Professional Documents
Culture Documents
1 Scope.............................................................. 2
2 Conflicts and Deviations................................. 2
3 References..................................................... 3
4 Definitions....................................................... 4
5 System Design Requirements........................ 8
6 Data Acquisition and Processing.................. 13
7 System Sizing, Spare Capacity
and Expansion …………………….…… 17
8 System Performance Requirements............. 17
9 SCADA Connectivity .................................... 19
10 External Interfaces........................................ 22
11 Display Design Philosophy........................... 23
12 Security and System Access........................ 29
13 Instrument Asset Management
System (IAMS)...................................... 37
14 Documentation.............................................. 38
15 Inspection and Testing.................................. 38
16 System Maintainability.................................. 38
1 Scope
This Standard defines the minimum mandatory requirements and guidelines governing
the engineering, design, installation, testing and commissioning of Supervisory Control
and Data Acquisition (SCADA) systems for upstream oil and gas applications, pipeline
applications, power and utility applications in Saudi Aramco plants. Parties involved in
the design of new, upgrade and/or expansion of SCADA systems are required to comply
with this standard.
This standard is also applicable for SCADA communications channels and RTU
interface with 3rd party subsystems.
Where the project Functional Specification Document (FSD) calls for an integrated
process control system, this standard shall apply to the SCADA portion of the Control
system. Project specific requirements and any requirements above and beyond those
included here shall be defined in project specification documents.
Exclusions:
1) The requirements and guidelines governing the engineering, design and installation of
proprietary Distributed Control Systems is covered in SAES-Z-001.
2) The requirements and guidelines governing the engineering, design and installation of
Process Automation Networks (PAN) is covered in SAES-Z-010.
The procedural requirements and guidelines to govern minimum mandatory Security for
SCADA Systems are covered in SAEP-99 and excluded from this document.
This entire standard may be attached to and made a part of purchase orders. A table of
compliance to the requirements of this standard shall be provided with every technical
proposal.
2.1 Any conflicts between this standard and other applicable Saudi Aramco
Materials Systems Specifications (SAMSSs), Engineering Standards (SAESs),
Engineering Procedures (SAEPs), Standard Drawings (SASDs), or other
Mandatory Saudi Aramco Engineering Requirements (MSAERs) shall be
resolved in writing by the Company or Buyer Representative through the
Manager, Process & Control Systems Department, Dhahran.
2.2 Direct all requests to deviate from this standard in writing to the Company or
Buyer Representative, who shall follow internal Company Engineering Procedure
SAEP-302 and forward such requests to the Chairman, Process Control Standards
Committee, Process & Control Systems Department, Dhahran.
Page 2 of 39
Document Responsibility: Process Control Standards Committee SAES-Z-004
Issue Date: 10 November 2013
Next Planned Update: 10 November 2018 Supervisory Control and Data Acquisition (SCADA) System
3 References
Material or equipment supplied to this standard shall comply with the latest edition of
the references listed below, unless otherwise noted.
Page 3 of 39
Document Responsibility: Process Control Standards Committee SAES-Z-004
Issue Date: 10 November 2013
Next Planned Update: 10 November 2018 Supervisory Control and Data Acquisition (SCADA) System
Corporate Policy
INT-7 Data Protection and Retention
4 Definitions
This section contains definitions for acronyms, abbreviations, words, and terms as they
are used in this document. For definitions not listed, the latest issue of the
“Comprehensive Dictionary of Measurement and Control”, International Society of
Automation, shall apply.
Page 4 of 39
Document Responsibility: Process Control Standards Committee SAES-Z-004
Issue Date: 10 November 2013
Next Planned Update: 10 November 2018 Supervisory Control and Data Acquisition (SCADA) System
Binary digit: A character used to represent one of the two digits in the binary
number system and the basic unit of information in a two-state device. The two
states of a binary digit are usually represented by “0” and “1”. Synonym: bit.
Call Up Time: The time between when the operator initially enters a display
request and when all objects, lines, values (good or invalid), trends and other
parts of the display have been fully presented to the operator.
Page 5 of 39
Document Responsibility: Process Control Standards Committee SAES-Z-004
Issue Date: 10 November 2013
Next Planned Update: 10 November 2018 Supervisory Control and Data Acquisition (SCADA) System
Cyclic Polling (Poll cycle, data request): The process by which a data acquisition
system selectively requests data from one or more of its RTUs. An RTU may be
requested to respond with all, or a selected portion of, the data available.
Dead Band: The range through which an input signal may be varied without
initiating an action or observable change in output signal.
Flag: A character that signals the occurrence of some event. Usually, a field of
1 bit.
Gateway: A device that connects client requests that are transported over one
or more protocols to a remote destination that uses the same or (typically)
different protocol.
Page 6 of 39
Document Responsibility: Process Control Standards Committee SAES-Z-004
Issue Date: 10 November 2013
Next Planned Update: 10 November 2018 Supervisory Control and Data Acquisition (SCADA) System
Operating System: software that runs on computers and manages the computer
hardware and provides common services for execution of application software.
Round Trip Delay (latency): The time required for a packet of data to travel
from a specific source to a specific destination and back again. Latency is
measured by sending a packet that is returned to the sender and the round-trip
time is considered the latency.
Page 7 of 39
Document Responsibility: Process Control Standards Committee SAES-Z-004
Issue Date: 10 November 2013
Next Planned Update: 10 November 2018 Supervisory Control and Data Acquisition (SCADA) System
Tag ID: The unique alphanumeric code assigned to inputs, outputs, equipment
items, and control blocks. The tag ID might include the plant area identifier.
5.1 General
5.1.1 The performance analysis shall be based on the expected data scan
frequency and spare capacity for each application as stated in the
project functional specification document.
Page 8 of 39
Document Responsibility: Process Control Standards Committee SAES-Z-004
Issue Date: 10 November 2013
Next Planned Update: 10 November 2018 Supervisory Control and Data Acquisition (SCADA) System
5.2.2 The master station shall consist of online redundant SCADA servers
configuration interconnected by a redundant high-speed local area
network (LAN) using dedicated Layer 3 network switches.
5.2.4 The SCADA system shall be physically and logically isolated from all
other non SCADA systems such as Voice, CCTV and non-process
control system hardware.
5.2.5 The SCADA server(s) shall be dedicated to perform the real time data
acquisition and telecommunication processing functionalities and shall
not be shared and/or used to perform any non-SCADA related data
processing functions.
5.2.8 Operator workstations located in the main control center shall run thick
client software. Operator work stations shall not be based on Windows
Terminal Services, Remote Desktop protocol, Web Servers, or any
Page 9 of 39
Document Responsibility: Process Control Standards Committee SAES-Z-004
Issue Date: 10 November 2013
Next Planned Update: 10 November 2018 Supervisory Control and Data Acquisition (SCADA) System
other thin client architecture. Thin client architecture may be used for
view only workstations.
5.2.9 Remotely located view only work station(s) (Clients) shall use PI client
to connect to the central DAHS (central PI).
5.2.16 In the event of a failure of the active (primary) server, the backup
server shall automatically assume control of all peripherals and
communications lines within a maximum of 30 seconds. The system
shall be clearly designating the active server as the primary.
Repaired server shall resume the function as a backup server.
Page 10 of 39
Document Responsibility: Process Control Standards Committee SAES-Z-004
Issue Date: 10 November 2013
Next Planned Update: 10 November 2018 Supervisory Control and Data Acquisition (SCADA) System
5.2.20 It shall be possible to view and/or operate the process from any
SCADA client, except if this is explicitly disabled for certain users or
clients via removing the corresponding access privileges.
5.2.21 The SCADA server shall be connected to a GPS and shall serve as the
master time source to synchronize the time of all network devices and
connected slaves (RTU/PLC).
5.2.27 For each RTU, the SCADA system shall maintain communication
channel/protocol statistics in the form of analog points that may be
viewed on displays, printed in reports, or stored in historical data files.
Such statistics shall include percentage of successful communication,
number of timeouts and number of security errors.
Page 11 of 39
Document Responsibility: Process Control Standards Committee SAES-Z-004
Issue Date: 10 November 2013
Next Planned Update: 10 November 2018 Supervisory Control and Data Acquisition (SCADA) System
5.2.28 After an RTU has been declared failed, the system shall continue to
poll it but at a reduced rate, for example: poll only one failed RTU on
each poll cycle. If all RTUs are failed on a communication line (on
both ports, if two ports are defined), the system shall declare the entire
communication line as failed.
5.3.1 The SCADA System architecture shall provide a 99.98% hardware and
software availability and reliability.
5.3.2 The SCADA telemetry network connecting the SCADA master station
and RTU/PLC design shall provide, as minimum, 99.50% availability
and reliability.
5.3.4 The SCADA Master Station shall be designed with no single point of
failure. For application where redundant RTU/PLC is required, the no
single point of failure requirement shall include the communication
modules and communication links to the RTU/PLC.
5.3.5 Replacement of any failed SCADA LAN component shall not affect
the operations of the process.
5.3.7 Switch back to repaired equipment shall be permitted only after the
system diagnostics function has determined that the module is fully
functional.
Page 12 of 39
Document Responsibility: Process Control Standards Committee SAES-Z-004
Issue Date: 10 November 2013
Next Planned Update: 10 November 2018 Supervisory Control and Data Acquisition (SCADA) System
5.3.9 Health Status of the backup equipment shall be monitored all the time.
The system shall generate an alarm and log if the backup system is
incapable of assuming primary equipment functions.
5.3.11 Intelligent Electronic Devices (IEDs) and/or I-Field surface units’ data
gathered by the RTU shall be reported to the Master Station along with
the RTU’s own data.
5.3.12 The RTU shall retain all configuration parameters of all devises
connected to the RTU through serial link such as Intelligent Electronic
Devices (IEDs) and/or I-Field surface units register and addresses of
slave devices.
6.1.2 In events of RTU failure, the system shall mark all points that are
transmitted by the RTU with some visible indication that the data is not
current. For each point, this telemetry failed quality code shall not clear
until a value is subsequently received from the RTU or the slave device.
Page 13 of 39
Document Responsibility: Process Control Standards Committee SAES-Z-004
Issue Date: 10 November 2013
Next Planned Update: 10 November 2018 Supervisory Control and Data Acquisition (SCADA) System
The system shall process changes of the following types of status points as follow:
a) 2-state status. This is a 1-bit alarm that can decode 2 states to indicate the
status of a device that may be in one of two possible states. The user shall
be able to define the names of each state, e.g., ON and OFF, Open and
Closed. In addition, a color shall be associated with each state.
b) 3-state status. This is a 2-bit alarm that can decode 4 states. The user shall
be able to define the names and colors associated with each state, e.g., in
the case of a valve, Open, Closed and Moving, or failed.
d) Zero clamp option shall not be used for points that will perform totalization.
6.4.1 The system shall send a command to freeze the accumulators either to
all RTUs or to selected RTU. However, this freeze command shall not
reset the accumulators in the individual RTUs. Upon receiving the
accumulator readings at the master station, the system shall
automatically calculate the difference from the last reading.
Page 14 of 39
Document Responsibility: Process Control Standards Committee SAES-Z-004
Issue Date: 10 November 2013
Next Planned Update: 10 November 2018 Supervisory Control and Data Acquisition (SCADA) System
process digital indications from the RTUs which are tagged with the
time of event occurrence.
6.5.3 The system shall provide a filtered view for all SOE signals.
6.6.1 The system shall perform all control operations to field devices in a
safe and secure manner. The operator shall be promptly informed if
any anomalies occur during the control sequence.
6.6.2 The system shall allow the system operator at any HMI workstation to
issue controls commands ( Digital outputs and Analog outputs) to
operate equipment, close valves and/or change analog set point through
a select-before operate sequence and automatically monitor the field
device to ensure full and successful command operation. Control action
response times shall take the highest priority over all other data
communication.
6.6.4 The pulse output controls shall be implemented in the RTU with either
variable duration pulse or a train of pulses. The RTU shall monitor the
feedback value and stop the pulses when the setpoint is reached.
Page 15 of 39
Document Responsibility: Process Control Standards Committee SAES-Z-004
Issue Date: 10 November 2013
Next Planned Update: 10 November 2018 Supervisory Control and Data Acquisition (SCADA) System
6.8.1 There shall be a configurable, real time and historical data collection
package to support trending, logging, and reporting.
6.8.4 Option to store the value of any of the following parameters in on-line
history storage shall be provided:
process input/output values/status
calculated value/state
controller parameters such setpoint, output, mode
digital input/output states
system alarms and events
6.8.5 The system shall support configurable historical data collection rates
ranging from point scan time to one hour averages. The system shall
also support the following rates:
Shift averages
Daily average
Monthly average
User-defined rate
6.8.6 The historical data collection package shall be capable of storing the
following number of recent alarm and events as a minimum:
10,000 Process alarms
5,000 System Alarms
5,000 Operator Actions
5,000 Engineering Actions.
Page 16 of 39
Document Responsibility: Process Control Standards Committee SAES-Z-004
Issue Date: 10 November 2013
Next Planned Update: 10 November 2018 Supervisory Control and Data Acquisition (SCADA) System
The above listed entry shall include as minimum: time and date of the
event, associate tag, equipment, user, description of the event on which
the alarm has been acknowledged.
6.8.7 Option to recall and display any data stored in on-line historical data
storage device shall be provided.
6.8.9 The historical database shall be able to store any data from the real-
time database on a periodic or snapshot basis definable by the user.
The historical information subsystem shall be able to provide storage
of unlimited quantities of historical data depending only on the
limitation of hardware resources (disk storage, etc.).
6.8.10 The stored historical data shall be accessible to other applications for
data review and analysis and to trending displays.
7.1 System expansion and upgrading of system operating and application software
shall be achievable with no impact to the running facilities operation, without
losing the operator interface, without the loss of access to any control function
and without impact on the controlled or monitored process.
7.2 All displays on all workstations shall be updated and responsive to controls
throughout the alarm burst and during primary/backup server’s synchronization
process.
7.3 The system database size shall be expandable to handle the system expansion
requirements as stated in the project specific FSD without any need to expand
the hardware, perform any software change, or purchase additional licenses.
8.1 All displays and graphics including fully active dynamic elements for up to
100 fields, displaying their current values, shall be completed within 2 seconds.
This call up time is measured when new graphic display is requested.
8.2 The update frequency for real time data, displayed alphanumerically and
symbolically (shape change, color change, etc.), shall be at least once every
2 seconds for all displays and graphics.
8.3 Operator shall receive feedback indicating the start of the command/desired
Page 17 of 39
Document Responsibility: Process Control Standards Committee SAES-Z-004
Issue Date: 10 November 2013
Next Planned Update: 10 November 2018 Supervisory Control and Data Acquisition (SCADA) System
8.4 The system shall update calculation algorithms, and dynamic fields of the
displays within one second of actual events and data values received at the
system realtime database.
8.5 SCADA host shall upload the RTU data after restoring the communication and
fetch the data in the real-time database with the correct time stamp.
8.6 Historical data display updates shall occur within two seconds of display call up.
8.7 The number of RTU per communication channel shall be determined based on
the following:
Number and type of data points per RTU including the connected subsystem
IOs
The Scan frequency specified in the project Functional Specification
Document (FSD) for each data point type
Round trip delay of data pockets for the provided data network considering
the transmission medium, number of nodes, amount of traffic on the
SCADA LAN, the number of other requests being handled by intermediate
nodes and other services.
Channel utilization shall be between 40-80% for serial communication.
Channel utilization shall be between 10-30% for IP communication.
Commentary Note:
The average channel utilization can be estimated considering only the data
values to be routinely serviced by the channel. This typically includes status and
analog data acquisition or only analog data where status-by-exception reporting
is implemented. Any high-periodicity control commands should be added to the
routine data acquisition utilization. Where the channel will be subject to large
bursts of data acquisition loads (such as during a disturbance where report-by-
exception techniques are employed), the highest percentage of the desired
channel utilization range shall be used on estimating the channel utilization.
8.8 SCADA system components utilization, such as memory, disk space, CPU
loading, disk access shall not exceed 30% under normal conditions for the
system size and the future expansion requirement specified in the project
functional specification document.
8.9 The system shall be able to fully process a continuous alarm throughput of 50
alarms per second for at least 60 seconds on receipt of the alarms at the Master.
Page 18 of 39
Document Responsibility: Process Control Standards Committee SAES-Z-004
Issue Date: 10 November 2013
Next Planned Update: 10 November 2018 Supervisory Control and Data Acquisition (SCADA) System
9 SCADA Connectivity
9.1 General
Page 19 of 39
Document Responsibility: Process Control Standards Committee SAES-Z-004
Issue Date: 10 November 2013
Next Planned Update: 10 November 2018 Supervisory Control and Data Acquisition (SCADA) System
Exception:
The use of Composite cable (optical fiber within the power cable) should
be evaluated as a cost savings measure where practically possible.
9.3.2 Services such as Voice, CCTV etc. that shares the same
communication network with the SCADA and terminate in the plant
shall be logically segregated. Segregation at the SCADA Master level
should be done using separate Network cards and switches.
9.3.3 In cases where the RTU protocol supports exception polling, the
communication software shall make use of it to optimize data
communication throughput and to provide rapid alarm throughput and
capture of multiple, rapid succession alarms.
Page 20 of 39
Document Responsibility: Process Control Standards Committee SAES-Z-004
Issue Date: 10 November 2013
Next Planned Update: 10 November 2018 Supervisory Control and Data Acquisition (SCADA) System
9.3.6 The system shall verify the operation and periodically test and validate
the integrity of the primary and backup communication ports and the
communication channels and shall alarm on any failure. Availability
of the failed channel shall be checked using retries at least once every
minute.
9.3.7 The system shall alarm when any RTU fails to respond to a message
after three unsuccessful retries.
9.3.10 The SCADA system shall be configured to collect and historize critical
communications statistics covering the health and performance of each
communication channel for each RTU connected to the system.
A communications overview display shall be built to enable engineers
to quickly ascertain the health of the overall communications network.
9.4.2 When the SCADA Master declares any of the two communication
channels inoperative or marginal, it should discontinue its use, issue an
appropriate alarm to the local operator, and transmit all subsequent
messages on the backup channel.
9.5.2 A graphical display shall be provided to show the health status of the
Network infrastructure devices such as switches, routers, and gateways.
Page 21 of 39
Document Responsibility: Process Control Standards Committee SAES-Z-004
Issue Date: 10 November 2013
Next Planned Update: 10 November 2018 Supervisory Control and Data Acquisition (SCADA) System
10 External Interfaces
10.1 Configuration and implementation of the interface between SCADA Network and
corporate network shall comply with the following in addition to SAES-Z-010,
‘Process Automation Network’ requirements.
10.3 OPC usage shall be limited between the SCADA LAN components to exchange
data between the SCADA system and other application, such as DAHS.
10.4 OPC server and client shall conform to OPC Data Access (DA) and OPC
Historical Data Access (HDA) latest specification as minimum.
10.6 Data exchange, read and write, with other plant process automation systems
shall be through industry standard interface.
10.7 Failures of external systems that interface with the SCADA shall be logged and
shall not degrade internal communications.
10.8 Interface between Intelligent Electronic Devices (IEDs) and/or I-Field surface
units shall use standard Ethernet port communication using standard open
protocol. Standard RS-232/485 Serial interface may be used if the slave device
is not equipped with Ethernet port.
10.9 The control system communication to Corporate Wide Area Network and other
non-control computer systems shall be designed to ensure that failure, request
for information shall not create network loading congestion or impact the
performance and availability of the SCADA System.
10.10 Integration to software packages such as process simulator, leak detection, etc.,
shall be through middleware as per 23-SAMSS-060.
10.11 When Serial Terminal Servers are required to connect the RTU's to the SCADA
LAN, the Terminal Server implementation shall comply with the following:
The terminal servers shall be provided in redundant configurations where
each terminal server shall be connected to a Local Area Network (LAN) in a
redundant LAN configuration.
The terminal servers shall be modular and easily expandable.
Page 22 of 39
Document Responsibility: Process Control Standards Committee SAES-Z-004
Issue Date: 10 November 2013
Next Planned Update: 10 November 2018 Supervisory Control and Data Acquisition (SCADA) System
11.1 When designing operator displays, a consistent approach shall be used for the
appearance (look-and-feel) and functionality. Highly animated objects that may
inadvertently divert the operator from important process information shall be
avoided.
11.2 The design approach shall include standardized approach for the entire facility:
Layout - line sizes, equipment representation, orientation, fonts, titles,
etc.
Data representation - process values and alarms.
Color choices - process lines, control lines, process equipment, titles, etc.
Display access and navigation
How options are chosen via switches
How control strategies are commissioned and de-commissioned
How status pairs are defined (on/off, open/closed, start/stop, etc.)
Control modes (manual/auto/computer etc.), either by color or by a small
text next to the controller.
Data validity (invalid, out-or-range, unknown status) by color change.
11.3.1 Operators shall be able to easily access specific displays and graphics
by selecting from a list of displays in directories or menus, or by typing
display or graphic names.
11.3.2 A link shall be provided to move between related displays and graphics
with different detail levels or of the same detail level.
11.3.3 Invalid values shall be highlighted with different color. Invalid value
can be out of range, no communication, etc.
11.3.4 Each display or graphic shall have a dedicated alarm zone which shall
display, as a minimum, the three most recent alarms.
Page 23 of 39
Document Responsibility: Process Control Standards Committee SAES-Z-004
Issue Date: 10 November 2013
Next Planned Update: 10 November 2018 Supervisory Control and Data Acquisition (SCADA) System
11.3.5 Graphics design shall maximize the use of single display with several
layers, such that the layers disappear/reappear (declutter/clutter)
automatically depending on the level of magnification.
11.3.7 The operator interface software shall provide a graphical view of the
system, arranged schematically or geographically as defined by the
user.
11.3.10 The user shall be able to use elements on the display as pushbuttons to
initiate pre-defined actions. These shall include, as a minimum, the
ability to:
bring up pop-up notes
bring up trend graphs
bring up other displays
bring up Microsoft Excel or Access based reports
run command sequences
access records in other databases
11.3.11 The user shall be able to define any number of displays. The operator
shall be able to go to a display by means of either a pushbutton or by
selection from a list. To facilitate navigation through the list of
displays, it shall be possible to organize the list in a hierarchical set of
named folders.
11.3.12 The Human Machine Interface (HMI) provides the operator interface
and visualization tools of the system via single or multiple monitor
Page 24 of 39
Document Responsibility: Process Control Standards Committee SAES-Z-004
Issue Date: 10 November 2013
Next Planned Update: 10 November 2018 Supervisory Control and Data Acquisition (SCADA) System
11.3.14 The following types of displays shall be provided for use by the
operators:
a) Single Line Display shall consist of the user’s process equipment
and pipelines network with the current analog values and status
of devices superimposed on the map. The display(s) shall allow
the operator to select displayed objects in order to issue or inhibit
controls, acknowledge or block alarms, or modify operating
parameters such as limits.
b) Alarm Summary Display shall show a user-customizable list of
alarms that are in the system. The operator shall have the ability
to acknowledge and/or block alarms and to control the operation
of the audible alarm. This display shall be configurable by the
operator by means of filtering by station, zone of responsibility,
alarm priorities, chronological or reverse chronological order,
typeface and size of text, blocked alarms, any combination of
active, cleared, acknowledged or unacknowledged alarms.
c) Operator Summary Display shall show the operations messages
that have been logged by the system. This display shall be
configurable by the operator by means of filtering by alarm
priority, station, zone of responsibility, specific database points,
time range, typeface and size of text.
d) Tabular Data Display shall list the status and analog points by
station and system wide. The information shown on this display
shall include the point names, descriptions, current values and
quality codes and other parameters from the database, e.g.,
transition counts and alarm limits. This display shall be used for
operation and control in the sense that from this display, the
operator can perform point operations such as control, tag, alarm
acknowledge or block, as well as modify operating limits and
reset transition counts.
Page 25 of 39
Document Responsibility: Process Control Standards Committee SAES-Z-004
Issue Date: 10 November 2013
Next Planned Update: 10 November 2018 Supervisory Control and Data Acquisition (SCADA) System
11.4.1 Any graphic display shall be accessible via no more than three operator
actions.
11.4.2 When a graphic display has an associated primary control display, e.g.,
a group display, the graphic shall have a target that immediately calls
up the associated control display. This target shall be located in the
same location on every graphic that uses this feature.
11.5.1 All graphics shall include graphics title, Date & Time and graphics
Description at standard locations.
11.5.2 Process and control line crossovers shall be minimized. Line breaks
shall be used to indicate that crossing lines do not join.
11.5.3 Main process lines for each graphic shall be bold with secondary lines
being of finer width.
11.6 Faceplates
11.6.1 Faceplates shall show dynamic process and status information about
process elements such as a single control loop, pump, MOV, etc.
11.6.3 Faceplates shall display the Tag ID, Tag descriptor, Process input,
setpoint, output values displayed numerically with engineering units
and in bar graph representation, Auto/manual mode and remote/local
setpoint status, Visual indication for alarm status (including alarm
inhibited or disabled), Symbolic and alphanumeric indication of
discrete states both for two state devices and multi-state devices.
Page 26 of 39
Document Responsibility: Process Control Standards Committee SAES-Z-004
Issue Date: 10 November 2013
Next Planned Update: 10 November 2018 Supervisory Control and Data Acquisition (SCADA) System
11.7.1 All control, monitoring, and status attributes of any tag shall be
displayable on graphics. For analog points, this requirement includes
measurement, setpoint, span, alarm limits, and output. For digital
points, this requirement includes input and output status. Status
information includes alarm status, control mode, and control status.
11.7.2 The format of numeric data shall have the capabilities to display
numeric data in formats ranging from a single digit to 8 digits (not
including the sign or decimal place), and from 0 to 5 decimal places.
The numeric formatting shall be configurable on an individual basis.
11.8.1 Option to trend both real-time and historical data in the same trend
shall be provided.
11.8.4 Text accompanying the trend shall show the following for each tag: tag
ID, minimum scale value, maximum scale value, engineering units,
and current value.
11.8.5 The time periods and process value scales available for trend displays
shall be selectable.
11.8.6 Real time trends shall be updated every two seconds with actual
process data.
11.8.7 A real time trend feature shall be provided to make it possible for an
operator to initiate a real time trend for any process tag or calculated
variable, including both analog and digital types.
11.8.8 Option shall be provided to initiate historical trend displays for any
process tag or calculated variable that has been stored in either the on-
line history or off-line history media, including both analog and digital
types.
11.8.9 Scale and time span adjustment shall be provided on trend displays.
Page 27 of 39
Document Responsibility: Process Control Standards Committee SAES-Z-004
Issue Date: 10 November 2013
Next Planned Update: 10 November 2018 Supervisory Control and Data Acquisition (SCADA) System
11.9.5 Communications diagnostic displays shall show errors for each of the
redundant paths.
11.9.6 System displays shall be provided for cabinet temperature alarms and
system power faults.
The system shall display data quality indications for analog value and status
point indication. These shall include the following as a minimum:
a) Telemetry failed (value was not reported last scan).
b) Manually set
c) Calculated from manually set data.
d) Alarm blocked for analog points with alarm settings.
e) Digital and analog output Marked Interlocked
Page 28 of 39
Document Responsibility: Process Control Standards Committee SAES-Z-004
Issue Date: 10 November 2013
Next Planned Update: 10 November 2018 Supervisory Control and Data Acquisition (SCADA) System
11.11.2 Each point shall be able to be provided with a visual attribute showing
that the point has one or more tags on each display where that point is
shown.
11.11.3 The system shall permit no means of bypassing the control inhibit
caused by a mark. This applies to any and every application supplied
by the vendor or written by the user using the vendor’s API.
The operator shall be able to perform all the basic monitoring and control
functions from graphic displays. These functions shall include, but not be limited
to, changing process variables, alarm logs, set-points, switching control modes,
manually driving outputs, or initiating maintenance bypasses for input points.
11.13 Reports
11.13.2 The default location for the report printouts shall be the operator
console from which the report was requested.
11.13.4 The system shall include dedicated printer(s) for reports only.
12.1.1 The SCADA system LAN shall be isolated from the internet, Office
network and any third party network through the use of firewall with
Page 29 of 39
Document Responsibility: Process Control Standards Committee SAES-Z-004
Issue Date: 10 November 2013
Next Planned Update: 10 November 2018 Supervisory Control and Data Acquisition (SCADA) System
12.1.2 Existing (Shared with DCS) and/or new firewall shall provide
dedicated interfaces for the corporate network and a dedicated and
separate interface for the SCADA LAN.
12.1.3 Data Historian shall be placed in the DMZ where it shall interface with
a Historian data collector installed on the SCADA LAN.
12.2.2 User access to a system shall be restricted by means of User IDs and
Passwords or other suitable technologies for identification and
authentication of users.
Page 30 of 39
Document Responsibility: Process Control Standards Committee SAES-Z-004
Issue Date: 10 November 2013
Next Planned Update: 10 November 2018 Supervisory Control and Data Acquisition (SCADA) System
Commentary Note:
b) Process Area Supervisor: This user role shall include all of the
privileges assigned to the area process operator. In addition, any
requirements for special authority commands required for control
of the process area shall be granted to the Process Area
Supervisor role.
c) Maintenance Engineer/Technician: This user role shall provide
access to system and instrument diagnostic and troubleshooting
tools. Access to utilities required for backup and restore of
system information shall also be granted. Other privileges
required to enable maintenance functions (such as replacement of
failed components) shall also be granted as required. View-only
or monitoring-only access to process graphics and function block
parameters shall also be granted.
d) Process Engineer: This user role is used to grant access
privileges for process engineers associated with a particular
process area. Access privileges required for monitoring and
control of equipment associated with the particular process are to
which the role is associated shall be granted. Access privileges
required to modify function blocks parameters (such as alarm
limits and tuning constants) shall also be granted. Read-write
privileges for function block parameters shall be limited to those
function blocks associated with the particular plant area to which
the role is associated.
e) System Engineer: This user role shall be used to grant access
privileges to persons responsible for the configuration and
maintenance of the system. Access privileges required to
perform functions necessary for the configuration and support of
the system shall be granted. Permission to modify user role
privileges, user accounts and passwords shall not be granted.
f) System Administrator: This user role shall provide access to the
entire system. Assignment of users to this role shall be restricted
to a limited number of highly trusted and competent employees.
This role shall also contain privileges necessary for configuration
of user role privileges and assignment of user to particular user
roles. The role shall contain privileges necessary to administer
Page 31 of 39
Document Responsibility: Process Control Standards Committee SAES-Z-004
Issue Date: 10 November 2013
Next Planned Update: 10 November 2018 Supervisory Control and Data Acquisition (SCADA) System
12.4.1 Each User shall be assigned a unique User ID. All unneeded vendor-
default user accounts, including guest, service, system and application
defined at both the SCADA application level and operating systems
supporting SCADA application shall be disabled.
12.4.2 Where applicable, all individual User IDs formats should conform to
corporate guidelines as highlighted in Section 11.1.1 within “Computer
Accounts Protection Standards and Guidelines.11.1.1.3.6 “USER ID
CONSTRUCTION” in IPSAG-007.
12.4.4 Users shall be granted access privileges by assigning the user to a User
Role applicable to their particular job function. Access privileges
which have been defined for that User Role shall be inherited by the
User.
12.4.6 Operator workstations located within operator consoles in the CCR can
be configured with a common 'CONSOLE XX' operator account.
This account can be shared by individuals assigned to the particular
Page 32 of 39
Document Responsibility: Process Control Standards Committee SAES-Z-004
Issue Date: 10 November 2013
Next Planned Update: 10 November 2018 Supervisory Control and Data Acquisition (SCADA) System
console only. These accounts shall not be valid on any other stations
connected to the system.
12.5.7 The system shall be configured to require passwords to be reset for all
User IDs every six months.
12.5.9 The system should issue a password expiration notification to the user
at least 10 days prior to password expiry date.
Page 33 of 39
Document Responsibility: Process Control Standards Committee SAES-Z-004
Issue Date: 10 November 2013
Next Planned Update: 10 November 2018 Supervisory Control and Data Acquisition (SCADA) System
12.6.1 Application Accounts may require the account name and/or passwords
to be hardcoded into startup scripts. Passwords used for Application
Accounts shall not be stored in un-encrypted format. Passwords used
for Application Accounts are excluded from the six month password
aging policy described above.
12.7.1 Anti-virus definition files shall be updated on all SCADA servers and
stations. Centralized server on the DMZ shall be used if available.
12.7.3 SCADA equipment shall have Anti-virus software installed with the
latest vendor approved software versions and virus definition files.
12.7.4 Anti-virus software shall not negatively impact the performance of the
workstation and overall performance of the SCADA system and shall
be configured according to vendor procedures, including the different
configuration options within the scanning software such as:
Page 34 of 39
Document Responsibility: Process Control Standards Committee SAES-Z-004
Issue Date: 10 November 2013
Next Planned Update: 10 November 2018 Supervisory Control and Data Acquisition (SCADA) System
12.8.3 OS software and patches shall not be installed unless they have been
tested and certified by the vendor as being compatible with the
SCADA System software.
12.8.4 New SCADA System’s shall be deployed with the latest stable vendor
supported operating system security and operational patches.
12.10 Retention and archival of security audit logs shall be developed in accordance
with Corporate Data Protection and Retention INT-7 policy. The following
requirement should be considered:
12.10.1 The retention period for audit logs shall be set for 3 months as a
minimum.
12.11.1 All workstations which are connected to the SCADA system and are
not located on an operator console within the CCR shall be configured
to automatically lock the workstation or switch to “view-only” user
environment after it has been idle for 30 minutes or longer. Password
Page 35 of 39
Document Responsibility: Process Control Standards Committee SAES-Z-004
Issue Date: 10 November 2013
Next Planned Update: 10 November 2018 Supervisory Control and Data Acquisition (SCADA) System
12.11.3 All unused ports on SCADA Process Control Network equipment shall
be deactivated.
12.11.4 All login events shall be recorded by the system. Login events shall be
recorded with date and time of login, user account, and location of
login. Records of logins shall be maintained on the system for a
minimum period of six months.
12.11.5 The system shall record all failed login attempts. If available,
functionality shall be provided to automatically notify the system
administrator after five consecutive failed login attempts has been
exceeded.
12.11.6 Failed login attempts shall not initiate an automatic 'lockout' of the user
account.
12.11.7 The system shall be able to produce a report of stale user accounts.
Stale accounts are user accounts which have not been used on the
system for a period of three months or longer. The system shall have
the produce a report of stale user accounts.
12.12.3 A minimum of two sets of complete backup and recovery data for each
workstation, server and RTU shall be stored offline.
Page 36 of 39
Document Responsibility: Process Control Standards Committee SAES-Z-004
Issue Date: 10 November 2013
Next Planned Update: 10 November 2018 Supervisory Control and Data Acquisition (SCADA) System
12.12.4.2 two copies of the backup are made. One copy shall be
stored in a secure onsite location and the other copy shall be
maintained at a secure off-site location.
12.12.5 The SCADA System shall be configured to store the online backup in a
hard-drive different from the SCADA System being backed up.
12.12.6 Process control equipment that contains data storage shall be sanitized
in accordance with GI-0299.120 prior to disposal.
12.14.1 A risk assessment, with participation from P&CSD, IT and the Plant
shall precede the official delegation of support responsibilities of
SCADA System components to IT or other support entities.
Page 37 of 39
Document Responsibility: Process Control Standards Committee SAES-Z-004
Issue Date: 10 November 2013
Next Planned Update: 10 November 2018 Supervisory Control and Data Acquisition (SCADA) System
14 Documentation
14.1 Detailed SCADA/RTU data link analysis and bandwidth calculation and RTU
traffic aggregate showing SCADA data transfer performance shall be performed
for each application. Analysis report shall be provided during the project PDR
phase.
14.5 The application software written for Saudi Aramco project at Saudi Aramco
expense will be property of Saudi Aramco and source code shall be provided to
Saudi Aramco.
16 System Maintainability
16.1 The system shall be designed such that the user will be able to maintain the
SCADA system with minimum reliance on vendor’s services.
16.2 The system shall include all the necessary software for configuration of the
system and maintenance of the database.
Page 38 of 39
Document Responsibility: Process Control Standards Committee SAES-Z-004
Issue Date: 10 November 2013
Next Planned Update: 10 November 2018 Supervisory Control and Data Acquisition (SCADA) System
Revision Summary
10 November 2013 Major revision.
Page 39 of 39