be entered using the numeric keys or, by selecting
the ramp up/down keys. A selection of ramp keys allows for slow or fast ramping of
the parameter.
With a Windows based system, clicking on the Output or Set-point buttons will raise
a keypad window into which the numerical value can be selected, instead of having
to use the alpha-numeric keypad of the keyboard.
Many windows displays also allow you to drag set-point arrows on the faceplate to
change the value.
A clear understanding of the control keys is essential to ensure the operator provides
effective control of the process. The layout of the control keys will vary from one
vendor to another. It will be necessary for the operator to familiarise themselves with
the applicable keyboard to ensure they gain effective control of the process.
Faceplate Elements
Faceplate elements provide a means for the operator to interface directly with a
particular process control loop. The faceplate element is a graphical representation of
the parameters associated with a control loop. This control loop can either be an
analogue or digital loop.
To assist in the understanding of the control keys, we will review their operation with
respect to three common control faceplates. Namely the PID controller, hand switch,
and Gap controller faceplates.
Analogue Loops
A typical example of an analogue control loop would be that of a flow control system.
The faceplate would display all or some of the following parameters:
Loop number description of loop and tag name
Process variable flow indication in the form of a numeric and or bar

element
Set point value desired control limit
Output value control output value sent to actuator in numeric or

bar format
Control mode manual, automatic, cascade, ratio control indicator
Engineering unit identifierlitres/hour (l/h), m3 /day etc.
Zero/span values minimum and maximum values of PV
Low/high alarms indication of the low and high alarm limit values
Deviation alarm deviation limit indicators
L
oop F
IC
-1
010 X
n
umbe
r F
lo
w C
ont
rolV
alv
e
Con
tro
lmo
de M
an
ual A
ut
o
K
lt
rs/h
r E
ng
in
ee
ri
n gu
ni
t
5
000
Z
er
o/s
panv
al
u e
s
2
500 S
etpoint
P
roces
s 2
250
v
al
u e
v
ari
a b
le L
ow /
h i
gh
a
la
rm s
0
.0
O
UT4
2%
O
ut
putv
al
u e
An Analogue Control Loop Faceplate

Digital Loops
A typical example of a digital control loop would be motor drive stop/start system. The
faceplate would display all or some of the following parameters:
Loop number description of loop and tag name
Zero state indicator description of drive in this state i.e. stopped
One state indicator description of drive in this state i.e. running
Feedback indicator indicator or description from drive contractor
Control mode manual or automatic indicator
Loop number
HS-2001B X
CONDENSATE STANDBY PUMP
Control mode
Manual Auto
One state indicator
START RUNNING Operational

Status
STOP OFF Zero state
Hand Switch (digital) Faceplate
Gap Control
Gap Control is the simplest form of automatic control. It is also called two-position
control. Either side of the set point are two switch points, on and off. When the
process variable deviates to these switch points, the controller changes the final
control element from one position to another. These positions are either on or off,
open or closed. For a motor, the positions would be on or off. A valve would be
open or closed.
Lets look at a Level controller for a vessel. The desired level is 45%. The High switch
point is set at 50%; the Low switch point is set at 40%. These are 5% either side of
the desired level. This is called the Dead-band or Gap, the range in which no action
is taken by the loop.
If we start with the final control element (in this case a valve) OPEN, the level will
drop until it reaches 40%, then the valve will CLOSE, until the level reaches 50%,
when it will open again.
A Level Control Loop
LIC-1001 X Tag Name
Level Control Valve Description

Mode Manual Auto
Alarm Status
LEVEL [%] Engineering Unit
100 Scale
High Alarm
High Control Point

45.3
Process Variable Low Control Point
Low Alarm
0.0
Control Output OUT 50%
GAP CONTROLLER
FACEPLATE
Activating a Faceplate
Faceplate elements can reside in group displays or as a pop-up element in graphic

displays. Group displays typically comprise only faceplate elements. To operate a
faceplate element from the operator keyboard it is first necessary to activate the
faceplate element. To do this, the operator must either:
Key in the applicable control select character, or
Touch the screen within the perimeter of the faceplate element, or
Use the Track-ball/mouse to cursor and select the applicable faceplate

Once the faceplate element is active the keyboard's control keys can be used to
manipulate the faceplate parameters.
With a Windows based system, you can continue to use the cursor to click on the
command buttons of the faceplate to change the control mode instead of having to
use the keyboard control keys.
Pop-up Elements
Graphic displays with a large number of control points utilise the space saving
feature of Pop-up elements. The pop-up element displays an operator control
faceplate in a predefined location on the graphic. Usually a maximum of one, or two,
pop-ups is permitted on any one graphic display.
The pop-up allows the operator to take control of important controller actions while
still monitoring other related process parameters. This prevents the operator toggling
between group displays (faceplate displays) and the operating graphic display.
STOP!
CHECKPOINT
1/. Name as many features of this Face Plate as you can.

2/. Describe how a Gap Controller works
3/. Look at this Hand-switch Faceplate
HS-2001B X a) Is the pump running?
CONDENSATE STANDBY PUMP b) Is there an alarm state current?

Manual Auto
c) Does the pump stop/start
automatically?
d) To stop this pump what would you do?

START RUNNING
STOP OFF
4/. The feature that allows you to look at and operate a Faceplate while still
looking at a graphic display is called a __________________
5/. What is a Set-point Alarm?
ACCESS HISTORICAL DATA AND INFORMATION

must be able to access historical data and
information
DCS Data Acquisition Overview

Traditional methods of acquiring, storing and displaying 5 process information relied
on interfacing the field data to trend pen recorders. These recorders provided a
means to show the data as a function of time. Recorder pens and paper were
constantly being replaced to ensure a record was maintained of process parameters.
Multiple pen or point recorders were the norm prior to distributed control system
technology.
Distributed control-systems changed the way data w was acquired, displayed and
stored. Distributed Controlling Entities now acquire the process data and send it to
the Operator Interface Units for display or long-term storage.
Data acquisition is a vital part of any process plant. Information can be utilised for a
number of purposes, including:
Management report requirements
Process operation analysis
Process improvement studies
Maintenance schedules
Identification of control related problems

All of this information is required to ensure the process plant remains operational and
continues to meet production targets.
Data Acquisition Elements

Distributed Controlling Entity (DCE)
The DCE is where data is first acquired by the DCS. Analogy and digital data are
processed by the processor module in real time and sent to the operator console for
display on graphics. This same data can also be stored locally within the processor
module or storage device to provide trend data requirements.
This form of storing trend data in the processing 5 module is termed `distributed
trending'. Function blocks in the processing module provide a selection of formats,
including:
Snapshot, maximum, minimum, average data sampling
Data collection at varying intervals
Process performance and efficiency calculations
Statistical analysis of data

This means the distributed processor modules can achieve a high level of processing
before the data is sent to the operator consoles for display.
Operator Interface Unit (OIU)

Operator Interface Units provide an integrated operations and data acquisition
interface for the DCS. Data is acquired by the OIU from the various distributed
controlling entities and then stored on the local hard disk drive. This data can then be
used in a variety of ways, including:
Trend displays where the data is a function of time or another parameter
Alarm event reports
Spreadsheet reports
Archiving or long term storage of data

This information is also accessible to other users on the communication network for
management, process or maintenance purposes.
Distributed Trending
The OIU utilises the distributed trending capability of the DCE processor modules to
collect and process data.
The processor modules contain a trend block for each data value to be historically
collected. Trend blocks acquire historical data at the DCE and periodically pass the
data to selected OIU's. The OIU stores the historical data for use on trend displays or
in customised reports. The OIU's in-turn, periodically archive the historical data to
bulk storage devices, such as optical disks.
The maximum number of data points that can be trended at the OIU will depend on
data resolution and hard disk capacity. Typically OIU's can accommodate between
500 to 5000 trend points with a resolution of one minute.
Note that, DCS vendors vary in the way they handle trend data resolution and
storage.
Trend Displays
Operator console trend displays provide the screen equivalent of strip chart pen
recorders. Trend display elements can be configured into any display to show the
operator from one to typically eight trends. This element is available is full screen or
smaller height sizes to permit graphic displays to be built around the trend element.
The following is a summary of the trend display element:
When displayed on the console screen, each trend display element appears as
a strip chart with coloured coded trend lines.
For analogue variables, the height of the trend element represents the full span
of the variable in engineering units.
For digital variables (on/off, a section of the screen of the display element can
be used to show steps for the on/off states.
The time span shown on the screen is a function of the selected width of the
trend element and the trend resolution.
The trend element also shows the current value, tag identification and alarm
information for the trended variable.
Trend Display Example

The Elsag Bailey Infi 90 Distributed Control System will be used to illustrate a typical
trend display and how to manipulate the trend element.
The Infi 90 MFP modules collect and process trend data at 15 or 60 second intervals.
This data is stored in the MFP modules for up to 60 minutes, during which time the
operator console polls for this data to be transferred onto its hard disk.
The trend display resolution for each trend element can be 15 seconds, 1 minute,
and any 1-minute increment up to 10 minutes.
The time span displayed on a particular trend element is a function of the width of the
element and the display resolution selected. A full width element displays 10 values.
A 15 second trend on this display would show the trend for 10 minutes. A 1-minute
trend on this same display would show the trend for 2 hours.
The trend display time base can be configured for varying periods depending on
operational requirements, for example 2 hours, 4 hours, 8 hours, I day, 2 days, and 7
days. As the time base is increased the resolution of the viewed data will decrease.
Trend Elements
Live data can be shown in a trended format using pre-configured trend display
elements. These elements provide a history of data over a pre-defined period, which
is usually dependent on the resolution of the trended data.
Time
Cursor
GLYCOL UNIT NUMBER 1 CONTACTOR
100%
80%
79 DegC TI2001 Lean Glycol
60%
70% LIC2002 Glycol
40% PI2001 Base 1 minute
60 kpa
20% 1.5 Kltr/hr FIC2001 Rich Glycol 5 minutes
1.5 Kltr/hr FIC2001 Lean Glycol
0% 15 minutes
75 70 65 60 55 50 45 40 35 30 25 20 15 10 5 min
1 hour
8 hours
Pan (scroll) Change

Process Tag
Bar Time
Variable Name Scale(Zoom)
Typical Trend Display
FIC 2001
GLYCOL UNIT NUMBER 1 CONTACTOR 7.5 Kltr/hr
100%
0
80%
79 DegC TI2001 Lean Glycol
60%
70% LIC2002 Glycol
40% PI2001 Base 1 minute
60 kpa
20% 1.5 Kltr/hr FIC2001 Rich Glycol 5 minutes
0% 15 minutes
75 70 65 60 55 50 45 40 35 30 25 20 15 10 5 min
1 hour
8 hours
Clicking on a Process variable will raise a Pop-up showing various information about
the Tag, such as its range (compared to 100% of the trend), alarm settings etc.
Trend Display Manipulation
Once a trend display is shown on the console screen, the trend can be manipulated
to assist operator analysis of the process. The following activities are supported.
Move time cursor

As initially presented on the screen, the trend element digitally indicates the current
value of the trended variable. The operator can activate a time cursor which, when
moved back along the trend line, causes the previous value indicated by the position
of the time cursor to also be displayed digitally.
Modify range
The range of the variable initially shown on the trend element is established upon
configuration. The range actually shown by the trend element can be changed by the
operator to magnify changes in-the process variable on the screen and facilitate
analysis of process conditions.
Pan
The data shown on the trend display can be shifted back in time (within the limits of
the stored data on the hard disk) to provide a historical perspective of the process
variable. The same time span is shown by the trend element, but it is shifted back in
time.
Zoom
The time- span shown on the screen can be expanded or compressed to facilitate
analysis of the trend. Zooming in reduces the period of time shown on the screen.
Zooming out increases the period of time shown on the screen. Zooming in and
reducing the range of the variable shown, has the effect of magnifying the trend data.
Window Magnifying
The time scale for a windowed section of the trend display can be increased to
facilitate determination of the exact time of a process disturbance.
STOP!
CHECKPOINT
1/. Historical information is useful for?

___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
2/. Operator Interface Units would typically use historical data to create?

3/. Name the components of this Trend Display
4/. What is the purpose of, and how do you use the Time Cursor?
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
5/. Pop up displays from the Trend Display will often show us?????
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
ACKNOWLEDGE MESSAGES AND ALARMS

must be able to acknowledge messages and
alarms.
Alarm Management Overview
The design of an effective Alarm Management system is CHALLENGER to the

success of the operator control console.
No other part of the control console has more of an effect on the wellbeing and
efficiency of the operator.
During major process upsets, when there are numerous alarm conditions present, it
is imperative that an efficient alarm system displays only the important alarms to the
operator.
To this end, it is necessary to view the alarm system, not as a separate function, but
as an integral part of the operating interface that actively complements the other
operating functions.
Types of Process Alarms
Typically, the alarm management in a DCS will reside within the Operator Interface
Units, with some associated logic located in the Distributed Control Entities.
The Distributed Controlling Entities are responsible for detecting the alarm condition
and reporting it to the Operator Interface Units. The OIU is responsible for handling
the grouping, prioritisation, inhibiting, annunciation and logging of the alarm
condition.
Process problems are announced with alarms. Field input loops are wired and
configured into the Distributed Control Entities that are distributed throughout the
process plant.
Within the Distributed Control Entities, processor modules are configured with
various types of input loops. The processor modules are able to raise a variety of
alarms based on the type of process loop. Once received at the OIU console, the
process loops are defined with one of the following tag types:
Analogue Tags
Analogue tags report a real number together with several associated alarm states,
i.e. high-high, high, low, low-low, out-of-range. When alarms are not required for a
loop, the alarm thresholds are set to a value outside the operating limits.
Digital Tags
Digital tags have two possible states, 0 or 1. Either of these states may be
designated as an alarm state.
Hand Switch Tags
Hand Switch tags have two states that the operator may set or reset. This point may
also include several feedback indications. This point can be configured to have a
single alarm state.
Station Tags
Station tags represent control loop faceplates with their associated parameters.
Station points may generate the following alarm types:
High & low Process variable has exceeded a defined threshold.
PV-SPIndicates the process variable.
Deviation Has deviated from the set point by more than a defined amount.
Standard Alarm Management Facilities

There are standard events that take place when an alarm occurs. These are
summarised below:
Activate audible annunciator.

Alarm sent to alarm printer.
Configured alarm indicator will flash.
Alarm saved to historical hard disk device.
Alarm appears in alarm summary display.
Colour change and flash on graphic displays.
Configured alarm indicator will flash on display select panel.
These events will vary depending upon the vendor equipment being used. However,
most of these events will occur in one form or another.
A clear understanding of the alarm system is essential to ensure the operator

provides effective control of the process. It is therefore essential for the operator to
familiarise themselves with the alarm system for the respective process plant and
DCS console.
The alarm operation and the way alarms are grouped and/or prioritised will vary from
one vendor to another. Each of these items will be discussed further in general terms.
Alarm Operation
When a process alarm occurs a sequence of events will occur. The operator must
respond to these events. These are summarised below:
1) An alarm indicator will flash in the system information section at the top of
the screen.
2) The alarm will be shown on the alarm summary display.
3) The alarm will flash and appear in a colour configured for the point.
4) The point will continue to flash until acknowledged by the operator using
the 'Alarm Acknowledge' key.
5) At this time the alarm will go steady but remain on the alarm summary and
in other configured displays in its alarm colour.
6) When the point returns to normal (a non-alarm state) the point will return to
its normal colour and remain in the alarm summary until acknowledged.
(Vendors differ on how they handle return-to-normal (RTN) alarms.
7) Another method clears the point from the alarm summary when it RTN
without the need for operator acknowledgment) at this time it will clear from
the alarm summary display. This is not a satisfactory configuration in some
circumstances, as it could be intermittent, momentary, and be difficult for
the operator to investigate.
Alarm Groups
Alarms can be grouped to coincide with specific plant areas. If a tag in a group goes
into alarm, that alarm group will flash in its associated alarm summary display.
Additionally, audible tones can be assigned to sound when a tag goes into alarm.
The alarm summary screen can be called up to see which point is in alarm, so the
operator can take the necessary action.
The display select panel indicators can also be configure to flash whenever any point
on the associated graphic is in alarm. This provides an easy to see method for
identifying alarms in specific process areas.
Alarm groups can also be used for selective alarm reporting to particular Operator
Interface Unit consoles.
A primary display showing an alarm situation; the alarm button is lit up, and the
process variable mimic in alarm state is showing red.
Alarm Priorities
Alarms can be annunciated according to a priority system.

Each tag configured at an Operator Interface Unit console can be assigned an alarm
priority.
High -priority (Red).
Medium-priority (Mauve).
Low-priority (Yellow).
Fault-priority (Brown).
If alarms of different priority occur, the highest priority alarms take precedence over
low priority alarm tags. This feature can be used to sort alarms in the alarm summary
displays. Alarm priorities can also be assigned to a unique colour. This allows the
operator to quickly identify high priority alarms and take the necessary action.
Glycol Unit Alarm Summary
ALARMS HISTORY
Device Description Status TIME
FIC 3006 LOW ALARM 11:53 21/03/02
LIC 3001 LOW ALARM 11:45 21/03/02
LIC 3006 LOW ALARM 11:51 21/03/02
T1 3004 HIGH ALARM 11:45 21/03/02
PI 3017 DISABLED 14:28 14/03/02
FI 3011 DISABLED 14:22 14/03/02
Acknowledge ALL
The alarm priorities are normally assigned to specific operational conditions.

High priority
These alarms represent conditions that must be annunciated to the operator and if
not addressed are likely to cause loss of production (through system shutdown)
and/or damage to equipment.
Medium priority
These alarms represent deviations from normal operating conditions,
however they do not represent an immediate threat to production or
equipment.
Low Priority
These alarms represent operator information events and do not represent a threat to
production or equipment.
Fault priority
These alarms represent faults to DCS hardware or other associated hardware.
Alarm Handling Procedures (1)
We will now look at two procedures for handling alarms, using the display select
panel.
Procedure 1
If the alarm is shown on a secondary display then:
1) The alarm causes the 'display select panel' indicator to flash.
2) The operator presses the corresponding key.
3) The tag in alarm is now displayed.
4) The operator takes corrective action.
Alarm Handling Procedures (2)
Procedure 2
If the alarm is shown on a tertiary display then:
1) The alarm causes the 'display select panel' indicator to flash.
2) The operator presses the corresponding key.

3) The secondary display now highlights the required touch/select point to
press.
4) The tag in alarm is now displayed.
5) The operator takes corrective action.
There are significant advantages to this scheme. Firstly the 'display select panel' acts
as an interactive alarm annunciator. The operator can immediately recognise which
areas of the plant are in alarm.
Secondly, this scheme shows the alarm graphically, as opposed to the alarm
summary where the alarm is identified by the operator having to physically read the
loop name and description.
Operating Alarm Summary Displays
To access the alarm summary display:
a) Press the 'ALARM' key on the keyboard to access the master alarm display.
b) Select/touch the 'ALARM' indicator at the top of the graphic to view the correct
alarm for this graphic area.
Typical Alarm Summary Displays
The alarm summary screen displays a list of all current alarms. As alarms occur they
are logged into the alarm summary buffer. Whenever an operator calls up the alarm
summary screen, the buffer displays the current list of alarms. Alarms may be either
process related or system hardware faults.
Vendors of Distributed Control Systems vary how they handle and display alarms.
Generally however, there will be a master alarm summary that contains a list of all
alarms, and minor alarm summaries that will contain a sub-set of these alarms.
The format in which alarms will be displayed also varies. Some systems display
alarms in chronological order with no grouping or prioritisation. Other systems will
have an option to group alarms by groups or priority, or both.
Return to normal alarms will also be handled in varying ways.

Each line on the alarm summary is composed of multiple display elements that fully
describe the point in alarm.
The alarm summary display will contain some or all of the following elements:
Tag name Process loop name and number.
Tag description Description of loop name.
Alarm comment Descriptive comment on the type of alarm.
Current value Current value or state of point in alarm.
Threshold value Alarm limit value or state of point in alarm.
Date/time of alarm Date and time at which the alarm occurred.
RTN time Time at which the alarm returned to normal status.
Alarm type/group Alarm type, i.e. 'H' (high), 'L' (low), 'A' (digital) or Alarm
group number, e.g. '38'.
Alarm priority Alarm priority number.
With this information the operator is properly informed of the nature and type of
alarm. This information is also logged onto the alarm printer and historic storage
device for later retrieval if required.
Alarm Inhibiting
Alarm inhibiting is a means of disabling alarm actions from occurring. Alarm inhibiting
may also be termed as '
alarm override'. If a process tag is inhibited and then goes into alarm, this tag will not
be annunciated by the control system.
There are two basic methods of alarm inhibiting:
Manual inhibiting.
Automatic inhibiting.
Manual Alarm Inhibiting
Each tag defined in the operator interface unit may be individually inhibited.
This is done on a tag-by-tag basis. Manual inhibiting is usually done in response to

an abnormal operating condition, for example, if a process loop was being calibrated,
or operating close to the defined alarm threshold values.
During these circumstances, the operator may decide to temporarily inhibit the tag
until normal operation is resumed. This will stop annoying alarms from interfering with
true process alarms.
Automatic Alarm Inhibiting

Each tag defined in the operator interface unit may be automatically inhibited based
on the state of another tag. This means tags or groups of tags can have their alarms
inhibited by another event. For example, when a pump is stopped the associated flow
and pressure alarms will be inhibited.
Automatic alarm inhibiting provides a means to develop an intelligent alarm

management system based on process condition or events.
In summary, automatic alarm inhibiting will:
Using special control tags, initiate logic that in turn inhibits or enables alarms.
Allow the operator to globally inhibit alarms when the associated process
equipment is not in service, and automatically re-enables alarms when the
equipment is returned to service.
Automatically inhibit low priority alarms when process shutdown occurs, and
automatically re-enable alarms when the process is restarted.
This form of alarm inhibiting removes unnecessary alarms from the alarm summary
displays. This ensures only relevant alarms are annunciated.
Indicating Inhibited Alarms
Once an alarm has been inhibited, either manually or automatically, it is important

that the operator is aware of this when viewing the tag.
It is vitally important that the operator is aware of inhibits on a loop which they may
be operating. There are several ways of indicating this when viewing the tag on either
a graphical or faceplate display. This may include:
Colour change The process variable or state will change to a unique colour
indicating the alarm has been inhibited.
Alarm indicator The alarm indicator field adjacent to each tag may display a
unique character indicating the alarm has been inhibited.
INHIBITING ALARMS and RISK CONTROL
!
Inhibiting alarms, for whatever reason, involves risk. It is
absolutely
vital that any enterprise has a SAFE WORK SYSTEM that
will address the risks involved in Alarm
Inhibiting.
This system may only apply to higher levels of alarm,
or may apply in progressively tighter control for ascending
levels of alarm.
AN INHIBITED or DISABLED ALARM WIL NOT ALERT

TO A HAZARD
EVEN IF THE HAZARD IS REAL!
Alarm Colour Convention
The colour convention used to distinguish various alarm priorities varies. There are
no international conventions that can be used. Conventions are left to the discretion
of the control systems vendor or user.
However, as a guide, the colours chosen to depict various alarm conditions should be
reserved for alarms only, and not used for any other purpose.
As an example, the following colours could be used:
Red High priority alarms.
Mauve Medium priority alarms.
Yellow Low priority/fault alarms.
White Inhibited alarms.
STOP!
CHECKPOINT
1/. What is the function of an Alarm Management System?

___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
2/. An Alarm will disappear when: -

It is acknowledged by the operator.
The alarm condition no longer exists
Both of the above
3/. An Alarm Summary Display will display Alarms according to there: -
Importance
Location
Time of Occurrence
Importance and Time of Occurrence
4/. What information is usually displayed for a particular alarm in an Alarm
Summary?
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
5/. Why can Inhibiting or Disabling Alarms be hazardous, and how should the risk
be controlled?
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
OBTAIN RELEVANT DATA AND INFORMATION

must be able obtain relevant data and
information from the control system by
applying systems knowledge
Real Time Trends

In addition to the distributed trending facility configured at the operator console, there
are also a certain number of real time trends available to help analyse specific
process events. The real time trends do not rely on the distributed trending feature.
The console will store a short history of data at a higher resolution than the standard
trends, typically at 1 to 15 second intervals.
Real time trends, or fast trends, as they are sometimes called, are an ideal tool for
loop tuning on control loops, or analysis of specific process problems.
XY Graphs
The operator console provides the capability to graph process variables as a function
of another process variable. When displayed on the screen, this graph appears as a
single page XY graph with coloured trend lines. The current value, the identification,
and alarm information for the trended variables is also displayed.
Other Trending Formats
Trending data can also be displayed in a variety of other formats. The trending format
will depend on operation requirements. Other formats may include:
Three-dimensional graphs
Bar chart graphs
Deviation totalisation graphs
Pareto charts
Histograms
Pie charts
Spreadsheet Reports
The spreadsheet reporting function that is integral with the operator interface units is
used to create and print spreadsheet reports. Spreadsheet reports tabulate and
summarise plant operation. This may include:
System event reports Drive/pump run hour reports
Daily Production reports Maintenance reports
Shift reports Inventory reports
Monthly reports Equipment status reports
Current process reports Management information reports
Equipment test reports
Spreadsheet reports contain various types of data:

System event data
Historical data
User generated data
System Event Reports

The system event reporting function provides a-running list of time-tagged discrete
process and system events. Events include:
Alarm messages Operator actions
Process events Operator notes

Alarms
When a process variable crosses an alarm threshold, a digital (on/off device moves
into an alarm state, or a hardware alarm occurs, this event is logged into the system
event report. Return of the alarm condition to normal is also logged.
Process Events
When an discrete (on/off device (pump/drive, valve/damper changes state, this event
is logged into the system event report.
Operator Actions
When an operator changes the mode of a controller, adjusts set points or outputs,
starts a drive, acknowledges an alarm, or any other operator action, this event is
logged into the system event report.
Customised Spreadsheet Reports

Customised reports consist of historical data (trended data) and current process
variables. The historical data is typically summarised data such as daily flow totals,
hourly level averages, and daily temperature deviations. Hourly summation data is
often used in shift reports and in daily production reports. Daily summation data is
typically used in monthly reports.
User generated data values are values entered by the operator directly into the
spreadsheet report. This might include data not monitored by the DCS, such as
laboratory data.
The spreadsheet report function generates outputs to printers or files. These outputs
can be activated in several ways:
On demand
Event triggered
Automatically on a periodic basis

On Demand
These reports are only processed when demanded by the operator or process
engineer. A typical demand report would be an equipment status report.
Event Triggered
These reports are activated by a specific process or system event. A typical event
report would be a test report or a plant shutdown status report.
Automatically
These reports are the most common type of report. The report is processed on a
periodic basis, usually at a specific time each day or month. A typical automatic
report would be a daily production report or a monthly inventory report.
Spreadsheet Reporting System Example

The Elsag Bailey Infi 90 Distributed Control System will be used to illustrate a typical
spreadsheet reporting system.
The Management Command System (MCS) reporting system is referred to as the
Logging System. The Logging system provides the capability to automatically
document process operations and prepare a number of custom spreadsheets.
Process disruptions are documented using the System Event Log. This is in the
same format as described above for system event reports. The custom spreadsheet
data available are categorised into three types:
Trend Logs: This log collects and prints trend data at specified
intervals.
Trip Logs: This log provides a history of-values before and
after a specific process or system event.
Snapshot Log: This log collects and prints current process
values. Snapshot logs may be event or time
triggered.
Logging Functions
Logging retrieval
The log retrieval function allows logs that have been stored on the hard disk to be
printed. This includes custom logs and system event logs. This function provides a
Demand Log capability for custom logs and event logs. The Demanded Log can
either be a previously stored log, or a current log.
To access the log retrieval function, use the log By Name' key. The system will then
prompt for the name and type of log to be processed.
Log Status
Log status provides an overview of the status of all log reports. It allows the operator
to change the log's status. This includes activating and deactivating logs and
cancelling logs waiting to print
To access the log status function, press the `Log Summary' key.
Data Archiving and Retrieval
Data archival and retrieval functions are standard feature of all modern DCS operator
consoles. Hard disk storage on operator consoles is not unlimited so this facility
provides a way to store and retrieve process and system data to and from the hard
disk device.
Data archiving is a standard requirement to maintain an audit trail of plant operations.
Data archiving also provides an accurate digital history of process operations for
subsequent analysis and process improvement studies.
Data Archiving
Data archiving enables the user to move historical data from the hard disk onto
removable long-term storage devices. Historical data stored on the hard disk is
automatically, or manually transferred to the removable archive device. The type of
historical data that can be archived includes:
Trend data
Process events
System events
Spreadsheet reports
The most common archive devices today, are the optical disk storage medium. These
devices have a large storage capacity and are easily removed and stored.
Data Retrieval
Data retrieval enables the user to move archived data from long-term storage
devices back into an historical data area on the hard disk of the operator console.
When retrieving archived data, the user specifies a period of time and the name of
the archive medium to obtain the data. The data is then copied from the removable
archive medium into a reserved section on the hard disk. Once the data has been
copied it can be accessed in the following ways:
Trends can be displayed, manipulated and printed from the screen in the
normal format.
Process and system events (alarms, etc.) can be printed in their original format.
Spreadsheet reports can be printed in their original format, or viewed on the

screen
STOP!
CHECKPOINT
1/. Real Time Trends or Fast Trends are useful for?
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
________________________________________
2/. Name five (5) formats in which Real Time Trends can be displayed.
3/. Give five (5) examples of Spreadsheet Reports.
4/. System Event Reports may log things such as: -
5/. Give examples of these types of reports: -
On Demand
Event Triggered
Automatic
IDENTIFY THE STATUS OF INDIVIDUAL PIECES OF EQUIPMENT

must be able to identify the status of
individual pieces of equipment from the
control panel and use information to identify
potential faults
The displays available to the Control Operator allow an insight into the status of
various pieces of equipment on the plant.
Some of the more common sources of information are: -
Hand-switch Faceplates
These will indicate the on or off status of equipment. Typically they will apply to
rotating machinery such as motors, centrifuges, rotating filters and cooling fans.
Other items may include the position of valves or the status of heating elements.
Hand switches are of course Digital controllers and as such will indicate either on or
off, or more correctly 0 state or 1 state.
Group Displays
Group Displays may be constructed for a particular item of equipment such as a
major compressor, or they may be constructed for a section of a plant. They give the
Operator access to relevant faceplates for the equipment in question on the one
display.
Alarm Summaries
Alarm summaries may be configured so that any change in status of a piece of
equipment will trigger an alarm.
The alarm may be simple, perhaps just an on or off statement, but on more
complex equipment such as a large compressor, there could be many alarms tied to
the various monitoring facilities. These could include: -
Seal oil pressure Seal oil flow

Vibration Discharge pressure
Bearing temperature Suction temperature
Revolutions Discharge temperature
Suction pressure
Secondary and Tertiary Displays
As has already been learned in 1.2, secondary displays show sub-sections of

process units. Depending on the complexity of the plant, they may show details of
major items of equipment, or even be divided into Tertiary Displays. On a complex
plant a compressor as described above may have its own Tertiary Display.
This tertiary display should show all the critical monitoring points for the equipment,
enabling the Control Operator to view the status of the compressor at a glance.
Usually the Primary, or highest level of display in which the equipment is shown, will
have an alarm indication showing that there is an alarm state for the compressor. The
Operator would than access the detailed display from the primary to assess the
STOP!
CHECKPOINT
actual status of the equipment.
1/. Name three (3) types of display that will give an indication of equipment
status.
2/. Hand Switch Faceplates will normally show: -
On/Off Status
Speed
Alarm Status
On/Off and Alarm Status
INTERPRET ALARMS
must be able to interpret alarms and prioritize
steps to ensure control of system is
maintained
In 1.6 we looked at Alarms and Summaries. The summary is complied by the Alarm
Management System. This system displays the alarms according to their importance.
Each alarm is assigned a priority according to the needs of the plant. When several
alarms are active, the Alarm Manager will display them in order of priority, and in a
sub order of event log (the time the alarm occurred).
An alarm summary showing alarms displayed: -

1) In order of importance
2) In time sequence within their grouping
FALSE ALARMS
Until proved otherwise any alarm should be treated as
!
REAL.
Faults in alarm systems do occur, but to assume a fault can
lead to serious plant problems, or even
TREAT ALL ALARMS
disastrous results. AS REAL
UNTIL PROVED OTHERWISE
Reacting to an alarm
When an alarm is raised, it is important to react to it in a logical and organised way.
Determine the Priority of the alarm
Go to the graphic display that shows the alarm in CONTEXT.
Examine all the information related to that point.
Determine the cause of the alarm state
Take corrective action
Monitor the corrective action until the alarm state Returns to Normal (RTN)
IF NO REASON FOR THE ALARM STATE IS FOUND, SUSPECT A

FAULTY ALARM
BUT.TREAT AS REAL UNTIL PROVED OTHERWISE
Lets look at a typical problem.

Look at the Glycol Plant Primary Display
The alarm button is flashing red, indicating an alarm state.

The Process Mimic for the Contactor Base Level is RED, and the process variable is
yellow, indicating a Set-point Alarm.
The process variable for the rich glycol flow from the contactor is also yellow.
Click on the Contactor Secondary Display button to go to the detailed display of the
contactor section.
Here we see the same information, but from the secondary
LIC-1001 X
display we have access to the faceplates of the controllers.
Contactor Base
Manual Auto
ALARM
%
100
If we click on the Contactor Base Controller Tag LIC 1001, we
80
can bring up the Faceplate.
60
You can see that the process variable analogue bar is yellow
(set-point alarm state) because it is outside the error limits set
for the process variable compared to the set point.
0
We can also see that the Output is 100%, meaning that the
OUT 100%
controller has called for maximum output to bring the level
down.
IT IS NOT ACHIEVING CONTROL! WHY?

Lets look at the other alarm state we can see on the Secondary Display. The Flow
controller FIC 1002 is yellow, meaning it is in alarm state also. Lets click on that and
call up the faceplate.
We can see that it too is in alarm state because the process variable has deviated
too far from the set point. Look at the Control Mode of this controller. It is set on Cas
or cascade. That means it is
getting its set point from another controller! Look at the
Contactor secondary display. The P & ID shows that this
controller loop is a secondary loop that takes it orders from
the Level controller we have just looked at. The level
controller tells the flow controller what flow it requires to keep
a level of 60% in the contactor. So, the contactor level is too
high, its 80%. The Level controller is screaming at the Flow
Controller for more flow. The Flow Controller is trying its
best, has set itself 100% output, but its still not achieving
what the Level control wants.
You have now analysed the alarm state and found that the
Base Level is too high because not enough Flow is leaving
the contactor.
There is not much you can do from the control room. You will have to communicate
the problem to a Field Technician. His experience should lead him to possible
sources of the problem, though you could suggest the following.
Check that the Flow Control Valve IS 100% OPEN
Check for any restriction between the contactor and the stripper.
(cluevalves??? What about the filter?)
Resolution
The Field Operator reports that the Differential Pressure between the inlet and outlet
of the Filter is way too high, indicating that the filter element needs replacing. He
changes over the filters and the problem is solved. IS IT?
Monitoring
You think you have solved the problem? Dont forget to monitor the solution to
ensure it works!
On the Trend we can see where the Flow started to drop off, causing the Level to
rise.
After corrective action, we see the flow rapidly rise, causing the level to drop. There is
a period of instability while the Controllers steady out.
Its just one more tool you can use to analyse a problem!
So Remember!
I. DETERMINE THE PRIORITY
II. FIND THE CAUSE
III. TAKE CORRECTIVE ACTION
IV. MONITOR THE RESULTS
STOP!
CHECKPOINT
1/. If you cannot find the cause of an alarm on the DCS you should.
Ignore it
Put in a Maintenance Request
Monitor the situation while a Field Operator checks
Disable the alarm
2/. Number these actions in order

DETERMINE THE PRIORITY
FIND THE CAUSE
TAKE CORRECTIVE ACTION
MONITOR THE RESULTS
3/. All alarms should be treated as ____________ until proven otherwise.
MINIMISE FLUCTUATIONS AND VARIATIONS

must be able to minimize fluctuations and
variations in process through the
interpretation of existing trends and control
schematics.
Those students who have completed the units Contribute to Quality and Apply
Quality will be familiar with some of the factors that can contribute to variations in a
process, but lets revisit some of them here.
No process is perfect, and variation can be caused by: -
Human interactions
Poor training
Not following SOPs
Not following blend recipes or production guidelines
Incorrect blend recipes or production guidelines
Mechanical interactions
Unsuitable equipment
Malfunctioning equipment
Materials interactions
Off Spec feed-stocks
Incorrect feedstocks
Unsuitable feedstocks
Low Feedstock
The Control Operator must be able to counteract fluctuations where possible.

Only experience will equip an operator for coping with process variations, however
we will look at a situation and the tools that can be used to minimize it.
Varying Feedstock (non homogenous)
Consider a process plant that separates Oil, Gas and Water, and then treats each in
turn.
Here is the Secondary Display for the Separator

Suppose the composition of the fluid is normally
5% Gas 90% Oil 5% Water
If we keep a steady federate, and the feed composition remains constant to the
above figures, the control system on Automatic, will eventually steady the process
out.
The Trend will look something like this: -
However, suppose the composition of the fluid starts to become inconsistent.

One minute it is 5% water, next it is 30% water, then its 10% water.
Why should this be a problem?
Control systems are not particularly good at coping with rapid change, and level
controllers are probably one of the worst!
If the composition of the feed stock changed slowly, it would be OK, however rapid
changes or swings are likely to de stabilise the control of the plant, leading to off
spec product, energy wastage etc.
Look at the Trend for the separator when the feed consistency is erratic.
Notice how the flows and levels are cycling.

This is not a good thing.
Most processes are more efficient, safer and cost effective when steady state
operation is achieved.
In this case, the fluctuating Produced Water Flow from the separator is having a
detrimental effect on downstream operations. The water leaves the separator and
enters a Treatment Plant before being returned to the environment. The treatment
plant is a biological process that relies heavily on steady state operation, both in feed
rate and feed consistency.
What can we do?
The main aim of our solution should be to keep a steady flow of water to the
treatment plant.
The flow of water from the separator is dictated by the requirements of the Level
Controller LIC301. Automatic mode controls the level. So what do we do?
Look at the Trend, and see if there is a rough average water flow.
There is.
Lets say 30% of the FI 301s range is the average water flow.
So what is the range of FI 301? We can find this several ways. Clicking on the
Process Variable on the trend will bring up the Pop Up which shows detail for the
loop, including its range.
The pop up indicates that 100% is 10 kltr/hr.

So, 30% is 3 kltr/hr.
We need to set in a flow of about 3 kltr/hr.
The only way we can do this is to put the Level Control LIC301 on MANUAL.
We will have to adjust the valve opening or OUTPUT to achieve a flow of 3 kltr/hr.
Lets bring up the faceplate of LIC301 to see what it would look like on MANUAL.
We can see the process variable analogue bar is yellow, or

in alarm, and the alarm button is flashing.
We have put the controller on Manual, and made the
Output 55%.
But this process variable is the LEVEL.
We have to check the effect of the move by looking at
something that shows the indication from FI 301, the flow
indicator.
We could use the Trend for the separator, or the
primary/secondary displays.
Lets look at the trend again.

We can see that operating the Water Out LIC 301 on Manual has given us a far more
stable flow to the Treatment Plant. The Water Level is also cycling less severely.
Dont forget though, the water flow is not being automatically controlled and will
waver a bit.
The control operator will have to keep a close eye on the process and make
occasional fine adjustments to the Output of LIC 301 in order to maintain two things: -
Water Level within alarm settings of LIC 301
A reasonable stable flow of water to the treatment plant as indicated by FI 301
STOP!
CHECKPOINT
1/. Name two examples of each of these interaction types

HUMAN
MECHANICAL
MATERIALS
ENVIRONMENTAL
2/. Control Loops operating in Manual mode can help minimise variations in
process variables, but a controller on manual must
be___________________________________ by the Control Operator.
RECORD PROCESS VARIATIONS/IRREGULARITIES

must be able to record process
variations/irregularities according to
procedures.
Process Control Systems already have an extensive ability to collect and display
data. This data, when analysed by a technician or engineer, can highlight or explain
the causes of process problems and deviations.
The need for Control Operators, or even Field Operators to physically write logs and
reading sheets is vastly reduced.
Not all required information is recorded electronically, either by choice or by technical
restraints. This gap has to be filled by Operators.
Reasons for Process Variations/Irregularities

Many of the reasons for Process Variations or Irregularities have already been
mentioned in the previous section, however a DCS system will not be able to indicate
AND record the reason for many of them.
It is of vital importance for the Control Operator to record the reason for a variation or
irregularity. Such information can be invaluable assisting technicians, engineers and
other co-workers in their resolution of problems.
For instance, a Control Operator may have to reduce throughput because of a
shortage of product storage. The DCS may only pick up that throughput has been
reduced. It will not pick up the reason for the reduced throughput.
Operator Note
The operator can enter a note into the system event report to annotate a special
process condition or circumstance.
A Simple Event Log
The sequence of events for a malfunctioning Level Controller is shown. The Control
Operator has added notes indicating the problem and reason for the change in
operating mode.
ASSESS HISTORICAL DATA
PROCESS AVAILABLE INFORMATION TO IDENTIFY FAULTS
3.1 At the completion of this topic, the

learner must be able to assess historical data to
assist the identification of problems and selection
of troubleshooting techniques to deal with them.
3.2 At the completion of this topic, the

learner must be able to process available
information to identify potential faults
In 2.1 we looked at the access of data and information. All this information can be
used to identify problems with the process and the actual DCS itself.
Trend displays are probably the most useful tool. They allow us to look at process
variables, set points and outputs in relation to each other. We can view this data as it
happens (real time) or historically by scrolling back the trend.
Lets look at a problem.

We keep getting Pressure Alarms for the Separator Pressure. PAH0120 keeps
coming on, and then going off. Likewise PAL0120. This indicates a pressure swing
from Low to High Pressure.
Look at the Event Log (the Alarm History would also give us this information)
Lets look at the trend for the pressure in the separator.
As you can see the time scale is set to 5-minute intervals. The trend is a smooth
curve.
Changing the time scale
We can change the time scale to suit our needs.
Now lets change the time scale to 30 second intervals.
Now we have a picture of the Process Variable over a much shorter timescale.
Its not as smooth as we thought!
The larger the time scale the less detail we have about the trend.
Is this swing in the process variable a problem? It depends on the process.
This could possibly indicate that the controller PIC301 is a bit sticky and is not
responding smoothly.
We would not have picked this up on a bigger time scale. Zooming in lets us examine
a trend in finer detail.
This is just ONE example of accessing and using Historical Data to detect and
analyse problems.
UNDERTAKE REQUIRED SETPOINT CHANGES

must be able to undertake required set
point/output changes to meet plant and
process requirements
In 1.4 we looked at changing the set point or output of a control valve.
In 2.4 we looked at how running a valve on Manual, rather than Auto,

could in some cases result in steadier operation, and achievement of
goals.
So, what are plant and process requirements?

The operation of a plant should be to achieve the goals of
Safe Operation
Environmentally Responsible Operation
Efficient/Cost Effective Operation
Quality Operation
Guidelines for operation are usually contained in several documents.
Safe Operation
SOPs, Safety Regulations, Government Regulations, Australian Standards
Environmentally Responsible Operation
SOPs, Environmental Management Plans, Licenses,
Efficient/Cost Effective Operation
SOPs, Production Plans, Batch Recipes
Quality Operation
Production Plans, Batch Recipes, SOPs, QA Manuals, Product Sheets
These documents may be general or very specific as to how you operate.
Production plans for instance will state throughput or product output (or both).
Batch Recipes will state quantities of component materials as well. In such cases all
that is required is to adjust the set point to control the process to the required
throughput/quantity etc.
SOPs will usually just give guidelines to achieve the correct operation.
In processes where the constituency of raw materials has some variance, it is
often impossible to predict the exact parameters to achieve the correct output and
specifications.
For example, in processing crude oil, suggested furnace temperatures, column
temperatures and cut points are all estimates, albeit close ones based on
computer models.
The Control Operator will need to adjust the set points of these variables to
achieve specifications. Close cooperation with Production Planners and Chemical
Engineers is required.
Setting the Set-points
OK. So you are happily controlling the process making the correct amount of
spec. Product when a new Production Plan is issued.
Currently you are processing 5000kl/d of GOO A, making 4000 kl/d of STUFF
P and 1000 kl/d of STUFF Y
STUFF P has a specification of 47 - 50 Burs/sec (burbles per second)
STUFF Y has no specification
Lets have a look at the actual process
The new Plan is: -
SPECIFICATION
Feed 8000 kl/d of GOO B
Product 6000 kl/d of STUFF X 56 - 60 Burs/sec
2000 kl/d of STUFF Y no spec.
The Ops Guidelines for making STUFF X are: -

FEED HEATER OUTLET TEMP TOWER TOP TEMP
GOO A 242C 118C
GOO B 256C 120C
GOO C 261C 125C
There may be many parameters to change in the operation of the process to

achieve the new production plan, however we will only look at changing the feed
rate heater temperature and Tower Top temperature.
Managing a Production Change

When doing a production change it is important to remember that things seldom
happen INSTANTLY! WHY?
From the feed side, the new feed has to make its way through pipe-work,
exchangers and heaters before finally ending up in the column. Depending on the
feed rate and the size of the plant, this could take minutes or hours. It is important
that the Control Operator have some idea as to this time delay. Making
adjustments to set points such as tower top and heater temps. could have drastic
effects if they take place before the change has progressed.
Heater temperatures can often take a while to become effective, as not only the
feed has to heat up, but also the heater itself.
The Tower Top temperature should not be changed until the new feed has started
to reach the column. If it is changed before, you will be applying the conditions for
the new feed to the old feed, possibly causing off spec. productor worse.
Finally, how do you know that your product is the new one?
In-line analysers may tell us, or you may have to rely on other information such as
telltale signs (eg. increased flows from the tower base and overheads drum.)
Gently, Gently
1/. Firstly, team cooperation between the Field Technician and the Control
Operator will manage the changeover of feed tanks from GOO A to GOO B.
2/. Next, as the change is reaching the Control Valve FCV-01, the set point for the
new feed rate should be PARTIALLY set. Remember, you are increasing the feed
by 3000kl/d, so dont do it all at once. Increase by 1000 kl/d only for now.
3/. The new feed will now be approaching the heater. Our Operations Guidelines
suggest a heater outlet of 256C. That is a rise of 14C, so lets go halfway for
now. Increase the set point of TCV-01 to 249C.
4/. We will now wait until the new feedstock, GOO B hits the column before
making an adjustment to the Tower Top. The required 120C is only a minor 2C
increase so it would be feasible to do that in one move. Increase the set point of
TCV-02 to 120C.
5/. Now we could make the next 1000kl/d increase in the feed, and raise the
Heater Outlet to the recommended temp. 256C.
6/. Now it would be appropriate to examine the behaviour of the process variables
of the column to check that they are within the expected range. Product should be
increasing and levels in the column and overhead drum should be under control.
7/. Now we can finally make the last feed increase to 8000kl/d.
8/. After ensuring that the process is under control and after an appropriate time
lapse, sampling of the products should take place to ensure quality.
Control Enhancements
A DCS may have Resident Programmes that assist the operator to maintain
control of the plant, and help to ensure production changes are
carried out in easy, less disruptive steps.
Ramping Programs
These are programs that interface with one or more related
controller loops.
They allow a Control Technician to enter a TARGET SETPOINT, and then the
program will gradually increase the actual set point over a defined time range
(ramping up) or gradually decrease the set-point (ramping down).
The Ramping Program may allow: -
Selection of a Target Set-point to be achieved over a selected time interval.
Eg. Set point is 5000 kl/d, Target is set at 8000 kl/d Time interval is selected as 1
hour. So the program will increase the set point by 3000 kl/d over the space of 1
hour.
Selection of a Target Set-point to be achieved in fixed increments.
Eg. Set point is 5000 kl/d, Target is set at 8000 kl/d Increment is 500 kl/d per 15
mins. Every 15 mins the set point will be changed by 500 kl/d. It will take 90 mins.
To achieve the target.
Advanced Control Programs

These are nifty little programs that look after part of the process for the operator.
They can be turned on or off by the operator. Typically they are turned off
during start-ups, shutdowns and process upsets. They may also be automatically
switched off if a particular set of circumstances is detected by the DCS.
Often there is a requirement for the operator to enter data for the SOPL to work
with.
It may be a laboratory result, or a product spec.
ACPs may:
Manage the safe and efficient operation of part of a process Eg. Fired
Heater Efficiency
Adjust process conditions to achieve product specs. Based on collected

data.
Manage a sequential or batch operation.

ACPs and Ramping Programs can even interact with each other.
Eg. While ramping up the throughput, an ACP may manage the required increase
in fuel gas, combustion air and stack damper opening of a heater to cope with the
increased throughput. It will take data from Stack Gas Analysers to achieve
STOP!
CHECKPOINT
economic and environmentally efficient heater operation.
1/. What are the requirements for operating process plant?
2/. Why should set-point changes not be done in large increments?

_________________________________________________________________
_________________________________________________________________
_________________________________________________________________
_________________________________________________________________
_________________________________________________________________
3/. When changing the operating conditions on a process plant, why is it

necessary to plan the change in a logical sequence?
_________________________________________________________________
_________________________________________________________________
_________________________________________________________________
_________________________________________________________________
_________________________________________________________________
_________________________________________________________________
_________________________________________________________________
4/. When should sampling of products take place?

_________________________________________________________________
_________________________________________________________________
OPTIMISE PLANT OPERATING CONDITIONS

must be able to optimize plant-operating
conditions in accordance with guidelines
In 3.3 we looked at how a simple change of process conditions and set points could
be implemented.
It is the responsibility of the Control Operator to Optimise the process, possibly in
consultation with Production Planners and Process Engineers.
What IS Optimisation?
Minimising Cost Inputs to the Process
Raw materials, Utilities and Services such as water, electricity, fuel and steam are all
added costs to a process. It is vital to minimise the input of these costs. By optimising
the operation of the process these costs can be reduced. Optimising the process to
maximise waste heat recovery is one target.
Maximizing the Value Added During the Process.
As has been mentioned, often a production plan or target is a guesstimate based

on previous experience or a computer model. It may not be 100% accurate and fine
tuning or optimisation of process conditions may be required in order to ensure that
the best Added Value is achieved.
!
OPTIMISATION is not JUST operating to a plan; it is IMPROVING on
that plan to ensure the GREATEST ADDED VALUE is obtained from
the process.
Lets go back to the production plan in 3.3.
SPECIFICATION
Feed 8000 kl/d of GOO B
Product 6000 kl/d of STUFF X 56 - 60 Burs/sec
2000 kl/d of STUFF Y no spec.
So..we have set in our set points, the plant is running steadily, and we have just
received the sample result of STUFF X.
DATE TIME PRODUCT RESULT

23//4/2001 1800 STUFF X` 56.5 Burs/sec
We can see that a result of 59 Burs/sec is within specification.

Now lets do some optimisation.
We know that if we increase the heater outlet temperature, more of STUFF X will be
made, and less of STUFF Y.
We also know that we should increase the Tower Top temperature if we do this,
otherwise the extra STUFF X will be condensed and fall back down the tower into
STUFF Y.
We also know that the more STUFF X we heat out of the GOO, the higher will be
our Lab Result.
But check out the result, its at the LOWER END of the specification, so we could
afford to increase this by a few points.
Everything indicates that we could make MORE STUFF X from the same amount of
feed GOO B.
But one final check. We should contact the Production Planner and ensure it is a
smart thing to do.
The Planner will consider issues such as: -
Is STUFF X worth more than STUFF Y?

Do we have storage for the extra STUFF X?
Would it matter if we made less STUFF Y?
Thats an example of Optimisation!
STOP!
CHECKPOINT
1/. What is Optimisation?

___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
ADJUST PRODUCTION
must be able to adjust production in response
to test results and control panel information.
Most process plant requires testing of raw materials, process and products. Often
analyzers built into the process continuously monitor this. However, not all processes are
monitored as automatically, and these monitors themselves need to be regularly
checked for accuracy.
Operating Guidelines for product are usually the result of a combination of theoretical
and experiential inputs.
Crude Oil for instance varies so much depending on its source that it is almost
impossible to predict its PRECISE behavior during the refining process.
A Production Plan and Operating Guidelines for a cargo of crude oil will be built up from:
Data from previous processing of that or similar crude

Predictions using computer modeling
Predictions using laboratory testing of samples
Imported data from other refineries
Once a Production Plan is implemented and the process is steadied, the outcomes must
be checked against predicted performance.
The following are suggested checks: -
Automatic or In-line analyzers should be compared against laboratory check

samples.
Process flows should be checked against storage indicators
Lets look at a scenario
A production process produces a light hydrocarbon oil. The main specifications are
Density and Flash Point. Flash Point is the temperature at which the lightest, or most
volatile components will vaporize and ignite.
The Production Plan calls for A throughput of 2000 kltrs/day.

Light oil product of 1800 kltrs/day
Overhead product (gasoline and gas) of 200
kltrs/day
The specification of the Light Oil is Density 0.833 0.005

Flash Pt. 102C 0.5 C
There is no spec. on the overheads
The Production plan and Production Guidelines are implemented and the unit is running
steady. The analyzers indicate that the product is on spec. The following actions are
suggested.
A product sample is taken for Laboratory Analysis.
! Whenever a sample is taken, it is important to enter any relevant

process details in a log, analyzer check sheet or similar. This
information can then be used to compare the actual result against
process readings.
The laboratory result is reported and the analyzer check filled in: -
DATE TIME PRODUCT TEST RESULT Analyzer Reading

06/03/02 0800 Light Oil Flash Pt. 103 C 102 C
06/03/02 0800 Light Oil Dens. 0.833 0.832
If you look at the results table you will see that there is some variance between the
laboratory test results and the analyzer reading at the time.
While the analyzer showed that the oil was on spec. for Flash Point, the laboratory result
shows it outside the allowable range of 102C 0.5 C.
The smart move for this would be to arrange another check sample, labs DO make
mistakes.
The density result is spot on, but obviously the analyzer is slightly out, but well within the
acceptable range.
ACTION
An instrument technician should recalibrate the Flash Point Analyzer as it is reading
outside the acceptable error.
If there is a delay in having it recalibrated, then the process should be run to an analyzer
target of 101 C to compensate for the error.
STOP!
CHECKPOINT
1/. How are Operating Guidelines arrived at?

______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
2/. How do we check the accuracy of in-line analyzers?

______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
3/. Why is it important to note plant operating conditions when taking test samples?
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
REPORT AND RECORD ADJUSTMENTS

must be able to report and record
adjustments and variations to
specifications/schedules to appropriate
personnel.
In 2.5 we looked at Operating Notes that can be entered into report pages of a DCS.
We also looked at the importance of them.
We have also looked at why Production Plans and Operating Guidelines do not
always end up being an accurate model of how the process will operate.
If a Control Technician cannot meet the Production Plan, or the process ends up
deviating from the Operating Guidelines, it is important to ensure that the
deviations/irregularities are noted and where possible explained. If they are, people
such as Engineers, Planners, Maintenance, Materials Purchasers, Marketing Reps.
and Accountants can learn valuable lessons and be able to: -
Modify future Operating Guidelines

Have a more accurate idea of production capabilities
Identify process bottle-necks
Make contingency plans for product supply
Reassess the value of the raw material and product
Identify frequent mechanical problems that impact on production.
Examples of useful reports relating to deviations and irregularities could include: -

throughput reduced due to unavailability of one of J1023B Charge Pump.
programmed throughput not achieved due to lack of heating capacity

change to new program delayed as pipeline to Tank 106 was already in use for
shipping transfer, and no alternative disposal route available.
programmed off-take of B product could not be achieved at the given spec. due to
the need to reduce Tower Top temp. to achieve the spec.
throughput reduced in order to comply with License Emissions limit on H 2S in

incinerator stack gases.
As much information should be given as possible in order to: -
Explain the reason, bearing in mind that a person that needs to know may
have limited operational knowledge (eg. a Materials Purchaser)
Assist in solving the problem or modifying future plans.
STOP!
CHECKPOINT
1/. Who would need to know if a production target could not be achieved due to a
mechanical failure?
___________________________________________________________________________
___________________________________________________________________________
2/. Who would need to know if a production plan needed to be modified because
raw materials were not to specification?
___________________________________________________________________________
___________________________________________________________________________
3/. Who would need to know if a production plan had to be modified because a
piece of equipment did not have the capacity to do the job?
___________________________________________________________________________
___________________________________________________________________________
4.0 Facilitate planned and unplanned process start-ups and shutdowns.
SELECT AND APPLY OPERATIONAL PROCEDURES

must be able to select and apply operational
procedures to planned startup and shutdown
processes to guide the required process and
sequence
must be able to elect and apply operational
procedures to unplanned shutdown processes
to guide the required process and sequence
The shut down and start up of process plant is usually the busiest time for a Control
Technician. It can also possess the potential for the most risk because: -
The plant is not in stable operation.
Activities are not of a routine nature.
There are a greater number of personnel involved.
There are many activities that need to be coordinated, often happening
simultaneously.
For these reasons it is necessary to follow the correct procedures

when starting up or shutting down process plant.
! Start-up/Shut-down Procedures
These will vary greatly depending on the process; they may also vary within the
same plant depending on the reason for the shutdown. There may be separate
procedures for: -
Start-up after a Major Plant Overhaul

Start-up after a Production Shutdown.
Start-up after a Minor or Partial Plant Overhaul
Production Shut-downs/Start-ups are for when there is no requirement for the plant to
be operating. Usually the shutdown involves a minimum of work, and is shut down in
such a manner, and left in such a state to facilitate easy and rapid start-up when
production is required again.
Major Overhaul Shut-downs/Start-ups are for when extensive plant maintenance

and/or modification are required. This often involves a different sequence to a
Production shutdown, as it may be necessary to clear the entire plant of its contents.
Lines and vessels will need to be drained, flushed and possibly purged with inert gas.
Depressuring may need to take place. All this can be more easily facilitated if the
shutdown sequence is modified to this end. For example, in the oil industry, oil is
more easily drained and cleaned from vessels and lines when it is still warm, and
before any solids have had time to settle. Steaming out lines is more economical and
efficient if done during the shutdown process. Perhaps it may be necessary to
introduce a cleaning oil (flux) into heavy oil systems in order to flush out and collect
the plant contents.
After a Major Overhaul, the start-up procedure may involve the pressure testing of
equipment, the purging of air from vessels and pipe-work, and the filling of systems.
It will also, of course involve many more checks to ensure that the system is
complete mechanically.
During the pre-check period the Control Technician will be busy with
Instrument/electrical technicians checking such things as control valve operation and
ESD operation.
Minor or Partial Plant Overhaul Shutdown/Start-up is a combination of the two.

Perhaps only one major equipment item was overhauled. Hence the majority of the
plant would be as for a Production shutdown, but the item of equipment may need to
be purged, filled and checked before putting on line.
The Control Technician will be busy with Instrument/electrical technicians checking
such things as control valve operation and ESD operation that may have been
involved in the area of the plant under maintenance.
All these shutdown types are Planned Shutdowns. Procedures should be in place for
personnel to follow. On occasion it may be necessary to modify a procedure prior to
the shutdown. This is particularly so of Partial Overhaul Shut-downs.
Emergency Shutdowns
Emergency shutdowns are not planned, in that no one can predict when they will
occur. During an emergency shutdown there is the highest potential for risk of any
shutdown or start-up situation.
The nature of the emergency can vary in type and severity from process to process,
and also the size of the plant.
There is however, no reason for contingency plans NOT to be in place. It is not

difficult to recognise, with experience, the nature of most emergencies that can
happen on a plant.
In dealing with an emergency it is necessary to address the following sequence in
order of importance: -
1) Safeguard personnel
2) Safeguard the Environment
3) Safeguard Property
4) Safeguard Profits
Emergency Shutdown Procedures
Having identified typical emergencies on a plant, procedures to deal with these can
be written.
On a typical hydrocarbon plant they may include: -
General Emergency shutdown Steam Failure

Electrical Power failure Flare Out
Instrument Air failure Fired Heater Tube failure
Not all emergency shutdowns can be catered for in procedures, and the experience
and knowledge of the Control Technician needs to be applied to ensure safety of
personnel, environment and plant.
Accessibility
Because procedures need to be accessed immediately a situation is detected, they
must be available to the Control Technician in an easy to access format.
Consequently, a safe plant should have these procedures in hard copy, located
adjacent to the Controllers workstation.
Some DCS systems have them on screen. The Operator can often access them
from a menu using dedicated keypad or windows buttons.
!
Online emergency procedures should ALWAYS
be available in hard copy in case the nature of
the emergency prevents access to the Online
format eg. DCS Failure.
A Typical Emergency Procedure Menu Screen

Of course, not all types of emergency on a plant can be predicted and procedures
may not exist that precisely fit the situation.
The Control Technician must use all the skills, experience and knowledge they have
to deal with the situation.
You could do worse than follow the first five actions from the Hazard Plan
Identify the Hazard

Assess the Risk
Eliminate the Hazard
Substitute the Hazard
Control the Hazard
DCS Aids to Emergency Shutdown
We have looked at the on screen menu facility that will display appropriate
emergency measures for the process.
DCS systems may have enhanced programmes that can actually control the
shutdown to a greater or lesser degree.
They may be as simple as a series of ESDVs (Emergency Shut Down Valves).

These motorised or air operated valves can be arranged to shut down individually, all
together or in a defined or event triggered sequence.
Activation is usually on Operator Command.
They may be operated by dedicated touch pad on keyboards, on screen buttons, or

hard wired buttons attached to the workstation.
Sequences may be activated from an on-screen menu.
COMMUNICATE WITH ALL OPERATIONAL AREAS AND PERSONNEL

must be able to communicate with all
operational areas and personnel affected by
events to ensure that safety of the system
and process are maintained during the
process.
Communication
When a shutdown or start-up is to take place, communication between all those

involved must be effective. The Control Technician should have a good overview of
ALL activities on the plant. There must be good two-way interchange of information
between the control room and the field.
Because of the likely high volume of radio traffic, messages must be clear and
concise.
It is critical that the Control Operator communicate with other areas that may be
affected by the shutdown or start-up.
These may include: -

Suppliers of services (steam, power etc.)
Suppliers of feedstock
Downstream processes or storage
Adjacent areas that may be affected by dust, noise etc.
Emergency crews that may be needed in certain events.
Depending on the radio system at your workplace, it may be useful for those on the
area to go to a dedicated Shutdown Channel so as not to be distracted by other
traffic, nor monopolise the frequency to the detriment of other users.
IMPLEMENT ALL REQUIRED EMERGENCY RESPONSES

must be able to implement all required
emergency responses and ensure the
outcomes of these responses are
communicated to all affected areas
The Control Technician is a key player in any Emergency situation, particularly so if

that relates to an area of the process under technicians control. This is so
because:-
The Control Technician: -
Knows the process and the area intimately

Knows the existing operational state of the area
Has access to DCS data relating to changing conditions during the emergency
May have access to, and control of Closed Circuit TV
May have their workstation adjacent to other Control Technicians and can
initiate supportive measures.
Until the arrival and briefing of the Incident Management Team, the Control
Technician may have to coordinate all off-plant response.
Places of work all have varying Emergency Plans and Procedures. The actual
responsibilities of the Control Technician may vary from site to site, but typically they
may be charged with: -
Being the First Contact when an emergency response is initiated.

Raising the appropriate alarm.
Informing Senior Personnel
Recording events
Generally, once the Incident Management Team has set up, the Control Technician
will then act under their direction.
LOG ALL REQUIRED INFORMATION

must be able to log all required information
for further action to provide a historical record
of all events.
Following a plant emergency, the may be a requirement for an investigation to

determine: -
The nature and extent of the incident
The cause of the incident
Any contributing factors
The effectiveness of the response
All information relating to the incident must be preserved. While the DCS should
store much of that information in its data storage, and while such information can be
accessed in Trend Displays, Event Report Logs etc., it is an obligation of the Control
Technician to manually record as much information as possible.
The Control Technician may have to supply information relating to factors external
to the DCS.
Section 4.4 has outlined some of the tasks carried out by a Control Technician in
an emergency situation.
It is recommended that a Control Technician keep a hard copy logbook.
Information that should be noted in such a book could include: -
Notes on malfunctioning equipment, loops etc.

Unexplained alarms
Non-conformances
Anything that is not routine.
CCTV tapes, data, logs and any other form of information
!
collected before, during and after an incident MUST be retained
and in an unaltered state. This information may be used to
investigate the incident, and could possibly be used as
evidence depending on the seriousness of the event
STOP!
CHECKPOINT
1/. Why do plant Shutdowns and Start-ups have the potential for higher
risk than normal operations?
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
2/. Name five (5) possible Emergency Shutdown procedures.
3/. Where should Shutdown/Start-up procedures be kept?
______________________________________________________________
_____________________________________________________________
4/. Why is it essential that hard copies of procedures be kept?

_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
5/. How should communication be managed during a Shutdown or Start-up?
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
6/. Name five (5) groups that should be given as much notice as possible of a
Shutdown or Start-up?
7/. Why is it important to preserve information collected during an incident?
______________________________________________________________
______________________________________________________________
______________________________________________________________
______________________________________________________________
____________________________
IDENTIFY SYSTEMS IN ALARM OR OUT OF SPEC CONDITION

must be able to identify which system is
affected by the alarm or out of specification
condition.
In 1.6 we looked at Acknowledging Alarms and in 2.3 we looked at how to Interpret

Alarms and take steps to control the process.
During the operation of a process using a DCS, it can sometimes become confusing,
with a whole range of data and information available to the operator.
Recognising Alarms is of utmost importance in maintaining safe control of the

process.
The first indication of an alarm state is usually an audible indication, the Alarm
Sound. It doesnt tell the operator much at all. Except that an Unacknowledged
Alarm State exists. On hearing the alarm sound the Control Operator is faced with
several questions: -
What is the alarm?
What system is it in?
Is it a critical (high priority) alarm?
Is it a False Alarm?
The first reaction of the operator is to SILENCE that annoying alarm sound!
DONT!!!!!!!!!!!
Some DCS are configured so that when you silence an alarm you also acknowledge
it.
Others only silence the alarm, but it remains in the Unacknowledged state, and
continues to flash in displays or summaries.
Once you have silenced and/or acknowledged an alarm there is a danger you will
forget it!
!
BEFORE YOU ACKNOWLEDGE AN ALARM YOU SHOULD
ALWAYS DETERMINE ITS LOCATION AND IMPORTANCE
Remember, alarms are shown on: -
Faceplates
Primary and Secondary Displays
Alarm Summaries
Event Log Reports
Alarm Reports
Find a control loop on the plant, and then locate its control tag on a
Primary or Secondary Display. Now draw a block diagram showing all
the other displays, face-plates, logs, reports and summaries in with
which this process variable is associated, noting any alarm indication
STOP!
CHECKPOINT
facilities.
1/. Why should you NEVER acknowledge an alarm before determining its
location and importance?
______________________________________________________________
______________________________________________________________
______________________________________________________________
2/. Alarm information is found on (give 5 examples)

EXAMINE ALARM CONDITION FOR SIGNS OF SEVERITY

must be able to examine the condition for
signs of severity and check logs for currency
of the occurrence
We have already looked at Alarm Management. Remember how an Alarm Manager

can be configured to assign a priority value to an alarm that will show up as a colour
coding, and/or by placing it on the Summary in order of Priority Grouping.
There are other indications that can demonstrate the importance or severity of an
alarm condition.
Stepped Alarms
Some alarms are configured to alarm at different process values as the severity of
the condition increases.
For example: -
PAH designation is an acronym for Pressure Alarm High.
If the pressure continues to rise and become more critical a further alarm may be
triggered
PAHH designation is Pressure Alarm High High
The every fact that the process variable has a PAHH facility gives some indication
that an alarm condition for this part of the process is a serious situation.
This alarm hierarchy can go one step further.
Check out this simplified secondary display for a compressor.
Compressors are for compressing gases; they do NOT like liquids, as they are
incompressible.
Unless the compressor is a specialised Wet Gas Compressor, severe damage can
be done if liquids enter a compressor.
To this end, a Suction Knockout Pot (K/O Pot) is usually installed before the inlet to
the compressor. This pot may be drained automatically by Level Control, or manually
by the field technician.
As an added security, this vessel can be fitted with high-level alarms.
In this case the K/O Pot has three alarms in ascending order of severity.
LAH Level Alarm High
LAHH Level Alarm High High (or VERY high)
LASH Level Alarm Switch High
The final alarm LASH takes the situation out of the hands of the Control Technician.
Should the level go past the LAH trigger, the LASH will automatically shut down the
compressor in order to protect the machine from liquid carryover damage.
Non-Process Variable Alarms
Other severe conditions may be indicated by alarms that monitor machinery and
equipment rather than the process.
Examples include
Vibration alarms
Heat alarms
Smoke alarms
Emission alarms
Like process variable alarms, they may be stepped and/or be tied into shutdown
systems.
Frequency of Alarms
Frequency of a particular alarm could be cause for concern. While the severity of the
condition indicated by one single event may not be of any great consequence,
repeated occurrence of this event could indicate machinery/instrument malfunction,
the possibility of cumulative damage over a period of time, or a design problem.
The frequency of an alarm can be researched by examining several displays on a

DCS, but the most useful is perhaps the System Event Log.
This is most useful because: -
It displays the date, time etc. of each alarm event

It displays other system events in order of occurrence.
Examining the log will show other system events occurring around the same time as
the alarm. From this it may be possible to identify events related to the alarm
condition. An alarm that is occurring frequently may be shown to be preceded by
certain other events on each occasion. This will help identify the cause of the alarm
condition.
STOP!
CHECKPOINT
1/. What alarm states do these tags indicate?

PAH LAL
FALL PALL
TAH FAH
2/. A frequently occurring alarm state may indicate?

3/. How can a System Event Log help analyse an alarm state?
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
IDENTIFY OTHER ALARMS OR ABNORMAL CONDITIONS

must be able to scroll through other screens
on control panels to identify what other
alarms or abnormal conditions may be
registered.
Much of this has already been covered, so we will just look again at the various
screens that may assist the Control Technician to identify alarm states or abnormal
conditions.
Perhaps it would be wise to view these options in the light of a possible failure of one
or more alarm indications!
Nothing is foolproof of course, and DCS systems are no different. The possibility of a
failure in the DCS to alert about an alarm state is quite real, though there are a great
number of other tactics a Control Operator can employ to avoid non-detection of
abnormal conditions.
The beauty of such a system is that within a particular loop, or for a particular
process variable/equipment state, there may be many indications of abnormal
condition.
Lets look at some of them.
Indicator Description Location
Analogue Value The value of the process Primary/Secondary
variable Displays, Faceplates
Trends, Overviews
Set-point Alarm (or PV-SP Deviation too far either Faceplate
Deviation) side of the set point by a Alarm Summary
defined amount eg. 10% Event Log
High & Low Alarm Process Variable has Faceplate
exceeded a defined Alarm Summary
threshold Event Log
Hard Wired Alarm An alarm independent of Usually a separate alarm
the DCS. Connected to the light or display, on or near
control room by a wire, as the consol but not
opposed to the Data dependant on the DCS.
Highway Has its own response
button.
Abnormal situations can often be picked up if an alarm fails, or if no alarm exists.

When the operator reviews all the indications they may detect inconsistencies. There
may be variables which do not add up, or make sense when compared to each
other.
Often the only alarms on a loop are working off the actual gauge. If the gauge sticks
or malfunctions, both the Set Point and High Low alarms will fail to function!
When things dont add up suspect a problem!
Examples
A flow of 1000 m3/hr into a vessel, and a flow of 500 m3/hr out, level is steady.
The only alarms on the vessel are soft and work off the level indicator, which is
obviously not working!
Here is a screen we have not seen yet. Its called an OVERVIEW.

It shows all the important process variables and information for a process without the
clutter of a full display.
GLYCOL DEHYDRATION PLANT OVERVIEW
PARAMETER SP PV Units
LEVELS
Inlet Gas Scrubber 15 %
Contactor 60 58 % UTILITIES
Reboiler 75 76 % L.P. Steam 318 Kpa
Surge Tank 60 60 % Instrument Air 747 Kpa
Flash Tank (glycol) 100 % Plant Air 654 Kpa
Flash Tank (oil) 5 % Cooling Water 21 C
Glycol Storage 50 %
TEMPERATURES ENVIRONMENT
Wet Gas Inlet 72 C Ambient Temp. 23 C
Dry Gas Outlet 68 C
Glycol Inlet 76 C Wind Strength 28 km/h
Reboiler 190 195 C
Stripper 100 C Wind Direction
PRESSURES
N
Inlet Gas Scrubber 102 Kpa
Contactor Top 114 Kpa
Contactor Base 112 Kpa
Flash Tank 43 Kpa
FLOWS
Wet Gas 250 m3/hr
Dry Gas 239 m3/hr
Lean Glycol 1.6 1.5 kl/hr
Rich Glycol 1.6 kl/hr
STOP!
CHECKPOINT
1/. What is the most reliable type of alarm?
______________________________________________________________
2/. Why?
______________________________________________________________
3/. What is the advantage of an Overview Display?

______________________________________________________________
RESPOND TO ALARMS
must be able to respond to the alarm or
incident by following procedures
In 4.2 and 4.4 we looked at Emergency Procedures.

The actual alarm or incident will initially dictate the required response from the
Control Technician.
Certain alarms or incidents will have given procedures to correct or respond with.
Others may not, and this is where the Control Technician requires a thorough
understanding of the plant, process and the DCS.
Alarms may require the implementation of an: -
Emergency Procedure
Environmental Procedure
Safety Procedure
Product Movement Procedure
Standard Operational Procedure.
Not all of these will require actual changes to the operation of the process by the
Control Technician, however, as the initial alarm or condition is first relayed to the
Control Room, it is usually the Control Technician who initiates the response
procedure by communication with relevant people.
Deteriorating Situations
More often then not, serious situations start off as small incidents, irregularities or a
single alarm. This alarm may not be a particularly high priority alarm, but is only the
first indication that something is starting to go wrong. It may NOT develop, then again
it MAY!
It is important to examine ALL alarms to determine the POTENTIAL for an escalation

of the situation. History is full of disasters on process plants where the first sign of
trouble was a minor alarm or incident that was misinterpreted or even ignored.
Calling it Quits
At some time during the response to an alarm or irregularity it will become clear that
the situation is becoming increasingly unstable.
Procedures are implemented, changes made and moves are made to compensate.
The Control Operator may eventually have to make a decision (perhaps in
consultation) to make the plant safe, by shutting down or whatever is the
appropriate action.
This decision should NOT be influenced by any other factors other than SAFETY.
Remember the order?
Safeguard Life
Safeguard Environment
Safeguard Property
Safeguard Profit
The financial consequences of a production half should NEVER intrude upon any
decision where Safety is at risk.
Workplace Ethics, Procedures and Culture should always support decisions based
on Safety.
The PIPER ALPHA disaster in the North Sea is recommended

reading or viewing as a premier example of how production
considerations added to a tragic outcome.
STOP!
CHECKPOINT
1/. What procedures may be required in response to an alarm?
2/. What is a Deteriorating Situation?
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
3/. Write down the order of importance of an Emergency Response
1)
2)
3)
4)
COMMUNICATE THE PROBLEM

must be able to communicate the problem to
shift supervisor or the plant engineer
Not all alarms or problems need to be communicated to other personnel. Many

remain within the scope of the Control Technician to remedy, using the DCS.
However, other problems will need to be communicated to relevant people. Such
problems could include: -
Those that pose a HSE risk.
Those requiring intervention of a Field Technician.
Those requiring maintenance.
Those affecting Production/Quality outcomes.
Those affecting Upstream or Downstream Processes
Those affecting suppliers of services/Utilities
There are many ways to communicate the problem.
Person to Person Written Logs

Two-way Radio Specific Reporting Sheets (eg.
PA System Work request)
Telephone Incident Reports
Electronic Mail DCS System Event Logs
DCS Handover Pages
The actual format by which a problem is communicated will depend on: -
Urgency
Methods available
Who it is communicated to
The following PMA02 Units of Competency cover these issues in depth.
PMA02 COMM100B Relay & Respond to Information

PMA02 COMM200B Process & Record Information
STOP!
CHECKPOINT
1/. Give five (5) examples of when an alarm or incident needs to be

communicated to another person by the Control Technician.

2/. Give Five (5) ways that information may be reported.

3/. Who would you report the following alarms to?
Toxic Gas detection alarm

Machinery Vibration alarm
Product analyser off-spec alarm
DCS Data Storage Full Alarm
RECORD THE INFORMATION

must be able to record the information on the
appropriate log and/or ensure the operations
database is updated with details of the alarm.

must be able to provide face-to-face details of
the alarm and action taken to the next
supervisor at shift changeover.
5.8 At the completion of this topic, the learner must be able

to follow-up the incident to see that appropriate action
has been taken.
So many things can happen during an eight or 12 hours shift, that to record them all,
even just the alarms and incidents, would require pages and pages of
handover notes.
Dont forget that the System Event Log will record all of this anyway.
In 2.5 we looked at recording irregularities and variations, and the same conditions
apply here. The DCS will record the fact that an alarm has been going off regularly,
associated data may show the reason, and then again it may not. It is the
responsibility of the Control Technician to fill in the gaps in information that the DCS
does not collect and store.
This information should be written down in summary form so that: -
You can use this as a prompt when handing over.

Your relief can refer to it at a later stage.
The information is on record for future reference by engineers etc.
It is also mandatory to inform the on-coming shift about any serious situation, even if
it has been dealt with.
Obviously if an alarm or irregularity is still ongoing, it must be drawn to the attention
of the next shift.
Information you should convey to them should include
Time of the alarm

What the alarm is.
What is the probable situation causing the alarm state?
What, if any, corrective action you have taken.
If the corrective action has been effective, is still in progress, or has been
ineffective.
Frequency of this alarm situation.
But what about situations that have been fixed.
These should also be reported to the next shift.

Why?
They can follow up your corrective actions to ensure you have dealt with the
situation.
Should the situation recur they can base their action on that taken by you.
They may reassess the cause if the problem recurs.
When assessing the effectiveness of a solution check: -
Has the solution fixed the problem permanently?

Will further action be required?
Has the problem only been shifted to another area?
Did you treat the CAUSE or the
SYMPTOM?
Analyse
Plan
Act
Check
STOP!
CHECKPOINT
1/. What information about an alarm or abnormal situation should you convey to
your relief?
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
2/. When assessing the effectiveness of a corrective action, what should you
check for?
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
3/. Why is it important to leave written handover notes in summary form?

______________________________________________________________
______________________________________________________________
______________________________________________________________
______________________________________________________________
6.0 CONTRIBUTE TO CONTROLLING HAZARDS
IDENTIFY HAZARDS, ASSESS RISK AND IMPLEMENT CONTROLS

must be able to identify hazards in the
production/processing work area.

must be able to assess the risks arising from
those hazards.
6.3 At the completion of this topic, the learner must

be able to Implement measures to control risks in
line with procedures and duty of care
Although all work areas are hazardous to some extent, a chemical, oil or
hydrocarbons plant contains special hazards due to:
the nature of the product (inflammable, explosive, toxic etc)
the type of equipment and machinery used to process the product (high
pressures, high or very low temperatures, the use of steam, compressed air
etc).
Hazard identification has become particularly important in the Chemical, Oil and
Hydrocarbons industries since the Longford Incident. In this incident, which occurred
on September 25, 1998 at Essos Longford (Victoria) gas processing plant, two
workers were killed, and eight others injured. As a result of this incident, and the
subsequent findings, Victoria has revised its OH&S legislation with additional
regulations pertaining to Major Hazard Facilities. Other states are likely to follow with
similar changes.
In Victoria, the OH&S (Major Hazard Facilities) Regulations came into effect on 1 July
2000. The Regulations focus on the safety of people at major hazard facilities
(workers, contractors and visitors), the safety of those who may be affected by an
incident at a major hazard site (neighbours, local community) and the safety of
property.
WHAT IS A MAJOR HAZARD FACILITY
A site is considered a major hazard facility (MHF) primarily if it stores, handles or

processes quantities of dangerous chemicals or products above a threshold, as
defined in Schedule 1 of the Regulations. Typically, such facilities include refineries,
chemical and gas processing plants, LPG storage and distribution sites and even
certain types of large warehouses and transport yards. While major incidents at these
sites are rare, the 1998 Longford incident highlighted the potentially catastrophic
nature of such incidents in terms of loss of life and damage to property.
MHF REGULATIONS
The Victorian Occupational Health and Safety (Major Hazard Facilities) Regulations
set out specific obligations for companies operating major hazard facilities. Under the
new laws the operating companies must:
establish and implement a safety management system
identify all major incidents that could occur, and the hazards that could cause
those major incidents
assess the risk of these hazards and potential major incidents
adopt control measures to eliminate or reduce, so far as is practicable, risk to
health and safety
prepare emergency plans in conjunction with local emergency services and
municipal councils
consult with health and safety representatives in all relevant matters
provide safety information to the local community and consult with municipal
councils in relation to matters that could affect the local community
prepare a safety case and apply for a licence
revise the safety case at time frames and following specific requirements.
WHAT IS A SAFETY CASE?
A Safety Case is a written document in which the operator of a major hazard site
describes what measures are in place to prevent a major incident and also to deal
with the situation should such an incident occur. The Safety Case must demonstrate
that the measures are appropriate and adequate and that risks have been reduced
as far as practicable. A Safety Case can only be written following a full examination
of:
the facilitys activities
the potential for major incidents
risk control measures.
Preparing a safety case is the employers responsibility, but a significant aspect of a

safety case is the role of employees.
THE ROLE OF WORKERS IN HAZARD REDUCTION
The New South Wales Occupational Health and Safety Act 2000, though not
applicable outside NSW, states that:
Employees must take reasonable care of the health and safety of themselves and
others. Employees must co-operate with employers in their efforts to comply with
occupational health and safety requirements.
Other states have similar legislation, often referred to as duty of care. That is,
employees in all parts of Australia have obligations regarding Occupational Health
and Safety regulations.
The following diagram illustrates the general principle of hazard reduction.
Controls to Controls to
Event causing reduce likelihood Incident reduce severity
a hazard of an incident of incident
Concept of control measures

An example is shown below:
An example is shown below:

Initiating event Control measures Effect of loss Mitigation measures
Occurrences Eg: of control The systems to
with the Eg, loss of minimise the
mechanical safety
potential to containment of consequences of loss
devices
cause a toxic or of control
dangerous safety procedures flammable
situation operator presence substances
Incorrect Site wide

Operator High- Hydrants
quantity in a Loss of emergency
presence pressure and
pentane pentane response
trip monitors
weigh tank plan
Example of effects arising from a hazardous situation
In the above example, because of an incorrect quantity of pentane in the pentane

weigh tank, there is potential for a loss of containment of pentane, leading to a fire
and other possible consequences, including injury and loss of life.
Control measures include the presence of an operator who has the skills to recognise
the potential for an incident to occur because of the incorrect quantity of pentane in
the weigh tank. The operator would then follow procedures to prevent the incident.
The important aspect is that the operator identifies the situation in the first place.
IDENTIFYING HAZARDS
A hazard is any situation with the potential to cause harm, injury, or damage to plant
and equipment. All workplaces have potential hazards that can lead to a minor or
major incident. Identifying and dealing with a hazard is often common sense, such as
seeing a leaking gland in a pipe and notifying the appropriate personnel. Other
examples include hearing unusual noises in an item of plant, noticing a leaking
containment vessel, observing incorrect or unusual instrument readings (eg pressure,
temperature, flow rate).
In some cases, a certain level of skill is needed to identify a workplace hazard. That
is, the operator needs to know if a noise is indeed unusual, that the instrument
readings are incorrect, or that a containment vessel should not be leaking. Employers
operating a major hazard facility are obliged under the Victorian legislation to provide
training for employees.
Plants that are not categorised as major hazard facilities also have obligations under
the relevant OH&S acts, which include providing a safe workplace. In other words,
there are obligations on employers to provide appropriate training in hazard control,
and obligations on employees to recognise and assess a potential hazard.
Hazards can also arise from the normal operation of items of equipment. For
example, you might notice that the barriers or warning signs around a certain item of
equipment are missing. The hazard is therefore not the item of equipment, but the
missing signs or barriers.
ASSESSING RISKS ARISING FROM A HAZARD
The risks arising from a hazard will depend on many factors, including:
the type of workplace (eg, oil refinery, chemical plant, hydrocarbons plant)
the nature of the hazard (eg, small or large leakage, fire, loss of containment)
the situation at the time (eg, circumstances where a loss of containment of a
flammable substance would be greater if welding was being conducted
nearby).
The risks that could arise also vary considerably and could include:
environmental risks (pollution, chemical fallout over adjacent properties, fire)
risks to other workers (injury or death)
risks leading to plant damage and failure (eg, bearing failure causing a shaft to
seize, which in turn could cause other equipment items to fail, due to a loss of
output from the equipment suffering bearing failure)
risks leading to loss of product (eg, gases or liquid products escaping, which
in turn could mean the plant loses profitability, leading to potential closure).
You would normally assess the likely risks from a hazard you have identified before
taking action. If the potential risks are high, you need to take action immediately. If
there were minimal risks (eg, a very small leak from a gland), you would still report
the leak, but perhaps after you return to base. However, if in doubt about the
potential risks, report the hazard immediately.
TAKING ACTION TO CONTROL RISKS
In some cases you will be able to deal with the hazard yourself. For example, if you
notice a leaking gland that simply requires tightening, you would tighten the gland,
providing its within your scope of skill level. Or you might hear a noise that indicates
a bearing problem that you can solve by topping up the bearing oil containers. The
important thing to remember is that you should only make repairs you are qualified to
undertake.
In many instances, you would need to report a potential hazard to appropriate

personnel. However there could be things you can do while an emergency response
team is on its way. For instance, if a gas bottle is leaking, you could isolate that gas
bottle and warn others of the hazard. If a pressure gauge indicates an abnormally
high vessel pressure, you would first report the problem, then take action to warn
other workers, including placing barriers to prevent others from getting too close to
the vessel.
FOLLOWING PROCEDURES
Most workplaces have procedures in place to deal with hazardous situations. The
aim of these procedures is to ensure the correct action is taken, and by the
appropriate personnel. If you identify a hazardous situation, you would take
appropriate action in accordance with the correct procedures. Otherwise you might
make the situation worse, or cause yourself injury. If there were no procedures, you
would take action in accordance with your skill level.
The essential aspect is to take appropriate action. If there are no procedures and the
problem is outside your skill level, report the problem immediately, even if it appears
minor. The Longford incident could have been prevented if the observation of ice
around a pipe had been acted on appropriately.
STOP!
CHECKPOINT
1/. List the hazards associated with your immediate work area.
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
2/. Assess the likely risks arising from each of the above hazards.
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
3/. State the type of action you should take to control each of the above hazards.
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
7.0 Resolve problems
IDENTIFY PROBLEMS
must be able to identify possible problems in
equipment, control systems or process

must be able to determine problems needing
action
A plant that has been fully commissioned and operating in a steady-state condition
will have little if any need for intervention by the control room operator. Intervention
by the operator would be limited to start up or shut down of the process, adjusting
production set points, and maintaining production reports.
However, not all plants operate for a long duration without some type of abnormal
situation occurring. This may include mechanical failures within the process,
maintenance requirements, or on going enhancements to the production process.
It is therefore necessary for the operator to be cognitive of process conditions,
abnormal situations, maintenance personal work scopes, and other factors that will
effect the operation of the process.
Examples of abnormal conditions can include: -
Maintenance or tuning of control equipment requiring the operation of that
control loop to be placed in Manual Mode, or even physical bypass operation
by a technician on the plant itself.
Start up or shut down phase requiring non-standard operation of the panel

such as Manual operation of control loops, disabling of Optimisation and
Control sub-programs.
Production specifications and plans that require operation of the plant outside
of normal operating parameters (but within safety guidelines)
Examples include: -
New or unfamiliar feedstock.

Test runs for new product specification.
Commissioning of new equipment.
Experimental Operation under instruction of engineers.
Categorising Problems
Problems likely to be detected by the control technician can be broadly divided into
three categories.
Feed/product Quality Problems
Control Problems
Machinery & Equipment Problems
Design Problems
Poor Operating (personnel)
Lets look at examples of each.
Feed/product Quality Problems

Off spec feed will not produce on spec product according to production plans. The
feed may be on spec but Production planning MAY have gotten it wrong, and the
product spec. Cannot be achieved with this feed.
Control Problems
Process Control equipment is malfunctioning, preventing the Control Technician
running the plant according to the parameters dictated by the plan.
Machinery & Equipment Problems

Inefficient pumps, heat exchangers etc. Blocked or restricted pipe-work. Leaking
equipment causing product contamination.
Design Problems
The process design is not capable of achieving the production targets/specs.
Undersized equipment.
Equipment not capable of achieving precise quality specs.
Poor Operating (personnel)

Nothing is wrong with the feed, control or plant, its the people operating it. It may
be you! It may be the procedures and guidelines.
Actioning Problems
All problems must be dealt with. The main issues facing the Control Technician
are: -
Prioritising actions
Documenting/recording the problem/action
AND
If the problem is outside the scope of the Control Technician; who to report
it to.
All of these issues have been dealt with previously.

But lets state again the Golden Rule when prioritising.
Safeguard Life
Safeguard Property
Safeguard Profit
STOP!
CHECKPOINT
1/. Give three examples of scenarios that may require abnormal operation of the
process.

2/. Name 5 major causes of problems, and an example of each.

DETERMINE CAUSE OF FAULT

must be able to determine possible fault
causes
We will look at some Process Control problems either DCS systems.

It is not possible to document all possible problems of course, but some of the most
common are readily identifiable.
We will look at three broad categories.
On Plant Mechanical Problems

Loop Problems
Controlling Entity/Highway/Interface Problems
On Plant Mechanical Problems

Despite the largely solid state computerised infrastructure of a DCS, the end result,
or the bit that does the work is predominantly a mechanical device such as a
Control Valve. These are often operating in a harsh environment, and in contact with
process streams containing corrosive, high viscosity, hot, cold or abrasive
substances. These conditions will often lead to permanent or temporary malfunction
in the equipment.
Lets look at two common failures, failure due to the
Controller, and failure due to the sensor. We will look at the
possible cause, but leave the solutions until the next
section.
Control Valve Problem
The control valve is not maintaining a set point.
A Control Technician changes the set point for a process

variable and notices that no change in the value is
occurring. The Faceplate indicates all is well except for the
value. The Output has increased to 100%, asking for the
valve to open wide to achieve the set point, yet no change is
apparent. See the Faceplate for FIC-101. The Control
Technician contacts the Field Technician and asks her to
check the valve.
The Field Technician reports that the valve is 20%
open, NOT 100% as called for by the DCS.
The most likely cause is that the valve is stuck.

This is a common problem especially with valves that are cycled (moved) infrequently
or if they are cycled frequently, within only a few percentage points of output.
Diaphragm air operated valves are particularly susceptible to this.
Level Sensor
The level indication remains the same, contrary to other indications
We will look at the Float Chamber type of level sensor.

The Control Technician is concerned that the level indication in a vessel remains
constant despite other indications that suggest it should NOT be so. The flow into the
vessel is constant, yet placing the Level Control on manual, and
increasing/decreasing the output to vary the flow out of the vessel produces no
change in the indicated level.
Lets look at the trend.

The Control Technician contacts the Field Technician and requests a visual on the
level in the tank. The Field Technician reports that the actual level in the tank is 80%!
He stands by while the Control Technician, with the Level Controller on manual still,
increases the output to 100%. The Field Technician reports that the level is dropping
rapidly now.
Obviously there is nothing wrong with the Control Valve LC401. Its getting the wrong
information from LIC401.
LIC401 is stuck at 50%
Loop Problems
There are a fair few things that can go wrong with a process control loop and they
are generally not within the scope of responsibility of the Control Technician to
remedy. It is however, important for the technician to recognise the problem and
report it to the necessary people for rectification.
Lets look at a couple.

One relates to the operation of the Controller, the other relates to the Process
Variable Sensor.
Gain Problems
The speed at which a controller responds to a change in the LOAD is called the
GAIN.
If the Gain is too low the controller will respond too slowly and may not be able to
keep pace with a changing process variable.
If the Gain is too high the controller will react far too quickly and will cause cycling, or
erratic control as it makes too greater changes for only a small change in process
variables.
Normal Operation
Process Variable
Set Point
PV PV
SP SP
TIME TIME
Gain High Gain Low
Typically, High Gain will cause the erratic, unstable control illustrated above.
Low Gain will cause the slow response as above right, in this case it is not even fast
enough to control the process and the process variable is wandering further away
from the set point each cycle!
Calibration Problems
For a DCS to control properly it must have CORRECT DATA input in order to control
correctly. A frequent fault in a DCS is that the actual proportional signal (usually in
milliamps) from the sensor (eg. Level Indicator, Temp. Indicator) is out of calibration
with the actual process variable.
For example, a Flow Controller is controlling the flow of a component satisfactorily.

However, the Mass Balance generated by the DCS shows an error of 5%. Between
inputs and outputs. The Lab says that the product is off spec.
Eg.
Feed A 2500 litres/hr FIC201
Feed B 1000 litres/hr FIC202
Product 3675 litres/hr FI 203
Deviation 175 litres/hr +5%
All operating variables are correct.

So where is the problem?
A check is made of the contents of feed tank A and it is found that far more A has
been used than the program indicates.
Obviously, FIC 201 is NOT controlling the flow of feed A correctly to the desired
program amount.
FI 201 is out of calibration. It is not sending the correct signal to the DCS and so the
DCS is controlling using incorrect data.
There is an error of +175 litres/hr. or 7%, not good!
The instrument will have to be recalibrated by an Instrument Technician.
Controlling Entity/Highway/Interface Problems
A Distributed Control System in a modern manufacturing process is the 'nerve'

system that maintains control over the myriad of processing tasks.
It would be impossible for individual operators to rush around and control the
numerous processes and activities required to maintain a continuous operation.
It is therefore imperative that this 'nerve' system is highly reliable, and that
contingencies are in place in the event of any hardware failures.
One of the primary objectives of a Distributed Control System is to ensure that there
are no single-points-of-failure within the hardware system.
A single-point-of-failure is defined as the failure of one component causing a

catastrophic failure to the entire system, or any major sub-system. To avoid the
single-points-of-failure, DCS vendors incorporate a high level of 'redundancy' into
their hardware architecture.
DCS Redundancy Systems
Hardware redundancy provides:
A reduced urgency to repair a failed component immediately.
Greater security for meeting production targets.
Enhanced system integrity.
The term redundancy in this case means additional components that automatically
kick-in in the event of a 'primary' component failure. 'Backup system' is another term
used to describe redundant components.
Hardware Alarms
All DCS hardware components have associated alarm and status information that is
relayed via the communication system to the operator interface. This information
appears in a series of diagnostic displays. These displays are used by personnel to
monitor the system for hardware problems.
Diagnostic information not only informs the technician of failed equipment, but also
reports on the operating condition of the equipment. This may include out-of-range
field input parameters, low power supply voltages, faulty redundant modules,
communication data errors, etc.
Hardware status alarms will have a high priority due to the possible loss of
production.
These alarms are shown on the master alarm summary display.
The DCS items monitored may include:
Operator Interface Unit hardware and associated components.
Distributed Controller Entities hardware.
Cabinet temperatures.
Communication system.
Processing module integrity.
I/O Slave module integrity.

DCS HARDWARE OVERVIEW
CONTROL CENTRE
1 OPS Station 1 NORMAL

2 OPS Station 2 NORMAL
Communication Highway 3 OPS Station 3 OFFLINE
GLYCOL PLANT Separation Plant
21 DCE NORMAL
10 DCE NORMAL
22 DCE FAULT
11 DCE NORMAL
23 DCE NORMAL
12 DCE NORMAL
24 DCE OFFLINE
13 DCE OFFLINE
25 DCE NORMAL
A SYSTEM STATUS OVERVIEW DISPLAY
The hardware status of the entire Distributed Control System is shown on the System
Status Overview display. This display gives an overview of all the nodes (or DCE
sub-systems) and provides the following status information.
Node on-line or off-line.
Node module errors.
Communication system.
Node hardware problems (fans, power supplies).
This overview status display also provides access to sub-levels of diagnostic displays
for each node.
Critical Failure Modes
It is essential that the production operator interpret critical failure modes correctly to
ensure safe operation of the plant equipment.
This type of failure mode needs to be addressed urgently so production downtime is
minimised. The production operator should immediately contact qualified engineers
or technicians to investigate the failure.
If the Operator Consols are still operational, the Control Technician should call up the
status displays in order to locate the hardware fault. This information will be required
when discussing the failure with the engineer or technician.
The operator should also peruse the alarm summary for any unusual priority alarms,
for example, high-pressure alarms that may represent a danger to personnel or
equipment.
The operator should also peruse the operating displays to determine whether the
process has shutdown properly. The DCS failure may have caused part of the
process to stop operation, while another area is still in operation and may need to be
manually stopped.
Most critical failure modes are tested for their effects during the commissioning phase
of the plant.
This will ensure that on the loss of a major node or processing module DCE, outputs
default to predetermined states. This will in-turn ensure a safe shutdown of the
process, with pumps, valves, drives, dampers, etc. going to fail-safe states or
positions.
Internal configuration safety interlocks will further ensure that other areas of the DCS
unaffected by the failure will be notified via the communication system and shutdown
if required.
It is essential that the production operator interpret critical failure modes correctly to
ensure safe operation of the plant equipment.
Non-Critical Failure Modes
This type of failure would indicate:
A primary hardware component has failed and a redundant component is now in

operation.
A DCE power supply unit or feeder has failed, and the system is now operating on
a single supply or power feeder.
A communication highway or bus has failed, and the redundant system is in

operation.
An operator interface unit is off-line.
This kind of failure is obviously less critical than the above 'critical failure' mode as
the process is still in operation. However, DCS integrity has been decreased and the
problem should be investigated and rectified when practicable.
Should any question arise regarding the integrity of a primary module, the redundant
module will assume a bump-less control, automatically and immediately. When a
primary module fails over to its backup or redundant module, the changeover is
seamless and bump-less to the process.
However a hardware alarm is raised to indicate the failure of the primary unit.
DCS Failure Recovery
The rectification of critical hardware faults may require certain sections of the DCS to
be isolated while repairs are undertaken, or that the process plant is unable to be
restarted until the fault is fully rectified. Engineers or technicians will normally carry
out this task in consultation with the control room operator to ensure hardware status
alarms have cleared.
Recovery from a critical hardware faults may require the downloading of system
software if major processing modules have been damaged. Recovery from a power
down situation will not require the reloading of software, but will require the operator
to go through a proper start-up procedure of the process plant.
It is imperative the operator confirms that all hardware status alarms have cleared
prior to restarting the process.
The rectification of non-critical hardware faults can usually be done while the DCS is
on-line and the process in operation.
Engineers or technicians will normally carry out this task in consultation with the
control room operator to ensure hardware status alarms have cleared.
Most DCS vendors incorporate on-line changes for all redundant components. This
simply means the failed component is removed or unplugged, and replaced with a
known good spare. These modules may be inserted and removed under power.
Processing and communication modules will go through an automatic start-up

procedure, during which time they will receive a copy of the configuration and current
control data. This will ensure they are in a 'hot' standby mode ready to assume
control if required.
DCS Start-Up Procedures - Overview
On Power-Up
Analogue Outputs Go to fail-safe position.
Digital Outputs Go to fail-safe position.
Example For a valve this may be in the open or closed position.
One of the most stressful occasions for the control room operator is during the start-
up of a process plant, or the associated control system. The operator can become
very confused with the amount of information unless they follow a concise procedure.
Generally modern process plants will have in-house procedures to follow when
starting up the process.
These procedures should be followed in addition to a common-sense approach

of checking process conditions and equipment.
STOP!
CHECKPOINT
1/. How could you tell that a Flow Control Valve was stuck?
______________________________________________________________
______________________________________________________________
______________________________________________________________
______________________________________________________________
______________________________________________________________
______________________________________________________________
______________________________________________________________
2/. Is this indicative of too high or too low GAIN on a control loop?
Normal Operation
Process Variable
Set Point
PV
SP
TIME
3/. Check out this MASS BALANCE
FEED 8500 kl/d

Product A 1700 kl/d
Product B 4300 kl/d
Product C 1900 kl/d
Product D 1100 kl/d
What is the total product?

How does this compare to the Feed?
What is the % error in the mass balance?
Describe how you would find the cause of the problem.
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
4/. What does the term Redundancy mean as applied to a DCS?
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
5/. What is a Critical Failure?
___________________________________________________________________
___________________________________________________________________
6/. What is a Non-critical Failure?
___________________________________________________________________
___________________________________________________________________
7/. What is a Fail-safe Position? Give examples

___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
8/. What display would you go to check the DCS system Hardware?
RECTIFY THE PROBLEM

must be able to rectify problem using
appropriate solution within area of
responsibility
We will look at the problems that are within the scope of the Control Technician to fix,
or fix in cooperation with a Field Technician. Any other problems, as have been
described, will need to be reported to the appropriate personnel.
Stuck Control Valve
In 7.3 we deduced that the Control Valve was stuck. It was not responding to
changes in output. The Field technician will have to stand by the valve while the
Control Operator performs the following sequence of checks and movements.
Have the Field Technician check that the Air Supply to the valve is
sufficient. Pneumatically operated valves usually have two pressure
gauges. One shows the Air supply, the other shows the Output pressure
(the pressure applied to the diaphragm to move the valve).
If the Supply Pressure is low than the reason will have to be investigated.
Have the Field Technician observe the Output Pressure while you adjust
the Output on the DCS Faceplate from 0% to 10% then 20%. The Output
Gauge should show increasing pressure. If not then there is a fault within
the actuator and it must be reported to the Instrument Technician. If the
Output Pressure mirrors moves made by the Control Operator, go to the
next step.
The next step is called Stroking the valve.
The technique is to subject the valve to radical changes in output to try to free up
the jammed shaft.
Put the Control Valve on Bypass Control. That is, using the hand valve to control the
process variable, the downstream isolation valve being closed. This will prevent any
sudden change in process variable if the valve frees up.
With the Field Technician standing by, change the output from 0% to 100%, and then
back to 0%.
Repeat this several times until the Field Technician observes the valve moving
smoothly.
If the valve does not free up report it to Maintenance, its beyond your scope to fix.
Before returning the valve to service: -
Verify that the valve opening corresponds to the %Output on the Faceplate. Do this
by having the position observed at 0%, 25%, 50%, 75% and 100% Outputs.
To return to service
Have valve on Manual

Close output to 0%
Open downstream isolation valve
Slowly close bypass valve, while maintaining flow by increasing output of
Control Valve.
When desired process variable value is achieved, the Controller can be placed
on Auto.
Stuck Level Sensor
In 7.3 we decided that the level sensor for the water tank was stuck, giving us a
constant reading.
We will look at the Float Chamber type sensor. This device is a cylinder attached by
pipe-work (tapping lines) to the vessel. The level in the vessel and chamber rise and
fall together (or should). A float inside the chamber rises and falls with the level. The
float is connected to a transmitter device that usually sits atop the chamber.
The problem is likely to be one

of two things.
There is a blockage
in the pipe-work
connecting the
chamber to the
vessel. This will
prevent the level in
the chamber
following that of the
vessel.
There is scale,
debris or high
viscosity material in
the chamber
preventing the float
from moving with the
level.
Take this action: - Place the Controller on Manual and control the flow. Judge what is
required to maintain the level (the same as whats going in!).
Isolate the level equipment from the vessel and drain the contents. This may be
enough to displace any debris in the chamber.
Now slowly open the LOWER isolation valve. This will allow liquid from the vessel to
flow into and out of the chamber. If it doesnt, you have found the blockage in the
pipe-work.
To displace stubborn debris in the pipe-work, blow back into the vessel with water,
air or steam.
NOTE SAFETY CONSIDERATIONS RELATIVE TO THE VESSEL AND
!
ITS CONTENTS. Eg. Water cannot be put into a vessel containing
liquids hotter than 90C. or boilover could result. Do not exceed the design pressure
of the vessel OR the chamber.
And
NEVER POKE SOMETHING UP AN ORIFICE TO CLEAN IT OUT.
(Two Process Technicians were killed in 1964 doing that to a drain on a propane
drum)
Now shut the lower isolation valve and open the top isolation valve. Blow Back
again to clear the top lines.
Isolate the chamber from the vessel and open the chamber drain and top vent.
Flush the chamber with steam or hot water.
Recommission the sensor and check for satisfactory operation.
If this procedure does not work then disassembly of the chamber may be required.
Report to maintenance.
STOP!
CHECKPOINT
1/. Describe the process of Stroking a stuck or sluggish control valve.
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
2/. What are the safety considerations when blowing clear tapping lines for a
float chamber?
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
FOLLOW THROUGH
must be able to follow through items initiated
until final resolution has occurred
Whether the Control Technician, the Field Technician or anyone else attends to a
control problem, it will be up to the Control Technician to monitor the result of
the corrective action to ensure that the fix was appropriate.
It is often up to the control technician to place Priority on the resolution of problems.
They may have to guide, advise or even hassle the appropriate personnel to rectify
problems according to the priority assigned by the Control technician.
Remember!
Safeguard Life
Safeguard Property
Safeguard Profit
OPERATOR CREATED GROUP DISPLAYS
These are Group Displays customised by the Control Technician according to their
needs. Creating a group display to monitor Problem Areas of the process is a great
way to keep an eye on these areas on ONE screen.
Here is an example of a display created by a Control Technician to monitor items that

are being trialled after corrective action.
STOP!
CHECKPOINT
1/. How would you prioritise the solution of Control Problems?
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
2/. Why are Operator Created Group Displays useful?
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
REPORT PROBLEMS
must be able to report problems outside area
of responsibility to designated person.
As mentioned, while it may be within the ability of the Control Technician to identify
problems, and even suggest the cause and solution, not all issues are within the area
of responsibility of the Control Technician.
Have you heard about S.E.L.L.?
Is it?
SAFE? Doing the job will NOT create a hazard to yourself or others
EFFICIENT? Are you the best person for the job, will it detract from your
prime tasks? Could your time be spent more productively?
LOGICAL? Is this really related to your job? Is there a specific person

who should do this job? Does it make sense you doing this job?
LEGAL? Are you trained and certified to do the job?
Dont fiddle with stuff you half know.
Many DCS systems have passwords or key-locks to prevent unauthorised people

changing specific settings within the DCS and with good reason.
It is important to know WHO to report problems to. Various workplaces will have
different titles for these people. Dont forget that you may need to inform more than
one person. They may not be the people to fix it, but really need to know the problem
if it impacts upon their patch.
As a guide.
Instrumentation/Electrical Problems Instrument Technicians/Engineers

DCS Problems Applications Engineers/Programmers
Process design Problems Chemical Engineers
Mechanical Problems Mechanical Technicians/Engineers
Communications Problems Communications/Phone Contractor
Production Plan problems Production Planners/Schedulers
How to report a problem?

The more information supplied the easier it is for a person to respond to a request for
help. Remember, when seeking assistance YOU are the CUSTOMER, and say the
Applications Engineer is the PROVIDER. The Customer is NOT always right!
If you provide as much clear, precise information as possible the Provider will stand a
far better change of keeping the customer happy!
Documented information is best. It helps avoid misunderstanding, especially if you
will not be there to give a face-to-face explanation. (you may be on night shift and the
engineer is a day worker).
Be aware that many worksites have special documents to report faults.
Work Requests
Plant Modification Requests
Software Modification Requests
Non-Conformance Reports
Etc etc.
STOP!
CHECKPOINT
1/. What does SELL stand for, explain?

___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
2/. You detect an alarm state on the Hardware Overview Display.

Who would you report it to?
___________________________________________________________________
___________________________________________________________________
3/. The Feed Flow Control Valve to your plant does not respond to the DCS, and
stroking has not cured the problem, but it is getting the correct Output
Pressure etc. Who would you report this to, and how?
4/. Is there any one else who might like to know about this?
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
5/. Why is written information better than a verbal report?

___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
UNIT TITLE : OPS 305B

OPERATE PROCESS CONTROL SYSTEMS
ELEMENT 1 OF 7 : Interface with the keyboard or control panel.
PERFORMANCE RANGE STATEMENT METHOD OF RESULT

CRITERION ASSESSMEN
T
1.1 Use keyboards, track
ball and monitor and/or
This unit of competence
Oral questions
then Complete
stand
alone controllers to
includes all such items of
equipment and unit Practical
activity (real
Incomplete
operations which form part of
access control panel or simulated)
the control system. For your
1.2 Monitor the process
using the operator
control room this may include
(select relevant items):
Oral questions
then Complete
interfaces
and keep field
process control systems (eg.
distributed control systems)
Practical
activity (real
Incomplete
operators informed on personal computers or simulated)

developments
printers
1.3 Select appropriate
controller modes to
fire and gas
detection/protection systems
Oral questions
then Complete
ensure the effective
control of process.
emergency shutdown systems Practical
activity (real
Incomplete
communications systems
or simulated)
1.4 Undertake required
set-point/output Typical problems for your plant
Oral questions
then Complete
changes to optimise
plant and process
may include:
loss of power/utilities
Practical
activity (real
Incomplete
conditions. or simulated)
analysing failure modes
variation/loss of feed
1.5 Access historical data
and information. unstable control of pressure,
Oral questions
then Complete
temperature level & flows
control equipment failure
Practical
activity (real
Incomplete
process plant trips or simulated)

1.6 Acknowledge messages change in atmospheric Oral questions
and alarms conditions (rain, temperature, then Complete
wind, lightning)
emergency situations
Practical
activity (real
Incomplete
or simulated)
ELEMENT 2 OF 7 : Access Control Information
PERFORMANCE RANGE METHOD OF RESULT

CRITERION STATEMENT ASSESSMENT
2.1 Obtain relevant data
and information
This unit of competence Oral Complete
from the control
system by applying
includes all such items
of equipment and unit
questions
then Incomplete
operations which form
systems knowledge.
part of the control Practical
system. For your activity (real
control room this may
or
include (select relevant
items): simulated)
process control systems
2.2 Identify the status of
individual pieces of
(eg. distributed control
systems)
Oral Complete
equipment from the
control panel and
personal computers
printers
questions
then Incomplete
use information to
identify potential fire and gas Practical
faults. detection/protection activity (real
systems or
emergency shutdown simulated)
systems
2.3 Interpret alarms and
prioritise steps to
Oral Complete
ensure control of
system is
Typical problems for your
plant may include:
questions
then Incomplete
maintained.
loss of power/utilities Practical
analysing failure modes activity (real
variation/loss of feed or
unstable control of simulated)
pressure, temperature
level & flows
2.4 Minimise
fluctuations and control equipment Oral Complete
variations in process
through the
failure
process plant trips
questions
then Incomplete
interpretation of change in atmospheric
existing trends and Practical
conditions (rain,
control schematics. temperature, wind, activity (real
lightning) or
emergency situations simulated)
2.5 Record nature of
variations/irregulariti
Oral Complete
es in accordance
with standard
questions
then Incomplete
operating procedure
Practical
activity (real
or
simulated)

ELEMENT 3 OF 7 : Control Process Variations and Monitor Normal Operation

CRITERION ASSESSMENT
3.1 Assess historical
data to assist the
This unit of competence Oral Complete
identification of
problems and
equipment and unit
questions
then Incomplete
operations which form
selection of
troubleshooting
part of the control system. Practical
For your control room activity (real
techniques
this may include (select
to deal with them. or
relevant items):
simulated)
process control systems
3.2 Process available
information to
(eg. distributed control
systems)
Oral Complete
identify potential
faults.
personal computers
questions
then Incomplete
printers
fire and gas Practical
detection/protection activity (real
systems or
emergency shutdown simulated)
systems
3.3 Undertake required
set-point/output communications systems Oral Complete
changes to optimise
plant and process
questions
then Incomplete
conditions. Typical problems for your
plant may include: Practical
loss of power/utilities activity (real
analysing failure modes or
simulated)
3.4 Optimise plant-
operating conditions
variation/loss of feed Oral Complete
questions
Incomplete
unstable control of
in accordance with pressure, temperature
guidelines. then
level & flows
control equipment failure Practical
process plant trips activity (real
change in atmospheric or
conditions (rain, simulated)
temperature, wind,
3.5 Adjust production in
response to test
lightning) Oral Complete
results and control
panel information
emergency situations questions
then Incomplete
Practical
activity (real
or
simulated)
3.6 Report & record
adjustments and
Oral Complete
variations to
specifications/sched
questions
then Incomplete
ules to appropriate
personnel Practical
activity (real
or
simulated)
ELEMENT 4 OF 7 : Facilitate planned and unplanned process start-ups and

shutdowns

CRITERION ASSESSMEN
T
4.1 Select and apply
operational procedures
Oral questions
then Complete
to planned start-up and
shutdown processes to
activity (real or
Incomplete
operations which form part
guide the required simulated)
of the control system. For
process and sequence
your control room this may
include (select relevant
4.2 Select and apply
operational procedures
items):
Oral questions
then Complete
to unplanned shutdown
processes to guide the
personal computers
Practical
activity (real or
Incomplete
required process and simulated)

sequence printers
fire and gas
4.3 Communicate with all
operational areas and
detection/protection systems Oral questions
then Complete
personnel affected by
events to ensure that
emergency shutdown
systems Practical
activity (real or
Incomplete
safety of the system communications systems

simulated)
and process is
maintained during the
process Typical problems for your plant
Complete
may include:
4.4 Implement all required Oral questions
emergency responses loss of power/utilities then
and ensure the
outcomes of these
Practical
activity (real or
Incomplete
responses are simulated)
unstable control of pressure,
communicated to all
affected areas
4.5 Log all required
information for further process plant trips
Oral questions
then Complete
action to provide a
historical record of all
change in atmospheric
conditions (rain, Practical
activity (real or
Incomplete
events. temperature, wind, lightning) simulated)
ELEMENT 5 OF 7 : Respond to Alarms or out of spec conditions

CRITERION ASSESSMEN
T
5.1 Identify which
system is affected
Oral questions
then Complete
by the alarm or out
of specification
activity (real
Incomplete
condition or simulated)
the control system. For your
5.2 Examine the
condition for signs of
Oral questions
then Complete
severity and check log for
currency of the
Practical
activity (real
Incomplete
occurrence personal computers or simulated)
printers
5.3 On control panels scroll
through other screens
fire and gas
Oral questions
then Complete
to identify what other
alarms or abnormal
emergency shutdown systems Practical
activity (real
Incomplete
conditions may be or simulated)
registered
5.4 Respond to the alarm or
incident by following
Typical problems for your plant Oral questions
then Complete
Incomplete
may include:
procedures
loss of power/utilities Practical
activity (real
or simulated)
5.5 Communicate the
problem to shift
Oral questions
then Complete
supervisor or the plant
engineer
control equipment failure Practical
activity (real
Incomplete
process plant trips or simulated)
Complete
5.6 Record the information Oral questions
conditions (rain, temperature,
on the appropriate log then
and/or ensure the
operations database is
wind, lightning)
emergency situations Practical
activity (real
Incomplete
updated with details of or simulated)
the alarm.
5.7 Provide face to face
details of the alarm and
Oral questions
then Complete
action taken to the next
supervisor at shift
Practical
activity (real
Incomplete
changeover. or simulated)
5.8 Follow-up the incident to
see that appropriate
Oral questions
then Complete
action has been taken.
Practical
activity (real
Incomplete
or simulated)
ELEMENT 6 OF 7 : Control Hazards

CRITERION ASSESSMEN
T
6.1 Identify hazards in the
production/processin
This unit of competence includes
Oral questions
then Complete
g work area.
all such items of equipment and
unit operations which form part Practical
activity (real
Incomplete
of the control system. For your
control room this may include or simulated)
6.2 Assess the risks
arising from those process control systems (eg.
Oral questions
then Complete
hazards. distributed control systems)
personal computers Practical
activity (real
Incomplete
printers or simulated)
fire and gas detection/protection
6.3 Implement measures
to control risks in
systems
emergency shutdown systems
Oral questions
then Complete
line with procedures
and duty of care.
communications systems Practical
activity (real
Incomplete
or simulated)
Typical problems for your plant may
include:
loss of power/utilities
process plant trips
conditions (rain, temperature,
wind, lightning)
ELEMENT 7 OF 7 : Resolve problems

CRITERION ASSESSMEN
T
7.1 Identify possible
problems in equipment,
Oral questions
then Complete
control systems or
process
activity (real
Incomplete
the control system. For your or simulated)
7.2 Determine problems
needing action
Oral questions
then Complete
Practical
activity (real
Incomplete
personal computers or simulated)
7.3 Determine possible
fault causes
printers
fire and gas
Oral questions
then Complete
emergency shutdown systems
Practical
activity (real
Incomplete
communications systems or simulated)
7.4 Rectify problem using
appropriate solution
Oral questions
then Complete
within area of
responsibility
Typical problems for your plant
may include:
Practical
activity (real
Incomplete
loss of power/utilities or simulated)

7.5 Follow through items analysing failure modes Oral questions
initiated until final variation/loss of feed then Complete
resolution has occurred unstable control of pressure,
Practical
activity (real
Incomplete
control equipment failure or simulated)
7.6 Report problems outside
area of responsibility to
process plant trips Oral questions
then Complete
Incomplete
designated person. conditions (rain, temperature, Practical
wind, lightning) activity (real
emergency situations or simulated)
NOTES
NOTES
NOTES
NOTES

PMAOPS305 Operate Process Control Systems

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

PMAOPS305 Operate Process Control Systems

Uploaded by

Copyright:

Available Formats

PMA02

Hydrocarbon National Training Modules

Challenger TAFE 2004

Challenger TAFE 2004

The Australian Centre for Energy

A Division of CHALLENGER TAFE

Challenger TAFE 2004

This manual contains the following sections: -

Understanding Competency Based Learning ii

Icons Used In This Manual vi

Tables of Competency 137

Challenger TAFE 2004

Ability to do the job Safely and Efficiently

Knowing why the job is being done.

Understanding the underlying principles of that job.

Once you are competent you will be able to:

Organise your tasks (efficiency)

Be able to react to the unexpected (contingency planning)

Be able to use your skills and knowledge (skills transfer)

How is Competency Assessed?

Competency is assessed by your Assessor. The Assessor will gather evidence of

Observing the student doing the job

Challenger TAFE 2004

What if I am Not Yet Competent?

Alternate tasks of a similar nature.

So what do I need to know?

What you have to be able to do. (Performance Criteria)

The Range or Variety of skill/knowledge (Range Statement)

The Ways in which you may be assessed (Assessment Method)

A COMPETENCY UNIT is divided into ELEMENTS, and these are

Challenger TAFE 2004

ELEMENT 1 ELEMENT 2 ELEMENT 3

Prepare the Pie Eat the Pie Clean Up

Performance Performance Performance

PERFORMANCE Indicates RANGE

Additional Material to increase Underpinning

Icons Used In This Manual

Questions to help you check your knowledge.

GETTING YOUR HEAD AROUND IT!

Challenger TAFE 2004

1.1 Use keyboards, track ball and monitor and/or stand

1.2 Monitor the process using the operator interfaces

1.3 Select appropriate controller modes to ensure

1.4 Undertake required set-point/output changes to

1.5 Access historical data and information.

1.6 Acknowledge messages and alarms

2.0 Access control information

2.1 Obtain relevant data and information from the control

2.2 Identify the status of individual pieces of equipment

2.3 Interpret alarms and prioritise steps to ensure control

2.4 Minimise fluctuations and variations in process

2.5 Record nature of variations/irregularities in accordance

3.0 Control process variations and monitor normal operations.

3.1 Assess historical data to assist the identification

3.2 Process available information to identify potential faults.

Challenger TAFE 2004

3.4 Optimise plant-operating conditions in accordance with

3.5 Adjust production in response to test results and control

3.6 Report and record adjustments and variations to

4.0 Facilitate planned and unplanned process start-ups

4.1 Select and apply operational procedures to planned

4.2 Select and apply operational procedures to unplanned

4.3 Communicate with all operational areas and personnel

4.4 Implement all required emergency responses and ensure