The UK HSE in its publication 'Out of Control' identified that circa 60% of the causes of
incidents could be attributed to lack or poor specification and then errors in the design and
implementation. A further circa 6 % was attributable to Installation and Commissioning.
In addition it is a requirement of DSEAR, (ATEX 137) is to verify that places containing
explosive atmospheres can operate in accordance with the regulations. That is, to verify by
competent personnel that it is safe to introduce 'dangerous substances' into the unit.
Specifically for electrical equipment in zoned areas these are the standards to follow - EN 60079
-17 and EN 61241 - 17. In these standards there is a need to carry out a full detailed initial
inspection of the installation and equipment to verify full compliance to the specification and
design.
Further where Safety Instrumented Functions are employed to reduce the risk to people/environment
that are subject to EN 61508/61511 then there is the requirement to validate the total installation
and the functionality of each SIF as meeting the User Requirement Specification.
A systematic and economical method of achieving the above is to use a quality assurance check
list by competent personnel. Such an approach has the benefit of monitoring the installation against
specification and design for each type of equipment and system and where a non-conformance is
identified it is corrected early in the installation programme. This will avoid costly modifications
and delays if only an 'end of construction' quality audit is done.
Also by using an independent organisation, from the installer, along with your own
operating/maintenance personnel it establishes the initial records for 'life time' management of
functional safety and provides on the job training for those that will maintain the unit.
The final validation of the function of the installation can then be phased into the
pre-commissioning and commissioning activities providing a record of compliance and avoiding costly
delays.
Under BS EN 61508 and IEC 61511 safety instrumented systems require third party validation. Rowan
House can provide competent personnel to validate your installed safety systems.
Process control systems have their own specific pre-commissioning/commissioning requirements.
Pre-commissioning and commissioning of instrument and control systems falls broadly into two
categories with the use of HMI (Human Machine Interface) based on PC technology and control system
architecture based on TCP/IP networks: checking the field hardware and its connectivity to the
field cabinets, and checking the control system network and the software of the basic control system
that interacts with the field signals (both control and graphics). In the case of such technologies
as Fieldbus and Profibus the field and control network have tended to "merge" and this has to be
considered.
For the software side; most systems now allow configuration of standard points and graphics as
well as logic in a simulator. This allows for testing of the various control loops, logic and
indications prior to installation on the actual control system using the simulator; which can then
be used for operator training on the process - especially useful on a new process. Similarly,
simulator training is very useful for training new operators. It is also preferable to have a set of
templates (dynamos) for each type of point (both control and graphic) as a standard pre-configured
set to allow consistency of application throughout the life of the plant.
For "traditional IO" (standard 4-10mA, digital signals etc) the usual point to point check for
each IO from the field element to the field cabinet still serves well. And for the user interface
end a check from field cabinet to diagnostic page for IO (and on to constructed graphic) gives
confidence the two parts of the system are correct before final loop check field element to HMI.
For Fieldbus and Profibus type IO before hooking up instruments to the bus, much like the point
to point tests for standard loops the installation should be checked for voltage levels and signal
amplitude and shape on each segment. Once that is satisfactory, instruments can be added to the
system, commissioned on the bus, and checked through to the software configuration.
The control system network should also be checked for redundant TCP/IP highway failures, switch
failures and redundant controller changeover. It should also be checked for its connection methods
and protection from the "outside world" i.e. connection to site standard LAN for interaction with
management systems and all the dangers that can provide in terms of viruses etc.
Once the IO is fully connected, either by traditional IO or a bus, full commissioning checks to
the HMI can be carried out. At this point, with the plant in a safe state in the field, span tests
of analogue inputs, digital signal checks, stroking of analogue valves and discrete valves and logic
can be carried out. If at all possible, the process should then be run on a non hazardous substance
(water, air, nitrogen) to allow logic and control testing before running the process on the intended
feedstock for full commissioning to take place with logic checks.
Trouble shooting of systems once installed needs a logical method to break down the problem in to
its constituent parts. The initial indication and reporting of a fault can often be misleading -
"its the software" is a common complaint. If the plant and control system has been commissioned
correctly it is more likely to be the software reacting to an abnormal condition on an instrument,
valve, or bus. Having said that, invariably the software is the sensible place to start by looking
at diagnostics and on line packages to monitor the perceived fault and try and break it down into
the possible constituent faults - field instrument, field connection (wire and junction boxes-
whether bus or standard), termination at cabinet. If they do not reveal the fault then start looking
at the IO configuration, control blocks and logic (including times allowed for actions to take
place). Examples of field faults are limit switches giving uncertain valve positions, "slow" moving
valves causing logic to time out on position. An example of a software problem is Fieldbus
configuration with software module scan times too fast compared to the bus (macro-cycle) time for
that instrument causing communications issues. This can occur if an instrument is added to a bus and
the segment macro-cycle time alters significantly.
Rowan House can offer our Process Control experience and knowledge to help commission and
trouble-shoot your control systems.
Rowan House has many combined years and diversity of experience in this area and can provide
systems and personnel to achieve the above in a cost effective manner.