The plant Oil & Gas West-Ashrafi (located in Egypt between the mouth of the Gulf of Suez and the northern edge of the Red Sea) is an oil facility consists of two parts, the first part is an off-shore platform destined to the extraction of crude oil, the second part, on-shore, is a facility used for separation of the crude oil from gas and to its pre-treatment before placing on the pipeline; the two parts are connected to each other by an "umbilical cord" which works to transport the product extracted from the platform toward the on-shore facility and to hold the wiring connecting the two parts of the plant.
The plant was commissioned by Agiba (operating company of Egyptian General Petroleum Corporation - EGPC) and was carried out with the participation of ENI S.p.A. Siemens provided the the basic process control system (Basic Process Control System - BPCS) and provided the two main safety systems (Safety Instrumented Systems - SIS) part of the on-shore installation:
- The Emergency Shutdown System (ESD).
- The Fire & Gas detection and mitigation system (F&G).
The two systems related with the safety, provided by Siemens, have been developed in accordance with international standard IEC 61511 on safety instrumented systems (Safety Instrumented Systems - SIS) used in the process industry.
The SIS system are constituted by two to programmable electronic systems mainly based on family Siemens PLC "fail-safe" and "fault-tolerant" S7-400H. The two systems are also equipped with an interface to the plant operator (HMI) placed on the control desk of the control room; in particular the F & G system, in order to ensure a higher level of safety, is characterized by a "safety matrix" dedicated and completely independent from all other HMI components; both SIS are made so as to ensure conformity to the level SIL 3 specified in IEC 61511.
HINTSW - T & T Systems, as a subcontractor to Siemens S.p.A., took part in the project with a number of significant activities concerning the safety assessment of the two systems mentioned above; more in detail:
- Planning of the project with respect to safety through the definition of the life cycle be adopted for the implementation and operation of the system.
- Engineering activities, monitoring, and advice in support of the Safety Instrumented Systems development activities as required by IEC 61511 with the definition of "Functional safety assessment."
- Control and verification of the development and design of Safety Instrumented Systems as required by IEC 61511 with the definition of "Functional safety audit".
- Support and technical advice to Siemens staff activities for the definition of the typical functional wiring diagrams of electrical panels covered by the project.
- Analysis and calculation of the level of availability of the entire automation system.
- Writing the documentation necessary to ensure full compliance of the Safety Instrumented System with IEC 61511.
Facility di West-Ashrafi (Egitto): our activities related to the project
Some detailed information on the activities of HINTSW - T & T Systems as part of this project follows.
Planning of the safety life-cycle
Writing of the Security Plan (Safety Plan) with the definition of the most suitable safety life cycle for the development and the operation of the system, including the planning of all the activities necessary to guarantee the security of the system according to the level SIL 3, including the software.
Safety engineering activity
In the field of the control system engineering, HINTSW - T & T Systems produced some specification documents, more in detail:
- The document with the HW and SW architecture description of the two SIS was drawn. Specifically, about the HW, the configuration of the I/O modules was defined, the power supply system, the HW architecture of the control-loop and the composition of HW maximum of safety functions (Safety Instrumented Function - SIF) were described ; about the SW , the architecture of the software of each SIF (approximately 130 functions), comprehensive of the input signals, output signals, alarms and correlation tables between the input and output signals, were described.
- the RAM document analysis (Reliability, Availability and Maintainability) containing, among the other things, the calculation of the availability of the entire plant automation system on-shore composed of the BPCS and the related SIS, was drawn
- The design and engineering of SIF (Safety Instrumented Function) document was drawn; it contains the analysis of all possible failure modes of the HW elements of the system and the effects associated with it, and it contains the calculations made for each "control-loop" defined in system, in order to verify that the probability-of-failure-dangerous-per-hour, of every single "control-loop", is within the limits prescribed by IEC 61511 for SIL 3
- Finally the specific safety requirements of the application software, according to the requirements of IEC 61511, was drawn.
Validation and Verification (V&V) activity
IEC 61511, with the definition of "Functional safety audit", sets out a series of control and verification of the development and design activities of the Safety Instrumented Systems. HINTSW - T & T Systems in this area defined and drawn the following documents:
Documention for safety management
As part of the system life cycle, in addition to the aforementioned documents, HINTSW - T & T Systems was commissioned to draw up the following documents:
- Procedures for SIS (Safety Instrumented System) configuration management: contains the description of the configuration management procedures used for the SIS.
- Software modification procedures: contains the description of the procedures to be adopted to change the SW (impact analysis, revalidation, etc.) , discriminating between evolutionary and corrective maintenance.
- SIS installation and commissioning planning procedures: defines the procedures related to the installation and commissioning of the SIS
- SIS modification procedures: contains the description of the procedures to be adopted to change the hardware of the SIS (impact analysis, revalidation, etc.).
- SIS decommissioning procedures: defines the procedures related to the disposal of the SIS.