I N D E X O F R E V I S I O N S D E S C R I P T I O N A N ... · MTE Brazilian Ministry of Labor...

TECHNICAL SPECIFICATION Nº

I-ET-3010.00-5520-861-P4X-001

CLIENT:

SHEET 1 of 24

JOB: --

AREA:

DP&T-SRGE

TITLE:

CONTROL AND SAFETY SYSTEM - CSS NP-1

ESUP

MICROSOFT WORD / V. 2016 / I-ET-3010.00-5520-861-P4X-001_0.DOCX

I N D E X O F R E V I S I O N S

R E V . D E S C R I P T I O N A N D / O R R E V I S E D S H E E T S

0 ORIGINAL ISSUE

REV. 0 REV. A REV. B REV. C REV. D REV. E REV. F REV. G REV. H

DATE FEB/28/19

DESIGN ESUP

EXECUTION CAMILA

CHECK ANDRÉ LUIS

APPROVAL ANDREAZC

INFORMATION IN THIS DOCUMENT IS PROPERTY OF PETROBRAS, BEING PROHIBITED OUTSIDE OF THEIR PURPOSE.

FORM OWNED TO PETROBRAS N-0381 REV.L.

PRELIMIN

ARY


I-ET-3010.00-5520-861-P4X-001 REV.

0

SHEET

2 of 24

TITLE:


ESUP

SUMMARY

1 INTRODUCTION .......................................................................................................................................... 3

2 REFERENCE DOCUMENTS, CODES AND STANDARDS ........................................................................ 5

3 ELECTRICAL REQUIREMENTS ................................................................................................................. 7

4 TECHNICAL REQUIREMENTS ................................................................................................................... 7

5 SOLVERS COMMUNICATION OPTIMIZATION ....................................................................................... 13

6 SYSTEM DIAGNOSTICS ........................................................................................................................... 15

7 PANELS ..................................................................................................................................................... 15

8 TOPSIDES CSS INTERFACES WITH OTHER SYSTEMS ....................................................................... 19

9 SCOPE OF SUPPLY .................................................................................................................................. 22

10 DOCUMENTATION .................................................................................................................................... 23

11 ACCEPTANCE TESTS .............................................................................................................................. 24

PRELIMIN

ARY


I-ET-3010.00-5520-861-P4X-001 REV.

0

SHEET

3 of 24

TITLE:


ESUP

1 INTRODUCTION

1.1 Object

1.1.1 This Technical Specification establishes the minimum requirements for the design and supply of the UNIT’s Control and Safety System – CSS.

1.1.2 The Control and Safety System, herein after called CSS, is the main automation system of the UNIT. It is responsible for main automatic process control loops that will be shown in complimentary documents. Besides process control logic, CSS also acts as the system responsible for the main automatic shutdown and Fire and Gas logics of the UNIT.

1.1.3 In order to perform that, CSS shall be implemented using five (05) sets of redundant programmable logic controllers (PLCs), named subsystems: PCS, PSD, HCS, HSD and FGS, that are explained on item 4.1.

1.1.4 In the FPSO Arrangement, CSS components are installed taking into account the following philosophy: all processors subsystems are installed inside dedicated panels in enclosed non-classified rooms; all fire and gas remote I/Os are installed inside dedicated remote I/O panels in enclosed non-classified rooms; process control and process shutdown I/Os are installed inside remote I/O panels located near the process area (external classified areas).

1.1.5 This specification also describes:

1.1.5.1 The main requirements for the CSS interfaces with other systems of the UNIT, including: Electrical System, Supervision and Operation System (SOS) and PACKAGE UNITS Automation Systems. For other interface description, see the project’s technical specification entitled AUTOMATION INTERFACE OF PACKAGE UNITS;

1.1.5.2 Emergency Panels, that are responsible for a backup manual actuation of emergency shutdown push-buttons and blow-down valves;

1.1.5.3 MOS/OOS Panels, which are responsible for manual activation of maintenance and operational overrides permissions.

1.1.6 CSS scope is the hardware, software and services related to its complete functioning:

• Five sets of redundant power supplies, redundant PLC processors, network cards and I/O cards, each set corresponding for each subsystem (PCS, HCS, PSD, HSD, FGS), all arranged inside panels, according to item 7;

• Remote I/O Panels for each subsystem, each one containing redundant power supplies, redundant network cards and I/O cards, all arranged inside panels;

• Redundant network between CSS processors and their remote panels and among CSS processors (independent);

• Complete notebook with all necessary software as described in item 9.2; • Emergency Panels; • MOS/OOS Panels; • Panels, racks, cables (inside panels), connectors, media, etc.

PRELIMIN

ARY


I-ET-3010.00-5520-861-P4X-001 REV.

0

SHEET

4 of 24

TITLE:


ESUP

NOTE 1: Cables for connections among CSS components shall be specified and supplied by MANUFACTURER. By the time CSS is purchased, MANUFACTURER shall liaise with CONTRACTOR in order to identify the necessary cables length, due to the Arrangement mentioned in 1.1.4. NOTE 2: CSS shall be delivered mounted, programmed, tested and ready to operate.

1.2 Definitions

1.2.1 Definitions of words emphasized in upper case letters are specified in Coordination document I-ET-3010.00-1200-940-P4X-001 - GENERAL TECHNICAL TERMS.

1.3 Abbreviations

AFDS Addressable Fire Detection System CO2 Carbon Dioxide CSS Control and Safety System ESD Emergency Shutdown FAT Factory Acceptance Test FGS Fire and Gas System FPSO Floating, Production, Storage and Offloading HART Highway Addressable Remote Transmitter HCS Hull Control System HDS Historical Data Server HMI Human Machine Interface HSD Hull Shutdown System HSDN High Speed Deterministic Network I/O Input/Output LAN Local Area Network MOS Maintenance Override Switch MTBF Mean Time Between Failures MTE Brazilian Ministry of Labor (Portuguese: Ministério do Trabalho e Emprego) MTTR Mean Time to Recovery SNTP Simple Network Time Protocol OOS Operation Override Switch OPC OLE for Process Control PA/GA Public Address/General Alarm PCS Process Control System PI Plant Information PID Proportional–Integral–Derivative Controller PLC Programmable Logic Controller PSD Process Shutdown System RTDS Real Time Data Server SAT Site Acceptance Test SPCS Subsea Production Control System SOS Supervision and Operation System

PRELIMIN

ARY


I-ET-3010.00-5520-861-P4X-001 REV.

0

SHEET

5 of 24

TITLE:


ESUP

VAC Ventilating and Air Conditioning

2 REFERENCE DOCUMENTS, CODES AND STANDARDS

2.1 External references

2.1.1 International Codes, Recommended Practices and Standards

IEC - INTERNATIONAL ELECTROTECHNICAL COMMISSION IEC 60079-2 EXPLOSIVE ATMOSPHERES – PART 2: EQUIPMENT

PROTECTION BY PRESSURIZED ENCLOSURE “p” IEC 60529 DEGREES OF PROTECTION PROVIDED BY

ENCLOSURES (IP CODE) IEC 60533 ELECTRICAL AND ELECTRONIC INSTALLATIONS IN

SHIPS - ELECTROMAGNETIC COMPATIBILITY (EMC) – SHIPS WITH A METALLIC HULL

IEC 61000 ELECTROMAGNETIC COMPATIBILITY (EMC) SERIES - ALL PARTS

IEC 61131 PROGRAMMABLE CONTROLLERS IEC 62381 AUTOMATION SYSTEMS IN THE PROCESS

INDUSTRY - FACTORY ACCEPTANCE TEST (FAT), SITE ACCEPTANCE TEST (SAT) AND SITE INTEGRATION TEST (SIT)

IEC 61892 MOBILE AND FIXED OFFSHORE UNITS – ELECTRICAL INSTALLATIONS – ALL PARTS

NFPA - NATIONAL FIRE PROTECTION ASSOCIATION NFPA 496 STANDARD FOR PURGED AND PRESSURIZED

ENCLOSURES FOR ELECTRICAL EQUIPMENT

2.1.2 Brazilian Codes and Standards

INMETRO - INSTITUTO NACIONAL DE METROLOGIA, NORMALIZAÇÃO E QUALIDADE INDUSTRIAL

PORTARIA Nº 179 (18/MAIO/2010)

REGULAMENTO DE AVALIAÇÃO DA CONFORMIDADE PARA EQUIPAMENTOS ELÉTRICOS PARA ATMOSFERAS EXPLOSIVAS, NAS CONDIÇÕES DE GASES E VAPORES INFLAMÁVEIS E POEIRAS COMBUSTÍVEIS.

PORTARIA Nº 89 (23/FEVEREIRO/2012)

ALTERAÇÃO DA PORTARIA INMETRO Nº 179, DE 18/MAIO/2010.

2.1.2.1 All MTE - Brazilian Ministry of Labor (Portuguese: Ministério do Trabalho e Emprego) regulations (NRs) shall be followed.

PRELIMIN

ARY


I-ET-3010.00-5520-861-P4X-001 REV.

0

SHEET

6 of 24

TITLE:


ESUP

2.1.3 Classification Society

2.1.3.1 The design, installation and operation shall strictly follow the Classification Society requirements, along with the specific requirements identified in this document, including also all referenced documents’ requirements. In case of conflict, Classification Society comments shall prevail.

2.2 Internal References

2.2.1 Project Documents

I-ET-3010.00-1200-800-P4X-002 AUTOMATION, CONTROL AND INSTRUMENTATION ON PACKAGE UNITS

I-ET-3010.00-1200-940-P4X-001 GENERAL TECHNICAL TERMS I-ET-3010.00-5520-862-P4X-001 PROGRAMMABLE LOGIC CONTROLLERS - PLC I-ET-3010.00-5520-888-P4X-001 CSS / SOS PANELS I-ET-3010.00-5140-700-P4X-003 ELECTRICAL REQUIREMENTS FOR PACKAGES

FOR OFFSHORE UNITS I-ET-3010.00-5522-855-P4X-001 ADDRESSABLE FIRE DETECTION SYSTEM I-ET-3010.00-5500-854-P4X-001 MACHINERY MONITORING SYSTEM (MMS) I-ET-3010.00-1200-859-P4X-001 AUTOMATION REQUIREMENTS FOR

CORROSION MONITORING SYSTEM (CMS) I-ET-3A46.00-5530-850-PEA-001 POSITIONING AND NAVIGATION SYSTEMS FOR

FLOATING PRODUCTION UNIT (POS) I-ET-3010.00-5510-768-PPT-002 BASIC CRITERIA FOR TELECOM DESIGN I-ET-3000.00-5529-850-P6B-001 RIGID & HYBRID RISER MONITORING SYSTEM

(RHMS) I-ET-3010.00-5529-854-PAZ-005 MODA RISER MONITORING SYSTEM – FPSO

SCOPE AUTOMATION INTERFACE OF PACKAGE UNITS FLOW METERING SYSTEM (FMS)

ARCHITECTURE FLOW METERING SYSTEM (FMS) SAFETY DATA SHEET REQUIREMENTS OF METOCEAN DATA

ACQUISITION SYSTEM - ENV INSTRUMENTATION ADDITIONAL TECHNICAL

REQUIREMENTS AUTOMATION AND CONTROL ARCHITECTURE EQUIPMENT LIST IMPLEMENTATION OF INTERLOCKING AND

CONTROL LOGIC AUTOMATION AND CONTROL SYSTEM

FUNCTIONS ELECTRICAL SYSTEM AUTOMATION

ARCHITECTURE DIAGRAM ELECTRICAL SYSTEM AUTOMATION

ARCHITECTURE PRODUCTION WELL CONTROL RACK -

FUNCTIONAL DIAGRAM PRODUCTION WELL CONTROL RACK – LAYOUT

PRELIMIN

ARY


I-ET-3010.00-5520-861-P4X-001 REV.

0

SHEET

7 of 24

TITLE:


ESUP

HYDRAULIC POWER UNIT (HPU) FOR SUBSEA SYSTEM

HYDRAULIC POWER UNIT (HPU) FOR SUBSEA SYSTEM - HYDRAULIC DIAGRAM

HYDRAULIC POWER UNIT (HPU) FOR TOPSIDES VALVES

HYDRAULIC POWER UNIT (HPU) FOR TOPSIDES VALVES - HYDRAULIC DIAGRAM

PRODUCTION WELL CONTROL RACK SESDVS CONTROL RACK AUTOMATION AND CONTROL SYSTEM

FUNCTIONS SPECIAL MONITORING SYSTEMS

2.2.2 PETROBRAS Reference Documents

DR-ENGP-M-I-1.3-R.4 SAFETY ENGINEERING

2.3 INMETRO and Brazilian (MTE section) regulations are enforced by Brazilian law. Therefore, they superpose all Codes and Regulations listed in item 2.2.

3 ELECTRICAL REQUIREMENTS

3.1 For operating and environmental conditions, refer to project’s INSTRUMENTATION ADDITIONAL TECHNICAL REQUIREMENTS technical specification document.

3.2 The available power supply is 220 Vac @ 60 Hz (HOLD), fed by electrical panel as defined in technical specification I-ET-3010.00-5140-700-P4X-003 – ELECTRICAL REQUIREMENTS FOR PACKAGES FOR OFFSHORE UNITS. MANUFACTURER shall convert and distribute the different power supplies inside the panel, including where necessary a stabilized AC/DC power supply unit for the cabinet internal distribution of 24 Vdc. For further details, see I-ET-3010.00-5520-888-P4X-001 – CSS / SOS PANEL.

4 TECHNICAL REQUIREMENTS

4.1 General Description

4.1.1 Control and Safety System (CSS) is the implementation of an integrated automation system that performs process control, process safety and mitigation of the UNIT. It is the most important part of the Automation and Control Architecture.

4.1.2 CSS Architecture shall be according to project’s specific AUTOMATION AND CONTROL ARCHITECTURE drawing.

PRELIMIN

ARY


I-ET-3010.00-5520-861-P4X-001 REV.

0

SHEET

8 of 24

TITLE:


ESUP

4.1.3 Control and Safety functions shall be carried out by redundant programmable logic-controllers (PLCs) in hot-standby configuration, connected to a Supervisory Software. DCS based technology will not be accepted.

4.1.3.1 Programmable logic controllers requirements are described in I-ET-3010.00-5520-862-P4X-001 – PROGRAMMABLE LOGIC CONTROLLERS – PLC.

4.1.3.2 Redundancy with hot-standby configuration means that, in the event of a failure in one of the redundant processor, the other one shall remain active and shall assume the logic execution and output writing without affecting plant control executed by other processors.

4.1.4 The design life of CSS shall be 25 (twenty-five) years as a minimum, with the following requirements:

• System maintenance and support must be available along this life cycle, including the availability of compatible replacements;

• The entire system, including all sub-components, shall allow future upgrade or migration.

• MANUFACTURER shall inform the obsolescence plan in the proposal.

4.1.5 The plant automation architecture is represented in project’s AUTOMATION AND CONTROL ARCHITECTURE drawing. This document shows all the equipment and systems with their corresponding interconnections to the following CSS systems:

• PCS – Process Control System: responsible to perform the analogue control and monitoring functions of the process variables related to the Production and Facilities systems (topsides) and to communicate with the Electrical System Controller for electrical devices actuation in normal operation;

• HCS – Hull Control System: responsible to perform the analogue control and monitoring functions of the process variables related to the Production and Facilities systems (hull) and to communicate with the Electrical System Controller for electrical devices actuation in normal operation;

• PSD – Process Shutdown: responsible to perform the emergency shutdown logics of the process variables related to the Production and Facilities systems (topsides), the data acquisition of the ESD hardwired signals of PACKAGE UNITS and to perform hardwired electrical devices actuation in abnormal situation (Topsides ESD-2);

• HSD – Hull Shutdown: responsible to perform the emergency shutdown logics of the process variables related to the Hull Production and Facilities systems, the data acquisition of the ESD hardwired signals of Hull PACKAGE UNITS and to perform hardwired electrical devices actuation in abnormal situation (Hull ESD-2);

• FGS – Fire and Gas System: responsible to perform the Fire & Gas detection, water and CO2 firefighting and safety-related ventilation and air conditioning logics. FGS System’s functions also generate confirmed fire initiators for ESD-3 functions.

4.1.6 PCS, HCS, PSD, HSD and FGS processors shall be redundant, in hot-standby configuration, with simplex I/O cards.

PRELIMIN

ARY


I-ET-3010.00-5520-861-P4X-001 REV.

0

SHEET

9 of 24

TITLE:


ESUP

4.1.7 PSD and HSD define the prevention system and FGS defines the risk mitigation system. The interface with the PA/GA will be accomplished through PSD and HSD (see item 7.1.3).

4.1.8 CSS shall be supplied installed in panels, with the following subdivisions: (for more information see I-ET-3010.00-5520-888-P4X-001 - CSS / SOS PANELS):

• TOPSIDES CSS PANEL, with independent sections for each topsides CSS subsystem (PCS and PSD) and FGS processors;

• HULL CSS PROCESSORS PANEL, with independent sections for each hull CSS subsystem (HCS and HSD) ;

• CSS TOPSIDES REMOTE I/O PANELS – remote panels that house power supplies, network cards and I/O cards for each topsides CSS subsystem (dedicated sections for each subsystem - PCS, PSD and FGS);

• Hull CSS REMOTE I/O PANELS – remote panels that house power supplies, network cards and I/O cards for each hull CSS subsystem (dedicated sections for each subsystem - HCS and HSD and FGS).

4.1.9 The quantity of panels and panel sections may be different for each project. The specific information shall be consulted in the project’s EQUIPMENT LIST.

4.1.10 All FGS I/Os shall be installed in the nearest indoor remote I/O panel.

4.1.11 CSS shall have hardwired signals exchanged with the PACKAGE UNITS’ Automation Systems (typically trip initiators, emergency shutdowns, confirmed fire and confirmed gas signals). Refer to I-ET-3010.00-1200-800-P4X-002 - AUTOMATION, CONTROL AND INSTRUMENTATION ON PACKAGE UNITS. Other signals may be applied, depending on the PACKAGE UNIT.

4.1.12 The redundant Electrical System Controllers, which are part of Electrical System, shall communicate with PCS, HCS and FGS according to project´s AUTOMATION AND CONTROL ARCHITECTURE.

4.1.13 Shutdown signals from PSD, HSD and FGS shall be hardwired from each CSS I/O to the correspondent electrical equipment drawer.

4.1.14 CSS is a system composed mainly by PLCs arranged inside panels, and this Technical Specification shall be analyzed with the I-ET-3010.00-5520-888-P4X-001 – CSS/SOS PANELS and I-ET-3010.00-5520-862-P4X-001I-PROGRAMMABLE LOGIC CONTROLLERS – PLC.

4.1.15 Programming general requirements mentioned in project’s IMPLEMENTATION OF INTERLOCKING AND CONTROL LOGIC Specification shall be followed.

4.2 Safety Requirements

4.2.1 PCS/HCS shall execute process control, PSD/HSD shall execute process safety and FGS shall execute risk mitigation.

4.2.2 PCS and HCS systems shall not be used for safety and mitigation functions.

PRELIMIN

ARY


I-ET-3010.00-5520-861-P4X-001 REV.

0

SHEET

10 of 24

TITLE:


ESUP

4.2.3 CSS shall provide test capability for inputs, outputs and logic control during fault repair.

4.2.4 CSS shall provide diagnostics for inputs, outputs and processors to be used for calculating system availability and reliability.

4.3 Availability and Redundancy Requirements

4.3.1 Required CSS availability, not including the field instrumentation, shall be, at least:

• PCS and HCS: >= 99.0 %; • PSD, HSD and FGS: >= 99.5 %.

4.3.2 CSS availability calculation shall be done by MANUFACTURER, and shall be based on the use of calculated Mean Time to Failure (MTTF) data.

4.3.3 Availability figures are for the whole system (PCS, HCS, HSD, PSD and FGS, excluding PACKAGE UNITS), not only per processor. The following parameters shall be used in the calculations:

• Mean Time to Repair (MTTR): 2 h; • Process startup time: 6 h; • Periodic inspection interval: 1 (one) year for safety functions, 2 (two) years for

control functions.

4.3.4 Where processor redundancy is included, it shall be possible a hot replacement of a failed standby processor without affecting the running (duty) processor. When both processors fail, or when single processors (non-redundant processors) are installed (e.g. In PACKAGE UNITS), failed processors shall be exchanged online without affecting plant control executed by other processors.

4.3.5 On power loss of any processors, the involved processor shall retain its application software.

4.3.6 Control modules shall be capable (such as battery backup) to store volatile data during power loss. This capacity shall be sufficient to maintain that data for a minimum of 120 (one hundred and twenty) days.

4.3.7 Software changes shall be possible with processor running, under controlled security without requiring process shutdown.

4.3.8 The model used as the basis of the calculation shall be advised along with any further assumptions. Mean Time Between Failures (MTBF) data for all CSS components shall be informed by MANUFACTURER, including data for monitors, servers, communication cards, processors, I/O cards.

4.3.9 The components of the CSS, which are likely to cause loss of production upon single card failure shall be provided with built-in redundancy or fault tolerance (HOLD).

4.3.10 Where redundant cards or channels are applied (e.g., voting), these shall be installed in different racks/rails of their redundant partners, with different power supplies.

PRELIMIN

ARY


I-ET-3010.00-5520-861-P4X-001 REV.

0

SHEET

11 of 24

TITLE:


ESUP

4.3.11 Failure of the main CSS components (power supplies, processors, network cards, I/O cards and I/O channels) shall be sent to registers accessible by the processors, to be used in the automatic logic and in the Supervisory System.

4.3.12 The requirement for redundancy in different parts of the PCS, HCS and safety systems shall be based on an availability calculation to meet a required availability target. These components are as follows:

• CSS Power supplies; • Processors; • I/O cards (see NOTE)

NOTE: This item refers to connecting redundant components to different I/O cards. The cards themselves are simplex.

4.4 I/O Allocation Requirements

4.4.1 In order to increase safety functions reliability and plant availability, any voted I/O and I/O associated with redundant equipment shall be installed on different I/O cards.

4.4.2 The following rules shall be applied for I/O allocation:

• Multiple analogue inputs or outputs used for redundancy (i.e. triplicate transmitters used for voting in safety functions) shall be located on different input cards;

• Flame, gas or smoke detectors for the same zone shall be located on segregated cards. Exception is made when digital addressable systems are used for sensors communication;

• All I/O associated with redundant process equipment (i.e. duty-standby motors or pumps) shall be located on separate cards;

• Where possible, I/O shall be allocated to cards in a way to minimize the number of devices that would be affected by a card failure;

• Split range PID outputs shall be located on the same card; • Cascade PID process variables shall be located on the same card; • Limit switches from the same valve shall be connected to the same input card,

for each subsystem.

4.4.3 In case there is a failure in voted inputs used in fire and gas logic (mainly fire and gas detectors), DR-ENGP-M-I-1.3-R.4 - SAFETY ENGINEERING shall be consulted for the programming.

4.4.4 In case there is a failure in an I/O card/channel associated to a redundant equipment, this shall only affect the logic associated with the related equipment.

4.4.5 Racks used for redundant I/O cards architecture shall not share common features such as buses, etc.

4.4.6 Fire Fighting CO2 field instruments data, if available, shall be acquired by FGS system and shall have line monitoring.

4.4.7 The interface with VAC equipment (dampers, air-conditioner, etc.), where applicable, shall be hardwired, through the FGS system.

PRELIMIN

ARY


I-ET-3010.00-5520-861-P4X-001 REV.

0

SHEET

12 of 24

TITLE:


ESUP

4.4.8 All analogue field instruments with HART communication protocol shall be connected to an analog I/O card with HART communication capabilities, which shall drive the 4 - 20 mA to the analog cards. HART Demultiplexers are also accepted inside the panels.

4.5 Future expansion capability

4.5.1 During project detailing phase, once the I/O quantities have been defined, an additional 20% I/O capacity for each I/O type per system (i.e. per processor or group of processors executing a system’s control or safety functionality) shall be installed at each cabinet.

4.5.2 All channels, including spare or additional channels, shall be wired to terminals, ready for field interconnection.

4.5.3 There shall furnished space for future installation of 10% of the number of installed I/O slots, per each subsystem.

4.5.4 All empty I/O slots shall be provided with blank plates.

4.6 Failed component replacement

4.6.1 The system hardware shall have hot swap capability.

4.6.2 For redundant processors in hot-standby configuration, it shall be possible to replace the failed component without affecting the system’s operation. For example, if the running PLC processor fails, its redundant pair shall take over the control and shall continue to control the plant and to write in the outputs while the failed module is replaced. The replaced module will then operate as the standby and can take over control if the running module fails.

4.6.3 For non-fault tolerant system components, the replacement of one module shall not affect other modules in the system. For example, if a simplex I/O card fails, it shall be possible to replace it without the need to reset any other card.

4.6.4 Individual modules of the CSS shall be designed to restart automatically when replaced or powered up following a power loss. This shall not result in loss of any kind of log.

4.7 Response Time Requirements

4.7.1 CSS response time is defined as the maximum time from the occurrence of an event at the input terminations to the response either at HMI or at output terminals. This covers I/O card response times, processor scan rates and any communication delays (I/O bus, data communication networks) and server traffic time.

4.7.2 It shall be used fixed scan rate in all CSS PLCs programming.

4.7.3 Where tasks can be scheduled to run at different PLC cycle rates (different number of scans), the following guidelines shall apply to processor cycle times limits:

PRELIMIN

ARY


I-ET-3010.00-5520-861-P4X-001 REV.

0

SHEET

13 of 24

TITLE:


ESUP

• Fast control loops (typically pressure and flow): 0.5 s; • Slow control loops (typically temperature and level): 1 s; • Motor start/stop: 0.5 s; • Monitoring and alarming: 1 s; • Sequences: 1 s; • Critical trip functions: 0.5 s; • Trip functions: 1 s.

4.8 Synchronization Requirements

4.8.1 To maintain an appropriate chronology of events, all CSS PLCs (PCS, HCS, PSD, HSD and FGS), as well P2, P2C, P2S and P2SC PACKAGE UNITS’ PLCs, shall be synchronized by a Time Server. This Time Server shall read date/time information from the UNIT GPS and send this information to all the PLCs using NTP (network time protocol).

4.8.2 The synchronization accuracy must be better than 10 ms and shall be updated every 24h or less.

4.9 Processor Loading

4.9.1 PLC application software size shall be such that at least 30% spare memory is available for future program expansion. In addition, there shall be sufficient memory to allow the program to run (without affecting I/O scanning, communications or diagnostics) even when all I/O (installed, spare and 10% future installation capacity) and associated application software is added.

4.9.2 If the manufacturer recommends greater spare memory requirements, these shall apply.

4.9.3 PLC processors’ cycle times shall be set to ensure that when higher priority activities such as scanning I/O and executing application software are complete, there is sufficient free time for the processor to execute system diagnostics, communications (to other processors and HMI) and other activities such as intercommunications from the running duty processor to the standby processor.

4.9.4 A single failure in one processor or remote communication card shall not interrupt the whole I/O communication continuity.

5 SOLVERS COMMUNICATION OPTIMIZATION

5.1 All hardwired I/O signals shall be connected to the PLC which executes their logics. Inputs and outputs of the same control or safety loop shall be connected to the same PLC. Communication between PLCs (data transmission using the HSDN) is restricted and subject to PETROBRAS approval.

5.2 When transferring data between PLCs, such communication configuration, logic must be set up in a separately identifiable program area in the PLCs.

5.3 All communicated data, communication diagnostics data, and communication configuration shall be stored in the same program area.

PRELIMIN

ARY


I-ET-3010.00-5520-861-P4X-001 REV.

0

SHEET

14 of 24

TITLE:


ESUP

5.4 Variables shall be read from one processor only; they shall not be written to the same memory location, overwriting one another.

5.5 PLC to PLC communication must take place via a redundant and deterministic high-speed network (HSDN). Communication between PLCs of different systems (e.g. PCS and PSD) shall be restricted. Data to be transmitted via this network shall be submitted to PETROBRAS for evaluation.

5.6 Variables shall only be read into a processor once, i.e. the read block shall not be duplicated. All peer-to-peer communications blocks shall be clearly annotated with the source/destination of the communications.

5.7 Table 1 (HOLD) indicates whether peer-to-peer data shall be configured to be failsafe or fail-reliable. See NOTES 1 and 2 below for the requirements of fail-safe and fail-reliable communication.

Table 1 – Data transmission by signal type

SIGNAL TYPE DATA

TRANSMISSION OBJECTIVE / CLARIFICATION

Secondary Variables (including Pressure and Temperature for Flow Compensation)

Fail-Reliable (NOTE 2)

Loss of these signals shall allow process to continue stable

Convenience Trip Fail-Reliable (NOTE 2)

To avoid spurious trips during momentary loss of communication, maintaining the control and shutdown system integrity

Data Quality (signal bad quality)

Fail-Safe (NOTE 1)

Signal loss shall allow process to continue stable

Key lock Permissive (security switches)

Fail-Reliable (NOTE 2)

Signal action based on logic state transition

Equipment Permissive (usually start permissive)

Fail-Safe (NOTE 1)

To avoid starting a device when its permissive is lost. The intent is to identify and resolve communication problems before starting an equipment

Voted System Bypasses Fail-Reliable (NOTE 2)

Applicable to voting systems only, intended to avoid spurious trips during momentary communication loss while maintaining control and shutdown system integrity

Plant Mode Switch: local/remote, auto/manual

Fail-Reliable To avoid unintended operation mode change during communication loss

Primary Control Variable (example: PID controller)

Shall be hardwired Peer to peer communication imposed delay adversely affects the control loop

Shutdowns / Interlocks Fail-Safe All shutdown initiators and actions (except convenience trips) shall be

PRELIMIN

ARY


I-ET-3010.00-5520-861-P4X-001 REV.

0

SHEET

15 of 24

TITLE:


ESUP

fail safe, either hardwiring, or via fail-safe communications

NOTE 1: Fail-Safe communication configuration shall imply that on Loss of Communication Status, a fail-safe value shall be assigned (substituted) to the signal being communicated. Loss of Communication Status shall be generated on the loss of communication or a data read error for a predetermined time period (maximum 10 s) between two communicating PLC. This time period shall be determined by evaluating the risk of communicating data as Fail-Reliable for that time period. An alarm shall also be generated to indicate Loss of Communication Status.

NOTE 2: Fail-Reliable communication configuration shall imply that on Loss of Communication Status, the signal will hold its last good value and an alarm shall be generated to indicate Loss of Communication Status. A Loss of Communication Status shall be generated on the loss of communication, or a data read error for a predetermined time period (typically 5 s), between two communicating PLC.

6 SYSTEM DIAGNOSTICS

6.1 CSS shall incorporate system diagnostics so that faults are identified, located, and reported to the maintenance workstation. All diagnostics shall be on-line automatically performed, without disturbing the process or reducing processors reliability. Whenever a fault is detected, an alarm of mal-functioning shall be activated at operation workstation.

6.2 System diagnostic shall cover as minimum the following status:

• I/O modules and channels; • I/O communication channels; • System and field power supply check; • Processor software check, comprising application and system software and

memory integrity; • Process hardware check; • Peer to peer / HMIs communication channels; • HMIs and servers.

6.3 CSS actions taken as the result of diagnostic errors are as a minimum:

• Any undefined condition detected through diagnostic check shall result in fail-safe action, ex: undefined logic-result (e.g.: divided by zero, negative square root, etc.);

• Loss of an I/O module, loss of both processors, loss of all power supply shall result to fail-safe action and an alarm.

7 PANELS

7.1 Topsides CSS Panel and Hull CSS Panel

7.1.1 There shall be 1 (one) panel dedicated to the Topsides CSS controllers and one panel dedicated to the Hull CSS controllers, installed indoors, at air conditioned areas.

PRELIMIN

ARY


I-ET-3010.00-5520-861-P4X-001 REV.

0

SHEET

16 of 24

TITLE:


ESUP

7.1.2 These CSS Panels shall have dedicated sections for the following CSS systems:

on Topsides CSS Panel: PCS, PSD and FGS;

on Hull CSS Panel: HCS and HSD.

7.1.3 There shall be a communication link between FGS, PSD and HSD, implemented through a dedicated redundant high speed deterministic network (HSDN). The use of Ethernet in a deterministic configuration is accepted. In this case, low utilization of the whole channel capacity shall be ensured in order to avoid congestion and minimum total latency.

7.1.4 Connection between the Topsides/Hull CSS Panels with their corresponding remote I/O panels shall be implemented through a dedicated I/O network redundant high-speed deterministic network (I/O Deterministic Communication Network), both permanently active. Each redundant I/O network shall be directly connected to each redundant CPU and both I/O redundant networks shall be accessible by each redundant CPU, independently of the status of the other redundant CPU.

7.1.5 Redundant networks shall run through different paths in the UEP (including redundant I/O networks).

7.1.6 Each Panel section shall have the following characteristics:

Each rack (half-cluster) shall have: redundant power supplies, CPU, redundancy card (for data updating and synchronization between active and standby CPU), two redundant Ethernet/TCP-IP cards to perform communication with SOS Servers, two redundant I/O Deterministic Communication Network cards to perform communication of the PLCs with the remote I/O panels, two redundant network cards to perform CPUs HSDN, one Modbus TCP/IP communication card to perform communication with the Electrical System Controllers.

NOTE: MANUFACTURER shall provide signals dedicated to diagnosis intrinsically related to the panels, such as power supply diagnosis, network diagnosis, etc., in order to assure the proper panel protection and status, and it shall clearly indicate it in the proposal. MANUFACTURER shall include, if applicable, I/O cards inside the panel (Topside CSS Panel or Hull CSS Panel) related to these signals.

7.1.7 Each FGS system rack shall have, besides the items defined above, an additional RS-485 / Modbus TCP/IP card to communicate with the AFDS.

7.1.8 Panels located outdoors shall comply with IEC 61892- 7 (Zone 1).

7.1.9 Electromechanical characteristic of the panels, including pressurization guidelines, are in I-ET-3010.00-5520-888-P4X-001 – CSS/SOS PANELS.

7.2 CSS Topsides / Hull Remote I/O Panels

7.2.1 Each topsides remote terminal I/O panel shall have dedicated sections segregated by 3 (three) groups of systems: Topsides Control (PCS), Topsides Shutdown (PSD) and Fire and Gas (FGS).

PRELIMIN

ARY


I-ET-3010.00-5520-861-P4X-001 REV.

0

SHEET

17 of 24

TITLE:


ESUP

7.2.2 Each hull remote terminal I/O panel shall have dedicated sections segregated by 3 (two) groups of systems: Hull Control (HCS), Hull Shutdown (HSD) and Fire and Gas (FGS).

7.2.3 The dedicated sections of each remote terminal I/O shall be electrically isolated. The power supply for each dedicated section shall be independent. Each panel shall receive a 220 Vac (HOLD) power source from the UPS. The conversion to 24 Vdc shall be done using redundant modules, so that each module may be removed for maintenance without powering off the panel.

7.2.4 Where pressurization is required to comply with hazardous area requirements, cabinets shall be fitted with a purge control unit, which shall be pre-certified to conform with IEC 60079-2.

7.2.5 DC Ground fault protection shall be according to I-ET-3010.00-5520-888-P4X-001 – CSS / SOS PANELS.

7.2.6 The CSS Remote I/O Panels shall have the IP protection class according to I-ET-3010.00-5520-888-P4X-001 – CSS / SOS PANELS.

7.2.7 Each remote I/O panel shall have the following characteristics:

• Dedicated I/O card racks for each subsystem; • Modular sections of 800mm (W) x 800mm (L) x 2000mm (H), with a maximum

of three modules fixed together for shipping purposes; • Dual redundant communication with the related CPU for each system.

7.2.8 The redundant communication between CSS Remote I/O Panels and CSS Panels shall be implemented using optical fiber cables.

7.2.9 The panels internal layout shall foresee the necessary space for the field optical cable interconnection without risks to the fiber integrity. Internal optical signals routing end interconnection shall be done using flexible mono fiber optic cables.

7.2.10 CSS Remote I/O Panels shall have a terminal strip dedicated to the power supply distribution to instruments which require external supply (ultrasonic meters, analyzers etc.). The electrical source used to feed the analogue input cards and 4 (four) wire instruments shall be the same. These terminals shall be equipped with fuses, both for + DC and – DC.

7.3 Emergency Panels

7.3.1 The Two emergency panels bellow shall be provided indoors:

• EMERGENCY PANEL A shall be provided at CCR-Operation Ambiance in order to house ESD push buttons (ESD-2, ESD-3P, ESD-3T and ESD-4), BDV depressurization push buttons and one pushbutton, next to ESD-4 pushbutton, to initiate the sound alarm “PREPARE FOR ABANDON”.

• EMERGENCY PANEL B shall be provided and installed at Radio Room in order to house ESD push buttons (ESD-2, ESD-3P, ESD-3T and ESD-4) and one pushbutton, next to ESD-4 pushbutton, to initiate the sound alarm “PREPARE FOR ABANDON”.

PRELIMIN

ARY


I-ET-3010.00-5520-861-P4X-001 REV.

0

SHEET

18 of 24

TITLE:


ESUP

7.3.2 These push buttons shall be protected against involuntary activation. The requirements of the Emergency Panels push buttons are listed in items 7.3.3 and 7.3.4.

7.3.3 In case the Classification Society requires manual ESD-2 stations in open areas, these push buttons shall be “lift and push the button” type, normally open (NO), energize to trip and connected to Topsides CSS-PSD and Hull CSS-HSD (hardwire supervised circuit). Addressable type is not acceptable. The placement of these manual ESD-2 stations in open areas will be defined by the Classification Society during the project’s detailing design phase.

7.3.4 If manual ESD-3P, ESD-3T and ESD-4 stations are also required by the Classification Society, the following shall apply:

• ESD-4 push buttons shall have the same requirements as ESD-2 push buttons and shall have line monitoring. They shall be connected to the CSS-FGS.

• ESD-3P/3T push buttons shall have the same requirements as ESD-2 push buttons and shall have line monitoring. They shall be connected to CSS-FGS. The CSS-FGS shall send via hardwired connection broadcast (via appropriate deterministic bus) the emergency status to Topsides CSS-PSD and to Hull CSS-HSD.

7.3.5 The manual ESD signals from these push buttons shall be interlocked with the automatic ESD logic in order to result in a single shutdown command to each final element.

7.3.6 EMERGENCY PANEL A shall be installed at Operation Ambiance and EMERGENCY PANEL B at Radio Room. Each cabinet shall have the following dimensions: 400 x 400 x 400 mm (L x W x H) and shall be mounted in the wall.

7.3.7 Construction, structure, plates, color and painting system for Emergency Panel cabinets shall follow the same standard of the CSS panels.

7.4 Overrides

7.4.1 Whenever inputs or output devices override are required for plant operation, such as: temporary maintenance, processor, plant or unit start-up, F&G detectors failures, and input devices functionality test, two types of system overrides shall be provided as follows:

• MOS: safety input or output device deactivation for maintenance purposes; • OOS: safety input or output device short-term deactivation (typically less than

2 h) for operation or start-up purpose. After a defined time delay the deactivated function shall be automatically removed. OOS is only a virtual signal from the Supervisory System HMI. There is no OOS console.

7.4.2 A MOS console shall be provided in the Operation Ambiance; this console shall have the following dimensions: 400 mm length x 400 mm deep x 400 mm height.

7.4.3 MOS hardware keys shall be used for common enabling of maintenance overrides, being one hardware key for each system - PSD, FGS and HSD, in a total of 3 (three). Besides, individual overrides shall also be applied for each

PRELIMIN

ARY


I-ET-3010.00-5520-861-P4X-001 REV.

0

SHEET

19 of 24

TITLE:


ESUP

input/output, during MOS hardware key activation time, through Supervisory System HMI screens.

7.4.4 Direct overrides on inputs/outputs without MOS or OOS activation are not allowed. Overrides shall only be configured to be applied via the MOS and OOS functionality.

7.4.5 The design premise is that operational procedures shall not allow multiple devices within the same safety protective function to be put into override at once. The only exception is made for subsystems in long-term maintenance condition, i.e. not in operation.

7.4.6 Output devices shall not be overridden when the corresponding input is in override.

7.4.7 For further details, see project’s AUTOMATION AND CONTROL SYSTEM FUNCTIONS descriptive memorandum.

8 TOPSIDES CSS INTERFACES WITH OTHER SYSTEMS

8.1 General Information

8.1.1 The CSS shall have data exchanged with PACKAGE UNITS, Electrical System and other special systems.

8.1.2 For better understanding, refer to Technical Specifications listed in Item 2.2.1.

8.2 CSS - Addressable Fire Detection System

8.2.1 The interface between CSS-FGS and the AFDS Panel(s) shall be implemented through a network with communication protocol according to documentation specific to the project.

8.2.2 Resources shall be provided in order to guarantee the communication with the AFDS without losing supervision data, even at the failure of one of the dual FGS racks.

8.2.3 All Fire detection and firefighting logics shall be implemented at FGS, using both FGS I/Os and the AFDS inputs. Despite being technically possible, AFDS shall not be used for logic, just as inputs.

8.2.4 For specific information about AFDS, refer to I-ET-3010.00-5522-855-P4X-001 - ADDRESSABLE FIRE DETECTION SYSTEM.

8.2.5 Information regarding number and types of sensors per zone is indicated in project’s document entitled SAFETY DATA SHEET.

PRELIMIN

ARY


I-ET-3010.00-5520-861-P4X-001 REV.

0

SHEET

20 of 24

TITLE:


ESUP

8.3 CSS – PACKAGE UNITS

8.3.1 Hardwired interface between CSS and the PACKAGE UNITS shall be implemented through the I/O cards of the CSS Remote I/O Panels and the PACKAGE UNITS ‘Automation Systems.

8.3.2 Normally, the interface between CSS and PACKAGE UNITS´ Automation Systems are discrete signals. However, it might be possible to exchange analog signals as well. The project documentation (P&ID´s, Technical Specifications and I-ET-3010.00-1200-800-P4X-002 - AUTOMATION, CONTROL AND INSTRUMENTATION ON PACKAGE UNITS) shall also be consulted.

8.3.3 For further information, refer to I-ET-3010.00-1200-800-P4X-002 - AUTOMATION, CONTROL AND INSTRUMENTATION ON PACKAGE UNITS.

8.4 CSS - Electrical System

8.4.1 The interface between the CSS and Electrical System shall be implemented as described in project’s ELECTRICAL SYSTEM AUTOMATION ARCHITECTURE DIAGRAM, ELECTRICAL SYSTEM AUTOMATION ARCHITECTURE technical specification and AUTOMATION AND CONTROL ARCHITECTURE drawing.

8.5 CSS – SPCS

8.5.1 The equipment listed below, comprise the SPCS:

• Wet Christmas Trees (WCT) – Supplied by PETROBRAS; • Umbilical – Supplied by PETROBRAS; • Signal Acquisition System (SAS) – Acquisition module supplied by

PETROBRAS; • Subsea Control Module (SCM) – Supplied by PETROBRAS; • Multiplex WCT Control Panel – Supplied by PETROBRAS; • Well Control Racks (WCR); • Hydraulic Power Unit (HPU).

8.5.2 For interface description between CSS and SPCS, see the following documents specific to the project:

• PRODUCTION WELL CONTROL RACK - FUNCTIONAL DIAGRAM drawing; • PRODUCTION WELL CONTROL RACK – LAYOUT drawing; • HYDRAULIC POWER UNIT (HPU) FOR SUBSEA SYSTEM technical

specification; • HYDRAULIC POWER UNIT (HPU) FOR SUBSEA SYSTEM - HYDRAULIC

DIAGRAM drawing; • HYDRAULIC POWER UNIT (HPU) FOR TOPSIDES VALVES technical

specification; • HYDRAULIC POWER UNIT (HPU) FOR TOPSIDES VALVES - HYDRAULIC

DIAGRAM drawing; • PRODUCTION WELL CONTROL RACK technical specification; • SESDVS CONTROL RACK technical specification; • AUTOMATION AND CONTROL SYSTEM FUNCTIONS descriptive

memorandum;

PRELIMIN

ARY


I-ET-3010.00-5520-861-P4X-001 REV.

0

SHEET

21 of 24

TITLE:


ESUP

• SPECIAL MONITORING SYSTEMS technical specification.

8.6 CSS - Telecom System

8.6.1 It shall be provided digital outputs from PSD and HSD to PA/GA System located in Telecom Room (Hull).

8.6.2 For further details see AUTOMATION AND CONTROL ARCHITECTURE drawing and I-ET-3010.00-5510-760-PPT-002 - BASIC CRITERIA FOR TELECOM DESIGN technical specification.

8.7 CSS – Machinery Monitoring System (MMS)

8.7.1 CSS interface with MMS shall be according to I-ET-3010.00-5500-854-P4X-001 - MACHINERY MONITORING SYSTEM (MMS).

8.8 CSS – Flow Metering System (FMS)

8.8.1 CSS interface with FMS shall be according to project’s drawing entitled FLOW METERING SYSTEM (FMS) ARCHITECTURE and technical specification entitled FLOW METERING SYSTEM (FMS).

8.9 CSS – Corrosion Monitoring System (CMS)

8.9.1 CSS interface with CMS shall be according to I-ET-3010.00-1200-859-P4X-001 - AUTOMATION REQUIREMENTS FOR CORROSION MONITORING SYSTEM (CMS).

8.10 CSS – Positioning and Navigation Systems for Floating Production Unit (POS)

8.10.1 CSS interface with POS shall be according to I-ET-3A46.00-5530-850-PEA-001 - POSITIONING AND NAVIGATION SYSTEMS FOR FLOATING PRODUCTION UNIT (POS).

8.11 CSS – Requirements of Metocean Data Acquisition System (ENV)

8.11.1 CSS interface with ENV shall be according to project’s REQUIREMENTS OF METOCEAN DATA ACQUISITION SYSTEM – ENV technical specification.

8.12 CSS - Rigid & Hybrid Riser Monitoring System (RHMS)

8.12.1 CSS interface with RHMS shall be according to I-ET-3000.00-5529-850-P6B-001 - RIGID & HYBRID RISER MONITORING SYSTEM (RHMS).

8.13 CSS - MODA Riser Monitoring System (MODA)

8.13.1 CSS interface with MODA shall be according to I-ET-3010.00-5529-854-PAZ-005 - MODA RISER MONITORING SYSTEM – FPSO SCOPE.

PRELIMIN

ARY


I-ET-3010.00-5520-861-P4X-001 REV.

0

SHEET

22 of 24

TITLE:


ESUP

9 SCOPE OF SUPPLY

The CSS scope of supply shall include, but not be limited to, the following items:

9.1 Hardware

9.1.1 1 (one) Topsides CSS Panel with and 1 (one) Hull CSS Panel, with, at least, 3 (three) sections each. Each section shall have 2 (two) redundant sets of: power supply and CPU, Gigabit Ethernet cards, HSDN cards, I/O Deterministic Communication Network cards, RS-485 cards and I/O cards, all fully interconnected, according to the requirements of each system as described at item 7.1 and item 7.2.

9.1.2 CSS Topsides Remote I/O Panels and Hull CSS Remote I/O Panels with all I/O cards fully interconnected each.

9.1.3 All fiber optic branches, optical/electrical converters, Ethernet cards, RS-232, RS-422 and RS-485 converters necessary for CSS implementation.

9.1.4 Physical configuration of all CSS PLCs and Remote I/O Panels.

9.1.5 Cables shall be according to I-ET-3010.00-5520-888-P4X-001 - CSS / SOS PANELS.

9.2 Software

9.2.1 Communication driver with Supervisory System.

9.2.1.1 MANUFACTURER shall supply a dedicated communication driver with the chosen Supervisory System.

9.2.1.2 PLC MANUFACTURER shall provide all controllers with OPC UA driver for communication to the Supervisory Software. OPC driver shall be OPC Foundation ™ compliant. CSS - PLC MANUFACTURER shall liaise with SOS SUPPLIER in order to guarantee the adequacy of OPC version.

9.2.2 CSS - PLC MANUFACTURER shall provide 3 (three) Licensed PLC programming and configuration software tools.

9.2.3 All software shall be delivered installed, licensed to MANUFACTURER and with its corresponding optical media.

9.3 Services

9.3.1 Technical services for engineering support during integration, commissioning, start-up and assisted operation.

9.3.2 Networks (within CSS subsystems and between CSS and Remote I/O racks) configuration and testing.

9.3.3 For training services refer to contractual terms.

9.3.4 Physical and logical interfaces between the CSS and the other platform systems.

PRELIMIN

ARY


I-ET-3010.00-5520-861-P4X-001 REV.

0

SHEET

23 of 24

TITLE:


ESUP

9.3.5 Cable dimensioning services (related to item 7.2.7).

9.3.6 Technical specification of the HSDN and I/O Deterministic Communication Network fiber optic and electrical network cables for the interconnection of the Remote I/O Panels and the CSS Panels.

9.3.7 Human resources and a portable unit (belonging to MANUFACTURER) fully configured with all the necessary hardware and software to help assistance on the Factory Acceptance Tests (FAT) of other systems, such as: PACKAGE UNITS, SOS HMIs, AFDS, etc.

9.3.8 The connections from field instruments and from hardwired signals of PACKAGE UNITS to CSS Remote I/O Panels shall be INTEGRATOR’s scope of work.

9.3.9 The interconnection of the networks linking the CSS to other systems is part of the INTEGRATOR’s scope of work.

9.3.10 The configuration and parameterization of all exchanged data among the CSS and other systems shall be implemented by MANUFACTURER together with the MANUFACTURER and the related system’s MANUFACTURER.

10 DOCUMENTATION

10.1 Complete documentation of the CSS, covering all devices (including installed software and firmware versions) and services, shall be supplied with the proposal, for approval, and for final acceptance (HOLD).

10.2 There shall be supplied with the proposal, in the number of copies defined at PETROBRAS documents, at least the following technical documents:

• Technical specifications, comprising: equipment, accessories, panel and materials;

• Data-sheets and brochures for each equipment; • All equipment and installation data including: material list, equipment list, spare

part list, power consumption, heat dissipation, weight, panel lay-out, etc; • Complete description of services, tests, etc. • Documentation requested by other project documents related to CSS system

(see item 2.2.1).

10.3 There shall be supplied for evaluation, in the number of copies defined at PETROBRAS documents, at least the following technical documents:

• Technical specifications, comprising all equipment, instrument, accessories, cables and materials;

• Drawings for all panel, racks and their components; • Data sheets of panel and rack components (including PLCs); • Installation drawings including general arrangement, electrical diagrams, wiring

diagrams, cable, material list, and equipment list; • Test procedures; • Certificate of materials, etc. • Complete CSS certified documentation, as required at I-ET-3010.00-5520-862-

P4X-001 - PROGRAMMABLE LOGIC CONTROLLERS - PLC and I-ET-

PRELIMIN

ARY


I-ET-3010.00-5520-861-P4X-001 REV.

0

SHEET

24 of 24

TITLE:


ESUP

3010.00-5520-888-P4X-001 – CSS / SOS PANELS, including Operation Manual and Maintenance Manual.

11 ACCEPTANCE TESTS

11.1 MANUFACTURER shall be responsible for performing all the tests required as defined at IEC 62381 standards.

11.2 MANUFACTURER shall be responsible for providing personnel, material, necessary equipment and instruments for all the tests, independent of the place where they are carried out, until the final commissioning and acceptance of the UNIT by PETROBRAS.

11.3 MANUFACTURER shall perform the following tests, besides the tests required at I-ET-3010.00-5520-862-P4X-001 - PROGRAMMABLE LOGIC CONTROLLERS - PLC and I-ET-3010.00-5520-888-P4X-001 – CSS / SOS PANELS, where applicable, prior to delivery:

• Mechanical Inspection; • Hardware and Software inventory check; • Wiring and Termination inspection; • Start-up Test; • Visualization/operation; • General System functions including hardware redundancy and diagnostic

check; • Functional test; • Systems interface test.

11.4 After the CSS installation at the site, at least the following tests (SAT) shall be provided in order to assure that the equipment is correctly installed:

• Mechanical Inspection; • Hardware and Software inventory check; • Start-up/Diagnostic Check; • Software downloads and functional tests.

11.5 For Site Integration Tests (SIT) refer to IEC-62381 – AUTOMATION SYSTEMS IN THE PROCESS INDUSTRY – FACTORY ACCEPTANCE TEST (FAT), SITE ACCEPTANCE TEST (SAT) AND SITE INTEGRATION TEST (SIT).

11.6 MANUFACTURER shall submit to PETROBRAS, for evaluation, detailed FAT and SAT programs, at least 4 (four) weeks in advance. PRELIM

INARY

I N D E X O F R E V I S I O N S D E S C R I P T I O N A N ... · MTE Brazilian Ministry of Labor...

Documents

Transcript of I N D E X O F R E V I S I O N S D E S C R I P T I O N A N ... · MTE Brazilian Ministry of Labor...