ASTRID a guide for process control specification operation

ASTRID: a guide for process control specification, operation and maintenance ASTRID TM (Analyse STRucturée pour l'Industrialisation des procédés Discontinus) PRESENTATION_FBF-WBF_rev 0_13/10/99/ F. Lebourgeois/ Rhône Poulenc Industrialisation 1

ASTRID: a guide for process control specification, operation and maintenance • ASTRID is the result of a working group founded by Health, Safety and Environnement Management of RHONE POULENC Group as part of the program "process control safety". • JMR Conseil has participated to this WG as external consultant • This program concerns the three components of the decision making system in process control. » the operator » safety interlock system » monitoring & control system OPERATOR man machine interface monitoring & control safety interlock PRESENTATION_FBF-WBF_rev 0_13/10/99/ F. Lebourgeois/ Rhône Poulenc Industrialisation 2

ASTRID: a guide for process control specification, operation and maintenance OBJECTIVE : TO MASTER SAFE CONTROL OF OUR PLANTS. OPERATOR man machine interface Monitoring & control • • safety interlock TO BE SAFE IN: – control design (automatised or not) – safety interlocks design. – Operation of the process SAFETY MASTERED ALONG THE LIFE CYCLE OF THE PROJECT: Design -----> Construction -----> Operation ------> Maintenance. TOTAL QUALITY APPROACH PRESENTATION_FBF-WBF_rev 0_13/10/99/ F. Lebourgeois/ Rhône Poulenc Industrialisation 3

ASTRID: a guide for process control specification, operation and maintenance the answer of field people An analysis method of the control tasks based on a PROCESS MODEL – INDEPENDANT OF THE CONTROL MODE (automatised, manual ) » adapted to a mixed control (automatised and manual) – MODULAR, hierarchised objects » easily reconfigurable – WITH A STRONG FORMALISM (no ambiguity, no redondances) » to understand each other » to communicate » to validate PRESENTATION_FBF-WBF_rev 0_13/10/99/ F. Lebourgeois/ Rhône Poulenc Industrialisation 4

ASTRID: a guide for process control specification, operation and maintenance GENERAL PRINCIPLES: FOUR CLASSES OF HIERARCHISED OBJECTS. • Functional objects : – RECIPES : production procedure management. (serial and/or parallel set of phases) – PHASES : elementary phasis of chemical engineering • Material objects: – EQUIPMENT MODULES : group of control modules «statically» interdependant. – CONTROL MODULES : images of inputs outputs. plant scheduling RECIPES Functional PHASES equipment modules EQUIPMENT MODULES Matérial CONTROL MODULES software hardware SENSORS ACTUATORS PRESENTATION_FBF-WBF_rev 0_13/10/99/ F. Lebourgeois/ Rhône Poulenc Industrialisation 5

ASTRID: a guide for process control specification, operation and maintenance COMPARISON WITH STANDARDS (ISA SP 88 and IEC 1512) ASTRID phasenel ISA/SP 88 Matériel phasenel Matériel (Partial) RECIPES OPERATION UNIT PHASES EQUIPMENT MODULE CONTROL MODULE PRESENTATION_FBF-WBF_rev 0_13/10/99/ F. Lebourgeois/ Rhône Poulenc Industrialisation 6

ASTRID: a guide for process control specification, operation and maintenance TRANSFER FROM A TO C PRESENTATION_FBF-WBF_rev 0_13/10/99/ F. Lebourgeois/ Rhône Poulenc Industrialisation 7

ASTRID: a guide for process control specification, operation and maintenance SPLIT THE PLANT INTO INDEPENDANT ENTITIES, THE EQUIPMENT MODULE: defining somes rules for splitting the P&ID • An equipment module start at the origin of the fluid and finishes before the isolating actuator Vacuum N 2 FQ E T 2 hot A B cold C D cold hot P 1 purge fluid field F energy field P 2 gas phase (event collector, vacuum. . . ) field • The size of elementary equipment module is lower as the flexibility and multipurpose need is high PRESENTATION_FBF-WBF_rev 0_13/10/99/ F. Lebourgeois/ Rhône Poulenc Industrialisation 8

ASTRID: a guide for process control specification, operation and maintenance CONTROL MODES: ADAPTED TO THE COMPLEX SITUATIONS OF THE MULTIPURPOSE BATCH PLANTS. Commandes • Automatic mode: Automatic sequencing of the phases • Semi automatic mode : Sequencing of the phases by operator • Tele control mode: Actuators are controlled individually. RECIPES Production control Automatic mode Commandes PHASES Commandes Production control Semi automatic mode. (development, adjustment) EQUIPMENT MODULES Commandes CONTROL MODULE Commandes telecontrol (incidents , tunings) Recipe control is the prefered control mode PRESENTATION_FBF-WBF_rev 0_13/10/99/ F. Lebourgeois/ Rhône Poulenc Industrialisation 9

ASTRID: a guide for process control specification, operation and maintenance SINGLE COMMAND OF THE ACTUATORS : ACTUATOR (OR CONTROL MODULE) ALLOCATION TO A SINGLE EQUIPMENT MODULE • An actuator is commanded by only one equipment module – Internal actuator: by the equipment module – Actuator at the border of two equipment modules: command allocation to a single equipment module • the actuator command is allocated to the upward equipment module (recommendation) • The actuator status can be read by the adjacent equipment modules PRESENTATION_FBF-WBF_rev 0_13/10/99/ F. Lebourgeois/ Rhône Poulenc Industrialisation 10

ASTRID: a guide for process control specification, operation and maintenance SAFE TELECOMMAND MODE: THE LOCK. • In automatic or semi-automatic modes, we must be able to intervene in telecontrol modes. The lock concerns the actuators at the border of an occupied equipment module. The lock is set to prevent manual activation (by telecontrol) of an actuator). • A phase can occupy an equipment module with border actuators locked. Then, the equipment module can command its internal actuators but cannot command the actuators which are protected by a lock. • The unlock is done by the phase after the use of the equipment module or when a default has been detected (by the phase). In this case the unlock is done according to the sequence defined in the phase. PRESENTATION_FBF-WBF_rev 0_13/10/99/ F. Lebourgeois/ Rhône Poulenc Industrialisation 11

ASTRID: a guide for process control specification, operation and maintenance THE LOCK • IMPLEMENTATION MECHANISM • FUNCTIONNAL SAFETY (SPECIALLY ADAPTED TO FLEXIBLE PLANT) PRESENTATION_FBF-WBF_rev 0_13/10/99/ F. Lebourgeois/ Rhône Poulenc Industrialisation 12

ASTRID: a guide for process control specification, operation and maintenance IMPLEMENTATION MECHANISM OF THE LOCK : Tranfer phase from A to C. isolating actuator (of a control module) mail boxes E V 5 from X to Y V 14 T 1 V 6 V 3 V 1 T 2 V 7 B A V 2 V 4 C P 1 P 2 from F V 13 V 8 V 11 V 10 D V 10 V 9 to Z The control module is able to identify the phase occupying the contiguous equipment modules. PRESENTATION_FBF-WBF_rev 0_13/10/99/ F. Lebourgeois/ Rhône Poulenc Industrialisation 13

ASTRID: a guide for process control specification, operation and maintenance IMPLEMENTATION MECHANISM OF THE LOCK : -F 1 phase occupies the needed equipment modules. - Each equipment module put in the border actuators mail boxes the phase identifier (F 1) number identifying the phase which occupy the upper stream equipement module number identifying the phase which occupy the down stream equipment module V 5 from X V 6 F 1 E to Y V 14 F 1 T 1 F 1 V 3 V 1 F 1 T 2 F 1 F 1 F 1 V 7 B A V 2 F 1 V 4 F 1 C P 1 P 2 from F V 13 V 8 V 9 to Z V 10 V 11 D F 1 V 12 to Z This mechanism occurs when the equipment module is occupied before any command. PRESENTATION_FBF-WBF_rev 0_13/10/99/ F. Lebourgeois/ Rhône Poulenc Industrialisation 14

ASTRID: a guide for process control specification, operation and maintenance These identifiers determine which actuators can be controlled by the phase. The phase F 1 occupies the upstream equipment module F 1 An other phase (or no phase) occupies the downstream equipment module (F 10) The phase F 1 occupies the upstream equipment module F 1 AND the downstream equipment module F 1 LOCK: The actuator does not accept any command Every command from the upstream equipment module is enabled. Other commands (automatic, semi automatic or telecontrol) are disabled. No phase occupies the upstream and downstream equipment module Telecommand enabled on this actuator PRESENTATION_FBF-WBF_rev 0_13/10/99/ F. Lebourgeois/ Rhône Poulenc Industrialisation 15

ASTRID: a guide for process control specification, operation and maintenance INSIDE THE PATH , ACTUATORS CONTROL IS POSSIBLE UNDER PHASE RESPONSABILITY Lock E V 5 from X to Y V 14 T 1 V 6 V 3 V 1 T 2 V 7 B A V 4 V 2 C P 1 P 2 from F V 13 V 8 V 10 V 11 D V 12 V 9 to Z PRESENTATION_FBF-WBF_rev 0_13/10/99/ F. Lebourgeois/ Rhône Poulenc Industrialisation 16

ASTRID: a guide for process control specification, operation and maintenance THE OPERATOR CAN SEE THE ACTIVATED PATH Lock E V 5 to Y V 14 T 1 from X V 6 V 3 V 1 T 2 V 7 B A V 4 V 2 C P 1 P 2 from F V 13 V 8 V 10 V 11 D V 12 V 9 to Z the lock protects the path during the transfer PRESENTATION_FBF-WBF_rev 0_13/10/99/ F. Lebourgeois/ Rhône Poulenc Industrialisation 17

ASTRID: a guide for process control specification, operation and maintenance FUNCTIONNAL SAFETY, PARTICULARLY ADAPTED TO MULTIPURPOSE PLANTS : A multipurpose plant must adapt quickly to new production campaign. This new campaign implies new plant configuration and new process rules. Example : One operation allows parallel transfer, an other operation does not. PRESENTATION_FBF-WBF_rev 0_13/10/99/ F. Lebourgeois/ Rhône Poulenc Industrialisation 18

ASTRID: a guide for process control specification, operation and maintenance Phase F 1 : Transfer from A to C concurrently with Phase F 11 : transfer from F to D : Identication number of the phase occupying the upstream equipment module Identification number of the phase occupying the downstream equipment module F 1 V 5 E F 11 to Y V 14 F 1 from X V 6 T 1 F 1 V 3 V 1 F 1 V 2 F 1 F 11 V 7 B A F 1 T 2 F 1 V 4 V 13 V 10 C P 1 P 2 from F V 8 V 9 to Z V 11 D F 11 V 12 to Z The lock set on V 8, and the lock set on V 10 , inhibit the parallel transfer to equipment modules B and C. Explicit interlock is not needed. PRESENTATION_FBF-WBF_rev 0_13/10/99/ F. Lebourgeois/ Rhône Poulenc Industrialisation 19

ASTRID: a guide for process control specification, operation and maintenance Phase F 10 : simultaneous transfer from A and F to C. Identication number of the phaseoccupying the upstream equipment module Identification number of the phase occupying the downstream equipment module F 10 V 5 E to Y V 14 F 10 from X T 1 V 6 F 10 V 3 V 1 F 10 V 2 F 10 V 7 B A F 10 T 2 F 10 V 4 C P 1 P 2 from F V 13 V 8 V 9 to Z F 10 V 11 D F 10 V 12 to Z In this case, parallel transfer is possible, if allowed by the phase. PRESENTATION_FBF-WBF_rev 0_13/10/99/ F. Lebourgeois/ Rhône Poulenc Industrialisation 20

ASTRID: a guide for process control specification, operation and maintenance THIS ENCLOSED PATH INHERITS THE BEHAVIOR OF THE OBJECT CLASS «EQUIPMENT MODULE» Lock E V 5 from X to Y V 14 T 1 V 6 V 3 V 1 T 2 V 7 B A V 4 V 2 C P 1 P 2 from F V 13 V 8 V 10 V 11 D V 12 V 9 to Z PRESENTATION_FBF-WBF_rev 0_13/10/99/ F. Lebourgeois/ Rhône Poulenc Industrialisation 21

ASTRID: a guide for process control specification, operation and maintenance THE PROGRESS OF THE COMMAND FROM THE RECIPE TO THE CONTROL MODULE Products, variables, etc. . . Header Process parameters Physical and chemical caracteristics, volume, capacity. . . Equipments parameters Product name phases Procédure Dynamic links The manager send parameters to the phase to be activated (Id) Loads Process parameters Equipment parameters control description (1131 -3) OBJECT «RECIPE» (Id) End (Id) Agitates Process parameters Equipment parameters control description (1131 -3) Dynamic links Equipment module 1 Equipment module 2 OBJECT «EQUIPMENT MODULE» OBJECT «CONTROL MODULE» Equipment module n Static links (plant configuration) Operator’s tele command brake this link control module 1 control module 2 control module 3 OBJECT «CONTROL MODULE» control module n ACTUATORS SENSORS PRESENTATION_FBF-WBF_rev 0_13/10/99/ F. Lebourgeois/ Rhône Poulenc Industrialisation 22

ASTRID: a guide for process control specification, operation and maintenance LINKS AND INFORMATION EXCHANGES BETWEEN OBJECT CLASSES PHASE AGITATE LOAD Temporary Links (dynamic) AGITATOR RESSOURCE REACTOR C PIPE T 1 PUMP P 1 TANK E Permanent links (static) control module LEGENDE : Permanent link Dynamic link (activated when equipment module is occupied by the phase) Information (activated when equipment module is occupied by the phase) Lock Information related to lock A phase can read information coming from other phases or equipment module according to the description of the phase behaviour This is the single case of horizontal communication. PRESENTATION_FBF-WBF_rev 0_13/10/99/ F. Lebourgeois/ Rhône Poulenc Industrialisation 23

ASTRID: a guide for process control specification, operation and maintenance ASTRID: conclusion OPERATOR monitoring & man machine interface control monitoring & control safety interlock • Most of control equipment vendors refer to the model proposed by ISAS 88/IEC 1512. The top down approach adopted by S 88 working group is non ambiguous and based on a rigorous formalism for the upper functional layers, recipe, phase. • The lack of rigorous formalism for the lower layers «hardware oriented» let the instrumentation people free to implement, on his own way, the transfer to the actuators (control module) of the orders coming from the upper functional layers. • Therefore, the quality of the solution is higly dependent of the instrumentation people’s skill. PRESENTATION_FBF-WBF_rev 0_13/10/99/ F. Lebourgeois/ Rhône Poulenc Industrialisation 24

ASTRID: a guide for process control specification, operation and maintenance ASTRID: conclusion OPERATOR man machine interface monitoring & control safety interlock • To progress towards an «INTRINSEC» quality and safety solution, Rhône Poulenc has adopted a process model based on four hierarchised object classes. • Rhône Poulenc focused on the material object «equipment module» which is the single path for transfering orders from the phases to the actuators or control module. The equipment module is the result of splitting the batch process plant into simple elements. Rhone Poulenc has defined a generic behaviour imbedded in the objets phase, equipment module and control module guaranteeing a safe cooperation between these objects. PRESENTATION_FBF-WBF_rev 0_13/10/99/ F. Lebourgeois/ Rhône Poulenc Industrialisation 25

ASTRID: a guide for process control specification, operation and maintenance OPERATOR man machine interface monitoring & control safety interlock • the model brings: – a shared formal referential which makes validation easy: » operating procedure validation (WHAT) » monitoring &control system validation (HOW) – an help for mastering the complexity thanks to rigorous procedure for splitting the global system into simple and prevalidated elements able to cooperate safely. – a potential automation of the engineering, construction, capacity to automatise the engineering , programming and documentation activities: » better responsiveness with a better quality and safety level » lower cost PRESENTATION_FBF-WBF_rev 0_13/10/99/ F. Lebourgeois/ Rhône Poulenc Industrialisation 26

ASTRID: a guide for process control specification, operation and maintenance OPERATOR man machine interface monitoring & control safety interlock • ASTRID accept every existing descrition languages for specifiing the specific behaviour of the objects and particularly the 1131 -3 languages. Up to you to choose the best fitting one. PRESENTATION_FBF-WBF_rev 0_13/10/99/ F. Lebourgeois/ Rhône Poulenc Industrialisation 27

ASTRID: a guide for process control specification, operation and maintenance TRANSFER FROM A TO C PRESENTATION_FBF-WBF_rev 0_13/10/99/ F. Lebourgeois/ Rhône Poulenc Industrialisation 28